Difference between revisions of "Tampa"

From OWASP
Jump to: navigation, search
m
(Next Meeting)
(21 intermediate revisions by one user not shown)
Line 1: Line 1:
== Welcome to the OWASP Tampa Local Chapter ==
+
== Welcome to the OWASP Tampa Local Chapter ==
  
<paypal>Tampa</paypal>
+
<paypal>Tampa</paypal>  
  
Anyone in our area interested in information security is welcome to attend. Our meetings are informal and encourage open discussion of all aspects of application security. We invite attendees to give short presentations about specific topics.
+
Anyone in our area interested in information security is welcome to attend. Our meetings are informal and encourage open discussion of all aspects of application security. We invite attendees to give short presentations about specific topics.  
  
We have a mailing list at: https://lists.owasp.org/mailman/listinfo/owasp-tampa
+
We have a mailing list at: https://lists.owasp.org/mailman/listinfo/owasp-tampa  
  
If you have any questions about the Tampa chapter, please send an email to the chapter leader [http://scr.im/mascasa Justin Morehouse].
+
If you have any questions about the Tampa chapter, please send an email to the chapter leader [http://scr.im/mascasa Justin Morehouse].  
  
The Tampa chapter is sponsored by [http://www.stratumsecurity.com http://www.owasp.org/images/5/59/StratumSecurityTampaOWASP.png]
+
The Tampa chapter is sponsored by [http://www.guidepointsecurity.com GuidePoint Security].
  
Join the OWASP Tampa LinkedIn group [http://www.linkedin.com/groups?about=&gid=2897535&trk=anet_ug_grppro here].
+
Join the OWASP Tampa LinkedIn group [http://www.linkedin.com/groups?about=&gid=2897535&trk=anet_ug_grppro here].  
  
 
A reminder that CISSPs can earn 1 CPE credit for every hour of attendance at OWASP meetings.
 
A reminder that CISSPs can earn 1 CPE credit for every hour of attendance at OWASP meetings.
Line 17: Line 17:
 
== Next Meeting  ==
 
== Next Meeting  ==
  
Our next meeting will be held on Monday, December 5, 2011. Jack Mannino, CEO at nVisium Security Inc., will be presenting "How To Not Build Android Apps." Jack's abstract and bio are below.&nbsp;We are stilling looking for a "Management" presentation, so if you are interested in speaking or have a particular topic, please email the [http://scr.im/mascasa Chapter Leader].<br>
+
Our next meeting will be held on Wednesday, September 26 from 6 PM to 8 PM. We will be having two technical  talks. For the first talk, Richard Newman will be presenting 'Taming B.E.A.S.T.' Ken Gehrke will be providing the second presentation which will be a hands-on workshop covering tools contained within the latest version of Backtrack. Their bios abstracts are below:
  
<br>
 
  
All of our meetings follow the general agenda listed below: <br>
+
'''Richard Newman - Taming the B.E.A.S.T'''
 +
Curious about the exploit which allows for the clear text recovery of encrypted web traffic? Stay tuned. In this presentation the Browser Exploit Against SSL / TLS will be demystified and explained.
  
*5:45 PM to 6:00 PM - Check-in
+
''Richard is a senior information security engineer with a large local retailer, has 23 years experience within IT and recently 8 years in Information Security. He focusses on computer forensics, network security, vulnerability analysis, network and application penetration testing.''
*6:00 PM to 6:45 PM - Technical Presentation (How To Not Build Android Apps)
+
*6:45 PM to 7:00 PM - Break
+
*7:00 PM to 7:45 PM - Management Presentation (TBD)
+
*7:45 PM to 8:00 PM - Open Discussion Forum
+
  
<br> '''How To Not Build Android Apps - Jack Mannino''' <br> Android is quickly becoming the playground of choice for the bad guys. The Android Market has been notoriously polluted with malicious applications, and the Android ecosystem is fragmented beyond belief. On top of these problems, lots of developers are throwing common sense out the window when creating Android applications. Things can only get better from here (hopefully).
 
  
This presentation will expose some of the many ways these issues combine to make the world a much scarier place. We will focus on real-world examples of vulnerabilities within Android apps that will make most attendees say WTF?!? Be prepared to be angry, frightened, and sad…all at the same time. Live demonstrations of each issue will be provided as well as code samples pinpointing the problems.
+
'''Ken Gehrke - Tool Talk - Application Security'''
 +
The presentation will include a brief powerpoint of general web application security concepts and discussion about some common tools within Backtrack 5 R3 and other application security tools such as BurpSuite and Netsparker.  The presentation will then be driven into a live demonstration of some general web application penetration testing techniques against DVWA and NOWASP (Mutillidae) hosted on the Metasploitable 2 VM platform.
 +
 +
-= No wifi or network access will be required as the pen test lab is contained within VM =-
  
Attendees will be exposed to the overall attack surface for Android applications, and will learn about the steps developers can take to do a better job at protecting them.  
+
''Ken Gehrke is a 12 year veteran of information security and has covered a large spectrum of security operations, audit and penetration testing over the course of his career.  Ken is currently working as a private consultant and has a background working in big 4, telecommunications and health care organizations.  His specialty is web application security and web application penetration testing.''
  
''About Jack''
 
  
Jack Mannino is the CEO of nVisium Security, an application security firm located within the Washington, DC area. At nVisium, he helps to ensure that large corporations, government agencies, and software startups have the tools they need to build and maintain successful security initiatives. He is an active Android security researcher, and has a keen interest in identifying security issues and trends on a large scale. Jack is the co-leader and founder of the OWASP Mobile Security Project. He also serves as a board member on the OWASP Northern Virginia chapter. Jack is also the lead developer for the OWASP GoatDroid Project, which is a collection of vulnerable Android applications used for training and education.
+
The following is an agenda for our next meeting:
 +
<UL>
 +
<LI>5:45 PM to 6:00 PM - Check-in
 +
<LI>6:00 PM to 6:45 PM - First Presentation
 +
<LI>6:45 PM to 7:00 PM - Break
 +
<LI>7:00 PM to 7:45 PM - Second Presentation
 +
<LI>7:45 PM to 8:00 PM - Open Discussion Forum
 +
</UL>
  
== Meeting Location ==
+
Please RSVP to [http://scr.im/mascasa Justin Morehouse] BEFORE 9/25 to be added to the security list.
We meet quarterly at the [http://www.kforce.com Kforce] building in Ybor. The address is:
+
 
 +
== Meeting Location ==
 +
 
 +
Our next meeting will be held in Q3, most likely in Septemeber, at the [http://www.kforce.com Kforce] building in Ybor. The address is:
  
 
[http://maps.google.com/maps?q=1001+East+Palm+Ave.+Tampa,+FL+33605&ll=27.962452,-82.449324&spn=0.008908,0.01929&oe=UTF-8&fb=1&gl=us&cid=0,0,7292050205277130420&z=16&iwloc=A 1001 East Palm Ave. Tampa, FL 33605]
 
[http://maps.google.com/maps?q=1001+East+Palm+Ave.+Tampa,+FL+33605&ll=27.962452,-82.449324&spn=0.008908,0.01929&oe=UTF-8&fb=1&gl=us&cid=0,0,7292050205277130420&z=16&iwloc=A 1001 East Palm Ave. Tampa, FL 33605]
Line 46: Line 53:
 
Park in the Visitor spaces in the main parking lot that is off of East Palm Avenue. You will need to identify yourself at the security desk and ask how to get to Training Room B.
 
Park in the Visitor spaces in the main parking lot that is off of East Palm Avenue. You will need to identify yourself at the security desk and ask how to get to Training Room B.
  
== Presentation Archives ==
+
== Presentation Archives ==
 +
 
 +
OWASP Tampa Day 2012 - Changing the Game - Jason Kent - Presentation Slides [https://www.owasp.org/images/0/04/OWASP_Changing_the_Game_-_Jason_Kent.pdf here]
 +
 
 +
OWASP Tampa Day 2012 - MDM Technical Presentation - Keith Katz - Presentation Slides [https://www.owasp.org/images/a/a4/Zenprise_Technical_Presentation_-_Keith_Katz.pdf here]
 +
 
 +
OWASP Tampa Day 2012 - Federated Identities in the Real World - Nathan Sargent - Presentation Slides [https://www.owasp.org/images/7/78/Federated_Identities_in_the_Real_World_-_Nathan_Sargent.pdf here]
 +
 
 +
OWASP Tampa Day 2012 - Define and Optimize Your Approach to Application Security - Bruce Jenkins - Presentation Slides [https://www.owasp.org/images/8/8a/Define_and_Optimize_Your_Approach_to_Application_Security_-_Bruce_Jenkins.pdf here]
 +
 
 +
OWASP Tampa Day 2012 - Anonymous: Lessons Learned - Bill Church - Presentation Slides [https://www.owasp.org/images/a/a1/Anonymous_-_Lessons_Learned_-_Bill_Church.pdf here]
 +
 
 +
2012-Q1 - Protecting Against SQLi in Real-Time - Stuart Hancock - Presentation Slides [https://www.owasp.org/index.php/File:DBN-OWASP_Presentation.pdf here]
 +
 
 +
2011-Q4 - How Not to Build Android Apps - Jack Mannino - Presentation Slides [https://www.owasp.org/images/8/86/HowNotToBuildAndroidApps2.pdf here]
 +
 
 +
2011-Q4 - Behind Enemy Lines: Practical & Triage Approaches to Mobile Security Abroad - Justin Morehouse - Presentation Slides [http://www.slideshare.net/mascasa/behind-enemy-lines-practical-triage-approaches-to-mobile-security-abroad here]
  
2011-Q3 - Hiding in Plain Sight - Ramece Cave - Presentation Slides [https://www.owasp.org/images/2/28/Hiding_in_Plain_Sight.pdf here]
+
2011-Q3 - Hiding in Plain Sight - Ramece Cave - Presentation Slides [https://www.owasp.org/images/2/28/Hiding_in_Plain_Sight.pdf here]  
  
2011-Q3 - PCI Compliance 2.0 - Kate Mullin - Presentation Slides [https://www.owasp.org/images/6/67/PCI_Compliance_9_2011.pdf here]
+
2011-Q3 - PCI Compliance 2.0 - Kate Mullin - Presentation Slides [https://www.owasp.org/images/6/67/PCI_Compliance_9_2011.pdf here]  
  
OWASP Tampa Day 2011 - PCI for Developers: Lessons from the Real World - Trevor Hawthorn - Presentation Slides [https://www.owasp.org/images/f/f7/OTD2011-TH.pdf here]
+
OWASP Tampa Day 2011 - PCI for Developers: Lessons from the Real World - Trevor Hawthorn - Presentation Slides [https://www.owasp.org/images/f/f7/OTD2011-TH.pdf here]  
  
OWASP Tampa Day 2011 - Top Website Vulnerabilities: Trends, Business Effects and How to Fight Them - Rinaldi Rampen - Presentation Slides [https://www.owasp.org/images/a/aa/OTD2011-RR.pdf here]
+
OWASP Tampa Day 2011 - Top Website Vulnerabilities: Trends, Business Effects and How to Fight Them - Rinaldi Rampen - Presentation Slides [https://www.owasp.org/images/a/aa/OTD2011-RR.pdf here]  
  
OWASP Tampa Day 2011 - How to Defend the Universe from Evil-doers: A Guide for Software Developers and Security Teams - Bruce Jenkins - Presentation Slides [https://www.owasp.org/images/1/12/OTD2011-BJ.pdf here]
+
OWASP Tampa Day 2011 - How to Defend the Universe from Evil-doers: A Guide for Software Developers and Security Teams - Bruce Jenkins - Presentation Slides [https://www.owasp.org/images/1/12/OTD2011-BJ.pdf here]  
  
OWASP Tampa Day 2011 - Analysis of Deadly Combination of XSS and CSRF - Sherif Koussa - Presentation Slides [https://www.owasp.org/images/8/8c/OTD2011-SK.pdf here]
+
OWASP Tampa Day 2011 - Analysis of Deadly Combination of XSS and CSRF - Sherif Koussa - Presentation Slides [https://www.owasp.org/images/8/8c/OTD2011-SK.pdf here]  
  
2011-Q1 - Real Lessons of Deploying Static Analysis in Development Groups - Jeff LoSapio - Presentation Slides [http://www.owasp.org/images/3/3b/TampaOWASP_March2011.pdf here]
+
2011-Q1 - Real Lessons of Deploying Static Analysis in Development Groups - Jeff LoSapio - Presentation Slides [http://www.owasp.org/images/3/3b/TampaOWASP_March2011.pdf here]  
  
2011-Q1 - Intelligence Gathering for Penetration Testers: Opening Doors with Metadata - Chris Patten - Presentation Slides [http://www.owasp.org/images/a/ae/Intel_pen_owasp_Q1_2011.pdf here]
+
2011-Q1 - Intelligence Gathering for Penetration Testers: Opening Doors with Metadata - Chris Patten - Presentation Slides [http://www.owasp.org/images/a/ae/Intel_pen_owasp_Q1_2011.pdf here]  
  
2011-Q1 - Vulnerability Management in an IPv6 World - Richard Newman & Brett McKinney - Presentation Slides [http://www.owasp.org/images/f/fa/Vulnerability_Scanning_in_an_IPv6_World.pdf here]
+
2011-Q1 - Vulnerability Management in an IPv6 World - Richard Newman &amp; Brett McKinney - Presentation Slides [http://www.owasp.org/images/f/fa/Vulnerability_Scanning_in_an_IPv6_World.pdf here]  
  
2010-Q4 - Nessus Bridge for Metasploit - Zate Berg - Presentation Slides [http://www.scribd.com/doc/41173753/Nessus-Bridge-for-Metasploit here]
+
2010-Q4 - Nessus Bridge for Metasploit - Zate Berg - Presentation Slides [http://www.scribd.com/doc/41173753/Nessus-Bridge-for-Metasploit here]  
  
2010-Q2 - Stealing Guests...The VMware Way - Justin Morehouse & Tony Flick - Presentation slides [http://www.fyrmassociates.com/pdfs/Stealing_Guests_The_VMware_Way-ShmooCon2010.pdf here]
+
2010-Q2 - Stealing Guests...The VMware Way - Justin Morehouse &amp; Tony Flick - Presentation slides [http://www.fyrmassociates.com/pdfs/Stealing_Guests_The_VMware_Way-ShmooCon2010.pdf here]  
  
2010-Q1 - The New World of Smartphone Security - Trevor Hawthorn - Presentation slides [http://www.stratumsec.net/sites/default/files/Stratum%20Security-The%20New%20World%20of%20Smartphone%20Security-Shmoocon%202010.pdf here]
+
2010-Q1 - The New World of Smartphone Security - Trevor Hawthorn - Presentation slides [http://www.stratumsec.net/sites/default/files/Stratum%20Security-The%20New%20World%20of%20Smartphone%20Security-Shmoocon%202010.pdf here]  
  
2009-Q3 - Hacking the Smart Grid - Tony Flick - Presentation slides [http://www.owasp.org/images/d/df/HackingTheSmartGrid-OWASP_Tampa.pdf here]
+
2009-Q3 - Hacking the Smart Grid - Tony Flick - Presentation slides [http://www.owasp.org/images/d/df/HackingTheSmartGrid-OWASP_Tampa.pdf here]  
  
2009-Q2 - Open SAMM - Zate Berg - Presentation slides [https://www.owasp.org/images/c/c3/Software_Assurance_Maturity_Model.pdf here]
+
2009-Q2 - Open SAMM - Zate Berg - Presentation slides [https://www.owasp.org/images/c/c3/Software_Assurance_Maturity_Model.pdf here]  
  
2009-Q1 - XSS Anonymous Browser - Matt Flick - Presentation slides [https://www.owasp.org/images/b/bb/BlackHat-DC-09-Flick-XAB_Slides.pdf here]
+
2009-Q1 - XSS Anonymous Browser - Matt Flick - Presentation slides [https://www.owasp.org/images/b/bb/BlackHat-DC-09-Flick-XAB_Slides.pdf here]  
  
2008-Q4 - Google Code Search : The pitfalls of Copy/Paste - Tony Flick - Presentation slides [https://www.owasp.org/images/5/5b/GoogleCodeSearch.pdf here]
+
2008-Q4 - Google Code Search&nbsp;: The pitfalls of Copy/Paste - Tony Flick - Presentation slides [https://www.owasp.org/images/5/5b/GoogleCodeSearch.pdf here]  
  
[[Category: OWASP Chapter]] [[Category: Florida]]
+
[[Category:OWASP_Chapter]] [[Category:Florida]]

Revision as of 13:58, 12 September 2012

Contents

Welcome to the OWASP Tampa Local Chapter

funds to OWASP earmarked for Tampa.

Anyone in our area interested in information security is welcome to attend. Our meetings are informal and encourage open discussion of all aspects of application security. We invite attendees to give short presentations about specific topics.

We have a mailing list at: https://lists.owasp.org/mailman/listinfo/owasp-tampa

If you have any questions about the Tampa chapter, please send an email to the chapter leader Justin Morehouse.

The Tampa chapter is sponsored by GuidePoint Security.

Join the OWASP Tampa LinkedIn group here.

A reminder that CISSPs can earn 1 CPE credit for every hour of attendance at OWASP meetings.

Next Meeting

Our next meeting will be held on Wednesday, September 26 from 6 PM to 8 PM. We will be having two technical talks. For the first talk, Richard Newman will be presenting 'Taming B.E.A.S.T.' Ken Gehrke will be providing the second presentation which will be a hands-on workshop covering tools contained within the latest version of Backtrack. Their bios abstracts are below:


Richard Newman - Taming the B.E.A.S.T Curious about the exploit which allows for the clear text recovery of encrypted web traffic? Stay tuned. In this presentation the Browser Exploit Against SSL / TLS will be demystified and explained.

Richard is a senior information security engineer with a large local retailer, has 23 years experience within IT and recently 8 years in Information Security. He focusses on computer forensics, network security, vulnerability analysis, network and application penetration testing.


Ken Gehrke - Tool Talk - Application Security The presentation will include a brief powerpoint of general web application security concepts and discussion about some common tools within Backtrack 5 R3 and other application security tools such as BurpSuite and Netsparker. The presentation will then be driven into a live demonstration of some general web application penetration testing techniques against DVWA and NOWASP (Mutillidae) hosted on the Metasploitable 2 VM platform.

-= No wifi or network access will be required as the pen test lab is contained within VM =-

Ken Gehrke is a 12 year veteran of information security and has covered a large spectrum of security operations, audit and penetration testing over the course of his career. Ken is currently working as a private consultant and has a background working in big 4, telecommunications and health care organizations. His specialty is web application security and web application penetration testing.


The following is an agenda for our next meeting:

  • 5:45 PM to 6:00 PM - Check-in
  • 6:00 PM to 6:45 PM - First Presentation
  • 6:45 PM to 7:00 PM - Break
  • 7:00 PM to 7:45 PM - Second Presentation
  • 7:45 PM to 8:00 PM - Open Discussion Forum

Please RSVP to Justin Morehouse BEFORE 9/25 to be added to the security list.

Meeting Location

Our next meeting will be held in Q3, most likely in Septemeber, at the Kforce building in Ybor. The address is:

1001 East Palm Ave. Tampa, FL 33605

Park in the Visitor spaces in the main parking lot that is off of East Palm Avenue. You will need to identify yourself at the security desk and ask how to get to Training Room B.

Presentation Archives

OWASP Tampa Day 2012 - Changing the Game - Jason Kent - Presentation Slides here

OWASP Tampa Day 2012 - MDM Technical Presentation - Keith Katz - Presentation Slides here

OWASP Tampa Day 2012 - Federated Identities in the Real World - Nathan Sargent - Presentation Slides here

OWASP Tampa Day 2012 - Define and Optimize Your Approach to Application Security - Bruce Jenkins - Presentation Slides here

OWASP Tampa Day 2012 - Anonymous: Lessons Learned - Bill Church - Presentation Slides here

2012-Q1 - Protecting Against SQLi in Real-Time - Stuart Hancock - Presentation Slides here

2011-Q4 - How Not to Build Android Apps - Jack Mannino - Presentation Slides here

2011-Q4 - Behind Enemy Lines: Practical & Triage Approaches to Mobile Security Abroad - Justin Morehouse - Presentation Slides here

2011-Q3 - Hiding in Plain Sight - Ramece Cave - Presentation Slides here

2011-Q3 - PCI Compliance 2.0 - Kate Mullin - Presentation Slides here

OWASP Tampa Day 2011 - PCI for Developers: Lessons from the Real World - Trevor Hawthorn - Presentation Slides here

OWASP Tampa Day 2011 - Top Website Vulnerabilities: Trends, Business Effects and How to Fight Them - Rinaldi Rampen - Presentation Slides here

OWASP Tampa Day 2011 - How to Defend the Universe from Evil-doers: A Guide for Software Developers and Security Teams - Bruce Jenkins - Presentation Slides here

OWASP Tampa Day 2011 - Analysis of Deadly Combination of XSS and CSRF - Sherif Koussa - Presentation Slides here

2011-Q1 - Real Lessons of Deploying Static Analysis in Development Groups - Jeff LoSapio - Presentation Slides here

2011-Q1 - Intelligence Gathering for Penetration Testers: Opening Doors with Metadata - Chris Patten - Presentation Slides here

2011-Q1 - Vulnerability Management in an IPv6 World - Richard Newman & Brett McKinney - Presentation Slides here

2010-Q4 - Nessus Bridge for Metasploit - Zate Berg - Presentation Slides here

2010-Q2 - Stealing Guests...The VMware Way - Justin Morehouse & Tony Flick - Presentation slides here

2010-Q1 - The New World of Smartphone Security - Trevor Hawthorn - Presentation slides here

2009-Q3 - Hacking the Smart Grid - Tony Flick - Presentation slides here

2009-Q2 - Open SAMM - Zate Berg - Presentation slides here

2009-Q1 - XSS Anonymous Browser - Matt Flick - Presentation slides here

2008-Q4 - Google Code Search : The pitfalls of Copy/Paste - Tony Flick - Presentation slides here