Difference between revisions of "Los Angeles"

From OWASP
Jump to: navigation, search
Line 5: Line 5:
 
===== https://lists.owasp.org/mailman/listinfo/owasp-losangeles  =====
 
===== https://lists.owasp.org/mailman/listinfo/owasp-losangeles  =====
  
<paypal>Los Angeles</paypal><br>
+
<paypal>Los Angeles</paypal><br>  
  
 +
<br>
  
== Next&nbsp;Chapter Meeting:&nbsp; Wednesday,&nbsp;October 26, 2011 7:00 P.M.&nbsp;- 8:30 P.M. <br> ==
+
== Next&nbsp;Chapter Meeting:&nbsp; Wednesday, November 30, 2011 7:00 P.M.&nbsp;- 9:00 P.M. (Note different date)<br> ==
  
Symantec<br>900 Corporate Pointe<br>Culver City, CA 90230<br>
+
Great talks and free catered dinner for all attendees!
  
Please RSVP: http://owasp-october2011.eventbrite.com
+
'''''Location:'''''<br>
+
  
----
+
Symantec<br>900 Corporate Pointe (just off of Slauson)<br>Culver City, CA 90230<br>
  
==== Topic: Scalable AppSec ====
+
Please RSVP: http://owasp-november2011.eventbrite.com
  
A talk on metrics and assessment practices that scale well - more details forthcoming.
+
<br>
  
 +
----
  
==== Speaker: Jim Manico ====
+
==== Topic: passw3rd<br>  ====
  
Jim Manico has been an active member of OWASP since 2008.
+
<br>We all know passwords in source code is bad. What many don't know is that passwords in other files are bad too. Moving your passwords to config files, symlinked directories, to even requiring a password to<br>be typed in upon launch is just silly. Passw3rd is a ruby and java client to create encrypted files which contain your passwords that can be read by source code. Passwords can be checked into SCM and<br>distributed. The keys are generated per environment and locked down with simple OS RBAC. Included with the project is a POC which uses HSMs to store the passwords, and using passw3rd for the "master"<br>password for that role.  
  
 +
Some advantages of keeping credentials out of source code are:
  
Jim is the founder, producer and host of the OWASP Podcast Series. As of July 2011 there are 86 shows that have entailed Jim working over 500 hours. Jim is grateful to the many guests who have made the show a success.
+
Credentials are not passed around when source code is shared.<br>Unintentional exposure of source code does not reveal credentials.<br>Read-access to source code can be much more permissive.<br>Source code can be checked into version control systems without concern for exposure of credentials.<br>It is easier to change credentials without having to worry about changing all instances.<br>Leaving credentials in source code leads to poor password management in general. If changing a credential requires you to change code, you<br>are less likely to want to do it.  
  
 +
https://github.com/oreoshake/passw3rd<br>http://rubygems.org/gems/passw3rd .
  
Jim is also the chair of the OWASP Connections Committee where he manages the OWASP Blog, twitter feed and press communications for OWASP. He feels that these activities are directly inline with the OWASP core mission of spreading awareness.
+
<br>
  
 +
==== Speaker: Neil Matatall<br>  ====
  
He has also been a significant contributor and manager of the OWASP Cheatsheet Series. He has worked on the XSS, DOM XSS, SQL Injection, Cryptographic Storage, Forgot Password and other topics in this series.
+
&nbsp;more details forthcoming.  
  
 +
<br>
  
==== Topic: Time Based SQL Injections ====
+
<br>
+
We’ll cover Time Based SQL Injection attacks to show a dangerous flavor of SQL injections. We’ll show how by using time delay functions and heavy query techniques these attacks can be very effective by defying sanitization techniques. The speaker will also show some examples of SQL injection attacks like BART, UK Police etc. and show a live DEMO. Some prevention technique will also be covered.
+
  
====Speaker: Muhammad Omar Khan ====
+
==== Topic: Coming Soon  ====
  
Muhammad Omar Khan is the current Security Team Lead at CIA (Cenzic Intelligent Analysis) Labs. His previous experience includes: Hacker, Researcher on Sensor Networks at USC,ISI.
+
==== Speaker: Coming Soon  ====
  
 +
more details forthcoming.
  
====Meeting Sponsor: WhiteHat Security====
+
<br>  
 
+
 
+
[[Image: Whitehatlogo-medium.png‎]]
+
<br><br>
+
 
+
WhiteHat Security is the leading provider of website risk management solutions that protect critical data, ensure compliance and narrow the window of risk. WhiteHat Sentinel, the company’s flagship product family, is the most accurate and cost-effective website vulnerability management solution available, delivering the visibility, flexibility, and control that organizations need to prevent website attacks. www.whitehatsec.com.
+
  
 +
==== Meeting Sponsor: AlgoSec  ====
  
 +
Founded in 2003, AlgoSec enables security and operations teams to intelligently manage, analyze and optimize security policies within firewalls, routers and related devices. The software suite increases operational efficiency and improves risk mitigation for organizations worldwide. Today, more than 800 enterprises, MSSPs and auditors in over 40 countries and across all industry verticals use AlgoSec solutions. From mid-sized enterprises and Fortune 500 companies to all Big Four auditing firms, organizations choose AlgoSec for its unique combination of superior technology and commitment to customer satisfaction.<br>
  
 +
<br>
  
 
----
 
----
Line 60: Line 61:
 
Would you like to speak at an OWASP Los Angeles Meeting?  
 
Would you like to speak at an OWASP Los Angeles Meeting?  
  
Call for Papers (CFP) is NOW OPEN. To speak at upcoming OWASP Los Angeles meetings please submit your BIO and talk abstract via email to [mailto:tin.zaw@owasp.org Tin Zaw]. When we accept your talk, it will be required to use the Powerpoint [http://www.owasp.org/images/5/54/Presentation_template.ppt OWASP Template].
+
Call for Papers (CFP) is NOW OPEN. To speak at upcoming OWASP Los Angeles meetings please submit your BIO and talk abstract via email to [mailto:tin.zaw@owasp.org Tin Zaw]. When we accept your talk, it will be required to use the Powerpoint [http://www.owasp.org/images/5/54/Presentation_template.ppt OWASP Template].  
  
 +
<br>
  
 +
== Other Events  ==
  
== Other Events ==
+
'''OWASP&nbsp;Holiday Gathering''' December 14, 2011 6:30-8:30PM<br>
  
 +
''&nbsp; Downtown Daily Grill<br>&nbsp; 612 S. Flower Street • Los Angeles, CA 90017<br>&nbsp; (213) 622-4500 • (213) 629-2974 (fax)<br>&nbsp; downtowndg@dailygrill.com • www.dailygrill.com ''<br><br>
  
'''ISSA-LA''' holds a lunch meeting on the 3rd Wed of each month, for more information visit [http://www.issa-la.org/ www.issa-la.org].
+
'''ISSA-LA''' holds a lunch meeting on the 3rd Wed of each month, for more information visit [http://www.issa-la.org/ www.issa-la.org].  
  
 +
<br>
  
== Archives of Previous Meetings ==
+
== Archives of Previous Meetings ==
  
[[Los Angeles/2011 Meetings| 2011 Meetings]]
+
[[Los Angeles/2011 Meetings|2011 Meetings]]  
  
[[Los Angeles/2010 Meetings| 2010 Meetings]]
+
[[Los Angeles/2010 Meetings|2010 Meetings]]  
  
[[Los Angeles/2009 Meetings| 2009 Meetings]]
+
[[Los Angeles/2009 Meetings|2009 Meetings]]  
  
[[Los Angeles/2008 Meetings| 2008 Meetings]]
+
[[Los Angeles/2008 Meetings|2008 Meetings]]  
  
[[Los_Angeles_Presentation_Archive| List of presentations available from past meetings]]
+
[[Los Angeles Presentation Archive|List of presentations available from past meetings]] <!--A list of previous presentations conducted at the Los Angeles Chapter can be found [https://www.owasp.org/index.php/Los_Angeles_Previous_Presentations here].-->
  
<!--A list of previous presentations conducted at the Los Angeles Chapter can be found [https://www.owasp.org/index.php/Los_Angeles_Previous_Presentations here].-->
+
<br>  
  
 
+
== Los Angeles Chapter ==
== Los Angeles Chapter ==
+
  
 
*[mailto:tin.zaw@owasp.org Tin Zaw] -- Chapter Leader and Chair  
 
*[mailto:tin.zaw@owasp.org Tin Zaw] -- Chapter Leader and Chair  
Line 97: Line 101:
 
http://2010.AppSecUSA.org  
 
http://2010.AppSecUSA.org  
  
Check out the videos: http://vimeo.com/user4863863/videos<br>
+
Check out the videos: http://vimeo.com/user4863863/videos<br>  
  
 
[[Image:AppSec Logo.jpg|362x106px|AppSec Logo.jpg]]  
 
[[Image:AppSec Logo.jpg|362x106px|AppSec Logo.jpg]]  
 
 
  
 
[[Category:California]]
 
[[Category:California]]

Revision as of 14:53, 8 November 2011

Local News

Sign up for OWASP Los Angeles mailing list, very low volume and spam free.
https://lists.owasp.org/mailman/listinfo/owasp-losangeles

funds to OWASP earmarked for Los Angeles.


Next Chapter Meeting:  Wednesday, November 30, 2011 7:00 P.M. - 9:00 P.M. (Note different date)

Great talks and free catered dinner for all attendees!

Location:

Symantec
900 Corporate Pointe (just off of Slauson)
Culver City, CA 90230

Please RSVP: http://owasp-november2011.eventbrite.com



Topic: passw3rd


We all know passwords in source code is bad. What many don't know is that passwords in other files are bad too. Moving your passwords to config files, symlinked directories, to even requiring a password to
be typed in upon launch is just silly. Passw3rd is a ruby and java client to create encrypted files which contain your passwords that can be read by source code. Passwords can be checked into SCM and
distributed. The keys are generated per environment and locked down with simple OS RBAC. Included with the project is a POC which uses HSMs to store the passwords, and using passw3rd for the "master"
password for that role.

Some advantages of keeping credentials out of source code are:

Credentials are not passed around when source code is shared.
Unintentional exposure of source code does not reveal credentials.
Read-access to source code can be much more permissive.
Source code can be checked into version control systems without concern for exposure of credentials.
It is easier to change credentials without having to worry about changing all instances.
Leaving credentials in source code leads to poor password management in general. If changing a credential requires you to change code, you
are less likely to want to do it.

https://github.com/oreoshake/passw3rd
http://rubygems.org/gems/passw3rd .


Speaker: Neil Matatall

 more details forthcoming.



Topic: Coming Soon

Speaker: Coming Soon

more details forthcoming.


Meeting Sponsor: AlgoSec

Founded in 2003, AlgoSec enables security and operations teams to intelligently manage, analyze and optimize security policies within firewalls, routers and related devices. The software suite increases operational efficiency and improves risk mitigation for organizations worldwide. Today, more than 800 enterprises, MSSPs and auditors in over 40 countries and across all industry verticals use AlgoSec solutions. From mid-sized enterprises and Fortune 500 companies to all Big Four auditing firms, organizations choose AlgoSec for its unique combination of superior technology and commitment to customer satisfaction.



Would you like to speak at an OWASP Los Angeles Meeting?

Call for Papers (CFP) is NOW OPEN. To speak at upcoming OWASP Los Angeles meetings please submit your BIO and talk abstract via email to Tin Zaw. When we accept your talk, it will be required to use the Powerpoint OWASP Template.


Other Events

OWASP Holiday Gathering December 14, 2011 6:30-8:30PM

  Downtown Daily Grill
  612 S. Flower Street • Los Angeles, CA 90017
  (213) 622-4500 • (213) 629-2974 (fax)
  downtowndg@dailygrill.com • www.dailygrill.com


ISSA-LA holds a lunch meeting on the 3rd Wed of each month, for more information visit www.issa-la.org.


Archives of Previous Meetings

2011 Meetings

2010 Meetings

2009 Meetings

2008 Meetings

List of presentations available from past meetings


Los Angeles Chapter


The AppSec USA 2010 conference received rave reviews. Thanks to all the volunteers and great speakers who helped make it a success!

http://2010.AppSecUSA.org

Check out the videos: http://vimeo.com/user4863863/videos

AppSec Logo.jpg