OWASP San Jose
OWASP Foundation (Overview Slides) is a professional association of global members and is and open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.
Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member?
Next Meeting - Thursday, June 29, 2006
Open to the public, attendance is free
Agenda and Presentations:
6:00pm – 6:30pm Check-in and reception (food & bev)
6:30pm – 6:40pm Chapter announcements
6:40pm – 7:30pm FoRMa for Secure Software Development, Kris Kahn, Seagate Technology
8:30pm – 9:00pm Open discussion & Networking
San Jose Hyatt (Airport)
1740 North First Street
San Jose, CA 95112
Framework of Risk Management & Analysis (FoRMA) for Secure Software Development
Presented by: Kris Kahn, Sr. Governance Analyst, Seagate Technology
Abstract: We frequently apply Risk Management concepts in our daily lives, whether it’s driving in the rain on the freeway, or crossing a busy intersection. It comes down to making a choice, taking a calculated risk to reach our objective. We decide quickly, making assumptions about the threats and about our environment. The lessons we learn from our failures help us make wiser decisions next time, if we survive.
Using a new Framework of Risk Management & Analysis (FoRMA) for Secure Software Development, we will be able to make better decisions by understanding our threats. FoRMA will help us ensure that we have the appropriate level of protection to maximize our business objectives, increasing quality and minimizing cost.
Bio: Kris Kahn, CISSP-ISSAP,ISSMP, CISA, OPSA, currently a Sr. Governance Analyst at Seagate Technology. Passionate about security for more than 15 years, also worked for companies in the San Francisco Bay Area that include Autodesk, and Best Internet Communications. A CISSP since 2001, his key contributions include firewall architectures, risk management models, security assessment methodologies, and security awareness training. Kris has expertise in offensive, defensive and governance facets of security.
Presented by: Jeremiah Grossman, Founder and CTO, WhiteHat Security
Most assume while surfing the Web we are protected by firewalls that are isolated through private networks. We believe nothing is capable of directly connecting in from the outside world. Right? Well, not quite. Web browsers can be completely controlled by any web page, enabling them to become launching points to attack internal network resources.
The web browser of every user on an enterprise network becomes a stepping stone for intruders. During this presentation we'll demonstrate a wide variety of cutting-edge web application attack techniques and describe best practices for securing websites and users against these threats.
Bio: Jeremiah Grossman is the founder and Chief Technology Officer of WhiteHat Security and responsible for web application security R&D and industry evangelism. Mr. Grossman is a frequent speaker at the Black Hat Briefings, ISSA, ISACA, NASA, and other industry events. Jeremiah been published in USA Today, VAR Business, NBC, ABC News (AU), ZDNet, eWeek, Computerworld and BetaNews. Prior to WhiteHat, Mr. Grossman served as an information security officer at Yahoo!.
Please RSVP to via email Brian Bertacini or call 408-979-0571