Welcome to the OWASP Tampa Local Chapter
Anyone in our area interested in information security is welcome to attend. Our meetings are informal and encourage open discussion of all aspects of application security. We invite attendees to give short presentations about specific topics.
We have a mailing list at: https://lists.owasp.org/mailman/listinfo/owasp-tampa
If you have any questions about the Tampa chapter, please send an email to the chapter leader Justin Morehouse.
Join the OWASP Tampa LinkedIn group here.
A reminder that CISSPs can earn 1 CPE credit for every hour of attendance at OWASP meetings.
Our 2011-Q1 meeting will be on Wednesday, March 16, from 6PM until 8PM. I am trying a new format with three shorter length talks. First off are Richard Newman and Brett McKinney. They will be speaking on performing vulnerability testing in an IPv6 world. Our second talk features Jeff LoSapio, Managing Partner at Stratum Security. Jeff will be discussing the lessons learned from deploying static analysis in development groups. Finally, Chris Patten of Packet Research will be presenting on intelligence gathering for penetration testers.
Abstracts for each of the talks are below:
Richard Newman & Brett McKinney - Vulnerability Management in an IPv6 World
With the last of the IPv4 addresses allocated to the regional registrars, IPv4 is quickly seeing an end to its reign. For a time we’ll see dual addressed networks as IPv6 is implemented and deployed. What does this mean to vulnerability and application scanning, penetration testing, and more?
Jeff LoSapio - Real Lessons of Deploying Static Analysis in Development Groups
Is it really worth investing in static analysis tools for your developers?
Can you effectively deploy the tools and attain valuable results?
What are the pitfalls?
How do you succeed?
Chris Patten - Intelligence Gathering for Penetration Testers: Opening Doors with Metadata
This talk will provide insight into the often-overlooked requirement of performing effective intelligence gathering as a means to achieve a successful penetration test. In the age of technology, information is shared throughout organizations and distributed all over the world. Learn how penetration testers target hidden metadata and use it to open virtual doors. Finally, find out what can be done to protect against metadata harvesting attacks.
Please RSVP to the Chapter Leader by Tuesday, March 15, so that you can be added to the security list.
We meet quarterly at the Kforce building in Ybor. The address is:
Park in the Visitor spaces in the main parking lot that is off of East Palm Avenue. You will need to identify yourself at the security desk and ask how to get to Training Room B.
2011-Q1 - Real Lessons of Deploying Static Analysis in Development Groups - Jeff LoSapio - Presentation Slides here
2011-Q1 - Intelligence Gathering for Penetration Testers: Opening Doors with Metadata - Chris Patten - Presentation Slides here
2011-Q1 - Vulnerability Management in an IPv6 World - Richard Newman & Brett McKinney - Presentation Slides here
2010-Q4 - Nessus Bridge for Metasploit - Zate Berg - Presentation Slides here
2010-Q2 - Stealing Guests...The VMware Way - Justin Morehouse & Tony Flick - Presentation slides here
2010-Q1 - The New World of Smartphone Security - Trevor Hawthorn - Presentation slides here
2009-Q3 - Hacking the Smart Grid - Tony Flick - Presentation slides here
2009-Q2 - Open SAMM - Zate Berg - Presentation slides here
2009-Q1 - XSS Anonymous Browser - Matt Flick - Presentation slides here
2008-Q4 - Google Code Search : The pitfalls of Copy/Paste - Tony Flick - Presentation slides here