Difference between revisions of "Tampa"

From OWASP
Jump to: navigation, search
m (Next Meeting)
(Next Meeting)
Line 17: Line 17:
 
== Next Meeting  ==
 
== Next Meeting  ==
  
Our 2010-Q4 meeting will be on Wednesday, December 8, from 6PM until 8PM. Zate Berg ([http://www.twitter.com/#/zate @zate]) will be giving an updated version of his Hack3rcon 2010 Talk, entitled "Nessus Bridge for Metasploit." A synopsis is below:
+
Our 2011-Q1 meeting will be on Wednesday, March 16, from 6PM until 8PM. I am trying a new format with three shorter length talks. First off are Richard Newman and Brett McKinney. They will be speaking on performing vulnerability testing in an IPv6 world. Our second talk features Jeff LoSapio, Managing Partner at Stratum Security. Jeff will be discussing the lessons learned from deploying static analysis in development groups. Finally, Chris Patten of Packet Research will be presenting on intelligence gathering for penetration testers.  
  
<blockquote>Nessus Bridge for Metasploit: Having hundreds of exploits at your fingertips is half the battle, but getting information out of Nessus and into Metasploit where you can verify or exploit some of those findings has been cumbersome in the past. A new Nessus plugin for Metasploit allows you to work directly with your Nessus scan engine over xmlrpc from within the comfort of your Metasploit console. No more tabbing between windows to discover, catalog and exploit hosts. Do it all from within Metasploit and save yourself time.</blockquote>
+
Abstracts for each of the talks are below:<br>
 
+
<blockquote>'''Richard Newman &amp; Brett McKinney - Vulnerability Management in an IPv6 World'''<br>With the last of the IPv4 addresses allocated to the regional registrars, IPv4 is quickly seeing an end to its reign. For a time we’ll see dual addressed networks as IPv6 is implemented and deployed. What does this mean to vulnerability and application scanning, penetration testing, and more? </blockquote> <blockquote>
Zate's bio is below:
+
'''Jeff LoSapio - Real Lessons of Deploying Static Analysis in Development Groups'''<br>Is it really worth investing in static analysis tools for your developers?<br>Can you effectively deploy the tools and attain valuable results?<br>What are the pitfalls?<br>How do you succeed?<br>
 
+
</blockquote><blockquote>
<blockquote>Zate dabbles in threat/vulnerability management, appsec and pen testing for a national staffing firm by day and by night learns Ruby and hacks on metasploit/nessus integration. Previously he worked at one of the "big 4" auditing firms doing application security and threat/vulnerability management and prior to that blew things up for the Australian Military.</blockquote>  
+
'''Chris Patten - Intelligence Gathering for Penetration Testers: Opening Doors with Metadata'''<br>This talk will provide insight into the often-overlooked requirement of performing effective intelligence gathering as a means to achieve a successful penetration test. In the age of technology, information is shared throughout organizations and distributed all over the world. Learn how penetration testers target hidden metadata and use it to open virtual doors. Finally, find out what can be done to protect against metadata harvesting attacks.<br>
 
+
</blockquote>  
Please RSVP to the [http://scr.im/mascasa Chapter Leader] by Monday, September 20, so that you can be added to the security list.
+
Please RSVP to the [http://scr.im/mascasa Chapter Leader] by Tuesday, March 15, so that you can be added to the security list.
  
 
== Meeting Location ==
 
== Meeting Location ==

Revision as of 16:14, 7 March 2011

Contents

Welcome to the OWASP Tampa Local Chapter

funds to OWASP earmarked for Tampa.

Anyone in our area interested in information security is welcome to attend. Our meetings are informal and encourage open discussion of all aspects of application security. We invite attendees to give short presentations about specific topics.

We have a mailing list at: https://lists.owasp.org/mailman/listinfo/owasp-tampa

If you have any questions about the Tampa chapter, please send an email to the chapter leader Justin Morehouse.

The Tampa chapter is sponsored by StratumSecurityTampaOWASP.png

Join the OWASP Tampa LinkedIn group here.

A reminder that CISSPs can earn 1 CPE credit for every hour of attendance at OWASP meetings.

Next Meeting

Our 2011-Q1 meeting will be on Wednesday, March 16, from 6PM until 8PM. I am trying a new format with three shorter length talks. First off are Richard Newman and Brett McKinney. They will be speaking on performing vulnerability testing in an IPv6 world. Our second talk features Jeff LoSapio, Managing Partner at Stratum Security. Jeff will be discussing the lessons learned from deploying static analysis in development groups. Finally, Chris Patten of Packet Research will be presenting on intelligence gathering for penetration testers.

Abstracts for each of the talks are below:

Richard Newman & Brett McKinney - Vulnerability Management in an IPv6 World
With the last of the IPv4 addresses allocated to the regional registrars, IPv4 is quickly seeing an end to its reign. For a time we’ll see dual addressed networks as IPv6 is implemented and deployed. What does this mean to vulnerability and application scanning, penetration testing, and more?

Jeff LoSapio - Real Lessons of Deploying Static Analysis in Development Groups
Is it really worth investing in static analysis tools for your developers?
Can you effectively deploy the tools and attain valuable results?
What are the pitfalls?
How do you succeed?

Chris Patten - Intelligence Gathering for Penetration Testers: Opening Doors with Metadata
This talk will provide insight into the often-overlooked requirement of performing effective intelligence gathering as a means to achieve a successful penetration test. In the age of technology, information is shared throughout organizations and distributed all over the world. Learn how penetration testers target hidden metadata and use it to open virtual doors. Finally, find out what can be done to protect against metadata harvesting attacks.

Please RSVP to the Chapter Leader by Tuesday, March 15, so that you can be added to the security list.

Meeting Location

We meet quarterly at the Kforce building in Ybor. The address is:

1001 East Palm Ave. Tampa, FL 33605

Park in the Visitor spaces in the main parking lot that is off of East Palm Avenue. You will need to identify yourself at the security desk and ask how to get to Training Room B.

Presentation Archives

2010-Q2 - Stealing Guests...The VMware Way - Justin Morehouse & Tony Flick - Presentation slides here

2010-Q1 - The New World of Smartphone Security - Trevor Hawthorn - Presentation slides here

2009-Q3 - Hacking the Smart Grid - Tony Flick - Presentation slides here

2009-Q2 - Open SAMM - Zate Berg - Presentation slides here

2009-Q1 - XSS Anonymous Browser - Matt Flick - Presentation slides here

2008-Q4 - Google Code Search : The pitfalls of Copy/Paste - Tony Flick - Presentation slides here