Difference between revisions of "Los Angeles"

From OWASP
Jump to: navigation, search
Line 18: Line 18:
 
<br>  
 
<br>  
  
== Next Meeting: May 23, 2012 at 6:45PM. Symantec Offices, Culver City ==  
+
== Next Meeting: June 27, 2012 at 7:00PM. Symantec Offices, Culver City ==  
  
We will have our May monthly as usual this month. Please note that we need to start at 6:45 sharp and Chris's talk will start promptly at 7:00PM as he needs to fly back to the east coast.
+
Please note that our next meeting will be on August 1.  
  
===== Please RSVP here: http://www.meetup.com/OWASP-Los-Angeles/events/61886212/ =====
+
===== Please RSVP here: http://www.meetup.com/OWASP-Los-Angeles/events/65238232/ =====
 
<br>
 
<br>
===== Data Mining a Mountain of Zero Day Vulnerabilities =====
+
===== Flame Malware =====
  
Every day, software developers around the world, from Bangalore to
+
The discovery of the Flame malware that targets Middle Eastern countries, predominantly Iran, has brought politically motivated threats into the spot light again.
Silicon Valley, churn out millions of lines of insecure code. We used
+
static binary analysis on thousands of applications submitted to us by
+
large enterprises, commercial software vendors, open source projects,
+
and software outsourcers, to create an anonymized vulnerability data
+
set. By mining this data we can answer some interesting questions.
+
  
Which industries have the most secure and least secure code? What
+
In this talk I will discuss the Flame malware and contrast it with other politically motivated threats we have seen. I will discuss how Flame was discovered, what it is capable of and give updates on the latest analysis. In addition I will talk about the increasing use of cyber espionage and what that may mean for software developers.
types of mistakes do developers make most often? Which languages and
+
platforms have the apps with the most vulnerabilities? Should you be
+
most worried of internally built apps, open source, commercial
+
software, or outsourcers? These questions and many more will be
+
answered as we tunnel through zero day mountain.
+
  
 +
Flame is peculiar in that it was written with a combination of C++, Lua and sqlite. I will show how the threat uses these technologies and how that differs from the malware we see every day.
  
===== Speaker: Chris Wysopal =====
 
  
Chris Wysopal, Veracode’s CTO and Co-Founder, is responsible for the
+
===== Speaker: Liam O Murchu =====
company’s software security analysis capabilities. In 2008 he was
+
named one of InfoWorld's Top 25 CTO's and one of the 100 most
+
influential people in IT by eWeek. One of the original vulnerability
+
researchers and a member of L0pht Heavy Industries, he has testified
+
on Capitol Hill in the US on the subjects of government computer
+
security and how vulnerabilities are discovered in software. He is an
+
author of L0phtCrack and netcat for Windows. He is the lead author of
+
“The Art of Software Security Testing” published by Addison-Wesley.
+
  
 +
Liam O Murchu is a manager of Security Response at Symantec. He has appeared on CBS 60 Minutes about Stuxnet virus. He has also presented about Stuxnet at Los Angeles chapters of OWASP and ISSA.
  
 +
http://www.cbsnews.com/video/watch/?id=7400892n
  
  

Revision as of 13:32, 14 June 2012

Contents

Welcome to Los Angeles Chapter!

funds to OWASP earmarked for Los Angeles.

Donatenow.jpg Donate funds to Los Angeles chapter via RegOnline.

Announcements

logo.png

We are on Meetup. Please join our community there.
http://www.meetup.com/OWASP-Los-Angeles/
Sign up for OWASP Los Angeles mailing list, very low volume and spam free.
https://lists.owasp.org/mailman/listinfo/owasp-losangeles


Next Meeting: June 27, 2012 at 7:00PM. Symantec Offices, Culver City

Please note that our next meeting will be on August 1.

Please RSVP here: http://www.meetup.com/OWASP-Los-Angeles/events/65238232/


Flame Malware

The discovery of the Flame malware that targets Middle Eastern countries, predominantly Iran, has brought politically motivated threats into the spot light again.

In this talk I will discuss the Flame malware and contrast it with other politically motivated threats we have seen. I will discuss how Flame was discovered, what it is capable of and give updates on the latest analysis. In addition I will talk about the increasing use of cyber espionage and what that may mean for software developers.

Flame is peculiar in that it was written with a combination of C++, Lua and sqlite. I will show how the threat uses these technologies and how that differs from the malware we see every day.


Speaker: Liam O Murchu

Liam O Murchu is a manager of Security Response at Symantec. He has appeared on CBS 60 Minutes about Stuxnet virus. He has also presented about Stuxnet at Los Angeles chapters of OWASP and ISSA.

http://www.cbsnews.com/video/watch/?id=7400892n




Would you like to speak at an OWASP Los Angeles Meeting?

Call for Papers (CFP) is NOW OPEN. To speak at upcoming OWASP Los Angeles meetings please submit your BIO and talk abstract via email to Tin Zaw. The talk must be vendor neutral and its content be available under Creative Common 3.0 license.


Archives of Previous Meetings

2012 Meetings

2011 Meetings

2010 Meetings

2009 Meetings

2008 Meetings

List of presentations available from past meetings


Los Angeles Chapter

Volunteer OWASP Leaders: Kelly Fitzgerald, Yev Avidon, Mikhael Felker and Stuart Schwartz


The AppSec USA 2010 conference received rave reviews. Thanks to all the volunteers and great speakers who helped make it a success!

Web archive: http://2010.AppSecUSA.org

Videos: http://vimeo.com/user4863863/videos

AppSec Logo.jpg