[Owasp-leaders] Wed 24th Meeting

Mandeep Khera mkhera at owasp.org
Thu Feb 18 13:45:05 EST 2010 

Let's say 10 P.M. on Tuesday. I'll find a place that's not full. Given that
we don't have that many people, we might not need to worry about
reservations. We'll pick a place and meet there. 

 

Stay tuned on the location. 

 

Mandeep Khera
Chief Marketing Officer
Cenzic, Inc.
 <blocked::http://www.cenzic.com/> www.cenzic.com | (866) 4-CENZIC
(423-6942)
455 El Camino Real, Ste. 100
Santa Clara, CA 95050
Phone:  (408) 200-0712
Email:   <mailto:Emandeep at cenzic.com> mandeep at cenzic.com
Fax:  (408) 200-0701 

Join me on my Twitter -  <http://twitter.com/appsecurity>
http://twitter.com/appsecurity

 

 

  _____  

From: owasp-leaders-bounces at lists.owasp.org
[mailto:owasp-leaders-bounces at lists.owasp.org] On Behalf Of Tom Brennan -
OWASP
Sent: Thursday, February 18, 2010 10:37 AM
To: owasp-leaders at lists.owasp.org
Cc: Mandeep Khera
Subject: Re: [Owasp-leaders] Wed 24th Meeting

 

only that we had 15 people (prior email) provide any feedback, sounds like a
small group so  we could do a dinner or late night meet-up?  

 

I am a newbie to RSA so I am hoping someone can take the lead for a OWASP
meet-up location. 

 

Mandeep - what were you thinking a late night 10pm meet-up over drinks?



 

On Thu, Feb 18, 2010 at 1:30 PM, Ofer Maor <ofer.maor at owasp.org> wrote:

Any updates on the RSA meet up? 

Trying to wrap up my schedule :-) 

 

Ofer.

 

From: owasp-leaders-bounces at lists.owasp.org
[mailto:owasp-leaders-bounces at lists.owasp.org] On Behalf Of Tom Brennan -
OWASP
Sent: Thursday, February 18, 2010 20:22
To: Owasp-Leaders at Lists.Owasp Owasp-Leaders at Lists.Owasp
Subject: [Owasp-leaders] Wed 24th Meeting

 

"It's not a conference... its a just a meeting"
 
Wed 24th at 6pm-9pm seats for 200 & rockstar speakers, its FREE

 

* Learn * Network * Teach * Career * Meet-Up * Collaborate * but.. RSVP as
space is limited and building security requires a ticket for entry thanks in
advance.  
 
http://www.owasp.org/index.php/NYNJMetro
 

=================================================
TOPIC: ADVANCED PERSISTENT THREATS 6:15 - 6:50 PM
SPEAKER: VIJAY AKASAPU BIO, MANDIANT
The Advanced Persistent Threat (APT) is a sophisticated and organized cyber
attack to access and steal information from compromised computers. The
intruders responsible for theAPT attacks target the Defense Industrial Base,
critical infrastructure, financial, manufacturing and research industries.
The attacks used by the APT intruders are not very different from any other
intruder: the primary difference is their perseverance and resources. They
have malicious code (malware) that circumvents common safeguards such as
anti-virus, and they escalate their tools and techniques as a victim's
capability to respond improves.
During this "State of the Hack" session, ViJay will present case studies
that describe, in technical detail, the most recent incidents MANDIANT has
responded to. The talk covers how intruders gain access; what they do once
inside a victim network; and how an organization can remediate these attacks

 

TOPIC: CLOUD COMPUTING AND SECURITY 6:55 - 7:30 PM
SPEAKER: ANDREW BECHERER BIO, iSEC Partners
This session will explore the widely differing security models of the
leading cloud computing providers, including Amazon, Google and Salesforce.
Andrew will also reveal the significant differences in operational and
application security practices necessary to deal with a cloud computing
environment.

 

TOPIC: THREAT MODELING 7:35 - 8:10 PM
SPEAKER: JOHN STEVEN BIO, CIGITAL
Threat Modeling - How will attackers break your web application? How much
security testing is enough? Do I have to worry about insiders? Threat
modeling, applied with a risk management approach can answer both of these
questions if done correctly. This talk will present advanced threat modeling
step-wise through examples and exercises using the Java EE platform and
focusing on authentication, authorization, and session management.
Participants will learn, through interactive exercise on real software
architectures, how to use diagramming techniques to explicitly document
threats their applications face, identify how assets worth protecting
manifest themselves within the system, and enumerate the attack vectors
these threats take advantage of. Participants will then engage in secure
design activities, learning how to use the threat model to specify
compensating controls for specified attack vectors. Finally, we'll discuss
how the model can drive security testing and validate an application resists
specified attack.

 

TOPIC: LEVERAGING EXISTING APPSEC TOOLSETS 8:15 - 8:50 PM
SPEAKER: PHIL AMES BIO
Discover ways to leverage the tools you currently use to find potential
vulnerabilities in web applications as early as during an initial
application walk through. This talk will cover the current state of passive
web application analysis as well as discuss how to set up a framework for
your own testing needs 
 
More information - visit http://www.owasp.org/index.php/NYNJMetro  to be a
speaker, sponsor or get involved see HOW-TO
 
===============================
 
Tom Brennan
NYC Metro Chapter President / Global Board Member
OWASP Foundation
www.owasp.org <http://www.owasp.org/> 

 


_______________________________________________
OWASP-Leaders mailing list
OWASP-Leaders at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-leaders

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20100218/fd4ac4b8/attachment-0001.html

More information about the OWASP-Leaders mailing list