Orange County

Revision as of 13:16, 23 November 2009 by Nmatatal (Talk | contribs)

Jump to: navigation, search

OWASP Orange County

Welcome to the Orange County chapter homepage. The chapter leaders are Neil Matatall, Kartik Trivedi, and Alex Smolen

funds to OWASP earmarked for Orange County.

Click here to join the local chapter mailing list.


OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.


Btn donate SM.gif to this chapter or become a local chapter supporter.

Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG The chapter leaders are Neil Matatall, Kartik Trivedi, and Alex Smolen.

Local News

Future Meetings

Thursday December 17th 2009


Title: Pulling the Plug: Security Risks in the Next Generation of Offline Web Applications

As the line between desktop and web applications becomes increasingly blurry in a web 2.0 world, browser functionality is being pushed well beyond what it was originally intended for. Persistent client side storage has become a requirement for web applications if they are to be available both online and off. This need is being filled by a variety of technologies such as Gears (formerly Google Gears) and the Database Storage functionality included in the emerging HTML 5 specification. While all such technologies offer great promise, it is clear that the vast majority of developers simply do not understand their security implications.

Researching a variety of currently deployed implementations of these technologies has revealed a broad scope of vulnerabilities with frightening implications. Now attackers can target victims not just once, but every time they visit a site as the victim now carries and stores the attack with them. Imagine a scenario whereby updated confidential information is forwarded to an attacker every time a victim interacts with a given we application. The attacker no longer needs to worry about timing their attacks to ensure that the victim is authenticated as the victim attacks himself! Limited storage? Cookies that expire? Not a problem when entire databases are accessible with virtually unlimited storage and an infinite lifespan. Think these attacks are theoretical? Think again. In this talk we dive into these technologies and break down the risk posed by them when not properly understood. We will then detail a variety of real-world vulnerabilities that have been uncovered, including a new class of cross-site scripting and client-side SQL injection.


Michael Sutton Vice President, Security Research – Zscaler

Michael Sutton has spent more than a decade in the security industry conducting leading-edge research, building teams of world-class researchers and educating others on a variety of security topics. As VP of Security Research, Michael heads Zscaler Labs, the research and development arm of the company. Zscaler Labs is responsible for researching emerging topics in web security and developing innovative security controls, which leverage the Zscaler in-the-cloud model. The team is comprised of researchers with a wealth of experience in the security industry.

Prior to joining Zscaler, Michael was the Security Evangelist for SPI Dynamics where, as an industry expert, he was responsible for researching, publishing and presenting on various security issues. In 2007, SPI Dynamics was acquired by Hewlett-Packard. Previously, Michael was a Research Director at iDefense where he led iDefense Labs, a team responsible for discovering and researching security vulnerabilities in a variety of technologies. iDefense was acquired by VeriSign in 2005. Michael is a frequent speaker at major information security conferences; he is regularly quoted by the media on various information security topics, has authored numerous articles and is the co-author of Fuzzing: Brute Force Vulnerability Discovery, an Addison-Wesley publication.

Thursday, January 21st 2010

The first meeting of the month will include a presentation by the folks at NetSPI. Location TBD, most likely at the UC Irvine campus on the side of Campus Drive. Park in the parking lots across the street from campus (where it's free) and walk to the classroom.

Previous Meetings

October 14th 2009

Separate meetings will be held for OWASP OC and OWASP@UCI (student group).

When: Wednesday 10/14 7:30PM Where: Steelhead Brewery Topics: News, Ideas, Chit-chat

This is a restaurant/bar with plenty of seating, but room for a projector is out of the question so this would be an informal round table discussion.

I have a presentation I'm working on regarding WAFs and Vulnerability Assessment Tools. If it pleases the group, I'd love to go over the presentation and discuss everyone's experiences. Also, it's a great way to get feedback :)


I'm open to suggestions of any kind: location, time, topics, etc

Thursday, September 17th, 2009 7:30PM

Location: UC Irvine Building: Calit2 building,building number 325 in quadrant H8 on the UC Irvine Map Room: 3008

Parking will be $7. Please park in the Anteater Parking Structure

I can only unofficially say that if you park in the nearby shopping centers and walk, you may be able to park for free.

  • The Rise of Threat Analysis and the Fall of Compliance, Policies, and Standards in mitigating Web Application Security Risks

Apr 30, 2009 6:30PM-8:30PM

Brooklyn Pizza Works, 1235 East Imperial Highway, Placentia, CA

Google Map

Our fourth OC OWASP meeting will be an informal, roundtable discussion of current application security issues. Feel free to bring some ideas, code, slides, etc to contribute to the discussion. Hope to see everyone there!

Feb 19, 2009 6:30PM-8:30PM

Brooklyn Pizza Works, 1235 East Imperial Highway, Placentia, CA

Google Map

Come talk application security at the third OWASP OC meeting. We'll discuss current application security topics and chapter issues over pizza. We have a room booked for 15-20 people so we'll be able to rant without disturbing the patrons :) See you there! Presentation Slides

Dec 17, 2008 6PM - 9PM

Microsoft Campus Room MPR1, 3 Park Plaza, Suite 1600, Irvine, CA, 92614

Google Map

This meeting will be a roundtable discussion of application security news, plus a few OWASP-themed challenges with prizes. Pizza will be provided and we'll head to the Yard House after the meeting.

Aug 27, 2008, 7 PM - 9 PM

Penny Saver

603 Valencia, Brea, CA 92822

Google Map

Come meet up with web security professionals, have some pizza, and offer your thoughts for the direction of the OC chapter at our inaugural meeting! We are looking for speakers and venue sponsors for the next meeting. If you are interested, please contact the chapter leaders. Everyone is welcome to join us at our chapter meetings.

2008 Upcoming Events

Call for Papers (CFP) is NOW OPEN ~ to submit educational topic for upcoming meeting please submit your BIO and talk abstract via email. When accepted it will be required to use the following powerpoint OWASP Template To sponsor or host a upcoming event in Orange County please contact one of the board members below via email from more information.

Orange County OWASP Board Members

Neil Matatall
Kartik Trivedi
Alex Smolen