[Owasp-austin] Happy Hour this week! (plus other announcements)

David Hughes david.hughes at owasp.org
Tue May 8 12:31:13 UTC 2012


Austin OWASP'ers,

Please see below about upcoming chapter events!

--------------------------------------------------------------------------------------------------------------


      May Austin Security Professionals Happy Hour (Sponsored by Rapid 7)

*Please RSVP so have an idea how many to expect!

*

*When* : Thursday, May 10th from 5-7 PM.


*Where*: Sherlocks Baker Street Pub and Grill at the corner of 183 and
Burnet.

*What is it?*: The Austin Security Professionals happy hour is a monthly
gathering of information security professionals from the Austin area,
heavily represented by OWASP and ISSA membership. It is a time to enjoy
some drinks and food provided by our sponsor, an to get to know other
InfoSec professionals. Come on down and hang out with a bunch of hackers
and geeks!


*Our Sponsor: Rapid 7*

Rapid7 is a leading provider of vulnerability management and penetration
testing solutions. The Company's Nexpose and Metasploit products empower
organizations to obtain accurate, actionable and contextual intelligence
into their threat and risk posture. Rapid7's solutions are being used by
more than 2,000 enterprises and government agencies in more than 65
countries worldwide, while the Company's free products are downloaded
more than one million times per year and enhanced further by over
125,000 security community users and contributors. Rapid7 has been
recognized as one of the fastest growing security companies by Inc.
Magazine, while their products have been awarded best in category
ratings by Gartner, Forrester and SC Magazine. For more information
about Rapid7, please visit http://www.rapid7.com.

*RSVP* : http://www.eventbrite.com/event/3471578585


Rapid7



------------------------------------------------------------------------------------------


      May OWASP Chapter Meeting


*When:* May 29th, from 11:30a-1:00pm

*Topic:*: "Closing the window of opportunity"(Jim Manico and Siri De
Licori of WhiteHat Security)

*Abstract*:"Closing the window of opportunity" and will be discussing
the state of web application security based on recent statistics drawn
from WhiteHat's database of thousands of sites under service and the
characteristics of a program that can help organizations develop a
strong web security posture and reduce or eliminate the opportunities
attackers have to compromise their applications.

This will be a product agnostic presentation, of course, though we will
be using WhiteHat data (along with Jim's long experience) to present the
problems we see and how we can go about solving them.


*Speakers:*

*Jim Manico*

Jim Manico is the VP of Security Architecture for WhiteHat Security. Jim
is part of the WhiteHat Static Analysis Software Testing (SAST) team,
leading the data-driven, Web service portion of the SAST service. He
also provides secure coding and developer awareness training for
WhiteHat using his 7+ years of experience delivering developer-training
courses for SANS, Aspect Security and others.
 
Jim brings 15 years of database-driven Web software development and
analysis experience to WhiteHat. He has helped deliver Web-centric
software systems for Sun Microsystem, Fox Media (MySpace), several
Fortune 500's, and major NGO financial institutions. He holds expertise
in a variety of areas, includingWeb-based J2EE development, thick-client
and applet-based Java applications, hybrid Java, C++ and Flash
applications, Web-based PHP applications, rich-media Web applications
using advanced Ajax techniques, Python REST Webservice development, and
Database technology using Oracle, MySQL and Postgres.
 
A host of the OWASP Podcast Series, Jim is the committee chair of the
OWASP Connections Committee and is a significant contributor to various
OWASP projects.
 
Jim works on the beautiful island of Kauai, Hawaii where he lives with
his wife Tracey.


*Siri De Licori
*

Siri De Licori is a Product Manager for WhiteHat Security.  He led the
development of a pre production Dynamic Analysis Software Testing (DAST)
service line, and is working to bring out product enhancements which
take greater advantage of WhiteHat's historical scanning and
vulnerability data and integrates DAST and SAST results.  He has also
worked with Jeremiah to produce statistics for a number of his quarterly
reports and whitepapers.

Siri comes from a background of 10 years of development.  He worked with
a small software company working on an early rapid application
development tool that produced code from UML diagrams, a small nonprofit
on a tool to permit English and Chinese speakers to study the bible in
its original tongues without learning those ancient languages, and a
couple Fortune 500 companies helping them process, utilize, and analyze
their financial data.  Before being recruited into product management he
specialized in building database systems and data analytics.

Siri works at WhiteHat's home office in Santa Clara and lives in San
Francisco.



*Cost:* Free, of course, but please RVSV!

*Food:* Oh yeah, Taco Deli time! Please RSVP so we'll be sure to have
enough for all!

*Location:* National Instruments, 11500 N. Mopac.

*Questions?* call: David Hughes (512) 589-4623

*RSVP:* http://www.eventbrite.com/event/3418570035

------------------------------------------------------------------------------------------------------------------------------


      May OWASP Training Opportunity - Secure Coding BootCamp(Sold Out!)

(If you still wish to attend, let us know in case slots open up)

*When:* May 29th, from 1:00pm - 5:00pm

*Topic:*: Secure Coding Bootcamp with Jim Manico

*Details: *This bootcamp provides essential web application security
training for web application software developers and architects. The
class is a combination of lecture and code review. Participants will not
only learn the most common threats against web applications, but more
importantly they will learn how to also fix the problems via
control-based defensive code samples and review. Topics such as
Authentication, Access Control, Crypto, Cross Site Request Forgery,
Cross Site Scripting, Injection Defense, Clickjacking Defense, Session
Management and other topics will be addressed from a defensive
point-of-view.

*Instructor:*

*Jim Manico*

Jim Manico is the VP of Security Architecture for WhiteHat Security. Jim
is part of the WhiteHat Static Analysis Software Testing (SAST) team,
leading the data-driven, Web service portion of the SAST service. He
also provides secure coding and developer awareness training for
WhiteHat using his 7+ years of experience delivering developer-training
courses for SANS, Aspect Security and others.
 
Jim brings 15 years of database-driven Web software development and
analysis experience to WhiteHat. He has helped deliver Web-centric
software systems for Sun Microsystem, Fox Media (MySpace), several
Fortune 500's, and major NGO financial institutions. He holds expertise
in a variety of areas, includingWeb-based J2EE development, thick-client
and applet-based Java applications, hybrid Java, C++ and Flash
applications, Web-based PHP applications, rich-media Web applications
using advanced Ajax techniques, Python REST Webservice development, and
Database technology using Oracle, MySQL and Postgres.
 
A host of the OWASP Podcast Series, Jim is the committee chair of the
OWASP Connections Committee and is a significant contributor to various
OWASP projects.
 
Jim works on the beautiful island of Kauai, Hawaii where he lives with
his wife Tracey.




*Cost:* Free, but seating is limited to about 20 with a 10 or so person
waiting list..

*Location:* National Instruments, 11500 N. Mopac.

*Questions?* call: David Hughes (512) 589-4623

*RSVP:* http://www.eventbrite.com/event/3418744557

----------------------------------------------------------------------------------

--------------------------------------------------------------------


      Get Connected with My.OWASP.org!

Have you checked out our OWASP Social Site "http://my.owasp.org" yet?
you should! It's a very cool way to get connected to OWASP members in
our chapter and in other chapters all over the world! Josh Sokol did a
very nice job in getting this set up, and the more people we have using
it the more useful and fun it will be.

--------------------------------------------------------------------


      Wednesday Study Group


Are you a hacker? geek? Wannabe? Come spend lunchtime with us on
Wednesdays at National Instruments as we study the deeper, finer geek
things! We are currently working our way through the book "The Web
Application Hackers Handbook".

*Where*: National Instruments, Building A. We have a room in Building A
of the National Instruments campus (the monthly OWASP meetings are in
Building C). The drive has directions to the buildings clearly marked.
Once in Building A take the
elevator to the 2nd floor, go down the hallway to your left past the
restrooms and turn left down the small hallway directly after the
restrooms. Conference room 217 will be the second door on the right. You
will have internet access and we'll have a projector for examples. Feel
free to call me at (512) 944-2210 <tel:%28512%29%20944-2210> for details
or directions.

*When*: Every Wednesday from Noon to 1:00PM.

For More information, Contact Ben Broussard (512) 944-2210  or David
Hughes.  (512) 589-4623


------------------------------------------------------------------------------



      Random Hacks of Kindness, June 1-3


From: Luveen Wadhwani <Luveen.Wadhwani at bazaarvoice.com>

Hey folks,

Random Hacks of Kindness Austin is coming up on June 1 - 3, and I'm
writing to request that you participate in and spread the word about
this awesome event!

For those of you that haven't heard of it, RHoK is a weekend hackathon
with a difference. First, it's a global event: twice a year, people at
over 30 RHoK venues across the world from Boston to Bangalore come
together to collaborate on projects. Second, RHoK hacks are for
humanity: the event aims to unleash technology's potential for solving
global problems like disaster management and natural resource
management. Over the space of a weekend, participants at past events
have created solutions used to direct relief efforts in the Chilean and
Haitian earthquakes; address critical water management issues; aid
effective interactions with people who have communication disorders; and
many, many more. RHoK hacks have a global scope, and global impact.

A RHoK event brings the best and brightest developers, designers, and
managers together with subject matter experts and local stakeholders who
are passionate about solving issues with technology. At RHoK, you can
connect with your peers in the Austin tech community, and stay well fed
and caffeinated while you hack up a storm. There is no fee to
participate! We only ask that you bring a laptop, and a passion to
change the world for the better.

This is a really big deal - non-profit organizations like your local
charity, fire department, or community emergency response team don't
typically have access to top-notch technical talent. Providing these
organizations with a platform to define their problems and solve them
using technology is key to increasing how effectively they function; and
ultimately, how successful they are in achieving their purpose to make
the world a better place for everyone.

This is where you come in. The RHoK team needs your help to make this
event a success! There are many ways in which you can help out:
   * Participate! We need developers, designers, and managers - the more
that come, the more problems we can solve.
   * Tell your friends, here at BV and outside! This event is powered by
people like YOU - if more people in Austin know about it, our hacks will
be that much more impactful.
   * Connect us with companies who can sponsor! Bazaarvoice is currently
the main sponsor of RHoK Austin, but our city has truckloads of tech
(and non-tech) companies that can support the event with in-kind
donations, food, a data set, an API or service, developer hours, venue
space, swag, and in a zillion other ways.
   * Connect us with subject matter experts and local stakeholders from
the community! We've had people like the Executive Director of
Breakthrough Austin, a dev manager from HomeAway, and data scientists
from NASA present problem definitions at RHoK Austin last December. If
you support an organization or cause that has a technology need, they
should be represented here.
   * Connect us with notable people who can speak at the event, or act
as judges for the hacks! This will help raise the visibility of the event.
   * Volunteer to help out at the event! We need assistance for
everything from finding a live band to doing grocery runs when supplies
run out. If you're a sucker for logistics, you've come to the right place!
For more information and details about the June event, please visit our
website (http://www.rhok.org/event/austin-tx-usa-0). To spread the word,
direct your friends and contacts to this blog post
(http://www.rhok.org/blog/austin-building-technology-humanity-and-youre-invited).


I look forward partnering with all of you - please get in touch with me
at any time to discuss any questions you may have. I can't wait to hear
back from you on how you can help RHoK Austin be the best RHoK ever!

Thanks and Regards,
Luveen Rupchand Wadhwani
Software Developer / RHoK Lead
Bazaarvoice, Inc.

------------------------------------------------------------------------------


      *AppSecUSA 2012- LASCON Edition!*

LASCON has been the *HOTTEST *InfoSec Event in Austin for the past two
years. This year, it gets hotter as we host AppSecUSA October 25-26 at
the Hyatt Regency. Training sessions will take place on October 23-24.

Here's just a sample of some of the speakers who will be presenting this
year at AppSecUSA:

  * *Michael Howard*
  * *Gene Kim*
  * *Douglas Crockford*
  * *David Kennedy*
  * *Chris Nickerson*
  * *Josh Corman*
  * *Jeremiah Grossman*
  * *Lots of others!
    *


Watch soon for registration, and calls for training and papers! There
will also be lots of sponsorship opportunities! Want to get involved and
volunteer? We're gonna need your help! Contact Josh Sokol, James
Wickett, Paul Griffiths, or myself. 

-----------------------------------------------------------------------------------


      *Job Postings*

*
Rapid 7 Seeking Web Application Architect*


Rapid7 is a network security software in Austin, TX.  I am actively
recruiting for a Web Application Architect to architect, design and
develop the web application architecture layer for our award-winning
enterprise product Nexpose and Metasploit.

*If you are a Principal Software Engineer that is currently doing
architecture and design and want to make the step to the next level,
call or email me!*

I DO NOT work for a 3rd party agency.


Have a wonderful day,

Candace Lee
Talent Scout


1600 West 38th Street
Austin, TX 78731

Direct:
310.760.4615

Main:
310.760.4640

E-mail:
candace_lee at rapid7.com
www.rapid7.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-austin/attachments/20120508/011c614b/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 85319 bytes
Desc: not available
URL: <http://lists.owasp.org/pipermail/owasp-austin/attachments/20120508/011c614b/attachment-0001.jpe>


More information about the Owasp-austin mailing list