[Owasp-austin] OWASP Austin: September+ Chapter Events

Kyle Smith kyle.smith at owasp.org
Wed Sep 3 02:38:22 UTC 2014


Howdy OWASPers!

Time flies and school is already back in session.  Come and get more
amazing knowledge at our OWASP events!

--
Next Week!

Austin Security Professionals Happy Hour Sponsored by Set Solutions, Inc on
September 11th!

When: September 11th, 5-7PM
Where:   Sherlocks Street Pub and Grill 9012 Research Blvd

Sponsor:  Set Solutions, Inc.

RSVP: https://aus-sec-happy-hour-2014-09.eventbrite.com

--
OWASP Monthly Meeting on September 30th

When: 11:30AM to 1PM CST -- food socializing first, meeting starts around
11:45
Location: National Instruments, 11500 N. Mopac Building C

Title: Account Entrapment

Abstract: This talk covers two ways to force a victim into an attacker's
account (Account Entrapment): Login Cross-Site Request Forgery and
Cookie-based or Session Entrapment. This is a commonly overlooked
vulnerability despite high-profile exploits including Youtube.com. Because
it is often disregarded, this talk begins with an in-depth look at attack
scenarios and what an attacker can actually gain. It then describes how the
two attacks work and how to defend against them. Finally, though these
attacks are prevalent across the internet, it will show why state agencies
(with domains ending in .state.**.us) and large organizations with many
subdomains face special problems when building defenses against these
attacks.

Speaker: Ben Broussard

About: Ben Broussard has been involved in the Austin Appsec scene since
2008, helping to plan the first LASCON and running the OWASP study group
for a time. After doing subcontracting work for a number of security shops
and gaining a breadth of experience on both the threatscape and the
security organizations that attempt to address it, he took a position with
San Antonio based Denim Group (now with an Austin office). When not
researching appsec, Ben is a hobbyist in Human Physiology, Acrobatics,
Human Evolution, Brazilian Jiu Jitsu, and toddler wrangling. He also runs
Hot Lava Obstacle Course located on Burnet road.

Food: Its a surprise! Please RSVP so we'll be sure to have enough for all!
Only those who RSVP will be eligible for any drawings/giveaways that may
take place!

Location: National Instruments, 11500 N. Mopac.Building C

RSVP: https://owasp-austin-2014-september.eventbrite.com

Or if you can not attend we should be broadcasting the meeting GoToMeeting
-- https://www3.gotomeeting.com/register/617936438

--
OWASP Study Group

It is never too late to come to the study group.  Even if you missed a
meeting or two or just want to start, the study group is a great place to
learn security related materials like the latest book -- The Practice of
Network Security Monitoring: Understanding Incident Detection and Response
by Richard Bejtlich

Weekly meetings are every Thursday from 12:00 - 1:00 PM at National
Instruments, Building A, Room 217.
See the MyOWASP Ning site for more information --
 http://myowasp.ning.com/groups/austinowaspstudygroup
<http://myowasp.ning.com/groups/austinowaspstudygroup>

--
LASCON.  LASCON!   LASCON!!!!!

Registration is open for the conference on October 23rd and 24th!  Early
bird rate ended on July 31st, but this conference is one of the best in the
area.  Register today at   http://lascon.org/register/

Speaker schedule and training schedule should be coming any day now!  Stay
tuned!

---
Do you want to volunteer your time or expertise for OWASP?  We are always
on the lookout for volunteers for local events.

Josh Sokol is leading the effort for the UT Cyber Security Awareness
conference on October 21st.  Please contact him directly at
josh.sokol at owasp.org if you want to volunteer.

David Hughes is currently leading the effort for all things LASCON.  Please
contact him directly at david.hughes at owasp.org if you want to volunteer for
the conference or help in the lead-up to it.

-----
As always, more chapter information can be found at:
https://austin.owasp.org
and study group information at:
http://myowasp.ning.com/groups/austinowaspstudygroup
If you missed any of the monthly presentations, you can find them online in
our Vimeo channel: *https://vimeo.com/channels/owaspaustin
<https://vimeo.com/channels/owaspaustin>*

If there are any questions about the chapter, its activities, or general
ideas please email off list.

Till next time!
kyle
kyle.smith at owasp.org
OWASP Austin, chapter leader
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-austin/attachments/20140902/3049f7f6/attachment.html>


More information about the Owasp-austin mailing list