Viewing 1 current event matching “OWASP” by Date.

Sort By: Date Event Name, Location , Relevance , Default
Wednesday
Jul 10
Portland OWASP - The Easy (and Secure!) Way to Build JavaScript Web Apps with OAuth 2 & OIDC with Jake Feasel
New Relic

What are the best current practices for building modern, completely standards-based (OIDC) web applications? Which flow should you use? How should you renew expired access tokens? How do you work with multiple resource servers? How do you achieve single-sign on? How can you make logging into your app as seamless as possible? We will demonstrate how simple it is to do all of this using open source libraries maintained by ForgeRock. Together we will deep dive into what these libraries are doing for you behind the scenes: PKCE, service workers, IndexedDB storage, hidden iframes, and more. In the end you will have all the tools at your disposal to easily build your next modern web app with OIDC.

Jake Feasel Developer Experience Lead; Forgerock

Jake has been working in the web platform for 20 years, all the while primarily interested in the use of standards and open source technologies. Jake is currently a senior engineer at ForgeRock, where he has been for the last seven years. He is most recently responsible for improving the ways in which developers interact with the ForgeRock Identity Platform.

Website

Viewing 30 past events matching “OWASP” by Date.

Sort By: Date Event Name, Location , Relevance , Default
Wednesday
Jun 19
Portland OWASP - Security Requirement Elicitation with Bhushan Gupta
CloudBolt Software

Web Application Security spreads over the application functionality, the platform it is running on, the development and deployment environment, third-party applications used, and last but not least, the open source code it utilizes. The requirements breadth is mind-boggling. You ignore any of these aspects and you become vulnerable.

This talk will discuss a structured approach to establish essential security requirements based on the CIA triad. The discussion will then expand over how these requirements manifest in the industry standards such as PCI, Government agencies, and globally. It will also delve into third party and open source code scenarios. The audience will take home a checklist of different aspects of security requirements to consider when building a Web application.

Bio: Bhushan Gupta, Gupta Consulting, LLC.

Proven champion for quality and well-versed with software quality engineering, and an AppSec researcher, Bhushan is the principal consultant at Gupta Consulting, LLC. A Certified Six Sigma Black Belt (ASQ), he possesses deep and broad experience in solving complex problems, change management, and coaching and mentoring. As a member of Open Web Application Security Project (OWASP), he is dedicated to driving the AppSec to higher levels via integration of security into Agile software development life cycle. His research areas are: elicitation of security requirements, comprehensive testing approaches beyond penetration testing, application of test tools and use of AI (Machine Learning) in secure web application development.

Bhushan has a MS in Computer Science (1985) from New Mexico Tech and has worked at Hewlett-Packard and Nike Inc. in various roles. He was a faculty member at the Oregon Institute of Technology, Software Engineering department, from 1985 to 1995 and is currently an Adjunct Faculty member.

Website
Thursday
May 16
PASCAL Hackerspace - AlgoBytes: Algorithms for Hackers!
PASCAL

PASCAL Hackerspace is happy to announce a new bimonthly workshop! One of the core goals of our organization is to provide educational opportunities to people in the information security and technical communities of Portland, and with AlgoBytes we get to do exactly that!

AlgoBytes is an informal workshop series to learn a bit more about the formal foundations of the field of computer science and about core data structures/algorithms frequently used for interviews, whether you've never explored them before or need a refresher.

Each 60 minute session we will focus on a different topic, although we may repeat them if there are requests to revisit material. Currently there will be 20-30 minutes of presentation, a walk through of a problem, usually followed by breaking into small groups to practice. Attending sequential events is probably helpful if the material is new to you, but not required.

Topics announced about 2 weeks in advance

Please bring your preferred note-taking device(s) and preferred scratch paper.

A laptop with your editor & language of choice may be handy for trying out your solutions- especially important if you are prepping for technical interviews, but is not at all required.

The PASCAL board is excited to be hosting this event alongside a very accomplished and brilliant woman in security-

Allison Marie Naaktgeboren is a Senior Software Engineer. She has previously written (and regretted) code at Mozilla, Amazon, Cisco, FactSet Research Systems, and the Biorobotics Laboratory in Carnegie Mellon’s Robotics Institute. Allison holds a Bachelor’s Degree in Computer Science from Carnegie Mellon University in Pittsburgh.

Allison is a mentor in the PDXWiT mentorship program, supports the Women Who Code Portland Algorithms track, and mentors high school students in robotics and programming (Go Rebel @lliance!) She is a member of PASCAL & the OWASP Portland chapter.

Website
Tuesday
May 14
Portland OWASP - InfoSec and AppSec: Recruiting, Interviewing, Hiring Q&A
Zapproved

Following up Ryan Krause's talk on breaking into the cybersecurity industry, May's chapter meeting hosted by Zapproved will offer attendees an opportunity to hear from hiring managers and InfoSec/AppSec leaders on what they look for in hiring for their roles and thoughts on career progression. Attendees will have ample opportunity to ask questions and engage our panel.

Panel:

Zefren Edior - Umpqua Bank

Zefren currently works at Umpqua Bank, and he is the Information Security Assurance Lead. He has 10 plus years of experience in IT operations, information security, risk management, compliance and audit. He mentors and advises students, who have worked at public accounting firms, big tech companies, and startups. He is passionate about technology, cybersecurity, and helping people align their knowledge, skills, and abilities to achieve personal and professional growth.

Patterson Cake - Haven Information Security / PeaceHealth

Patterson has been in information technology for over 20 years, focusing on security for the past several years in offensive, defensive and leadership roles. He is the founder of Haven Information Security, an instructor for SANS, and the Principal Cybersecurity Engineer for PeaceHealth.

Josha Bronson - Bronsec

Josha is a founder at bronsec, working with clients big and small on all aspects of security. Former security team founder at yammer.

Sam Harwin - Salesforce

Sam leads a technical team of security engineers that assess a wide variety of Enterprise facing infrastructure for the organization. They focus on performing technical security testing, risk assessments, and providing business risk guidance on a wide variety of infrastructure technologies such as operating systems (Mac, Linux, Windows, iOS, Android), devices (mobile, embedded technologies, IOT), networks (wired, wireless, cloud), and applications (endpoint, mobile, public cloud).

Philip Jenkins - Zapproved

Philip is director of compliance and IT at Zapproved. He has over 20 years’ experience in IT security, network management, system engineering, and IT processes. His past experience includes Director of Security at Jama Software and CISO at Strands Finance. Philip holds his CISSP and CISM certifications and is a recognized leader in information security. He is active in (ISC)2, ISACA, OWASP, InfraGard, and ISSA.

Website
Thursday
May 2
PASCAL Hackerspace - AlgoBytes: Algorithms for Hackers!
PASCAL

Topic: Review of material so far by student request: Big O, arrays, linked lists, hashing and hashes.

PASCAL Hackerspace is happy to announce a new bimonthly workshop! One of the core goals of our organization is to provide educational opportunities to people in the information security and technical communities of Portland, and with AlgoBytes we get to do exactly that!

AlgoBytes is an informal workshop series to learn a bit more about the formal foundations of the field of computer science and about core data structures/algorithms frequently used for interviews, whether you've never explored them before or need a refresher.

Each 60 minute session we will focus on a different topic, although we may repeat them if there are requests to revisit material. Currently there will be 20-30 minutes of presentation, a walk through of a problem, usually followed by breaking into small groups to practice. Attending sequential events is probably helpful if the material is new to you, but not required.

Topics announced about 2 weeks in advance

Please bring your preferred note-taking device(s) and preferred scratch paper.

A laptop with your editor & language of choice may be handy for trying out your solutions- especially important if you are prepping for technical interviews, but is not at all required.

The PASCAL board is excited to be hosting this event alongside a very accomplished and brilliant woman in security-

Allison Marie Naaktgeboren is a Senior Software Engineer. She has previously written (and regretted) code at Mozilla, Amazon, Cisco, FactSet Research Systems, and the Biorobotics Laboratory in Carnegie Mellon’s Robotics Institute. Allison holds a Bachelor’s Degree in Computer Science from Carnegie Mellon University in Pittsburgh.

Allison is a mentor in the PDXWiT mentorship program, supports the Women Who Code Portland Algorithms track, and mentors high school students in robotics and programming (Go Rebel @lliance!) She is a member of PASCAL & the OWASP Portland chapter.

Website
Thursday
Apr 18
PASCAL Hackerspace - AlgoBytes: Algorithms for Hackers!
PASCAL

PASCAL Hackerspace is happy to announce a new bimonthly workshop! One of the core goals of our organization is to provide educational opportunities to people in the information security and technical communities of Portland, and with AlgoBytes we get to do exactly that!

AlgoBytes is an informal workshop series to learn a bit more about the formal foundations of the field of computer science and about core data structures/algorithms frequently used for interviews, whether you've never explored them before or need a refresher.

Each 90 minute session we will focus on a different topic, although we may repeat them if there are requests to revisit material. Currently there will be 20-30 minutes of presentation, a walk through of a problem, followed by breaking into small groups to practice. Attending sequential events is probably helpful if the material is new to you, but not required.

Theme: Hashes & Hashing.

Please bring your preferred note-taking device(s) and preferred scratch paper.

A laptop with your editor & language of choice may be handy for trying out your solutions- especially important if you are prepping for technical interviews, but is not at all required.

The PASCAL board is excited to be hosting this event alongside a very accomplished and brilliant woman in security-

Allison Marie Naaktgeboren is a Senior Software Engineer. She has previously written (and regretted) code at Mozilla, Amazon, Cisco, FactSet Research Systems, and the Biorobotics Laboratory in Carnegie Mellon’s Robotics Institute. Allison holds a Bachelor’s Degree in Computer Science from Carnegie Mellon University in Pittsburgh.

Allison is a mentor in the PDXWiT mentorship program, supports the Women Who Code Portland Algorithms track, and mentors high school students in robotics and programming (Go Rebel @lliance!) She is a member of PASCAL & the OWASP Portland chapter.

Website
Wednesday
Apr 10
Portland OWASP - OWASP Top Ten For Javascript Developers with Lewis Ardern
New Relic

OWASP Top 10 for JavaScript Developers

The OWASP Top 10 is a powerful awareness document for web application security. It represents a broad consensus about the most critical security risks to web applications.

With the release of the OWASP TOP 10 2017 we saw new issues rise as contenders of most common issues in the web landscape. Much of the OWASP documentation displays issues, and remediation advice/code relating to Java, C++, and C#; however not much relating to JavaScript. JavaScript has drastically changed over the last few years with the release of Angular, React, and Vue, alongside the popular use of NodeJS and its libraries/frameworks. This talk will introduce you to the OWASP Top 10 explaining JavaScript client and server-side vulnerabilities.

Lewis Ardern is a Senior Security Consultant at Synopsys. His primary areas of expertise are in web security and security engineering. Lewis enjoys creating and delivering security training to various types of organizations and institutes in topics such as web and JavaScript security. He is also the founder of the Leeds Ethical Hacking Society and has helped develop projects such as bXSS (https://github.com/LewisArdern/bXSS) and SecGen (https://github.com/cliffe/secgen).

Website
Thursday
Apr 4
PASCAL Hackerspace - AlgoBytes: Algorithms for Hackers!
PASCAL

PASCAL Hackerspace is happy to announce a new bimonthly workshop! One of the core goals of our organization is to provide educational opportunities to people in the information security and technical communities of Portland, and with AlgoBytes we get to do exactly that!

AlgoBytes is an informal workshop series to learn a bit more about the formal foundations of the field of computer science and about core data structures/algorithms frequently used for interviews, whether you've never explored them before or need a refresher.

Each 90 minute session we will focus on a different topic, although we may repeat them if there are requests to revisit material. Currently there will be 20-30 minutes of presentation, a walk through of a problem, followed by breaking into small groups to practice. Attending sequential events is probably helpful if the material is new to you, but not required.

First Session's Theme: Analysis Foundations

What is an algorithm, besides a scary word?
I'm a practical person, why do I care?
What is a data structure?
What is complexity analysis?
What is Big O? Big Theta? Big Omega?
How do I apply them?

Please bring your preferred note-taking device(s) and preferred scratch paper.

A laptop with your editor & language of choice may be handy for trying out your solutions- especially important if you are prepping for technical interviews, but is not at all required.

The PASCAL board is excited to be hosting this event alongside a very accomplished and brilliant woman in security-

Allison Marie Naaktgeboren is a Senior Software Engineer. She has previously written (and regretted) code at Mozilla, Amazon, Cisco, FactSet Research Systems, and the Biorobotics Laboratory in Carnegie Mellon’s Robotics Institute. Allison holds a Bachelor’s Degree in Computer Science from Carnegie Mellon University in Pittsburgh.

Allison is a mentor in the PDXWiT mentorship program, supports the Women Who Code Portland Algorithms track, and mentors high school students in robotics and programming (Go Rebel @lliance!) She is a member of PASCAL & the OWASP Portland chapter.

Website
Thursday
Mar 21
Symposium: ½ Day Hackathon
2035 Northeast Cornelius Pass Road Hillsboro, OR 97124

A complimentary coffee bar, breakfast snacks and lunch will be provided.

We are partnering again with Security Innovation to provide an immersive hands-on hacking experience for our February 2019 ISSA symposium.

Compete against your fellow ISSA Portland members and guests in a contest of hacking skills to attack and breach the “Shred Retail” site.

This event will provide value for everyone from a non-coder with zero hacking experience to a seasoned penetration tester. There are challenges for all skill levels and interest built into the site and we will have expert help on hand to help anyone who wants it.

Those registering for the event will be provided with a complimentary code for 30-day access to the Security Innovations OWASP 2017 Series training. Course details can be found here:

https://www.securityinnovation.com/course-catalog/application-security/secure-design/owasp-2017-series

This code will be provided at least 14 days prior to the event.

Amazon gift cards will be given for:

Highest score - $100 Runner up - $50 Hardest vulnerability - $50 First vulnerability - $25 You will need to bring a laptop with the following:

Recent version of Firefox installed with the FireBug Extension Recent Java Runtime installed. Many thanks to Salesforce for the coffee bar and for hosting this event.

Snacks and lunch are sponsored by:

Space is limited, so please register soon.

Website
Tuesday
Mar 12
Portland OWASP - Breaching the Cyber Security Job Industry with Ryan Krause
Simple 120 SE Clay St Floor 2, Portland, OR 97214

Breaching the Cyber Security Job Industry

Despite the growing popularity of the cyber security industry, many job hunters still find it challenging to break into the field. With numerous entry-level cyber security jobs requiring one, two, or sometimes even three years of security-related experience, how are inexperienced applicants supposed to get their foot in the door?

This talk will discuss some of the challenges that potential employees face while looking for careers in the cyber security industry. It will explore potential career paths for new high school and college graduates, mid-career employees with a technical background, as well as mid-career employees with no technical background. The discussion will also focus on ways to help position yourself for success in the industry, touching on security internships, university diplomas, industry certificates, Portland-based security meetings, and self-study resources.

Ryan Krause is a penetration tester based in the Portland, Oregon area. He has worked in various areas of the security field for the past 11 years for companies such as HP, eEye Digital Security/BeyondTrust, and Comcast with a primary focus on application security and development. He is currently a consultant at NetSPI where he performs web and network penetration tests and assists clients with reducing their overall security exposure.

Website
Tuesday
Feb 26
Portland OWASP Chapter Meeting - Building a Security Program From Nothing with Kendra Ash
Vacasa

Companies are starting to build security programs with no prior experience as awareness about cyber threats increases. Often this is at a later stage when the company has a fully staffed engineering team and accumulated security debt. This talk is about how to build a security program from nothing using stakeholder analysis and risk assessments to help prioritize remediation efforts and avoid getting overwhelmed. A healthy and effective security program relies on building relationships throughout the company, enlisting security champions, and leveraging tooling and automation as effectively as possible. Kendra Ash will be sharing some of the lessons learned on our journey building a security program from scratch over the last several months.

Kendra Ash (@securelykash) is an information security engineer at Vacasa, actively building a security team and program by leveraging guidance from her network and industry standards.

Website
Thursday
Feb 21
PASCAL Hackerspace - AlgoBytes: Algorithms for Hackers!
PASCAL

PASCAL Hackerspace is happy to announce a new bimonthly workshop! One of the core goals of our organization is to provide educational opportunities to people in the information security and technical communities of Portland, and with AlgoBytes we get to do exactly that!

AlgoBytes is an informal workshop series to learn a bit more about the formal foundations of the field of computer science and about core data structures/algorithms frequently used for interviews, whether you've never explored them before or need a refresher.

Each 90 minute session we will focus on a different topic, although we may repeat them if there are requests to revisit material. Currently there will be 20-30 minutes of presentation, a walk through of a problem, followed by breaking into small groups to practice. Attending sequential events is probably helpful if the material is new to you, but not required.

First Session's Theme: Analysis Foundations

What is an algorithm, besides a scary word?
I'm a practical person, why do I care?
What is a data structure?
What is complexity analysis?
What is Big O? Big Theta? Big Omega?
How do I apply them?

Please bring your preferred note-taking device(s) and preferred scratch paper.

A laptop with your editor & language of choice may be handy for trying out your solutions- especially important if you are prepping for technical interviews, but is not at all required.

The PASCAL board is excited to be hosting this event alongside a very accomplished and brilliant woman in security-

Allison Marie Naaktgeboren is a Senior Software Engineer. She has previously written (and regretted) code at Mozilla, Amazon, Cisco, FactSet Research Systems, and the Biorobotics Laboratory in Carnegie Mellon’s Robotics Institute. Allison holds a Bachelor’s Degree in Computer Science from Carnegie Mellon University in Pittsburgh.

Allison is a mentor in the PDXWiT mentorship program, supports the Women Who Code Portland Algorithms track, and mentors high school students in robotics and programming (Go Rebel @lliance!) She is a member of PASCAL & the OWASP Portland chapter.

Website
Thursday
Feb 7
PASCAL Hackerspace - AlgoBytes: Algorithms for Hackers!
PASCAL

PASCAL Hackerspace is happy to announce a new bimonthly workshop! One of the core goals of our organization is to provide educational opportunities to people in the information security and technical communities of Portland, and with AlgoBytes we get to do exactly that!

AlgoBytes is an informal workshop series to learn a bit more about the formal foundations of the field of computer science and about core data structures/algorithms frequently used for interviews, whether you've never explored them before or need a refresher.

Each 90 minute session we will focus on a different topic, although we may repeat them if there are requests to revisit material. Currently there will be 20-30 minutes of presentation, a walk through of a problem, followed by breaking into small groups to practice. Attending sequential events is probably helpful if the material is new to you, but not required.

First Session's Theme: Analysis Foundations

What is an algorithm, besides a scary word?
I'm a practical person, why do I care?
What is a data structure?
What is complexity analysis?
What is Big O? Big Theta? Big Omega?
How do I apply them?

Please bring your preferred note-taking device(s) and preferred scratch paper.

A laptop with your editor & language of choice may be handy for trying out your solutions- especially important if you are prepping for technical interviews, but is not at all required.

The PASCAL board is excited to be hosting this event alongside a very accomplished and brilliant woman in security-

Allison Marie Naaktgeboren is a Senior Software Engineer. She has previously written (and regretted) code at Mozilla, Amazon, Cisco, FactSet Research Systems, and the Biorobotics Laboratory in Carnegie Mellon’s Robotics Institute. Allison holds a Bachelor’s Degree in Computer Science from Carnegie Mellon University in Pittsburgh.

Allison is a mentor in the PDXWiT mentorship program, supports the Women Who Code Portland Algorithms track, and mentors high school students in robotics and programming (Go Rebel @lliance!) She is a member of PASCAL & the OWASP Portland chapter.

Website
Thursday
Jan 24
PASCAL Hackerspace - AlgoBytes: Algorithms for Hackers!
PASCAL

PASCAL Hackerspace is happy to announce a new bimonthly workshop! One of the core goals of our organization is to provide educational opportunities to people in the information security and technical communities of Portland, and with AlgoBytes we get to do exactly that!

AlgoBytes is an informal workshop series to learn a bit more about the formal foundations of the field of computer science and about core data structures/algorithms frequently used for interviews, whether you've never explored them before or need a refresher.

Each 90 minute session we will focus on a different topic, although we may repeat them if there are requests to revisit material. Currently there will be 20-30 minutes of presentation, a walk through of a problem, followed by breaking into small groups to practice. Attending sequential events is probably helpful if the material is new to you, but not required.

First Session's Theme: Analysis Foundations

What is an algorithm, besides a scary word?
I'm a practical person, why do I care?
What is a data structure?
What is complexity analysis?
What is Big O? Big Theta? Big Omega?
How do I apply them?

Please bring your preferred note-taking device(s) and preferred scratch paper.

A laptop with your editor & language of choice may be handy for trying out your solutions- especially important if you are prepping for technical interviews, but is not at all required.

The PASCAL board is excited to be hosting this event alongside a very accomplished and brilliant woman in security-

Allison Marie Naaktgeboren is a Senior Software Engineer. She has previously written (and regretted) code at Mozilla, Amazon, Cisco, FactSet Research Systems, and the Biorobotics Laboratory in Carnegie Mellon’s Robotics Institute. Allison holds a Bachelor’s Degree in Computer Science from Carnegie Mellon University in Pittsburgh.

Allison is a mentor in the PDXWiT mentorship program, supports the Women Who Code Portland Algorithms track, and mentors high school students in robotics and programming (Go Rebel @lliance!) She is a member of PASCAL & the OWASP Portland chapter.

Website
Wednesday
Jan 9
OWASP Portland Chapter Meeting - Docker Security
New Relic

Docker has become a very popular tool for deploying server applications. It aims to solve many problems with dependency management and drift between development and production environments, and make it easy for developers to deploy their software quickly.

This talk is about how to use all of this wonderful convenience for evil. It will cover Docker containers and how they work (and how to infect them with malware), some services commonly used in Docker infrastructure and how to find and exploit them, and some Docker-specific post-exploitation strategies. It will also cover best practices for mitigating and detecting attacks on your Docker infrastructure and how to create a healthy security culture among your Docker engineers.

Josh is a Linux security practitioner and developer based in Portland, Oregon. He works as a security engineer at New Relic, where he builds security visibility tools, breaks SaaS software, and helps developers build secure infrastructure.

Website
Thursday
Dec 6, 2018
OWASP Portland Chapter Meeting
Jama Software (New Office)

Interested in web application security? OWASP is for you. The Open Web Application Security Project aims to improve the security of software. Portland has a vibrant chapter and this is our regular chapter meeting.

Unfortunately, our speaker this month has come down with laryngitis so we're going to be showing a few of the talks from this year's AppSecUSA conference with pizza. To vote on which talk you would be interested in viewing go to this tweet

Website
Thursday
Nov 8, 2018
OWASP Portland Chapter Meeting - OWASP Juice Shop!
New Relic

The Portland Chapter of the Open Web Application Security Project (OWASP) will be hosting an introduction to OWASP Juice Shop [https://github.com/bkimminich/juice-shop]. OWASP Juice Shop is an intentionally insecure web application for security trainings written entirely in JavaScript which encompasses the entire OWASP Top Ten [https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project] and other severe security flaws. The session will provide a top level overview of the Juice Shop playground and how to get started with it, as well as an opportunity for attendees to team up to teach and learn from each other in a fun Capture The Flag competition.

David Quisenberry (@dmqpdx16) will be facilitating the session. He's a developer with Daylight Studio and explorer of application security issues.

Website
Thursday
Oct 18, 2018
ISSA Portland panel discussion of current cyber threat landscape.
Columbia Square 8th Floor Conference Room

Join us for ISSA Portland panel discussion of current cyber threat landscape.

Thursday - October 18th, 2018 11:30AM - 1:00PM

Please go to the link below and check it out and register today.

Here is the link to the Eventbrite notice:

https://www.eventbrite.com/e/panel-discussion-tracking-the-current-cyber-threat-landscape-tickets-50695136518

Panel Participants:

Brian Ventura, Security Architect City of Portland Craig Schippers, Principal Field Engineer, Trend Micro Cam Naghdi, Sales Engineering Manager, Malwarebytes

Moderator:

Christopher Paidhrin, CISO, City of Portland Topics to include: Quarterly update Trends in threat intelligence The role of AI in malware detection Defense in depth techniques Cloud defenses Panel Participants:

Brian Ventura, Security Architect City of Portland About the panelist: Brian is an Information Security Architect for the City of Portland and a SANS Instructor. Brian volunteers with the ISSA Portland chapter as the Director of Education and with OWASP locally. Over the past 25 years, Brian achieved, holds, and now teaches various industry certifications including CISSP, GSEC, GCIH, GCFA, and GCCC. In addition to his Information Security persona, Brian is a member of the Timbers Army and Thorns Riveters, attending as many games as possible. Find Brian's teaching schedule: https://www.sans.org/instructors/brian-ventura

Cameron Naghdi, Systems Engineering Manager, Malwarebytes About the Panelist: Cameron Naghdi is the Systems Engineering Manager for US-West at Malwarebytes. Cameron has worked for multiple endpoint technology firms and has supported many vertical markets from retail and healthcare up to Federal/Civilian agencies and the Department of Defense. Cameron is also on the technology advisory board of 802Secure and is Co-Founder and CTO at FilecheckIO. Cameron specializes in understanding the threats of today and how to prepare solutions to address both today's and future security challenges.

Chris Sestito, Director of Threat Research, Cylance About the panelist: Chris Sestito manages the Cylance Threat Research Team, which consists of 30 researchers dedicated to data-science-based analysis and automation development. Chris is based in Austin, Texas and is an eight-year veteran in information security with a wealth of experience in malware analysis and malvertising that helps ensure the security of Cylance customers. Chris also holds Sec+ and C|EH certifications.

Craig Schippers, Principal Field Engineer, Trend Micro About the Panelist: Craig Schippers is a CISSP Certified Principal Field Engineer at Trend Micro. He has worked in the security industry for approximately 17 years, assisting customers with their Infrastructure Security needs. Craig lives in Portland, Oregon.

Moderator: Christopher Paidhrin, CISO, City of Portland and ISSA Portland Vice-President About the moderator: Christopher Paidhrin, is the Chief Information Security Officer for City of Portland, Oregon. For the past 17 years Christopher has been a nationally recognized healthcare Information Security authority, having received recognition, nominations and awards for service excellence, including Network World, ISE, SC Magazine, and Information Security magazine's 2011 "Security 7" Award. Christopher is a regular media consultant and presents at numerous events across the U.S. Christopher is an advocate of IT Service Management (ITSM) best practices and process improvement, including learning organizations and knowledge management.

This event is sponsored by: Malwarebytes and Trend Micro

Website
Wednesday
Oct 3, 2018
OWASP Portland 2018 Training Day
World Trade Center

For the third year in a row, the Portland OWASP chapter is proud to host our information security training day! This is be an excellent opportunity for those interested to receive top quality information security and application security training for prices far lower than normally offered. It's also a great chance to network with the local infosec community and meet those who share your interests.

OWASP Portland 2018 Training Day will be October 3, 2018.

Courses Courses will be held in two tracks: four in the morning session, and four in the afternoon session. Each participant can register for one morning course, or one afternoon course, or one of each.

The Portland OWASP chapter is hosting its 3rd annual training day. This will be an excellent opportunity for students to receive quality information security and application security training for next to nothing. It will also be a great chance to network with the local infosec community. For more information, see the main event page.

Courses are held in four tracks: four in the morning session, and four in the afternoon session. Each student can register for one morning course, or one afternoon course, or one of each!

NOTE: If you see that a course is sold out, then it is unlikely we will have any additional seats in that course. You can email ian DOT melven AT owasp.org OR benny DOT zhao AT owasp.org OR bhushan DOT Gupta AT owasp.org to request being added to the waiting list. Please be sure to specify which class(es) you want to be added to the wait list for.

OWASP Portland 2018 Training Day will be October 3, 2018. This year we'll be located at:

World Trade Center Portland 121 SW Salmon St. Portland, OR 97204. Later in the evening, a social mixer will also be held at Rock Bottom Restaurant & Brewery, just a short walk away:

206 SW Morrison St Portland, OR 97204

Time Activity 8:00 AM - 8:30 AM Morning Registration and Continental Breakfast 8:30 AM - 12:00 PM Intro to Hacking Web 3.0 (Mick Ayzenberg)

Introduction to Computer Forensics (Kris Rosenberg)

Intro to Practical Internal Vulnerability Scanning (Patterson Cake)

Incident Handling in Cloud Environment - a primer (Derek Hill)

12:00 PM - 1:30 PM Lunch on your own - Meet a new friend and grab a bite!

1:00 PM - 1:30 PM Afternoon Registration (for those attending only in the afternoon)

1:30 PM - 5:00 PM Advanced Application Security Testing (Timothy Morgan)

AppSec Testing Beyond Pen Test (Bhushan Gupta)

Applied Physical Attacks on Embedded Systems, Introductory Version (Joe FitzPatrick)

Advanced Custom Network Protocol Fuzzing (Joshua Pereyda)

5:00 PM - 7:30 PM Evening Mixer @ Rock Bottom Restaurant and Brewery

Want to get news and information on our 2018 Training Day? Subscribe to the Portland OWASP mailing list or follow @PortlandOWASP on Twitter!

Website
Tuesday
Sep 18, 2018
OWASP Portland Chapter Meeting - SAST and the Bad Human Code Project
Simple 120 SE Clay St Floor 2, Portland, OR 97214

SAST and the Bad Human Code Project

Static application security testing (SAST) is the automated analysis of source code both in its text and compiled forms. Lint is considered to be one of the first tools to analyze source code and this year marks its 40th anniversary. Even though it wasn't explicitly searching for security vulnerabilities back then, it did flag suspicious constructs. Today there are a myriad of tools to choose from both open source and commercial. We’ll talk about things to consider when evaluating web application scanners then turn our attention to finding additional ways to aggregate and correlate data from other sources such as git logs, code complexity analyzers and even rosters of students who completed secure coding training in an attempt to build a predictive vulnerability model for any new application that comes along. We’re also looking for people to contribute to a new open source initiative called “The Bad Human Code Project.” The goal is to create a one-stop corpus of intentionally vulnerable code snippets in as many languages as possible.

Speaker's Bio: John L. Whiteman is a web application security engineer at Oregon Health and Science University. He builds security tools and teaches a hands-on secure coding class to developers, researchers and anyone else interested in protecting data at the institution. He previously worked as a security researcher for Intel's Open Source Technology Center. John recently completed a Master of Computer Science at Georgia Institute of Technology specializing in Interactive Intelligence. He loves talking with like-minded people who are interested in building the next generation of security controls using technologies such as machine learning and AI.

Thursday
Aug 9, 2018
OWASP Portland Chapter Meeting - Security Internships: Bringing up the next generation of hackers
New Relic

Anna Lorimer will present Security Internships: Bringing up the next generation of hackers

Software engineering internships are increasingly popular and are becoming an integral part of career development for newcomers to the tech scene.They’re also valuable to any organization because they give senior engineers the opportunity to pass on knowledge and make it easier to find full time hires down the road. While there’s plenty of information about how to run a software engineering internship, the same can’t be said for security internships. In this talk I’ll discuss how security internships differ from regular software engineering internships, how to find interns, and how to structure internships to set up both your organization and the intern(s) for success.

Bio:

Anna Lorimer is an undergraduate student studying math and computer science at the University of Waterloo in Waterloo, Canada. She’s done 5 internships over the course of her undergraduate career and is currently doing her sixth with New Relic’s Product Security Team in Portland. She is also the co-founder of StarCon, a technology conference focused on the joy of technology and building a community around sharing technical knowledge.

Monday
Jul 16, 2018
OWASP Portland Chapter Meeting - OAuth 2.0 Simplified
NWEA

OAuth 2.0 Simplified: The OAuth 2.0 authorization framework has become the industry standard in providing secure access to web APIs. OAuth allows users to grant external applications access to their data, such as profile data, photos, and email, without compromising security. However, OAuth can be intimidating when first starting out. In this talk, Aaron Parecki will break down the various OAuth workflows and provide a simplified overview of the framework, highlighting a few typical use cases for web apps, mobile apps and browserless devices.

Speaker's Bio: Aaron Parecki is a developer advocate at Okta, and maintains oauth.net. He's the co-founder of IndieWebCamp, a yearly unconference focusing on data ownership and online identity, and is the editor of the W3C Webmention and Micropub specifications.

Website
Monday
Jun 18, 2018
OWASP Portland Chapter Meeting - Machine Learning vs Cryptocoin Miners
WebMD

Machine Learning vs Cryptocoin Miners Description: With the advent of cryptocurrencies as a prevalent economic entity, attackers have begun turning compromised boxes and environments into cash via cryptocoin mining. This has given rise for the opportunity to detect compromised environments by analyzing network traffic logs for evidence of cryptocoin miners. Specifically, I'll be reviewing various ML and statistical analysis techniques leveraged against VPC Flow Logs. This talk will not be a deep dive of the math involved but instead a general discussion of these techniques and why I chose them.

Speaker's Bio: Jonn Callahan is a principal appsec consultant at nVisium. Jonn was previously heavily involved in the OWASP DC and NoVA chapters. He has been working in appsec for half a decade now, initially within the DoD and now commercially with many high-visibility companies. Recently, Jonn has been digging into ML to find ways to bridge it and the security industry in an intelligent and usable fashion.

Website
Tuesday
May 22, 2018
OWASP Chapter Meeting - Pen Testing: How to Get Bigger Bang for your Buck
Jama Software (New Office)

Panel Discussion - Join local industry practitioners as they discuss the best practices used in getting superior results from your Pen Testing. Also share your ideas on Dos and Dont's of Pen testing.

Moderator - Brian Ventura

Panelists - Alexie Kojenov, Ian Melven, Benny Zhao, and Scott Cutler

Alexei Kojenov is a Senior Application Security Consultant with years of prior software development experience. During his career with IBM, he gradually moved from writing code to breaking code. Since late 2016, Alexei has been working as a consultant at Aspect Security, helping businesses identify and fix vulnerabilities and design secure applications. Aspect Security was recently acquired by Ernst&Young and joined EY Advisory cybersecurity practice.

Ian Melven is Principal Security Engineer at New Relic. He has worked in security for almost 20 years, including roles at Mozilla, Adobe, McAfee and @stake.

Benny Zhao is a Security Engineer at Jive Software. His experience focuses on identifying code vulnerabilities and securing software by building tools to help automate security testing.

Scott Cutler has been interested in computer security since he was a kid, and started attending DefCon in 2004. He got his Computer Science degree from UC Irvine in 2009 while working for the on-campus residential network department for 4 years. After graduating he worked first as QA for a SAN NIC card manufacturer, then switched to essentially create their DevOps program from scratch. From these jobs he has gained a lot of experience with networking, build processes, Linux/Unix administration and scripting, and Python development. In 2012 Scott began working in the security field full time as a FIPS, Common Criteria, and PCI Open Protocol evaluator for InfoGard Laboratories (now UL Transaction Security). During this time he got his OSCP and a good understanding of federal security requirements, assessment processes, and documentation (ask him about NIST SPs!). In 2015 scott switched over to Aspect Security (now EY) to put his OSCP to good use and became a full-time application security engineer, doing pen-tests as well as developing both internal and external training.

Website
Monday
May 21, 2018
2018 Spring Training: IT Security and Audit Symposium
through Clackamas Community College - Wilsonville

Spring Training

Day 1:

1) Keynote: Blockchain: More that Cryptocurrency: Michael Reed (Intel)

Presentation on the origin of blockchain technologies and its evolution to a key technology in pursuit of increased efficiencies and new business models. Is your enterprise ready for blockchain?

2) Micro Segmentation and Cloud-A blueprint for protecting your golden egg: Tyler Hardison (RedHawk Security) (EVENT SPONSOR)

3) Benefiting from PCI – Even if Compliance is Not Required: Bowe Hoy (Sword&Shield) and Mike Griffin (Circle K Stores, Inc.)

The Payment Card Industry Data Security Standard (PCI DSS) can be beneficial to your organization, even if compliance to it is not a requirement. PCI DSS features a number of valuable guidelines to help your organization improve its security posture, technology auditing, and business operations. This session will help you understand the key components of PCI DSS and how your organization can benefit from implementing it. You will receive practical lessons through case studies about organizations that have successfully implemented PCI DSS. Whether these organizations were required to comply with PCI DSS, or chose to adopt it – they became a better organization because of it. And you can learn how to do the same for your organization.

4) Certificate Security and Frameworks for a Public CA: Derek Thomas and Scott Perry

As the ubiquity of on-line shopping continues to amplify our digital environment, ensuring a trusted on-line transaction becomes critical to building the brand loyalty and experience once relished within the physical brick and mortar retailer. The ability to ensure a trusted and secure transaction is not new, however the scrutiny placed on that trust is at an all time high with significant changes in the issuing community and the scrutiny ensuing from the browser community for secure and reliable trusted certificates.

In this presentation, Scott Perry, Partner and Derek Thomas, Managing Director, of Scott Perry CPA, one of six licensed CPA firms performing Certificate Authority audits, will discuss the changing landscape of on-line transactional trust and the requirements of Certificate Authorities. The presentation will include a discussion and overview of an established but less known framework for evaluating and auditing the performance of Certificate Authority practices and considerations applied to evaluating the security of your on-line transactions.

Day 2: 5 Sessions: Various Presenters

5) Current Economics of Cyber: David Hobbs: Radware

Often we discuss the changing threat landscape from a pure technical or vulnerability picture, however this does an injustice to element of ease, cost and access to attacks. This presentation will provide attendees with an up-to-date picture of the rapidly changing landscape of attack tools and services, the buying criteria and locations for these the tools and ease of use. In addition, the presentation will provide an understanding of how the combination of the proliferation of these tools and their corresponding use has dramatically changed the dynamics of the return on defense strategies. This presentation will provide unique insight into the world of the Darknet, specific customer attack stories, new economic models of measuring security deployments and a refreshed look at how controls should be deployed going forward.

6) Cyber War Chronicles - Stories From the Virtual Trenches (ERT Report 2017): David Hobbs: Radware

From information shared by over 1250 companies on their top concerns, we talk about what happened in 2017 and predict the top trends of 2018 in cyber security. The first half of 2017 saw a continuation of some cyber-security threats, as well as the emergence of some attack types and trends. Ransom attacks, political hacks, and new dynamics around the accessibility and capability of attack tools have added even more challenges to security. This session will explore some of the latest evolutions of the threat landscape, through a combination of market intelligence, real-world case studies, and direct insights from those on the front lines of cyber-security.

7) OWASP Updated Top10: Alex Ivkin (ISACA Board)

 A detailed technical review of the OWASP top 10.

8) The Value of Cyber Certifications: Alex Ivkin (ISACA Board)

9) Fraud Audit in a Digital Environment: Sarah Dalton: E&Y

CPE: 14 CPE

Cost:

Regular Pricing: On or After 4/20/18:

ISACA or IIA Member: $185

Non-Member: $225

We hope to see you there!

Website
Thursday
May 10, 2018
SANS Community Event
Portland City Grill

Join SANS Instructors Brian Ventura and Derek Hill for an evening of conversation regarding Secure configurations - Built-in Security Enhancements and the benefit of the CISSP certification from a hiring manager perspective.

TOPICS 1. In the information security news, we regularly hear about the latest vulnerabilities with recommendations to scramble and patch immediately. This is an important aspect of our industry, however there are other security considerations. Are there configurations we can set now in our systems and software that will protect us? Let's explore secure configurations and see what we find.

  1. The Hiring Manager is looking at your resume – why does CISSP matter? While the CISSP is not the only thing we look at, it is a great starting point. What knowledge does the CISSP provide and how does one prepare for the exam?

Who is Brian Ventura: Brian Ventura is an Information Security Architect by day and SANS instructor by night. Brian volunteers with the Portland ISSA and OWASP chapters, focusing on educational opportunities. For SANS, he regularly teaches CyberDefense courses like the CIS Controls, Risk Management, and Security Essentials. Brian has a Security Essentials (SEC401) course in Portland, June 18-23. Come join in the learning experience!

Who is Derek Hill? Derek Hill has over 25 years of experience in IT and Information Security. He currently manages an Application Security Team, an Infrastructure Security Team (Blue Team) and a Data Privacy Engineering team at HP Inc. in Vancouver, WA. His teams are responsible for ensuring that HP’s internally developed applications are secure as well as the AWS infrastructure that is hosting these applications. Prior to his current position, Derek held IT management and technical roles at both large and small companies. In each role, he has focused on delivering excellent services, uptime and security for all the projects/staff he managed.

Derek holds an MBA from Willamette University and an undergraduate degree in Management Information Systems from Oregon State University. He has various security credentials including a CISSP and multiple GIAC certifications.

DATE: Thursday, May 10, 2018

Registration: 6:30 PM

Presentation: 7 :00 PM - 8:30 PM

RSVP by sending a confirmation email to Shelley Wark-Martyn @ [email protected]

Appetizers and drinks will be served.

We look forward to having you join us.

Website
Monday
Apr 16, 2018
OWASP Chapter Meeting: Alexei Kojenov on Deserialization Attacks
Cambia Health Solutions

Overview

Insecure deserialization was recently added to OWASP's list of the top 10 most critical web application security risks, yet it is by no means a new vulnerability category. Data serialization and deserialization have been used widely in applications, services and frameworks, with many programming languages supporting them natively. Deserialization got more attention recently as a potential vehicle to conduct several types of attacks: data tampering, authentication bypass, privilege escalation, various injections and, finally, remote code execution. Two recent vulnerabilities in Apache Commons and Apache Struts, both allowing remote code execution, helped raise awareness of this risk.

We will discuss how data serialization and deserialization are used in software, the dangers of deserializing untrusted input, and how to avoid insecure deserialization vulnerabilities.

Speaker

Alexei Kojenov is a Senior Application Security Consultant with years of prior software development experience. During his career with IBM, he gradually moved from writing code to breaking code. Since late 2016, Alexei has been working as a consultant at Aspect Security, helping businesses identify and fix vulnerabilities and design secure applications. Aspect Security was recently acquired by Ernst&Young and joined EY Advisory cybersecurity practice.



The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list: https://lists.owasp.org/mailman/listinfo/owasp-portland

Meetings are free and open to the public.

Website
Thursday
Mar 8, 2018
Portland OWASP - Container Security presentation by Deron Jensen
New Relic

Deron Jensen, manager of the Product Security team at New Relic, will speak about container security!

This presentation will show how the Linux kernel and container technologies can isolate and control the processes to provide a secure, isolated compute system. Docker or other technologies can be used to manage capabilities and securely deploy containers. This will demonstrate vulnerabilities unique to containers, and techniques to break out of vulnerable containers. We will show examples of deploying microservices securely with containers and areas that need further research to allow other applications to run securely in a private or public cloud.

Monday
Feb 26, 2018
OWASP February Chapter Meeting : Jon Bottarini on Bug Bounties
Jive Software

Jon Bottarini will be presenting on bug bounties (from both a hacker and a program perspective), common mistakes in the software development lifecycle that make it easier to find bugs, and what developers can do to understand their full attack surface.

Bio:

Jon Bottarini is a Technical Program Manager at HackerOne, where he is responsible for managing the bug bounty programs for the US Department of Defense and other companies looking to leverage talent from hacker-powered security. In his free time he is also a hacker and bug bounty hunter who has reported vulnerabilities to worldwide brands and organizations such as New Relic, Apple, Google, the US Department of Defense, and many more.

Twitter: https://www.twitter.com/jon_bottarini
LinkedIn: http://www.linkedin.com/in/jonbottarini

Website
Tuesday
Jan 23, 2018
OWASP: AppSec Testing Beyond Pen Test
Jama Software (New Office)

Abstract: Most web application security testing efforts are concentrated around penetration testing which is an art based on a hacker’s psyche, thought process, and determination to exploit vulnerabilities. But, does it yield a high level of confidence and sense of security in a developer’s mind? The answer is a “maybe” especially when the bad guy is obsessed with figuring out new exploits to hack your application. The web application developers have to think about intrinsic security - that is, building security throughout the SDLC. We build applications based upon well-formed customer requirements. Why should we not, then, build our applications based upon the fundamental principles of security and then harden security from the hacker’s perspective?

Bio: Principal consultant at Gupta Consulting LLC., Bhushan Gupta is passionate about development methods and tools that yield more secure web applications especially in the agile software development environment. As a researcher he has keen interest in understanding and applying fundamental principles and known methodologies to develop dependable and secure software solutions. His interests extend to Social Engineering and Attack Surface Analysis. Bhushan worked at Hewlett-Packard for 13 years in various roles including software quality lead, engineer, software process architect, and software productivity manager. He then developed a strong interest in web application security while working as a quality engineer for Nike Inc. Bhushan has been studying various facets of web application security and promoting how to apply common sense approach to build secure solutions. He is a certified Six Sigma Black Belt (HP and ASQ) and an adjunct faculty member at the Oregon Institute of Technology in Software Engineering. To learn more about Bhushan’s contributions to SDLC, visit www.bgupta.com

Website
Friday
Jan 19, 2018
Tech Academy Portland Meetup - 2-part Tech Talk Series: "Coding Securely - Minimizing Vulnerabilities" Part 2
The Tech Academy

Featured Speaker: Dr. Brent Wilson, Assoc. Professor of Computer Science at George Fox University

Using the OWASP (Open Web Application Security Project) Top-10 Vulnerability listing as a guide, we will look at the various vulnerabilities and investigate how they work along with the mitigations and defenses that developers need to employ to create secure software.


This is Part 2 of a 2-Part series of talks.

Come join us for fresh coffee, pizza, refreshments, and some great networking opportunities.

Lunch & Open Q/A 12:00-1:00
Tech Talk 1:00-2:00

Please RSVP to help us ensure we order enough food for everyone.

We look forward to seeing you!

Website