Difference between revisions of "Los Angeles"

From OWASP
Jump to: navigation, search
(OWASP LA Security Summit: April 25, 2012, 3:00PM - 8PM)
Line 18: Line 18:
 
<br>  
 
<br>  
  
== OWASP LA Security Summit: April 25, 2012, 3:00PM - 8PM <br> ==
+
We will have our May monthly as usual this month. Please note that we need to start at 6:45 sharp and Chris's talk will start promptly at 7:00PM as he needs to fly back to the east coast.
  
''(Note different time and location)''
+
Please RSVP here: http://www.meetup.com/OWASP-Los-Angeles/events/61886212/
  
 +
Data Mining a Mountain of Zero Day Vulnerabilities
  
'''Jerry Hoff VP, Static Code Analysis Division at WhiteHat Security, will be speaking about Webgoat. Shakeel Tufail, Federal Practice Director for HP Enterprise Security Solutions, will be speaking on ''"Software (In)Security - Challenges to securing software"''. Noa Bar Yosef, Senior Security Strategist at Imperva, will be speaking on ''"De-Anonymizing Anonymous"''. A concluding panel, moderated by Richard Greenberg, Information Security Officer for LA County Public Health, will have the speakers joined by Adnan Masood, a Software Engineer and Architect.
+
Every day, software developers around the world, from Bangalore to
 +
Silicon Valley, churn out millions of lines of insecure code. We used
 +
static binary analysis on thousands of applications submitted to us by
 +
large enterprises, commercial software vendors, open source projects,
 +
and software outsourcers, to create an anonymized vulnerability data
 +
set. By mining this data we can answer some interesting questions.
  
''Food and drinks will follow''.'''
+
Which industries have the most secure and least secure code? What
 +
types of mistakes do developers make most often? Which languages and
 +
platforms have the apps with the most vulnerabilities? Should you be
 +
most worried of internally built apps, open source, commercial
 +
software, or outsourcers? These questions and many more will be
 +
answered as we tunnel through zero day mountain.
  
  
 +
Bio:
  
<!-- '''''Location:'''''<br>  -->
+
Chris Wysopal, Veracode’s CTO and Co-Founder, is responsible for the
<b>
+
company’s software security analysis capabilities. In 2008 he was
Location:
+
named one of InfoWorld's Top 25 CTO's and one of the 100 most
 +
influential people in IT by eWeek. One of the original vulnerability
 +
researchers and a member of L0pht Heavy Industries, he has testified
 +
on Capitol Hill in the US on the subjects of government computer
 +
security and how vulnerabilities are discovered in software. He is an
 +
author of L0phtCrack and netcat for Windows. He is the lead author of
 +
“The Art of Software Security Testing” published by Addison-Wesley.
  
Four Points by Sheraton Los Angeles </b>
 
  
5990 Green Valley Cir
 
  
Culver City, CA 90230
 
 
(310) 641-7740
 
 
 
RSVP at http://www.meetup.com/OWASP-Los-Angeles/
 
 
<br>
 
 
'''Thanks to Our Sponsors:'''
 
'''
 
 
http://www-inst.eecs.berkeley.edu/~wicse/index.php/images/intellogo.gif
 
 
Intel the world's largest semiconductor chip maker. We develop advanced integrated digital technology, primarily integrated circuits, for industries such as computing and communications. Integrated circuits are semiconductor chips etched with interconnected electronic switches. We also develop computing platforms, which we define as integrated hardware and software computing technologies that are designed to provide an optimized solution. Our goal is to be the preeminent computing solutions company that powers the worldwide digital economy. We are transforming from a company with a primary focus on the design and manufacture of semiconductor chips for PCs and servers to a computing company that delivers complete solutions in the form of hardware and software platforms and supporting services.
 
 
 
http://www.f5.com/flash/application-ready-network/f5-logo.jpg
 
 
Internet threats are widely varied and multi-layered. As these threats evolve, organizations find that traditional firewalls lack the intelligence and the scalability needed to stay effective and responsive under DDoS and a whole range of other sophisticated attacks. The result is a failure to protect the business from loss of critical Internet data center services.
 
 
F5 offers a native, high performance firewall solution that protects the entire infrastructure and scales to perform under the most demanding conditions. F5 provides the intelligence and flexibility you need to stay secure in the ever-changing and increasingly threatening landscape. You get a common platform to deliver applications and significantly improve responsiveness to rapidly evolving threats.
 
 
In addition, F5 provides a flexible, certified web application firewall and comprehensive, policy-based web application security to address emerging threats at the application level. This combination significantly reduces the risk of damage to intellectual property, data, and web applications. With F5, you get a complete application protection solution on a certified network firewall platform that eliminates the need for multiple appliances. This lowers maintenance and management costs, and increases the confidentiality, availability, and integrity of your applications, network, and processes. F5 brings together the network, applications, data, and users under a single security strategy that traditional firewalls and point solutions don’t offer.
 
 
 
http://www.genevatechnicalservices.com/images/partners/qualys-logo.gif
 
 
Qualys, Inc. is the pioneer and leading provider of information security and compliance cloud solutions with 5,500+ customers in 85 countries, including 51 of the Forbes Global 100. The QualysGuard Cloud Platform and integrated suite of applications helps businesses simplify security operations and lower the cost of compliance by delivering critical security intelligence on demand and automating the full spectrum of auditing, compliance and protection for IT systems and web applications. Founded in 1999, Qualys has established strategic partnerships with leading managed service providers and consulting organizations including BT, Dell SecureWorks, Fujitsu, IBM, NTT, Symantec, Verizon, and Wipro. The company is also a founding member of the Cloud Security Alliance (CSA).
 
 
For more information, please visit www.qualys.com.
 
 
== April message from OWASP Los Angeles <br> ==
 
 
 
<b> 1. Participate in Projects </b>
 
 
OWASP is about projects. Without projects, OWASP wouldn't exist, and projects need new blood. I would like to encourage your participation in the projects. There are many projects to choose from (link below) but  testing, development and code review guides are in urgent need of help. You don't need to be a coder to contribute.
 
 
https://www.owasp.org/index.php/Category:OWASP_Project
 
 
Please see what you can contribute and feel free to reach out to the project leaders directly, or send me an email if you want an introduction.
 
 
<b> 2. Call for Local Speakers </b>
 
 
We have a lot of security talent in LA area and we would love to hear from you. Edward Bonver is leading an initiative to have local speakers more involved and present at OWASP meetings. Please reach out to him at edward@owasp.org if you're interested.
 
 
----
 
 
== Other Events  ==
 
 
'''ISSA-LA''' holds a lunch meeting on the 3rd Wed of each month, for more information visit [http://www.issa-la.org/ www.issa-la.org].
 
 
The leading InfoSec Professionals in SoCal will be Gathering at the Universal City Hilton May 16 for the '''ISSA-LA''' Information Security Summit. Visit: http://www.issala.org/summit/
 
  
 
<br>  
 
<br>  

Revision as of 15:21, 17 May 2012

Contents

Welcome to Los Angeles Chapter!

funds to OWASP earmarked for Los Angeles.

Donatenow.jpg Donate funds to Los Angeles chapter via RegOnline.

Announcements

logo.png

We are on Meetup. Please join our community there.
http://www.meetup.com/OWASP-Los-Angeles/
Sign up for OWASP Los Angeles mailing list, very low volume and spam free.
https://lists.owasp.org/mailman/listinfo/owasp-losangeles


We will have our May monthly as usual this month. Please note that we need to start at 6:45 sharp and Chris's talk will start promptly at 7:00PM as he needs to fly back to the east coast.

Please RSVP here: http://www.meetup.com/OWASP-Los-Angeles/events/61886212/

Data Mining a Mountain of Zero Day Vulnerabilities

Every day, software developers around the world, from Bangalore to Silicon Valley, churn out millions of lines of insecure code. We used static binary analysis on thousands of applications submitted to us by large enterprises, commercial software vendors, open source projects, and software outsourcers, to create an anonymized vulnerability data set. By mining this data we can answer some interesting questions.

Which industries have the most secure and least secure code? What types of mistakes do developers make most often? Which languages and platforms have the apps with the most vulnerabilities? Should you be most worried of internally built apps, open source, commercial software, or outsourcers? These questions and many more will be answered as we tunnel through zero day mountain.


Bio:

Chris Wysopal, Veracode’s CTO and Co-Founder, is responsible for the company’s software security analysis capabilities. In 2008 he was named one of InfoWorld's Top 25 CTO's and one of the 100 most influential people in IT by eWeek. One of the original vulnerability researchers and a member of L0pht Heavy Industries, he has testified on Capitol Hill in the US on the subjects of government computer security and how vulnerabilities are discovered in software. He is an author of L0phtCrack and netcat for Windows. He is the lead author of “The Art of Software Security Testing” published by Addison-Wesley.





Would you like to speak at an OWASP Los Angeles Meeting?

Call for Papers (CFP) is NOW OPEN. To speak at upcoming OWASP Los Angeles meetings please submit your BIO and talk abstract via email to Tin Zaw. The talk must be vendor neutral and its content be available under Creative Common 3.0 license.


Archives of Previous Meetings

2011 Meetings

2010 Meetings

2009 Meetings

2008 Meetings

List of presentations available from past meetings


Los Angeles Chapter

Volunteer OWASP Leaders: Kelly Fitzgerald, Yev Avidon, Mikhael Felker and Stuart Schwartz


The AppSec USA 2010 conference received rave reviews. Thanks to all the volunteers and great speakers who helped make it a success!

Web archive: http://2010.AppSecUSA.org

Videos: http://vimeo.com/user4863863/videos

AppSec Logo.jpg