[Owasp-sanfran] OWASP Event - San Francisco, October 4th @ 6 PM
OWASP - San Francisco Chapter
owasp-sanfran at lists.owasp.org
Fri Sep 14 21:19:27 EDT 2007
Dear IT Security Stalwarts,
Since Brian Christian resigned from his leadership role with the San Francisco OWASP Chapter, I have been busy coordinating the membership and event campaigns. In the past few weeks, I was able to find 2 published authors to give a couple of very interesting presentations at a lecture hall at Golden Gate University. With the recent activity at the California Legislature (http://tinyurl.com/3e4dtv), the time is now to educate our community on the practice of web application security and help business protect our personal data. (The Online World Market Conference will be at the Moscone Center during the week of this event, so hopefully some of them will attend - http://www.onlinemarketworld.com)
As you attend some of the many security events next week in the area (BaySec, IT Security World, Secure World Expo), please feel free to invite your colleagues and associates to our event. The agenda is as follows:
Agenda and Presentations:
6:00pm 6:30pm: Check-in and Reception (food and beverages)
6:30pm 7:15pm: "Fuzzing vs. Static Analysis" by Jacob West
7:15pm 7:30pm: Break & Networking Session
7:30pm 8:15pm: "An Analysis of Emerging Security Vulnerabilities & the Impact to Business" by Neil Daswani
8:15pm 8:30pm: Announcements/Q & A
Golden Gate University
536 Mission Street
(Between 1st & 2nd Streets; close to Montgomery Street BART Station)
San Francisco, CA 94105-2968
Please RSVP through this link: http://www.eventbrite.com/event/74194919 so I can estimate the attendance (for food & beverages).
Description of Talks and Presenter Bios:
Fuzzing vs. Static Analysis by Jacob West
Abstract: This talk discusses how fuzzing and other runtime testing techniques are great at finding certain kinds of bugs. The trick is, effective fuzzing requires a lot of customization. The fuzzer needs to understand the protocol being spoken, anticipate the kinds of things that could go wrong in the program, and have some way to judge whether or not the program has gone into a tailspin. Get this setup wrong, and you end up fuzzing the wrong thing, exercising and re-exercising trivial paths through the program, or just plain missing bugs. Fuzzing effectively takes a lot of customization and a lot of time. The presentation will propose a series of techniques for customizing static, rather than dynamic, tools that will let you find more and better-quality bugs than you ever thought possible. The talk concludes with the results of an experiment we conducted on open-source code to compare the effectiveness of fuzzing and static analysis at finding a known-set of security bugs.
Bio: Jacob manages Fortify Software's Security Research Group, which is responsible for building security knowledge into Fortify's products. Jacob brings expertise in numerous programming languages, frameworks, and styles together with knowledge about how real-world systems can fail. In addition, he recently co-authored a book, "Secure Programming with Static Analysis," which was released in June 2007. Before joining Fortify, Jacob worked with Professor David Wagner, at the University of California at Berkeley, to develop MOPS (MOdel Checking Programs for Security properties), a static analysis tool used to discover security vulnerabilities in C programs. When he is away from the keyboard, Jacob spends time speaking at conferences and working with customers to advance their understanding of software security. He lives in San Francisco, California.
An Analysis of Emerging Security Vulnerabilities & the Impact to Business by Neil Daswani
Abstract: This talk discusses how IT professionals can go about learning what they need to know to prevent the most significant emerging data security vulnerabilities, and the impact these vulnerabilities are having on electronic commerce. It will review how attacks such as XSRF (Cross-Site-Request-Forgery) and SQL Injection work, and how to defend against them. It will present some industry-wide statistics on software security vulnerabilities reported to various databases, and emerging trends in the field of software security. Finally, it will discuss the current state of security education, and provide pointers to certification programs, books, and organizations where you and your colleagues can learn more.
Bio: Neil has served in a variety of research , development, teaching, and managerial roles at Google, Stanford University , DoCoMo USA Labs, Yodlee, and Bellcore (now Telcordia Technologies). His areas of expertise include security, wireless data technology, and peer-to-peer systems. He has published extensively in these areas, frequently gives talks at industry and academic conferences, and has been granted several U.S. patents. He received a Ph.D. and a master's in computer science from Stanford University , and earned a bachelor's in computer science with honors with distinction from Columbia University.
I hope to see many of the existing members and hopefully some new faces as well.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-sanfran