Difference between revisions of "New Jersey"

From OWASP
Jump to: navigation, search
(OCTOBER 25th 2007 MEETING)
m
(8 intermediate revisions by 2 users not shown)
Line 1: Line 1:
{{Chapter Template|chaptername=NY/NJ |extra= | mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-newjersey|emailarchives=http://lists.owasp.org/pipermail/owasp-newjersey}} 
+
= OWASP New Jersey =
  
==OCTOBER 25th 2007 MEETING==
+
<h2>[http://www.meetup.com/OWASP-New-Jersey https://www.owasp.org/images/8/82/Meetup_logo3.jpg] [http://www.meetup.com/OWASP-New-Jersey New Jersey Chapter] [http://www.meetup.com/OWASP-New-Jersey Click Here More Info]</h2>
Full Day, information security summit happening in New Jersey on October 25th. At this all day event, learn from industry experts on topics of information security. There is no charge for this event however <b> YOU MUST RSVP </b> if you are not on the RSVP list or have Photo ID, Verizon Security will NOT PERMIT YOU IN THE BUILDING.
+
  
===PRIMARY SPONSOR: [http://aboutus.vzw.com/aboutusoverview.html VERIZON WIRELESS]===
 
COSPONSORS: <b>[http://www.mcafee.com McAfee]  ---  [http://intrepidusgroup.com Intrepidus Group] --- [http://www.accessitgroup.com/services/security.php AccessIT Group] --- [http://www.symantec.com Symantec] --- [http://www.mandiant.com Mandiant] --- [http://www.whitehatsec.com WhiteHat] --- [http://www.cenzic.com Cenzic] --- [http://www.net2s-us.com Net2S] --- [http://www.fortifysoftware.com Fortify] </b>
 
  
<b>Meeting Address:</b> 295 N Maple Ave, Basking Ridge, NJ 07920 ~ [http://tinyurl.com/2vuh7f Directions]
+
<headertabs />  
<b><u>October 25th 8:30am-5:00pm </u></b>
+
  
--
+
<hr>
 +
<h2>Software Security Training </h2>
  
8:30am - 9:00am - Security Check-In / Breakfast / TechExpo / Peer-to-Peer Networking ;)
+
When:
 +
Wednesday, March 13, 2013 - Thursday, March 14, 2013
 +
9:00 AM - 5:00 PM
 +
Eastern Time Zone
  
---
+
 
 +
Where:
 +
Hotel Pennsylvania
 +
401 7th Avenue
 +
Between 32nd and 33rd Streets
 +
New York, New York 10001
  
9:00am - 09:30am - What is OWASP? Speakers: <b>Board Members OWASP NYC Metro</b>
 
  
---
+
<h3> Application Cryptanalysis Made Easy (1 Day Training)</h3>
  
09:30am - 10:00am - Keynote Speaker: <b>Phil Varughese, Verizon Wireless </b>
+
Use of cryptography permeates today's computing infrastructures.  While few programmers attempt to implement sophisticated cryptosystems, many unwittingly develop simple protocols in every day applications without adequate knowledge of how cryptographic primitives should be combined. In this training we explore several techniques for analyzing and breaking the kinds of cryptographic protocols which are commonly found in modern applications.
  
Philip, Manager of Network Security Risk Management with Verizon Wireless has a leadership role in shaping particular facets of the Network Department Information Security program. Co developed and implemented an operational and effective Risk Management Program and integrated security engineering into the development lifecycle for projects and products. He is responsible for the strategic direction of risk management, vulnerability management and all tactical security issues.
+
Attendees will first be presented with a brief review of cryptographic primitives and their uses, followed by an introduction of several techniques to analyze cryptographic systems in a black-box manner. In each case, the discussion will describe how programmers can avoid making the common mistakes that allow these attacks to succeed.
  
Philip is a subject matter expert in Information Security and technical risk management. During his career, he has worked with several Fortune 500 firms. He has worked in the telecommunication, transportation, pharmaceutical, financial and consulting sector. He also holds many industry certifications like, CISSP, CISM, CISA, GSEC and SCCP
+
Register Online to Secure Your Seat http://www.cvent.com/d/3cq429 Space is Limited! Course syllabus: https://docs.google.com/folder/d/0B-IjCXl19haHSFR6NXJTdk5uTE0/edit
  
---
+
<h3> Hack Your Own Code: Advanced Training for Developers (2 Day Training Course)</h3>
  
10:30am - 11:30am - TOPIC: <b>Ready...Set...Click </b> We can no longer think about consumer interaction and security as two different topics on opposite ends of the spectrum. They're two very important and very inter-related topics that affect everyone. The speech will describe real world flaws, poorly designed security and what hackers are doing to exploit today's websites. Lastly, it will show some forward thinking mitigation tactics.
+
This class provides developers an exciting chance to hone their programming skills while also learning to exploit common web vulnerabilities. Unlike most training, this will not use static demos based on pre-canned source code. Students will program small parts of a larger application during the class’s lab periods. After the component has been written, students will review the code for the vulnerability being focused on in the lab. Vulnerable code will be run on a class-accessible server while the instructor guides students through exploiting the vulnerabilities. After the vulnerability is exploited, students will be shown how their own code can be fixed (if it was vulnerable) and the best way to prevent the flaw in the first place.
  
SPEAKER: <b>Robert "RSnake" Hansen</b>
+
This full process will be performed for all major code vulnerabilities in the OWASP Top Ten. Exploitation and patching labs (but not programming) will be held for other vulnerabilities, including logic flaws that are hard to represent on the Top Ten. Several labs will feature prizes for the students that first find or exploit the targeted vulnerability. Environments and examples will be setup for all major platforms requested by pre-registered students. Students should bring a laptop with them, preferably with VMWare Player already installed. A virtual machine based on the OWASP Live Boot CD will be provided for lab work. The virtual machine will include development tools, but students should feel free to bring their favorite programs too.
Robert has worked in the security industry since the mid 1990s and helped pioneer leading banner advertising and click fraud detection solutions. During his tenure at eBay, Mr. Hansen worked on anti-cross site scripting, anti-phishing, anti-virus and web application intrusion detection and countermeasures and was directly responsible for the company's entire authentication architecture. For many years he ran the managed security services product lines for Cable & Wireless. He has spoken at Blackhat, Microsoft's Bluehat, the Rotary, OWASP, the Gartner security round table and at Networld+Interop. He is a member of WASC, OWASP, ISC2, APWG and ISSA.
+
  
---
+
Register Online to Secure Your Seat http://www.cvent.com/d/3cq429 Space is Limited! Course syllabus: https://docs.google.com/folder/d/0B-IjCXl19haHSFR6NXJTdk5uTE0/edit
  
11:45 - 12:15pm - TOPIC: <b>Dig Your Own Hole: 12 Ways to Go Wrong with Java Security</b> This session explores 12 of the most common security traps in Java. This session doesn’t include a review of 10–year–old guidelines for writing secure applets with JDK 1.1. Instead, it looks at causes of security failures in modern Java–based applications. Approaching security with an “outside in” style, it looks at vulnerabilities from a developer’s perspective, focusing on the source code.
+
<h3> Securing Mobile Devices and Applications (2 Day Training Course)</h3>
  
SPEAKER:  <b>Eric Cabetas</b>
+
Mobile applications enable new threats and attacks which introduce significant risks to the enterprise, and many custom applications contain significant vulnerabilities that are unknown to the team that developed them. Considering the number of mobile applications available in the Google Play and Apple AppStore is nearing 1.5 million and vulnerabilities are skyrocketing it is imperative to perform typical application security practices. But, how is mobile different?
  
---
+
This two-day, hands-on course enables students to understand how easily mobile devices and applications can be successfully attacked. They will learn how to identify, avoid and remediate common vulnerabilities by walking through a threat analysis and learning critical security areas such as those identified in the OWASP Top Ten Mobile Risks and Controls. Using state-of-the-art testing tools, students will learn how to secure mobile devices across the enterprise. Students will be able to choose from iOS or Android hands-on labs throughout the course, while they learn how easily the bad guy can compromise applications and the data they contain.
  
12:15pm - 1:00pm  LUNCH / Peer-to-Peer Networking / RAFFLES
+
Register Online to Secure Your Seat http://www.cvent.com/d/3cq429 Space is Limited! Course syllabus: https://docs.google.com/folder/d/0B-IjCXl19haHSFR6NXJTdk5uTE0/edit
  
---
+
***
  
1:00pm - 1:30pm TOPIC: <b>Network Based Infection Detection</b> No system is 100% secure and security often fails. As a result roughly 10% of hosts within an enterprise get infected every year. Infections are caused by vulnerabilities in applications, policy violations by insiders
+
Pricing:
and misconfigured services. Worms and viruses are not the only form of infections. Botnets, Proxies, Trojans, Keyloggers, Adware, Rootkits can be far more damaging. Even applications like Google Desktop, Skype and Foldershare can leak business secrets and hence be viewed as infections.
+
Infected hosts within a network pose a serious risk to business assets. Detecting infections and cleaning up after them costs an organization a big part of its IT budget as detection, containment and eradication procedures are mostly manual and labor intensive.
+
  
In this talk we describe a network based infection detection system developed at Polytechnic University. The system collects and synopsizes network traffic with strategically placed infection sensors in the network. It then analyzes network traffic for symptoms of infections to identify infected hosts. Once an infection is found and characterized, it retroactively detects similar infections which could have occurred weeks and months in the past but have not been detected yet. Finally, it provides solutions for cleanup including containment and eradication in a simple, efficient and economical manner.
+
1 Day Course: $750 / 2 Day Course: $1,500
  
SPEAKER: <b>Professor Nasir Memon </b> Department of Computer and Information Science of Polytechnic Univ. His research interests include Data Compression, Computer and Network Security, Multimedia
+
***
Communication and Digital Forensics. He has published more than 200 articles in journals and conference proceedings on these topics. He was an associate editor for IEEE Transactions on Image
+
Processing, the Journal of Electronic Imaging, and the ACM Multimedia Systems Journal. He is currently an associate editor for the IEEE Transactions on Information Security and Forensics,
+
the LNCS Transaction on Data Hiding, IEEE Security and Privacy Magazine, IEEE Signal Processing Magazine and the International Journal on Network Security.
+
 
+
---
+
 
+
1:45pm - 2:15pm TOPIC: <b>Mobile Phone Security: Past, Present, and Future</b>
+
 
+
SPEAKER: <b>Corey Benninger</b>
+
 
+
---
+
 
+
2:30pm - 3:00  TOPIC: <b>VOIP - Can you hear me now?</b> The presentation will disclose new attacks and weaknesses associated with protocols that are used to establish and protect VoIP communications. In addition, a newer "unpublished" version of the SIVuS tool will be demoed.
+
 
+
SPEAKER: <b>Peter Thermos </b>
+
 
+
Peter Thermos has over a decade of experience in consulting and research in several areas of Information Security and Assurance and has held senior technical and management positions with telecommunications companies in research and consulting.
+
 
+
Peter has been the lead technical expert on various tasks (for commercial and government organizations) associated with information security and assurance including security risk assessments, standards and requirements development, ISO 17799 assessments, network security architecture and organizational security strategy. He is the author of SIVuS (The 1st VoIP vulnerability Scanner) and has published articles and refereed research papers on VoIP Security. Peter holds a Masters degree in Computer Science from Columbia University, NY and he is an active member of IETF/IEEE/ACM.
+
 
+
---
+
 
+
3:15 - 3:45pm  TOPIC: <b>Cutting Edge Application Analysis</b> This presentation will focus on black box and white box methods of testing web applications. We will do a deep dive into source code analysis techniques that could be used in different testing scenarios to identify security weak points.
+
 
+
SPEAKER: <b> Frank Gardner </b> extensive experience in UNIX kernel development, exploit code design, protocol analysis, web application security, and cryptography
+
 
+
Previous projects have included the development of B1 Trusted Operating Systems extensions for Linux 2.2 and 2.4 kernels, Protected Mode OS (IA32) development, ARP promiscuous node detection, and Protocol Fuzzing tools
+
 
+
 
+
---
+
 
+
4:00 - 4:30pm TOPIC: <b>Web Application Threats</b> This talk will demostrate application security falws (hehe) commonly found in web applications and the reasons for them. SQL Injection, Cross Site Scripting and more as outlined in the [http://www.owasp.org/index.php/Top_10_2007 OWASP-Top 10]
+
 
+
SPEAKER: <b>Dennis Hurst</b> 
+
 
+
---
+
 
+
4:45 - 5:15pm TOPIC: <b>BS7799/ISO17799/ISO27001 What is it?... Why do you care?... Why is it failing?</b> Brief overview of ISO27001 will be provided, along with a presentation on its key features and purpose. Real world examples of how ISO27001 audits are conducted and approaches used by auditors will be discussed. Finally the real impact of ISO27001 and how it can be improved will be presented
+
 
+
SPEAKER: <b>Mahi Dontamsetti</b>
+
 
+
Mahi has extensive experience in security, software development, risk management and telecommunications. He has worked on projects involving the Pentagon and Dept. of Homeland Security. A former Chief Technologist at Lockheed, he has authored couple of books on telecommunications. He was part of a team that developed the world's first combined cellular switch and radio controller.
+
Most recently he has been involved in making information security more measurable and has brought a metrics based Information Security Management System (ISMS) standard to the market.
+
 
+
<b><CENTER> [http://fs7.formsite.com/OWASP/form185709121/index.html RSVP NOW] </CENTER></b>
+
  
 
<hr>
 
<hr>
 +
Who are the active chapter members that are helping to build a robust chapter in 2012?
  
To submit educational topic for upcoming meeting please provide submit your powerpoint using the [http://www.owasp.org/images/5/54/Presentation_template.ppt OWASP Template] and include a speaker BIO. If you wish to become a sponsor or co-sponsor please click on one of the below email addresses of our active board members.
+
NJ = http://www.meetup.com/OWASP-New-Jersey/members/?op=leaders
 
+
= NY/NJ OWASP Chapter Leaders =
+
<ul>
+
Officers
+
*<b>President:</b> [mailto:jinxpuppy(at)gmail.com Tom Brennan]
+
*<b>Vice President:</b> [mailto:pperfetti(at)nba.com Pete Perfetti]
+
*<b>Secretary:</b> [mailto:santoniewicz(at)net2s.com Steve Antoniewicz]
+
*<b>Treasurer:</b> [mailto:mdontamsetti(at)gmail.com Mahi Dontamsetti]
+
Board of Directors
+
*<b>Board Member:</b> [mailto:tom.ryan(at)providesecurity.com Tom Ryan]
+
*<b>Board Member:</b> [mailto:pstern100(at)gmail.com Peter Stern]
+
*<b>Board Member:</b> [mailto:KReiter(at)insidefsi.net Kevin Reiter]
+
*<b>Board Member:</b> [mailto:BrianPei(at)yahoo.com Brian Peister]
+
*<b>Board Member:</b> [mailto:dougshin(at)gmail.com Douglas Shin]
+
Educational Advisors
+
*<b>New Jersey Institute of Technology:</b> [mailto:oe2(at)njit.edu Osama Eljabiri]
+
*<b>Polytechnic University:</b> [mailto:memon(at)poly.edu Nasir Memon]
+
</ul>
+
 
+
 
+
The chapter mailing address is:
+
  
NY/NJ Metro OWASP
+
[[Category:OWASP Chapter]]
759 Bloomfield Ave #172
+
West Caldwell, New Jersey 07006 <br>
+
973-202-0122
+
<br>
+
<br>
+
[https://fs7.formsite.com/OWASP/form945832292/secure_index.html ONLINE PAYMENT OWASP NYC]
+
<br>
+
<br>
+
<br>
+
<br>
+
<br>
+
<br>
+
<br>
+
<br>
+
<br>
+
<br>
+
<br>
+
[http://www.proactiverisk.com ~]
+

Revision as of 08:09, 13 February 2013

Contents

OWASP New Jersey

Meetup_logo3.jpg New Jersey Chapter Click Here More Info



Software Security Training

When: Wednesday, March 13, 2013 - Thursday, March 14, 2013 9:00 AM - 5:00 PM Eastern Time Zone


Where: Hotel Pennsylvania 401 7th Avenue Between 32nd and 33rd Streets New York, New York 10001


Application Cryptanalysis Made Easy (1 Day Training)

Use of cryptography permeates today's computing infrastructures. While few programmers attempt to implement sophisticated cryptosystems, many unwittingly develop simple protocols in every day applications without adequate knowledge of how cryptographic primitives should be combined. In this training we explore several techniques for analyzing and breaking the kinds of cryptographic protocols which are commonly found in modern applications.

Attendees will first be presented with a brief review of cryptographic primitives and their uses, followed by an introduction of several techniques to analyze cryptographic systems in a black-box manner. In each case, the discussion will describe how programmers can avoid making the common mistakes that allow these attacks to succeed.

Register Online to Secure Your Seat http://www.cvent.com/d/3cq429 Space is Limited! Course syllabus: https://docs.google.com/folder/d/0B-IjCXl19haHSFR6NXJTdk5uTE0/edit

Hack Your Own Code: Advanced Training for Developers (2 Day Training Course)

This class provides developers an exciting chance to hone their programming skills while also learning to exploit common web vulnerabilities. Unlike most training, this will not use static demos based on pre-canned source code. Students will program small parts of a larger application during the class’s lab periods. After the component has been written, students will review the code for the vulnerability being focused on in the lab. Vulnerable code will be run on a class-accessible server while the instructor guides students through exploiting the vulnerabilities. After the vulnerability is exploited, students will be shown how their own code can be fixed (if it was vulnerable) and the best way to prevent the flaw in the first place.

This full process will be performed for all major code vulnerabilities in the OWASP Top Ten. Exploitation and patching labs (but not programming) will be held for other vulnerabilities, including logic flaws that are hard to represent on the Top Ten. Several labs will feature prizes for the students that first find or exploit the targeted vulnerability. Environments and examples will be setup for all major platforms requested by pre-registered students. Students should bring a laptop with them, preferably with VMWare Player already installed. A virtual machine based on the OWASP Live Boot CD will be provided for lab work. The virtual machine will include development tools, but students should feel free to bring their favorite programs too.

Register Online to Secure Your Seat http://www.cvent.com/d/3cq429 Space is Limited! Course syllabus: https://docs.google.com/folder/d/0B-IjCXl19haHSFR6NXJTdk5uTE0/edit

Securing Mobile Devices and Applications (2 Day Training Course)

Mobile applications enable new threats and attacks which introduce significant risks to the enterprise, and many custom applications contain significant vulnerabilities that are unknown to the team that developed them. Considering the number of mobile applications available in the Google Play and Apple AppStore is nearing 1.5 million and vulnerabilities are skyrocketing it is imperative to perform typical application security practices. But, how is mobile different?

This two-day, hands-on course enables students to understand how easily mobile devices and applications can be successfully attacked. They will learn how to identify, avoid and remediate common vulnerabilities by walking through a threat analysis and learning critical security areas such as those identified in the OWASP Top Ten Mobile Risks and Controls. Using state-of-the-art testing tools, students will learn how to secure mobile devices across the enterprise. Students will be able to choose from iOS or Android hands-on labs throughout the course, while they learn how easily the bad guy can compromise applications and the data they contain.

Register Online to Secure Your Seat http://www.cvent.com/d/3cq429 Space is Limited! Course syllabus: https://docs.google.com/folder/d/0B-IjCXl19haHSFR6NXJTdk5uTE0/edit

Pricing:

1 Day Course: $750 / 2 Day Course: $1,500


Who are the active chapter members that are helping to build a robust chapter in 2012?

NJ = http://www.meetup.com/OWASP-New-Jersey/members/?op=leaders