Difference between revisions of "Suncoast"

From OWASP
Jump to: navigation, search
(Local News)
(Next Meeting)
(30 intermediate revisions by 2 users not shown)
Line 1: Line 1:
 
{{Chapter Template|chaptername=Suncoast |extra= | mailinglistsite=https://lists.owasp.org/mailman/listinfo/owasp-suncoast|emailarchives=http://lists.owasp.org/pipermail/owasp-suncoast}}
 
{{Chapter Template|chaptername=Suncoast |extra= | mailinglistsite=https://lists.owasp.org/mailman/listinfo/owasp-suncoast|emailarchives=http://lists.owasp.org/pipermail/owasp-suncoast}}
 +
 
<paypal>Suncoast Chapter</paypal>
 
<paypal>Suncoast Chapter</paypal>
  
Line 5: Line 6:
  
  
== Local News ==
+
== Next Meeting ==
'''OWASP Suncoast Chapter Meeting on Wednesday September 9, 2009 @ 6pm'''
+
'''Topic:''' Social Engineering Trends and Tactics  (In conjunction with Suncoast Security Society)
 +
 
 +
'''Date/Time:''' February 15, 2012 @ 6:00pm
 +
 
 +
'''Location:''' The Community Foundation of Sarasota County (2635 Fruitville Road Sarasota, FL 34237)
 +
 
 +
'''Presenter:''' Brian Jack (Director of Security Research at KnowBe4, President iAssault Technologies)
 +
 
 +
'''Presentation Details:''' Trends in cyber warfare show that attacks involving social engineering are on the rise. Large organizations and governments are not the only ones being targetted; the bad guys are equal opportunists and are going after small and medium sized enterprises. Recent research involving social engineering attacks shows most organizations are vulnerable to very simple scams. How are these bad
 +
guys getting in, and why are they so successful? What is the industry currently doing to prevent these attacks? What are some simple things you can do to better protect your organization?  This presentation aims to answer those questions and give a more detailed look at social engineering tactics that are currently affecting today's enterprises.
 +
 
 +
Pizza and drinks will be provided, come out, tell your friends, and support the group.
 +
 
 +
== Past Meetings ==
 +
'''Topic:''' Injection Attacks: #1 and still going strong (In conjunction with Suncoast Security Society)
 +
 
 +
'''Date/Time:''' June 14, 2011 @ 6:00pm
 +
 
 +
'''Location:''' The Community Foundation of Sarasota County (2635 Fruitville Road Sarasota, FL 34237)
 +
 
 +
'''Presenter:''' Steve Carter
 +
 
 +
'''Presentation Details:''' Injection attacks are #1 on the OWASP Top Ten list of application vulnerabilities.  This session will start with an in-depth explanation of what injections attacks are why they have managed to capture #1 spot in the Top Ten.  Using various OWASP and open source tools we will then demonstrate how one discovers, executes and defends against injection attacks.
 +
 
 +
 
 +
 
 +
'''Topic:''' How To Hack Companies and Make Millions - In conjunction with Suncoast Security Society
 +
 
 +
'''Date/Time:''' February 16, 2011 @ 6:00pm
 +
 
 +
'''Location:''' The Community Foundation of Sarasota County (2635 Fruitville Road Sarasota, FL 34237)
 +
 
 +
'''Presenter:''' Chris Hadnagey
 +
 
 +
'''Presentation Details:''' Offensive Security wants to take you on a non-stop thrill ride through an actual hack.  From Information Gathering, Social Engineering and Client Side Exploitation we will show you the complete and total domination of the target.  This session will showcase the skills that are taught in Offensive Security’s world-renowned courses as well as our Penetration Testing services.  Our goal is raise awareness of the real world threats that exist in corporate business today.
 +
 
 +
 
 +
'''Topic:''' Security Assertion Markup Language (SAML) - in conjunction with the Sarasota Java Users Group (Sunjug)
 +
 
 +
'''Date/Time:''' February 24, 2010
 +
 
 +
'''Location:''' The Community Foundation of Sarasota County (2635 Fruitville Road Sarasota, FL 34237)
 +
 
 +
'''Presenter:''' Steve Goldsmith
 +
 
 +
'''Presentation Details:''' SAML is an XML-based standard for exchanging authentication and authorization data between security domains, that is, between an identity provider (a producer of assertions) and a service provider (a consumer of assertions). SAML is a product of the OASIS Security Services Technical Committee.
 +
 
 +
Since there are many facets to SAML Steve will give a brief overview of SAML and then jump right into a real world scenario using a service provider. The service provider will accept an encrypted and signed assertion from an external entity which will be decrypted and have its attributes revealed. This can be used to integrate an external entities' SSO system into legacy web applications without the need to implement expensive and complex federated security solutions like SIteMinder, etc.
 +
 
 +
Steve has built the code using OpenSAML for encryption and signing assertions as well to allow end to end testing using Apache Http Client. He will cover topics all the way down to creating RSA key pairs in a Java key store using keytool, so in essence this is a complete solution. The talk will not be covering SSO solutions like JOSSO as this is perhaps better covered at a later date.
 +
 
 +
See more details and RSVP [http://www.codetown.us/events/sarasota-java-users-group-2 here]
 +
 
 +
 
 +
'''Date/Time:''' October 29, 2009 - 6:00pm
 +
 
 +
'''Location:''' Gevity HR in Lakewood Ranch (9000 Town Center Pkwy, Lakewood Ranch, FL 34202)
 +
 
 +
'''Presenter:''' James Tarala  (See bio at http://www.sans.org/security-training/instructors.php#Tarala)
 +
 
 +
'''Presentation Details:''' "Software Assessment Tools & Methodologies"
 +
 
 +
''Recent reports, such as the SANS Top Security Risks Report (http://www.sans.org/top-cyber-security-risks/) have indicated that operating system security is no longer one of the biggest challenges to organizations' information security today. Instead one of the primary vectors used by those who threaten information resources are individual applications that reside on an organization's systems. Software applications have become the greater vulnerability to an organization today. In this presentation James Tarala of Enclave Security and a frequent instructor at the SANS Institute will present tools and methodologies for assessing these applications in an effort to better secure an organization's systems''
 +
 
 +
'''The slides can be downloaded [http://www.owasp.org/images/5/53/OWASP_-_Web_Defense_Tools.pdf here]'''
 +
 
 +
 
 +
'''Date/Time:''' CANCELLED!
  
Location: Gevity HR in Lakewood Ranch (9000 Town Center Pkwy, Lakewood Ranch, FL 34202)
+
'''Location:''' Gevity HR in Lakewood Ranch (9000 Town Center Pkwy, Lakewood Ranch, FL 34202)
  
Presenter: Wes Brown
+
'''Presenter:''' Wes Brown
  
Presentation Details: "So You Want To Analyze Malware?"
+
'''Presentation Details:''' "So You Want To Analyze Malware?"
  
''Malware is a broad category of malicious software that covers trojans, viruses, worms, rootkits, and other software that steals information or subverts computers into unintended purposes. There are many reasons why one would want to analyze malware, and they can range from professional interest in defending networks from them, to personal fascination in the techniques involved in crafting them.
+
''Malware is a broad category of malicious software that covers trojans, viruses, worms, rootkits, and other software that steals information or subverts computers into unintended purposes. There are many reasons why one would want to analyze malware, and they can range from professional interest in defending networks from them, to personal fascination in the techniques involved in crafting them.''
  
Whatever one’s reason for analyzing malware, Wes will share many of the techniques that he’s utilized in the course of his career working on client incident response engagements as well as a full time analyst on a heuristic detection product.
+
''Whatever one’s reason for analyzing malware, Wes will share many of the techniques that he’s utilized in the course of his career working on client incident response engagements as well as a full time analyst on a heuristic detection product.''
  
Many might think that the techniques are dominated by methods such as reverse engineering and binary analysis, and indeed it is a major part of any analyst’s toolkit. However, statistical analysis, and static forensics can often play just as key a role, combined with scripting, systems management, and data warehousing.
+
''Many might think that the techniques are dominated by methods such as reverse engineering and binary analysis, and indeed it is a major part of any analyst’s toolkit. However, statistical analysis, and static forensics can often play just as key a role, combined with scripting, systems management, and data warehousing.''
  
Wes will describe and show examples of such techniques, as well as supporting tools. The emphasis will be on doing this with low cost or free tools, so that an audience member can get up and running quickly with malware analysis even on a shoestring budget.''
+
''Wes will describe and show examples of such techniques, as well as supporting tools. The emphasis will be on doing this with low cost or free tools, so that an audience member can get up and running quickly with malware analysis even on a shoestring budget.''
  
  

Revision as of 09:43, 1 February 2012

Contents

OWASP Suncoast

Welcome to the Suncoast chapter homepage.
Click here to join the local chapter mailing list.

Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is and open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

Btn donate SM.gif to this chapter or become a local chapter supporter.

Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG

funds to OWASP earmarked for Suncoast Chapter.



Next Meeting

Topic: Social Engineering Trends and Tactics (In conjunction with Suncoast Security Society)

Date/Time: February 15, 2012 @ 6:00pm

Location: The Community Foundation of Sarasota County (2635 Fruitville Road Sarasota, FL 34237)

Presenter: Brian Jack (Director of Security Research at KnowBe4, President iAssault Technologies)

Presentation Details: Trends in cyber warfare show that attacks involving social engineering are on the rise. Large organizations and governments are not the only ones being targetted; the bad guys are equal opportunists and are going after small and medium sized enterprises. Recent research involving social engineering attacks shows most organizations are vulnerable to very simple scams. How are these bad guys getting in, and why are they so successful? What is the industry currently doing to prevent these attacks? What are some simple things you can do to better protect your organization? This presentation aims to answer those questions and give a more detailed look at social engineering tactics that are currently affecting today's enterprises.

Pizza and drinks will be provided, come out, tell your friends, and support the group.

Past Meetings

Topic: Injection Attacks: #1 and still going strong (In conjunction with Suncoast Security Society)

Date/Time: June 14, 2011 @ 6:00pm

Location: The Community Foundation of Sarasota County (2635 Fruitville Road Sarasota, FL 34237)

Presenter: Steve Carter

Presentation Details: Injection attacks are #1 on the OWASP Top Ten list of application vulnerabilities. This session will start with an in-depth explanation of what injections attacks are why they have managed to capture #1 spot in the Top Ten. Using various OWASP and open source tools we will then demonstrate how one discovers, executes and defends against injection attacks.


Topic: How To Hack Companies and Make Millions - In conjunction with Suncoast Security Society

Date/Time: February 16, 2011 @ 6:00pm

Location: The Community Foundation of Sarasota County (2635 Fruitville Road Sarasota, FL 34237)

Presenter: Chris Hadnagey

Presentation Details: Offensive Security wants to take you on a non-stop thrill ride through an actual hack. From Information Gathering, Social Engineering and Client Side Exploitation we will show you the complete and total domination of the target. This session will showcase the skills that are taught in Offensive Security’s world-renowned courses as well as our Penetration Testing services. Our goal is raise awareness of the real world threats that exist in corporate business today.


Topic: Security Assertion Markup Language (SAML) - in conjunction with the Sarasota Java Users Group (Sunjug)

Date/Time: February 24, 2010

Location: The Community Foundation of Sarasota County (2635 Fruitville Road Sarasota, FL 34237)

Presenter: Steve Goldsmith

Presentation Details: SAML is an XML-based standard for exchanging authentication and authorization data between security domains, that is, between an identity provider (a producer of assertions) and a service provider (a consumer of assertions). SAML is a product of the OASIS Security Services Technical Committee.

Since there are many facets to SAML Steve will give a brief overview of SAML and then jump right into a real world scenario using a service provider. The service provider will accept an encrypted and signed assertion from an external entity which will be decrypted and have its attributes revealed. This can be used to integrate an external entities' SSO system into legacy web applications without the need to implement expensive and complex federated security solutions like SIteMinder, etc.

Steve has built the code using OpenSAML for encryption and signing assertions as well to allow end to end testing using Apache Http Client. He will cover topics all the way down to creating RSA key pairs in a Java key store using keytool, so in essence this is a complete solution. The talk will not be covering SSO solutions like JOSSO as this is perhaps better covered at a later date.

See more details and RSVP here


Date/Time: October 29, 2009 - 6:00pm

Location: Gevity HR in Lakewood Ranch (9000 Town Center Pkwy, Lakewood Ranch, FL 34202)

Presenter: James Tarala (See bio at http://www.sans.org/security-training/instructors.php#Tarala)

Presentation Details: "Software Assessment Tools & Methodologies"

Recent reports, such as the SANS Top Security Risks Report (http://www.sans.org/top-cyber-security-risks/) have indicated that operating system security is no longer one of the biggest challenges to organizations' information security today. Instead one of the primary vectors used by those who threaten information resources are individual applications that reside on an organization's systems. Software applications have become the greater vulnerability to an organization today. In this presentation James Tarala of Enclave Security and a frequent instructor at the SANS Institute will present tools and methodologies for assessing these applications in an effort to better secure an organization's systems

The slides can be downloaded here


Date/Time: CANCELLED!

Location: Gevity HR in Lakewood Ranch (9000 Town Center Pkwy, Lakewood Ranch, FL 34202)

Presenter: Wes Brown

Presentation Details: "So You Want To Analyze Malware?"

Malware is a broad category of malicious software that covers trojans, viruses, worms, rootkits, and other software that steals information or subverts computers into unintended purposes. There are many reasons why one would want to analyze malware, and they can range from professional interest in defending networks from them, to personal fascination in the techniques involved in crafting them.

Whatever one’s reason for analyzing malware, Wes will share many of the techniques that he’s utilized in the course of his career working on client incident response engagements as well as a full time analyst on a heuristic detection product.

Many might think that the techniques are dominated by methods such as reverse engineering and binary analysis, and indeed it is a major part of any analyst’s toolkit. However, statistical analysis, and static forensics can often play just as key a role, combined with scripting, systems management, and data warehousing.

Wes will describe and show examples of such techniques, as well as supporting tools. The emphasis will be on doing this with low cost or free tools, so that an audience member can get up and running quickly with malware analysis even on a shoestring budget.


OWASP Suncoast Chapter Meeting on Tuesday June 23, 2009 @ 6pm

Location: The Community Foundation of Sarasota County (2635 Fruitville Road Sarasota, FL 34237)

Topic: Cross-site Request Forgery, The Sleeping Giant of Web Application Vulnerabilities

Presenter: Steve Carter

Click here to view the invitation.

The slides can be downloaded here: Media:CSRF_062209.pdf


Introduction to the OWASP Suncoast Chapter at the 82 Degrees Tech Networking Event

When: Wednesday, April 29th 5 to 7 p.m.

Where: Hyatt Place Sarasota, 950 University Drive, Sarasota (across from the airport)

Cost: $10 for 82 Degree Tech Members, $15 for Future members (beer, wine and appetizers will be provided)


(CANCELLED) OWASP Suncoast Chapter Meeting on Monday March 9th, 2009 @ 6pm

Location: Gevity HR in Lakewood Ranch (9000 Town Center Pkwy, Lakewood Ranch, FL 34202)

Topic: Web 2.0 Vulnerabilities - Scan, Attack and Detect

Presenter: Shreeraj Shah

Full a full description and bio of Mr. Shah see Media:Web2.0_Vulnerabilities_Shreeraj.pdf


Successful Meeting Held at Gevity

Thanks to Shane Hartman from Suncoast Security for a great briefing on Flash malware. Also, thanks gain to John Hale and Gevity for providing a conference room.

The presentation materials are available for download:

Media:Malware_analysis_of_flash_content.pdf‎


OWASP Suncoast Chapter Meeting on Tuesday December 2th, 2008 @ 6pm

Location: Gevity HR in Lakewood Ranch (9000 Town Center Pkwy, Lakewood Ranch, FL 34202)

Topic: Analyzing Flash Malware


Successful Meeting Held at Gevity

There was a good turn out for last night's Suncoast OWASP Meeting, held at Gevity on Sept 9th. Thanks to all who attended and special thanks to John Hale and Gevity for sponsoring the event and providing the terrific briefing room.

The presentation materials are available for download:

Media:OWASP_Top_10_090708.ppt

Media:OWASP_Tools_Demo_090908.ppt


OWASP Suncoast Chapter Meeting September 9th, 2008 @ 6pm , Location: Gevity HR in Lakewood Ranch (Frederick Taylor conference room)

Agenda: Discussion of OWASP Top Ten Vulnerabilities, OWASP tools demonstration


The presentations from the May 6 Suncoast OWASP meeting are now available for download

The following presentation is an introduction OWASP (and the Suncoast chapter) with in depth information regarding its missions, goals and objectives: Media:Introduction_to_OWASP_Suncoast_050608.ppt‎

The following presentation is a brief web application security introduction intended for those completely new to the subject: Media:Webappsec intro.ppt


First Suncoat OWASP Meeting Tuesday May 6, 2008 @ 6pm - 8pm, location: LTC Engineering Associates

Agenda: Introduction to OWASP, Introduction to Web Application Security, OWASP tools demonstration (time permitting)

We are looking for support including speakers and sponsors. We are also still trying to identify a larger conference room in the area to host future events. Please contact Mike Nixon or Stephen Carter if you are able to help in any way. Speakers from commercial companies are welcome although it is against Chapter rules to promote commercial products.