[Owasp-austin] LASCON 2011, OWASP Secure Password Project, Job Opportunities, and More

Josh Sokol josh.sokol at ni.com
Wed Dec 8 15:29:49 EST 2010


Austin OWASPers,

The 2010 Lonestar Application Security Conference (LASCON) held at the 
Norris Conference Center on Friday, October 29, 2010 was an astounding 
success.  Almost 200 security professionals from around the country came 
together to learn, share war stories, and have a good time.  Feedback from 
attendees, sponsors, and volunteers was overwhelmingly positive with 
almost everyone stating they would like to attend LASCON again next year. 
With things going as well as they did, we have decided to reserve the 
Norris Conference Center once again for Friday, October 28, 2011 for 
LASCON part deux.  If you are interested in sponsoring or volunteering for 
LASCON 2011, please let us know.  Mark your calendars today!

In 2011 the Austin OWASP chapter will be embarking on a group project 
titled the OWASP Secure Password Project.  This project will have a two 
pronged approach designed to put more nails in the single-factor method of 
authentication.  First, we will create an interactive portal where 
penetration testers are able to enter known information about the target. 
 This known information can then be broken down and converted to create a 
large downloadable dictionary list that has been customized to the target. 
 This list will be added to a comprehensive standard dictionary with the 
character conversions performed on that as well.  The result would be a 
large list of commonly used passwords, dictionary words, target specific 
passwords, and various derivitives of each which should cover the vast 
majority of passwords used today.  The second prong of our approach will 
be to capture the results of all data collected into a large database. 
 This data will be hashed with common hashing methods to create what will 
become the world's largest rainbow tables.  A user can provide us with a 
hash and we can do a lookup against these tables to search for matching 
entries.  The goal here is to put a stop to unsalted password hashes for 
authentication.  If you are interesting in participating in the project, 
please respond and let me know.  Everyone is welcome and we will begin our 
initial outline of the project in January 2011.

I am currently working on both the Austin OWASP Meeting topics and the 
Austin Security Professionals Happy Hour dates for the 2011 year.  If you 
are interested in presenting at our chapter meetings held on the last 
Tuesday of each month, please send me an abstract on what you would like 
to speak on as well as your bio.  We had some pretty awesome presentations 
last year and I'm looking to bring in some more people to Austin this year 
with our LASCON funds, but we definitely have room for presentations from 
chapter members as well.

Every once in a while people send me job postings and whatnot.  In order 
to minimize traffic to this group, I try and save them and send them along 
with my other correspondence.  Here is one such opportunity which I have 
more information on if you'd like it:

atsec is an international, independent, standards-based IT (information 
technology) security
consulting and evaluation services company that combines a 
business-oriented approach to
information security with in-depth technical knowledge and global 
experience.

We are looking for a security consultant whose primary role is to support 
our penetration
testing engagements. The ideal candidate has solid skills in both network 
and (web)
application testing, and would also be involved in atsec’s other security 
testing and
evaluation projects as appropriate.

Please send your resume and cover letter to us-jobs at atsec.com.

Sincerely,

Josh Sokol (CISSP, CCNA, GWAS)
Information Security Program Owner
National Instruments
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-austin/attachments/20101208/632ef8ee/attachment.html 


More information about the Owasp-austin mailing list