Difference between revisions of "Omaha"

From OWASP
Jump to: navigation, search
(Rearranged events and fixed wording on chapter meetings section.)
(Thursday, Dec 18, 2014 - Visit the SWAMP)
 
(24 intermediate revisions by the same user not shown)
Line 1: Line 1:
{{Chapter Template|chaptername=Omaha|extra=The chapter leaders are John Rogers, [mailto:zac.fowler@owasp.org Zac Fowler], [mailto:rob.temple@owasp.org Rob Temple], and Fred Donovan.
+
{{Chapter Template|chaptername=Omaha|extra=The chapter leaders are [mailto:john.rogers@owasp.org John Rogers], [mailto:zac.fowler@owasp.org Zac Fowler], [mailto:rob.temple@owasp.org Rob Temple], Fred Donovan, and [mailto:micae.born@owasp.org Michael Born].
  
 
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-omaha|emailarchives=http://lists.owasp.org/pipermail/owasp-omaha}}
 
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-omaha|emailarchives=http://lists.owasp.org/pipermail/owasp-omaha}}
Line 108: Line 108:
  
  
== Upcoming Events ==
+
=== Thu June 12, 2014 - '''OWASP in Payment Card Security:  Secure Coding, OWASP, and PCI 3.0 DSS Requirement 6''' ===
  
We have not scheduled our next chapter meeting just yet. Check back soon.
+
Presented by Rob Temple, Joel vanBrandwijk, and Ryan Misek from Mutual of Omaha
  
OWASP Omaha will however be presenting at the OCIO conference in June.
+
Data breaches and payment card compromises are more frequent, high-profile, and damaging.  The every day consumer has been hit by large data breaches at Target, Michaels, and Aaron Brothers, among others.  People all around us can testify to the effects of millions of credit cards in the wrong hands.  It has become commonplace.
 +
 
 +
The PCI Security Standards Council (PCI SSC) security standards has recently released a new and improved set of requirements and standards for any organization that processes, transmits, or stores payment card data.  PCI DSS' infamous Requirement 6 focuses on secure systems and applications, including secure coding and web application firewalls.  OWASP has been noted in the PCI DSS as a trusted resource for secure coding and application vulnerability management.  Join us for our next OWASP Omaha chapter meeting as we explore the some of these resources and discuss ways that OWASP can help meet this requirement.
 +
 
 +
Rob Temple is an information security analyst with Mutual of Omaha.  He has been a software solutions developer for over 15 years working primarily with the.NET/Java languages.  His recent web app projects include security based tools in the identity management space.  Prior to Mutual of Omaha, Rob worked as an infosec consultant, performing PCI DSS and HIPAA security assessments for financial institutions and higher education organizations.  He also has experience with web application pentesting and appsec consulting.  Rob initiated the reactivation of the OWASP Omaha Chapter with the encouragement of OWASP Executive Director, Sarah Baso in 2011,  He currently serves as a member of the leadership team.
 +
 
 +
'''Location''': The Peter Kiewit Institute, Univ. of Nebraska at Omaha's Pacific Street Campus, 1110 S. 67th Street, Omaha, NE 68182, Room **164**.  <br>
 +
'''Time''': 12:00 - 1:00 PM. The room will open at 11:45AM.<br>
 +
'''RSVP for Food Counts''': https://www.eventbrite.com/e/owasp-in-payment-card-security-secure-coding-owasp-pci-30-dss-req-6-tickets-11741110979'''<br>
 +
'''Parking and lunch''': Pizza will be provided by the College of IS&T (so please RSVP).  Contact zac dot fowler at owasp dot org if you need a parking pass.<br>
 +
'''Google+ Hangout''': Watch the video here: https://www.youtube.com/watch?v=oe2ngtR2mJU
 +
 
 +
Slides available here: https://drive.google.com/folderview?id=0B4t_HSHrO2GxRHpDc2tGZ2szZUk&usp=sharing
 +
 
 +
 
 +
=== Thu Oct 9, 2014 - '''Securing Android: Tips from a First-Time Builder and OWASP Put to the Test''' ===
 +
 
 +
Presented by Zac Fowler, UNO's College of Information Science and Technology
 +
 
 +
As a web developer, jumping over to building for mobile platforms like Android and iOS is a very attractive option.  The worlds aren't all that far apart form each other.  You may have tried it yourself.  What are the security implications that you should think about, jumping over from a web-based world to a native platform for the first time?  Join Zac Fowler as he walks through his experience building an Android app, then applies the OWASP Mobile Top Ten and feedback from experienced Breakers to the project.  Zac will go over common app use cases such as local storage and API communication, pitfalls he found, as well as remediations for first-timers.  To close, he will share how the steps he used can be applied to (almost) any project, and how OWASP plays a role in incrementally improving the way you approach security.
 +
 
 +
Zac Fowler is a developer and project manager at UNO's College of Information Science and Technology, in charge of a student development group known as the IS&T Attic.  He as been programming for the web since the late 90s and loves learning new technologies. Zac currently serves as a co-leader of the OWASP Omaha chapter.
 +
 
 +
 
 +
 
 +
'''Location''': The Peter Kiewit Institute, Univ. of Nebraska at Omaha's Pacific Street Campus, 1110 S. 67th Street, Omaha, NE 68182, Room 279.  <br>
 +
'''Time''': 12:00 - 1:00 PM. The room will open at 11:45AM.<br>
 +
'''RSVP for Food Counts''': https://www.eventbrite.com/e/securing-android-tips-from-a-first-time-builder-and-owasp-put-to-the-test-tickets-13407611527'''<br>
 +
'''Lunch''': Pizza will be provided by the College of IS&T (so please RSVP).  <br>
 +
'''Slides''': Presentation materials can be found here: https://drive.google.com/folderview?id=0B4t_HSHrO2GxeGxaTmhRdDNISGc&usp=sharing<br>
 +
'''Video''': Video for the event can be found here: http://youtu.be/6LsxjRPAogM?t=7m59s
 +
 
 +
 
 +
 
 +
=== Wed Nov 19, 2014 - '''NEbraskaCERT CSF Joint Meeting - Security Q&A Panel''' ===
 +
 
 +
Hosted by NEbraskaCERT
 +
 
 +
Every November for the last several years NEbraskaCERT & ISACA Omaha have hosted a joint meeting which is a Security Panel Q & A.  This year Omaha- OWASP is going to be joining in as well.  These are always a fun way to finish out the year and are a great chance to see some people we don't very often.
 +
 
 +
Join us for this special November join meeting, where you will be able to interact with a panel of local security professionals.  Lunch is provided (please RSVP), and CPEs are available. This meeting will not be streamed, so hope to see you in person!
 +
 
 +
Panelists:
 +
      Sharon Welna -Information Security Officer at UNMC
 +
      Vlad Liska - Director of Operational Risk & Controls TD Ameritrade
 +
      Chet Uber - Director Project Vigilant LLC
 +
      Waton, Larry - Information Security Officer - First Data Technologies
 +
      Gary Sparks - Faculty Metropolitan Community College
 +
      *Panel is subject to change; alternates are on standby.
 +
 
 +
 
 +
 
 +
'''Location''':  Johnny's Cafe, 4702 South 27th Street, Omaha, NE<br>
 +
'''Time''': 11:30 AM - 1:00 PM<br>
 +
'''RSVP / Lunch / CPE''': Provided, so please RSVP to csfrsvp "at" NEbraskaCERT.org and provide name, company, phone and email address by Close Of Business Monday, November 17th<br>
 +
'''More Information''': http://www.nebraskacert.org/CSF/
 +
 
 +
Note #1:  If you need a **CPE** form please let us know when you RSVP.
 +
 
 +
Note #2: This is the last NEbraskaCERT event for the year.  They'll be taking December off as usual.  NEbraskaCERT regular meetings will continue to be held on the third Wednesday of each month, starting again in the new year.
 +
 
 +
 
 +
=== Thursday, Dec 18, 2014 - '''Visit the SWAMP''' ===
 +
 
 +
The Software Assurance Marketplace (SWAMP) is an open initiative that brings together goals for advancing the quality and adoption rate of security software tools, lowering thresholds for use, and making their output easier to interpret, by creating a repository of tools and and resources for all.
 +
 
 +
From the SWAMP website:
 +
"Researchers who develop new software assurance tools and methodologies will use the repositories and cyberinfrastructure offered by the marketplace to improve their technologies and tools, while software developers and adopters will use the same services to hunt for vulnerabilities in their software. Educators will use these services to offer hands-on experience in software assurance techniques to their students."
 +
 
 +
For our December meeting, OWASP Omaha will be providing an introduction of SWAMP by its leaders via live WebEx, followed by a discussion about the marketplace and how we could all benefit.
 +
 
 +
As always, networking and CPEs available*!
 +
 
 +
 
 +
'''Location''': The Peter Kiewit Institute, Univ. of Nebraska at Omaha's Pacific Street Campus, 1110 S. 67th Street, Omaha, NE 68182, Room 279.  <br>
 +
'''CPEs''': We've been asked about CPEs for those who have attended online.  At this time we (as a chapter) don't have a mechanism to validate CPEs while you watch remotely without extra effort.  We're trusting our audience is an honest bunch, so if you join via the WebEx this month, shoot an email to zac dot fowler at owasp.org right after the event.  It would be good to include a line or two so we know you were listening.  We can add that to our meeting CPE roster for audit purposes.  Thanks for understanding!
 +
 
 +
'''WebEx Details'''
 +
Screencap available soon.
 +
SWAMP notes available at https://docs.google.com/document/d/1zew3VdaIFWxYolj8qO3Rg5IKxp_pPBqFZNC1zpFfxAw/edit?usp=sharing
 +
 
 +
== Upcoming Events ==
  
 +
Check back in mid-January for our 2015 schedule of events! Happy New Year!
  
 
[[Category:Nebraska]]
 
[[Category:Nebraska]]
  
 
[[Category:OWASP Chapter|Omaha]]
 
[[Category:OWASP Chapter|Omaha]]

Latest revision as of 12:26, 1 January 2015

OWASP Omaha

Welcome to the Omaha chapter homepage. The chapter leaders are John Rogers, Zac Fowler, Rob Temple, Fred Donovan, and Michael Born.
Click here to join the local chapter mailing list.

Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is and open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

Btn donate SM.gif to this chapter or become a local chapter supporter.

Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG



Chapter Meetings

Everyone is welcome to join us at our chapter meetings!

Follow us on Twitter! https://www.twitter.com/owaspomaha

Typically, we meet at UNO's Peter Kiewit Institute over the noon hour during the last month of each quarter.

We also use Google+ Hangouts OnAir to stream our presentations live!


Past Events

Thu Mar 7, 2013 - Welcome to OWASP Omaha!


-Presenters, OWASP Omaha Chapter Leadership
-Thursday, March 7th, 12:00 noon - 1:00 P.M., Bellevue University
-Durham Student Center (building #6). Park in Lot D. Check out the map here: [1].
-Meet the chapter leaders and learn more about OWASP Omaha

Thu Jun 6, 2013 - Web Application Security - So many tools, so little time


Presenter, John M. Rogers, Senior Application Security Engineer, Lincoln Financial Group

This talk focuses on the first three candidates of the 2013 OWASP Top 10. John will demonstrate attack examples, common tools to find these flaws, and consequences that occur without remediation or mitigating controls.

John Rogers is a Senior Application Security Engineer working in the Security Assurance department at Lincoln Financial Group.  Previously John worked as a Lead Security Engineer at ACI Worldwide, Inc.  John is one of the unique Application Security Professionals with over 20 years of experience in all aspects of the Software Development Lifecycle (SDLC) for the Banking, Payment and Financial Services industries.  John is also a Certified Information Systems Security Professional (CISSP) and serves as President of InfraGard Nebraska


Time & Location: Thursday, June 6, 12PM. Peter Kiewit Institute, Room 279. (67th and Pacific in Omaha) RSVP and view more details on our EventBrite page: https://www.eventbrite.com/event/6952516163



Thu Sep 12, 2013 - The OWASP Way: Understanding the OWASP Vision and the Top Ten


Presenter, Scott Christiansen, Software Security Engineer, TD Ameritrade

Scott a Software Security Engineer for TD Ameritrade.  In this role he provides static and dynamic application assessments for over 250 TD Ameritrade front end, back end and mobile applications.  Prior to this Scott was the Lead Analyst for TD Ameritrade’s Security Event Center which coordinates incident response within TD Ameritrade.  In addition to this Scott is also an Adjunct Instructor for ITT Technical Institute’s Bachelors of Information Security program, and an adjunct Professor for Bellevue University’s Masters of Cyber Security Program.  Prior to his current role with Scott was the Chief Security Officer for the Leo A Daly Company.  Scott is also a Past President of Nebraska InfraGard, and a graduate of the FBI Citizen’s Academy.  Scott received his Bachelor’s Degree in 2003 from Bellevue University in Business Information Systems and his Master’s Degree from the University of Nebraska Omaha in the Management of Information Systems.  Upon Graduation Scott was the recipient of the 2007-2008 Outstanding Graduate Student in Information Systems & Quantitative Analysis.  Scott is a current CISSP holder in addition to numerous other certification’s from CompTIA and Microsoft.

Time & Location: Thursday, Sept 12th, 12PM. TriPointe Coffeehouse, http://tripointecoffeehouse.com/, 138 N. Washington Street Papillion, NE 68046

Download Scott's Slides


Thu Dec 5, 2013 - Mobile Application Security Assessments


Presenter, Michael Born, Solutionary

As the world becomes increasingly more 'connected', our digital lives get transmitted through various types of applications including mobile devices. Besides that, the bring your own device debate among security professionals within corporate enterprise environments, maintaining confidentiality, availability, and integrity of data transmitted through these devices must be a continued focus of the security community.

In this presentation, Michael Born, an Associate Security Consultant with Solutionary will walk through a step by step demonstration of setting up and performing a mobile application security assessment on both Android and iOS. Included in the presentation will be an example iOS Security Assessment performed by Michael along with a hands on walk through of a Jailbroken iOS device file system.

Check out a warm-up video at our youtube channel: http://www.youtube.com/watch?v=VRnj816ec-8. This video walks through some set up step so that we're on the same page for the presentation!


-Peter Kiewit Institute, 1110 S. 67th Street, Omaha, NE 68182, Room 279. 12:00 - 1:00 PM. The room will open at 11:45AM.
-Pizza will be provided on a first-come first-serve basis
-UNO has open parking that week, so you will not need to worry about obtaining a pass.

RSVP on EventBrite</b> at http://www.eventbrite.com/e/mobile-application-security-assessments-tickets-9326244047?aff=eorg



Thu Mar 13, 2014 - Vetting Third Party Vendor Applications

Presenter: John Rogers
This presentation will discuss how to acquire and validate information that will provide assurance that your third party vendor applications adhere to your standards and are free from the common web application vulnerabilities. The discussion will also include what basic requirements are needed to accept a web application security assessment report from an independent security assessment firm.

John will hit points covering:
- 3rd Party Vendor Assessment Requirements - 3rd Party Vendor Assessment Public Facing Document - 3rd Party Vendor Application Security Standards


Location: -Peter Kiewit Institute, 1110 S. 67th Street, Omaha, NE 68182, Room 350.
Time: 12:00 - 1:00 PM. The room will open at 11:45AM.

RSVP on EventBrite at https://www.eventbrite.com/e/vetting-third-party-vendor-applications-tickets-9617944531 </b>

Parking: Email zac.fowler@owasp.org for a parking pass for the talk. **A copy was attached on the reminder sent to OWASP Omaha mailing list -- check your inbox.

Screencast: Google+ Hangout link will be posted prior to start via OWASP Omaha mailing list and twitter feed. Here's the link: http://youtu.be/Z5gcT53Wydc

""Files"": You can download the files from this presentation here: https://drive.google.com/folderview?id=0B4t_HSHrO2GxZ1N6OUxVYXE2Q2M&usp=sharing


Sat Mar 29 2014 - Web Application Security - So many tools, so little time Redux


Presenter, John M. Rogers, Senior Application Security Engineer, Lincoln Financial Group

Location: Nebraska Code Camp 2014

This talk focuses on the first three candidates of the 2013 OWASP Top 10. John will demonstrate attack examples, common tools to find these flaws, and consequences that occur without remediation or mitigating controls.

John Rogers is a Senior Application Security Engineer working in the Security Assurance department at Lincoln Financial Group.  Previously John worked as a Lead Security Engineer at ACI Worldwide, Inc.  John is one of the unique Application Security Professionals with over 20 years of experience in all aspects of the Software Development Lifecycle (SDLC) for the Banking, Payment and Financial Services industries.  John is also a Certified Information Systems Security Professional (CISSP) and serves as President of InfraGard Nebraska

Note: This is a talk at the Nebraska Code Camp - http://nebraskacodecamp.com


Thu June 12, 2014 - OWASP in Payment Card Security: Secure Coding, OWASP, and PCI 3.0 DSS Requirement 6

Presented by Rob Temple, Joel vanBrandwijk, and Ryan Misek from Mutual of Omaha

Data breaches and payment card compromises are more frequent, high-profile, and damaging. The every day consumer has been hit by large data breaches at Target, Michaels, and Aaron Brothers, among others. People all around us can testify to the effects of millions of credit cards in the wrong hands. It has become commonplace.

The PCI Security Standards Council (PCI SSC) security standards has recently released a new and improved set of requirements and standards for any organization that processes, transmits, or stores payment card data. PCI DSS' infamous Requirement 6 focuses on secure systems and applications, including secure coding and web application firewalls. OWASP has been noted in the PCI DSS as a trusted resource for secure coding and application vulnerability management. Join us for our next OWASP Omaha chapter meeting as we explore the some of these resources and discuss ways that OWASP can help meet this requirement.

Rob Temple is an information security analyst with Mutual of Omaha. He has been a software solutions developer for over 15 years working primarily with the.NET/Java languages. His recent web app projects include security based tools in the identity management space. Prior to Mutual of Omaha, Rob worked as an infosec consultant, performing PCI DSS and HIPAA security assessments for financial institutions and higher education organizations. He also has experience with web application pentesting and appsec consulting. Rob initiated the reactivation of the OWASP Omaha Chapter with the encouragement of OWASP Executive Director, Sarah Baso in 2011, He currently serves as a member of the leadership team.

Location: The Peter Kiewit Institute, Univ. of Nebraska at Omaha's Pacific Street Campus, 1110 S. 67th Street, Omaha, NE 68182, Room **164**.
Time: 12:00 - 1:00 PM. The room will open at 11:45AM.
RSVP for Food Counts: https://www.eventbrite.com/e/owasp-in-payment-card-security-secure-coding-owasp-pci-30-dss-req-6-tickets-11741110979
Parking and lunch: Pizza will be provided by the College of IS&T (so please RSVP). Contact zac dot fowler at owasp dot org if you need a parking pass.
Google+ Hangout: Watch the video here: https://www.youtube.com/watch?v=oe2ngtR2mJU

Slides available here: https://drive.google.com/folderview?id=0B4t_HSHrO2GxRHpDc2tGZ2szZUk&usp=sharing


Thu Oct 9, 2014 - Securing Android: Tips from a First-Time Builder and OWASP Put to the Test

Presented by Zac Fowler, UNO's College of Information Science and Technology

As a web developer, jumping over to building for mobile platforms like Android and iOS is a very attractive option. The worlds aren't all that far apart form each other. You may have tried it yourself. What are the security implications that you should think about, jumping over from a web-based world to a native platform for the first time? Join Zac Fowler as he walks through his experience building an Android app, then applies the OWASP Mobile Top Ten and feedback from experienced Breakers to the project. Zac will go over common app use cases such as local storage and API communication, pitfalls he found, as well as remediations for first-timers. To close, he will share how the steps he used can be applied to (almost) any project, and how OWASP plays a role in incrementally improving the way you approach security.

Zac Fowler is a developer and project manager at UNO's College of Information Science and Technology, in charge of a student development group known as the IS&T Attic. He as been programming for the web since the late 90s and loves learning new technologies. Zac currently serves as a co-leader of the OWASP Omaha chapter.


Location: The Peter Kiewit Institute, Univ. of Nebraska at Omaha's Pacific Street Campus, 1110 S. 67th Street, Omaha, NE 68182, Room 279.
Time: 12:00 - 1:00 PM. The room will open at 11:45AM.
RSVP for Food Counts: https://www.eventbrite.com/e/securing-android-tips-from-a-first-time-builder-and-owasp-put-to-the-test-tickets-13407611527
Lunch: Pizza will be provided by the College of IS&T (so please RSVP).
Slides: Presentation materials can be found here: https://drive.google.com/folderview?id=0B4t_HSHrO2GxeGxaTmhRdDNISGc&usp=sharing
Video: Video for the event can be found here: http://youtu.be/6LsxjRPAogM?t=7m59s


Wed Nov 19, 2014 - NEbraskaCERT CSF Joint Meeting - Security Q&A Panel

Hosted by NEbraskaCERT

Every November for the last several years NEbraskaCERT & ISACA Omaha have hosted a joint meeting which is a Security Panel Q & A. This year Omaha- OWASP is going to be joining in as well. These are always a fun way to finish out the year and are a great chance to see some people we don't very often.

Join us for this special November join meeting, where you will be able to interact with a panel of local security professionals. Lunch is provided (please RSVP), and CPEs are available. This meeting will not be streamed, so hope to see you in person!

Panelists:

     Sharon Welna -Information Security Officer at UNMC
     Vlad Liska - Director of Operational Risk & Controls TD Ameritrade
     Chet Uber - Director Project Vigilant LLC
     Waton, Larry - Information Security Officer - First Data Technologies
     Gary Sparks - Faculty Metropolitan Community College
     *Panel is subject to change; alternates are on standby.


Location: Johnny's Cafe, 4702 South 27th Street, Omaha, NE
Time: 11:30 AM - 1:00 PM
RSVP / Lunch / CPE: Provided, so please RSVP to csfrsvp "at" NEbraskaCERT.org and provide name, company, phone and email address by Close Of Business Monday, November 17th
More Information: http://www.nebraskacert.org/CSF/

Note #1: If you need a **CPE** form please let us know when you RSVP.

Note #2: This is the last NEbraskaCERT event for the year. They'll be taking December off as usual. NEbraskaCERT regular meetings will continue to be held on the third Wednesday of each month, starting again in the new year.


Thursday, Dec 18, 2014 - Visit the SWAMP

The Software Assurance Marketplace (SWAMP) is an open initiative that brings together goals for advancing the quality and adoption rate of security software tools, lowering thresholds for use, and making their output easier to interpret, by creating a repository of tools and and resources for all.

From the SWAMP website: "Researchers who develop new software assurance tools and methodologies will use the repositories and cyberinfrastructure offered by the marketplace to improve their technologies and tools, while software developers and adopters will use the same services to hunt for vulnerabilities in their software. Educators will use these services to offer hands-on experience in software assurance techniques to their students."

For our December meeting, OWASP Omaha will be providing an introduction of SWAMP by its leaders via live WebEx, followed by a discussion about the marketplace and how we could all benefit.

As always, networking and CPEs available*!


Location: The Peter Kiewit Institute, Univ. of Nebraska at Omaha's Pacific Street Campus, 1110 S. 67th Street, Omaha, NE 68182, Room 279.
CPEs: We've been asked about CPEs for those who have attended online. At this time we (as a chapter) don't have a mechanism to validate CPEs while you watch remotely without extra effort. We're trusting our audience is an honest bunch, so if you join via the WebEx this month, shoot an email to zac dot fowler at owasp.org right after the event. It would be good to include a line or two so we know you were listening. We can add that to our meeting CPE roster for audit purposes. Thanks for understanding!

WebEx Details Screencap available soon. SWAMP notes available at https://docs.google.com/document/d/1zew3VdaIFWxYolj8qO3Rg5IKxp_pPBqFZNC1zpFfxAw/edit?usp=sharing

Upcoming Events

Check back in mid-January for our 2015 schedule of events! Happy New Year!