Viewing 0 current events matching “OWASP” by Location.
Sort By: Date | Event Name, Location , Relevance , Default |
---|---|
No events were found. |
Viewing 30 past events matching “OWASP” by Location.
Sort By: Date | Event Name, Location , Relevance , Default |
---|---|
Tuesday
Dec 13, 2011
|
OWASP Chapter Meeting – 15300 SW Koll Parkway Beaverton, OR 97006 The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. This informal chapter meeting will give attendees a chance to chat about whatever application security topics they are most interested in. Matthew will discuss the OWASP Testing Framework. Tim will offer his impressions of the Zed Attack Proxy. Other topics are welcome. |
Thursday
Mar 21, 2019
|
Symposium: ½ Day Hackathon – 2035 Northeast Cornelius Pass Road Hillsboro, OR 97124 A complimentary coffee bar, breakfast snacks and lunch will be provided. We are partnering again with Security Innovation to provide an immersive hands-on hacking experience for our February 2019 ISSA symposium. Compete against your fellow ISSA Portland members and guests in a contest of hacking skills to attack and breach the “Shred Retail” site. This event will provide value for everyone from a non-coder with zero hacking experience to a seasoned penetration tester. There are challenges for all skill levels and interest built into the site and we will have expert help on hand to help anyone who wants it. Those registering for the event will be provided with a complimentary code for 30-day access to the Security Innovations OWASP 2017 Series training. Course details can be found here: This code will be provided at least 14 days prior to the event. Amazon gift cards will be given for: Highest score - $100 Runner up - $50 Hardest vulnerability - $50 First vulnerability - $25 You will need to bring a laptop with the following: Recent version of Firefox installed with the FireBug Extension Recent Java Runtime installed. Many thanks to Salesforce for the coffee bar and for hosting this event. Snacks and lunch are sponsored by: Space is limited, so please register soon. |
Tuesday
Dec 10, 2019
|
Portland OWASP Chapter Meeting: So You Want to Teach Security? Bully for You! – Autodesk Inc This talk focuses on building a security curriculum and teaching it, whether individually, at the workplace or in academia. Start with the following question: Am I the right person to do it? A novice can be downright dangerous, while an expert who can't teach as useful as a waterproof teabag. Security education is the first line of defense, but who trains the trainers? Are students getting their money's worth? What differentiates your training from others? Join the speaker to share life lessons, funny anecdotes, and useful advice on lecturing, "curriculuming", and critiquing. Learn what it means to containerize a syllabus, deploy labs in a continuous integration-like environment using open source tools and why markdown is a better tool than PowerPoint for creating new content. Consider security textbooks as obsolete, "office hours" mandatory, and the impact of the Family Educational Rights and Privacy Act (FERPA). There will be a test at the end of the talk. Speaker: John L. Whiteman John is a product security expert and instructor at Intel in Oregon. He's also a part-time adjunct instructor teaching cybersecurity at the University of Portland. In a past life, John was a shipboard and classroom instructor in the United States Navy, training hundreds of sailors in the dark arts of passive sonar and torpedo countermeasure systems (in case the former didn't pan out). He also did a stint as a news director for a small radio station in Colorado. John has an M.S. in Computer Science from Georgia Tech and a B.A. in Asian Studies from the University of Maryland UC. He holds CISSP, CCSP and CEH security certifications. John blogs and loves to podcast for the OWASP chapter in Portland. |
Wednesday
Oct 30, 2013
|
OWASP Chapter Planning Meeting – Brix Tavern This is a planning meeting for the Portland OWASP chapter. Please join us if you are interested in helping us plan and organize the activities of the chapter for the next year. Please RSVP if you plan on showing up. Just shoot an email to ( tim DOT morgan AT owasp DOT org ) Some of the topics we expect to discuss at this meeting:
The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list: https://lists.owasp.org/mailman/listinfo/owasp-portland Meetings are free and open to the public. |
Tuesday
Mar 3, 2020
|
Exploring OWASP Juice Shop (with Burp Suite) – CTRL-H In this class, we’ll be exploring how to find the vulnerabilities in OWASP Juice Shop with Burp Suite (and maybe some other security tools if we get some time). You’ll learn to set up the environment to play with in your own time. As well as learning to practically apply the different features of Burp Suite and when it is and isn’t the most optimal tool. This will help you to reproduce security vulnerabilities or help find them for bug bounty programs. Bio: Jordan is an Application Security Engineer at New Relic and a graduate from the University of Pittsburgh with a degree in computer science. She’s Champion ranked in Rocket League and does yoga in her free time. Seating is limited RSVP: https://www.meetup.com/OWASP-Portland-Chapter/events/269026936/ OWASP Juice Shop: https://owasp.org/www-project-juice-shop/ Burp Suite CE: https://portswigger.net/burp/releases/professional-community-2020-1?requestededition=community |
Tuesday
Feb 18, 2020
|
Portland OWASP Study Night: Intro to Threat Modeling with Ray and Zak – CTRL-H Threat modeling is a vital skill for security hats of all colors, as well as for product designers, managers and developers. Ray is a Life Coach and Conspiracy Theorist. He does AppSec in his non-spare time for money. Zak is an Application Security Engineer with many years of development experience. Bring your own dinner/snacks. No provided pizza. Study Nights are smaller, bitesize, digestible, skill building mini lectures or workshops for those interested in learning new skills, tools, tricks, or new CTF challenges. It’s also meant for members to practice communication skills and teamwork in a supportive environment. Study Nights meet the first Tuesday of each month at the ^H hackerspace in North Portland. Doors will be at 7pm, event will start at 7:30pm and wrap up by 8:30. Please bring your computer with Burp Suite installed and preferred note taking mechanisms. Seating is limited RSVP: https://www.meetup.com/OWASP-Portland-Chapter/events/268231564/ |
Monday
Apr 16, 2018
|
OWASP Chapter Meeting: Alexei Kojenov on Deserialization Attacks – Cambia Health Solutions OverviewInsecure deserialization was recently added to OWASP's list of the top 10 most critical web application security risks, yet it is by no means a new vulnerability category. Data serialization and deserialization have been used widely in applications, services and frameworks, with many programming languages supporting them natively. Deserialization got more attention recently as a potential vehicle to conduct several types of attacks: data tampering, authentication bypass, privilege escalation, various injections and, finally, remote code execution. Two recent vulnerabilities in Apache Commons and Apache Struts, both allowing remote code execution, helped raise awareness of this risk. We will discuss how data serialization and deserialization are used in software, the dangers of deserializing untrusted input, and how to avoid insecure deserialization vulnerabilities. SpeakerAlexei Kojenov is a Senior Application Security Consultant with years of prior software development experience. During his career with IBM, he gradually moved from writing code to breaking code. Since late 2016, Alexei has been working as a consultant at Aspect Security, helping businesses identify and fix vulnerabilities and design secure applications. Aspect Security was recently acquired by Ernst&Young and joined EY Advisory cybersecurity practice. The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list: https://lists.owasp.org/mailman/listinfo/owasp-portland Meetings are free and open to the public. |
Monday
Mar 27, 2017
|
OWASP/AngularJS combined: Boosting the Security of Your Angular Application – Cambia Health Solutions This month PDX OWASP is joining forces with the local Angular JS meetup to feature: AbstractAngular 2 is hot, and there is a huge amount of information available on building applications, improving performance, and various other topics. But do you know how to make your Angular 2 applications secure? What kind of security features does Angular 2 offer you, and which additional steps can you take to really boost the security of your applications? In this session, we cover one of the biggest threats in modern web applications: untrusted JavaScript code. You will learn how Angular protects you against XSS, and why you shouldn't bypass this protection. We will also dive into new security mechanisms, such as Content Security Policy. Through a few examples, I will show you how you can use these mechanisms to enhance the security in your client-side context. SpeakerPhilippe De Ryck is a professional speaker and trainer on software security and web security. Since he obtained his PhD at the imec-DistriNet research group (KU Leuven, Belgium), he has been running the group's Web Security Training program, which ensures a sustainable knowledge transfer of the group’s security expertise towards practitioners. You can find more about Philippe on https://www.websec.be The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list: https://lists.owasp.org/mailman/listinfo/owasp-portland Meetings are free and open to the public. |
Monday
May 21, 2018
|
2018 Spring Training: IT Security and Audit Symposium through Clackamas Community College - Wilsonville Spring Training Day 1: 1) Keynote: Blockchain: More that Cryptocurrency: Michael Reed (Intel) Presentation on the origin of blockchain technologies and its evolution to a key technology in pursuit of increased efficiencies and new business models. Is your enterprise ready for blockchain? 2) Micro Segmentation and Cloud-A blueprint for protecting your golden egg: Tyler Hardison (RedHawk Security) (EVENT SPONSOR) 3) Benefiting from PCI – Even if Compliance is Not Required: Bowe Hoy (Sword&Shield) and Mike Griffin (Circle K Stores, Inc.) The Payment Card Industry Data Security Standard (PCI DSS) can be beneficial to your organization, even if compliance to it is not a requirement. PCI DSS features a number of valuable guidelines to help your organization improve its security posture, technology auditing, and business operations. This session will help you understand the key components of PCI DSS and how your organization can benefit from implementing it. You will receive practical lessons through case studies about organizations that have successfully implemented PCI DSS. Whether these organizations were required to comply with PCI DSS, or chose to adopt it – they became a better organization because of it. And you can learn how to do the same for your organization. 4) Certificate Security and Frameworks for a Public CA: Derek Thomas and Scott Perry As the ubiquity of on-line shopping continues to amplify our digital environment, ensuring a trusted on-line transaction becomes critical to building the brand loyalty and experience once relished within the physical brick and mortar retailer. The ability to ensure a trusted and secure transaction is not new, however the scrutiny placed on that trust is at an all time high with significant changes in the issuing community and the scrutiny ensuing from the browser community for secure and reliable trusted certificates. In this presentation, Scott Perry, Partner and Derek Thomas, Managing Director, of Scott Perry CPA, one of six licensed CPA firms performing Certificate Authority audits, will discuss the changing landscape of on-line transactional trust and the requirements of Certificate Authorities. The presentation will include a discussion and overview of an established but less known framework for evaluating and auditing the performance of Certificate Authority practices and considerations applied to evaluating the security of your on-line transactions. Day 2: 5 Sessions: Various Presenters 5) Current Economics of Cyber: David Hobbs: Radware Often we discuss the changing threat landscape from a pure technical or vulnerability picture, however this does an injustice to element of ease, cost and access to attacks. This presentation will provide attendees with an up-to-date picture of the rapidly changing landscape of attack tools and services, the buying criteria and locations for these the tools and ease of use. In addition, the presentation will provide an understanding of how the combination of the proliferation of these tools and their corresponding use has dramatically changed the dynamics of the return on defense strategies. This presentation will provide unique insight into the world of the Darknet, specific customer attack stories, new economic models of measuring security deployments and a refreshed look at how controls should be deployed going forward. 6) Cyber War Chronicles - Stories From the Virtual Trenches (ERT Report 2017): David Hobbs: Radware From information shared by over 1250 companies on their top concerns, we talk about what happened in 2017 and predict the top trends of 2018 in cyber security. The first half of 2017 saw a continuation of some cyber-security threats, as well as the emergence of some attack types and trends. Ransom attacks, political hacks, and new dynamics around the accessibility and capability of attack tools have added even more challenges to security. This session will explore some of the latest evolutions of the threat landscape, through a combination of market intelligence, real-world case studies, and direct insights from those on the front lines of cyber-security. 7) OWASP Updated Top10: Alex Ivkin (ISACA Board)
8) The Value of Cyber Certifications: Alex Ivkin (ISACA Board) 9) Fraud Audit in a Digital Environment: Sarah Dalton: E&Y CPE: 14 CPE Cost: Regular Pricing: On or After 4/20/18: ISACA or IIA Member: $185 Non-Member: $225 We hope to see you there! |
Wednesday
Jun 19, 2019
|
Portland OWASP - Security Requirement Elicitation with Bhushan Gupta – CloudBolt Software Web Application Security spreads over the application functionality, the platform it is running on, the development and deployment environment, third-party applications used, and last but not least, the open source code it utilizes. The requirements breadth is mind-boggling. You ignore any of these aspects and you become vulnerable. This talk will discuss a structured approach to establish essential security requirements based on the CIA triad. The discussion will then expand over how these requirements manifest in the industry standards such as PCI, Government agencies, and globally. It will also delve into third party and open source code scenarios. The audience will take home a checklist of different aspects of security requirements to consider when building a Web application. Bio: Bhushan Gupta, Gupta Consulting, LLC. Proven champion for quality and well-versed with software quality engineering, and an AppSec researcher, Bhushan is the principal consultant at Gupta Consulting, LLC. A Certified Six Sigma Black Belt (ASQ), he possesses deep and broad experience in solving complex problems, change management, and coaching and mentoring. As a member of Open Web Application Security Project (OWASP), he is dedicated to driving the AppSec to higher levels via integration of security into Agile software development life cycle. His research areas are: elicitation of security requirements, comprehensive testing approaches beyond penetration testing, application of test tools and use of AI (Machine Learning) in secure web application development. Bhushan has a MS in Computer Science (1985) from New Mexico Tech and has worked at Hewlett-Packard and Nike Inc. in various roles. He was a faculty member at the Oregon Institute of Technology, Software Engineering department, from 1985 to 1995 and is currently an Adjunct Faculty member. |
Wednesday
Jun 5, 2013
|
OWASP Chapter Meeting - Jim Manico – Collective Agency Downtown Jim Manico has offered to come and give us another great talk. Topic will either be "Top Ten Web Defenses" or "Securing the Software Development Lifecycle". We will serve Pizza! Please RSVP by emailing {tim . morgan at owasp.org} so we can better estimate how much to order. The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list: https://lists.owasp.org/mailman/listinfo/owasp-portland Chapter meetings are free and open to the public. |
Wednesday
Jan 9, 2013
|
OWASP - How to (FLOSS)Hack – Collective Agency Downtown Join us for a How to (FLOSS)Hack tutorial, which will introduce several common classes of web application vulnerabilities such as XSS, SQL injection, and XML External Entities flaws. The goal of the session is to bring novice FLOSSHack participants up to speed on how to identify new vulnerabilities that are likely to appear in the target software for this week's FLOSSHack. FLOSSHack is an experimental workshop project designed to bring together those who want to learn more about "hacking" (secure programming and application penetration testing) with those who are in need of low cost or pro bono security auditing. NOTE: For best results, please bring a laptop to participate in the hands-on exercises. The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list: https://lists.owasp.org/mailman/listinfo/owasp-portland Meetings are free and open to the public. |
Thursday
Dec 13, 2012
|
OWASP Chapter Meeting – Collective Agency Downtown Matthew Lapworth will present a talk on static code analysis. The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list: https://lists.owasp.org/mailman/listinfo/owasp-portland Chapter meetings are free and open to the public. |
Monday
Apr 23, 2012
|
OWASP Chapter Meeting – Collective Agency Downtown Jim Manico has offered to come to Portland and do a presentation on Top 10 web coding defenses. Jim has many years experience in the web application security space and currently works with WhiteHat Security & SANS. The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list: https://lists.owasp.org/mailman/listinfo/owasp-portland Chapter meetings are free and open to the public. |
Thursday
Mar 8, 2012
|
OWASP Chapter Meeting – Collective Agency Downtown The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list: https://lists.owasp.org/mailman/listinfo/owasp-portland About JoeThis chapter meeting feature guest speaker Joe Basirico, Director of Security Services at Security Innovation. Joe is responsible for managing the professional services business at Security Innovation. He leverages his unique experience as a development lead, trainer, researcher, and test engineer to lead the security engineering team in their delivery of high-quality, impactful assessment and remediation solutions to the company’s customers. His ability to blend his technical skills with risk-based contextual analysis and unwavering customer commitment makes him an invaluable asset for each Security Innovation client. Joe is an active member in the security and open-source communities, having contributed technology, training, utilities, expertise and methodologies. He manages the company’s engineering blog and has written several publications that focus on vulnerabilities at the source code level. Joe holds a B.S in Computer Science from Montana State University. About the Talk - Thinking Like the EnemyIn this talk I will help you get into the Hacker's mindset from my ten years of experience as a penetration tester, assessing some of the most exciting applications in the world. This talk will cover the most important qualities of a hacker or security tester, Top Vulnerabilities that you can't afford to miss as well as more difficult to tackle vulnerabilities that have caused tons of headaches and pain. By the end of the hour you'll better understand how to cause your application true pain, find a tiny weakness and cause the walls of security to crumble around it. After that we'll also talk about how to rebuild those walls to be more robust. |
Thursday
Oct 18, 2018
|
ISSA Portland panel discussion of current cyber threat landscape. – Columbia Square 8th Floor Conference Room Join us for ISSA Portland panel discussion of current cyber threat landscape. Thursday - October 18th, 2018 11:30AM - 1:00PM Please go to the link below and check it out and register today. Here is the link to the Eventbrite notice: Panel Participants: Brian Ventura, Security Architect City of Portland Craig Schippers, Principal Field Engineer, Trend Micro Cam Naghdi, Sales Engineering Manager, Malwarebytes Moderator: Christopher Paidhrin, CISO, City of Portland Topics to include: Quarterly update Trends in threat intelligence The role of AI in malware detection Defense in depth techniques Cloud defenses Panel Participants: Brian Ventura, Security Architect City of Portland About the panelist: Brian is an Information Security Architect for the City of Portland and a SANS Instructor. Brian volunteers with the ISSA Portland chapter as the Director of Education and with OWASP locally. Over the past 25 years, Brian achieved, holds, and now teaches various industry certifications including CISSP, GSEC, GCIH, GCFA, and GCCC. In addition to his Information Security persona, Brian is a member of the Timbers Army and Thorns Riveters, attending as many games as possible. Find Brian's teaching schedule: https://www.sans.org/instructors/brian-ventura Cameron Naghdi, Systems Engineering Manager, Malwarebytes About the Panelist: Cameron Naghdi is the Systems Engineering Manager for US-West at Malwarebytes. Cameron has worked for multiple endpoint technology firms and has supported many vertical markets from retail and healthcare up to Federal/Civilian agencies and the Department of Defense. Cameron is also on the technology advisory board of 802Secure and is Co-Founder and CTO at FilecheckIO. Cameron specializes in understanding the threats of today and how to prepare solutions to address both today's and future security challenges. Chris Sestito, Director of Threat Research, Cylance About the panelist: Chris Sestito manages the Cylance Threat Research Team, which consists of 30 researchers dedicated to data-science-based analysis and automation development. Chris is based in Austin, Texas and is an eight-year veteran in information security with a wealth of experience in malware analysis and malvertising that helps ensure the security of Cylance customers. Chris also holds Sec+ and C|EH certifications. Craig Schippers, Principal Field Engineer, Trend Micro About the Panelist: Craig Schippers is a CISSP Certified Principal Field Engineer at Trend Micro. He has worked in the security industry for approximately 17 years, assisting customers with their Infrastructure Security needs. Craig lives in Portland, Oregon. Moderator: Christopher Paidhrin, CISO, City of Portland and ISSA Portland Vice-President About the moderator: Christopher Paidhrin, is the Chief Information Security Officer for City of Portland, Oregon. For the past 17 years Christopher has been a nationally recognized healthcare Information Security authority, having received recognition, nominations and awards for service excellence, including Network World, ISE, SC Magazine, and Information Security magazine's 2011 "Security 7" Award. Christopher is a regular media consultant and presents at numerous events across the U.S. Christopher is an advocate of IT Service Management (ITSM) best practices and process improvement, including learning organizations and knowledge management. This event is sponsored by: Malwarebytes and Trend Micro |
Thursday
Feb 20, 2014
|
ISSA February Luncheon meeting – Con-Way Presentation: Pitfalls of Web Session Management Login session management in modern web applications is largely applications dominated by use of HTTP cookies. However, HTTP cookies were never designed for secure applications, which has led to a significant number of protocol security problems. In this talk, the speaker will start with a brief background on why HTTP cookies are a poorly-conceived mechanism to begin with, and continue with a discussion of how this impacts security. He will describe several lesser-known cookie-based session management problems that remain wide spread and allow for session hijacking through a variety of clever attacks. Who: Tim works to secure his customers' environments through black box testing, code reviews, social engineering evaluations, security training and a variety of other services. Tim earned his computer science degrees from Harvey Mudd College and Northeastern University and currently resides in Portland Oregon where he leads the local OWASP chapter Cost: $10 (member) / $15 (non-member) / $2 (at-the-door) CPEs: The ISSA meetings are appropriate for CPE credit. The chapter maintains proof of attendance for members but it is the members responsibility to ensure that these CPE's are credited to their respective accounts. |
Tuesday
Jan 7, 2020
|
Portland OWASP Study Night: Burp Suite Basics with Sophia Anderson – Ctrl-H / PDX Hackerspace Happy New Year! Welcome to our second ever OWASP PDX study night. Our January topic will be "Burp Suite Basics" presented by Sophia Anderson. Sophia is a security consultant for NetSPI performing web application penetration tests for Fortune 500 clients to discover vulnerabilities. Sorry no pizza unless you want to bring :). Study Nights are smaller, bitesize, digestible, skill building mini lectures or workshops for those interested in learning new skills, tools, tricks, or new CTF challenges. It’s also meant for members to practice communication skills and teamwork in a supportive environment. Study Nights meet the first Tuesday of each month at the ^H hackerspace in North Portland. Doors will be at 7pm, event will start at 7:30pm and wrap up by 8:30. Please bring your computer with Burp Suite installed and preferred note taking mechanisms. Seating is limited RSVP: https://www.meetup.com/OWASP-Portland-Chapter/events/267644393/ |
Sunday
Jan 13, 2013
|
OWASP - FLOSSHack Returns – Free Geek FLOSSHack is an experimental workshop project designed to bring together those who want to learn more about "hacking" (secure programming and application penetration testing) with those who are in need of low cost or pro bono security auditing. The target software for this FLOSSHack event is OpenMRS. For more info, see the event page. The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list: https://lists.owasp.org/mailman/listinfo/owasp-portland Meetings are free and open to the public. |
Sunday
Jul 1, 2012
|
OWASP FLOSSHack - Ushahidi – Free Geek FLOSSHack is an experimental workshop project designed to bring together those who want to learn more about "hacking" (secure programming and application penetration testing) with those who are in need of low cost or pro bono security auditing. This first ever FLOSSHack event will be focused on the Ushahidi platform. Stay tuned for more details in the coming weeks. The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list: https://lists.owasp.org/mailman/listinfo/owasp-portland Meetings are free and open to the public. |
Saturday
Apr 2, 2016
|
SEC440: Critical Security Controls: Planning, Implementing and Auditing – Hilton Garden Inn Portland Airport Save $200 if you register by March 2nd. This is a 2 day event, Saturday April 2nd and April 9th. Brian Ventura is a local community instructor for SANS and active with the Portland Chapter of ISSA, ISACA and OWASP. This course helps you master specific, proven techniques and tools needed to implement and audit the Critical Security Controls as documented by the Center for Internet Security (CIS). These Critical Security Controls, listed below, are rapidly becoming accepted as the highest priority list of what must be done and proven before anything else at nearly all serious and sensitive organizations. These controls were selected and defined by the US military and other government and private organizations (including NSA, DHS, GAO, and many others) who are the most respected experts on how attacks actually work and what can be done to stop them. They defined these controls as their consensus for the best way to block the known attacks and the best way to help find and mitigate damage from the attacks that get through. For security professionals, the course enables you to see how to put the controls in place in your existing network though effective and widespread use of cost-effective automation. For auditors, CIOs, and risk officers, the course is the best way to understand how you will measure whether the controls are effectively implemented. SEC440 does not contain any labs. If the student is looking for hands on labs involving the Critical Controls, they should take SEC566. The Critical Security Controls are listed below. You will find the full document describing the Critical Security Controls posted at the Center for Internet Security. One of the best features of the course is that it uses offense to inform defense. In other words, you will learn about the actual attacks that you'll be stopping or mitigating. That makes the defenses very real, and it makes you a better security professional. As a student of the Critical Security Controls two-day course, you'll learn important skills that you can take back to your workplace and use your first day back on the job in implementing and auditing each of the following controls: CIS Critical Security Controls CSC 1: Inventory of Authorized and Unauthorized Devices CSC 2: Inventory of Authorized and Unauthorized Software CSC 3: Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers CSC 4: Continuous Vulnerability Assessment and Remediation CSC 5: Controlled Use of Administrative Privileges CSC 6: Maintenance, Monitoring, and Analysis of Audit Logs CSC 7: Email and Web Browser Protections CSC 8: Malware Defenses CSC 9: Limitation and Control of Network Ports, Protocols, and Services CSC 10: Data Recovery Capability CSC 11: Secure Configurations for Network Devices such as Firewalls, Routers, and Switches CSC 12: Boundary Defense CSC 13: Data Protection CSC 14: Controlled Access Based on the Need to Know CSC 15: Wireless Access Control CSC 16: Account Monitoring and Control CSC 17: Security Skills Assessment and Appropriate Training to Fill Gaps CSC 18: Application Software Security CSC 19: Incident Response and Management CSC 20: Penetration Tests and Red Team Exercises |
Tuesday
Jan 24, 2012
|
OWASP Chapter Planning Meeting – Hopworks Urban Brewery The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. The goal of this informal chapter meeting is to give people a chance to talk shop about security topics and to plan the future direction of the Portland OWASP chapter. |
Thursday
Dec 6, 2018
|
OWASP Portland Chapter Meeting – Jama Software (New Office) Interested in web application security? OWASP is for you. The Open Web Application Security Project aims to improve the security of software. Portland has a vibrant chapter and this is our regular chapter meeting. Unfortunately, our speaker this month has come down with laryngitis so we're going to be showing a few of the talks from this year's AppSecUSA conference with pizza. To vote on which talk you would be interested in viewing go to this tweet |
Tuesday
May 22, 2018
|
OWASP Chapter Meeting - Pen Testing: How to Get Bigger Bang for your Buck – Jama Software (New Office) Panel Discussion - Join local industry practitioners as they discuss the best practices used in getting superior results from your Pen Testing. Also share your ideas on Dos and Dont's of Pen testing. Moderator - Brian Ventura Panelists - Alexie Kojenov, Ian Melven, Benny Zhao, and Scott Cutler Alexei Kojenov is a Senior Application Security Consultant with years of prior software development experience. During his career with IBM, he gradually moved from writing code to breaking code. Since late 2016, Alexei has been working as a consultant at Aspect Security, helping businesses identify and fix vulnerabilities and design secure applications. Aspect Security was recently acquired by Ernst&Young and joined EY Advisory cybersecurity practice. Ian Melven is Principal Security Engineer at New Relic. He has worked in security for almost 20 years, including roles at Mozilla, Adobe, McAfee and @stake. Benny Zhao is a Security Engineer at Jive Software. His experience focuses on identifying code vulnerabilities and securing software by building tools to help automate security testing. Scott Cutler has been interested in computer security since he was a kid, and started attending DefCon in 2004. He got his Computer Science degree from UC Irvine in 2009 while working for the on-campus residential network department for 4 years. After graduating he worked first as QA for a SAN NIC card manufacturer, then switched to essentially create their DevOps program from scratch. From these jobs he has gained a lot of experience with networking, build processes, Linux/Unix administration and scripting, and Python development. In 2012 Scott began working in the security field full time as a FIPS, Common Criteria, and PCI Open Protocol evaluator for InfoGard Laboratories (now UL Transaction Security). During this time he got his OSCP and a good understanding of federal security requirements, assessment processes, and documentation (ask him about NIST SPs!). In 2015 scott switched over to Aspect Security (now EY) to put his OSCP to good use and became a full-time application security engineer, doing pen-tests as well as developing both internal and external training. |
Tuesday
Jan 23, 2018
|
OWASP: AppSec Testing Beyond Pen Test – Jama Software (New Office) Abstract: Most web application security testing efforts are concentrated around penetration testing which is an art based on a hacker’s psyche, thought process, and determination to exploit vulnerabilities. But, does it yield a high level of confidence and sense of security in a developer’s mind? The answer is a “maybe” especially when the bad guy is obsessed with figuring out new exploits to hack your application. The web application developers have to think about intrinsic security - that is, building security throughout the SDLC. We build applications based upon well-formed customer requirements. Why should we not, then, build our applications based upon the fundamental principles of security and then harden security from the hacker’s perspective? Bio: Principal consultant at Gupta Consulting LLC., Bhushan Gupta is passionate about development methods and tools that yield more secure web applications especially in the agile software development environment. As a researcher he has keen interest in understanding and applying fundamental principles and known methodologies to develop dependable and secure software solutions. His interests extend to Social Engineering and Attack Surface Analysis. Bhushan worked at Hewlett-Packard for 13 years in various roles including software quality lead, engineer, software process architect, and software productivity manager. He then developed a strong interest in web application security while working as a quality engineer for Nike Inc. Bhushan has been studying various facets of web application security and promoting how to apply common sense approach to build secure solutions. He is a certified Six Sigma Black Belt (HP and ASQ) and an adjunct faculty member at the Oregon Institute of Technology in Software Engineering. To learn more about Bhushan’s contributions to SDLC, visit www.bgupta.com |
Tuesday
Nov 14, 2017
|
OWASP: Cryptography 101/Part 2 - When Good Crypto Goes Bad – Jama Software (New Office) Abstract A well known security expert and cryptographer, Thomas H. Ptáček, once said: "If You're Typing the Letters A-E-S Into Your Code You're Doing It Wrong". Wait, what?!? Doesn't everyone use AES? Of course we do. Is AES broken? Nope. In this developer-oriented talk I'll explore the kinds of mistakes programmers commonly make when implementing cryptosystems; just how easily these problems can be exploited in the real world; and what Thomas meant by his statement. Speaker's Bio Tim taught himself how to write software at the age of twelve and has been a die-hard technologist ever since. After earning his computer science degrees (B.S., Harvey Mudd College and M.S., Northeastern University), Tim spent 8 years helping build a Boston-based information security consulting practice that was recently acquired. In 2014, Tim founded Blindspot Security where he has continued his work as a security consultant, helping his customers understand how digital intruders can gain access to their critical business assets through network, application, and comprehensive security assessments. |
Monday
May 22, 2017
|
OWASP: What the experts say about Web Application Security - A Panel Discussion – Jama Software (New Office) We are often encountered with making non-trivial decisions about Appsec. Participate in an exciting open discussion with the experts on the following (and more) aspects of Appsec:
Bring your burning questions to ask the panel and take this opportunity to share your experiences with others. Panel Member's Bio: Brian Ventura – Security Architect at the City Of Portland focused on Information Security program management, Brian also is a SANS Instructor and ISSA education director. Ian Melven - Ian has worked in the security field for over 15 years in various roles at companies such as @stake, McAfee, Adobe and Mozilla. He currently leads product security at New Relic. James Bohem - James is the Chief Security Architect at WebMD Health Services in Portland, OR. For the last 16 years he has held Information Security architect and consulting positions, with experience in application security, architecture and compliance strategy across healthcare, technology, retail, financial and manufacturing industries. Before focusing on security, he was a software developer and architect on the UNIX kernel, microkernels, distributed applications and standards development. Eric Jernigan – Eric is the IT Security Manager at Genesis Financial Solutions and has broad security experience in financial industry. The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list: https://lists.owasp.org/mailman/listinfo/owasp-portland Meetings are free and open to the public. |
Thursday
Jul 28, 2016
|
OWASP: Social Engineering -- How to Avoid Being a Victim – Jama Software (New Office) Social engineering (an act of exploiting people instead of computers) is one of the most dangerous tools in the hacker’s toolkit to breach internet security. The Ubiquiti Networks fell victim to a $39.1 M fraud as one of its staff members was hit by a fraudulent “Business Email Compromise” attack. Thousands of grandmas and grandpas are victim of phishing emails and are forced to pay ransom to have their data released. In this new millennium, the cyber security game has changed significantly from annoying harmless viruses to stealing vital personal data, causing negative financial impact, demanding ransom, and spreading international political feud. Anyone with presence in the Cyber space has to protect himself/herself, the infrastructure, customers, and also deal with the legal repercussions in the event of a breach. In this talk Bhushan will present the different types of social engineering practices including use of social networks such as Facebook, Twitter, LinkedIn, the bad guys successfully use. The victims can range from the “C” levels (CEO, CFO, CTO) down to the individual contributors in an organization to a grandparent on her laptop. The presentation will also discuss a variety of ordinary but effective measures such as awareness campaign that organizations can take to minimize the risk of breach. Speaker Bhushan Gupta A principal consultant at Gupta Consulting LLC., Bhushan Gupta is passionate about the integration of web application security into Agile software development lifecycle. His interests extend to Social Engineering and Attack Surface Analysis. Bhushan worked at Hewlett-Packard for 13 years in various roles including quality engineer, software process architect, and software productivity manager. He then developed a strong interest in web application security while working as a quality engineer for Nike Inc. After 5 years at Nike, he retired and since has been studying various facets of web application security. Bhushan is a certified Six Sigma Black Belt (HP and ASQ) and an adjunct faculty member at the Oregon Institute of Technology in Software Engineering. To learn more about Bhushan, visit www.bgupta.com. This meeting will be recorded! Feel free to tune in live, or catch the recording later (~24hrs after event). The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list: https://lists.owasp.org/mailman/listinfo/owasp-portland Meetings are free and open to the public. |
Tuesday
Nov 17, 2015
|
OWASP: Antivirus in the Enterprise - Is it dead yet? – Jama Software (New Office) This month's topic is "Antivirus in the Enterprise - is it dead yet?" Read almost any article about antivirus today, and there will be an opinion somewhere in the writings about the applicability and effectiveness of antivirus software in the enterprise today. Some say yes; some say no. We will open this meeting with a pro/con presentation by security professionals Tony Carothers and Timothy D. Morgan, followed by discussion and debate in a panel style, about antivirus software and it's effectiveness in software security today. Refreshments will be provided. The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list: https://lists.owasp.org/mailman/listinfo/owasp-portland Meetings are free and open to the public. |
Monday
Feb 26, 2018
|
OWASP February Chapter Meeting : Jon Bottarini on Bug Bounties – Jive Software Jon Bottarini will be presenting on bug bounties (from both a hacker and a program perspective), common mistakes in the software development lifecycle that make it easier to find bugs, and what developers can do to understand their full attack surface. Bio: Jon Bottarini is a Technical Program Manager at HackerOne, where he is responsible for managing the bug bounty programs for the US Department of Defense and other companies looking to leverage talent from hacker-powered security. In his free time he is also a hacker and bug bounty hunter who has reported vulnerabilities to worldwide brands and organizations such as New Relic, Apple, Google, the US Department of Defense, and many more. Twitter: https://www.twitter.com/jon_bottarini |