[Owasp-austin] OWASP Austin Event Roundup!

David Hughes david.hughes at owasp.org
Mon Aug 26 12:32:14 UTC 2013

Austin OWASPers,

Below are some chapter announcements. In addition, don't forget to
register for LASCON 2013 as soon as possible! Ticket prices will go up
after we sell out all of our early bird tickets.

We should have the schedule up soon, so keep an eye on the LASCON
website at http://www.lascon.org. 

Also, check out the announcement at the end of the email regarding
another early LASCON training event opportunity coming up in September!


David Hughes


    August OWASP Austin Chapter Meeting

*When:* Tuesday, August 27th, from 11:30am-1:00pm

*Where:* National Instruments, 11500 N. Mopac.Building C

*Title:* Static Code Analysis: Is it safe to go back in the water?

*Abstract:* With a reputation for high cost, difficult deployment, and
high skillset requirements, static analysis has been put on the back
burner in many app sec programs in favor of activities like pen testing
with lower barriers to entry. As tools and techniques mature, people are
moving beyond pen testing and re-investigating static analysis to bring
more precise and earlier-in-the-dev-cycle improvements to code security
quality. Join two leading industry experts in a discussion of current
security code review practices, real-world case studies, what works and
what doesn't, plus technical and business drivers you need to know to
get a code review capability off the ground in your organization.

*Speaker #1: Art Dahnert* is a distinguished software security engineer
with over 17 years experience delivering world-class software products
that have shipped on schedule and continue to meet the needs of millions
of customers world-wide. He has worked on multiple teams within a large
multinational corporation, as well as at small companies with only one
development team. From very early in his career he worked on security
products, and ever since has maintained parallel focus on security
within the development process. He has performed numerous application
security assessments as a consultant, focused on diverse technologies,
and is experienced in over 17 different programming languages. He is
currently Security Product Manager at Klocwork, and previously has
worked at Trustwave Spider Labs, Symantec, Overwatch, Schlumberger, and BMC.

*Speaker #2: Joel Scambray, CISSP*, is a Managing Principal at Cigital,
a leading software security consulting firm established in 1992. He has
assisted companies ranging from newly minted startups to members of the
Fortune 500 address information security challenges and opportunities
for nearly twenty years, in diverse roles including consultant, author
and speaker, corporate leader, and entrepreneur. He is widely recognized
as co-author of the best-selling Hacking Exposed book series (including
the just-released Mobile edition), and has worked/consulted for
companies including Microsoft, Foundstone, Amazon, Costco, and Ernst &

*Cost:* Free!

*Lunch:* Provided by LASCON! *Please RSVP so we can order enough food.*

*RSVP:* http://owaspaustinaug.eventbrite.com/?s=16906987

*Remote Webinar Link:* https://www3.gotomeeting.com/register/793192366

    Austin Security Professionals Happy Hour, Sponsored by Sourcefire

*When:* Thursday, September 12th, 5pm-7pm

*Where:* Sherlocks Baker Street Pub and Grill, 183 & Burnet (we meet in
the large room to the right as you walk in, normally on the far side of
the room.)

*What:* The Austin Security Professionals Happy Hour is a monthly event
coordinated by the Austin OWASP and Capital of Texas ISSA Chapters and
sponsored by various companies. We try to meet every second Thursday of
the month from January to September (but occasionally we make schedule
adjustments when needed). The event is an informal social gathering of
local information security professionals. If you're involved with
InfoSec or even if you have an interest, come on out for drinks, good
food and conversation.

*Sponsor: Sourcefire* is a global leader in intelligent cybersecurity
solutions. Their next gen security platform is transforming the way
global organizations and government agencies manage and minimize
security risks to their dynamic networks, endpoints, mobile devices and
virtual environments. With a portfolio that include NGFW, NGIPS, and
advanced malware protection, Sourcefire's threat-centric approach
provides customers with an agile, adaptive engine that delivers
protection before, during and after an attack. Trusted for more than 10
years, Sourcefire has earned a reputation for innovation, consistent
security effectiveness and world-class research all focused on
detecting, understanding and stopping threats. Cisco (NASDAQ: CSCO)
recently announced plans to acquire Sourcefire (NASDAQ: FIRE) for $2.7B.
For more information about Sourcefire, please visit [1]



    Early LASCON Training Event!

**Title: *Hands on Web and REST Testing: Assessing Apps the OWASP way

*Trainer*: Matt Tesauro
*Dates: *Sept 16th and 17th, 9:00am to 5:00pm
*Cost:* $195/person
*Location:* Norris Conference Center, Austin, TX
The goal of the training session is to teach students how to identify,
test, and exploit web application and REST vulnerabilities. The creator
and project lead of the OWASP WTE (formerly the OWASP Live CD), will be
the instructor for this course and WTE will be a major component of the
class. Through lecture, demonstrations, and hands on labs, the session
will cover the critical areas of web application security testing using
the OWASP Testing Guide v3 as the framework and a custom version of
OWASP WTE as the platform. Students will be introduced to a number of
open source web security testing tools and provided with hands on labs
to sharpen their skills and reinforce what they've learned. Students
will also receive a complementary USB drive containing the custom WTE
training lab, a copy of the OWASP Testing Guide, handouts and
cheat-sheets to use while testing plus several additional OWASP
references. Demonstrations and labs will cover both common and esoteric
web vulnerabilities and includes topics such as Cross-Site Scripting
(XSS), SQL injection, CSRF and REST API testing. Students are encouraged
to continue to use and share the custom WTE lab after the class to
further hone their testing skills.

*Register: *http://www.cvent.com/d/l4qn2m/4W?dcsext.w_wc=FSNFR2KFR9J

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-austin/attachments/20130826/e54fb792/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/png
Size: 2493 bytes
Desc: not available
URL: <http://lists.owasp.org/pipermail/owasp-austin/attachments/20130826/e54fb792/attachment-0001.png>

More information about the Owasp-austin mailing list