[Owasp-austin] August Meeting, September Happy Hour, ConSec, LASCON, HouSecCon, and More!

Josh Sokol josh.sokol at ni.com
Fri Aug 27 13:13:45 EDT 2010


Austin OWASPers,

I hope that you are all doing well.  Can you believe that it's almost 
September?  This year has flown by so quickly, but it's not over yet.  In 
fact, I'd say that we have more going on now than ever before.  What 
follows is a list of OWASP and other security events that may interest you 
over the next few months.  Please let me know if you have any questions.

Tuesday, August 31, 11:30 AM - 1:30 PM > OWASP Meeting: Application 
Assessments Reloaded (Andre Gironda)
Trying to integrate Business Software Assurance into Enterprise Risk 
Management and Information Security Management programs has had issues 
over the years. Penetration-testing was announced dead over a year ago, 
but it's still the number one choice of application security professionals 
when starting out. Can the activities from penetration-testing be re-used 
and turned into something innovative?  Tools (especially application 
scanners and secure static analysis tools) have error rates so high, they 
are useless in the hands of newcomers (even for peripheral security 
testing). Some organizations have built entire applications around or on 
top of existing appsec tools. Others are looking to use other kinds of 
tools, such as process/methodology/workflow tools, to enhance their 
classic penetration-testing tools.  Even the testing/inspection 
methodologies themselves are outdated and we're finding that they are 
challenging or repetitive in many environments. How do current appsec 
tools and testing/inspection methods work in the cloud? If we re-run the 
same kinds of tests during dev-test, software quality, and application 
security cycles, aren't we wasting valuable time and effort?  This 
presentation will provide discussion around how to solve many of these and 
other challenges in application security. The focus will be on web 
applications that use common technologies (HTTP, SQL, Classic XML/HTML, 
Javascript, Flash) but also updated to today's standards (RESTful 
transactions, NoSQL, HTML5, Ajax/Json, Flex2).  See 
http://austin.owasp.org for more information,

September 16, 2010, 5 PM - 7 PM > Austin Security Professionals Happy Hour 
(Sponsored by F5 and Accuvant)
Hopefully you know the drill by now.  One Thursday every month we get a 
group of the coolest security professionals in Austin to gather at 
Sherlock's for a couple of hours of food, drinks, and chatter.  Sometimes 
our conversations are about security and sometimes they're about life, but 
they're almost always something worth talking about.  Next month is no 
exception and we would like to thank F5 and Accuvant for stepping up to 
sponsor this awesome event.  If you haven't made it out to one of these 
happy hours yet, you're missing out.  See http://austin.owasp.org for more 
information,

September 27 - 29 > ConSec: A New Decade of Information Security
Yesterday's risks are known, but what about tomorrow's?  We are entering a 
New Decade of Information Security!  ConSec is a 2.5 day conference here 
in Austin, TX at the Norris Conference Center.  Of particular interest to 
Austin OWASPers is a full-day specialty workshop on September 29 by Matt 
Tesauro on "How to Use the OWASP Live CD", a talk by John Dickson (Denim 
Group) on "Preparing for Tomorrow's Threats: A Primer for Security 
Responses in an Accelerated World", and a talk by Josh Sokol (National 
Instruments) on "Architecting Secure Web Systems",  It is $335 for a full 
conference registration or $125 for just the workshop if you register 
before 9/9.  See http://www.consec.org for more information.

September 28, 2010, 11:30 AM - 1:30 PM > OWASP Meeting: Technology and 
Business Risk Management: How Application Security Fits In (Peter 
Perfetti)
This presentation demonstrates how important application security is to 
the overall stability and security of the infrastructure and the 
ultimately, the business. Presented from the Information Security 
Officer/Risk Manager point of view, it shows how a strong information 
security program reduces levels of reputational, operational, legal, and 
strategic risk by limiting vulnerabilities, increasing stability, and 
maintaining customer confidence and trust. It focuses on the top concerns 
of risk managers and how application security fits into the overall risk 
management process. The audience will be given recommendations on how to 
improve cost effectiveness and efficiency to achieve business, security, 
audit, and compliance objectives relative to applications.  See 
http://austin.owasp.org for more information.

October 21, 2010 11:30 AM - 1:00 PM > ISSA Meeting: Emerging Threats
See http://www.austinissa.org for more information.

October 29, 2010 > LASCON: Lonestar Applicaton Security Conference
LASCON will have three distinct tracks spanning a single day.  A track for 
management topics such as risk management and securing the SDLC, a track 
for technical topics such as logic flaws and HTTPS protocol issues, and a 
track for OWASP topics such as the OWASP Top 10 and the Webscarab proxy. 
With CFPs still open for LASCON, we have already confirmed presentations 
from some of the world's top security professionals.  You can look forward 
to presentations from the likes of Robert Hansen, Dan Cornell, Samy 
Kamkar, Joe Jarzombek, Michael Howard and many more.  Attendees who 
register before 9/15/2010 will pay only $50 if they are already OWASP 
members and $100 if they are not which includes a full year of OWASP 
membership.  We guarantee that this full day of training will be the most 
"bang for your buck" that any conference in Texas has to offer.  See 
http://www.lascon.org for more information.

November 4, 2010 > HouSecCon
I just found out about this conference yesterday through the Houston OWASP 
mailing list and it truly rivals LASCON for the most "bang for your buck". 
 They will have only two tracks, Mangement and "Hacking", but have an 
impressive list of presenters.  Robert Hansen (SecTheory), Jeremiah 
Grossman (WhiteHat), and Branden Williams (RSA Security Consulting) are 
just a few of the names who will be presenting there.  If only it weren't 
in Houston.  ;-)  This conference looks awesome and at only $25 to 
register you should all seriously consider going.  Maybe I'll form a 
carpool so let me know if you want to go.  See http://houstonseccon.com 
for more information.

November 18, 2010 11:30 AM - 1:00 PM > ISSA Meeting: Forrester Half-Day 
with Khalid Kark
See http://www.austinissa.org for more information.

Sincerely,

Josh Sokol (CISSP, CCNA, GWAS)
Information Security Program Owner
National Instruments
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-austin/attachments/20100827/83f2d30e/attachment.html 


More information about the Owasp-austin mailing list