[Owasp-austin] OWASP Austin April Announcements

David Hughes david.hughes at owasp.org
Tue Apr 10 19:35:25 UTC 2012


Austin OWASPers,

Sorry for the delay on this. See below about information about the April
Chapter Meeting, Happy Hour, the Wednesday Study Group, Hackformers,
ISSA, Random Hacks of Kindness, and AppSecUSA!

David H.



      April OWASP Chapter Meeting

*When:* April 24th, from 11:30a-1:00pm

*Topic:*: Anatomy of Advanced Email Attacks (Aaron Estes, Cigital)

Abstract: Email attacks comprise an overwhelming majority of the daily
attacks on modern enterprise. The leading mitigation strategy is a
combination of user awareness training and email filtering. This talk
outlines a proposed solution that brings email risk and awareness
information down to the client level in order to better equip end users
in making secure decisions when using email.

Anti-spam capabilities have been incorporated into email client
applications for some time now. These are usually in the form of junk
boxes or email filters that attempt to identify spam or other unwanted
email. Most anti-spam clients use bayesian filtering to determine
whether an email is spam or not spam, typically using word combinations
and statistical analysis to make a determination. Many experts also
advise wary email users to examine the raw email headers in order to
attempt to find evidence of an email attack. While this is not bad
advise, it is however a highly technical process and one cannot expect
the majority of email users to be able to carry out and act upon this
advice. This is the problem that the proposed Advanced Email Risk
Classification and Recipient Decision Assistance solution attempts to
solve. The operating name for this solution is Phish Finder.

*Speaker:* Aaron Estes, Cigital

Aaron Estes came to Cigital from Lockheed Martin where he spend 10 years
in the software engineering and security engineering fields. He began
his information security career as a system security engineer on the
F-35 program. Aaron has spent the last 5 years as a security engineer
and penetration tester for Lockheed Martin Enterprise Business Services
specializing in application penetration testing and user
awareness/social engineering testing. Aaron is also a professor at
Southern Methodist University in Dallas where he teaches senior and
graduate level security courses. He has nearly completed his Doctor of
Engineering in Software Engineering at Southern Methodist University,
has a Masters in Software Engineering from Southern Methodist University
and has a Bachelors in Computer Science from University of Texas. Aaron
is a Certified Information System Security Professional.

*Cost:* Free, of course, but please RVSV!

*Food:* Oh yeah, Taco Deli time! Please RSVP so we'll be sure to have
enough for all!

*Location:* National Instruments, 11500 N. Mopac.

*Questions?* call: David Hughes (512) 589-4623

*RSVP:* http://www.eventbrite.com/event/3182987401


-----------------------------------------------------------------------



      Austin Security Professionals Happy Hour, April 19th, Sponsored by
      Robert Half International.

*What:* Great conversation, and the beer and food are covered! This is a
popular montly event with lots of folks from OWASP, ISSA, and others!
This is a wonderful networking opportunity!

*When:* April 19th, from 5pm-7pm

*Where*: Sherlock's (9012 Research Blvd, Austin, TX 78757)

*How?* Our Sponsor: Founded in 1948, Robert Half International (RHI) is
the world's first and largest specialized staffing firm. RHI is a
recognized leader in professional staffing and consulting services, and
is the parent company of Protiviti, a global consulting and internal
audit firm composed of experts in risk and advisory services.

Cost: None to you!


*RSVP:*http://www.eventbrite.com/event/3147495243


-----------------------------------------------------------------------------------

 


      HackFormers April Meeting

*//Speaker://* Michael Howard -- Principal Cybersecurity Program Manager
at Microsoft and Author of Writing Secure Code.
/*/*Topic: */*/Banned APIs and the Sin Within//
///*Date:*/ April 13th, 2012
/*Venue: */Microsoft Technology Center at Quarry Oaks 2.
*Address:* 10900 Stonelake Blvd. Suite 225. Austin, TX 78759
<http://maps.google.com/maps?client=&rls=en&q=10900+Stonelake+Blvd+Suite+225++Austin,+TX+78759>Registration
Link: http://hackformers-apr2012.eventbrite.com
<http://hackformers-apr2012.eventbrite.com/>

*//Speaker Bio:
//*eWeek's Top 15 most influential information people in information
security reports "/No list of this sort is complete without the
inclusion of Michael Howard, co-author of Microsoft's SDL (Security
Development Lifecycle), the mandatory software coding approach that
builds security into every conceivable layer. Howard's work helped make
Windows Vista Microsoft's most-secure operating system ever and helped
harden Internet-facing products against hacker attacks. His influence is
so significant that companies outside of Microsoft are implementing
their own versions of SDL./"

Michael Howard is the principal cybersecurity program manager at
Microsoft. He is the  author of several computer security books, the
most famous of which is the award winning /Writing Secure Code/. Michael
is frequent speaker at security related conferences, and he frequently
publishes articles on secure software development.

RSVP: http://www.eventbrite.com/event/3165763885

--------------------------------------------------------------------------------


      Wednesday Study Group


Are you a hacker? geek? Wannabe? Come spend lunchtime with us on
Wednesdays at National Instruments as we study the deeper, finer geek
things! We are currently working our way through the book "The Web
Application Hackers Handbook".

*Where*: National Instruments, Building A. We have a room in Building A
of the National Instruments campus (the monthly OWASP meetings are in
Building C). The drive has directions to the buildings clearly marked.
Once in Building A take the
elevator to the 2nd floor, go down the hallway to your left past the
restrooms and turn left down the small hallway directly after the
restrooms. Conference room 217 will be the second door on the right. You
will have internet access and we'll have a projector for examples. Feel
free to call me at (512) 944-2210 <tel:%28512%29%20944-2210> for details
or directions.

*When*: Every Wednesday from Noon to 1:00PM.

For More information, Contact Ben Broussard (512) 944-2210  or David
Hughes.  (512) 589-4623


------------------------------------------------------------------------------


      Austin ISSA April Chapter Meeting


Austin ISSA is honored to announce Angel Cruz
<http://www.austinissa.org/speakers/angel-cruz.html> (Texas Department
of Information Resources) will present at our April Chapter Meeting on
the topic of building an enterprise security program for the state of
Texas. Join us to hear about what Angel is working on as our state CISO.

Seehttp://www.austinissa.org <http://www.austinissa.org>for more details

------------------------------------------------------------------------------


      Random Hacks of Kindness, June 1-3


From: Luveen Wadhwani <Luveen.Wadhwani at bazaarvoice.com>

Hey folks,

Random Hacks of Kindness Austin is coming up on June 1 - 3, and I'm
writing to request that you participate in and spread the word about
this awesome event!

For those of you that haven't heard of it, RHoK is a weekend hackathon
with a difference. First, it's a global event: twice a year, people at
over 30 RHoK venues across the world from Boston to Bangalore come
together to collaborate on projects. Second, RHoK hacks are for
humanity: the event aims to unleash technology's potential for solving
global problems like disaster management and natural resource
management. Over the space of a weekend, participants at past events
have created solutions used to direct relief efforts in the Chilean and
Haitian earthquakes; address critical water management issues; aid
effective interactions with people who have communication disorders; and
many, many more. RHoK hacks have a global scope, and global impact.

A RHoK event brings the best and brightest developers, designers, and
managers together with subject matter experts and local stakeholders who
are passionate about solving issues with technology. At RHoK, you can
connect with your peers in the Austin tech community, and stay well fed
and caffeinated while you hack up a storm. There is no fee to
participate! We only ask that you bring a laptop, and a passion to
change the world for the better.

This is a really big deal - non-profit organizations like your local
charity, fire department, or community emergency response team don't
typically have access to top-notch technical talent. Providing these
organizations with a platform to define their problems and solve them
using technology is key to increasing how effectively they function; and
ultimately, how successful they are in achieving their purpose to make
the world a better place for everyone.

This is where you come in. The RHoK team needs your help to make this
event a success! There are many ways in which you can help out:
   * Participate! We need developers, designers, and managers - the more
that come, the more problems we can solve.
   * Tell your friends, here at BV and outside! This event is powered by
people like YOU - if more people in Austin know about it, our hacks will
be that much more impactful.
   * Connect us with companies who can sponsor! Bazaarvoice is currently
the main sponsor of RHoK Austin, but our city has truckloads of tech
(and non-tech) companies that can support the event with in-kind
donations, food, a data set, an API or service, developer hours, venue
space, swag, and in a zillion other ways.
   * Connect us with subject matter experts and local stakeholders from
the community! We've had people like the Executive Director of
Breakthrough Austin, a dev manager from HomeAway, and data scientists
from NASA present problem definitions at RHoK Austin last December. If
you support an organization or cause that has a technology need, they
should be represented here.
   * Connect us with notable people who can speak at the event, or act
as judges for the hacks! This will help raise the visibility of the event.
   * Volunteer to help out at the event! We need assistance for
everything from finding a live band to doing grocery runs when supplies
run out. If you're a sucker for logistics, you've come to the right place!
For more information and details about the June event, please visit our
website (http://www.rhok.org/event/austin-tx-usa-0). To spread the word,
direct your friends and contacts to this blog post
(http://www.rhok.org/blog/austin-building-technology-humanity-and-youre-invited).


I look forward partnering with all of you - please get in touch with me
at any time to discuss any questions you may have. I can't wait to hear
back from you on how you can help RHoK Austin be the best RHoK ever!

Thanks and Regards,
Luveen Rupchand Wadhwani
Software Developer / RHoK Lead
Bazaarvoice, Inc.

------------------------------------------------------------------------------


      *AppSecUSA 2012- LASCON Edition!*

LASCON has been the *HOTTEST *InfoSec Event in Austin for the past two
years. This year, it gets hotter as we host AppSecUSA October 25-26 at
the Hyatt Regency. Training sessions will take place on October 23-24.

Here's just a sample of some of the speakers who will be presenting this
year at AppSecUSA:

  * *Michael Howard*
  * *Gene Kim*
  * *Douglas Crockford*
  * *David Kennedy*
  * *Chris Nickerson*
  * *Josh Corman*
  * *Jeremiah Grossman*
  * *Lots of others!
    *


Watch soon for registration, and calls for training and papers! There
will also be lots of sponsorship opportunities! Want to get involved and
volunteer? We're gonna need your help! Contact Josh Sokol, James
Wickett, Paul Griffiths, or myself. 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-austin/attachments/20120410/ea0cc2fc/attachment-0001.html>


More information about the Owasp-austin mailing list