[Owasp-austin] OWASP Austin: September newsletter

Kyle Smith kyle.smith at owasp.org
Wed Sep 2 12:45:15 UTC 2015

Howdy OWASP Austin-ers!

Come out to the last Security Professionals Happy Hour of the Year!
Come out to the last OWASP Austin chapter meeting of the Year!
Register the best local security conference of the year in LASCON 2015!

Builder. Breaker, Tester, Leader -- Come join us at LASCON 2015 -- check it
out at https://lascon.org and see the schedule at
http://lascon2015.sched.org !

Register at https://lascon2015.eventbrite.com!  Tickets are going fast!

Austin Security Professionals Happy Hour sponsored by Veracode, September
When: Thursday, September 10th, 5pm-7pm

Where: Sherlocks Baker Street Pub and Grill, 183 & Burnet (we meet in the
large room to the right as you walk in, normally on the far side of the

What: The Austin Security Professionals Happy Hour is a monthly event
coordinated by the Austin OWASP and Capital of Texas ISSA Chapters and
sponsored by various companies. We try to meet every second Thursday of the
month from January to September (but occasionally we make schedule
adjustments when needed). The event is an informal social gathering of
local information security professionals. If you're involved with InfoSec
or even if you have an interest, come on out for drinks, good food and

Sponsor:  Veracode

Veracode’s cloud-based service and programmatic approach deliver a simpler
and more scalable solution for reducing global application-layer risk
across web, mobile and third-party applications. Recognized as a Gartner
Magic Quadrant Leader since 2010, Veracode secures hundreds of the world’s
largest global enterprises, including 3 of the top 4 banks in the Fortune
100 and 25+ of the world’s top 100 brands.

RSVP: https://aus-sec-happy-hour-2015-09.eventbrite.com/

OWASP Austin September Chapter Meeting, September 29th
When: Tuesday, September 29th @ 11:45 - 1PM

Title: Log Everything, even if it is just on local disks

Logs are as important as SQLi, XSS or Secure Coding! OWASP has a “Logging
Cheat Sheet”, and there are the “Windows Logging Cheat Sheet”, “Windows
PowerShell Logging Cheat Sheet”, “Windows Splunk Logging Cheat Sheet” and
several other I created, but we still lack an understanding of logging when
it comes to Application Security and DevOps.

Enabling and configuration of logs must become as basic and a standard
practice as doing WebApp security scans, secure code reviews or secure
webapp design, which should include application log design and
implementation. You don’t need an expensive log management solution to do
good application security or DevOps log configuration. What we need is to
include all our Cheat Sheets into DevOps builds so enabling and
configuration is baked in and to include a log design review as a part of
our application secure reviews. So WHEN we need log data, it is there for

Speaker: Michael Gough

Michael is the founder of "Malware Archaeology" and has 20 years experience
in IT and Information Security and currently in the Healthcare sector. In
the past Michael has been a consultant for HP and other consultancies, an
analyst for the Financial sector, Health Care and State of Texas. Michael
now focuses his talents as a Blue Team Defender, malwarian fighter and
malware archeologist, protecting his employer from nefarious

Michael also led BSides Texas with Michelle Klinger for 6 years and led the
BSides Austin conference held in March. Michael discovered the WinNTI
malware 10 months before Kasperski released their report. He also
discovered and exploited a major Card Key system flaw back in 2010 which
can be found on YouTube.

Michael is a creator of the Malware Management Framework, a process to help
discover malware on Windows based systems. Michael also developed the
“Windows Logging Cheat Sheet” to provide a starting point on detailed
logging for Windows hosts.

Michael's resources may be found on his website: MalwareArchaeology

Food: It will be a surprise! Please RSVP so we'll be sure to have enough
for all!

Only those who RSVP will be eligible for any drawings/giveaways that may
take place!

Location: National Instruments, 11500 N. Mopac.Building C

Or if you can not attend we should be broadcasting the meeting GoToMeeting
-- https://attendee.gotowebinar.com/register/6987803582755277570

RSVP: https://owasp-austin-2015-september.eventbrite.com/

OWASP Study Group

The Study group finished their latest book a few weeks ago.  The group is
on a short hiatus until September 10th!

For the Study Group, follow the Ning site for all information --

Even more local activities can be found at the ISSA Capital of Texas
Chapters' Calendar at  http://www.austinissa.org/calendar
As always, chapter information can be found at: https://austin.owasp.org
and study group information at:
If you missed any of the monthly presentations, you can find them online in
our Vimeo channel: https://vimeo.com/channels/owaspaustin
and join our Linked Group:  https://www.linkedin.com/grp/home?gid=1250897
Follow on twitter at @LASCONATX

If there are any questions about the chapter, its activities, or general
ideas please email me off list.

Thank you!
kyle.smith at owasp.org
OWASP Austin, chapter leader
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-austin/attachments/20150902/5ab3709d/attachment.html>

More information about the Owasp-austin mailing list