Difference between revisions of "San Jose"

From OWASP
Jump to: navigation, search
(Next Meeting - Thursday, August 10, 2006)
Line 1: Line 1:
 
{{Chapter Template|chaptername=San Jose|extra=The chapter leader is [mailto:brian.bertacini@owasp.org Brian Bertacini]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-sanjose|emailarchives=http://lists.owasp.org/pipermail/owasp-sanjose}}
 
{{Chapter Template|chaptername=San Jose|extra=The chapter leader is [mailto:brian.bertacini@owasp.org Brian Bertacini]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-sanjose|emailarchives=http://lists.owasp.org/pipermail/owasp-sanjose}}
  
== Next Meeting - Thursday, August 10, 2006 ==
+
== Next Meeting - Tuesday, December 19, 2006 ==
 
Open to the public, attendance is free
 
Open to the public, attendance is free
  
 
'''Agenda and Presentations:'''<br/>
 
'''Agenda and Presentations:'''<br/>
 
6:00pm – 6:30pm      Check-in and reception (food & bev)<br/>
 
6:00pm – 6:30pm      Check-in and reception (food & bev)<br/>
6:30pm – 6:40pm     Chapter announcements<br/>
+
6:30pm – 6:45pm     About OWASP, Brian Bertacini, AppSec Consulting <br/>
6:40pm 8:00pm     The Next Generation of Vulnerable Applications, Alex Stamos, iSec Partners <br/>
+
6:45pm 7:30pm     Latest Web Application Security Trends and Statistics, Jeremiah Grossman, Founder & CTO Whitehat Security<br/>
8:00pm – 8:30pm      Open discussion & Networking<br/>
+
7:30pm – 8:30pm      Open discussion & Networking<br/>
  
 
'''Venue:'''<br/>
 
'''Venue:'''<br/>
San Jose Hyatt (Airport)<br/>
+
Fujitsu Advanced Networking Solutions<br/>
1740 North First Street<br/>
+
1240 E. Arques Ave.<br/>
San Jose, CA 95112<br/>
+
Sunnyvale, CA 94085<br/>
  
  
'''The Next Generation of Vulnerable Applications'''<br/>
+
'''New Trends and Web Application Security Statistics'''<br/>
'''''Presented by: Alex Stamos, Founding Partner, iSEC Partners'''''<br/>
+
'''''Presented by: Jeremiah Grossman, Founder & CTO, WhiteHat Security'''''<br/>
'''Abstract:'''  Web Services represent a new and unexplored set of security-sensitive technologies that have been widely deployed by large companies, governments, financial institutions, and in consumer applications.  Unfortunately, the attributes that make web services attractive, such as their ease of use, platform independence, use of HTTP and powerful functionality, also make them a great target for attack. In this talk, we will explain the basic technologies (such as XML, SOAP, and UDDI) upon which web services are built, and explore the innate security weaknesses in each.  We will then demonstrate new attacks that exist in web service infrastructures, and show how classic web application attacks (SQL Injection, XSS, etc…) can be retooled to work with the next-generation of enterprise applications.
+
+
  
'''Bio:''' Alex Stamos is a founding partner of iSEC Partners - a strategic digital security organizationAlex is an experienced security engineer and consultant specializing in application security and securing large infrastructures, and has taught multiple classes in network and application securityHe is a leading researcher in the field of web application and web services security and has been a featured speaker at top industry conferences such as BlackHat, DefCon, SyScan, Microsoft BlueHat and OWASP App Sec.
+
'''Abstract:''' First Look at New Web Application Security StatisticsThe Top 10 Web Application Vulnerabilities and their  Impact on the Enterprise Web applications are the newest attack target, hitting the biggest and best brands on the InternetAnd yet, until now, there has been limited information available about the most prevalent and most severe vulnerabilities that are facilitating the rapidly rising number of attacks.
+
 
Before he helped form iSEC Partners, Alex spent two years as a Managing Security Architect with @stakeAlex performed as a technical leader on many complex and difficult assignments, including a thorough penetration test and architectural review of a 6 million line enterprise management system, a secure re-design of a multi-thousand host ASP network, and a thorough analysis and code review of a major commercial web server.  He was also one of @stake’s West Coast trainers, educating select technical audiences in advanced network and application attacks.   
+
WhiteHat Security founder and CTO, Jeremiah Grossman, will present the findings from the first WhiteHat Security Web Application Security Risk ReportBased on WhiteHat’s aggregate data from hundreds of web application assessments, Mr.Grossman's presentation will provide a first-of-its-kind look at the top vulnerabilities that attackers are exploiting at businesses across the Web.
 +
 
 +
•    Identify and discuss the top ten vulnerabilities
 +
•    Define the severity levels of web application vulnerabilities
 +
•    Present strategies for web application vulnerability management
 +
 
 +
'''Bio:''' Mr. Grossman is a world-renowned expert in Web security and a founding member of the Web Application Security Consortium.  He is a frequent speaker at industry events including the BlackHat Briefings, ISACA’s Networks Security Conference, NASA, the Air Force and Technology Conference, ISSA and DefconMr. Grossman is also a featured expert and frequent contributor on TechTarget’s SearchAppSecurity.com.
  
Alex has also worked in at a DoE National Laboratory.  He holds a BS in Electrical Engineering and Computer Science from the University of California, Berkeley, where he participated in research projects related to distributed secure storage and automatic C code auditing.   
 
 
 
Please RSVP to via email [mailto:brian.bertacini@owasp.org Brian Bertacini], call 408-979-0571 or visit [http://owasp.mollyguard.com OWASP.Mollyguard.com]
 
Please RSVP to via email [mailto:brian.bertacini@owasp.org Brian Bertacini], call 408-979-0571 or visit [http://owasp.mollyguard.com OWASP.Mollyguard.com]
  
  
 
This event is co-sponsored by [http://www.appsecconsulting.com AppSec Consulting, Inc]. and [http://www.whitehatsec.com WhiteHat Security, Inc.]
 
This event is co-sponsored by [http://www.appsecconsulting.com AppSec Consulting, Inc]. and [http://www.whitehatsec.com WhiteHat Security, Inc.]
 +
 +
Special thanks to [http://www.fsba.com Fujitsu Advanced Networking Solutions] for hosting this event.

Revision as of 01:57, 8 December 2006

OWASP San Jose

Welcome to the San Jose chapter homepage. The chapter leader is Brian Bertacini
Click here to join the local chapter mailing list.

Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is and open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

Btn donate SM.gif to this chapter or become a local chapter supporter.

Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG

Next Meeting - Tuesday, December 19, 2006

Open to the public, attendance is free

Agenda and Presentations:
6:00pm – 6:30pm Check-in and reception (food & bev)
6:30pm – 6:45pm About OWASP, Brian Bertacini, AppSec Consulting
6:45pm – 7:30pm Latest Web Application Security Trends and Statistics, Jeremiah Grossman, Founder & CTO Whitehat Security
7:30pm – 8:30pm Open discussion & Networking

Venue:
Fujitsu Advanced Networking Solutions
1240 E. Arques Ave.
Sunnyvale, CA 94085


New Trends and Web Application Security Statistics
Presented by: Jeremiah Grossman, Founder & CTO, WhiteHat Security

Abstract: First Look at New Web Application Security Statistics. The Top 10 Web Application Vulnerabilities and their Impact on the Enterprise Web applications are the newest attack target, hitting the biggest and best brands on the Internet. And yet, until now, there has been limited information available about the most prevalent and most severe vulnerabilities that are facilitating the rapidly rising number of attacks.

WhiteHat Security founder and CTO, Jeremiah Grossman, will present the findings from the first WhiteHat Security Web Application Security Risk Report. Based on WhiteHat’s aggregate data from hundreds of web application assessments, Mr.Grossman's presentation will provide a first-of-its-kind look at the top vulnerabilities that attackers are exploiting at businesses across the Web.

• Identify and discuss the top ten vulnerabilities • Define the severity levels of web application vulnerabilities • Present strategies for web application vulnerability management

Bio: Mr. Grossman is a world-renowned expert in Web security and a founding member of the Web Application Security Consortium. He is a frequent speaker at industry events including the BlackHat Briefings, ISACA’s Networks Security Conference, NASA, the Air Force and Technology Conference, ISSA and Defcon. Mr. Grossman is also a featured expert and frequent contributor on TechTarget’s SearchAppSecurity.com.

Please RSVP to via email Brian Bertacini, call 408-979-0571 or visit OWASP.Mollyguard.com


This event is co-sponsored by AppSec Consulting, Inc. and WhiteHat Security, Inc.

Special thanks to Fujitsu Advanced Networking Solutions for hosting this event.