Difference between revisions of "South Florida"

From OWASP
Jump to: navigation, search
(Local News)
(Local News)
Line 26: Line 26:
 
----
 
----
  
'''''Wed. July 27, 2011 - 6:00pm - South Florida OWASP Meeting - SQLMap 0.9 Overview and Analysis''''''
+
'''''Wed. July 27, 2011 - 6:00pm - South Florida OWASP Meeting - Double Feature - SQLMap 0.9 Overview and Analysis +  Automated Scanning and Differential Reporting'''''
  
 
Join us for our July meeting where we will be discussing the latest release of one of the most formidable web application attack tools currently available: SQLMap0.9
 
Join us for our July meeting where we will be discussing the latest release of one of the most formidable web application attack tools currently available: SQLMap0.9
Line 33: Line 33:
  
 
Presenter Bio: Alexander Heid - is a local security researcher and board member of Hackmiami and co-chair of South Florida OWASP. Heid is also employed within the financial industry as a web application vulnerability analyst.
 
Presenter Bio: Alexander Heid - is a local security researcher and board member of Hackmiami and co-chair of South Florida OWASP. Heid is also employed within the financial industry as a web application vulnerability analyst.
 +
 +
Automated Scanning and Differential Reporting
 +
 +
Companies are struggling with scaling source code scanning, there are not enough security experts to fulfill the current demand.  Developers are being overwhelmed with the quantity and quality of issues reported from misconfigured scanning tools.  This session will present an automated source code scanning deployment methodology that allows organizations to automatically reduce false positives during scanning and deliver reports that represent the high confidence security risk of the latest software changes. 
 +
 +
What will your audience walk away with?
 +
1) Establishment of security policies is key to reducing false positives
 +
2) Automated scanning is easy to configure and requires limited maintenance
 +
3) Differential reporting reduces developer overload by highlighting the risk of recent  change
 +
 +
Presenter Bio:
 +
 +
Bruce Mayhew is a Security Solutions Architect at IBM.  Bruce has over 20 years of software development experience with the last 13 years focused on application security.  At IBM, he is frequently a project lead for application security assessments.  Bruce has created an application security practice and training curriculum for large financial institutions and has been a Web Application Security Course instructor for the SANS Institute.  Bruce is on the SANS Council for Secure Java Programming and is an author of the SANS GSSP Secure Programming Assessment.  He is the primary author of WebGoat and was instrumental in bringing WebGoat to OWASP and currently leads the OWASP WebGoat project.  A frequent speaker on application security topics, Bruce has presented at OWASP, NASA, ISSA, NSA, Innovate and many commercial and financial institutions.
  
 
Facility Location:<br> NOVA SOUTHEASTERN UNIVERSITY<br> Carl DeSantis Building, Main Davie Campus<br>Room 1124<br> 3301 College Ave Fort Lauderdale, FL 33314-7796<br> Phone: 800-541-NOVA (6682)<br>6pm<br>  
 
Facility Location:<br> NOVA SOUTHEASTERN UNIVERSITY<br> Carl DeSantis Building, Main Davie Campus<br>Room 1124<br> 3301 College Ave Fort Lauderdale, FL 33314-7796<br> Phone: 800-541-NOVA (6682)<br>6pm<br>  

Revision as of 13:19, 27 July 2011

Contents

OWASP Miami - Ft. Lauderdale

Welcome to the Miami - Ft. Lauderdale chapter homepage. The chapter chair is Rishi Pande. The chapter co-chairs are Alexander Heid and Ivan Mozkowitz.

Prior Chapter Chair Positions
Castor Morales
Felix Mack
Delfim Martins

Click here to join the local chapter mailing list.

Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is and open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

Btn donate SM.gif to this chapter or become a local chapter supporter.

Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG

funds to OWASP earmarked for Miami Ft Lauderdale.


Local News

Note To CISSP & CISA Holders: OWASP Meetings can count towards CPE Credits.

Be sure to hook up with us on the social network of your choice to recieve updates on our events!

Facebook

Twitter

LinkedIn


Wed. July 27, 2011 - 6:00pm - South Florida OWASP Meeting - Double Feature - SQLMap 0.9 Overview and Analysis + Automated Scanning and Differential Reporting

Join us for our July meeting where we will be discussing the latest release of one of the most formidable web application attack tools currently available: SQLMap0.9

The meeting will discuss some basic methods of SQL injection vulnerability identification (both error based and blind), and will go over ways to use the SQLMap0.9 tool to test your web application. Futhermore, we will discuss some of the more advanced features of SQLMap that were unavailable in previous releases.

Presenter Bio: Alexander Heid - is a local security researcher and board member of Hackmiami and co-chair of South Florida OWASP. Heid is also employed within the financial industry as a web application vulnerability analyst.

Automated Scanning and Differential Reporting

Companies are struggling with scaling source code scanning, there are not enough security experts to fulfill the current demand. Developers are being overwhelmed with the quantity and quality of issues reported from misconfigured scanning tools. This session will present an automated source code scanning deployment methodology that allows organizations to automatically reduce false positives during scanning and deliver reports that represent the high confidence security risk of the latest software changes.

What will your audience walk away with? 1) Establishment of security policies is key to reducing false positives 2) Automated scanning is easy to configure and requires limited maintenance 3) Differential reporting reduces developer overload by highlighting the risk of recent change

Presenter Bio:

Bruce Mayhew is a Security Solutions Architect at IBM. Bruce has over 20 years of software development experience with the last 13 years focused on application security. At IBM, he is frequently a project lead for application security assessments. Bruce has created an application security practice and training curriculum for large financial institutions and has been a Web Application Security Course instructor for the SANS Institute. Bruce is on the SANS Council for Secure Java Programming and is an author of the SANS GSSP Secure Programming Assessment. He is the primary author of WebGoat and was instrumental in bringing WebGoat to OWASP and currently leads the OWASP WebGoat project. A frequent speaker on application security topics, Bruce has presented at OWASP, NASA, ISSA, NSA, Innovate and many commercial and financial institutions.

Facility Location:
NOVA SOUTHEASTERN UNIVERSITY
Carl DeSantis Building, Main Davie Campus
Room 1124
3301 College Ave Fort Lauderdale, FL 33314-7796
Phone: 800-541-NOVA (6682)
6pm

FREE CPE CREDITS! Did you know you earn 2 CPE credits for attending an OWASP Meeting? It's true! Join us to feed your certs.

Thurs. March 17, 2011 - 3:30pm - South Florida OWASP Meeting + ISSA Meeting

South Florida OWASP is teaming up with South Florida ISSA to bring you a very special St. Patricks Day meeting. There will be an after-party sponsored by Barracuda in Boca.

We will have two great talks: Edward Bonver from Symantec will speak on Threat Modeling followed by Grant Murphy from Barracuda presenting their latest research: The State of Web Application Security.

This meeting will be held from 3:30pm - 5:30pm at NCCI Holdings, Inc in Boca Raton and the party, sponsored by Barracuda, will be at the Dubliner.

NCCI Holdings 901 Peninsula Corporate Cir Boca Raton, FL 33487-1362

Dubliner 435 Plaza Real Boca Raton, FL

Talk: Threat Modeling Threat Modeling is one of the most important security activities that a development/QA team needs to perform as part of a Security Development Lifecycle. This activity allows the team to build a complete security profile of the system being built. Threat Modeling is not always easy to get going for a team that has little or no security experience. In this presentation we'll take a look at why Threat Modeling is so important; we'll explore the process behind it, and how the process is being implemented and followed across Symantec.

Bio: Edward Bonver - Software Engineer, Symantec Edward Bonver is a principal software engineer on the product security team under the Office of the CTO at Symantec Corporation. In this capacity, Edward is responsible for working with software developers and quality assurance (QA) professionals across Symantec to continuously enhance the company's software security practices through the adoption of methodologies, procedures and tools for secure coding and security testing. Within Symantec, Edward teaches secure coding and security testing classes for Symantec engineers, and also leads the company's QA Security Task Force, which he founded. Prior to joining Symantec, Edward held software engineering and QA roles at Digital Equipment Corporation, Nbase and Zuma Networks. Edward is a Certified Information Systems Security Professional (CISSP) and a Certified Secure Software Lifecycle Professional (CSSLP). He holds a master's degree in computer science from California State University, Northridge, and a bachelor's degree in computer science from Rochester Institute of Technology. Edward is a Ph.D. student at NOVA Southeastern University.

Talk: The State of Web Application Security It's no secret that more and more commerce is being conducted via Web applications. Web-based applications are convenient for consumers and allow vendors to get applications online quickly to reach those consumers. This trend has also created a variety of privacy and security concerns that affect all companies transacting business over the Web. Recently, Barracuda networks co-sponsored a research study conducted by the Ponemon Institute titled "The State of Web Application Security" that revealed that these concerns are keenly felt by web application administrators. However, a major disconnect exists as appropriate countermeasures to these threats are either ineffective or completely non-existent. Join us for an informative seminar to learn:

More about our revealing research,

Why Web applications are under attack,

What hackers are doing to compromise Web applications

How to mitigate this risk.

Bio: Grant Murphy, Vice President of Enterprise Solutions, Barracuda Networks Grant Murphy is Vice President of Enterprise Solutions managing worldwide sales for the Barracuda Web Application Firewall and the Web Filtering products at Barracuda Networks. Murphy brings significant experience in the Web proxy/cache market and how these technologies can be used to secure employee's Internet Access as well as the sites they are accessing. He has been a frequent speaker at many security industry events worldwide over the past four years. Prior to joining Barracuda, he was responsible for sales of McAfee's Web and Email filtering products. Murphy earned his CISSP accreditation in March of 2006.

Pre-Registration Seating is limited so you must pre-register for the event. You can pre-register for the event here.

FREE CPE CREDITS! Did you know you earn 2 CPE credits for attending an ISSA Meeting? If you are a CISSP and you provide your CISSP number at registration, we will submit your CPE credits automatically for you.

Wed. February 23, 2011 - 6pm - South Florida OWASP Meeting

Facility Location:
NOVA SOUTHEASTERN UNIVERSITY
Carl DeSantis Building, Main Davie Campus
Room 1124
3301 College Ave Fort Lauderdale, FL 33314-7796
Phone: 800-541-NOVA (6682)
6pm

Building a Web Application Attack Framework
Miguel Turner will be discussing the challenges involved in building a tool to support vulnerability analysts with the automated detection and exploitation of Web application vulnerabilities.
Bio:
Bio: Miguel Turner currently works for Immunity as a developer, and has worked internationally on a number of endeavors. His current focus and research is on automatic exploitation of Web applications.

Wed. December 1, 2010 - 6pm - South Florida OWASP Meeting

Facility Location:
NOVA SOUTHEASTERN UNIVERSITY
Carl DeSantis Building, Main Davie Campus
Room 3032/3034
3301 College Ave Fort Lauderdale, FL 33314-7796
Phone: 800-541-NOVA (6682)
6pm

Attacking web applications via XSS with BEeF and Metasploit
Join us as Rod Soto presents a method of gaining administrative access to a domain controller through the exploitation of a DOM XSS vulnerability in a web application. The talk serves to demonstrate the risks that are posed through client side exploitation.
Bio:
Rod Soto is a vulnerability analyst and local security researcher. He is also a consultant to businesses around the globe regarding enterprise security matters.

Wed. October 6, 2010 - 6pm - South Florida OWASP Meeting

Facility Location:
NOVA SOUTHEASTERN UNIVERSITY
Carl DeSantis Building, Main Davie Campus
Room 1124
3301 College Ave Fort Lauderdale, FL 33314-7796
Phone: 800-541-NOVA (6682)
6pm

Abstract: Improving application security with ESAPI Swingset
The primary aim of the OWASP Top 10 is to educate developers, designers, architects and organisations about the consequences of the most important web application security weaknesses. ESAPI is Enterprise security API's for remediation of OWASP Top 10 vulnerabilities. The ESAPI libraries are designed to make it easier for programmers to retrofit security into existing applications.
The ESAPI Swingset is a web application which demonstrates common security vulnerabilities and asks users to secure the application against these vulnerabilities using the ESAPI libraries. The application is intended for Java Developers. The goal of the application is to teach developers about the functionality of the ESAPI libraries and give users a practical understanding of how it can be used to protect web applications against common security vulnerabilities.
Bio:
Fabio is currently working as an Information Security Specialist at AIB Bank (Dublin, Ireland). His tasks include performing risk analysis, assessing the security of web applications developed internally or purchased from third parties, define policies and standards on secure coding, as well as providing training on web application security to developers, auditors, executives and security professionals.
Prior to joining AIB, he worked as a Security Engineer at Symantec Security Response European Headquarters analyzing malicious code, blended threats, security risks and vulnerabilities in various applications. Before moving to Ireland, he worked in the development of different training programs and activities with emphasis on secure software development in his native Argentina. <br As a member of the OWASP organization, Fabio is part of Global Education Committee whose mission is to provide training and educational services to businesses, governments and educational institutions on application security, he coordinates international conferences around this topic, and since early 2010 has been appointed chairman of OWASP Chapter in Ireland. Fabio is a graduate in Computer Engineering from the Universidad Católica Argentina and has been granted the CISSP by (ISC) 2 back in 2006.


Wed. August 25, 2010 - 6pm - South Florida OWASP Meeting

Facility Location:
NOVA SOUTHEASTERN UNIVERSITY
Carl DeSantis Building, Main Davie Campus
Room 1124
3301 College Ave Fort Lauderdale, FL 33314-7796
Phone: 800-541-NOVA (6682)
6pm

This meeting's presentation is entitled "PCI Fundamentals" The talk will discuss the PCI compliance process, requirements, and implementations for everything from networks to web applications. The talk will be presented by Ivan Moskowitz.

Presenter Bios:

Ivan Moskowitz is a local security researcher and compliance auditor at a Fortune 100 firm.


Wed. July 28, 2010 - 6pm - South Florida OWASP Meeting

Facility Location:
NOVA SOUTHEASTERN UNIVERSITY
Carl DeSantis Building, Main Davie Campus
Room 1124
3301 College Ave Fort Lauderdale, FL 33314-7796
Phone: 800-541-NOVA (6682)
6pm

This meeting's presentation is entitled "Citrix Vulnerabilities." The talk will discuss the architecture of a Citrix server, as well as the vulnerabilities that exist within various configuration settings. The talk will be presented by Adam Cazzolla and Dickson Kwong.

Presenter Bios:

Adam Cazzolla and Dickson Kwong are local security researchers and web application vulnerability analysts at a Fortune 20 firm.

Wed. June 23, 2010 - 6pm - South Florida OWASP Meeting


Facility Location:
NOVA SOUTHEASTERN UNIVERSITY
Carl DeSantis Building, Main Davie Campus
Room 1124
3301 College Ave Fort Lauderdale, FL 33314-7796
Phone: 800-541-NOVA (6682)
6pm

This meeting's presentation is "Defensive Web Application Development" and "Modern Digital Crime Tools and Techniques"


This next OWASP meeting will feature two talks that are scheduled to be presented at the upcoming 2600 Hackers On Planet Earth conference (http://www.hope.net) in New York City. We will be featuring a sneak-peek preview of these talks on June 23, 2010 at the Nova campus.

"Defensive Web Application Development" by Pete Greko and Fabian Rothschild

This talk will examine various methods of code obfuscation for web application development. The goal is to make the tracking of covertly logged data too difficult for the average attacker to bother with.


"Modern Digital Crime Tools and Techniques" by Alexander Heid

This talk will examine the latest developments of tools and trends within the world of digital crimes. The talk will go over updates, developments, and plugins of new Zeus trojan variants, and will also examine new versions of various exploit kits used to distruibute malicious payloads. An overview of the digital crime lifecycle will be discussed as well.


Presenter Bios:

Pete Greko - is a local security researcher and board member of HackMiami. Greko is employed within the financial industry as a web application vulnerability analyst.

Alexander Heid - is a local security researcher and board member of Hackmiami and co-chair of South Florida OWASP. Heid is also employed within the financial industry as a web application vulnerability analyst.

Fabian Rothschild - is a local security researcher and member of HackMiami. Rothschild is employed as an security consultant for various clients around South Florida.



Wed. May 26, 2010 - 6pm - South Florida OWASP Meeting


Facility Location:
NOVA SOUTHEASTERN UNIVERSITY
Carl DeSantis Building, Main Davie Campus
Room 3032/3034 located on the 3rd floor, Eastside of the Carl DeSantis Building
3301 College Ave Fort Lauderdale, FL 33314-7796
Phone: 800-541-NOVA (6682)
6pm

This meeting's presentation is "PCI Compliance Fundamentals" by Georgios Mortakis of Enterprise Risk Management, Inc.

The presentation will go over application development to ensure PCI compliance, specifically developing applications to defeat the use of magnetic stripe skimmers. There will be live demonstrations taking place with a magnetic stripe skimmer showing ways to defeat the interception of important data.

Presenter Bio:

Georgios Mortakis (CISSP, CISA, QSA) is a Director of Information Systems Security with Enterprise Risk Management, Inc. Enterprise Risk Management, Inc, found in Miami FL in 1998, offers a wide variety of information security and information systems audit services to local, national (Fortune 500) and international businesses.
Media:South_Florida_OWASP_May_2010_Card_Skimming_Demo.pdf

Wed. April 28th, 2010 - 6pm - South Florida OWASP Meeting

Facility Location:
NOVA SOUTHEASTERN UNIVERSITY
Carl DeSantis Building, Main Davie Campus
Room 3049/3051 located on the 3rd floor, Eastside of the Carl DeSantis Building
3301 College Ave Fort Lauderdale, FL 33314-7796
Phone: 800-541-NOVA (6682)
6pm

This meeting's presentation is "Cisco ACE Web Application Firewall Use Cases" by Rob Kinnion and Vikas Deolaliker.

The presentation will give a overview of the WAF market and the real world deployments and customer concerns which will help OWASP evolve the WAF as a product category. This event will also be available during a live WebEx feed. Details are below.


Presenter Bios:

Rob Kinnon has been a Systems Engineer for 10-years at Cisco. He has held the coveted CCIE many years before most people even heard of it. He is one of the most highly respected and formidable Cisco Security engineers within the region. Rob specializes in Cisco Security Architecture in NAC, Intrusion Prevention, Security Monitoring, and Log Correlation just to name a few. Rob has helped countless organizations protect and secure their networks.

Vikas Deolaliker is a Product Manager in DCASBU at Cisco for Cisco WAF. He has helped define and product manage a broad spectrum of products for the datacenter including: SOA Appliances, SAN Director Class Switches, Grid Computing Middleware, Java Enterprise Software.

WebEx Live Session Information:

Meeting Number: 201 076 756

Meeting Password: Cisco

To start this meeting

1. Go to https://cisco.webex.com/cisco/j.php?S=201076756

2. Log in to your account.

3. Click "Start Now".

4. Follow the instructions that appear on your screen.

ALERT:Toll-Free Dial Restrictions for (408) and (919) Area Codes

The affected toll free numbers are: (866) 432-9903 for the San Jose/Milpitas area and (866) 349-3520 for the RTP area.

Please dial the local access number for your area from the list below:

- San Jose/Milpitas (408) area: 525-6800 - RTP (919) area: 392-3330

To join the teleconference only

1. Dial into Cisco WebEx (view all Global Access Numbers at

http://cisco.com/en/US/about/doing_business/conferencing/index.html

2. Follow the prompts to enter the Meeting Number (listed above) or Access Code followed by the # sign.

San Jose, CA: +1.408.525.6800 RTP: +1.919.392.3330

US/Canada: +1.866.432.9903 United Kingdom: +44.20.8824.0117

India: +91.80.4350.1111 Germany: +49.619.6773.9002

Japan: +81.3.5763.9394 China: +86.10.8515.5666

http://www.webex.com

IMPORTANT NOTICE: This WebEx service includes a feature that allows audio and any documents and other materials exchanged or viewed during the session to be recorded. By joining this session, you automatically consent to such recordings. If you do not consent to the recording, do not join the session.



Wed. March 31st, 2010 - 6pm - South Florida OWASP Meeting

Facility Location:
NOVA SOUTHEASTERN UNIVERSITY
Carl DeSantis Building, Main Davie Campus
Knight Lecture Hall - Room 1124
3301 College Ave Fort Lauderdale, FL 33314-7796
Phone: 800-541-NOVA (6682)
6pm

This meeting's presentation is "Adon't be an Adobe victim: An overview of how recent Adobe-related flaws affect your web application" by Josh Stabiner.


The talk will examine the threats posed by PDF and Flash vulnerabilities to web applications and their users, and will examine ways to mitigate the potential threats to your organization.

Presenter Bio:

Josh Stabiner is a manager in Ernst & Young's Advanced Security Center specializing in attack and penetration advisory services. He manages and executes assessments of web applications, external, internal and wireless networks, as well as physical security and social engineering.
Media:South_Florida_OWASP_Adobe_ASC_Demo.pdf

Wed. Jan 27th, 2010 - 6pm- South Florida OWASP Meeting

Facility Location:
NOVA SOUTHEASTERN UNIVERSITY
Carl DeSantis Building, Main Davie Campus
Knight Lecture Hall, Room 1124
3301 College Ave Fort Lauderdale, FL 33314-7796
Phone: 800-541-NOVA (6682)

This meeting's presentation is "Zeus & You: Analysis of the underground's most popular trojan" by Alexander Heid and Fabian Rothschild.
Media:OWASP_miami_Zeus_and_You_01-2010.pdf

Wed. Oct. 7th, 2009 6PM - South Florida OWASP Meeting

Facility Location:
NOVA SOUTHEASTERN UNIVERSITY
Carl DeSantis Building, Main Davie Campus
2nd Floor - Room 2071
3301 College Ave Fort Lauderdale, FL 33314-7796
Phone: 800-541-NOVA (6682)

This meeting's presentation is by Gary Bahadur and will be based on the presentation he is giving at Hacker Halted on the topic of Supplier Risk Management with more of a web focus.


Thu. Aug 20th, 2009 3:30PM - South Florida OWASP Meeting

Facility Location:
NOVA SOUTHEASTERN UNIVERSITY
Carl DeSantis Building, Main Davie Campus
1st Floor - Room 1048/1049
3301 College Ave Fort Lauderdale, FL 33314-7796
Phone: 800-541-NOVA (6682)

This meeting's presentation is "Security in .NET Applications & Integrating Security in the Software Development Lifecycle" by Jon Arce. This is a joint meeting that has been arranged graciously by the local ISSA chapter (www.sfissa.org).
Media:OWASP_miami_Integrating_Security_in_App_Dev_v1_1-2009_08.pptx
Media:OWASP_miami_App_Security_Using_dotNET_Framework_v1_0-2009_08.pptx


Tue. June 30th, 2009 6:00PM - South Florida OWASP Meeting

Facility Location:
Mission Critical Systems, Inc.
1347 East Sample Road, Suite 3
Pompano Beach, Fl 33064
Phone: (954) 788-7110

This meeting's presentation is "Risk Rating Models for Vulnerabilities" by Rishikesh Pande.
Media:OWASP_miami_Risk_Modeling_v2-2009_06.pdf


Fri. April 3rd, 2009 6:00PM - South Florida OWASP Meeting

Facility Location:
Immunity, Inc.
1247 Alton Road
Miami Beach, FL 33139
Phone: (212) 534-0857

This meeting's presentation is "Memory Corruption and Buffer Overflows" by Dave Aitel. Dave presented on this topic during the OWASP NYC AppSec 2008 Conference. The presentation will also include some web application content based on Immunity's recent project experiences.
Media:OWASP_miami_Corruption-2009_04.pdf



Wed. February 4th, 2009 5:00PM - South Florida OWASP Meeting

Facility Location:
Mission Critical Systems, Inc.
1347 East Sample Road, Suite 3
Pompano Beach, Fl 33064
Phone: (954) 788-7110

This meeting's presentation is "An Architect's view of Application Security" by Rick Carlin.
Media:OWASP_miami_Architect’s_View_of_Application_Security-2009_02.ppt



Wed. December 3rd, 2008 5:00PM - South Florida OWASP Meeting

Facility Location:
Mission Critical Systems, Inc.
1347 East Sample Road, Suite 3
Pompano Beach, Fl 33064
Phone: (954) 788-7110

This meeting's presentation is a live web hacking demo by Dan Carcone.