Difference between revisions of "New Jersey"

From OWASP
Jump to: navigation, search
m
(48 intermediate revisions by 3 users not shown)
Line 1: Line 1:
{{Chapter Template|chaptername=NY/NJ |extra= | mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-newjersey|emailarchives=http://lists.owasp.org/pipermail/owasp-newjersey}}
+
= OWASP New Jersey =
  
==United Nations / OWASP June 4th==
+
<center>[[Image:Trustwave_banner_ad_Sept_18,_2012.png|link=https://www.trustwave.com/application-security/]]</center>
  
<b>A Special Invitation for OWASP Members</b>
+
<h2>[http://www.meetup.com/OWASP-New-Jersey https://www.owasp.org/images/8/82/Meetup_logo3.jpg] [http://www.meetup.com/OWASP-New-Jersey New Jersey Chapter] [http://www.meetup.com/OWASP-New-Jersey Click Here More Info]</h2>
  
You are cordially invite you to attend the “The 19th Annual Information Security Conference and Exhibit” at the United Nations in NYC on June 4th.  OWASP proudly supports this conference; in fact we are happy to let you know that Tom Brennan, President, NY/NJ OWASP Chapter, will serve on the event’s Expert Panel.  The organizers expect over 600 InfoSec Executives and Professionals from business, government, and academia, to attend.
 
  
Mr. Ban Ki-moon, Secretary General of the United Nations, will open the conference with his address on: The Importance of ICT to Development. Visionary Presenters will address topics that are both timely and critical to business and government. Topics will range from Governance, to ID Theft, to Security Convergence, to Managing and Protecting Personal Information.  The event includes keynotes, tutorials, case studies, expert panels, exhibits, high-level networking, and more.
+
<headertabs />
  
For more information visit [http://www.aitglobal.com 19th Annual Information Security Conference] or to Register Now: There’s no charge to attend, see [http://www.aitglobal.com/theform.html REGISTER NOW]
+
<hr>
 +
<h2>OWASP NYC Training March 13th and 14th </h2>
  
  
==Next OWASP Chapter Meeting JUNE 12th 6:00pm - 9:00pm==
+
<h3> Application Cryptanalysis Made Easy (1 Day Training)</h3>
  
===Sponsor: [http://www.dtcc.com The Depository Trust & Clearing Corp.]===
+
Use of cryptography permeates today's computing infrastructures. While few programmers attempt to implement sophisticated cryptosystems, many unwittingly develop simple protocols in every day applications without adequate knowledge of how cryptographic primitives should be combined. In this training we explore several techniques for analyzing and breaking the kinds of cryptographic protocols which are commonly found in modern applications.
<b>Meeting Address:</b> 55 Water Street #26-139, NYC, NY 10041 - [http://tinyurl.com/33htrt Directions]
+
  
<b>Event Co-Sponsors: [http://www.centuria.us CENTURIA] - [http://www.varonis.com/Products/Overview VARONIS] - [http://www.fortify.com FORTIFY] - [http://www.appsecinc.com APPLICATION SECURITY] - [http://www.accessitgroup.com ACCESSIT GROUP][http://www.aspectsecurity.com ASPECT SECURITY] </b>
+
Attendees will first be presented with a brief review of cryptographic primitives and their uses, followed by an introduction of several techniques to analyze cryptographic systems in a black-box manner. In each case, the discussion will describe how programmers can avoid making the common mistakes that allow these attacks to succeed.
  
<b>Event Speakers:</b>
+
Register Online to Secure Your Seat http://www.cvent.com/d/3cq429 Space is Limited! Course syllabus: https://docs.google.com/folder/d/0B-IjCXl19haHSFR6NXJTdk5uTE0/edit
<br>
+
Keynote: Jeff Williams - OWASP Worldwide Chair
+
<br>
+
Speaker: Chris "Weld Pond" Wysopal - Binary Analysis
+
<br>
+
Speaker: Warren Axelrod - Secure Outsourcing
+
<br>
+
Speaker: Eric Uner - Application Firewalls
+
<br>
+
Speaker: Michael Feldman - .Net Secure Programming
+
  
<center><b>[http://fs7.formsite.com/OWASP/form247457684/index.html RSVP IS REQUIRED]</b></center>
+
<h3> Hack Your Own Code: Advanced Training for Developers (2 Day Training Course)</h3>
  
---
+
This class provides developers an exciting chance to hone their programming skills while also learning to exploit common web vulnerabilities. Unlike most training, this will not use static demos based on pre-canned source code. Students will program small parts of a larger application during the class’s lab periods. After the component has been written, students will review the code for the vulnerability being focused on in the lab. Vulnerable code will be run on a class-accessible server while the instructor guides students through exploiting the vulnerabilities. After the vulnerability is exploited, students will be shown how their own code can be fixed (if it was vulnerable) and the best way to prevent the flaw in the first place.
  
TOPIC: <b>Binary Analysis... its in the code</b>
+
This full process will be performed for all major code vulnerabilities in the OWASP Top Ten. Exploitation and patching labs (but not programming) will be held for other vulnerabilities, including logic flaws that are hard to represent on the Top Ten. Several labs will feature prizes for the students that first find or exploit the targeted vulnerability. Environments and examples will be setup for all major platforms requested by pre-registered students. Students should bring a laptop with them, preferably with VMWare Player already installed. A virtual machine based on the OWASP Live Boot CD will be provided for lab work. The virtual machine will include development tools, but students should feel free to bring their favorite programs too.
  
SPEAKER BIO:  <b>Chris (aka:Weld Pond) Wysopal, Co-Founder and Chief Technology Officer of [http://www.veracode.com Vercode]</b>
+
Register Online to Secure Your Seat http://www.cvent.com/d/3cq429 Space is Limited! Course syllabus: https://docs.google.com/folder/d/0B-IjCXl19haHSFR6NXJTdk5uTE0/edit
He has given keynotes at computer security events and has testified on Capitol Hill on the subjects of government computer security and how vulnerabilities are discovered in software. He also has spoken as the keynote at West Point, to the Defense Information Systems Agency (DISA) and before the International Financial Futures and Options Exchange in London. His opinions on Internet security are highly sought after and most major print and media outlets have featured stories on Mr. Wysopal and his work. At Veracode, Mr. Wysopal is responsible for the security analysis capabilities of Veracode technology.
+
  
Mr. Wysopal’s groundbreaking work in 2002 while at the company @stake was instrumental in developing industry guidelines for responsibly disclosing software security vulnerabilities. Mr. Wysopal, along with Steve Christey of MITRE, proposed an IETF RFC identified as the “Responsible Vulnerability Disclosure Process,” which became the foundation for the Organization for Internet Safety (OIS). Mr. Wysopal is a founder of OIS, which established industry standards for the responsible disclosure of Internet security vulnerabilities.
+
<h3> Securing Mobile Devices and Applications (2 Day Training Course)</h3>
  
Mr. Wysopal is co-author of the award winning password auditing and recovery application @stake LC (L0phtCrack) which is currently used by more than 6,000 governments, military and corporate organizations worldwide.
+
Mobile applications enable new threats and attacks which introduce significant risks to the enterprise, and many custom applications contain significant vulnerabilities that are unknown to the team that developed them. Considering the number of mobile applications available in the Google Play and Apple AppStore is nearing 1.5 million and vulnerabilities are skyrocketing it is imperative to perform typical application security practices. But, how is mobile different?
 
+
Mr. Wysopal began his career as a principal software engineer at Lotus Development Corporation where, in the mid 90’s, with the rise of the Internet, he realized the critical need for secure software. He and his colleagues then created the first security research think tank known as L0pht Heavy Industries, which was later acquired by @stake in 1999. He became the manager of @stake’s Research Group and later became @stake’s vice president of research and development where he led a world class team of security researchers tackling the problem of automating the process for finding and disclosing security vulnerabilities in software. He also managed @stake’s products group to develop new security tools focused on wireless, infrastructure and application security.
+
 
+
In 2004, when @stake was acquired by Symantec, Mr. Wysopal became its director of development and was responsible for the engineering team that built binary analysis technology to find vulnerabilities in software. Mr. Wysopal wrote The Art of Software Security Testing: Identifying Security Flaws, published by Addison Wesley and Symantec Press in December 2006. Mr. Wysopal earned his Bachelor of Science Degree in Computer and Systems Engineering from Rensselaer Polytechnic Institute in Troy, New York.
+
 
+
 
+
--
+
 
+
TOPIC: <b>7-Things You Need to Know about Application Firewalls</b>
+
 
+
SPEAKER BIO:  <b>Eric Uner, PhD is Chief Technical Officer and Chief Scientist of Sentinel Security Corporation a subsidiary of [http://www.centuria.us Centuria Corporation]</b>  He is an industry-recognized scientific expert in the areas of embedded systems and information security. His research into applying biological defense models to computer systems and chaos theory led to the patented algorithms used in the HYDRA web cyber-defense appliance.
+
 
+
Mr.Uner's work, including his software vulnerability equation and pseudo-random number generation algorithms, has been published in numerous journals internationally. He has also appeared in television interviews and broadcast radio as an expert in computer security.
+
 
+
--
+
 
+
TOPIC: <b>Programming Microsoft .Net for Security </b>
+
 
+
SPEAKER BIO:  <b>Michael Feldman President, [http://www.dataritesys.com/home/default.asp Data Rite Systems Group]</b>
+
Mike Feldman is an expert in creating highly customized, Web-based applications. He has more than 15 years experience in database technology and software development. Mike also was an instructor of client-server applications at Baruch College. Prior to founding Data-Rite, he worked as a project manager for TIAA-CREF, the largest pension holder in the country, developing enterprise level databases, and was a programmer for Monarch Financial Services
+
 
+
--
+
 
+
TOPIC: <b>Security Outsourcing: Issues, Concerns and suggestions on how to do it right </b>
+
 
+
SPEAKER BIO: <b>C Warren Axelrod, Chief Privacy Officer & BISO, [http://www.ustrust.com US Trust Company]</b>
+
Mr. Axelrod is a founder of the FS/ISAC (Financial Services Information Sharing and Analysis Center) and served two terms on its Board of Managers. The FS/ISAC is a public-private collaborative effort to share information on security threats, vulnerabilities and incidents among members and with government. He testified at a Congressional Hearing in 2001 on cyber security. He is on the Editorial Advisory Board of the ISSA Journal and several other advisory boards, such as for TMF (Technology Managers Forum) and I3P (Institute for Information Infrastructure Protection)  Mr. Axelrod was honored with a Computerworld Premier 100 IT Leaders Award in 2003 and his department's implementation of an intrusion detection system was given a Best in Class award. He has published two books on computer management and numerous articles on a variety of information technology and information security topics, including computer and network security, contingency planning, and computer-related risks. His third book, “Outsourcing Information Security,” which received a five-star rating on Amazon, was published in September 2004.
+
 
+
He holds a PhD in managerial economics from the Johnson Graduate School of Management at Cornell University and honors bachelors and masters degrees in electrical engineering, economics and statistics from the University of Glasgow, Scotland. He is certified as a CISSP and CISM and has NASD Series 7 and Series 24 licenses.
+
 
+
ABSTRACT:
+
 
+
Full consideration of information security must be part of any IT outsourcing arrangement, whether the outsourced service or product is security-related or not, and whether the provider is local, in the same country, near shore or offshore. It must be examined even more closely when the service or product is in fact security-related and when the provider has access to sensitive information such as customer nonpublic personal information and company-confidential data, including intellectual property. Particular note will be made of implicit outsourcing arrangements such as occur with data aggregation, Web services, grid computing and open source. The presentation will review some of the predominant privacy and security risks of outsourcing and suggests how they might be mitigated
+
 
+
 
+
<hr>
+
  
<b> Meetings are FREE and open to the PUBLIC - </b>[http://fs7.formsite.com/OWASP/form247457684/index.html RSVP IS REQUIRED] as space is limited and required by building security!
+
This two-day, hands-on course enables students to understand how easily mobile devices and applications can be successfully attacked. They will learn how to identify, avoid and remediate common vulnerabilities by walking through a threat analysis and learning critical security areas such as those identified in the OWASP Top Ten Mobile Risks and Controls. Using state-of-the-art testing tools, students will learn how to secure mobile devices across the enterprise. Students will be able to choose from iOS or Android hands-on labs throughout the course, while they learn how easily the bad guy can compromise applications and the data they contain.
  
<b>[http://tinyurl.com/33htrt GOOGLE MAP DIRECTIONS]</b>
+
Register Online to Secure Your Seat http://www.cvent.com/d/3cq429 Space is Limited! Course syllabus: https://docs.google.com/folder/d/0B-IjCXl19haHSFR6NXJTdk5uTE0/edit
  
= NY/NJ OWASP Chapter Leaders =
+
***
<ul>
+
Officers
+
*<b>President:</b> [mailto:tomb(at)accessitgroup.com Tom Brennan] - AccessIT
+
*<b>Vice President:</b> [mailto:peter.perfetti(at)abnamro.com Pete Perfetti] - ABN Amro
+
*<b>Secretary:</b> [mailto:santoniewicz(at)net2s.com Steve Antoniewicz] - Net2s
+
*<b>Treasurer:</b> [mailto:Tom.ryan(at)providesecurity.com Tom Ryan] - Foundstone
+
Board of Directors
+
*<b>Board Member:</b> [mailto:mdontamsetti(at)gmail.com Mahi Dontamsetti] - M3 Security
+
*<b>Board Member:</b> [mailto:pster100(at)gmail.com Peter Stern] - IBM-ISS
+
*<b>Board Member:</b> [mailto:KReiter(at)insidefsi.net Kevin Reiter] - Financial Services, Inc
+
*<b>Board Member:</b> [mailto:BrianPei(at)yahoo.com Brian Peister] - Deloitte
+
*<b>Board Member:</b> [mailto:stanguzik(at)yahoo.com Stan Guzik] - Thompson
+
Advisor(s)
+
*<b>New Jersey Institute of Technology:</b> [mailto:oe2(at)njit.edu Osama Eljabiri]
+
*<b>Polytechnic University:</b> [mailto:memon(at)poly.edu Nasir Memon]
+
  
 +
Pricing:
  
</ul>
+
1 Day Course: $750 / 2 Day Course: $1,500
  
To submit educational topic for a future meeting please provide a short abstract/paragraph of the talk or powerpoint using the [http://www.owasp.org/images/5/54/Presentation_template.ppt OWASP Template] and include speaker BIO. Or call 973-202-0122 if you wish to host a meeting or become a chapter meeting host or co-sponsor.
+
***
  
 
<hr>
 
<hr>
 +
Who are the active chapter members that are helping to build a robust chapter in 2012?
  
The chapter mailing address is:
+
NJ = http://www.meetup.com/OWASP-New-Jersey/members/?op=leaders
  
NY/NJ Metro OWASP
+
[[Category:OWASP Chapter]]
759 Bloomfield Ave #172
+
West Caldwell, New Jersey 07006
+

Revision as of 16:00, 27 January 2013

Contents

OWASP New Jersey

Trustwave banner ad Sept 18, 2012.png

Meetup_logo3.jpg New Jersey Chapter Click Here More Info



OWASP NYC Training March 13th and 14th


Application Cryptanalysis Made Easy (1 Day Training)

Use of cryptography permeates today's computing infrastructures. While few programmers attempt to implement sophisticated cryptosystems, many unwittingly develop simple protocols in every day applications without adequate knowledge of how cryptographic primitives should be combined. In this training we explore several techniques for analyzing and breaking the kinds of cryptographic protocols which are commonly found in modern applications.

Attendees will first be presented with a brief review of cryptographic primitives and their uses, followed by an introduction of several techniques to analyze cryptographic systems in a black-box manner. In each case, the discussion will describe how programmers can avoid making the common mistakes that allow these attacks to succeed.

Register Online to Secure Your Seat http://www.cvent.com/d/3cq429 Space is Limited! Course syllabus: https://docs.google.com/folder/d/0B-IjCXl19haHSFR6NXJTdk5uTE0/edit

Hack Your Own Code: Advanced Training for Developers (2 Day Training Course)

This class provides developers an exciting chance to hone their programming skills while also learning to exploit common web vulnerabilities. Unlike most training, this will not use static demos based on pre-canned source code. Students will program small parts of a larger application during the class’s lab periods. After the component has been written, students will review the code for the vulnerability being focused on in the lab. Vulnerable code will be run on a class-accessible server while the instructor guides students through exploiting the vulnerabilities. After the vulnerability is exploited, students will be shown how their own code can be fixed (if it was vulnerable) and the best way to prevent the flaw in the first place.

This full process will be performed for all major code vulnerabilities in the OWASP Top Ten. Exploitation and patching labs (but not programming) will be held for other vulnerabilities, including logic flaws that are hard to represent on the Top Ten. Several labs will feature prizes for the students that first find or exploit the targeted vulnerability. Environments and examples will be setup for all major platforms requested by pre-registered students. Students should bring a laptop with them, preferably with VMWare Player already installed. A virtual machine based on the OWASP Live Boot CD will be provided for lab work. The virtual machine will include development tools, but students should feel free to bring their favorite programs too.

Register Online to Secure Your Seat http://www.cvent.com/d/3cq429 Space is Limited! Course syllabus: https://docs.google.com/folder/d/0B-IjCXl19haHSFR6NXJTdk5uTE0/edit

Securing Mobile Devices and Applications (2 Day Training Course)

Mobile applications enable new threats and attacks which introduce significant risks to the enterprise, and many custom applications contain significant vulnerabilities that are unknown to the team that developed them. Considering the number of mobile applications available in the Google Play and Apple AppStore is nearing 1.5 million and vulnerabilities are skyrocketing it is imperative to perform typical application security practices. But, how is mobile different?

This two-day, hands-on course enables students to understand how easily mobile devices and applications can be successfully attacked. They will learn how to identify, avoid and remediate common vulnerabilities by walking through a threat analysis and learning critical security areas such as those identified in the OWASP Top Ten Mobile Risks and Controls. Using state-of-the-art testing tools, students will learn how to secure mobile devices across the enterprise. Students will be able to choose from iOS or Android hands-on labs throughout the course, while they learn how easily the bad guy can compromise applications and the data they contain.

Register Online to Secure Your Seat http://www.cvent.com/d/3cq429 Space is Limited! Course syllabus: https://docs.google.com/folder/d/0B-IjCXl19haHSFR6NXJTdk5uTE0/edit

Pricing:

1 Day Course: $750 / 2 Day Course: $1,500


Who are the active chapter members that are helping to build a robust chapter in 2012?

NJ = http://www.meetup.com/OWASP-New-Jersey/members/?op=leaders