Revision as of 16:39, 14 November 2011 by Jmorehouse (talk | contribs)

Jump to: navigation, search

Welcome to the OWASP Tampa Local Chapter


Anyone in our area interested in information security is welcome to attend. Our meetings are informal and encourage open discussion of all aspects of application security. We invite attendees to give short presentations about specific topics.

We have a mailing list at: https://lists.owasp.org/mailman/listinfo/owasp-tampa

If you have any questions about the Tampa chapter, please send an email to the chapter leader Justin Morehouse.

The Tampa chapter is sponsored by [[Image:|StratumSecurityTampaOWASP.png]]

Join the OWASP Tampa LinkedIn group here.

A reminder that CISSPs can earn 1 CPE credit for every hour of attendance at OWASP meetings.

Next Meeting

Our next meeting will be held on Monday, December 5, 2011. Jack Mannino, CEO at nVisium Security Inc., will be presenting the technical presentation entitled "How To Not Build Android Apps." Matthew Harper, Group Vice President of a well-known financial institute, will be presenting the management presentation entitled, "Online Fraud, Malware and Trends." Both Jack's and Matt's abstracts and bios are below.

Please RSVP to the Chapter Leader on or before Friday, December 2, 2011 so that you can be added to the security list.

All of our meetings follow the general agenda listed below:

  • 5:45 PM to 6:00 PM - Check-in
  • 6:00 PM to 6:45 PM - Technical Presentation (How To Not Build Android Apps)
  • 6:45 PM to 7:00 PM - Break
  • 7:00 PM to 7:45 PM - Management Presentation (Online Fraud, Malware and Trends)
  • 7:45 PM to 8:00 PM - Open Discussion Forum

How To Not Build Android Apps - Jack Mannino
Android is quickly becoming the playground of choice for the bad guys. The Android Market has been notoriously polluted with malicious applications, and the Android ecosystem is fragmented beyond belief. On top of these problems, lots of developers are throwing common sense out the window when creating Android applications. Things can only get better from here (hopefully).

This presentation will expose some of the many ways these issues combine to make the world a much scarier place. We will focus on real-world examples of vulnerabilities within Android apps that will make most attendees say WTF?!? Be prepared to be angry, frightened, and sad…all at the same time. Live demonstrations of each issue will be provided as well as code samples pinpointing the problems.

Attendees will be exposed to the overall attack surface for Android applications, and will learn about the steps developers can take to do a better job at protecting them.

About Jack

Jack Mannino is the CEO of nVisium Security, an application security firm located within the Washington, DC area. At nVisium, he helps to ensure that large corporations, government agencies, and software startups have the tools they need to build and maintain successful security initiatives. He is an active Android security researcher, and has a keen interest in identifying security issues and trends on a large scale. Jack is the co-leader and founder of the OWASP Mobile Security Project. He also serves as a board member on the OWASP Northern Virginia chapter. Jack is also the lead developer for the OWASP GoatDroid Project, which is a collection of vulnerable Android applications used for training and education.

Online Fraud, Malware and Trends - Matthew Harper, CISSP, CISA, CISM

During this presentation, Matthew will provide high-level insight into how one financial institution is dealing with advance malware threats to its clients and itself. The presentation will focus primarily on industry trends, threat mitigation, as well as current best practices.

About Matthew

Matthew Harper is a Group Vice President at a well-known financial institution. His scope of responsibility includes client authentication for all channels and lines of business as well as enterprise client data quality. He is challenged with managing security and fraud risk for clients while balancing the user experience. Matthew is a graduate of Louisiana State University and holds the CISA, CISM, and CISSP designations.

Meeting Location

We meet quarterly at the Kforce building in Ybor. The address is:

1001 East Palm Ave. Tampa, FL 33605

Park in the Visitor spaces in the main parking lot that is off of East Palm Avenue. You will need to identify yourself at the security desk and ask how to get to Training Room B.

Presentation Archives

2011-Q3 - Hiding in Plain Sight - Ramece Cave - Presentation Slides here

2011-Q3 - PCI Compliance 2.0 - Kate Mullin - Presentation Slides here

OWASP Tampa Day 2011 - PCI for Developers: Lessons from the Real World - Trevor Hawthorn - Presentation Slides here

OWASP Tampa Day 2011 - Top Website Vulnerabilities: Trends, Business Effects and How to Fight Them - Rinaldi Rampen - Presentation Slides here

OWASP Tampa Day 2011 - How to Defend the Universe from Evil-doers: A Guide for Software Developers and Security Teams - Bruce Jenkins - Presentation Slides here

OWASP Tampa Day 2011 - Analysis of Deadly Combination of XSS and CSRF - Sherif Koussa - Presentation Slides here

2011-Q1 - Real Lessons of Deploying Static Analysis in Development Groups - Jeff LoSapio - Presentation Slides here

2011-Q1 - Intelligence Gathering for Penetration Testers: Opening Doors with Metadata - Chris Patten - Presentation Slides here

2011-Q1 - Vulnerability Management in an IPv6 World - Richard Newman & Brett McKinney - Presentation Slides here

2010-Q4 - Nessus Bridge for Metasploit - Zate Berg - Presentation Slides here

2010-Q2 - Stealing Guests...The VMware Way - Justin Morehouse & Tony Flick - Presentation slides here

2010-Q1 - The New World of Smartphone Security - Trevor Hawthorn - Presentation slides here

2009-Q3 - Hacking the Smart Grid - Tony Flick - Presentation slides here

2009-Q2 - Open SAMM - Zate Berg - Presentation slides here

2009-Q1 - XSS Anonymous Browser - Matt Flick - Presentation slides here

2008-Q4 - Google Code Search : The pitfalls of Copy/Paste - Tony Flick - Presentation slides here