Difference between revisions of "San Jose"

From OWASP
Jump to: navigation, search
(Next Meeting - Thursday, September 6, 2007)
(Thursday, September 6, 2007)
Line 1: Line 1:
 
{{Chapter Template|chaptername=San Jose|extra=The chapter leader is [mailto:brian.bertacini@owasp.org Brian Bertacini]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-sanjose|emailarchives=http://lists.owasp.org/pipermail/owasp-sanjose}}
 
{{Chapter Template|chaptername=San Jose|extra=The chapter leader is [mailto:brian.bertacini@owasp.org Brian Bertacini]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-sanjose|emailarchives=http://lists.owasp.org/pipermail/owasp-sanjose}}
  
== Thursday, September 6, 2007 ==
+
== Thursday, December 13, 2007 ==
 +
  
'''Pictures From the Event'''<br/>
+
OWASP Bay Area will host its next meeting at the Stanford University Alumni Association Center on Thursday, December 13As usual attendance is free and food and beverages will be provided. This will be an awesome event and a great opportunity to network with industry peers.  The event is open to the public; please forward this invite to your colleagues and friends who are interested in computer and application security. 
Garrett Gee was nice enough to take some pictures of the September 6th eventThey can be found here:<br/>
+
http://flickr.com/photos/ggee/sets/72157601905839040/
+
  
Open to the public, attendance is free<br/>
+
  
 
'''Agenda and Presentations:'''<br/>
 
'''Agenda and Presentations:'''<br/>
5:00pm – 5:30pm           Check-in and Reception (food and beverages)<br/>
+
6:00pm - 6:30pm ... Check-in and Holiday Reception (food & beverages)
5:30pm – 6:45pm          Malicious Code Injection Workshop<br/>
+
6:30pm - 7:15pm ... Ghosts in the Browser Niels Provos, Google
6:45pm 6:55pm          Break<br/>
+
7:15pm - 8:00pm ... Ph.D. Student Presentations Adam Barth & Collin Jackson, Stanford University
6:55pm – 8:10pm          Panel Discussion Privacy, Security and Breaches, Oh My!<br/>
+
8:00pm - 8:30pm ... Networking Session
8:10pm – 8:30pm           Networking Session<br/>
+
+
  
 
'''Venue:'''<br/>
 
'''Venue:'''<br/>
eBay - Town Square B<br/>
+
Stanford Alumni Association Center
2161 North First Street<br/>
+
Stanford University
San Jose, CA 95131<br/>
+
326 Galvez Street
 
+
Stanford, CA 94305
 
''Map and Directions:''<br/>
 
''Map and Directions:''<br/>
[http://maps.yahoo.com/broadband#mvt=m&q1=2211+N+1st+Street%2C+San+Jose%2C+CA&trf=0&lon=-121.921484&lat=37.377166&mag=3 Map]<br/>
+
[http://maps.yahoo.com/#mvt=m&gid1=21396976&q1=326+galvez+st%2C+stanford%2C+ca&trf=0&lon=-122.164643&lat=37.430552&mag=3]<br/>
 
+
 
+
'''Malicious Code Injection Workshop'''<br/>
+
 
+
SQL Injection, Cross-site Scripting (XSS) and other injection attacks techniques have become pervasive on the web.  This hands-on workshop takes an in-depth look at common methods used to exploit web applications.  Attendees will learn step-by-step techniques used by attackers allowing them to better understand how web applications are exploited.  Each attack method is followed up with a discussion about effective countermeasures to defend against such attacks. <br/>
+
 
+
This interactive workshop includes a victim web application that contains built-in vulnerabilities.  Attendees can bring their own laptop computers and participate in hands-on lab sessions.  The objective of this workshop is to learn secure development practices used to harden the security of applications.  Attendee participation is encouraged and door prizes will be awarded at random. <br/>
+
 
+
''Note:''  To participate in the exercise bring an 802.11b/g equipped laptop with IE or Firefox installed. No hostile code will be put on your laptop by the instructors, but do have a firewall running to protect yourself. No wired connection to the class network will be provided.<br/>
+
 
+
'''Workshop Instructors:'''<br/>
+
Siva Ram, CISA - Senior Consultant, AppSec Consulting<br/>
+
Tom Stracener - Cenzic<br/>
+
Arian Evans - WhiteHat Security<br/>
+
 
+
 
+
'''Panel Discussion: “Privacy, Security and Breaches, Oh My!” '''<br/>
+
  
This panel discussion will review the current state of information privacy and the security of web applications.  Security breaches are occurring at an alarming rate and consumers are loosing faith.  What, if anything can be done to restore confidence in e-commerce?<br/>
 
  
What can we learn from events at Card Systems are more recently Monster.com?  What can be done to ensure your company is not the next victim of a class action and/or hackers and data thieves?  Join an all-star panel of Information Privacy and Data Security professionals to better understand what’s at stake and how to stay out of the headlines. <br/>
 
  
 +
Ghosts in the Browser
 +
Presented by: Niels Provos, Ph.D., Google, Inc.
  
'''Moderator:'''          Alex Stamos, iSEC Partners<br/>
+
Abstract: As more users are connected to the Internet and conduct their daily activities electronically, computer users have become the target of an underground economy that infects hosts with malware or adware for financial gain. Unfortunately, even a single visit to an infected web site enables the attacker to detect vulnerabilities in the user’s applications and force the download a multitude of malware binaries. Frequently, this malware allows the adversary to gain full control of the compromised systems leading to the ex-filtration of sensitive information or installation of utilities that facilitate remote control of the host. We believe that such behavior is similar to our traditional understanding of botnets. However, the main difference is that web-based malware infections are pull-based and that the resulting command feedback loop is looser. To characterize the nature of this rising thread, we identify the four prevalent mechanisms used to inject malicious content on popular web sites: web server security, user contributed content, advertising and third-party widgets.  For each of these areas, we present examples of abuse found on the Internet. Our aim is to present the state of malware on the Web and emphasize the importance of this rising threat.
  
 +
Bio: Based out of Mt.View, Niels Provos is a Senior Staff Engineer at Google, Inc.  His interests include research in Web-Based Malware, Distributed Denial of Service, Steganography, Cryptography and Computer and Network Security.  Niels studied Physics and Mathematics at University of Hamburg, Germany, and attended the University of Michigan as a graduate student where he earned both is Masters in Computer Science and his Ph.D. in Computer Science.  He has published countless research papers and recently authored the book Virtual Honeypots: From Tracking Botnets to Intrusion Detection. 
  
'''Panelists:'''<br/>
+
Ph.D. Student Presentations
 +
Presented by: Adam Barth & Collin Jackson, Stanford University
  
Doran Rotman, KPMG (co-author, Generally Accepted Privacy Principles<br/>
+
Preview of OWASP Bay Area, Mandeep Khera
David Pollino, Washington Mutual Bank<br/>
+
Mandeep will provide an outline of the goals and objectives for local OWASP affiliates in 2008.  
Robert Fly, Salesforce.com<br/>
+
Larry Pingree, Safeway (co-founder, Digital Forensics Association)<br/>
+
Kurt Opsahl, EFF <br/>
+
  
 +
Please RSVP by responding to this email or visit http://owaspdec2007.eventbrite.com
  
Please RSVP at http://owaspday.eventbrite.com or send an email to brian.bertacini at owasp.org. Feel free to invite like minded IT Security Professionals and help grow OWASP.<br/>
+
Special thanks to Stanford University Alumni Association for hosting this event and to Cenzic and AppSec Consulting for sponsoring.

Revision as of 13:37, 3 December 2007

Contents

OWASP San Jose

Welcome to the San Jose chapter homepage. The chapter leader is Brian Bertacini
Click here to join the local chapter mailing list.

Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is and open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

Btn donate SM.gif to this chapter or become a local chapter supporter.

Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG

Thursday, December 13, 2007

OWASP Bay Area will host its next meeting at the Stanford University Alumni Association Center on Thursday, December 13. As usual attendance is free and food and beverages will be provided. This will be an awesome event and a great opportunity to network with industry peers. The event is open to the public; please forward this invite to your colleagues and friends who are interested in computer and application security.


Agenda and Presentations:
6:00pm - 6:30pm ... Check-in and Holiday Reception (food & beverages) 6:30pm - 7:15pm ... Ghosts in the Browser – Niels Provos, Google 7:15pm - 8:00pm ... Ph.D. Student Presentations – Adam Barth & Collin Jackson, Stanford University 8:00pm - 8:30pm ... Networking Session

Venue:
Stanford Alumni Association Center Stanford University 326 Galvez Street Stanford, CA 94305 Map and Directions:
[1]


Ghosts in the Browser Presented by: Niels Provos, Ph.D., Google, Inc.

Abstract: As more users are connected to the Internet and conduct their daily activities electronically, computer users have become the target of an underground economy that infects hosts with malware or adware for financial gain. Unfortunately, even a single visit to an infected web site enables the attacker to detect vulnerabilities in the user’s applications and force the download a multitude of malware binaries. Frequently, this malware allows the adversary to gain full control of the compromised systems leading to the ex-filtration of sensitive information or installation of utilities that facilitate remote control of the host. We believe that such behavior is similar to our traditional understanding of botnets. However, the main difference is that web-based malware infections are pull-based and that the resulting command feedback loop is looser. To characterize the nature of this rising thread, we identify the four prevalent mechanisms used to inject malicious content on popular web sites: web server security, user contributed content, advertising and third-party widgets. For each of these areas, we present examples of abuse found on the Internet. Our aim is to present the state of malware on the Web and emphasize the importance of this rising threat.

Bio: Based out of Mt.View, Niels Provos is a Senior Staff Engineer at Google, Inc. His interests include research in Web-Based Malware, Distributed Denial of Service, Steganography, Cryptography and Computer and Network Security. Niels studied Physics and Mathematics at University of Hamburg, Germany, and attended the University of Michigan as a graduate student where he earned both is Masters in Computer Science and his Ph.D. in Computer Science. He has published countless research papers and recently authored the book Virtual Honeypots: From Tracking Botnets to Intrusion Detection.

Ph.D. Student Presentations Presented by: Adam Barth & Collin Jackson, Stanford University

Preview of OWASP Bay Area, Mandeep Khera Mandeep will provide an outline of the goals and objectives for local OWASP affiliates in 2008.

Please RSVP by responding to this email or visit http://owaspdec2007.eventbrite.com

Special thanks to Stanford University Alumni Association for hosting this event and to Cenzic and AppSec Consulting for sponsoring.