Difference between revisions of "San Jose"

From OWASP
Jump to: navigation, search
(Next Meeting - Wednesday, July 25, 2007)
Line 1: Line 1:
 
{{Chapter Template|chaptername=San Jose|extra=The chapter leader is [mailto:brian.bertacini@owasp.org Brian Bertacini]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-sanjose|emailarchives=http://lists.owasp.org/pipermail/owasp-sanjose}}
 
{{Chapter Template|chaptername=San Jose|extra=The chapter leader is [mailto:brian.bertacini@owasp.org Brian Bertacini]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-sanjose|emailarchives=http://lists.owasp.org/pipermail/owasp-sanjose}}
  
== Next Meeting - Thursday, April 12, 2007 ==
+
== Next Meeting - Wednesday, July 25, 2007 ==
 
Open to the public, attendance is free
 
Open to the public, attendance is free
  
 
'''Agenda and Presentations:'''<br/>
 
'''Agenda and Presentations:'''<br/>
 
6:00pm - 6:30pm ... Check-in and reception (food & bev)<br/>
 
6:00pm - 6:30pm ... Check-in and reception (food & bev)<br/>
6:30pm - 7:30pm ... Past, Present and Future of Web Application Security in PCI - Bernie Weidel<br/>
+
6:30pm - 8:00pm ... Attacking XML Security - Brad Hill<br/>
7:30pm - 8:30pm ... Top Web Application Vulnerabilities, Exploits and Countermeasures - Josh Daymont<br/>
+
8:00pm - 8:15pm ... Upcoming Security Workshops - Brian Bertacini<br/>
 +
8:15pm - 8:35pm ... Networking Session<br/>
  
 
'''Venue:'''<br/>
 
'''Venue:'''<br/>
Line 16: Line 17:
  
  
'''Past, Present and Future of Web Application Security in PCI'''<br/>
+
'''Attacking XML Security'''<br/>
'''''Presented by: Bernie Weidel - PCI Product Manager, Qualys'''''<br/>
+
'''''Presented by: Brad Hill, iSEC Partners'''''<br/>
  
 
'''Abstract:'''  
 
'''Abstract:'''  
This presentation will start off with a holistic view of Ecommerce Data Security in contrast to the overall scope of Fraud in the Financial Services Industry, thereby giving insights as to why the PCI DSS was created by the Credit Card Brands and developed into its current form. Next, we will explore the current state of Web Application Security in the PCI DSS v1.1 and attempt to bring clarity to some of the more confusing items. We will also outline the structure of the PCI DSS Council; reviewing its key concepts and requirements. Lastly, we will outline methods you can use to proactively get involved in shaping future versions of the PCI DSS.<br/>
+
Brad will present his ongoing research into attacking the XML Digital Signature and Encryption standards that underpin the security  of Web Services, mobile code, SAML, federated identity systems and more. The talk will begin with a high-level, critical take on the emerging conventional wisdom about message-oriented security and continue with a detailed discussion of design and implementation weaknesses in the standards. Technical material will include a root cause analysis of the recent iSEC advisory on cross-platform, remote code execution vulnerabilities discovered in multiple XML Digital Signature products. <br/>
  
'''Bio:''' Bernie Weidel, Product Manager for QualysGuard PCI is responsible for evaluating customer/partner requirements, integrating them into the product, and driving PCI to market. Bernie has been developing methods to achieve and evidence compliance since 2000, when he designed a HIPAA compliance program for Scarborough Insurance Agency. Prior to joining Qualys, Bernie was an Infrastructure Security Project Manager at Adobe Systems where he implemented, managed and streamlined SOX and PCI compliance programs. He was also responsible for various aspects of security such as Web Application Security, Database Security, PDA Security and Vulnerability Management. Before Adobe, Bernie worked for Symbol Wireless Technologies as a Wireless Systems Analyst; designing, installing and troubleshooting/fine tuning Enterprise Wireless Networks.
+
'''Bio:''' Based out of Seattle, Brad Hill is a Senior Security Consultant at iSEC Partners, a full-service security consulting firm that provides penetration testing, secure systems development, security education and software design verification.   Brad brings a ten year background as a software developer and architect in the technology and financial services sectors to his work at iSEC, where he does design review, application assessment and development lifecycle improvement for some of the world’s leading software companies.
 
<br/>
 
<br/>
 
<br/>
 
<br/>
 
<br/>
 
<br/>
'''Top Web Application Vulnerabilities, Exploits and Countermeasures'''<br/>
 
'''''Presented by: Josh Daymont - Sr. Security Consultant, Fortify'''''<br/>
 
  
'''Abstract:'''
+
'''Upcoming Security Workshops'''<br/>
This presentation will take a look at Web Application Security from the Front lines to the back offices of systems development. First, a look at the top vulnerabilities and how are they exploited. Then look beyond the front lines and explore countermeasures that can be implemented during the development process to protect applications and sensitive data after deployment.<br/>
+
'''''Presented by: Brian Bertacini, Volunteer Chapter Organizer'''''<br/>
 
+
 
+
 
+
 
+
'''About OWASP'''<br/>
+
'''''Presented by: Brian Bertacini, Volunteer chapter organizer'''''<br/>
+
  
'''Abstract:''' An overview of the Open Web Application Security Project (OWASP), current projects and feedback from the recent WebAppSec Conference in Seattle.
+
'''Abstract:''' Introduce local volunteer expert trainers that are planning web application and infrastructure security workshops.
  
 
Please RSVP to via email [mailto:brian.bertacini@owasp.org Brian Bertacini], call 408-979-0571 or visit [http://owasp.mollyguard.com OWASP.Mollyguard.com]
 
Please RSVP to via email [mailto:brian.bertacini@owasp.org Brian Bertacini], call 408-979-0571 or visit [http://owasp.mollyguard.com OWASP.Mollyguard.com]
  
Special thanks to [http://www.aribe.com Ariba] for hosting this event.
+
Special thanks to [http://www.ariba.com Ariba] for hosting this event and to [http://www.appsecconsulting.com AppSec Consulting] and [http://www.isecpartners.com iSEC Partners] for sponsoring.

Revision as of 13:20, 13 July 2007

OWASP San Jose

Welcome to the San Jose chapter homepage. The chapter leader is Brian Bertacini
Click here to join the local chapter mailing list.

Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is and open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

Btn donate SM.gif to this chapter or become a local chapter supporter.

Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG

Next Meeting - Wednesday, July 25, 2007

Open to the public, attendance is free

Agenda and Presentations:
6:00pm - 6:30pm ... Check-in and reception (food & bev)
6:30pm - 8:00pm ... Attacking XML Security - Brad Hill
8:00pm - 8:15pm ... Upcoming Security Workshops - Brian Bertacini
8:15pm - 8:35pm ... Networking Session

Venue:
Ariba
807 11th Avenue
Sunnyvale, Ca 94089
Map and Directions


Attacking XML Security
Presented by: Brad Hill, iSEC Partners

Abstract: Brad will present his ongoing research into attacking the XML Digital Signature and Encryption standards that underpin the security of Web Services, mobile code, SAML, federated identity systems and more. The talk will begin with a high-level, critical take on the emerging conventional wisdom about message-oriented security and continue with a detailed discussion of design and implementation weaknesses in the standards. Technical material will include a root cause analysis of the recent iSEC advisory on cross-platform, remote code execution vulnerabilities discovered in multiple XML Digital Signature products.

Bio: Based out of Seattle, Brad Hill is a Senior Security Consultant at iSEC Partners, a full-service security consulting firm that provides penetration testing, secure systems development, security education and software design verification. Brad brings a ten year background as a software developer and architect in the technology and financial services sectors to his work at iSEC, where he does design review, application assessment and development lifecycle improvement for some of the world’s leading software companies.


Upcoming Security Workshops
Presented by: Brian Bertacini, Volunteer Chapter Organizer

Abstract: Introduce local volunteer expert trainers that are planning web application and infrastructure security workshops.

Please RSVP to via email Brian Bertacini, call 408-979-0571 or visit OWASP.Mollyguard.com

Special thanks to Ariba for hosting this event and to AppSec Consulting and iSEC Partners for sponsoring.