Difference between revisions of "Los Angeles"

From OWASP
Jump to: navigation, search
Line 11: Line 11:
 
==  ==
 
==  ==
  
== Next&nbsp;Chapter Meeting:&nbsp; Wednesday, November 17, 2010 7:00 P.M. <br>  ==
+
== Next&nbsp;Chapter Meeting:&nbsp; Wednesday, December 15, 2010 7:00 P.M. <br>  ==
  
=== We will be Having Two Great Speakers again and Free Catered Greek Food ===
+
=== Special Holiday Celebration: We will be meeting in a private room at Tony P's Dockside Grill in Marina Del Rey, as follows: Tony P's Dockside Grill<br>4445 Admiralty Way<br>Marina del Rey, CA 90292<br>310-823-4534
 +
 
 +
  ===
  
 
'''Please RSVP: http://www.eventbrite.com/event/1025602605'''<br>  
 
'''Please RSVP: http://www.eventbrite.com/event/1025602605'''<br>  
  
== Meeting Location<br>Symantec Corporation<br>900 Corporate Pointe (off Slauson)<br>Culver City, CA 90230<br>Laguna Conference Room, to the left of the building entry ==
+
== <br>  ==
 
+
 
+
<b>'''Baking It In: Abuse-Resistant Web Applications'''</b><br>
+
 
+
'''Speakers:'''<br>
+
 
+
'''Al Huizenga''' runs product strategy and management for [http://www.mykonossoftware.com/ Mykonos Software], a company focused on new ways to secure Web Applications from abuse. Al has 11 years experience managing, releasing, and marketing Web-based products and technologies in industry leading companies such as Cognos Inc., Platform Computing, and Panorama Software. He is fascinated by how the same technology attributes that drive Web application adoption – openness, transparency, and ubiquity – also represent severe risk to the businesses that use them.<br>
+
 
+
<br>'''Kyle Adams''': As architect and lead developer for [http://www.mykonossoftware.com/ Mykonos Software], Kyle Adams has final responsibility for code quality and technical excellence. Mr. Adams is graduate of the Rochester Institute of Technology, earning a Bachelor Degree in Computer Science with a minor in Criminal Justice. He wrote his first password protection software at age 10, started hacking incessantly, and was writing his own encryption software by age 14. An AJAX expert and enthusiast, Mr. Adams has worked on scores of web application projects as a freelancer and entrepreneur.<br>
+
 
+
''<br>'''''Abstract:'''
+
  
Current solutions for securing Web applications at run-time rely heavily on signatures to identify and respond to threats. But signatures have become less effective at detecting threats over time, and aren’t sufficient to address the sophisticated abusive behavior that large, publicly exposed Web applications are subject to, including page scraping, logic abuse, malicious automation, phishing, and malware distribution.
+
== '''Topic: Deep Dive into Web Application Scanning'''<br>  ==
  
<br>The key shortcoming is a lack of application context – without any grounding in actual application and user behavior, signature-based solutions can’t avoid flagging many false positives. This makes the information they provide to administrators practically un-actionable.
+
=== '''Speakers:'''<br> ===
  
<br>In response, new approaches are emerging that focus on behavior, not input signatures. One key trend is to enhance the application code itself with detection points that provide more transparency into malicious user behavior. This enables administrators to prevent application abuse before bad users can establish an attack vector. In this presentation, we’ll discuss the merits and challenges of this approach. We’ll focus on specific examples, including the OWASP AppSensor project and the Mykonos Security Appliance.<br>  
+
'''Brian Robison''', is the Senior Product Manager for McAfee's enterprise vulnerability management solutions. Driven by a relentless desire for customer satisfaction and leveraging over a decade of experience in security and risk management, he is primarily responsible for the strategy and roadmap of McAfee's enterprise vulnerability management offerings, including the web application assessment module. Brian joined McAfee in 2005 as a Technical Marketing Engineer focusing on McAfee's endpoint security products before serving as the Product Manager for McAfee ePolicy Orchestrator 4.0.<br>  
  
<b>'''Stunext Worm'''</b><br>
+
'''Sven Schrecker''' joined McAfee in 2006 as part of the Preventsys acquisition. He has worked extensively on the integration of Risk &amp; Compliance products into McAfee's ePolicy Orchestrator product. Most recently, he directed the efforts on the total revamp of the Web Assessment Engine for McAfee Vulnerability Manager (formerly known as Foundstone). He is currently architecting cloud-based security technologies.<br>  
  
'''Speakers:'''<br>
+
=== ''<br>'''''Abstract:''' ===
Liam O Murchu, Security Response at Symantec Corporation
+
  
'''Abstract:'''<br>
+
Web applications have exploded to become the point of entry for hackers wanting to do harm. Knowing how and where web applications are vulnerable is key to sustaining goodwill and ensuring a positive experience for those who rely on those applications. Learn tips and techniques for effectively scanning web applications to keep them safe and secure. Hear about best practices from other McAfee customers for web application scanning.<br>  
  
Details coming soon. But for now, refer to Wikipedia.
+
<br>
http://en.wikipedia.org/wiki/Stuxnet
+
  
<br> '''Sponsor:'''&nbsp;  
+
=== '''Sponsor:'''&nbsp; ===
  
 
[http://Www.MykonosSoftware.com '''[[Image:Mykonos logo.jpg]]''']  
 
[http://Www.MykonosSoftware.com '''[[Image:Mykonos logo.jpg]]''']  

Revision as of 12:46, 23 November 2010

Local News

The AppSec USA 2010 conference received rave reviews. Thanks to all the volunteers and great speakers who helped make it a sucess!

http://www.AppSecUSA.org

Check out the videos: http://vimeo.com/user4863863/videos

AppSec Logo.jpg

Next Chapter Meeting:  Wednesday, December 15, 2010 7:00 P.M.

=== Special Holiday Celebration: We will be meeting in a private room at Tony P's Dockside Grill in Marina Del Rey, as follows: Tony P's Dockside Grill
4445 Admiralty Way
Marina del Rey, CA 90292
310-823-4534

===

Please RSVP: http://www.eventbrite.com/event/1025602605


Topic: Deep Dive into Web Application Scanning

Speakers:

Brian Robison, is the Senior Product Manager for McAfee's enterprise vulnerability management solutions. Driven by a relentless desire for customer satisfaction and leveraging over a decade of experience in security and risk management, he is primarily responsible for the strategy and roadmap of McAfee's enterprise vulnerability management offerings, including the web application assessment module. Brian joined McAfee in 2005 as a Technical Marketing Engineer focusing on McAfee's endpoint security products before serving as the Product Manager for McAfee ePolicy Orchestrator 4.0.

Sven Schrecker joined McAfee in 2006 as part of the Preventsys acquisition. He has worked extensively on the integration of Risk & Compliance products into McAfee's ePolicy Orchestrator product. Most recently, he directed the efforts on the total revamp of the Web Assessment Engine for McAfee Vulnerability Manager (formerly known as Foundstone). He is currently architecting cloud-based security technologies.


Abstract:

Web applications have exploded to become the point of entry for hackers wanting to do harm. Knowing how and where web applications are vulnerable is key to sustaining goodwill and ensuring a positive experience for those who rely on those applications. Learn tips and techniques for effectively scanning web applications to keep them safe and secure. Hear about best practices from other McAfee customers for web application scanning.


Sponsor: 

Mykonos logo.jpg

Mykonos Software approaches Web application security differently. We understand how Web applications are abused by criminal attackers to steal data, commit fraud, or use company IP for un-intended tasks.

The Mykonos Security Appliance detects malicious abuse of web applications before the damage is done. This software solution profiles the abuse through intelligence gathering and responds to any abuse in real-time ultimately preventing data theft, fraudulent behavior and misuse of your Web properties.

Articles by Mykonos
• Kyle Adams and Al Huizenga, “Whitepaper: Understanding and Responding to the Five Phases of Web Application Abuse”, Mykonos Software, 2010
• Kyle Adams, “A Layered Approach to Making Your Web Application a Safer Environment,” (In)Secure Magazine, Sept 2009


Press on Mykonos:
Network World http://www.networkworld.com/columnists/2010/070610antonopoulos.html
Dark Reading http://www.darkreading.com/vulnerability_management/security/app-security/showArticle.jhtml?articleID=227100051
SC Magazine http://www.scmagazineus.com/pages/login.aspx?returl=/anti-hack-retaliatory-action-against-digital-attacks/article/172651/&pagetypeid=28&articleid=172651&accesslevel=1&expireddays=0&accessAndPrice=0

Would you like to speak at an OWASP Los Angeles Meeting?

Call for Papers (CFP) is NOW OPEN. To speak at upcoming OWASP Los Angeles meetings please submit your BIO and talk abstract via email to Tin Zaw. When we accept your talk, it will be required to use the Powerpoint OWASP Template.

Archives of Previous Meetings

A list of previous presentations conducted at the Los Angeles Chapter can be found here.

Los Angeles Chapter