[Owasp-austin] Austin OWASP Announcements

David Hughes david.hughes at owasp.org
Mon Apr 23 19:23:26 UTC 2012


Austin OWASP'ers,

Please see below about upcoming chapter events!


      April OWASP Chapter Meeting (Tomorrow)

*When:* April 24th, from 11:30a-1:00pm

*Topic:*: Anatomy of Advanced Email Attacks (Aaron Estes, Cigital)

Abstract: Email attacks comprise an overwhelming majority of the daily
attacks on modern enterprise. The leading mitigation strategy is a
combination of user awareness training and email filtering. This talk
outlines a proposed solution that brings email risk and awareness
information down to the client level in order to better equip end users
in making secure decisions when using email.

Anti-spam capabilities have been incorporated into email client
applications for some time now. These are usually in the form of junk
boxes or email filters that attempt to identify spam or other unwanted
email. Most anti-spam clients use bayesian filtering to determine
whether an email is spam or not spam, typically using word combinations
and statistical analysis to make a determination. Many experts also
advise wary email users to examine the raw email headers in order to
attempt to find evidence of an email attack. While this is not bad
advise, it is however a highly technical process and one cannot expect
the majority of email users to be able to carry out and act upon this
advice. This is the problem that the proposed Advanced Email Risk
Classification and Recipient Decision Assistance solution attempts to
solve. The operating name for this solution is Phish Finder.

*Speaker:* Aaron Estes, Cigital

Aaron Estes came to Cigital from Lockheed Martin where he spend 10 years
in the software engineering and security engineering fields. He began
his information security career as a system security engineer on the
F-35 program. Aaron has spent the last 5 years as a security engineer
and penetration tester for Lockheed Martin Enterprise Business Services
specializing in application penetration testing and user
awareness/social engineering testing. Aaron is also a professor at
Southern Methodist University in Dallas where he teaches senior and
graduate level security courses. He has nearly completed his Doctor of
Engineering in Software Engineering at Southern Methodist University,
has a Masters in Software Engineering from Southern Methodist University
and has a Bachelors in Computer Science from University of Texas. Aaron
is a Certified Information System Security Professional.

*Cost:* Free, of course, but please RVSV!

*Food:* Oh yeah, Taco Deli time! Please RSVP so we'll be sure to have
enough for all!

*Location:* National Instruments, 11500 N. Mopac.

*Questions?* call: David Hughes (512) 589-4623

*RSVP:* http://www.eventbrite.com/event/3182987401

------------------------------------------------------------------------------------------


      May OWASP Chapter Meeting


*When:* May 29th, from 11:30a-1:00pm

*Topic:*: "Closing the window of opportunity"(Jim Manico and Siri De
Licori of WhiteHat Security)

*Abstract*:"Closing the window of opportunity" and will be discussing
the state of web application security based on recent statistics drawn
from WhiteHat's database of thousands of sites under service and the
characteristics of a program that can help organizations develop a
strong web security posture and reduce or eliminate the opportunities
attackers have to compromise their applications.

This will be a product agnostic presentation, of course, though we will
be using WhiteHat data (along with Jim's long experience) to present the
problems we see and how we can go about solving them.


*Speakers:*

*Jim Manico*

Jim Manico is the VP of Security Architecture for WhiteHat Security. Jim
is part of the WhiteHat Static Analysis Software Testing (SAST) team,
leading the data-driven, Web service portion of the SAST service. He
also provides secure coding and developer awareness training for
WhiteHat using his 7+ years of experience delivering developer-training
courses for SANS, Aspect Security and others.
 
Jim brings 15 years of database-driven Web software development and
analysis experience to WhiteHat. He has helped deliver Web-centric
software systems for Sun Microsystem, Fox Media (MySpace), several
Fortune 500's, and major NGO financial institutions. He holds expertise
in a variety of areas, includingWeb-based J2EE development, thick-client
and applet-based Java applications, hybrid Java, C++ and Flash
applications, Web-based PHP applications, rich-media Web applications
using advanced Ajax techniques, Python REST Webservice development, and
Database technology using Oracle, MySQL and Postgres.
 
A host of the OWASP Podcast Series, Jim is the committee chair of the
OWASP Connections Committee and is a significant contributor to various
OWASP projects.
 
Jim works on the beautiful island of Kauai, Hawaii where he lives with
his wife Tracey.


*Siri De Licori
*

Siri De Licori is a Product Manager for WhiteHat Security.  He led the
development of a pre production Dynamic Analysis Software Testing (DAST)
service line, and is working to bring out product enhancements which
take greater advantage of WhiteHat's historical scanning and
vulnerability data and integrates DAST and SAST results.  He has also
worked with Jeremiah to produce statistics for a number of his quarterly
reports and whitepapers.

Siri comes from a background of 10 years of development.  He worked with
a small software company working on an early rapid application
development tool that produced code from UML diagrams, a small nonprofit
on a tool to permit English and Chinese speakers to study the bible in
its original tongues without learning those ancient languages, and a
couple Fortune 500 companies helping them process, utilize, and analyze
their financial data.  Before being recruited into product management he
specialized in building database systems and data analytics.

Siri works at WhiteHat's home office in Santa Clara and lives in San
Francisco.



*Cost:* Free, of course, but please RVSV!

*Food:* Oh yeah, Taco Deli time! Please RSVP so we'll be sure to have
enough for all!

*Location:* National Instruments, 11500 N. Mopac.

*Questions?* call: David Hughes (512) 589-4623

*RSVP:* http://www.eventbrite.com/event/3418570035

------------------------------------------------------------------------------------------------------------------------------


      May OWASP Training Opportunity - Secure Coding BootCamp


*When:* May 29th, from 1:00pm - 5:00pm

*Topic:*: Secure Coding Bootcamp with Jim Manico

*Details: *This bootcamp provides essential web application security
training for web application software developers and architects. The
class is a combination of lecture and code review. Participants will not
only learn the most common threats against web applications, but more
importantly they will learn how to also fix the problems via
control-based defensive code samples and review. Topics such as
Authentication, Access Control, Crypto, Cross Site Request Forgery,
Cross Site Scripting, Injection Defense, Clickjacking Defense, Session
Management and other topics will be addressed from a defensive
point-of-view.

*Instructor:*

*Jim Manico*

Jim Manico is the VP of Security Architecture for WhiteHat Security. Jim
is part of the WhiteHat Static Analysis Software Testing (SAST) team,
leading the data-driven, Web service portion of the SAST service. He
also provides secure coding and developer awareness training for
WhiteHat using his 7+ years of experience delivering developer-training
courses for SANS, Aspect Security and others.
 
Jim brings 15 years of database-driven Web software development and
analysis experience to WhiteHat. He has helped deliver Web-centric
software systems for Sun Microsystem, Fox Media (MySpace), several
Fortune 500's, and major NGO financial institutions. He holds expertise
in a variety of areas, includingWeb-based J2EE development, thick-client
and applet-based Java applications, hybrid Java, C++ and Flash
applications, Web-based PHP applications, rich-media Web applications
using advanced Ajax techniques, Python REST Webservice development, and
Database technology using Oracle, MySQL and Postgres.
 
A host of the OWASP Podcast Series, Jim is the committee chair of the
OWASP Connections Committee and is a significant contributor to various
OWASP projects.
 
Jim works on the beautiful island of Kauai, Hawaii where he lives with
his wife Tracey.




*Cost:* Free, but seating is limited to about 20 with a 10 or so person
waiting list..

*Location:* National Instruments, 11500 N. Mopac.

*Questions?* call: David Hughes (512) 589-4623

*RSVP:* http://www.eventbrite.com/event/3418744557

----------------------------------------------------------------------------------

--------------------------------------------------------------------


      Get Connected with My.OWASP.org!

Have you checked out our OWASP Social Site "http://my.owasp.org" yet?
you should! It's a very cool way to get connected to OWASP members in
our chapter and in other chapters all over the world! Josh Sokol did a
very nice job in getting this set up, and the more people we have using
it the more useful and fun it will be.

--------------------------------------------------------------------


      Wednesday Study Group


Are you a hacker? geek? Wannabe? Come spend lunchtime with us on
Wednesdays at National Instruments as we study the deeper, finer geek
things! We are currently working our way through the book "The Web
Application Hackers Handbook".

*Where*: National Instruments, Building A. We have a room in Building A
of the National Instruments campus (the monthly OWASP meetings are in
Building C). The drive has directions to the buildings clearly marked.
Once in Building A take the
elevator to the 2nd floor, go down the hallway to your left past the
restrooms and turn left down the small hallway directly after the
restrooms. Conference room 217 will be the second door on the right. You
will have internet access and we'll have a projector for examples. Feel
free to call me at (512) 944-2210 <tel:%28512%29%20944-2210> for details
or directions.

*When*: Every Wednesday from Noon to 1:00PM.

For More information, Contact Ben Broussard (512) 944-2210  or David
Hughes.  (512) 589-4623


------------------------------------------------------------------------------



      Random Hacks of Kindness, June 1-3


From: Luveen Wadhwani <Luveen.Wadhwani at bazaarvoice.com>

Hey folks,

Random Hacks of Kindness Austin is coming up on June 1 - 3, and I'm
writing to request that you participate in and spread the word about
this awesome event!

For those of you that haven't heard of it, RHoK is a weekend hackathon
with a difference. First, it's a global event: twice a year, people at
over 30 RHoK venues across the world from Boston to Bangalore come
together to collaborate on projects. Second, RHoK hacks are for
humanity: the event aims to unleash technology's potential for solving
global problems like disaster management and natural resource
management. Over the space of a weekend, participants at past events
have created solutions used to direct relief efforts in the Chilean and
Haitian earthquakes; address critical water management issues; aid
effective interactions with people who have communication disorders; and
many, many more. RHoK hacks have a global scope, and global impact.

A RHoK event brings the best and brightest developers, designers, and
managers together with subject matter experts and local stakeholders who
are passionate about solving issues with technology. At RHoK, you can
connect with your peers in the Austin tech community, and stay well fed
and caffeinated while you hack up a storm. There is no fee to
participate! We only ask that you bring a laptop, and a passion to
change the world for the better.

This is a really big deal - non-profit organizations like your local
charity, fire department, or community emergency response team don't
typically have access to top-notch technical talent. Providing these
organizations with a platform to define their problems and solve them
using technology is key to increasing how effectively they function; and
ultimately, how successful they are in achieving their purpose to make
the world a better place for everyone.

This is where you come in. The RHoK team needs your help to make this
event a success! There are many ways in which you can help out:
   * Participate! We need developers, designers, and managers - the more
that come, the more problems we can solve.
   * Tell your friends, here at BV and outside! This event is powered by
people like YOU - if more people in Austin know about it, our hacks will
be that much more impactful.
   * Connect us with companies who can sponsor! Bazaarvoice is currently
the main sponsor of RHoK Austin, but our city has truckloads of tech
(and non-tech) companies that can support the event with in-kind
donations, food, a data set, an API or service, developer hours, venue
space, swag, and in a zillion other ways.
   * Connect us with subject matter experts and local stakeholders from
the community! We've had people like the Executive Director of
Breakthrough Austin, a dev manager from HomeAway, and data scientists
from NASA present problem definitions at RHoK Austin last December. If
you support an organization or cause that has a technology need, they
should be represented here.
   * Connect us with notable people who can speak at the event, or act
as judges for the hacks! This will help raise the visibility of the event.
   * Volunteer to help out at the event! We need assistance for
everything from finding a live band to doing grocery runs when supplies
run out. If you're a sucker for logistics, you've come to the right place!
For more information and details about the June event, please visit our
website (http://www.rhok.org/event/austin-tx-usa-0). To spread the word,
direct your friends and contacts to this blog post
(http://www.rhok.org/blog/austin-building-technology-humanity-and-youre-invited).


I look forward partnering with all of you - please get in touch with me
at any time to discuss any questions you may have. I can't wait to hear
back from you on how you can help RHoK Austin be the best RHoK ever!

Thanks and Regards,
Luveen Rupchand Wadhwani
Software Developer / RHoK Lead
Bazaarvoice, Inc.

------------------------------------------------------------------------------


      *AppSecUSA 2012- LASCON Edition!*

LASCON has been the *HOTTEST *InfoSec Event in Austin for the past two
years. This year, it gets hotter as we host AppSecUSA October 25-26 at
the Hyatt Regency. Training sessions will take place on October 23-24.

Here's just a sample of some of the speakers who will be presenting this
year at AppSecUSA:

  * *Michael Howard*
  * *Gene Kim*
  * *Douglas Crockford*
  * *David Kennedy*
  * *Chris Nickerson*
  * *Josh Corman*
  * *Jeremiah Grossman*
  * *Lots of others!
    *


Watch soon for registration, and calls for training and papers! There
will also be lots of sponsorship opportunities! Want to get involved and
volunteer? We're gonna need your help! Contact Josh Sokol, James
Wickett, Paul Griffiths, or myself. 

-----------------------------------------------------------------------------------


      *Job Postings*

*
Rapid 7 Seeking Web Application Architect*


Rapid7 is a network security software in Austin, TX.  I am actively
recruiting for a Web Application Architect to architect, design and
develop the web application architecture layer for our award-winning
enterprise product Nexpose and Metasploit.

*If you are a Principal Software Engineer that is currently doing
architecture and design and want to make the step to the next level,
call or email me!*

I DO NOT work for a 3rd party agency.


Have a wonderful day,

Candace Lee
Talent Scout


1600 West 38th Street
Austin, TX 78731

Direct:
310.760.4615

Main:
310.760.4640

E-mail:
candace_lee at rapid7.com
www.rapid7.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-austin/attachments/20120423/988fce6b/attachment-0001.html>


More information about the Owasp-austin mailing list