[Owasp-sanfran] OWASP Event - San Francisco, October 4th @ 6 PM
OWASP - San Francisco Chapter
owasp-sanfran at lists.owasp.org
Sat Sep 15 18:21:26 EDT 2007
Hello Robi,
Yes, I will definitely attend the presentation on
Thursday, October 4th.
I missed talking to Brian Christian, as he is enjoying
the vacation else where!
Thank you and take care,
Tuan
Tuan Nguyen
--- OWASP - San Francisco Chapter
<owasp-sanfran at lists.owasp.org> wrote:
> Dear IT Security Stalwarts,
>
> Since Brian Christian resigned from his leadership
> role with the San Francisco OWASP Chapter, I have
> been busy coordinating the membership and event
> campaigns. In the past few weeks, I was able to
> find 2 published authors to give a couple of very
> interesting presentations at a lecture hall at
> Golden Gate University. With the recent activity at
> the California Legislature
> (http://tinyurl.com/3e4dtv), the time is now to
> educate our community on the practice of web
> application security and help business protect our
> personal data. (The Online World Market Conference
> will be at the Moscone Center during the week of
> this event, so hopefully some of them will attend -
> http://www.onlinemarketworld.com)
>
> As you attend some of the many security events next
> week in the area (BaySec, IT Security World, Secure
> World Expo), please feel free to invite your
> colleagues and associates to our event. The agenda
> is as follows:
>
>
>
> Agenda and Presentations:
> 6:00pm 6:30pm: Check-in and Reception
> (food and beverages)
>
>
> 6:30pm 7:15pm: "Fuzzing vs. Static Analysis" by
> Jacob West
>
>
> 7:15pm 7:30pm: Break & Networking Session
>
>
> 7:30pm 8:15pm: "An Analysis of Emerging Security
> Vulnerabilities & the Impact to Business" by Neil
> Daswani
>
>
> 8:15pm 8:30pm: Announcements/Q & A
>
>
> Venue:
> Golden Gate University
> Room 2203
> 536 Mission Street
> (Between 1st & 2nd Streets; close to Montgomery
> Street BART Station)
> San Francisco, CA 94105-2968
>
> Please RSVP through this link:
> http://www.eventbrite.com/event/74194919 so I can
> estimate the attendance (for food & beverages).
>
>
> Description of Talks and Presenter Bios:
>
> Fuzzing vs. Static Analysis by Jacob West
>
>
> Abstract: This talk discusses how fuzzing and other
> runtime testing techniques are great at finding
> certain kinds of bugs. The trick is, effective
> fuzzing requires a lot of customization. The fuzzer
> needs to understand the protocol being spoken,
> anticipate the kinds of things that could go wrong
> in the program, and have some way to judge whether
> or not the program has gone into a tailspin. Get
> this setup wrong, and you end up fuzzing the wrong
> thing, exercising and re-exercising trivial paths
> through the program, or just plain missing bugs.
> Fuzzing effectively takes a lot of customization and
> a lot of time. The presentation will propose a
> series of techniques for customizing static, rather
> than dynamic, tools that will let you find more and
> better-quality bugs than you ever thought possible.
> The talk concludes with the results of an experiment
> we conducted on open-source code to compare the
> effectiveness of fuzzing and static analysis at
> finding a known-set of security bugs.
>
>
> Bio: Jacob manages Fortify Software's Security
> Research Group, which is responsible for building
> security knowledge into Fortify's products. Jacob
> brings expertise in numerous programming languages,
> frameworks, and styles together with knowledge about
> how real-world systems can fail. In addition, he
> recently co-authored a book, "Secure Programming
> with Static Analysis," which was released in June
> 2007. Before joining Fortify, Jacob worked with
> Professor David Wagner, at the University of
> California at Berkeley, to develop MOPS (MOdel
> Checking Programs for Security properties), a static
> analysis tool used to discover security
> vulnerabilities in C programs. When he is away from
> the keyboard, Jacob spends time speaking at
> conferences and working with customers to advance
> their understanding of software security. He lives
> in San Francisco, California.
>
> An Analysis of Emerging Security Vulnerabilities &
> the Impact to Business by Neil Daswani
>
>
> Abstract: This talk discusses how IT professionals
> can go about learning what they need to know to
> prevent the most significant emerging data security
> vulnerabilities, and the impact these
> vulnerabilities are having on electronic commerce.
> It will review how attacks such as XSRF
> (Cross-Site-Request-Forgery) and SQL Injection work,
> and how to defend against them. It will present some
> industry-wide statistics on software security
> vulnerabilities reported to various databases, and
> emerging trends in the field of software security.
> Finally, it will discuss the current state of
> security education, and provide pointers to
> certification programs, books, and organizations
> where you and your colleagues can learn more.
>
>
> Bio: Neil has served in a variety of research ,
> development, teaching, and managerial roles at
> Google, Stanford University , DoCoMo USA Labs,
> Yodlee, and Bellcore (now Telcordia Technologies).
> His areas of expertise include security, wireless
> data technology, and peer-to-peer systems. He has
> published extensively in these areas, frequently
> gives talks at industry and academic conferences,
> and has been granted several U.S. patents. He
> received a Ph.D. and a master's in computer science
> from Stanford University , and earned a bachelor's
> in computer science with honors with distinction
> from Columbia University.
>
> I hope to see many of the existing members and
> hopefully some new faces as well.
>
> Robi Papp
>
> > _______________________________________________
> Owasp-sanfran mailing list
> Owasp-sanfran at lists.owasp.org
>
https://lists.owasp.org/mailman/listinfo/owasp-sanfran
>
More information about the Owasp-sanfran
mailing list