Difference between revisions of "Sydney"

From OWASP
Jump to: navigation, search
m
(23 intermediate revisions by 5 users not shown)
Line 1: Line 1:
{{Chapter Template|chaptername=Sydney|extra=The chapter leader is [mailto:Chris.Gatford@purehacking.com Chris Gatford]
+
{{Chapter Template|chaptername=Sydney|extra=The chapter leaders are [mailto:norman.yue@owasp.org Norman Yu] and [mailto:Paul.Theriault@owasp.org Paul Theriault] .
<paypal>Sydney</paypal>
+
<br> We are always looking for speakers - email one of the chapter leaders with your idea!
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-sydney|emailarchives=http://lists.owasp.org/pipermail/owasp-sydney}}
+
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-sydney|emailarchives=http://lists.owasp.org/pipermail/owasp-sydney}}  
  
Hi and welcome to the OWASP Sydney Chapter Page!
+
== Next Meeting  ==
  
Currently we are looking for a venue and speakers to present at our informal sessions to the small group of 20 - 40 people.
+
TBA
  
==Meeting==
+
== Previous Meetings  ==
NEXT MEETING;  Friday July 4th 2008, 6:00 pm - 8:00 pm
+
  
Please join us for a FREE networking and learning session:
+
=== Date: Wednesday, 28th July 2010  ===
  
==Location==
+
'''Presentations: '''
When: Friday, July 4th 2008, 6:00 pm - 8:00 pm
+
Location:  KPMG
+
Auditorium (Located on the Ground floor at the rear)
+
10 Shelley Street (main entrance located on Sussex Street)
+
Sydney  NSW  2000
+
  
==Agenda==
+
*Robert Lee, PriceWaterHouse Coopers, Vulnerabilities &amp; Google’s Jarlsberg Application
6:00 - 6:20 Peer-to-Peer Networking with Tea & Coffee
+
*Alex Kouzemchenko, Azimuth Security, WAFs: How I love Thee.<br>
  
6:20 - 6:30 Sydney Chapter News
+
=== Date: Tuesday, 20rd April 2010  ===
  
6:30 - 7:30 Presentation
+
'''Presentations: '''
  
OWASP Sydney is very kindly being supported by KPMG in providing the venue and refreshments.
+
'''Lightning Talks!'''
  
RSVP: [Chris@penetrationtester.com]
+
*Louis Nyffenegger - ‘SQL injection in “order by” clauses’
 +
*Raphael Speyer – ECMAscript 5
 +
*Christian Heinrich - OWASP Top Ten 2010
 +
*Daniel Grzelak – Recon Tool Demonstration
  
==Presentation==
+
=== Date: Tuesday, 23rd March 2010'''<br>''' ===
'''How the US Air Force is tackling Application Security''
+
'''Presentations: '''  
 
+
*'''PDF Hacking - Paul Theriault''' (Link TBA)
This presentation describes an application security strategy for large enterprise systems—what to look out for, and what you must do to ensure the successful rollout of the tools and services necessary to counter the dark side of cyberspace.
+
*:The plan is to run an informal workshop style presentation with the following objectives:
 
+
*#Provide an introduction to PDF format, scripting capabilities and other “features” you wouldn’t expect to see in a document format
Over the past decade, the Department of Defense in general, and the US Air Force in particular, has transformed itself to better deal with 21st century warfare. The Air Force in fact has modified its stated mission to include cyberspace as one of the domains in which it will “fly and fight.” This type of shift in strategic thinking is critical for any organization to properly acknowledge and manage real-world  threats against one of its most valuable assets: data.
+
*#Learn some basic tools &amp; techniques for analyzing malicious PDF files, for great justice
 
+
*#Learn some basic tools &amp; techniques for creating malicious PDF files, for great science
Background:
+
*#Look at the security implications of PDFs and what can be done in an enterprise environment to reduce these risks (uninstall Reader?)  
The Air Force recently funded its first Application Software Assurance Center of Excellence (ASACoE). Committed to becoming a thought and 
+
*'''Incident Case Study - Charles Carmakal (Link TBA)'''
practice leader within DoD, the ASACoE proposes to manage software assurance awareness, education, policy, and governance Air Force wide. 
+
*:Review of the security breach landscape in the US and go through an interesting case study. It involved organised criminals from eastern Europe, over $100M of losses, and incredible sophistication. The initial point of entry for this breach was the web - SQL injection, linked databases, privilege escalation, development/deployment of custom malware.
The expected outcome is a reduced threat-risk profile for each Air Force enterprise application subject to ASACoE oversight.
+
 
+
Speaker BIO:
+
Major Bruce C. Jenkins, USAF (Ret.) is a Security Practice Director at Fortify Software, Inc., where his responsibilities include refining 
+
customer security requirements, managing Fortify product deployments and delivering security services.
+
 
+
Prior to joining Fortify, he spent 26 of his 28 years in the service leading people, managing projects, and dealing with technological and 
+
organizational change. His military experiences range from managing a  small team of aircraft avionics technicians to commanding a 
+
communications unit supporting over 3,000 U.S. and international forces in Southwest Asia. Most recently, as Chief of Systems Security, 
+
554th Electronic Systems Wing, he helped establish a nearly $13M budget for creating the Air Force’s first ever Center of Excellence 
+
for applications security.Bruce holds a BS in computer science from the University of Maryland  and MS in operations research from the Air Force Institute of 
+
Technology. He is a Certified Ethical Hacker with countless hours of Internet surf time, where he has learned that paranoia is a perfectly 
+
legitimate state of mind.
+
  
 
[[Category:Australia]]
 
[[Category:Australia]]

Revision as of 10:51, 9 May 2013

Contents

OWASP Sydney

Welcome to the Sydney chapter homepage. The chapter leaders are Norman Yu and Paul Theriault .
We are always looking for speakers - email one of the chapter leaders with your idea!
Click here to join the local chapter mailing list.

Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is and open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

Btn donate SM.gif to this chapter or become a local chapter supporter.

Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG

Next Meeting

TBA

Previous Meetings

Date: Wednesday, 28th July 2010

Presentations:

  • Robert Lee, PriceWaterHouse Coopers, Vulnerabilities & Google’s Jarlsberg Application
  • Alex Kouzemchenko, Azimuth Security, WAFs: How I love Thee.

Date: Tuesday, 20rd April 2010

Presentations:

Lightning Talks!

  • Louis Nyffenegger - ‘SQL injection in “order by” clauses’
  • Raphael Speyer – ECMAscript 5
  • Christian Heinrich - OWASP Top Ten 2010
  • Daniel Grzelak – Recon Tool Demonstration

Date: Tuesday, 23rd March 2010

Presentations:

  • PDF Hacking - Paul Theriault (Link TBA)
    The plan is to run an informal workshop style presentation with the following objectives:
    1. Provide an introduction to PDF format, scripting capabilities and other “features” you wouldn’t expect to see in a document format
    2. Learn some basic tools & techniques for analyzing malicious PDF files, for great justice
    3. Learn some basic tools & techniques for creating malicious PDF files, for great science
    4. Look at the security implications of PDFs and what can be done in an enterprise environment to reduce these risks (uninstall Reader?)
  • Incident Case Study - Charles Carmakal (Link TBA)
    Review of the security breach landscape in the US and go through an interesting case study. It involved organised criminals from eastern Europe, over $100M of losses, and incredible sophistication. The initial point of entry for this breach was the web - SQL injection, linked databases, privilege escalation, development/deployment of custom malware.