Welcome to the OWASP Tampa Local Chapter
Anyone in our area interested in information security is welcome to attend. Our meetings are informal and encourage open discussion of all aspects of application security. We invite attendees to give short presentations about specific topics.
We have a mailing list at: https://lists.owasp.org/mailman/listinfo/owasp-tampa
If you have any questions about the Tampa chapter, please send an email to the chapter leader Justin Morehouse.
Join the OWASP Tampa LinkedIn group here.
A reminder that CISSPs can earn 1 CPE credit for every hour of attendance at OWASP meetings.
Our next meeting will be held on Wednesday, March 12 from 6 PM to 8 PM at GuidePoint Security in Downtown Saint Petersburg. We will have two presentations. The first, from Carl Brothers of F5 Networks is entitled Herding Cats. The second, from Ramece Cave of Solutionary is entitled The Enemy Within. Information on both presenters and their presentations is below.
The following is an agenda for our next meeting:
- 5:45 PM to 6:00 PM - Check-in
- 6:00 PM to 7:00 PM - Presentation
- 7:00 PM to 7:15 PM - Break
- 7:15 PM to 8:00 PM - Presentation
Herding Cats - Carl Brothers, F5 Networks Ensuring that we can provide security and availability for on premise apps and cloud based apps, that are increasingly being accessed from uncontrolled devices feels like a never ending struggle to keep the cats in the corral. Let’s discuss the tools and approaches we can use to ensure that security <> decreased performance, revenue or customer satisfaction.
Carl Brother Biography Carl Brothers joined F5 as a Field Systems Engineer after many years of being an F5 customer. Carl's previous roles have ranged from operations to systems engineering at a top 30 e-tailer and a global manufacturing company. Carl has considerable experience with web-based and virtualization technologies, including Citrix, Microsoft and VMware.
The Enemy Within - Ramece Cave, Solutionary Web Server Intel Correlation (might change the name). The presentation will discuss how and why web servers play a role in intelligence gathering and threat correlation. It will go over previous hacking campaigns and how data was leveraged for exploitation or exfiltration, and how compromised servers are being used.
Ramece Cave Biography Began working in information security in the Internet Abuse department at UUNET in 1999. Over the past 10 years have been focusing on forensics, reverse engineering, and malware analysis; in various incident response and SOC positions. Currently work as Research Analyst at Solutionary.
Our next meeting will be held at the GuidePoint Security office in Downtown Saint Petersburg. The address is:
Cash only parking is available across the street in the Muvico parking lot.
OWASP Tampa Day 2013 - Securing Your Applications' Data With Web Application Firewalls - Dennis K. Usle - Presentation Slides here
OWASP Tampa Day 2013 - Bring Your Own Service - Doug Maul - Presentation Slides here
OWASP Tampa Day 2013 - Design Consideration & Guiding Principles for Implementing Cloud Security - Bill Sterns - Presentation Slides here
OWASP Tampa Day 2013 - Let's Get Right To The Endpoint - Mel Pless - Presentation Slides here
OWASP Tampa Day 2013 - Vulnerability Management That Works - Tony Turner - Presentation Slides here
2012-Q3 - Taming the B.E.A.S.T. - Richard Newman - Presentation Slides here
OWASP Tampa Day 2012 - Changing the Game - Jason Kent - Presentation Slides here
OWASP Tampa Day 2012 - MDM Technical Presentation - Keith Katz - Presentation Slides here
OWASP Tampa Day 2012 - Federated Identities in the Real World - Nathan Sargent - Presentation Slides here
OWASP Tampa Day 2012 - Define and Optimize Your Approach to Application Security - Bruce Jenkins - Presentation Slides here
OWASP Tampa Day 2012 - Anonymous: Lessons Learned - Bill Church - Presentation Slides here
2012-Q1 - Protecting Against SQLi in Real-Time - Stuart Hancock - Presentation Slides here
2011-Q4 - How Not to Build Android Apps - Jack Mannino - Presentation Slides here
2011-Q4 - Behind Enemy Lines: Practical & Triage Approaches to Mobile Security Abroad - Justin Morehouse - Presentation Slides here
2011-Q3 - Hiding in Plain Sight - Ramece Cave - Presentation Slides here
2011-Q3 - PCI Compliance 2.0 - Kate Mullin - Presentation Slides here
OWASP Tampa Day 2011 - PCI for Developers: Lessons from the Real World - Trevor Hawthorn - Presentation Slides here
OWASP Tampa Day 2011 - Top Website Vulnerabilities: Trends, Business Effects and How to Fight Them - Rinaldi Rampen - Presentation Slides here
OWASP Tampa Day 2011 - How to Defend the Universe from Evil-doers: A Guide for Software Developers and Security Teams - Bruce Jenkins - Presentation Slides here
OWASP Tampa Day 2011 - Analysis of Deadly Combination of XSS and CSRF - Sherif Koussa - Presentation Slides here
2011-Q1 - Real Lessons of Deploying Static Analysis in Development Groups - Jeff LoSapio - Presentation Slides here
2011-Q1 - Intelligence Gathering for Penetration Testers: Opening Doors with Metadata - Chris Patten - Presentation Slides here
2011-Q1 - Vulnerability Management in an IPv6 World - Richard Newman & Brett McKinney - Presentation Slides here
2010-Q4 - Nessus Bridge for Metasploit - Zate Berg - Presentation Slides here
2010-Q2 - Stealing Guests...The VMware Way - Justin Morehouse & Tony Flick - Presentation slides here
2010-Q1 - The New World of Smartphone Security - Trevor Hawthorn - Presentation slides here
2009-Q3 - Hacking the Smart Grid - Tony Flick - Presentation slides here
2009-Q2 - Open SAMM - Zate Berg - Presentation slides here
2009-Q1 - XSS Anonymous Browser - Matt Flick - Presentation slides here
2008-Q4 - Google Code Search : The pitfalls of Copy/Paste - Tony Flick - Presentation slides here