[Owasp-austin] LASCON 2011, OWASP Secure Password Project, Job Opportunities, and More
josh.sokol at ni.com
Wed Dec 8 15:29:49 EST 2010
The 2010 Lonestar Application Security Conference (LASCON) held at the
Norris Conference Center on Friday, October 29, 2010 was an astounding
success. Almost 200 security professionals from around the country came
together to learn, share war stories, and have a good time. Feedback from
attendees, sponsors, and volunteers was overwhelmingly positive with
almost everyone stating they would like to attend LASCON again next year.
With things going as well as they did, we have decided to reserve the
Norris Conference Center once again for Friday, October 28, 2011 for
LASCON part deux. If you are interested in sponsoring or volunteering for
LASCON 2011, please let us know. Mark your calendars today!
In 2011 the Austin OWASP chapter will be embarking on a group project
titled the OWASP Secure Password Project. This project will have a two
pronged approach designed to put more nails in the single-factor method of
authentication. First, we will create an interactive portal where
penetration testers are able to enter known information about the target.
This known information can then be broken down and converted to create a
large downloadable dictionary list that has been customized to the target.
This list will be added to a comprehensive standard dictionary with the
character conversions performed on that as well. The result would be a
large list of commonly used passwords, dictionary words, target specific
passwords, and various derivitives of each which should cover the vast
majority of passwords used today. The second prong of our approach will
be to capture the results of all data collected into a large database.
This data will be hashed with common hashing methods to create what will
become the world's largest rainbow tables. A user can provide us with a
hash and we can do a lookup against these tables to search for matching
entries. The goal here is to put a stop to unsalted password hashes for
authentication. If you are interesting in participating in the project,
please respond and let me know. Everyone is welcome and we will begin our
initial outline of the project in January 2011.
I am currently working on both the Austin OWASP Meeting topics and the
Austin Security Professionals Happy Hour dates for the 2011 year. If you
are interested in presenting at our chapter meetings held on the last
Tuesday of each month, please send me an abstract on what you would like
to speak on as well as your bio. We had some pretty awesome presentations
last year and I'm looking to bring in some more people to Austin this year
with our LASCON funds, but we definitely have room for presentations from
chapter members as well.
Every once in a while people send me job postings and whatnot. In order
to minimize traffic to this group, I try and save them and send them along
with my other correspondence. Here is one such opportunity which I have
more information on if you'd like it:
atsec is an international, independent, standards-based IT (information
consulting and evaluation services company that combines a
business-oriented approach to
information security with in-depth technical knowledge and global
We are looking for a security consultant whose primary role is to support
testing engagements. The ideal candidate has solid skills in both network
application testing, and would also be involved in atsec’s other security
evaluation projects as appropriate.
Please send your resume and cover letter to us-jobs at atsec.com.
Josh Sokol (CISSP, CCNA, GWAS)
Information Security Program Owner
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-austin