[Owasp-sanfran] OWASP Event - San Francisco, October 4th @ 6 PM

OWASP - San Francisco Chapter owasp-sanfran at lists.owasp.org
Sat Sep 15 18:21:26 EDT 2007

Hello Robi,

Yes, I will definitely attend the presentation on
Thursday, October 4th.

I missed talking to Brian Christian, as he is enjoying
the vacation else where!

Thank you and take care,


Tuan Nguyen

--- OWASP - San Francisco Chapter
<owasp-sanfran at lists.owasp.org> wrote:

> Dear IT Security Stalwarts,
> Since Brian Christian resigned from his leadership
> role with the San Francisco OWASP Chapter, I have
> been busy coordinating the membership and event
> campaigns.  In the past few weeks, I was able to
> find 2 published authors to give a couple of very
> interesting presentations at a lecture hall at
> Golden Gate University.  With the recent activity at
> the California Legislature
> (http://tinyurl.com/3e4dtv), the time is now to
> educate our community on the practice of web
> application security and help business protect our
> personal data.  (The Online World Market Conference
> will be at the Moscone Center during the week of
> this event, so hopefully some of them will attend -
> http://www.onlinemarketworld.com)
> As you attend some of the many security events next
> week in the area (BaySec, IT Security World, Secure
> World Expo), please feel free to invite your
> colleagues and associates to our event.  The agenda
> is as follows:
> Agenda and Presentations:  
> 6:00pm – 6:30pm:            Check-in and Reception
> (food and beverages)
> 6:30pm – 7:15pm:  "Fuzzing vs. Static Analysis" by
> Jacob West
> 7:15pm – 7:30pm:  Break & Networking Session
> 7:30pm – 8:15pm:  "An Analysis of Emerging Security
> Vulnerabilities & the Impact to Business" by Neil
> Daswani
> 8:15pm – 8:30pm:  Announcements/Q & A
> Venue: 
> Golden Gate University 
> Room 2203 
> 536 Mission Street  
> (Between 1st & 2nd Streets; close to Montgomery
> Street BART Station)
> San Francisco, CA 94105-2968 
>  Please RSVP through this link: 
> http://www.eventbrite.com/event/74194919 so I can
> estimate the attendance (for food & beverages).
> Description of Talks and Presenter Bios:
> “Fuzzing vs. Static Analysis” by Jacob West
> Abstract: This talk discusses how fuzzing and other
> runtime testing techniques are great at finding
> certain kinds of bugs. The trick is, effective
> fuzzing requires a lot of customization. The fuzzer
> needs to understand the protocol being spoken,
> anticipate the kinds of things that could go wrong
> in the program, and have some way to judge whether
> or not the program has gone into a tailspin. Get
> this setup wrong, and you end up fuzzing the wrong
> thing, exercising and re-exercising trivial paths
> through the program, or just plain missing bugs.
> Fuzzing effectively takes a lot of customization and
> a lot of time. The presentation will propose a
> series of techniques for customizing static, rather
> than dynamic, tools that will let you find more and
> better-quality bugs than you ever thought possible.
> The talk concludes with the results of an experiment
> we conducted on open-source code to compare the
> effectiveness of fuzzing and static analysis at
> finding a known-set of security bugs.
> Bio: Jacob manages Fortify Software's Security
> Research Group, which is responsible for building
> security knowledge into Fortify's products. Jacob
> brings expertise in numerous programming languages,
> frameworks, and styles together with knowledge about
> how real-world systems can fail. In addition, he
> recently co-authored a book, "Secure Programming
> with Static Analysis," which was released in June
> 2007. Before joining Fortify, Jacob worked with
> Professor David Wagner, at the University of
> California at Berkeley, to develop MOPS (MOdel
> Checking Programs for Security properties), a static
> analysis tool used to discover security
> vulnerabilities in C programs. When he is away from
> the keyboard, Jacob spends time speaking at
> conferences and working with customers to advance
> their understanding of software security. He lives
> in San Francisco, California.
> “An Analysis of Emerging Security Vulnerabilities &
> the Impact to Business” by Neil Daswani
> Abstract: This talk discusses how IT professionals
> can go about learning what they need to know to
> prevent the most significant emerging data security
> vulnerabilities, and the impact these
> vulnerabilities are having on electronic commerce.
> It will review how attacks such as XSRF
> (Cross-Site-Request-Forgery) and SQL Injection work,
> and how to defend against them. It will present some
> industry-wide statistics on software security
> vulnerabilities reported to various databases, and
> emerging trends in the field of software security.
> Finally, it will discuss the current state of
> security education, and provide pointers to
> certification programs, books, and organizations
> where you and your colleagues can learn more.
> Bio: Neil has served in a variety of research ,
> development, teaching, and managerial roles at
> Google, Stanford University , DoCoMo USA Labs,
> Yodlee, and Bellcore (now Telcordia Technologies).
> His areas of expertise include security, wireless
> data technology, and peer-to-peer systems. He has
> published extensively in these areas, frequently
> gives talks at industry and academic conferences,
> and has been granted several U.S. patents. He
> received a Ph.D. and a master's in computer science
> from Stanford University , and earned a bachelor's
> in computer science with honors with distinction
> from Columbia University.
> I hope to see many of the existing members and
> hopefully some new faces as well.
> Robi Papp
>   > _______________________________________________
> Owasp-sanfran mailing list
> Owasp-sanfran at lists.owasp.org

More information about the Owasp-sanfran mailing list