Viewing 0 current events matching “OWASP” by Date.

Sort By: Date Event Name, Location , Relevance , Default
No events were found.

Viewing 30 past events matching “OWASP” by Date.

Sort By: Date Event Name, Location , Relevance , Default
Wednesday
Nov 18
PDX OWASP - Automate OWASP ZAP Lunch and Learn with Roop Kaur
Online via Zoom

Overview: Use OWASP ZAP to detect web application vulnerabilities in a CI/CD pipeline; for this, how we automate ZAP with existing automation scripts.

Speaker: Roop Kaur, an engineer at Zapproved

RSVP: https://www.meetup.com/OWASP-Portland-Chapter/events/274622842/

Wednesday
Sep 16
PDX OWASP - Cloud Security Lunch and Learn with Ashish Patel
Virtual

Summary of the Talk: Automate The CloudSec Things - How to automate your response to security incidents within the public cloud space using your current security stack and AWS Lambda.

Speaker's Bio: Ashish Patel is a security engineer on the Box Infrastructure Security team. He usually lives in the realm of cloud security and automating security related tasks that scale across multiple clouds & attack surfaces.

RSVP: https://www.meetup.com/OWASP-Portland-Chapter/events/272846648/

Tuesday
Jul 21
OWASP Portland, Oregon - Secure Coding Tournament (Virtual)
through Virtual

Secure Code Warrior is going to be hosting a July virtual tournament for our OWASP Portland, Oregon chapter. It's free!

Improve your secure coding skills by joining the OWASP Portland Secure Coding tournament on July 21st 8:00AM PDT through July 24th 8:00PM PDT. The tournament allows you to compete against the other participants in a series of vulnerable code challenges that ask you to identify a problem, locate insecure code, and fix a vulnerability.

All challenges are based on the OWASP Top 10, and players can choose to compete in a range of software languages including Java EE, Java Spring, C# MVC, C# WebForms, Go, Ruby on Rails, Python Django & Flask, Scala Play, Node.JS, React, and both iOS and Android development languages.

Throughout the tournament, players earn points and watch as they climb to the top of the leaderboard. Prizes will be awarded to the top finishers! First place will receive a hoodie, and lots of bragging rights!

Tournament times: July 21- July 24th 8:00 AM 9:00 PM

Practice times: July 14th - July 21st 8:00 AM

RSVP: https://www.meetup.com/OWASP-Portland-Chapter/events/271638472/

Thursday
Jul 16
Portland OWASP Study Night - Secure Code Warrior Tournament Study Session
Virtual

Topic - Secure Code Warrior Tournament Study Session. We'll cover how to register for our upcoming tournament, cover the game rules, navigate through the menus and do a few practice challenges. Let's be new to this together! This meeting will also be recorded and posted to the PDX OWASP YouTube channel.

Host: Samuel Lemly

RSVP: https://www.meetup.com/OWASP-Portland-Chapter/events/271905106/

Tuesday
Jun 9
Portland, Oregon OWASP Study Night (Virtual) - Detect Complex Code Patterns Using Semantic Grep
Virtual Meeting

RSVP: https://www.meetup.com/OWASP-Portland-Chapter/events/271144214/

Abstract: We’ll discuss a program analysis tool we’re developing called Semgrep. It's a multilingual semantic tool for writing security and correctness queries on source code (for Python, Java, Go, C, and JS) with a simple “grep-like” interface. The original author, Yoann Padioleau, worked on Semgrep’s predecessor, Coccinelle, for Linux kernel refactoring, and later developed Semgrep while at Facebook. He’s now full time with us at r2c.

Semgrep is a free open-source program analysis toolkit that finds bugs using custom analysis we’ve written and OSS code checks. Semgrep is ideal for security researchers, product security engineers, and developers who want to find complex code patterns without extensive knowledge of ASTs or advanced program analysis concepts.

Speaker bio: Clint Gibler (@clintgibler) is the Head of Security Research for r2c, a small startup working on giving security tools directly to developers. Previously, Clint was a Research Director at NCC Group, a global security consulting firm, where he helped companies implement security automation and DevSecOps best practices as well as performed penetration tests for companies ranging from large enterprises to new startups.Clint has previously spoken at conferences including BlackHat USA, AppSec USA/EU/Cali, BSidesSF, and DevSecCon Seattle/London/Tel Aviv/Singapore. Clint holds a Ph.D. in Computer Science from the University of California, Davis.Want to keep up with security research? Check out tl;dr sec, Clint’s newsletter that contains summaries of artisanally curated, top talks and useful security links and resources from around the web.

RSVP: https://www.meetup.com/OWASP-Portland-Chapter/events/271144214/

Thursday
May 21
OWASP PDX - Yes, You Too Can Break Crypto: Exploiting Common Crypto Mistakes
Zoom Online - See link at Meetup page

Abstract Cryptography is tricky. Sure, everybody knows not to roll out their own crypto, but is it enough? Are the standard algorithms, libraries, and utilities always used the right way? This is of course a rhetorical question! Humans keep making mistakes that other humans can exploit, and Murphy’s law continues to prove true: “If there is a wrong way to do something, then someone will do it.” In this talk, not only will we discuss what can go wrong, but also how attackers could take advantage of that. Insufficient entropy? Static initialization vector? Key reuse in stream cipher? Lack of ciphertext integrity? We’ve heard these terms and may be familiar with them in theory, but let’s see actual examples of these and other crypto mistakes and corresponding exploits, and understand how they could lead to real life problems. Are you not on an offensive team and not interested in exploitation? Then this talk is for you too! Come and learn how to avoid common crypto mistakes in your code!

Bio Alexei began his career as a software developer. A decade later, he realized that breaking code was way more fun than writing code, and decided to switch direction. He is now a full-time application security professional, with several years of assisting various development teams in delivering secure code, as well as security consulting. He holds OSCP and CISSP, and currently works as a lead product security engineer for Salesforce.

RSVP: https://www.meetup.com/OWASP-Portland-Chapter/events/270404725/

Tuesday
Apr 21
Portland OWASP Training Night (Virtual) - Learn 10 Things About Wireshark
Online

In this class, we'll briefly go over the 10 things that I would like to show anyone using wireshark. There are no prerequisites for this presentation. If you would like to follow along please install the most recent 3.x version of Wireshark. Example packet captures will be provided.

Kevan Vanhoff is a Network Security Engineer living in Portland, Oregon.

RSVP: https://www.meetup.com/OWASP-Portland-Chapter/events/270075900/

Wednesday
Apr 15
Portland OWASP (Virtual) - Crypto 101 with Brian Ventura
Zoom Online - See link at Meetup page

They told me to use encryption and it will solve all our problems! What is encryption and cryptography, and why is it important? The web uses certificates to encrypt. How do they fit in? What are they? We will discuss the 3 types of encryption: symmetric, asymmetric and hashing, what they do, how are they different, and how are they used in the real world.

Bio: Brian Ventura is an Information Security Architect with 20 years of industry experience. With a diverse background in consulting, public and private sector, and project management; Brian brings a comprehensive view of security and technology. As an architect, he currently focuses on enterprise information security governance, risk and compliance. Brian advises public and private entities on security best practices generally and within large projects.

Additional meeting details will be messaged to all Meetup RSVP attendees later.

RSVP: https://www.meetup.com/OWASP-Portland-Chapter/events/269992111/

Wednesday
Mar 18
Portland OWASP - Kendra Ash - Security Mixer!
New Relic

Join us for a night of networking and discussion about security. Kendra will kick it off with a short talk about how to make friends with your developers through automation. Then we will split up into groups and allow people to discuss cloud security, application security, devops and jobs.

Bio: Kendra Ash (@securelykash) is a security engineer at Vacasa, actively building out an application security program by leveraging guidance from her network and incorporating industry standards. She is also actively involved with the Portland OWASP chapter.

RSVP: https://www.meetup.com/OWASP-Portland-Chapter/events/268903220/

Tuesday
Mar 3
Exploring OWASP Juice Shop (with Burp Suite)
CTRL-H

In this class, we’ll be exploring how to find the vulnerabilities in OWASP Juice Shop with Burp Suite (and maybe some other security tools if we get some time). You’ll learn to set up the environment to play with in your own time. As well as learning to practically apply the different features of Burp Suite and when it is and isn’t the most optimal tool. This will help you to reproduce security vulnerabilities or help find them for bug bounty programs.

Bio: Jordan is an Application Security Engineer at New Relic and a graduate from the University of Pittsburgh with a degree in computer science. She’s Champion ranked in Rocket League and does yoga in her free time.

Seating is limited

RSVP: https://www.meetup.com/OWASP-Portland-Chapter/events/269026936/

OWASP Juice Shop: https://owasp.org/www-project-juice-shop/

Burp Suite CE: https://portswigger.net/burp/releases/professional-community-2020-1?requestededition=community

Tuesday
Feb 18
Portland OWASP Study Night: Intro to Threat Modeling with Ray and Zak
CTRL-H

Threat modeling is a vital skill for security hats of all colors, as well as for product designers, managers and developers. Ray is a Life Coach and Conspiracy Theorist. He does AppSec in his non-spare time for money. Zak is an Application Security Engineer with many years of development experience.

Bring your own dinner/snacks. No provided pizza.

Study Nights are smaller, bitesize, digestible, skill building mini lectures or workshops for those interested in learning new skills, tools, tricks, or new CTF challenges. It’s also meant for members to practice communication skills and teamwork in a supportive environment.

Study Nights meet the first Tuesday of each month at the ^H hackerspace in North Portland. Doors will be at 7pm, event will start at 7:30pm and wrap up by 8:30. Please bring your computer with Burp Suite installed and preferred note taking mechanisms.

Seating is limited

RSVP: https://www.meetup.com/OWASP-Portland-Chapter/events/268231564/

Tuesday
Feb 11
Portland OWASP Chapter Meeting: CMD+CTRL Web Application Cyber Range
Zapproved

Want to test your skills in identifying web app vulnerabilities? Join OWASP Portland and Security Innovation as members compete in CMD+CTRL, a web application cyber range where players exploit their way through hundreds of vulnerabilities that lurk in business applications today. Success means learning quickly that attack and defense is all about thinking on your feet.

For each vulnerability you uncover, you are awarded points. Climb the interactive leaderboard for a chance to win fantastic prizes! CMD+CTRL is ideal for development teams to train and develop skills, but anyone involved in keeping your organization’s data secure can play - from developers and managers and even CISOs.

All you need is your laptop and your inner evil-doer.

Register early to reserve your spot and get a sneak peek at our cheat sheets and FAQs!

Website
Monday
Jan 13
Portland OWASP Chapter Meeting - Introduction to Burp Suite with Ryan Krause
Vacasa

Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application’s attack surface, through to finding and exploiting security vulnerabilities. Burp gives you full control, letting you combine advanced manual techniques with state-of-the-art automation, to make your work faster, more effective, and more fun.

The speaker covers the basics of the tool along with real-world experiences and techniques that can help you as a pen tester.

Speaker: Ryan Krause

Ryan is a penetration tester based in the Portland, Oregon area. He has worked in various areas of the security field for the past 11 years for companies such as HP, eEye Digital Security/BeyondTrust, and Comcast with a primary focus on application security and development. He is currently a consultant at NetSPI where he performs web and network penetration tests and assists clients with reducing their overall security exposure.

Website
Tuesday
Jan 7
Portland OWASP Study Night: Burp Suite Basics with Sophia Anderson
Ctrl-H / PDX Hackerspace

Happy New Year! Welcome to our second ever OWASP PDX study night. Our January topic will be "Burp Suite Basics" presented by Sophia Anderson. Sophia is a security consultant for NetSPI performing web application penetration tests for Fortune 500 clients to discover vulnerabilities. Sorry no pizza unless you want to bring :).

Study Nights are smaller, bitesize, digestible, skill building mini lectures or workshops for those interested in learning new skills, tools, tricks, or new CTF challenges. It’s also meant for members to practice communication skills and teamwork in a supportive environment.

Study Nights meet the first Tuesday of each month at the ^H hackerspace in North Portland. Doors will be at 7pm, event will start at 7:30pm and wrap up by 8:30. Please bring your computer with Burp Suite installed and preferred note taking mechanisms.

Seating is limited

RSVP: https://www.meetup.com/OWASP-Portland-Chapter/events/267644393/

Website
Tuesday
Dec 10, 2019
Portland OWASP Chapter Meeting: So You Want to Teach Security? Bully for You!
Autodesk Inc

This talk focuses on building a security curriculum and teaching it, whether individually, at the workplace or in academia. Start with the following question: Am I the right person to do it? A novice can be downright dangerous, while an expert who can't teach as useful as a waterproof teabag. Security education is the first line of defense, but who trains the trainers? Are students getting their money's worth? What differentiates your training from others? Join the speaker to share life lessons, funny anecdotes, and useful advice on lecturing, "curriculuming", and critiquing. Learn what it means to containerize a syllabus, deploy labs in a continuous integration-like environment using open source tools and why markdown is a better tool than PowerPoint for creating new content. Consider security textbooks as obsolete, "office hours" mandatory, and the impact of the Family Educational Rights and Privacy Act (FERPA). There will be a test at the end of the talk.

Speaker: John L. Whiteman

John is a product security expert and instructor at Intel in Oregon. He's also a part-time adjunct instructor teaching cybersecurity at the University of Portland. In a past life, John was a shipboard and classroom instructor in the United States Navy, training hundreds of sailors in the dark arts of passive sonar and torpedo countermeasure systems (in case the former didn't pan out). He also did a stint as a news director for a small radio station in Colorado. John has an M.S. in Computer Science from Georgia Tech and a B.A. in Asian Studies from the University of Maryland UC. He holds CISSP, CCSP and CEH security certifications. John blogs and loves to podcast for the OWASP chapter in Portland.

Website
Tuesday
Dec 3, 2019
Study Night: Introduction to the Command Line Debugger GDB
^H Hackerspace, 7608 North Interstate Avenue, Portland, OR, United States

The OWASP Portland Chapter is pleased to announce regular Study Nights. Study Nights are smaller, bitesize, digestible, skill building mini lectures or workshops for those interested in learning new skills, tools, tricks, or new CTF challenges. It’s also meant for members to practice communication skills and teamwork in a supportive environment.

Study Nights will meet the first Tuesday of each month at the ^H hackerspace in North Portland. Doors will be at 7pm, event will start at 7:30pm and wrap up by 8:30. Please bring your computer and preferred note taking mechanisms.

The December topic will be an introduction to the command line debugger GDB, presented by Allison Naaktgeboren. Please be sure to have GDB installed if it is not installed by default and your preferred command line interface available.

Website
Tuesday
Nov 12, 2019
Portland OWASP Chapter Meeting: Overcoming Your Greatest InfoSec Adversary: You!
Zapproved

Tips on formulating complete sentences without acronyms, learning to pretend you aren't the smartest person in the room, choosing the right animations for your PowerPoint presentations, and more! Let's be honest, you probably didn't get into info-sec because of your love for public speaking, your mastery of written and verbal communication, or your highly-tuned social skills! Regardless, these things are key to your success or failure in info-sec. Dare to join me for a frank if somewhat tongue-in-cheek conversation regarding strategies for simplifying complex conversations, recognizing and overcoming common communication obstacles, translating leet-speak to business language and creating effective visual presentations.

Speaker: Patterson Cake

Patterson has been in information technology for over 20 years, focusing on security for the past several years in offensive, defensive and leadership roles. He is the founder of Haven Information Security, an instructor for SANS, and the Principal Cybersecurity Engineer for PeaceHealth.

Website
Wednesday
Oct 9, 2019
Portland OWASP - Threat Modeling in 2019 with Adam Shostack
New Relic

Attacks always get better, so your threat modeling needs to evolve. Learn what's new and important in threat modeling in 2019. Computers that are things are subject to different threats, and systems face new threats from voice cloning and computational propaganda and the growing importance of threats “at the human layer.” Take home actionable ways to ensure your security engineering is up to date.

Speaker: Adam Shostack Adam is a leading expert on threat modeling, and a consultant, entrepreneur, technologist, author and game designer. He's a member of the BlackHat Review Board, and helped create the CVE and many other things. He currently helps many organizations improve their security via Shostack & Associates, and advises startups including as a Mach37 Star Mentor. While at Microsoft, he drove the Autorun fix into Windows Update, was the lead designer of the SDL Threat Modeling Tool v3 and created the "Elevation of Privilege" game. Adam is the author of Threat Modeling: Designing for Security, and the co-author of The New School of Information Security.

Website
Tuesday
Aug 13, 2019
Portland OWASP: Using Graph Theory to Understand Security with Tim Morgan
Simple

Using Graph Theory to Understand Security

Information security is hard. It must be, because we keep getting hacked. One aspect that makes it so difficult is the level of complexity that exists in even a modestly-sized digital infrastructure. Humans can consider only so many security relationships, trust boundaries, and attack scenarios at once. This complexity makes it hard to decide where to focus our defensive resources and we're regularly led astray by the latest shiny tool or security advisory. Remarkably, our adversaries actually have a similar challenge: once a digital intruder gains a foothold in an environment that is completely new to them, how do they know what next steps they should take to efficiently achieve their goal? The environments they attack are not only complex, they are also unexplored landscapes that must be mapped out.

This is where graph theory can lend a hand. Several open source tools, such as BloodHound and Infection Monkey, provide intruders (whether that be your friendly neighborhood pentester or your adversaries) with easy ways to map out infrastructures and identify the quickest path to your crown jewels. While this is certainly alarming, we can also use these tools ourselves to find out what our infrastructures look like in the eyes of an attacker.

In this talk, Tim will provide a brief introduction to graph theory, show some demos of the free tools that use it, and discuss how he is using these techniques to build automated threat models "at scale" to make defenders' lives easier.

Speaker: Timothy Morgan

After earning his computer science degrees (B.S., Harvey Mudd College and M.S., Northeastern University) and spending a short time as a software developer, Tim began his career in application security and vulnerability research. In his work as a consultant over the past 14 years, Tim has led projects as varied as application pentests, incident response, digital forensics, secure software development training, phishing exercises, and breach simulations. Tim has also presented his independent research on Windows registry forensics, XML external entities attacks, web application timing attacks, and practical application cryptanalysis at conferences such as DFRWS, OWASP's AppSec USA, BSidesPDX, and BlackHat USA.

For the past three years Tim has been building an innovative new risk-based vulnerability management product (DeepSurface) that helps his customers gain a much deeper understanding of the complex relationships present in their digital infrastructures. Visit kanchil.com to learn more about Tim's latest R&D effort.

Website
Wednesday
Jul 10, 2019
Portland OWASP - The Easy (and Secure!) Way to Build JavaScript Web Apps with OAuth 2 & OIDC with Jake Feasel
New Relic

What are the best current practices for building modern, completely standards-based (OIDC) web applications? Which flow should you use? How should you renew expired access tokens? How do you work with multiple resource servers? How do you achieve single-sign on? How can you make logging into your app as seamless as possible? We will demonstrate how simple it is to do all of this using open source libraries maintained by ForgeRock. Together we will deep dive into what these libraries are doing for you behind the scenes: PKCE, service workers, IndexedDB storage, hidden iframes, and more. In the end you will have all the tools at your disposal to easily build your next modern web app with OIDC.

Jake Feasel Developer Experience Lead; Forgerock

Jake has been working in the web platform for 20 years, all the while primarily interested in the use of standards and open source technologies. Jake is currently a senior engineer at ForgeRock, where he has been for the last seven years. He is most recently responsible for improving the ways in which developers interact with the ForgeRock Identity Platform.

Website
Wednesday
Jun 19, 2019
Portland OWASP - Security Requirement Elicitation with Bhushan Gupta
CloudBolt Software

Web Application Security spreads over the application functionality, the platform it is running on, the development and deployment environment, third-party applications used, and last but not least, the open source code it utilizes. The requirements breadth is mind-boggling. You ignore any of these aspects and you become vulnerable.

This talk will discuss a structured approach to establish essential security requirements based on the CIA triad. The discussion will then expand over how these requirements manifest in the industry standards such as PCI, Government agencies, and globally. It will also delve into third party and open source code scenarios. The audience will take home a checklist of different aspects of security requirements to consider when building a Web application.

Bio: Bhushan Gupta, Gupta Consulting, LLC.

Proven champion for quality and well-versed with software quality engineering, and an AppSec researcher, Bhushan is the principal consultant at Gupta Consulting, LLC. A Certified Six Sigma Black Belt (ASQ), he possesses deep and broad experience in solving complex problems, change management, and coaching and mentoring. As a member of Open Web Application Security Project (OWASP), he is dedicated to driving the AppSec to higher levels via integration of security into Agile software development life cycle. His research areas are: elicitation of security requirements, comprehensive testing approaches beyond penetration testing, application of test tools and use of AI (Machine Learning) in secure web application development.

Bhushan has a MS in Computer Science (1985) from New Mexico Tech and has worked at Hewlett-Packard and Nike Inc. in various roles. He was a faculty member at the Oregon Institute of Technology, Software Engineering department, from 1985 to 1995 and is currently an Adjunct Faculty member.

Website
Tuesday
May 14, 2019
Portland OWASP - InfoSec and AppSec: Recruiting, Interviewing, Hiring Q&A
Zapproved

Following up Ryan Krause's talk on breaking into the cybersecurity industry, May's chapter meeting hosted by Zapproved will offer attendees an opportunity to hear from hiring managers and InfoSec/AppSec leaders on what they look for in hiring for their roles and thoughts on career progression. Attendees will have ample opportunity to ask questions and engage our panel.

Panel:

Zefren Edior - Umpqua Bank

Zefren currently works at Umpqua Bank, and he is the Information Security Assurance Lead. He has 10 plus years of experience in IT operations, information security, risk management, compliance and audit. He mentors and advises students, who have worked at public accounting firms, big tech companies, and startups. He is passionate about technology, cybersecurity, and helping people align their knowledge, skills, and abilities to achieve personal and professional growth.

Patterson Cake - Haven Information Security / PeaceHealth

Patterson has been in information technology for over 20 years, focusing on security for the past several years in offensive, defensive and leadership roles. He is the founder of Haven Information Security, an instructor for SANS, and the Principal Cybersecurity Engineer for PeaceHealth.

Josha Bronson - Bronsec

Josha is a founder at bronsec, working with clients big and small on all aspects of security. Former security team founder at yammer.

Sam Harwin - Salesforce

Sam leads a technical team of security engineers that assess a wide variety of Enterprise facing infrastructure for the organization. They focus on performing technical security testing, risk assessments, and providing business risk guidance on a wide variety of infrastructure technologies such as operating systems (Mac, Linux, Windows, iOS, Android), devices (mobile, embedded technologies, IOT), networks (wired, wireless, cloud), and applications (endpoint, mobile, public cloud).

Philip Jenkins - Zapproved

Philip is director of compliance and IT at Zapproved. He has over 20 years’ experience in IT security, network management, system engineering, and IT processes. His past experience includes Director of Security at Jama Software and CISO at Strands Finance. Philip holds his CISSP and CISM certifications and is a recognized leader in information security. He is active in (ISC)2, ISACA, OWASP, InfraGard, and ISSA.

Website
Thursday
May 2, 2019
PASCAL Hackerspace - AlgoBytes: Algorithms for Hackers!
PASCAL

Topic: Review of material so far by student request: Big O, arrays, linked lists, hashing and hashes.

PASCAL Hackerspace is happy to announce a new bimonthly workshop! One of the core goals of our organization is to provide educational opportunities to people in the information security and technical communities of Portland, and with AlgoBytes we get to do exactly that!

AlgoBytes is an informal workshop series to learn a bit more about the formal foundations of the field of computer science and about core data structures/algorithms frequently used for interviews, whether you've never explored them before or need a refresher.

Each 60 minute session we will focus on a different topic, although we may repeat them if there are requests to revisit material. Currently there will be 20-30 minutes of presentation, a walk through of a problem, usually followed by breaking into small groups to practice. Attending sequential events is probably helpful if the material is new to you, but not required.

Topics announced about 2 weeks in advance

Please bring your preferred note-taking device(s) and preferred scratch paper.

A laptop with your editor & language of choice may be handy for trying out your solutions- especially important if you are prepping for technical interviews, but is not at all required.

The PASCAL board is excited to be hosting this event alongside a very accomplished and brilliant woman in security-

Allison Marie Naaktgeboren is a Senior Software Engineer. She has previously written (and regretted) code at Mozilla, Amazon, Cisco, FactSet Research Systems, and the Biorobotics Laboratory in Carnegie Mellon’s Robotics Institute. Allison holds a Bachelor’s Degree in Computer Science from Carnegie Mellon University in Pittsburgh.

Allison is a mentor in the PDXWiT mentorship program, supports the Women Who Code Portland Algorithms track, and mentors high school students in robotics and programming (Go Rebel @lliance!) She is a member of PASCAL & the OWASP Portland chapter.

Website
Thursday
Apr 18, 2019
PASCAL Hackerspace - AlgoBytes: Algorithms for Hackers!
PASCAL

PASCAL Hackerspace is happy to announce a new bimonthly workshop! One of the core goals of our organization is to provide educational opportunities to people in the information security and technical communities of Portland, and with AlgoBytes we get to do exactly that!

AlgoBytes is an informal workshop series to learn a bit more about the formal foundations of the field of computer science and about core data structures/algorithms frequently used for interviews, whether you've never explored them before or need a refresher.

Each 90 minute session we will focus on a different topic, although we may repeat them if there are requests to revisit material. Currently there will be 20-30 minutes of presentation, a walk through of a problem, followed by breaking into small groups to practice. Attending sequential events is probably helpful if the material is new to you, but not required.

Theme: Hashes & Hashing.

Please bring your preferred note-taking device(s) and preferred scratch paper.

A laptop with your editor & language of choice may be handy for trying out your solutions- especially important if you are prepping for technical interviews, but is not at all required.

The PASCAL board is excited to be hosting this event alongside a very accomplished and brilliant woman in security-

Allison Marie Naaktgeboren is a Senior Software Engineer. She has previously written (and regretted) code at Mozilla, Amazon, Cisco, FactSet Research Systems, and the Biorobotics Laboratory in Carnegie Mellon’s Robotics Institute. Allison holds a Bachelor’s Degree in Computer Science from Carnegie Mellon University in Pittsburgh.

Allison is a mentor in the PDXWiT mentorship program, supports the Women Who Code Portland Algorithms track, and mentors high school students in robotics and programming (Go Rebel @lliance!) She is a member of PASCAL & the OWASP Portland chapter.

Website
Wednesday
Apr 10, 2019
Portland OWASP - OWASP Top Ten For Javascript Developers with Lewis Ardern
New Relic

OWASP Top 10 for JavaScript Developers

The OWASP Top 10 is a powerful awareness document for web application security. It represents a broad consensus about the most critical security risks to web applications.

With the release of the OWASP TOP 10 2017 we saw new issues rise as contenders of most common issues in the web landscape. Much of the OWASP documentation displays issues, and remediation advice/code relating to Java, C++, and C#; however not much relating to JavaScript. JavaScript has drastically changed over the last few years with the release of Angular, React, and Vue, alongside the popular use of NodeJS and its libraries/frameworks. This talk will introduce you to the OWASP Top 10 explaining JavaScript client and server-side vulnerabilities.

Lewis Ardern is a Senior Security Consultant at Synopsys. His primary areas of expertise are in web security and security engineering. Lewis enjoys creating and delivering security training to various types of organizations and institutes in topics such as web and JavaScript security. He is also the founder of the Leeds Ethical Hacking Society and has helped develop projects such as bXSS (https://github.com/LewisArdern/bXSS) and SecGen (https://github.com/cliffe/secgen).

Website
Thursday
Apr 4, 2019
PASCAL Hackerspace - AlgoBytes: Algorithms for Hackers!
PASCAL

PASCAL Hackerspace is happy to announce a new bimonthly workshop! One of the core goals of our organization is to provide educational opportunities to people in the information security and technical communities of Portland, and with AlgoBytes we get to do exactly that!

AlgoBytes is an informal workshop series to learn a bit more about the formal foundations of the field of computer science and about core data structures/algorithms frequently used for interviews, whether you've never explored them before or need a refresher.

Each 90 minute session we will focus on a different topic, although we may repeat them if there are requests to revisit material. Currently there will be 20-30 minutes of presentation, a walk through of a problem, followed by breaking into small groups to practice. Attending sequential events is probably helpful if the material is new to you, but not required.

First Session's Theme: Analysis Foundations

What is an algorithm, besides a scary word?
I'm a practical person, why do I care?
What is a data structure?
What is complexity analysis?
What is Big O? Big Theta? Big Omega?
How do I apply them?

Please bring your preferred note-taking device(s) and preferred scratch paper.

A laptop with your editor & language of choice may be handy for trying out your solutions- especially important if you are prepping for technical interviews, but is not at all required.

The PASCAL board is excited to be hosting this event alongside a very accomplished and brilliant woman in security-

Allison Marie Naaktgeboren is a Senior Software Engineer. She has previously written (and regretted) code at Mozilla, Amazon, Cisco, FactSet Research Systems, and the Biorobotics Laboratory in Carnegie Mellon’s Robotics Institute. Allison holds a Bachelor’s Degree in Computer Science from Carnegie Mellon University in Pittsburgh.

Allison is a mentor in the PDXWiT mentorship program, supports the Women Who Code Portland Algorithms track, and mentors high school students in robotics and programming (Go Rebel @lliance!) She is a member of PASCAL & the OWASP Portland chapter.

Website
Thursday
Mar 21, 2019
Symposium: ½ Day Hackathon
2035 Northeast Cornelius Pass Road Hillsboro, OR 97124

A complimentary coffee bar, breakfast snacks and lunch will be provided.

We are partnering again with Security Innovation to provide an immersive hands-on hacking experience for our February 2019 ISSA symposium.

Compete against your fellow ISSA Portland members and guests in a contest of hacking skills to attack and breach the “Shred Retail” site.

This event will provide value for everyone from a non-coder with zero hacking experience to a seasoned penetration tester. There are challenges for all skill levels and interest built into the site and we will have expert help on hand to help anyone who wants it.

Those registering for the event will be provided with a complimentary code for 30-day access to the Security Innovations OWASP 2017 Series training. Course details can be found here:

https://www.securityinnovation.com/course-catalog/application-security/secure-design/owasp-2017-series

This code will be provided at least 14 days prior to the event.

Amazon gift cards will be given for:

Highest score - $100 Runner up - $50 Hardest vulnerability - $50 First vulnerability - $25 You will need to bring a laptop with the following:

Recent version of Firefox installed with the FireBug Extension Recent Java Runtime installed. Many thanks to Salesforce for the coffee bar and for hosting this event.

Snacks and lunch are sponsored by:

Space is limited, so please register soon.

Website
Tuesday
Mar 12, 2019
Portland OWASP - Breaching the Cyber Security Job Industry with Ryan Krause
Simple 120 SE Clay St Floor 2, Portland, OR 97214

Breaching the Cyber Security Job Industry

Despite the growing popularity of the cyber security industry, many job hunters still find it challenging to break into the field. With numerous entry-level cyber security jobs requiring one, two, or sometimes even three years of security-related experience, how are inexperienced applicants supposed to get their foot in the door?

This talk will discuss some of the challenges that potential employees face while looking for careers in the cyber security industry. It will explore potential career paths for new high school and college graduates, mid-career employees with a technical background, as well as mid-career employees with no technical background. The discussion will also focus on ways to help position yourself for success in the industry, touching on security internships, university diplomas, industry certificates, Portland-based security meetings, and self-study resources.

Ryan Krause is a penetration tester based in the Portland, Oregon area. He has worked in various areas of the security field for the past 11 years for companies such as HP, eEye Digital Security/BeyondTrust, and Comcast with a primary focus on application security and development. He is currently a consultant at NetSPI where he performs web and network penetration tests and assists clients with reducing their overall security exposure.

Website
Tuesday
Feb 26, 2019
Portland OWASP Chapter Meeting - Building a Security Program From Nothing with Kendra Ash
Vacasa

Companies are starting to build security programs with no prior experience as awareness about cyber threats increases. Often this is at a later stage when the company has a fully staffed engineering team and accumulated security debt. This talk is about how to build a security program from nothing using stakeholder analysis and risk assessments to help prioritize remediation efforts and avoid getting overwhelmed. A healthy and effective security program relies on building relationships throughout the company, enlisting security champions, and leveraging tooling and automation as effectively as possible. Kendra Ash will be sharing some of the lessons learned on our journey building a security program from scratch over the last several months.

Kendra Ash (@securelykash) is an information security engineer at Vacasa, actively building a security team and program by leveraging guidance from her network and industry standards.

Website
Thursday
Feb 21, 2019
PASCAL Hackerspace - AlgoBytes: Algorithms for Hackers!
PASCAL

PASCAL Hackerspace is happy to announce a new bimonthly workshop! One of the core goals of our organization is to provide educational opportunities to people in the information security and technical communities of Portland, and with AlgoBytes we get to do exactly that!

AlgoBytes is an informal workshop series to learn a bit more about the formal foundations of the field of computer science and about core data structures/algorithms frequently used for interviews, whether you've never explored them before or need a refresher.

Each 90 minute session we will focus on a different topic, although we may repeat them if there are requests to revisit material. Currently there will be 20-30 minutes of presentation, a walk through of a problem, followed by breaking into small groups to practice. Attending sequential events is probably helpful if the material is new to you, but not required.

First Session's Theme: Analysis Foundations

What is an algorithm, besides a scary word?
I'm a practical person, why do I care?
What is a data structure?
What is complexity analysis?
What is Big O? Big Theta? Big Omega?
How do I apply them?

Please bring your preferred note-taking device(s) and preferred scratch paper.

A laptop with your editor & language of choice may be handy for trying out your solutions- especially important if you are prepping for technical interviews, but is not at all required.

The PASCAL board is excited to be hosting this event alongside a very accomplished and brilliant woman in security-

Allison Marie Naaktgeboren is a Senior Software Engineer. She has previously written (and regretted) code at Mozilla, Amazon, Cisco, FactSet Research Systems, and the Biorobotics Laboratory in Carnegie Mellon’s Robotics Institute. Allison holds a Bachelor’s Degree in Computer Science from Carnegie Mellon University in Pittsburgh.

Allison is a mentor in the PDXWiT mentorship program, supports the Women Who Code Portland Algorithms track, and mentors high school students in robotics and programming (Go Rebel @lliance!) She is a member of PASCAL & the OWASP Portland chapter.

Website