Difference between revisions of "New Jersey"

From OWASP
Jump to: navigation, search
(PRIMARY SPONSOR: [http://aboutus.vzw.com/aboutusoverview.html VERIZON WIRELESS])
m
(32 intermediate revisions by 3 users not shown)
Line 1: Line 1:
{{Chapter Template|chaptername=NY/NJ |extra= | mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-newjersey|emailarchives=http://lists.owasp.org/pipermail/owasp-newjersey}} 
+
= OWASP New Jersey =
  
==SEPTEMBER 6th MEETING==
+
<center>[[Image:Trustwave_banner_ad_Sept_18,_2012.png|link=https://www.trustwave.com/application-security/]]</center>
OWASP supports Global Security Week (Sept. 3rd-9th) [http://www.globalsecurityweek.com/index.html Click Here More Info...]. In local support of this worldwide effort, the next NY/NJ OWASP Chapter meeting will be on <b> <u>September 6th 5:30pm-9:00pm </u></b>
+
  
===PRIMARY SPONSOR: [http://www.amex.com AMERICAN STOCK EXCHANGE]===
+
<h2>[http://www.meetup.com/OWASP-New-Jersey https://www.owasp.org/images/8/82/Meetup_logo3.jpg] [http://www.meetup.com/OWASP-New-Jersey New Jersey Chapter] [http://www.meetup.com/OWASP-New-Jersey Click Here More Info]</h2>
Special thanks to: Doug Shin
+
<b>Meeting Address:</b> 86 Trinity Place, NY NY 10006 ~ [http://tinyurl.com/2c5ohu Directions]
+
  
<b>Event coSponsors:</b> [http://signacert.com SIGNACERT] ~~ [http://www.ouncelabs.com OUNCE LABS] ~~ [http://www.accessitgroup.com ACCESSIT] ~~ [http://www.fortifysoftware.com FORTIFY SOFTWARE]
 
  
---
+
<headertabs />  
 
+
TOPIC: <b>Financial Real-Time Threats: Impacting Trading Floor Operations </b>
+
 
+
This presentation will aim to illustrate how individual application or
+
network layer threats, if combined correctly, can impact the workload
+
between the “pit” and departments such as settlements, processing and
+
accounting. Stemming from the lowest level of internal threat, systems on,
+
or behind, trading floor operations can be manipulated in ways that might
+
even go unnoticed. Such impact is possible due to the shear complexity of
+
the enterprise applications used, as well as the ways in which they are
+
inter-related.
+
 
+
TOPIC: <b>JBroFuzz: Effective Fuzzing for Network and Web Applications </b>
+
 
+
JBroFuzz is a stateless network protocol fuzzer that emerged from the
+
needs of penetration testing. This presentation will aim to illustrate
+
efficient ways of fuzzing in order to minimize the amount of time spent in
+
discovering application and network protocol vulnerabilities.
+
 
+
SPEAKER: Dr. Yiannis Pavlosoglou is a Security Project Manager at
+
[http://www.irmplc.com Information Risk Management]
+
 
+
---
+
 
+
TOPIC: <b>Stock fluctuation from an unrecognized influence. </b>
+
 
+
SPEAKER: Justine Bone-Aitel - [http://www.immunityinc.com Immunity Security]
+
 
+
---
+
 
+
TOPIC: <b>Hackers...BotNets oh My!</b>  Obtain a briefing on the current BotNet investigations etc.
+
 
+
SPEAKER BIO: [http://newyork.fbi.gov/nyfohome.htm NYC FBI Cyber Crime Unit]
+
 
+
---
+
 
+
TOPIC: <b>Remote Security</b>
+
This industry talk will focus on the unique security challenges faced by Citigroup given the scale and breadth of their network (World's largest VPN).
+
 
+
SPEAKER BIO: Mark Clancy is Senior Vice President at [http://www.citigroup.com Citigroup]
+
 
+
--
+
 
+
TOPIC:
+
<b>Blackhat/Defcon</b> - during this debriefing we will discuss many of the hot bleeding edge INFOSEC topics that were covered at the [http://www.blackhat.com Blackhat] & [http://www.defcon.org Defcon] event Aug 1st - Aug 5th.  If you attended the event, look for your picture win a prize... if you missed this annual event, you will want to attend to get a briefing on the hot topics!!!
+
 
+
SPEAKER BIO: 
+
Tom Brennan, President OWASP NY/NJ Metro
+
 
+
--
+
 
+
TOPIC: <b>Global Security Week</b>
+
What is the current state of Privacy on Web Application Security?
+
What should we be focusing on?
+
 
+
Round-Table Panel - [http://www.globalsecurityweek.com/html/calendar.html GSW]
+
 
+
--
+
 
+
<center><b> Meetings are FREE and open to the PUBLIC - </b>[http://fs7.formsite.com/OWASP/form185804020/index.html RSVP IS REQUESTED] </center>
+
  
 
<hr>
 
<hr>
 +
<h2>OWASP NYC Training March 13th and 14th </h2>
  
==OCTOBER 25th MEETING==
 
Full Day, information security summit happening in New Jersey on October 25th. At this all day event, learn from industry experts on topics of information security.  There is no charge for this event. <b> <u>October 25th 9:30am-4:30pm </u></b>
 
  
===PRIMARY SPONSOR: [http://aboutus.vzw.com/aboutusoverview.html VERIZON WIRELESS]===
+
<h3> Application Cryptanalysis Made Easy (1 Day Training)</h3>
Special thanks to: Philip Varughese
+
<b>Meeting Address:</b> 295 N Maple Ave, Basking Ridge, NJ 07920 ~ [http://tinyurl.com/2vuh7f Directions]
+
  
<b>Event coSponsors:</b> [http://www.accessitgroup.com ACCESSIT] ~~ [http://www.cenzic.com CENZIC]
+
Use of cryptography permeates today's computing infrastructuresWhile few programmers attempt to implement sophisticated cryptosystems, many unwittingly develop simple protocols in every day applications without adequate knowledge of how cryptographic primitives should be combined. In this training we explore several techniques for analyzing and breaking the kinds of cryptographic protocols which are commonly found in modern applications.
~~ [http://www.archer-tech.com ARCHER TECHNOLOGIES]  ~~ [http://www.intrepidusgroup.com INTREPIDUS GROUP] ~~ [http://www.mandiant.com MANDIANT]
+
---
+
  
TOPIC: <b>Keynote</b>
+
Attendees will first be presented with a brief review of cryptographic primitives and their uses, followed by an introduction of several techniques to analyze cryptographic systems in a black-box manner.  In each case, the discussion will describe how programmers can avoid making the common mistakes that allow these attacks to succeed.
  
SPEAKER: Renato Delatorre, Verizon Wireless
+
Register Online to Secure Your Seat http://www.cvent.com/d/3cq429 Space is Limited! Course syllabus: https://docs.google.com/folder/d/0B-IjCXl19haHSFR6NXJTdk5uTE0/edit
  
---
+
<h3> Hack Your Own Code: Advanced Training for Developers (2 Day Training Course)</h3>
  
TOPIC: <b>Social Engineering</b>
+
This class provides developers an exciting chance to hone their programming skills while also learning to exploit common web vulnerabilities. Unlike most training, this will not use static demos based on pre-canned source code. Students will program small parts of a larger application during the class’s lab periods. After the component has been written, students will review the code for the vulnerability being focused on in the lab. Vulnerable code will be run on a class-accessible server while the instructor guides students through exploiting the vulnerabilities. After the vulnerability is exploited, students will be shown how their own code can be fixed (if it was vulnerable) and the best way to prevent the flaw in the first place.
  
SPEAKER: Kevin Mitnick
+
This full process will be performed for all major code vulnerabilities in the OWASP Top Ten. Exploitation and patching labs (but not programming) will be held for other vulnerabilities, including logic flaws that are hard to represent on the Top Ten. Several labs will feature prizes for the students that first find or exploit the targeted vulnerability. Environments and examples will be setup for all major platforms requested by pre-registered students. Students should bring a laptop with them, preferably with VMWare Player already installed. A virtual machine based on the OWASP Live Boot CD will be provided for lab work. The virtual machine will include development tools, but students should feel free to bring their favorite programs too.
  
---
+
Register Online to Secure Your Seat http://www.cvent.com/d/3cq429 Space is Limited! Course syllabus: https://docs.google.com/folder/d/0B-IjCXl19haHSFR6NXJTdk5uTE0/edit
  
TOPIC: <b>ISO 27001 What is it... Why do you care?</b>
+
<h3> Securing Mobile Devices and Applications (2 Day Training Course)</h3>
  
SPEAKER BIO: Mahi Dontamsetti
+
Mobile applications enable new threats and attacks which introduce significant risks to the enterprise, and many custom applications contain significant vulnerabilities that are unknown to the team that developed them. Considering the number of mobile applications available in the Google Play and Apple AppStore is nearing 1.5 million and vulnerabilities are skyrocketing it is imperative to perform typical application security practices. But, how is mobile different?
  
--  
+
This two-day, hands-on course enables students to understand how easily mobile devices and applications can be successfully attacked. They will learn how to identify, avoid and remediate common vulnerabilities by walking through a threat analysis and learning critical security areas such as those identified in the OWASP Top Ten Mobile Risks and Controls. Using state-of-the-art testing tools, students will learn how to secure mobile devices across the enterprise. Students will be able to choose from iOS or Android hands-on labs throughout the course, while they learn how easily the bad guy can compromise applications and the data they contain.
  
TOPIC: <b>VOIP - Can you hear me now?</b>
+
Register Online to Secure Your Seat http://www.cvent.com/d/3cq429 Space is Limited! Course syllabus: https://docs.google.com/folder/d/0B-IjCXl19haHSFR6NXJTdk5uTE0/edit
  
SPEAKER BIO: Paul Rohmeyer
+
***
  
--
+
Pricing:
  
 +
1 Day Course: $750 / 2 Day Course: $1,500
  
TOPIC: <b>Internet Fraud - War Stories</b>
+
***
 
+
SPEAKER BIO: Mike Esposito
+
 
+
---
+
 
+
TOPIC: <b>Dig Your Own Hole: 12 Ways to Go Wrong with Java Security</b>
+
 
+
SPEAKER BIO:  Richard Bowen
+
 
+
--
+
 
+
TOPIC: <b>TBD</b>
+
 
+
SPEAKER BIO: TBD
+
 
+
--
+
 
+
 
+
TOPIC: <b>TBD</b>
+
 
+
SPEAKER BIO: TBD
+
 
+
--
+
 
+
<center><b> Meetings are FREE and open to the PUBLIC - </b> </center>
+
  
 
<hr>
 
<hr>
 +
Who are the active chapter members that are helping to build a robust chapter in 2012?
  
To submit educational topic for upcoming meeting please provide submit your powerpoint using the [http://www.owasp.org/images/5/54/Presentation_template.ppt OWASP Template] and include a speaker BIO. If you wish to become a sponsor or co-sponsor please click on one of the below email addresses of our active board members.
+
NJ = http://www.meetup.com/OWASP-New-Jersey/members/?op=leaders
 
+
= NY/NJ OWASP Chapter Leaders =
+
<ul>
+
Officers
+
*<b>President:</b> [mailto:jinxpuppy(at)gmail.com Tom Brennan]
+
*<b>Vice President:</b> [mailto:peter.perfetti(at)abnamro.com Pete Perfetti]
+
*<b>Secretary:</b> [mailto:santoniewicz(at)net2s.com Steve Antoniewicz]
+
*<b>Treasurer:</b> [mailto:tom.ryan(at)providesecurity.com Tom Ryan]
+
Board of Directors
+
*<b>Board Member:</b> [mailto:mdontamsetti(at)gmail.com Mahi Dontamsetti]
+
*<b>Board Member:</b> [mailto:pstern100(at)gmail.com Peter Stern]
+
*<b>Board Member:</b> [mailto:KReiter(at)insidefsi.net Kevin Reiter]
+
*<b>Board Member:</b> [mailto:BrianPei(at)yahoo.com Brian Peister]
+
*<b>Board Member:</b> [mailto:dougshin(at)gmail.com Douglas Shin]
+
Educational Advisors
+
*<b>New Jersey Institute of Technology:</b> [mailto:oe2(at)njit.edu Osama Eljabiri]
+
*<b>Polytechnic University:</b> [mailto:memon(at)poly.edu Nasir Memon]
+
</ul>
+
 
+
 
+
The chapter mailing address is:
+
  
NY/NJ Metro OWASP
+
[[Category:OWASP Chapter]]
759 Bloomfield Ave #172
+
West Caldwell, New Jersey 07006 <br>
+
973-202-0122
+
<br>
+
<br>
+
<br>
+
<br>
+
<br>
+
<br>
+
<br>
+
<br>
+
<br>
+
<br>
+
<br>
+
<br>
+
[http://www.proactiverisk.com ~]
+

Revision as of 16:00, 27 January 2013

Contents

OWASP New Jersey

Trustwave banner ad Sept 18, 2012.png

Meetup_logo3.jpg New Jersey Chapter Click Here More Info



OWASP NYC Training March 13th and 14th


Application Cryptanalysis Made Easy (1 Day Training)

Use of cryptography permeates today's computing infrastructures. While few programmers attempt to implement sophisticated cryptosystems, many unwittingly develop simple protocols in every day applications without adequate knowledge of how cryptographic primitives should be combined. In this training we explore several techniques for analyzing and breaking the kinds of cryptographic protocols which are commonly found in modern applications.

Attendees will first be presented with a brief review of cryptographic primitives and their uses, followed by an introduction of several techniques to analyze cryptographic systems in a black-box manner. In each case, the discussion will describe how programmers can avoid making the common mistakes that allow these attacks to succeed.

Register Online to Secure Your Seat http://www.cvent.com/d/3cq429 Space is Limited! Course syllabus: https://docs.google.com/folder/d/0B-IjCXl19haHSFR6NXJTdk5uTE0/edit

Hack Your Own Code: Advanced Training for Developers (2 Day Training Course)

This class provides developers an exciting chance to hone their programming skills while also learning to exploit common web vulnerabilities. Unlike most training, this will not use static demos based on pre-canned source code. Students will program small parts of a larger application during the class’s lab periods. After the component has been written, students will review the code for the vulnerability being focused on in the lab. Vulnerable code will be run on a class-accessible server while the instructor guides students through exploiting the vulnerabilities. After the vulnerability is exploited, students will be shown how their own code can be fixed (if it was vulnerable) and the best way to prevent the flaw in the first place.

This full process will be performed for all major code vulnerabilities in the OWASP Top Ten. Exploitation and patching labs (but not programming) will be held for other vulnerabilities, including logic flaws that are hard to represent on the Top Ten. Several labs will feature prizes for the students that first find or exploit the targeted vulnerability. Environments and examples will be setup for all major platforms requested by pre-registered students. Students should bring a laptop with them, preferably with VMWare Player already installed. A virtual machine based on the OWASP Live Boot CD will be provided for lab work. The virtual machine will include development tools, but students should feel free to bring their favorite programs too.

Register Online to Secure Your Seat http://www.cvent.com/d/3cq429 Space is Limited! Course syllabus: https://docs.google.com/folder/d/0B-IjCXl19haHSFR6NXJTdk5uTE0/edit

Securing Mobile Devices and Applications (2 Day Training Course)

Mobile applications enable new threats and attacks which introduce significant risks to the enterprise, and many custom applications contain significant vulnerabilities that are unknown to the team that developed them. Considering the number of mobile applications available in the Google Play and Apple AppStore is nearing 1.5 million and vulnerabilities are skyrocketing it is imperative to perform typical application security practices. But, how is mobile different?

This two-day, hands-on course enables students to understand how easily mobile devices and applications can be successfully attacked. They will learn how to identify, avoid and remediate common vulnerabilities by walking through a threat analysis and learning critical security areas such as those identified in the OWASP Top Ten Mobile Risks and Controls. Using state-of-the-art testing tools, students will learn how to secure mobile devices across the enterprise. Students will be able to choose from iOS or Android hands-on labs throughout the course, while they learn how easily the bad guy can compromise applications and the data they contain.

Register Online to Secure Your Seat http://www.cvent.com/d/3cq429 Space is Limited! Course syllabus: https://docs.google.com/folder/d/0B-IjCXl19haHSFR6NXJTdk5uTE0/edit

Pricing:

1 Day Course: $750 / 2 Day Course: $1,500


Who are the active chapter members that are helping to build a robust chapter in 2012?

NJ = http://www.meetup.com/OWASP-New-Jersey/members/?op=leaders