tag:calagator.org,2005:/events/searchCalagator: Events tagged with: owasp2024-01-03T11:22:25-08:00tag:calagator.org,2005:Calagator::Event/12504581252010-01-04T21:02:13-08:002011-10-09T05:10:24-07:00Portland OWASP Chapter MeetingTuesday, January 19, 2010 from 4-5pm at U.S. Bancorp Towerhttp://calagator.org/events/12504581252010-01-19T16:00:00-08:002010-01-19T17:00:00-08:00<div class="vevent">
<h1 class="summary">Portland OWASP Chapter Meeting</h1>
<div class='date'><time class="dtstart dt-start" title="2010-01-19T16:00:00" datetime="2010-01-19T16:00:00">Tuesday, January 19, 2010 from 4</time>–<time class="dtend dt-end" title="2010-01-19T17:00:00" datetime="2010-01-19T17:00:00">5pm</time></div>
<div class="location vcard">
<a href='/venues/202392950' class='url'>
<span class='fn org'>U.S. Bancorp Tower</span>
</a>
<div class="adr">
<div class="street-address">111 SW 5th Avenue</div>
<span class="locality">Portland</span>
, <span class="region">Oregon</span>
<div class='country-name'>United States<div>
(<a href='https://maps.google.com/maps?q=111%20SW%205th%20Avenue,%20Portland%20Oregon%20%20United%20States'>map</a>)
</div>
</div>
<div class="description">
<p>We'll meet in the Morrison room on the third floor. Stop at the security desk up front if you have any problems, or give me a call (801-372-9378).</p>
<p>Travis Spencer has offered to give us a talk about <a href="http://en.wikipedia.org/wiki/Security_Assertion_Markup_Language">SAML</a>, federation, and identity.</p>
<p>For notices on future meetings, please sign up on the Portland OWASP mailing list (low volume):
<a href="https://lists.owasp.org/mailman/listinfo/owasp-portland">https://lists.owasp.org/mailman/listinfo/owasp-portland</a></p>
</div>
<h3>Links</h3>
<ul>
<li><a class="url" href="http://www.owasp.org/">Website</a></li>
</ul>
<div class="tags">
<h3>Tags</h3>
<p><a class="p-category" href="/events/tag/owasp">owasp</a>, <a class="p-category" href="/events/tag/saml">saml</a>, <a class="p-category" href="/events/tag/security">security</a>, <a class="p-category" href="/events/tag/web security">web security</a></p>
</div>
<div class='single_view_right'>
<a href='http://calagator.org/events/1250458125.ics'>Download to iCal</a>
<div id='edit_link'>
<p>You can <a href="http://calagator.org/events/1250458125/edit">edit this event</a>.</p>
</div>
<div id='metadata'>
This item was added directly to Calagator <br /><strong>Monday, January 4, 2010 at 9:02pm</strong> and last updated <br /><strong>Sunday, October 9, 2011 at 5:10am</strong>.
</div>
</div>
</div>
45.5226 -122.676tag:calagator.org,2005:Calagator::Event/12504604472011-04-07T11:14:18-07:002011-04-07T11:14:18-07:00NW ISSA Security SummitThursday, April 21, 2011 from 8am-5:30pmhttp://calagator.org/events/12504604472011-04-21T08:00:00-07:002011-04-21T17:30:00-07:00<div class="vevent">
<h1 class="summary">NW ISSA Security Summit</h1>
<div class='date'><time class="dtstart dt-start" title="2011-04-21T08:00:00" datetime="2011-04-21T08:00:00">Thursday, April 21, 2011 from 8am</time>–<time class="dtend dt-end" title="2011-04-21T17:30:00" datetime="2011-04-21T17:30:00">5:30pm</time></div>
<div class="description">
<p>Hosted by the ISSA – Portland Chapter, the NW ISSA Security Summit, held in conjunction with InnoTech Oregon, returns April 21st to the Oregon Convention Center. Join us for this one-day, in-depth conference that highlights the latest in the IT Security landscape. If you only go to one conference this year, make this the one!</p>
<p>The NW ISSA Security Summit will feature three (3) distinct conference tracks:
1) Business</p>
<p>2) Application Development</p>
<p>3) Technology</p>
<p>Each track will be comprised of top notch sessions from leading industry professionals. Whether you are an application developer, security manager, IT manager, engineer,
auditors, CISO, CTO, Project Manager, or just simply interested in the security sector, the Summit is meaningful to you. Mark your calendars for April 21st and we’ll see you there! Go to <a href="http://www.nwsecuritysummit.com">www.nwsecuritysummit.com</a> to REGISTER and more information.</p>
</div>
<h3>Links</h3>
<ul>
<li><a class="url" href="http://www.innotechoregon.com/oregon/about-2/nw-issa-security-conference/">Website</a></li>
</ul>
<div class="tags">
<h3>Tags</h3>
<p><a class="p-category" href="/events/tag/issa">issa</a>, <a class="p-category" href="/events/tag/owasp">owasp</a>, <a class="p-category" href="/events/tag/security">security</a></p>
</div>
<div class='single_view_right'>
<a href='http://calagator.org/events/1250460447.ics'>Download to iCal</a>
<div id='edit_link'>
<p>You can <a href="http://calagator.org/events/1250460447/edit">edit this event</a>.</p>
</div>
<div id='metadata'>
This item was added directly to Calagator <br /><strong>Thursday, April 7, 2011 at 11:14am</strong>.
</div>
</div>
</div>
tag:calagator.org,2005:Calagator::Event/12504608612011-07-25T09:54:55-07:002011-07-25T10:04:18-07:00How to Avoid Being the Next Security Breach Headline (OWASP v3)Thursday, August 4, 2011 from 11am-1pm at Kells Irish Restaurant & Pubhttp://calagator.org/events/12504608612011-08-04T11:00:00-07:002011-08-04T13:00:00-07:00<div class="vevent">
<h1 class="summary">How to Avoid Being the Next Security Breach Headline (OWASP v3)</h1>
<div class='date'><time class="dtstart dt-start" title="2011-08-04T11:00:00" datetime="2011-08-04T11:00:00">Thursday, August 4, 2011 from 11am</time>–<time class="dtend dt-end" title="2011-08-04T13:00:00" datetime="2011-08-04T13:00:00">1pm</time></div>
<div class="location vcard">
<a href='/venues/202391475' class='url'>
<span class='fn org'>Kells Irish Restaurant & Pub</span>
</a>
<div class="adr">
<div class="street-address">112 Sw 2nd Ave</div>
<span class="locality">Portland</span>
, <span class="region">OR</span>
<span class="postal-code">97204</span>
<div class='country-name'>US<div>
(<a href='https://maps.google.com/maps?q=112%20Sw%202nd%20Ave,%20Portland%20OR%2097204%20US'>map</a>)
</div>
</div>
<div class="description">
<p>Join the SAO's QA Forum for another dynamic lunch program, to learn about the Open Web Application Security (OWASP) Testing Guide v3 and how to verify the security of your running applications. This is a great opportunity to network with a great local speaker (Mike Hryekewicz, Software Engineer V, Standard Insurance Company) and industry peers and to find out about Oregon job openings and upcoming community events.</p>
<p>OWASP Testing Guide describes a set of techniques for finding different kinds of security vulnerabilities within an application. This technique is used by testers and developers to help produce secure code and to supplement security reviewers application assessment efforts.</p>
<p>This presentation will provide an overview of the guide, a road map for where it is heading in the next release, and guidance for how it can be applied in the business of producing secure software solutions.</p>
<p>Who should attend?
Anyone interested in Web Application Security, including management, security professionals, developers, students, etc..</p>
<p>Agenda
11:00am Doors open
11:00am-11:30am Registration, networking and lunch
11:30am Welcome & Community Announcements
11:45am Program starts
12:50pm Final questions
1:00pm Program ends</p>
</div>
<h3>Links</h3>
<ul>
<li><a class="url" href="http://www.sao.org/events/event_details.asp?id=150729">Website</a></li>
</ul>
<div class="tags">
<h3>Tags</h3>
<p><a class="p-category" href="/events/tag/lunch">lunch</a>, <a class="p-category" href="/events/tag/owasp">owasp</a>, <a class="p-category" href="/events/tag/qa forum">qa forum</a>, <a class="p-category" href="/events/tag/sao">sao</a>, <a class="p-category" href="/events/tag/web security">web security</a></p>
</div>
<div class='single_view_right'>
<a href='http://calagator.org/events/1250460861.ics'>Download to iCal</a>
<div id='edit_link'>
<p>You can <a href="http://calagator.org/events/1250460861/edit">edit this event</a>.</p>
</div>
<div id='metadata'>
This item was added directly to Calagator <br /><strong>Monday, July 25, 2011 at 9:54am</strong> and last updated <br /><strong>Monday, July 25, 2011 at 10:04am</strong>.
</div>
</div>
</div>
45.5216 -122.6722tag:calagator.org,2005:Calagator::Event/12504618682012-01-17T12:28:27-08:002012-01-17T12:28:27-08:00OWASP Chapter Planning MeetingTuesday, January 24, 2012 from 6-7pm at Hopworks Urban Breweryhttp://calagator.org/events/12504618682012-01-24T18:00:00-08:002012-01-24T19:00:00-08:00<div class="vevent">
<h1 class="summary">OWASP Chapter Planning Meeting</h1>
<div class='date'><time class="dtstart dt-start" title="2012-01-24T18:00:00" datetime="2012-01-24T18:00:00">Tuesday, January 24, 2012 from 6</time>–<time class="dtend dt-end" title="2012-01-24T19:00:00" datetime="2012-01-24T19:00:00">7pm</time></div>
<div class="location vcard">
<a href='/venues/202391119' class='url'>
<span class='fn org'>Hopworks Urban Brewery</span>
</a>
<div class="adr">
<div class="street-address">2944 SE Powell Blvd </div>
<span class="locality">Portland</span>
, <span class="region">OR</span>
<span class="postal-code">97202</span>
<div class='country-name'>US<div>
(<a href='https://maps.google.com/maps?q=2944%20SE%20Powell%20Blvd%20,%20Portland%20OR%2097202%20US'>map</a>)
</div>
</div>
<div class="description">
<p>The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software.</p>
<p>The goal of this informal chapter meeting is to give people a chance to talk shop about security topics and to plan the future direction of the Portland OWASP chapter.</p>
</div>
<h3>Links</h3>
<ul>
<li><a class="url" href="https://lists.owasp.org/mailman/listinfo/owasp-portland">Website</a></li>
</ul>
<div class="tags">
<h3>Tags</h3>
<p><a class="p-category" href="/events/tag/computer security">computer security</a>, <a class="p-category" href="/events/tag/owasp">owasp</a>, <a class="p-category" href="/events/tag/web application security">web application security</a></p>
</div>
<div class='single_view_right'>
<a href='http://calagator.org/events/1250461868.ics'>Download to iCal</a>
<div id='edit_link'>
<p>You can <a href="http://calagator.org/events/1250461868/edit">edit this event</a>.</p>
</div>
<div id='metadata'>
This item was added directly to Calagator <br /><strong>Tuesday, January 17, 2012 at 12:28pm</strong>.
</div>
</div>
</div>
45.497 -122.6352tag:calagator.org,2005:Calagator::Event/12504619092012-01-30T16:20:47-08:002012-01-30T16:20:47-08:00OWASP Chapter MeetingThursday, March 8, 2012 from 6:30-7:30pm at Collective Agency Downtownhttp://calagator.org/events/12504619092012-03-08T18:30:00-08:002012-03-08T19:30:00-08:00<div class="vevent">
<h1 class="summary">OWASP Chapter Meeting</h1>
<div class='date'><time class="dtstart dt-start" title="2012-03-08T18:30:00" datetime="2012-03-08T18:30:00">Thursday, March 8, 2012 from 6:30</time>–<time class="dtend dt-end" title="2012-03-08T19:30:00" datetime="2012-03-08T19:30:00">7:30pm</time></div>
<div class="location vcard">
<a href='/venues/202392813' class='url'>
<span class='fn org'>Collective Agency Downtown</span>
</a>
<div class="adr">
<div class="street-address">511 SW 10th Ave, Suite 1108</div>
<span class="locality">Portland</span>
, <span class="region">OR</span>
<span class="postal-code">97205</span>
<div class='country-name'>US<div>
(<a href='https://maps.google.com/maps?q=511%20SW%2010th%20Ave,%20Suite%201108,%20Portland%20OR%2097205%20US'>map</a>)
</div>
</div>
<div class="description">
<p>The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list: <a href="https://lists.owasp.org/mailman/listinfo/owasp-portland">https://lists.owasp.org/mailman/listinfo/owasp-portland</a></p>
<h1>About Joe</h1>
<p>This chapter meeting feature guest speaker <a href="http://securityinnovation.com/company/about-us/management.html#jbasirico">Joe Basirico</a>, Director of Security Services at <a href="http://www.securityinnovation.com/">Security Innovation</a>. Joe is responsible for managing the professional services business at Security Innovation. He leverages his unique experience as a development lead, trainer, researcher, and test engineer to lead the security engineering team in their delivery of high-quality, impactful assessment and remediation solutions to the company’s customers. His ability to blend his technical skills with risk-based contextual analysis and unwavering customer commitment makes him an invaluable asset for each Security Innovation client.</p>
<p>Joe is an active member in the security and open-source communities, having contributed technology, training, utilities, expertise and methodologies. He manages the company’s engineering blog and has written several publications that focus on vulnerabilities at the source code level. Joe holds a B.S in Computer Science from Montana State University.</p>
<h1>About the Talk - Thinking Like the Enemy</h1>
<p>In this talk I will help you get into the Hacker's mindset from my ten years of experience as a penetration tester, assessing some of the most exciting applications in the world.</p>
<p>This talk will cover the most important qualities of a hacker or security tester, Top Vulnerabilities that you can't afford to miss as well as more difficult to tackle vulnerabilities that have caused tons of headaches and pain. By the end of the hour you'll better understand how to cause your application true pain, find a tiny weakness and cause the walls of security to crumble around it. After that we'll also talk about how to rebuild those walls to be more robust.</p>
</div>
<h3>Links</h3>
<ul>
<li><a class="url" href="https://www.owasp.org/index.php/Portland">Website</a></li>
</ul>
<div class="tags">
<h3>Tags</h3>
<p><a class="p-category" href="/events/tag/attackers">attackers</a>, <a class="p-category" href="/events/tag/computer security">computer security</a>, <a class="p-category" href="/events/tag/hackers">hackers</a>, <a class="p-category" href="/events/tag/owasp">owasp</a>, <a class="p-category" href="/events/tag/web application security">web application security</a></p>
</div>
<div class='single_view_right'>
<a href='http://calagator.org/events/1250461909.ics'>Download to iCal</a>
<div id='edit_link'>
<p>You can <a href="http://calagator.org/events/1250461909/edit">edit this event</a>.</p>
</div>
<div id='metadata'>
This item was added directly to Calagator <br /><strong>Monday, January 30, 2012 at 4:20pm</strong>.
</div>
</div>
</div>
45.5212 -122.6818tag:calagator.org,2005:Calagator::Event/12504624572012-06-11T16:40:34-07:002012-06-11T16:40:34-07:00OWASP FLOSSHack - UshahidiSunday, July 1, 2012 from noon-4pm at Free Geekhttp://calagator.org/events/12504624572012-07-01T12:00:00-07:002012-07-01T16:00:00-07:00<div class="vevent">
<h1 class="summary">OWASP FLOSSHack - Ushahidi</h1>
<div class='date'><time class="dtstart dt-start" title="2012-07-01T12:00:00" datetime="2012-07-01T12:00:00">Sunday, July 1, 2012 from noon</time>–<time class="dtend dt-end" title="2012-07-01T16:00:00" datetime="2012-07-01T16:00:00">4pm</time></div>
<div class="location vcard">
<a href='/venues/202389965' class='url'>
<span class='fn org'>Free Geek</span>
</a>
<div class="adr">
<div class="street-address">1731 SE 10th Avenue</div>
<span class="locality">Portland</span>
, <span class="region">OR</span>
<span class="postal-code">97214</span>
<div class='country-name'>US<div>
(<a href='https://maps.google.com/maps?q=1731%20SE%2010th%20Avenue,%20Portland%20OR%2097214%20US'>map</a>)
</div>
</div>
<div class="description">
<p><a href="https://www.owasp.org/index.php/FLOSSHack">FLOSSHack</a> is an experimental workshop project designed to bring together those who want to learn more about "hacking" (secure programming and application penetration testing) with those who are in need of low cost or pro bono security auditing.</p>
<p>This <a href="https://www.owasp.org/index.php/FLOSSHack_One">first ever FLOSSHack</a> event will be focused on the <a href="http://ushahidi.com/">Ushahidi</a> platform. Stay tuned for more details in the coming weeks.</p>
<p>The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list: <a href="https://lists.owasp.org/mailman/listinfo/owasp-portland">https://lists.owasp.org/mailman/listinfo/owasp-portland</a></p>
<p>Meetings are free and open to the public.</p>
</div>
<div class="tags">
<h3>Tags</h3>
<p><a class="p-category" href="/events/tag/FLOSSHack">FLOSSHack</a>, <a class="p-category" href="/events/tag/Ushahidi">Ushahidi</a>, <a class="p-category" href="/events/tag/floss">floss</a>, <a class="p-category" href="/events/tag/flossone">flossone</a>, <a class="p-category" href="/events/tag/owasp">owasp</a>, <a class="p-category" href="/events/tag/security">security</a></p>
</div>
<div class='single_view_right'>
<a href='http://calagator.org/events/1250462457.ics'>Download to iCal</a>
<div id='edit_link'>
<p>You can <a href="http://calagator.org/events/1250462457/edit">edit this event</a>.</p>
</div>
<div id='metadata'>
This item was added directly to Calagator <br /><strong>Monday, June 11, 2012 at 4:40pm</strong>.
</div>
</div>
</div>
45.5103 -122.6559tag:calagator.org,2005:Calagator::Event/12504626592012-07-26T14:06:35-07:002012-07-26T14:06:35-07:00OWASP Chapter MeetingWednesday, August 22, 2012 from 6:30-8:30pm at Portland State University Fourth Avenue Building (FAB)http://calagator.org/events/12504626592012-08-22T18:30:00-07:002012-08-22T20:30:00-07:00<div class="vevent">
<h1 class="summary">OWASP Chapter Meeting</h1>
<div class='date'><time class="dtstart dt-start" title="2012-08-22T18:30:00" datetime="2012-08-22T18:30:00">Wednesday, August 22, 2012 from 6:30</time>–<time class="dtend dt-end" title="2012-08-22T20:30:00" datetime="2012-08-22T20:30:00">8:30pm</time></div>
<div class="location vcard">
<a href='/venues/202390760' class='url'>
<span class='fn org'>Portland State University Fourth Avenue Building (FAB)</span>
</a>
<div class="adr">
<div class="street-address">1900 SW 4th Ave.</div>
<span class="locality">Portland</span>
, <span class="region">OR</span>
<span class="postal-code">97201</span>
<div class='country-name'>US<div>
(<a href='https://maps.google.com/maps?q=1900%20SW%204th%20Ave.,%20Portland%20OR%2097201%20US'>map</a>)
</div>
</div>
<div class="description">
<p><b>Double Feature!</b> For this chapter meeting, we have two protocol-oriented talks at PSU. Basic refreshments will be provided.</p>
<p><i>Kevin P. Dyer presents:</i><br><b>What Encryption Leaks and Why Traffic Analysis Countermeasures Fail</b></p>
<p>As more applications become web-based, an increasing amount of client-server interactions are exposed to our networks and vulnerable to Traffic Analysis (TA) attacks. In one form, TA attacks
exploit the lengths and timings of packets in a protocol's flow to infer sensitive information about communications. In the context of encrypted HTTP connections, such as HTTP over SSH, this means
an adversary can determine which website a user is visiting. In the context of a specific web application, an adversary can determine user input by viewing only a few client-server interactions.</p>
<p>Recent advances in the application of Machine Learning tools demonstrate that TA attacks are possible despite industry-standard encryption such as TLS, SSH or IPSec. What is more, even if a protocol uses stronger countermeasures, such as fixed-length per-packet padding, this incurs significant overhead but
only provides limited security benefit. These types of security vs. efficiency trade-offs are of immediate concern to security-aware applications such as Tor, and performance-sensitive application features such as Google Search Autocomplete.</p>
<p>In this talk, Kevin will address the state-of-the-art TA attacks and proposed countermeasures in the context of network and web application security. Most importantly, he will discuss open problems in this area and why a general-purpose TA countermeasure remains elusive.</p>
<p><i>Timothy D. Morgan presents:</i><br><b>HTTPS, Cookies, and Men-in-the-Middle: Why You Shouldn't Allow Marketing Departments to Design Your Security Protocols</b></p>
<p>Login session management in modern web applications is largely dominated by use of HTTP cookies. However, HTTP cookies were never designed for secure applications, which has led to a significant number of protocol security problems.</p>
<p>In this talk, Tim will start with a brief background on why HTTP cookies are a poorly-conceived mechanism to begin with, and continue with a discussion of how this impacts security. He will describe several lesser-known cookie-based session management problems that remain wide spread and allow for session hijacking through a variety of clever attacks.</p>
<hr><b>Kevin P. Dyer</b> is a PhD student at Portland State University. His research focuses on building protocols that are resistant to Traffic Analysis attacks. Prior to his academic life, Kevin worked as an engineer on various projects in telecommunications security, web security and network security. Kevin holds an MSc in the Mathematics of Cryptography and Communications from Royal
<p>Holloway, University of London, and a BS in Computer Science and Mathematics from Santa Clara University.</p>
<p><b>Timothy D. Morgan</b> is a consultant at Virtual Security Research, LLC (VSR). As an application security specialist and digital forensics researcher, Tim has been taking deep technical dives in security for over a decade. Tim resides in Oregon and works at VSR where he helps to secure his customers' environments through penetration testing, training, and forensics investigations. His past security research has culminated in the release of several responsibly disclosed vulnerabilities in popular software products. Tim also develops and maintains several open source digital forensics tools which implement
novel data recovery algorithms.</p>
<hr>
<p>The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list: <a href="https://lists.owasp.org/mailman/listinfo/owasp-portland">https://lists.owasp.org/mailman/listinfo/owasp-portland</a></p>
<p>Meetings are free and open to the public.</p>
</div>
<h3>Links</h3>
<ul>
<li><a class="url" href="https://www.owasp.org/index.php/Portland">Website</a></li>
</ul>
<div class="tags">
<h3>Tags</h3>
<p><a class="p-category" href="/events/tag/cryptography">cryptography</a>, <a class="p-category" href="/events/tag/owasp">owasp</a>, <a class="p-category" href="/events/tag/security">security</a></p>
</div>
<div class='single_view_right'>
<a href='http://calagator.org/events/1250462659.ics'>Download to iCal</a>
<div id='edit_link'>
<p>You can <a href="http://calagator.org/events/1250462659/edit">edit this event</a>.</p>
</div>
<div id='metadata'>
This item was added directly to Calagator <br /><strong>Thursday, July 26, 2012 at 2:06pm</strong>.
</div>
</div>
</div>
45.5102 -122.6804tag:calagator.org,2005:Calagator::Event/12504631442012-11-28T10:58:33-08:002012-11-28T10:58:32-08:00OWASP Chapter MeetingThursday, December 13, 2012 from 7-8pm at Collective Agency Downtownhttp://calagator.org/events/12504631442012-12-13T19:00:00-08:002012-12-13T20:00:00-08:00<div class="vevent">
<h1 class="summary">OWASP Chapter Meeting</h1>
<div class='date'><time class="dtstart dt-start" title="2012-12-13T19:00:00" datetime="2012-12-13T19:00:00">Thursday, December 13, 2012 from 7</time>–<time class="dtend dt-end" title="2012-12-13T20:00:00" datetime="2012-12-13T20:00:00">8pm</time></div>
<div class="location vcard">
<a href='/venues/202392813' class='url'>
<span class='fn org'>Collective Agency Downtown</span>
</a>
<div class="adr">
<div class="street-address">511 SW 10th Ave, Suite 1108</div>
<span class="locality">Portland</span>
, <span class="region">OR</span>
<span class="postal-code">97205</span>
<div class='country-name'>US<div>
(<a href='https://maps.google.com/maps?q=511%20SW%2010th%20Ave,%20Suite%201108,%20Portland%20OR%2097205%20US'>map</a>)
</div>
</div>
<div class="description">
<p>Matthew Lapworth will present a talk on static code analysis.</p>
<p>The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list: <a href="https://lists.owasp.org/mailman/listinfo/owasp-portland">https://lists.owasp.org/mailman/listinfo/owasp-portland</a></p>
<p>Chapter meetings are free and open to the public.</p>
</div>
<div class="tags">
<h3>Tags</h3>
<p><a class="p-category" href="/events/tag/computer security">computer security</a>, <a class="p-category" href="/events/tag/owasp">owasp</a>, <a class="p-category" href="/events/tag/programming">programming</a>, <a class="p-category" href="/events/tag/security">security</a></p>
</div>
<div class='single_view_right'>
<a href='http://calagator.org/events/1250463144.ics'>Download to iCal</a>
<div id='edit_link'>
<p>You can <a href="http://calagator.org/events/1250463144/edit">edit this event</a>.</p>
</div>
<div id='metadata'>
This item was added directly to Calagator <br /><strong>Wednesday, November 28, 2012 at 10:58am</strong>.
</div>
</div>
</div>
45.5212 -122.6818tag:calagator.org,2005:Calagator::Event/12504633142013-01-03T10:34:33-08:002013-01-03T10:43:54-08:00OWASP - How to (FLOSS)HackWednesday, January 9, 2013 from 6:30-8pm at Collective Agency Downtownhttp://calagator.org/events/12504633142013-01-09T18:30:00-08:002013-01-09T20:00:00-08:00<div class="vevent">
<h1 class="summary">OWASP - How to (FLOSS)Hack</h1>
<div class='date'><time class="dtstart dt-start" title="2013-01-09T18:30:00" datetime="2013-01-09T18:30:00">Wednesday, January 9, 2013 from 6:30</time>–<time class="dtend dt-end" title="2013-01-09T20:00:00" datetime="2013-01-09T20:00:00">8pm</time></div>
<div class="location vcard">
<a href='/venues/202392813' class='url'>
<span class='fn org'>Collective Agency Downtown</span>
</a>
<div class="adr">
<div class="street-address">511 SW 10th Ave, Suite 1108</div>
<span class="locality">Portland</span>
, <span class="region">OR</span>
<span class="postal-code">97205</span>
<div class='country-name'>US<div>
(<a href='https://maps.google.com/maps?q=511%20SW%2010th%20Ave,%20Suite%201108,%20Portland%20OR%2097205%20US'>map</a>)
</div>
</div>
<div class="description">
<p>Join us for a How to (FLOSS)Hack tutorial, which will introduce several common classes of web application vulnerabilities such as XSS, SQL injection, and XML External Entities flaws. The goal of the session is to bring novice FLOSSHack participants up to speed on how to identify new vulnerabilities that are likely to appear in the target software for this week's FLOSSHack. <a href="https://www.owasp.org/index.php/FLOSSHack">FLOSSHack</a> is an experimental workshop project designed to bring together those who want to learn more about "hacking" (secure programming and application penetration testing) with those who are in need of low cost or pro bono security auditing.</p>
<p><b>NOTE: For best results, please bring a laptop to participate in the hands-on exercises.</b></p>
<p>The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list: <a href="https://lists.owasp.org/mailman/listinfo/owasp-portland">https://lists.owasp.org/mailman/listinfo/owasp-portland</a></p>
<p>Meetings are free and open to the public.</p>
</div>
<h3>Links</h3>
<ul>
<li><a class="url" href="https://www.owasp.org/index.php/FLOSSHack_Returns">Website</a></li>
</ul>
<div class="tags">
<h3>Tags</h3>
<p><a class="p-category" href="/events/tag/FLOSSHack">FLOSSHack</a>, <a class="p-category" href="/events/tag/FLOSSHack Returns">FLOSSHack Returns</a>, <a class="p-category" href="/events/tag/ctf">ctf</a>, <a class="p-category" href="/events/tag/floss">floss</a>, <a class="p-category" href="/events/tag/owasp">owasp</a>, <a class="p-category" href="/events/tag/security">security</a></p>
</div>
<div class='single_view_right'>
<a href='http://calagator.org/events/1250463314.ics'>Download to iCal</a>
<div id='edit_link'>
<p>You can <a href="http://calagator.org/events/1250463314/edit">edit this event</a>.</p>
</div>
<div id='metadata'>
This item was added directly to Calagator <br /><strong>Thursday, January 3, 2013 at 10:34am</strong> and last updated <br /><strong>Thursday, January 3, 2013 at 10:43am</strong>.
</div>
</div>
</div>
45.5212 -122.6818tag:calagator.org,2005:Calagator::Event/12504632092012-12-05T16:50:26-08:002013-01-06T10:41:17-08:00OWASP - FLOSSHack ReturnsSunday, January 13, 2013 from 2-6pm at Free Geekhttp://calagator.org/events/12504632092013-01-13T14:00:00-08:002013-01-13T18:00:00-08:00<div class="vevent">
<h1 class="summary">OWASP - FLOSSHack Returns</h1>
<div class='date'><time class="dtstart dt-start" title="2013-01-13T14:00:00" datetime="2013-01-13T14:00:00">Sunday, January 13, 2013 from 2</time>–<time class="dtend dt-end" title="2013-01-13T18:00:00" datetime="2013-01-13T18:00:00">6pm</time></div>
<div class="location vcard">
<a href='/venues/202389965' class='url'>
<span class='fn org'>Free Geek</span>
</a>
<div class="adr">
<div class="street-address">1731 SE 10th Avenue</div>
<span class="locality">Portland</span>
, <span class="region">OR</span>
<span class="postal-code">97214</span>
<div class='country-name'>US<div>
(<a href='https://maps.google.com/maps?q=1731%20SE%2010th%20Avenue,%20Portland%20OR%2097214%20US'>map</a>)
</div>
</div>
<div class="description">
<p><a href="https://www.owasp.org/index.php/FLOSSHack">FLOSSHack</a> is an experimental workshop project designed to bring together those who want to learn more about "hacking" (secure programming and application penetration testing) with those who are in need of low cost or pro bono security auditing.</p>
<p>The target software for this FLOSSHack event is <a href="http://www.openmrs.org/">OpenMRS</a>. For more info, see the <a href="https://www.owasp.org/index.php/FLOSSHack_Returns">event</a> page.</p>
<p>The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list: <a href="https://lists.owasp.org/mailman/listinfo/owasp-portland">https://lists.owasp.org/mailman/listinfo/owasp-portland</a></p>
<p>Meetings are free and open to the public.</p>
</div>
<h3>Links</h3>
<ul>
<li><a class="url" href="https://www.owasp.org/index.php/FLOSSHack_Returns">Website</a></li>
</ul>
<div class="tags">
<h3>Tags</h3>
<p><a class="p-category" href="/events/tag/FLOSSHack">FLOSSHack</a>, <a class="p-category" href="/events/tag/FLOSSHack Returns">FLOSSHack Returns</a>, <a class="p-category" href="/events/tag/ctf">ctf</a>, <a class="p-category" href="/events/tag/floss">floss</a>, <a class="p-category" href="/events/tag/owasp">owasp</a>, <a class="p-category" href="/events/tag/security">security</a></p>
</div>
<div class='single_view_right'>
<a href='http://calagator.org/events/1250463209.ics'>Download to iCal</a>
<div id='edit_link'>
<p>You can <a href="http://calagator.org/events/1250463209/edit">edit this event</a>.</p>
</div>
<div id='metadata'>
This item was added directly to Calagator <br /><strong>Wednesday, December 5, 2012 at 4:50pm</strong> and last updated <br /><strong>Sunday, January 6, 2013 at 10:41am</strong>.
</div>
</div>
</div>
45.5103 -122.6559tag:calagator.org,2005:Calagator::Event/12504638042013-03-10T12:08:06-07:002013-05-21T17:22:49-07:00OWASP Chapter Meeting - Jim ManicoWednesday, June 5, 2013 from 7-8pm at Collective Agency Downtownhttp://calagator.org/events/12504638042013-06-05T19:00:00-07:002013-06-05T20:00:00-07:00<div class="vevent">
<h1 class="summary">OWASP Chapter Meeting - Jim Manico</h1>
<div class='date'><time class="dtstart dt-start" title="2013-06-05T19:00:00" datetime="2013-06-05T19:00:00">Wednesday, June 5, 2013 from 7</time>–<time class="dtend dt-end" title="2013-06-05T20:00:00" datetime="2013-06-05T20:00:00">8pm</time></div>
<div class="location vcard">
<a href='/venues/202392813' class='url'>
<span class='fn org'>Collective Agency Downtown</span>
</a>
<div class="adr">
<div class="street-address">511 SW 10th Ave, Suite 1108</div>
<span class="locality">Portland</span>
, <span class="region">OR</span>
<span class="postal-code">97205</span>
<div class='country-name'>US<div>
(<a href='https://maps.google.com/maps?q=511%20SW%2010th%20Ave,%20Suite%201108,%20Portland%20OR%2097205%20US'>map</a>)
</div>
</div>
<div class="description">
<p>Jim Manico has offered to come and give us another great talk. Topic will either be "Top Ten Web Defenses" or "Securing the Software Development Lifecycle".</p>
<p><b>We will serve Pizza! Please RSVP by emailing {tim . morgan at owasp.org} so we can better estimate how much to order.</b></p>
<p>The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list: <a href="https://lists.owasp.org/mailman/listinfo/owasp-portland">https://lists.owasp.org/mailman/listinfo/owasp-portland</a></p>
<p>Chapter meetings are free and open to the public.</p>
</div>
<div class="tags">
<h3>Tags</h3>
<p><a class="p-category" href="/events/tag/application security">application security</a>, <a class="p-category" href="/events/tag/computer security">computer security</a>, <a class="p-category" href="/events/tag/owasp">owasp</a></p>
</div>
<div class='single_view_right'>
<a href='http://calagator.org/events/1250463804.ics'>Download to iCal</a>
<div id='edit_link'>
<p>You can <a href="http://calagator.org/events/1250463804/edit">edit this event</a>.</p>
</div>
<div id='metadata'>
This item was added directly to Calagator <br /><strong>Sunday, March 10, 2013 at 12:08pm</strong> and last updated <br /><strong>Tuesday, May 21, 2013 at 5:22pm</strong>.
</div>
</div>
</div>
45.5212 -122.6818tag:calagator.org,2005:Calagator::Event/12504644082013-06-19T18:51:32-07:002013-06-20T16:07:48-07:00OWASP Chapter MeetingTuesday, July 2, 2013 from 6:30-7:30pm at Portland State University Fourth Avenue Building (FAB)http://calagator.org/events/12504644082013-07-02T18:30:00-07:002013-07-02T19:30:00-07:00<div class="vevent">
<h1 class="summary">OWASP Chapter Meeting</h1>
<div class='date'><time class="dtstart dt-start" title="2013-07-02T18:30:00" datetime="2013-07-02T18:30:00">Tuesday, July 2, 2013 from 6:30</time>–<time class="dtend dt-end" title="2013-07-02T19:30:00" datetime="2013-07-02T19:30:00">7:30pm</time></div>
<div class="location vcard">
<a href='/venues/202390760' class='url'>
<span class='fn org'>Portland State University Fourth Avenue Building (FAB)</span>
</a>
<div class="adr">
<div class="street-address">1900 SW 4th Ave.</div>
<span class="locality">Portland</span>
, <span class="region">OR</span>
<span class="postal-code">97201</span>
<div class='country-name'>US<div>
(<a href='https://maps.google.com/maps?q=1900%20SW%204th%20Ave.,%20Portland%20OR%2097201%20US'>map</a>)
</div>
</div>
<div class="description">
<p><i>Kevin P. Dyer presents:</i><br><br><b>P0wning DPI with Format-Transforming Encryption </b></p>
<p>Deep packet inspection (DPI) technologies provide much-needed visibility and control of network traffic using port-
independent protocol identification (PIPI), where a network flow is labeled with its application-layer protocol based on packet contents.
In many cases PIPI can be used for good. As one example, it allows network administrators to elevate priority of time-sensitive (e.g.,
VoIP) data streams. In other cases PIPI can be used for harm, nation-states employ PIPI to block censorship circumvention tools such
as Tor. There are many ways to perform PIPI, however, at the core of nearly all modern PIPI systems are regular expressions --- an
expressive tool to compactly specify sets of strings.</p>
<p>In this talk, Kevin reviews the state-of-the-art research on the capabilities of state-level DPI, then presents a novel cryptographic
primitive called format-transforming encryption (FTE.) An FTE scheme, intuitively, extends conventional symmetric encryption with the
ability to transform the ciphertext into a user-defined format using regular expressions. An FTE-based record layer will be presented
that can encrypt arbitrary TCP traffic and coerce modern DPI systems into misclassifying any data stream as a target protocol (e.g.,
HTTP, SMB, RSTP, etc.) of the user's choosing. What's more, this work is not only theoretical in nature --- an open-source FTE
prototype is publicly available and has had success in subverting modern DPI systems, including the Great Firewall of China.</p>
<p>PSU is kindly providing coffee, tea, and cookies for us.</p>
<hr><b>Kevin P. Dyer</b> is a PhD student at Portland State University. His research focuses on building protocols that are resistant to traffic-analysis attacks and discriminatory routing policies.. Previously, Kevin worked as a software engineer in telecommunications security, web security and network security. He holds an MSc in the Mathematics of Cryptography and Communications from Royal Holloway, University of London, and a BS in Computer Science and Mathematics from Santa Clara University.
<hr>
<p>The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list:</p>
<pre><code> <a href="https://lists.owasp.org/mailman/listinfo/owasp-portland">https://lists.owasp.org/mailman/listinfo/owasp-portland</a>
</code></pre>
<p>Meetings are free and open to the public.</p>
</div>
<h3>Links</h3>
<ul>
<li><a class="url" href="https://www.owasp.org/index.php/Portland">Website</a></li>
</ul>
<div class="tags">
<h3>Tags</h3>
<p><a class="p-category" href="/events/tag/cryptography">cryptography</a>, <a class="p-category" href="/events/tag/owasp">owasp</a>, <a class="p-category" href="/events/tag/privacy">privacy</a>, <a class="p-category" href="/events/tag/security">security</a></p>
</div>
<div class='single_view_right'>
<a href='http://calagator.org/events/1250464408.ics'>Download to iCal</a>
<div id='edit_link'>
<p>You can <a href="http://calagator.org/events/1250464408/edit">edit this event</a>.</p>
</div>
<div id='metadata'>
This item was added directly to Calagator <br /><strong>Wednesday, June 19, 2013 at 6:51pm</strong> and last updated <br /><strong>Thursday, June 20, 2013 at 4:07pm</strong>.
</div>
</div>
</div>
45.5102 -122.6804tag:calagator.org,2005:Calagator::Event/12504651052013-10-26T09:18:29-07:002013-10-29T17:14:12-07:00OWASP Chapter Planning MeetingWednesday, October 30, 2013 from 7-9pm at Brix Tavernhttp://calagator.org/events/12504651052013-10-30T19:00:00-07:002013-10-30T21:00:00-07:00<div class="vevent">
<h1 class="summary">OWASP Chapter Planning Meeting</h1>
<div class='date'><time class="dtstart dt-start" title="2013-10-30T19:00:00" datetime="2013-10-30T19:00:00">Wednesday, October 30, 2013 from 7</time>–<time class="dtend dt-end" title="2013-10-30T21:00:00" datetime="2013-10-30T21:00:00">9pm</time></div>
<div class="location vcard">
<a href='/venues/202393485' class='url'>
<span class='fn org'>Brix Tavern</span>
</a>
<div class="adr">
<div class="street-address">1338 NW Hoyt</div>
<span class="locality">Portland</span>
, <span class="region">OR</span>
<span class="postal-code">97209</span>
<div class='country-name'>US<div>
(<a href='https://maps.google.com/maps?q=1338%20NW%20Hoyt,%20Portland%20OR%2097209%20US'>map</a>)
</div>
</div>
<div class="description">
<p>This is a planning meeting for the Portland OWASP chapter. Please join us if you are interested in helping us plan and organize the activities of the chapter for the next year.</p>
<p><b>Please RSVP if you plan on showing up. Just shoot an email to</b></p>
<p>( tim DOT morgan AT owasp DOT org )</p>
<p>Some of the topics we expect to discuss at this meeting:</p>
<ul>
<li>Chapter meetings</li>
<li>FLOSSHack events</li>
<li>Local/regional conferences and training events</li>
<li>Approaches to sponsorship</li>
<li>Long term group leadership and governance</li>
<li>YOUR ideas</li>
</ul>
<hr>
<p>The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list: <a href="https://lists.owasp.org/mailman/listinfo/owasp-portland">https://lists.owasp.org/mailman/listinfo/owasp-portland</a></p>
<p>Meetings are free and open to the public.</p>
</div>
<h3>Links</h3>
<ul>
<li><a class="url" href="https://www.owasp.org/index.php/Portland">Website</a></li>
</ul>
<div class="tags">
<h3>Tags</h3>
<p><a class="p-category" href="/events/tag/owasp">owasp</a>, <a class="p-category" href="/events/tag/security">security</a></p>
</div>
<div class='single_view_right'>
<a href='http://calagator.org/events/1250465105.ics'>Download to iCal</a>
<div id='edit_link'>
<p>You can <a href="http://calagator.org/events/1250465105/edit">edit this event</a>.</p>
</div>
<div id='metadata'>
This item was added directly to Calagator <br /><strong>Saturday, October 26, 2013 at 9:18am</strong> and last updated <br /><strong>Tuesday, October 29, 2013 at 5:14pm</strong>.
</div>
</div>
</div>
45.5271 -122.6849tag:calagator.org,2005:Calagator::Event/12504653572013-12-18T08:27:29-08:002014-01-03T12:14:55-08:00OWASP Chapter MeetingMonday, January 6, 2014 from 6-7:30pm at New Relichttp://calagator.org/events/12504653572014-01-06T18:00:00-08:002014-01-06T19:30:00-08:00<div class="vevent">
<h1 class="summary">OWASP Chapter Meeting</h1>
<div class='date'><time class="dtstart dt-start" title="2014-01-06T18:00:00" datetime="2014-01-06T18:00:00">Monday, January 6, 2014 from 6</time>–<time class="dtend dt-end" title="2014-01-06T19:30:00" datetime="2014-01-06T19:30:00">7:30pm</time></div>
<div class="location vcard">
<a href='/venues/202392091' class='url'>
<span class='fn org'>New Relic</span>
</a>
<div class="adr">
<div class="street-address">111 SW 5th Avenue, Suite 2700</div>
<span class="locality">Portland</span>
, <span class="region">Oregon</span>
<span class="postal-code">97204</span>
<div class='country-name'>United States<div>
(<a href='https://maps.google.com/maps?q=111%20SW%205th%20Avenue,%20Suite%202700,%20Portland%20Oregon%2097204%20United%20States'>map</a>)
</div>
</div>
<div class="description">
<p><i>Stephen A. Ridley will be presenting on the <b>vulnerability of mobile applications</b></i><br><br><b>UPDATE: New Relic will be providing pizza for attendees. Yum.</b><br><br><br></p><hr><b>Stephen A. Ridley</b> is a security researcher and author with more than 10 years of experience in software development, software security, and reverse engineering. Within that last few years, he has presented his research and spoken about reverse engineering and software security research on every continent except Antarctica. Stephen and his work have been featured on NPR and NBC and in Wired, Washington Post, Fast Company, VentureBeat, Slashdot, The Register, and other publications. Prior to his current work Mr. Ridley previously served as the Chief Information Security Officer of a financial services firm. Prior to that, various information security researcher/consultant roles including his role as a founding member of the Security and Mission Assurance (SMA) group at a major U.S. Defense contractor where he did vulnerability research and reverse engineering in support of the U.S. Defense and Intelligence community. Mr. Ridley calls Portland home and was a recent speaker at the Chaos Communication Congress in Hamburg.
<hr>
<p>The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list:</p>
<pre><code> <a href="https://lists.owasp.org/mailman/listinfo/owasp-portland">https://lists.owasp.org/mailman/listinfo/owasp-portland</a>
</code></pre>
<p>Meetings are free and open to the public.</p>
</div>
<h3>Links</h3>
<ul>
<li><a class="url" href="https://www.owasp.org/index.php/Portland">Website</a></li>
</ul>
<div class="tags">
<h3>Tags</h3>
<p><a class="p-category" href="/events/tag/mobile">mobile</a>, <a class="p-category" href="/events/tag/owasp">owasp</a>, <a class="p-category" href="/events/tag/security">security</a></p>
</div>
<div class='single_view_right'>
<a href='http://calagator.org/events/1250465357.ics'>Download to iCal</a>
<div id='edit_link'>
<p>You can <a href="http://calagator.org/events/1250465357/edit">edit this event</a>.</p>
</div>
<div id='metadata'>
This item was added directly to Calagator <br /><strong>Wednesday, December 18, 2013 at 8:27am</strong> and last updated <br /><strong>Friday, January 3, 2014 at 12:14pm</strong>.
</div>
</div>
</div>
45.5225 -122.676tag:calagator.org,2005:Calagator::Event/12504658362014-03-13T19:42:21-07:002014-04-02T11:29:51-07:00OWASP Chapter MeetingWednesday, April 2, 2014 from 6-7:30pm at Jive Softwarehttp://calagator.org/events/12504658362014-04-02T18:00:00-07:002014-04-02T19:30:00-07:00<div class="vevent">
<h1 class="summary">OWASP Chapter Meeting</h1>
<div class='date'><time class="dtstart dt-start" title="2014-04-02T18:00:00" datetime="2014-04-02T18:00:00">Wednesday, April 2, 2014 from 6</time>–<time class="dtend dt-end" title="2014-04-02T19:30:00" datetime="2014-04-02T19:30:00">7:30pm</time></div>
<div class="location vcard">
<a href='/venues/202391809' class='url'>
<span class='fn org'>Jive Software</span>
</a>
<div class="adr">
<div class="street-address">915 SW Stark St., Suite 400</div>
<span class="locality">Portland</span>
, <span class="region">Oregon</span>
<span class="postal-code">97205</span>
<div class='country-name'>United States<div>
(<a href='https://maps.google.com/maps?q=915%20SW%20Stark%20St.,%20Suite%20400,%20Portland%20Oregon%2097205%20United%20States'>map</a>)
</div>
</div>
<div class="description">
<p><i>Kevin Dyer will be presenting:</i></p>
<br><b>High-Profile Password Database Breaches: A Tale of (Avoidable) Blunders</b>
<p>Over the last few years, password database breaches reported in mainstream
press have increased in frequency and magnitude. There is a typical pattern
and service providers, such as Adobe or Yahoo or Snapchat, fail on at least
two fronts: first, network perimeters and databases are breached and then,
improperly secured user data and passwords are exfiltrated and shared in
cleartext. Even if the former can't be prevented, there are security best
practices to mitigate the impact of the latter, which are (seemingly)
ignored.</p>
<p>In this talk, we'll discuss specific case studies and review the essential
security best practices for storing sensitive user information. The goal is
to show that in every case free, off-the-shelf tools are available, that
would have mitigated the scope of the breach and (possibly) the onslaught
of negative publicity. As one example, we'll build intuition for why using
Scrypt (a memory-hard function) is superior to traditional cryptographic
hash functions for storing passwords.</p>
<p><b>Kevin P. Dyer</b> is a PhD student at Portland State University. His research
focuses on network security and building protocols resistant to
traffic-analysis attacks and censorship. Previously, Kevin worked as a
software engineer in telecommunications security, web security and network
security. He holds an MSc in the Mathematics of Cryptography and
Communications from Royal Holloway, University of London, and a BS in
Computer Science with Mathematics from Santa Clara University.</p>
<hr>
<p>The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list:</p>
<pre><code> <a href="https://lists.owasp.org/mailman/listinfo/owasp-portland">https://lists.owasp.org/mailman/listinfo/owasp-portland</a>
</code></pre>
<p>Meetings are free and open to the public.</p>
</div>
<h3>Links</h3>
<ul>
<li><a class="url" href="https://www.owasp.org/index.php/Portland">Website</a></li>
</ul>
<div class="tags">
<h3>Tags</h3>
<p><a class="p-category" href="/events/tag/owasp">owasp</a>, <a class="p-category" href="/events/tag/passwords">passwords</a>, <a class="p-category" href="/events/tag/scrypt">scrypt</a>, <a class="p-category" href="/events/tag/security">security</a></p>
</div>
<div class='single_view_right'>
<a href='http://calagator.org/events/1250465836.ics'>Download to iCal</a>
<div id='edit_link'>
<p>You can <a href="http://calagator.org/events/1250465836/edit">edit this event</a>.</p>
</div>
<div id='metadata'>
This item was added directly to Calagator <br /><strong>Thursday, March 13, 2014 at 7:42pm</strong> and last updated <br /><strong>Wednesday, April 2, 2014 at 11:29am</strong>.
</div>
</div>
</div>
45.5218 -122.68tag:calagator.org,2005:Calagator::Event/12504660872014-04-29T08:22:54-07:002014-04-29T09:53:51-07:00OWASP Chapter MeetingThursday, May 29, 2014 from 6-7:30pm at New Relichttp://calagator.org/events/12504660872014-05-29T18:00:00-07:002014-05-29T19:30:00-07:00<div class="vevent">
<h1 class="summary">OWASP Chapter Meeting</h1>
<div class='date'><time class="dtstart dt-start" title="2014-05-29T18:00:00" datetime="2014-05-29T18:00:00">Thursday, May 29, 2014 from 6</time>–<time class="dtend dt-end" title="2014-05-29T19:30:00" datetime="2014-05-29T19:30:00">7:30pm</time></div>
<div class="location vcard">
<a href='/venues/202392091' class='url'>
<span class='fn org'>New Relic</span>
</a>
<div class="adr">
<div class="street-address">111 SW 5th Avenue, Suite 2700</div>
<span class="locality">Portland</span>
, <span class="region">Oregon</span>
<span class="postal-code">97204</span>
<div class='country-name'>United States<div>
(<a href='https://maps.google.com/maps?q=111%20SW%205th%20Avenue,%20Suite%202700,%20Portland%20Oregon%2097204%20United%20States'>map</a>)
</div>
</div>
<div class="description">
<p><i>Ian Melven will be presenting:
<b>The Evolving Web Security Model</b></i></p>
<br>Is there a single cohesive model for the web ? No, there is not. What exists today is the result of the original same-origin policy and its evolution in many directions as a response to new threats and attacks. Where did we start, what tools are available to web developers to protect their sites and users, and where might we go in the future as the line between websites and native applications continues to become more and more blurry ? Join us on a journey through the past, present, and future of the web security model and its continuing evolution. <br><br><b>Ian Melven</b> is an application security engineer at New Relic. He has previously worked in technical security roles at companies including Mozilla, Adobe, McAfee, Symantec, and @stake.
<hr>
<p>The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list:</p>
<pre><code> <a href="https://lists.owasp.org/mailman/listinfo/owasp-portland">https://lists.owasp.org/mailman/listinfo/owasp-portland</a>
</code></pre>
<p>Meetings are free and open to the public.</p>
</div>
<h3>Links</h3>
<ul>
<li><a class="url" href="https://www.owasp.org/index.php/Portland">Website</a></li>
</ul>
<div class="tags">
<h3>Tags</h3>
<p><a class="p-category" href="/events/tag/owasp">owasp</a>, <a class="p-category" href="/events/tag/security">security</a></p>
</div>
<div class='single_view_right'>
<a href='http://calagator.org/events/1250466087.ics'>Download to iCal</a>
<div id='edit_link'>
<p>You can <a href="http://calagator.org/events/1250466087/edit">edit this event</a>.</p>
</div>
<div id='metadata'>
This item was added directly to Calagator <br /><strong>Tuesday, April 29, 2014 at 8:22am</strong> and last updated <br /><strong>Tuesday, April 29, 2014 at 9:53am</strong>.
</div>
</div>
</div>
45.5225 -122.676tag:calagator.org,2005:Calagator::Event/12504662892014-05-22T10:21:35-07:002014-05-22T10:21:35-07:00OWASP Chapter MeetingTuesday, July 22, 2014 from 6-7:30pm at New Relichttp://calagator.org/events/12504662892014-07-22T18:00:00-07:002014-07-22T19:30:00-07:00<div class="vevent">
<h1 class="summary">OWASP Chapter Meeting</h1>
<div class='date'><time class="dtstart dt-start" title="2014-07-22T18:00:00" datetime="2014-07-22T18:00:00">Tuesday, July 22, 2014 from 6</time>–<time class="dtend dt-end" title="2014-07-22T19:30:00" datetime="2014-07-22T19:30:00">7:30pm</time></div>
<div class="location vcard">
<a href='/venues/202392091' class='url'>
<span class='fn org'>New Relic</span>
</a>
<div class="adr">
<div class="street-address">111 SW 5th Avenue, Suite 2700</div>
<span class="locality">Portland</span>
, <span class="region">Oregon</span>
<span class="postal-code">97204</span>
<div class='country-name'>United States<div>
(<a href='https://maps.google.com/maps?q=111%20SW%205th%20Avenue,%20Suite%202700,%20Portland%20Oregon%2097204%20United%20States'>map</a>)
</div>
</div>
<div class="description">
<p><i>Tim Morgan will be presenting:</i> <strong>What You Didn't Know About XML External Entities Attacks</strong></p>
<p>The eXtensible Markup Language (XML) is an extremely pervasive technology used in countless software projects. Certain features built into the design of XML, namely inline schemas and document type definitions (DTDs) are a well-known source of potential security problems. Despite being a publicly discussed for more than a decade, a significant percentage of software using XML remains vulnerable to malicious schemas and DTDs. This talk will describe a collection of techniques for exploiting XML external entities (XXE) vulnerabilities, some of which we believe are novel. These techniques can allow for more convenient file content theft, sending of arbitrary data to arbitrary internal TCP services, uploads of arbitrary files to known locations on a vulnerable system, as well as several possible denial of service attacks. We hope this talk will raise awareness about the overall risk associated with XXE attacks and will provide recommendations that developers and XML library implementors can use to help prevent these attacks.</p>
<p><strong>Tim Morgan</strong> is credited with the discovery and responsible disclosure of several security vulnerabilities in commercial off-the-shelf and open source software including: IBM Tivoli Access Manager, Real Networks Real Player, Sun Java Runtime Environment, Google Chrome Web Browser, OpenOffice, and Oracle WebLogic Application Server. Tim develops and maintains several open source forensics tools as well as Bletchley, an application cryptanalysis tool kit. Tim regularly speaks and delivers technical training courses, his next of which will be on cryptography for developers at AppSecUSA 2014.</p>
<hr>
<p>The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list: <a href="https://lists.owasp.org/mailman/listinfo/owasp-portland">https://lists.owasp.org/mailman/listinfo/owasp-portland</a></p>
<br>
<p>Meetings are free and open to the public.</p>
</div>
<h3>Links</h3>
<ul>
<li><a class="url" href="https://www.owasp.org/index.php/Portland">Website</a></li>
</ul>
<div class="tags">
<h3>Tags</h3>
<p><a class="p-category" href="/events/tag/owasp">owasp</a>, <a class="p-category" href="/events/tag/security">security</a>, <a class="p-category" href="/events/tag/xml">xml</a>, <a class="p-category" href="/events/tag/xxe">xxe</a></p>
</div>
<div class='single_view_right'>
<a href='http://calagator.org/events/1250466289.ics'>Download to iCal</a>
<div id='edit_link'>
<p>You can <a href="http://calagator.org/events/1250466289/edit">edit this event</a>.</p>
</div>
<div id='metadata'>
This item was added directly to Calagator <br /><strong>Thursday, May 22, 2014 at 10:21am</strong>.
</div>
</div>
</div>
45.5225 -122.676tag:calagator.org,2005:Calagator::Event/12504671762014-10-16T16:13:50-07:002014-10-16T16:13:50-07:00OWASP Chapter Planning MeetingMonday, October 20, 2014 from 6:30-8:30pm at Tugboat Brewing Companyhttp://calagator.org/events/12504671762014-10-20T18:30:00-07:002014-10-20T20:30:00-07:00<div class="vevent">
<h1 class="summary">OWASP Chapter Planning Meeting</h1>
<div class='date'><time class="dtstart dt-start" title="2014-10-20T18:30:00" datetime="2014-10-20T18:30:00">Monday, October 20, 2014 from 6:30</time>–<time class="dtend dt-end" title="2014-10-20T20:30:00" datetime="2014-10-20T20:30:00">8:30pm</time></div>
<div class="location vcard">
<a href='/venues/202392378' class='url'>
<span class='fn org'>Tugboat Brewing Company</span>
</a>
<div class="adr">
<div class="street-address">711 SW Ankeny St</div>
<span class="locality">Portland</span>
, <span class="region">OR</span>
<span class="postal-code">97205</span>
<div class='country-name'>US<div>
(<a href='https://maps.google.com/maps?q=711%20SW%20Ankeny%20St,%20Portland%20OR%2097205%20US'>map</a>)
</div>
</div>
<div class="description">
<p>This is a planning meeting for the Portland OWASP chapter. Please join us if you are interested in helping us plan and organize the activities of the chapter for the next year.</p>
<p><b>Please RSVP if you plan on showing up. Just shoot an email to</b></p>
<p>( tim DOT morgan AT owasp DOT org )</p>
<p>Some of the topics we expect to discuss at this meeting:</p>
<ul>
<li>Chapter meetings</li>
<li>FLOSSHack events</li>
<li>Approaches to sponsorship</li>
<li>Long term group leadership and governance</li>
<li>YOUR ideas</li>
</ul>
<hr>
<p>The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list: <a href="https://lists.owasp.org/mailman/listinfo/owasp-portland">https://lists.owasp.org/mailman/listinfo/owasp-portland</a></p>
<p>Meetings are free and open to the public.</p>
</div>
<h3>Links</h3>
<ul>
<li><a class="url" href="https://www.owasp.org/index.php/Portland">Website</a></li>
</ul>
<div class="tags">
<h3>Tags</h3>
<p><a class="p-category" href="/events/tag/application security">application security</a>, <a class="p-category" href="/events/tag/owasp">owasp</a>, <a class="p-category" href="/events/tag/security">security</a>, <a class="p-category" href="/events/tag/web security">web security</a></p>
</div>
<div class='single_view_right'>
<a href='http://calagator.org/events/1250467176.ics'>Download to iCal</a>
<div id='edit_link'>
<p>You can <a href="http://calagator.org/events/1250467176/edit">edit this event</a>.</p>
</div>
<div id='metadata'>
This item was added directly to Calagator <br /><strong>Thursday, October 16, 2014 at 4:13pm</strong>.
</div>
</div>
</div>
45.5227 -122.6778tag:calagator.org,2005:Calagator::Event/12504672182014-10-24T09:28:22-07:002014-10-24T09:28:22-07:00OWASP Chapter MeetingThursday, December 4, 2014 from 6-7:30pm at New Relichttp://calagator.org/events/12504672182014-12-04T18:00:00-08:002014-12-04T19:30:00-08:00<div class="vevent">
<h1 class="summary">OWASP Chapter Meeting</h1>
<div class='date'><time class="dtstart dt-start" title="2014-12-04T18:00:00" datetime="2014-12-04T18:00:00">Thursday, December 4, 2014 from 6</time>–<time class="dtend dt-end" title="2014-12-04T19:30:00" datetime="2014-12-04T19:30:00">7:30pm</time></div>
<div class="location vcard">
<a href='/venues/202392091' class='url'>
<span class='fn org'>New Relic</span>
</a>
<div class="adr">
<div class="street-address">111 SW 5th Avenue, Suite 2700</div>
<span class="locality">Portland</span>
, <span class="region">Oregon</span>
<span class="postal-code">97204</span>
<div class='country-name'>United States<div>
(<a href='https://maps.google.com/maps?q=111%20SW%205th%20Avenue,%20Suite%202700,%20Portland%20Oregon%2097204%20United%20States'>map</a>)
</div>
</div>
<div class="description">
<p><i>Joseph Arpaia, MD will be presenting:</i> <strong> Hiding in Plain Sight: A Mnemonic Method For Creating Secure Passwords</strong></p>
<p>The human brain is not suited to recalling secure passwords composed of random sequences of characters especially if they are not used regularly. Humans are excellent at recalling sentences, even years after learning them, e.g. nursery rhymes, song lyrics. This ability can be used to create a mnemonic method for generating a large number of passwords from one remembered passphrase, even if the passphrase and the associated characters are not kept secret.</p>
<p>Joseph Arpaia received his BS in Chemistry from CalTech and his MD from UC Irvine where he also did research in electrophysiology and applications of chaos theory to psychiatry. He is a psychiatrist in private practice in Eugene, OR and applies heart rate variability analysis in his work with patients. He also teaches applications of mindfulness meditation to psychotherapy at the University of Oregon and is the co-author of Real Meditation in Minutes a Day. He has a long-standing interest in passwords and security which dates back to his experience at age 8 when he came up with a Vernam cipher in response to a challenge by his father to encrypt a text message.</p>
<hr>
<p>The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list: <a href="https://lists.owasp.org/mailman/listinfo/owasp-portland">https://lists.owasp.org/mailman/listinfo/owasp-portland</a></p>
<br>
<p>Meetings are free and open to the public.</p>
</div>
<h3>Links</h3>
<ul>
<li><a class="url" href="https://www.owasp.org/index.php/Portland">Website</a></li>
</ul>
<div class="tags">
<h3>Tags</h3>
<p><a class="p-category" href="/events/tag/owasp">owasp</a>, <a class="p-category" href="/events/tag/passwords">passwords</a>, <a class="p-category" href="/events/tag/security">security</a></p>
</div>
<div class='single_view_right'>
<a href='http://calagator.org/events/1250467218.ics'>Download to iCal</a>
<div id='edit_link'>
<p>You can <a href="http://calagator.org/events/1250467218/edit">edit this event</a>.</p>
</div>
<div id='metadata'>
This item was added directly to Calagator <br /><strong>Friday, October 24, 2014 at 9:28am</strong>.
</div>
</div>
</div>
45.5225 -122.676tag:calagator.org,2005:Calagator::Event/12504677622015-02-01T10:09:46-08:002015-02-01T10:09:46-08:00OWASP Chapter MeetingFriday, February 13, 2015 from 6-7:30pm at New Relichttp://calagator.org/events/12504677622015-02-13T18:00:00-08:002015-02-13T19:30:00-08:00<div class="vevent">
<h1 class="summary">OWASP Chapter Meeting</h1>
<div class='date'><time class="dtstart dt-start" title="2015-02-13T18:00:00" datetime="2015-02-13T18:00:00">Friday, February 13, 2015 from 6</time>–<time class="dtend dt-end" title="2015-02-13T19:30:00" datetime="2015-02-13T19:30:00">7:30pm</time></div>
<div class="location vcard">
<a href='/venues/202392091' class='url'>
<span class='fn org'>New Relic</span>
</a>
<div class="adr">
<div class="street-address">111 SW 5th Avenue, Suite 2700</div>
<span class="locality">Portland</span>
, <span class="region">Oregon</span>
<span class="postal-code">97204</span>
<div class='country-name'>United States<div>
(<a href='https://maps.google.com/maps?q=111%20SW%205th%20Avenue,%20Suite%202700,%20Portland%20Oregon%2097204%20United%20States'>map</a>)
</div>
</div>
<div class="description">
<p>Software development is speeding up; Waterfall to Agile to Continuous Integration to Continuous Deployment. Do we still have time for security? Of course we do! But many development shops are unaware how to add security to their development process and will often use "security slows us down" as a reason to produce insecure code. This talk focuses on how to add security into a speedy development process while still remaining fast and responsive to customer requests.</p>
<p>The speaker will be Joe Basirico - the VP of Services for Security Innovation. Before he started leading the team, he was a developer, trainer, researcher, and security engineer. Joe spent the majority of his professional career analyzing software security behavior and researching how software development organizations mature over time from a security perspective. Through this research, he developed an understanding of application threats, tools, and methodologies that assist in the discovery and removal of security problems both software- and process-related. He manages the company’s engineering blog and has written several publications and tools that focus on source code level vulnerabilities.</p>
</div>
<h3>Links</h3>
<ul>
<li><a class="url" href="https://www.owasp.org/index.php/Portland">Website</a></li>
</ul>
<div class="tags">
<h3>Tags</h3>
<p><a class="p-category" href="/events/tag/owasp">owasp</a>, <a class="p-category" href="/events/tag/security">security</a></p>
</div>
<div class='single_view_right'>
<a href='http://calagator.org/events/1250467762.ics'>Download to iCal</a>
<div id='edit_link'>
<p>You can <a href="http://calagator.org/events/1250467762/edit">edit this event</a>.</p>
</div>
<div id='metadata'>
This item was added directly to Calagator <br /><strong>Sunday, February 1, 2015 at 10:09am</strong>.
</div>
</div>
</div>
45.5225 -122.676tag:calagator.org,2005:Calagator::Event/12504677922015-02-05T16:00:25-08:002015-02-05T16:00:25-08:00OWASP Chapter MeetingTuesday, March 31, 2015 from 6-7:30pm at New Relichttp://calagator.org/events/12504677922015-03-31T18:00:00-07:002015-03-31T19:30:00-07:00<div class="vevent">
<h1 class="summary">OWASP Chapter Meeting</h1>
<div class='date'><time class="dtstart dt-start" title="2015-03-31T18:00:00" datetime="2015-03-31T18:00:00">Tuesday, March 31, 2015 from 6</time>–<time class="dtend dt-end" title="2015-03-31T19:30:00" datetime="2015-03-31T19:30:00">7:30pm</time></div>
<div class="location vcard">
<a href='/venues/202392091' class='url'>
<span class='fn org'>New Relic</span>
</a>
<div class="adr">
<div class="street-address">111 SW 5th Avenue, Suite 2700</div>
<span class="locality">Portland</span>
, <span class="region">Oregon</span>
<span class="postal-code">97204</span>
<div class='country-name'>United States<div>
(<a href='https://maps.google.com/maps?q=111%20SW%205th%20Avenue,%20Suite%202700,%20Portland%20Oregon%2097204%20United%20States'>map</a>)
</div>
</div>
<div class="description">
<p>People in Information Security say passwords are dead. Yet the replacement solutions are not available or main stream. An independent developer, Steve Gibson, decided to do something about it and created SQRL. From his website "Proposing a comprehensive, easy-to-use, high security replacement for usernames, passwords, reminders, one-time-code authenticators . . . and everything else." Let's talk about what SQRL is, how it works, how it could work in your solution and does it have competitors.? I am as interested in your feedback as I hope you are interested in resolving the password problem!</p>
<p>Brian Ventura is an Information Security Architect at the City of Portland and 21 years experience in IT. Brian has enterprise, consulting and project management experience, supplying secure solutions to internal and external customers. Brian is mentoring a SANS MGT414 course in Portland between April 14th and Jun 16th. You can find more information at <a href="https://www.sans.org/instructors/brian-ventura">https://www.sans.org/instructors/brian-ventura</a></p>
</div>
<h3>Links</h3>
<ul>
<li><a class="url" href="https://www.owasp.org/index.php/Portland">Website</a></li>
</ul>
<div class="tags">
<h3>Tags</h3>
<p><a class="p-category" href="/events/tag/SQRL">SQRL</a>, <a class="p-category" href="/events/tag/owasp">owasp</a>, <a class="p-category" href="/events/tag/security">security</a></p>
</div>
<div class='single_view_right'>
<a href='http://calagator.org/events/1250467792.ics'>Download to iCal</a>
<div id='edit_link'>
<p>You can <a href="http://calagator.org/events/1250467792/edit">edit this event</a>.</p>
</div>
<div id='metadata'>
This item was added directly to Calagator <br /><strong>Thursday, February 5, 2015 at 4pm</strong>.
</div>
</div>
</div>
45.5225 -122.676tag:calagator.org,2005:Calagator::Event/12504681492015-04-01T08:14:02-07:002015-04-01T08:14:02-07:00OWASP Chapter MeetingWednesday, June 17, 2015 from 6-7:30pm at Jive Softwarehttp://calagator.org/events/12504681492015-06-17T18:00:00-07:002015-06-17T19:30:00-07:00<div class="vevent">
<h1 class="summary">OWASP Chapter Meeting</h1>
<div class='date'><time class="dtstart dt-start" title="2015-06-17T18:00:00" datetime="2015-06-17T18:00:00">Wednesday, June 17, 2015 from 6</time>–<time class="dtend dt-end" title="2015-06-17T19:30:00" datetime="2015-06-17T19:30:00">7:30pm</time></div>
<div class="location vcard">
<a href='/venues/202391809' class='url'>
<span class='fn org'>Jive Software</span>
</a>
<div class="adr">
<div class="street-address">915 SW Stark St., Suite 400</div>
<span class="locality">Portland</span>
, <span class="region">Oregon</span>
<span class="postal-code">97205</span>
<div class='country-name'>United States<div>
(<a href='https://maps.google.com/maps?q=915%20SW%20Stark%20St.,%20Suite%20400,%20Portland%20Oregon%2097205%20United%20States'>map</a>)
</div>
</div>
<div class="description">
<p><i>Bob Loihl will be presenting: <br><b>Secure Software Development Life Cycle in an Agile World</b></i><br>
In this day and age we must do everything we can to produce secure software. But how you ask? I will be talking about some of the options available and how to get an initiative started in your workplace/project. I will cover some of the choices out there for Agile Development and then we'll examine one choice, BSIMM (<a href="https://www.bsimm.com/">https://www.bsimm.com/</a>), in more depth. I will follow that up with a discussion of some of the challenges and some of the benefits of implementing an SSDLC.</p>
<p><b>Bob Loihl</b> is a Software Engineer with 20+ years of experience developing business applications, leading teams and spreading the security word. He has a strong interest in delivering applications that are secure by design in an agile world. He has been helping Tripwire grow and mature its development processes for the last 10 years and his current hobby is incorporating SSDLC (Secure Software Development Life-Cycle) processes into the software manufacturing process. Bob is passionate about family, software, canoes and guitars. In his spare time he works at Tripwire producing high quality software using Agile methodologies. Oh yeah, he cares a tiny bit about security.</p>
<hr>
<p>The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list:</p>
<pre><code> <a href="https://lists.owasp.org/mailman/listinfo/owasp-portland">https://lists.owasp.org/mailman/listinfo/owasp-portland</a>
</code></pre>
<p>Meetings are free and open to the public.</p>
</div>
<h3>Links</h3>
<ul>
<li><a class="url" href="https://www.owasp.org/index.php/Portland">Website</a></li>
</ul>
<div class="tags">
<h3>Tags</h3>
<p><a class="p-category" href="/events/tag/SSDLC">SSDLC</a>, <a class="p-category" href="/events/tag/agile">agile</a>, <a class="p-category" href="/events/tag/bsimm">bsimm</a>, <a class="p-category" href="/events/tag/owasp">owasp</a>, <a class="p-category" href="/events/tag/sdlc">sdlc</a>, <a class="p-category" href="/events/tag/security">security</a></p>
</div>
<div class='single_view_right'>
<a href='http://calagator.org/events/1250468149.ics'>Download to iCal</a>
<div id='edit_link'>
<p>You can <a href="http://calagator.org/events/1250468149/edit">edit this event</a>.</p>
</div>
<div id='metadata'>
This item was added directly to Calagator <br /><strong>Wednesday, April 1, 2015 at 8:14am</strong>.
</div>
</div>
</div>
45.5218 -122.68tag:calagator.org,2005:Calagator::Event/12504683392015-04-28T16:12:20-07:002015-04-28T16:12:20-07:00OWASP Chapter MeetingTuesday, July 21, 2015 from 6-7:30pm at New Relichttp://calagator.org/events/12504683392015-07-21T18:00:00-07:002015-07-21T19:30:00-07:00<div class="vevent">
<h1 class="summary">OWASP Chapter Meeting</h1>
<div class='date'><time class="dtstart dt-start" title="2015-07-21T18:00:00" datetime="2015-07-21T18:00:00">Tuesday, July 21, 2015 from 6</time>–<time class="dtend dt-end" title="2015-07-21T19:30:00" datetime="2015-07-21T19:30:00">7:30pm</time></div>
<div class="location vcard">
<a href='/venues/202392091' class='url'>
<span class='fn org'>New Relic</span>
</a>
<div class="adr">
<div class="street-address">111 SW 5th Avenue, Suite 2700</div>
<span class="locality">Portland</span>
, <span class="region">Oregon</span>
<span class="postal-code">97204</span>
<div class='country-name'>United States<div>
(<a href='https://maps.google.com/maps?q=111%20SW%205th%20Avenue,%20Suite%202700,%20Portland%20Oregon%2097204%20United%20States'>map</a>)
</div>
</div>
<div class="description">
<h1>Talk</h1>
<p>At the end of the day, security depends on code. Secure software demands secure code, configuration, management, testing, and constant improvement.</p>
<p>Security automation aligns perfectly with the modern, fast-paced environments like continuous delivery that are quickly seeping into companies of all kinds.</p>
<p>Automation provides drastic results with little effort, but quickly reaches a plateau where the effort involved in finding better results that provide value rises above the value of focusing elsewhere.</p>
<p>In this talk, I will focus on some of the lesser discussed topics of security automation and how they relate to the lines of code that produce the reason why we are discussing security automation today. The goal is to give a complete understanding of the ways that companies like _ and _ have produced secure code that runs their web applications.</p>
<h1>Speaker</h1>
<p>Neil is currently an engineer at GitHub, co-founder of <a href="https://brakemanpro.com">Brakeman Security Inc.</a>, and OWASP Orange County board member. Formerly, he was an application security engineer at Twitter, OC Ruby leader, and AppSec California organizer. Neil enjoys long walks on the beach, long walks in the woods, and long walks anywhere really. His turnoffs include noisy offices, noisy people, and noisy anything really.</p>
<ul>
<li>Twitter <a href="https://twitter.com/ndm">@ndm</a>
</li>
<li>GitHub <a href="https://github.com/oreoshake">@oreoshake</a>
</li>
</ul>
</div>
<h3>Links</h3>
<ul>
<li><a class="url" href="https://www.owasp.org/index.php/Portland">Website</a></li>
</ul>
<div class="tags">
<h3>Tags</h3>
<p><a class="p-category" href="/events/tag/owasp">owasp</a>, <a class="p-category" href="/events/tag/secure coding">secure coding</a>, <a class="p-category" href="/events/tag/security">security</a>, <a class="p-category" href="/events/tag/security automation">security automation</a></p>
</div>
<div class='single_view_right'>
<a href='http://calagator.org/events/1250468339.ics'>Download to iCal</a>
<div id='edit_link'>
<p>You can <a href="http://calagator.org/events/1250468339/edit">edit this event</a>.</p>
</div>
<div id='metadata'>
This item was added directly to Calagator <br /><strong>Tuesday, April 28, 2015 at 4:12pm</strong>.
</div>
</div>
</div>
45.5225 -122.676tag:calagator.org,2005:Calagator::Event/12504691142015-09-24T14:11:27-07:002015-09-24T14:11:27-07:00OWASP Chapter Planning MeetingWednesday, October 7, 2015 from 7-9pm at Mama Mia Trattoria http://calagator.org/events/12504691142015-10-07T19:00:00-07:002015-10-07T21:00:00-07:00<div class="vevent">
<h1 class="summary">OWASP Chapter Planning Meeting</h1>
<div class='date'><time class="dtstart dt-start" title="2015-10-07T19:00:00" datetime="2015-10-07T19:00:00">Wednesday, October 7, 2015 from 7</time>–<time class="dtend dt-end" title="2015-10-07T21:00:00" datetime="2015-10-07T21:00:00">9pm</time></div>
<div class="location vcard">
<a href='/venues/202391313' class='url'>
<span class='fn org'>Mama Mia Trattoria </span>
</a>
<div class="adr">
<div class="street-address">439 SW 2nd Ave</div>
<span class="locality">Portland</span>
, <span class="region">Oregon </span>
<span class="postal-code">97204</span>
<div class='country-name'>US<div>
(<a href='https://maps.google.com/maps?q=439%20SW%202nd%20Ave,%20Portland%20Oregon%20%2097204%20US'>map</a>)
</div>
</div>
<div class="description">
<p>This is a planning meeting for the Portland OWASP chapter. Please join us if you are interested in helping us plan and organize the activities of the chapter for the next year.</p>
<p><b>Please RSVP if you plan on showing up. Just shoot an email to</b></p>
<p>( tim DOT morgan AT owasp DOT org )</p>
<p>Some of the topics we expect to discuss at this meeting:</p>
<ul>
<li>Summary of AppSecUSA</li>
<li>Leads on speakers for Chapter Meetings</li>
<li>FLOSSHack events</li>
<li>A Possible Training Day</li>
<li>Long term group leadership and governance</li>
<li>YOUR ideas</li>
</ul>
<hr>
<p>The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list: <a href="https://lists.owasp.org/mailman/listinfo/owasp-portland">https://lists.owasp.org/mailman/listinfo/owasp-portland</a></p>
<p>Meetings are free and open to the public.</p>
</div>
<h3>Links</h3>
<ul>
<li><a class="url" href="https://www.owasp.org/index.php/Portland">Website</a></li>
</ul>
<div class="tags">
<h3>Tags</h3>
<p><a class="p-category" href="/events/tag/application security">application security</a>, <a class="p-category" href="/events/tag/owasp">owasp</a>, <a class="p-category" href="/events/tag/security">security</a>, <a class="p-category" href="/events/tag/web security">web security</a></p>
</div>
<div class='single_view_right'>
<a href='http://calagator.org/events/1250469114.ics'>Download to iCal</a>
<div id='edit_link'>
<p>You can <a href="http://calagator.org/events/1250469114/edit">edit this event</a>.</p>
</div>
<div id='metadata'>
This item was added directly to Calagator <br /><strong>Thursday, September 24, 2015 at 2:11pm</strong>.
</div>
</div>
</div>
45.5195 -122.6738tag:calagator.org,2005:Calagator::Event/12504692192015-10-12T19:19:36-07:002015-11-07T09:22:56-08:00OWASP: Antivirus in the Enterprise - Is it dead yet?Tuesday, November 17, 2015 from 6-8pm at Jama Software (New Office)http://calagator.org/events/12504692192015-11-17T18:00:00-08:002015-11-17T20:00:00-08:00<div class="vevent">
<h1 class="summary">OWASP: Antivirus in the Enterprise - Is it dead yet?</h1>
<div class='date'><time class="dtstart dt-start" title="2015-11-17T18:00:00" datetime="2015-11-17T18:00:00">Tuesday, November 17, 2015 from 6</time>–<time class="dtend dt-end" title="2015-11-17T20:00:00" datetime="2015-11-17T20:00:00">8pm</time></div>
<div class="location vcard">
<a href='/venues/202394847' class='url'>
<span class='fn org'>Jama Software (New Office)</span>
</a>
<div class="adr">
<div class="street-address">135 SW Taylor Suite 200</div>
<span class="locality">Portland</span>
, <span class="region">Oregon</span>
<span class="postal-code">97204</span>
<div class='country-name'>United States<div>
(<a href='https://maps.google.com/maps?q=135%20SW%20Taylor%20Suite%20200,%20Portland%20Oregon%2097204%20United%20States'>map</a>)
</div>
</div>
<div class="description">
<p>This month's topic is "Antivirus in the Enterprise - is it dead yet?" Read almost any article about antivirus today, and there will be an opinion somewhere in the writings about the applicability and effectiveness of antivirus software in the enterprise today. Some say yes; some say no. We will open this meeting with a pro/con presentation by security professionals Tony Carothers and Timothy D. Morgan, followed by discussion and debate in a panel style, about antivirus software and it's effectiveness in software security today. Refreshments will be provided.</p>
<hr>
<p>The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list: <a href="https://lists.owasp.org/mailman/listinfo/owasp-portland">https://lists.owasp.org/mailman/listinfo/owasp-portland</a></p>
<br>
<p>Meetings are free and open to the public.</p>
</div>
<h3>Links</h3>
<ul>
<li><a class="url" href="https://www.owasp.org/index.php/Portland">Website</a></li>
</ul>
<div class="tags">
<h3>Tags</h3>
<p><a class="p-category" href="/events/tag/antivirus">antivirus</a>, <a class="p-category" href="/events/tag/owasp">owasp</a>, <a class="p-category" href="/events/tag/security">security</a></p>
</div>
<div class='single_view_right'>
<a href='http://calagator.org/events/1250469219.ics'>Download to iCal</a>
<div id='edit_link'>
<p>You can <a href="http://calagator.org/events/1250469219/edit">edit this event</a>.</p>
</div>
<div id='metadata'>
This item was added directly to Calagator <br /><strong>Monday, October 12, 2015 at 7:19pm</strong> and last updated <br /><strong>Saturday, November 7, 2015 at 9:22am</strong>.
</div>
</div>
</div>
45.5166 -122.6749tag:calagator.org,2005:Calagator::Event/12504697072016-01-25T16:25:58-08:002016-01-25T16:25:58-08:00OWASP: Inspiring People to Embrace Risk ManagementWednesday, February 17, 2016 from 6-7:30pm at New Relichttp://calagator.org/events/12504697072016-02-17T18:00:00-08:002016-02-17T19:30:00-08:00<div class="vevent">
<h1 class="summary">OWASP: Inspiring People to Embrace Risk Management</h1>
<div class='date'><time class="dtstart dt-start" title="2016-02-17T18:00:00" datetime="2016-02-17T18:00:00">Wednesday, February 17, 2016 from 6</time>–<time class="dtend dt-end" title="2016-02-17T19:30:00" datetime="2016-02-17T19:30:00">7:30pm</time></div>
<div class="location vcard">
<a href='/venues/202392091' class='url'>
<span class='fn org'>New Relic</span>
</a>
<div class="adr">
<div class="street-address">111 SW 5th Avenue, Suite 2700</div>
<span class="locality">Portland</span>
, <span class="region">Oregon</span>
<span class="postal-code">97204</span>
<div class='country-name'>United States<div>
(<a href='https://maps.google.com/maps?q=111%20SW%205th%20Avenue,%20Suite%202700,%20Portland%20Oregon%2097204%20United%20States'>map</a>)
</div>
</div>
<div class="description">
<p>This month's OWASP chapter meeting features Andrew Plato, President and CEO of Anitian.</p>
<h1>Talk</h1>
<p>Security leaders are under supreme pressure to build security programs that protect the business without disabling the business. However, the greatest impediment to success is not the technologies or regulations, but rather the people who must implement a security program. As a security leader, how do you communicate important risk, security, and compliance concepts to your team in a manner that inspires them to action?
The answer is security vision. We live in world where people do not want more rules, they want meaning. The problem with so much of what we do in security is that it often seems annoying and unnecessary to users and executives. When people understand the mission and vision of the organization, they are naturally inclined to follow good practices.
In this presentation, veteran security leader, as well as a CEO, Andrew Plato will discuss how to create, foster, and promote security vision to improve engagement with your co-workers. We will discuss communication, leadership, and motivational strategies that clarify and simplify security concepts to drive maximum employee engagement.</p>
<h1>Speaker</h1>
<p>Andrew Plato, CISSP, CISM, QSA</p>
<p>In 1995 while working at Microsoft, Andrew executed the first known instance of a SQL Injection attack against an early e-commerce site. When he demonstrated this attack to the developers, they dismissed the issue as irrelevant. This intrigued but also inspired Andrew to found Anitian with the goal of helping people understand the complexities of information security. <br>
Today, Anitian is one of the most trusted names in security intelligence with clients worldwide. Anitian has a mission to Build Great Security Leaders. For the past 20 years, Andrew and Anitian have consistently executed on this mission with innovative, pragmatic answers to the most vexing security, compliance, and risk challenges.
Andrew’s career encompasses nearly every dimension of information security. He has participated in thousands of security projects, written hundreds of articles, and advised hundreds of C-level executives. Being a both a business owner and security practitioner allows Andrew to bring a unique perspective to any discussion regarding security, technology, and governance.
Andrew is well-known for delivering entertaining presentations that challenge conventional thinking and deliver practical answers to complex IT security challenges.</p>
<hr>
<p>The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list: <a href="https://lists.owasp.org/mailman/listinfo/owasp-portland">https://lists.owasp.org/mailman/listinfo/owasp-portland</a></p>
<br>
<p>Meetings are free and open to the public.</p>
</div>
<h3>Links</h3>
<ul>
<li><a class="url" href="https://www.owasp.org/index.php/Portland">Website</a></li>
</ul>
<div class="tags">
<h3>Tags</h3>
<p><a class="p-category" href="/events/tag/owasp">owasp</a>, <a class="p-category" href="/events/tag/risk management">risk management</a>, <a class="p-category" href="/events/tag/security">security</a></p>
</div>
<div class='single_view_right'>
<a href='http://calagator.org/events/1250469707.ics'>Download to iCal</a>
<div id='edit_link'>
<p>You can <a href="http://calagator.org/events/1250469707/edit">edit this event</a>.</p>
</div>
<div id='metadata'>
This item was added directly to Calagator <br /><strong>Monday, January 25, 2016 at 4:25pm</strong>.
</div>
</div>
</div>
45.5225 -122.676tag:calagator.org,2005:Calagator::Event/12504701522016-04-20T08:54:31-07:002016-04-29T04:30:14-07:00OWASP: Scanning APIs with OAS 2.0 (Swagger)Monday, May 23, 2016 from 6-7:30pm at New Relichttp://calagator.org/events/12504701522016-05-23T18:00:00-07:002016-05-23T19:30:00-07:00<div class="vevent">
<h1 class="summary">OWASP: Scanning APIs with OAS 2.0 (Swagger)</h1>
<div class='date'><time class="dtstart dt-start" title="2016-05-23T18:00:00" datetime="2016-05-23T18:00:00">Monday, May 23, 2016 from 6</time>–<time class="dtend dt-end" title="2016-05-23T19:30:00" datetime="2016-05-23T19:30:00">7:30pm</time></div>
<div class="location vcard">
<a href='/venues/202392091' class='url'>
<span class='fn org'>New Relic</span>
</a>
<div class="adr">
<div class="street-address">111 SW 5th Avenue, Suite 2700</div>
<span class="locality">Portland</span>
, <span class="region">Oregon</span>
<span class="postal-code">97204</span>
<div class='country-name'>United States<div>
(<a href='https://maps.google.com/maps?q=111%20SW%205th%20Avenue,%20Suite%202700,%20Portland%20Oregon%2097204%20United%20States'>map</a>)
</div>
</div>
<div class="description">
<h1>Scanning APIs with OAS 2.0 (Swagger): </h1>
<p>The Open API Specification is a relative newcomer in the history of web service interface documentation. It stands apart from its predecessors by not tying itself to a specific vendor technology, and aims to embrace all forms of RESTful HTTP. Leveraging this powerful specification for automated scanning of APIs will save time by providing a straightforward mechanism to evaluate APIs without having to proxy traffic or manually build attack vectors.</p>
<p>Topics covered</p>
<ul>
<li> What is the OpenAPI Specification (Swagger)
</li>
<li> How Swagger/REST relates to SOAP/XML
</li>
<li> Tools for converting to/from swagger to 'X'.
</li>
<li> Scanning a simple RESTful JSON based API with Swagger
</li>
<li> Swaggering the SDLC.
</li>
</ul>
<h1>Speaker</h1>
<p>Scott Davis<br>
Rapid7<br>
Application Security Researcher <br>
Portland, Oregon Area<br></p>
<p>Scott has been developing software professionally for over 15 years in a variety of contexts and technologies including wireless sensor networks, robotics, migration modeling & visualization, ERP, interactive projection art, product development and security services. Scott has spent as many years focusing on the security aspects of these technologies, and has leveraged this background to lead the engineering security team at Webtrends for several years. Currently, he serves as Application Security Research for Rapid7.</p>
<hr>
<p>The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list: <a href="https://lists.owasp.org/mailman/listinfo/owasp-portland">https://lists.owasp.org/mailman/listinfo/owasp-portland</a></p>
<br>
<p>Meetings are free and open to the public.</p>
</div>
<h3>Links</h3>
<ul>
<li><a class="url" href="https://www.owasp.org/index.php/Portland">Website</a></li>
</ul>
<div class="tags">
<h3>Tags</h3>
<p><a class="p-category" href="/events/tag/Open API">Open API</a>, <a class="p-category" href="/events/tag/Swagger">Swagger</a>, <a class="p-category" href="/events/tag/owasp">owasp</a>, <a class="p-category" href="/events/tag/rest">rest</a>, <a class="p-category" href="/events/tag/security">security</a></p>
</div>
<div class='single_view_right'>
<a href='http://calagator.org/events/1250470152.ics'>Download to iCal</a>
<div id='edit_link'>
<p>You can <a href="http://calagator.org/events/1250470152/edit">edit this event</a>.</p>
</div>
<div id='metadata'>
This item was added directly to Calagator <br /><strong>Wednesday, April 20, 2016 at 8:54am</strong> and last updated <br /><strong>Friday, April 29, 2016 at 4:30am</strong>.
</div>
</div>
</div>
45.5225 -122.676tag:calagator.org,2005:Calagator::Event/12504702772016-05-16T11:04:12-07:002016-06-16T09:14:27-07:00OWASP: Add TAL, improve a threat model!Tuesday, June 21, 2016 from 6-7:30pm at WebMDhttp://calagator.org/events/12504702772016-06-21T18:00:00-07:002016-06-21T19:30:00-07:00<div class="vevent">
<h1 class="summary">OWASP: Add TAL, improve a threat model!</h1>
<div class='date'><time class="dtstart dt-start" title="2016-06-21T18:00:00" datetime="2016-06-21T18:00:00">Tuesday, June 21, 2016 from 6</time>–<time class="dtend dt-end" title="2016-06-21T19:30:00" datetime="2016-06-21T19:30:00">7:30pm</time></div>
<div class="location vcard">
<a href='/venues/202395261' class='url'>
<span class='fn org'>WebMD</span>
</a>
<div class="adr">
<div class="street-address">2701 Northwest Vaughn Street</div>
<span class="locality">Portland</span>
, <span class="region">OR</span>
<span class="postal-code">97210</span>
<div class='country-name'>US<div>
(<a href='https://maps.google.com/maps?q=2701%20Northwest%20Vaughn%20Street,%20Portland%20OR%2097210%20US'>map</a>)
</div>
</div>
<div class="description">
<h1>Add TAL, improve a threat model!</h1>
<p>To improve your (threat) modeling career, you need a better (threat) agent (library)! Threat modeling is a process for capturing, organizing, and analyzing the security of a system based on the perspective of a threat agent. Threat modeling enables informed decision-making about application security risk. In addition to producing a model, typical threat modeling efforts also produce a prioritized list of security improvements to the concept, requirements, design, or implementation. In 2009, OWASP posted wiki pages on threat modeling. Although there was the start of a section on threat agents, it has yet to be completed.<br></p>
<p>Intel developed a unique standardized threat agent library (TAL) that provides a consistent, up-to-date reference describing the human agents that pose threats to IT systems and other information assets. Instead of picking threat agents based on vendor recommendations and space requirements in Powerpoint, the TAL produces a repeatable, yet flexible enough for a range of risk assessment uses. We will cover both the TAL, the Threat Agent Risk Assessment (TARA), how they can be used to improve threat modeling.</p>
<h1>Speaker</h1>
<p>Eric Jernigan<br>
Information Security Architect<br>
Umpqua Bank<br></p>
<hr>
<p>Eric Jernigan is an Information Security Architect at Umpqua Bank and focuses on risk assessment, Secure project support, information security governance, and security awareness. Prior to this, Eric He has also served as an information security manager and adjunct instructor at PCC. He has also served as an active duty Information Warfare Analyst in the Air National Guard in support of NORTHCOM/NORAD. He has almost twenty years of intelligence, counter-terrorism, Information warfare, information security, and compliance experience. His current professional certifications include CISM, CRISC, and CISSP, so love him. A staunch privacy advocate, he hates Facebook.</p>
<br>
<hr>
<p>The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list: <a href="https://lists.owasp.org/mailman/listinfo/owasp-portland">https://lists.owasp.org/mailman/listinfo/owasp-portland</a></p>
<br>
<p>Meetings are free and open to the public.</p>
</div>
<h3>Links</h3>
<ul>
<li><a class="url" href="https://www.owasp.org/index.php/Portland">Website</a></li>
</ul>
<div class="tags">
<h3>Tags</h3>
<p><a class="p-category" href="/events/tag/Risk Assessment">Risk Assessment</a>, <a class="p-category" href="/events/tag/TAL">TAL</a>, <a class="p-category" href="/events/tag/TARA">TARA</a>, <a class="p-category" href="/events/tag/Threat Agent Risk Assessment">Threat Agent Risk Assessment</a>, <a class="p-category" href="/events/tag/Threat Model">Threat Model</a>, <a class="p-category" href="/events/tag/intel">intel</a>, <a class="p-category" href="/events/tag/owasp">owasp</a>, <a class="p-category" href="/events/tag/security">security</a></p>
</div>
<div class='single_view_right'>
<a href='http://calagator.org/events/1250470277.ics'>Download to iCal</a>
<div id='edit_link'>
<p>You can <a href="http://calagator.org/events/1250470277/edit">edit this event</a>.</p>
</div>
<div id='metadata'>
This item was added directly to Calagator <br /><strong>Monday, May 16, 2016 at 11:04am</strong> and last updated <br /><strong>Thursday, June 16, 2016 at 9:14am</strong>.
</div>
</div>
</div>
45.5375 -122.7078tag:calagator.org,2005:Calagator::Event/12504704592016-06-20T14:15:08-07:002016-07-28T16:31:57-07:00OWASP: Social Engineering -- How to Avoid Being a Victim Thursday, July 28, 2016 from 6-8pm at Jama Software (New Office)http://calagator.org/events/12504704592016-07-28T18:00:00-07:002016-07-28T20:00:00-07:00<div class="vevent">
<h1 class="summary">OWASP: Social Engineering -- How to Avoid Being a Victim </h1>
<div class='date'><time class="dtstart dt-start" title="2016-07-28T18:00:00" datetime="2016-07-28T18:00:00">Thursday, July 28, 2016 from 6</time>–<time class="dtend dt-end" title="2016-07-28T20:00:00" datetime="2016-07-28T20:00:00">8pm</time></div>
<div class="location vcard">
<a href='/venues/202394847' class='url'>
<span class='fn org'>Jama Software (New Office)</span>
</a>
<div class="adr">
<div class="street-address">135 SW Taylor Suite 200</div>
<span class="locality">Portland</span>
, <span class="region">Oregon</span>
<span class="postal-code">97204</span>
<div class='country-name'>United States<div>
(<a href='https://maps.google.com/maps?q=135%20SW%20Taylor%20Suite%20200,%20Portland%20Oregon%2097204%20United%20States'>map</a>)
</div>
</div>
<div class="description">
<p>Social engineering (an act of exploiting people instead of computers) is one of the most dangerous tools in the hacker’s toolkit to breach internet security. The Ubiquiti Networks fell victim to a $39.1 M fraud as one of its staff members was hit by a fraudulent “Business Email Compromise” attack. Thousands of grandmas and grandpas are victim of phishing emails and are forced to pay ransom to have their data released.</p>
<p>In this new millennium, the cyber security game has changed significantly from annoying harmless viruses to stealing vital personal data, causing negative financial impact, demanding ransom, and spreading international political feud. Anyone with presence in the Cyber space has to protect himself/herself, the infrastructure, customers, and also deal with the legal repercussions in the event of a breach. In this talk Bhushan will present the different types of social engineering practices including use of social networks such as Facebook, Twitter, LinkedIn, the bad guys successfully use. The victims can range from the “C” levels (CEO, CFO, CTO) down to the individual contributors in an organization to a grandparent on her laptop. The presentation will also discuss a variety of ordinary but effective measures such as awareness campaign that organizations can take to minimize the risk of breach.</p>
<hr>
<p>Speaker
Bhushan Gupta</p>
<p>A principal consultant at Gupta Consulting LLC., Bhushan Gupta is passionate about the integration of web application security into Agile software development lifecycle. His interests extend to Social Engineering and Attack Surface Analysis. Bhushan worked at Hewlett-Packard for 13 years in various roles including quality engineer, software process architect, and software productivity manager. He then developed a strong interest in web application security while working as a quality engineer for Nike Inc. After 5 years at Nike, he retired and since has been studying various facets of web application security. Bhushan is a certified Six Sigma Black Belt (HP and ASQ) and an adjunct faculty member at the Oregon Institute of Technology in Software Engineering. To learn more about Bhushan, visit <a href="http://www.bgupta.com">www.bgupta.com</a>.</p>
<hr>
<p>This meeting will be recorded! Feel free to <a href="https://www.periscope.tv/ethersnowman/">tune in live</a>, or <a href="https://www.youtube.com/playlist?list=PL_BrF2C9XxGWP0LIXJIDuzJ59BaKlbITh">catch the recording later</a> (~24hrs after event).</p>
<hr>
<p>The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list: <a href="https://lists.owasp.org/mailman/listinfo/owasp-portland">https://lists.owasp.org/mailman/listinfo/owasp-portland</a></p>
<br>
<p>Meetings are free and open to the public.</p>
</div>
<h3>Links</h3>
<ul>
<li><a class="url" href="https://www.owasp.org/index.php/Portland">Website</a></li>
</ul>
<div class="tags">
<h3>Tags</h3>
<p><a class="p-category" href="/events/tag/owasp">owasp</a>, <a class="p-category" href="/events/tag/phishing">phishing</a>, <a class="p-category" href="/events/tag/security">security</a>, <a class="p-category" href="/events/tag/social engineering">social engineering</a></p>
</div>
<div class='single_view_right'>
<a href='http://calagator.org/events/1250470459.ics'>Download to iCal</a>
<div id='edit_link'>
<p>You can <a href="http://calagator.org/events/1250470459/edit">edit this event</a>.</p>
</div>
<div id='metadata'>
This item was added directly to Calagator <br /><strong>Monday, June 20, 2016 at 2:15pm</strong> and last updated <br /><strong>Thursday, July 28, 2016 at 4:31pm</strong>.
</div>
</div>
</div>
45.5166 -122.6749tag:calagator.org,2005:Calagator::Event/12504704882016-06-23T15:10:13-07:002020-08-20T22:54:02-07:00OWASP: Node.js SecurityThursday, August 25, 2016 from 6-8pm at Simplehttp://calagator.org/events/12504704882016-08-25T18:00:00-07:002016-08-25T20:00:00-07:00<div class="vevent">
<h1 class="summary">OWASP: Node.js Security</h1>
<div class='date'><time class="dtstart dt-start" title="2016-08-25T18:00:00" datetime="2016-08-25T18:00:00">Thursday, August 25, 2016 from 6</time>–<time class="dtend dt-end" title="2016-08-25T20:00:00" datetime="2016-08-25T20:00:00">8pm</time></div>
<div class="location vcard">
<a href='/venues/202395250' class='url'>
<span class='fn org'>Simple</span>
</a>
<div class="adr">
<div class="street-address">1615 SE 3rd Ave, Suite 200</div>
<span class="locality">Portland</span>
, <span class="region">OR</span>
<span class="postal-code">97214</span>
<div class='country-name'>US<div>
(<a href='https://maps.google.com/maps?q=1615%20SE%203rd%20Ave,%20Suite%20200,%20Portland%20OR%2097214%20US'>map</a>)
</div>
</div>
<h3>Links</h3>
<ul>
<li><a class="url" href="https://www.owasp.org/index.php/Portland">Website</a></li>
</ul>
<div class="tags">
<h3>Tags</h3>
<p><a class="p-category" href="/events/tag/node.js">node.js</a>, <a class="p-category" href="/events/tag/owasp">owasp</a>, <a class="p-category" href="/events/tag/security">security</a></p>
</div>
<div class='single_view_right'>
<a href='http://calagator.org/events/1250470488.ics'>Download to iCal</a>
<div id='edit_link'>
<p>You can <a href="http://calagator.org/events/1250470488/edit">edit this event</a>.</p>
</div>
<div id='metadata'>
This item was added directly to Calagator <br /><strong>Thursday, June 23, 2016 at 3:10pm</strong> and last updated <br /><strong>Thursday, August 20, 2020 at 10:54pm</strong>.
</div>
</div>
</div>
45.5114 -122.6633tag:calagator.org,2005:Calagator::Event/12504709652016-10-11T18:21:54-07:002016-10-11T18:22:27-07:00OWASP Training Day 2016Wednesday, November 2, 2016 from 8am-7:30pm at Portland State University (PSU) - Smith Memorial Centerhttp://calagator.org/events/12504709652016-11-02T08:00:00-07:002016-11-02T19:30:00-07:00<div class="vevent">
<h1 class="summary">OWASP Training Day 2016</h1>
<div class='date'><time class="dtstart dt-start" title="2016-11-02T08:00:00" datetime="2016-11-02T08:00:00">Wednesday, November 2, 2016 from 8am</time>–<time class="dtend dt-end" title="2016-11-02T19:30:00" datetime="2016-11-02T19:30:00">7:30pm</time></div>
<div class="location vcard">
<a href='/venues/202390005' class='url'>
<span class='fn org'>Portland State University (PSU) - Smith Memorial Center</span>
</a>
<div class="adr">
<div class="street-address">1825 SW Broadway</div>
<span class="locality">Portland</span>
, <span class="region">OR</span>
<span class="postal-code">97201</span>
<div class='country-name'>US<div>
(<a href='https://maps.google.com/maps?q=1825%20SW%20Broadway,%20Portland%20OR%2097201%20US'>map</a>)
</div>
</div>
<div class="description">
<p>This year the Portland OWASP chapter is hosting a training day. This will be an excellent opportunity for students to receive quality information security and application security training for next to nothing. (Similar training may cost more than 10 times as much in a conference setting.) It will also be a great chance to network with the local infosec community.</p>
<p><b><i>For more information on the schedule and how to register, see the <a href="https://www.owasp.org/index.php/OWASP_Portland_2016_Training_Day">main event page</a></i></b>.</p>
<p><i>Courses are held in two tracks: two in the morning session, and two in the afternoon session. Each student can register for one morning course, or one afternoon course, or one of each!</i></p>
<hr>
<h1>Morning Session</h1>
<br>
<h2>Cyber Hygiene - Critical Security Controls</h2>
<p>With so many types of network attacks and so many tools/solutions to combat these attacks, which should I implement first? Which should I buy? Can I build it myself? The CIS Critical Security Controls are a prioritized approach to ensuring information security. As a general risk assessment, the Critical Security Controls address the past, current and expected attacks occurring across the Internet. In this course we will outline the controls, discuss implementation and testing, and provide examples.</p>
<br>
<h2>Introduction to Injection Vulnerabilities</h2>
<p>Instructor: Timothy D. Morgan
Ever concatenated strings in your code? Did those strings include any kind of structured syntax? Then your code might be vulnerable to injection. Injection flaws are broad, common category of vulnerability in modern software. While many developers are aware of high-profile technical issues, such as SQL injection, any number of injection vulnerabilities are possible in other languages, protocols, and syntaxes. Upon studying these flaws in many contexts, an underlying "theory of injection" emerges. This simple concept can be applied to many situations (including new technologies and those yet to be invented) to help developers avoid the most common types of implementation vulnerabilities. The reason why "injection" is #1 on the OWASP Top 10 will become very clear by the end of this class. This course will provide students a detailed introduction to injection vulnerabilities and then get students busy with hands-on exercises where a variety of different injection flaws can be explored and understood in real-world contexts.</p>
<h1>Afternoon Session</h1>
<br>
<h2>Applied Physical Attacks on Embedded Systems, Introductory Version</h2>
<p>This workshop introduces several different relatively accessible interfaces on embedded systems. Attendees will get hands-on experience with UART, SPI, and JTAG interfaces on a MIPS-based wifi router. After a brief architectural overview of each interface, hands-on labs will guide through the process understanding, observing, interacting with, and exploiting the interface to potentially access a root shell on the target.</p>
<br>
<h2>Communications Security in Modern Software</h2>
<p>Securing communications over untrusted networks is a critical component to any modern application's security. However, far too often developers and operations personnel become tripped up by the many pitfalls of implementation in this area, which often leads to complete failures to secure data on the wire. In this course we discuss how attackers can gain access to other users' communication through a variety of techniques and cover the strategies for preventing this. The course covers specific topics ranging from the SSL/TLS certificate authority system, to secure web session management and mobile communications security. A hands-on exercise is included in the course which helps students empirically test SSL/TLS certificate validation in a realistic scenario.</p>
<hr>
<h1>About OWASP</h1>
<p>The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list: <a href="https://lists.owasp.org/mailman/listinfo/owasp-portland">https://lists.owasp.org/mailman/listinfo/owasp-portland</a></p>
<br>
</div>
<h3>Links</h3>
<ul>
<li><a class="url" href="https://www.owasp.org/index.php/OWASP_Portland_2016_Training_Day">Website</a></li>
</ul>
<div class="tags">
<h3>Tags</h3>
<p><a class="p-category" href="/events/tag/owasp">owasp</a>, <a class="p-category" href="/events/tag/security">security</a>, <a class="p-category" href="/events/tag/training">training</a></p>
</div>
<div class='single_view_right'>
<a href='http://calagator.org/events/1250470965.ics'>Download to iCal</a>
<div id='edit_link'>
<p>You can <a href="http://calagator.org/events/1250470965/edit">edit this event</a>.</p>
</div>
<div id='metadata'>
This item was added directly to Calagator <br /><strong>Tuesday, October 11, 2016 at 6:21pm</strong> and last updated <br /><strong>Tuesday, October 11, 2016 at 6:22pm</strong>.
</div>
</div>
</div>
45.5116 -122.6838tag:calagator.org,2005:Calagator::Event/12504714252017-02-03T14:58:21-08:002017-02-03T14:58:21-08:00OWASP Chapter Planning MeetingMonday, February 13, 2017 from 6:30-8pm at Kells Irish Restaurant & Pubhttp://calagator.org/events/12504714252017-02-13T18:30:00-08:002017-02-13T20:00:00-08:00<div class="vevent">
<h1 class="summary">OWASP Chapter Planning Meeting</h1>
<div class='date'><time class="dtstart dt-start" title="2017-02-13T18:30:00" datetime="2017-02-13T18:30:00">Monday, February 13, 2017 from 6:30</time>–<time class="dtend dt-end" title="2017-02-13T20:00:00" datetime="2017-02-13T20:00:00">8pm</time></div>
<div class="location vcard">
<a href='/venues/202391475' class='url'>
<span class='fn org'>Kells Irish Restaurant & Pub</span>
</a>
<div class="adr">
<div class="street-address">112 Sw 2nd Ave</div>
<span class="locality">Portland</span>
, <span class="region">OR</span>
<span class="postal-code">97204</span>
<div class='country-name'>US<div>
(<a href='https://maps.google.com/maps?q=112%20Sw%202nd%20Ave,%20Portland%20OR%2097204%20US'>map</a>)
</div>
</div>
<div class="description">
<p><b>NOTE THE LAST MINUTE VENUE CHANGE!</b></p>
<p>This is a planning meeting for the Portland OWASP chapter. Please join us if you are interested in helping us plan and organize the activities of the chapter for the next year.</p>
<p><b>Please RSVP if you plan on showing up. Just shoot an email to</b></p>
<p>( tim DOT morgan AT owasp DOT org )</p>
<p>Some of the topics we expect to discuss at this meeting:</p>
<ul>
<li>Training day recap</li>
<li>Leadership roles and committments</li>
<li>Upcoming chapter meetings</li>
<li>YOUR ideas</li>
</ul>
<hr>
<p>The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list: <a href="https://lists.owasp.org/mailman/listinfo/owasp-portland">https://lists.owasp.org/mailman/listinfo/owasp-portland</a></p>
<p>Meetings are free and open to the public.</p>
</div>
<h3>Links</h3>
<ul>
<li><a class="url" href="https://www.owasp.org/index.php/Portland">Website</a></li>
</ul>
<div class="tags">
<h3>Tags</h3>
<p><a class="p-category" href="/events/tag/application security">application security</a>, <a class="p-category" href="/events/tag/owasp">owasp</a>, <a class="p-category" href="/events/tag/security">security</a>, <a class="p-category" href="/events/tag/web security">web security</a></p>
</div>
<div class='single_view_right'>
<a href='http://calagator.org/events/1250471425.ics'>Download to iCal</a>
<div id='edit_link'>
<p>You can <a href="http://calagator.org/events/1250471425/edit">edit this event</a>.</p>
</div>
<div id='metadata'>
This item was added directly to Calagator <br /><strong>Friday, February 3, 2017 at 2:58pm</strong>.
</div>
</div>
</div>
45.5216 -122.6722tag:calagator.org,2005:Calagator::Event/12504714612017-02-09T14:47:16-08:002017-03-14T14:08:06-07:00OWASP/AngularJS combined: Boosting the Security of Your Angular ApplicationMonday, March 27, 2017 from 6-7:30pm at Cambia Health Solutionshttp://calagator.org/events/12504714612017-03-27T18:00:00-07:002017-03-27T19:30:00-07:00<div class="vevent">
<h1 class="summary">OWASP/AngularJS combined: Boosting the Security of Your Angular Application</h1>
<div class='date'><time class="dtstart dt-start" title="2017-03-27T18:00:00" datetime="2017-03-27T18:00:00">Monday, March 27, 2017 from 6</time>–<time class="dtend dt-end" title="2017-03-27T19:30:00" datetime="2017-03-27T19:30:00">7:30pm</time></div>
<div class="location vcard">
<a href='/venues/202393986' class='url'>
<span class='fn org'>Cambia Health Solutions</span>
</a>
<div class="adr">
<div class="street-address">100 SW Market Street</div>
<span class="locality">Portland</span>
, <span class="region">OR</span>
<span class="postal-code">97201</span>
<div class='country-name'>us<div>
(<a href='https://maps.google.com/maps?q=100%20SW%20Market%20Street,%20Portland%20OR%2097201%20us'>map</a>)
</div>
</div>
<div class="description">
<p>This month PDX OWASP is joining forces with the local Angular JS meetup to feature:<br>
Philippe De Ryck, PhD<br>
Web Security Expert @ imec-DistriNet, KU Leuven</p>
<h1>Abstract</h1>
<p>Angular 2 is hot, and there is a huge amount of information available on building applications, improving performance, and various other topics. But do you know how to make your Angular 2 applications secure? What kind of security features does Angular 2 offer you, and which additional steps can you take to really boost the security of your applications?</p>
<p>In this session, we cover one of the biggest threats in modern web applications: untrusted JavaScript code. You will learn how Angular protects you against XSS, and why you shouldn't bypass this protection. We will also dive into new security mechanisms, such as Content Security Policy. Through a few examples, I will show you how you can use these mechanisms to enhance the security in your client-side context.</p>
<h1>Speaker</h1>
<p>Philippe De Ryck is a professional speaker and trainer on software security and web security. Since he obtained his PhD at the imec-DistriNet research group (KU Leuven, Belgium), he has been running the group's Web Security Training program, which ensures a sustainable knowledge transfer of the group’s security expertise towards practitioners.</p>
<p>You can find more about Philippe on <a href="https://www.websec.be">https://www.websec.be</a></p>
<hr>
<p>The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list: <a href="https://lists.owasp.org/mailman/listinfo/owasp-portland">https://lists.owasp.org/mailman/listinfo/owasp-portland</a></p>
<br>
<p>Meetings are free and open to the public.</p>
</div>
<h3>Links</h3>
<ul>
<li><a class="url" href="https://www.owasp.org/index.php/Portland">Website</a></li>
</ul>
<div class="tags">
<h3>Tags</h3>
<p><a class="p-category" href="/events/tag/angular"><img title="angular" alt="angular" src="/assets/tag_icons/angular-0adbfce59e44d005d132b6f4e6a4665e86f2035362378f7c0b413030572710f5.png" /> angular</a>, <a class="p-category" href="/events/tag/angularJS">angularJS</a>, <a class="p-category" href="/events/tag/javascript"><img title="javascript" alt="javascript" src="/assets/tag_icons/javascript-6abd4d1aeb784c814b3ef6ce94436f030aad9dfe0f5255ea43a181edc84c4c0c.png" /> javascript</a>, <a class="p-category" href="/events/tag/owasp">owasp</a>, <a class="p-category" href="/events/tag/security">security</a></p>
</div>
<div class='single_view_right'>
<a href='http://calagator.org/events/1250471461.ics'>Download to iCal</a>
<div id='edit_link'>
<p>You can <a href="http://calagator.org/events/1250471461/edit">edit this event</a>.</p>
</div>
<div id='metadata'>
This item was added directly to Calagator <br /><strong>Thursday, February 9, 2017 at 2:47pm</strong> and last updated <br /><strong>Tuesday, March 14, 2017 at 2:08pm</strong>.
</div>
</div>
</div>
45.5112 -122.6778tag:calagator.org,2005:Calagator::Event/12504714382017-02-06T14:39:08-08:002017-02-21T15:39:26-08:00OWASP: Software Composition -- the other 95% of your app's attack surfaceTuesday, April 25, 2017 from 6-7:30pm at New Relichttp://calagator.org/events/12504714382017-04-25T18:00:00-07:002017-04-25T19:30:00-07:00<div class="vevent">
<h1 class="summary">OWASP: Software Composition -- the other 95% of your app's attack surface</h1>
<div class='date'><time class="dtstart dt-start" title="2017-04-25T18:00:00" datetime="2017-04-25T18:00:00">Tuesday, April 25, 2017 from 6</time>–<time class="dtend dt-end" title="2017-04-25T19:30:00" datetime="2017-04-25T19:30:00">7:30pm</time></div>
<div class="location vcard">
<a href='/venues/202392091' class='url'>
<span class='fn org'>New Relic</span>
</a>
<div class="adr">
<div class="street-address">111 SW 5th Avenue, Suite 2700</div>
<span class="locality">Portland</span>
, <span class="region">Oregon</span>
<span class="postal-code">97204</span>
<div class='country-name'>United States<div>
(<a href='https://maps.google.com/maps?q=111%20SW%205th%20Avenue,%20Suite%202700,%20Portland%20Oregon%2097204%20United%20States'>map</a>)
</div>
</div>
<div class="description">
<p><b>Abstract</b></p>
<p>Nobody really writes their own code any more, right? We go out to GitHub and download some libraries for our favorite language to do all the hard things for us. Then we download half a dozen front end frameworks to make it all pretty and responsive and we’re off to the races. In my review I’ve found that more than 90% of the code that makes up an app these days is something we borrowed, not wrote ourselves. Now most of us scan our own code for flaws with Static Analysis tools, but what about all the stuff we didn’t write? How do we know what’s actually in there? I’ll tell you how to find out and keep track of what’s in there, and how to avoid getting pwned because you let a nasty in the back door with that whiz-bang library that does the really cool thing you couldn’t live without.</p>
<p><b>Speaker</b></p>
<p>Jeremy Anderson<br>
Cambia Health Solutions<br></p>
<p>Jeremy Anderson is a Secure Software Architect and CSSLP, with experience developing software solutions for numerous fortune 500 companies for almost 20 years. In 2014 he had a run in with InfoSec that spurred him into action as an AppSec superhero where he’s worked for HP then Veracode. Since early 2016 he’s been working with Cambia Health Solutions, bootstrapping and scaling an Application Security program from the ground up supporting hundreds of developers for dozens of applications. He’s passionate about not just finding security defects, but training ninjas to destroy them.</p>
<hr>
<p>The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list: <a href="https://lists.owasp.org/mailman/listinfo/owasp-portland">https://lists.owasp.org/mailman/listinfo/owasp-portland</a></p>
<br>
<p>Meetings are free and open to the public.</p>
</div>
<h3>Links</h3>
<ul>
<li><a class="url" href="https://www.owasp.org/index.php/Portland">Website</a></li>
</ul>
<div class="tags">
<h3>Tags</h3>
<p><a class="p-category" href="/events/tag/owasp">owasp</a>, <a class="p-category" href="/events/tag/security">security</a></p>
</div>
<div class='single_view_right'>
<a href='http://calagator.org/events/1250471438.ics'>Download to iCal</a>
<div id='edit_link'>
<p>You can <a href="http://calagator.org/events/1250471438/edit">edit this event</a>.</p>
</div>
<div id='metadata'>
This item was added directly to Calagator <br /><strong>Monday, February 6, 2017 at 2:39pm</strong> and last updated <br /><strong>Tuesday, February 21, 2017 at 3:39pm</strong>.
</div>
</div>
</div>
45.5225 -122.676tag:calagator.org,2005:Calagator::Event/12504719082017-05-11T22:50:55-07:002017-05-14T13:17:57-07:00OWASP: What the experts say about Web Application Security - A Panel DiscussionMonday, May 22, 2017 from 6-8pm at Jama Software (New Office)http://calagator.org/events/12504719082017-05-22T18:00:00-07:002017-05-22T20:00:00-07:00<div class="vevent">
<h1 class="summary">OWASP: What the experts say about Web Application Security - A Panel Discussion</h1>
<div class='date'><time class="dtstart dt-start" title="2017-05-22T18:00:00" datetime="2017-05-22T18:00:00">Monday, May 22, 2017 from 6</time>–<time class="dtend dt-end" title="2017-05-22T20:00:00" datetime="2017-05-22T20:00:00">8pm</time></div>
<div class="location vcard">
<a href='/venues/202394847' class='url'>
<span class='fn org'>Jama Software (New Office)</span>
</a>
<div class="adr">
<div class="street-address">135 SW Taylor Suite 200</div>
<span class="locality">Portland</span>
, <span class="region">Oregon</span>
<span class="postal-code">97204</span>
<div class='country-name'>United States<div>
(<a href='https://maps.google.com/maps?q=135%20SW%20Taylor%20Suite%20200,%20Portland%20Oregon%2097204%20United%20States'>map</a>)
</div>
</div>
<div class="description">
<p>We are often encountered with making non-trivial decisions about Appsec. Participate in an exciting open discussion with the experts on the following (and more) aspects of Appsec:</p>
<ul>
<li>Challenges in establishing a Secure SDLC</li>
<li>Growing pains with increased need for security</li>
<li>Critical things to focus on for an effective security/Appsec program</li>
<li>Effectiveness and use of developer training on Appsec</li>
<li>Relevance of OWASP top 10 in today's security landscape?</li>
</ul>
<p>Bring your burning questions to ask the panel and take this opportunity to share your experiences with others.</p>
<p>Panel Member's Bio:</p>
<p>Brian Ventura – Security Architect at the City Of Portland focused on Information Security program management, Brian also is a SANS Instructor and ISSA education director.</p>
<p>Ian Melven - Ian has worked in the security field for over 15 years in various roles at companies such as @stake, McAfee, Adobe and Mozilla. He currently leads product security at New Relic.</p>
<p>James Bohem - James is the Chief Security Architect at WebMD Health Services in Portland, OR. For the last 16 years he has held Information Security architect and consulting positions, with experience in application security, architecture and compliance strategy across healthcare, technology, retail, financial and manufacturing industries. Before focusing on security, he was a software developer and architect on the UNIX kernel, microkernels, distributed applications and standards development.</p>
<p>Eric Jernigan – Eric is the IT Security Manager at Genesis Financial Solutions and has broad security experience in financial industry.</p>
<p>The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list: <a href="https://lists.owasp.org/mailman/listinfo/owasp-portland">https://lists.owasp.org/mailman/listinfo/owasp-portland</a></p>
<p>Meetings are free and open to the public.</p>
</div>
<h3>Links</h3>
<ul>
<li><a class="url" href="https://www.owasp.org/index.php/Portland">Website</a></li>
</ul>
<div class="tags">
<h3>Tags</h3>
<p><a class="p-category" href="/events/tag/owasp">owasp</a>, <a class="p-category" href="/events/tag/security">security</a></p>
</div>
<div class='single_view_right'>
<a href='http://calagator.org/events/1250471908.ics'>Download to iCal</a>
<div id='edit_link'>
<p>You can <a href="http://calagator.org/events/1250471908/edit">edit this event</a>.</p>
</div>
<div id='metadata'>
This item was added directly to Calagator <br /><strong>Thursday, May 11, 2017 at 10:50pm</strong> and last updated <br /><strong>Sunday, May 14, 2017 at 1:17pm</strong>.
</div>
</div>
</div>
45.5166 -122.6749tag:calagator.org,2005:Calagator::Event/12504719562017-05-22T09:00:32-07:002017-05-22T09:00:32-07:00OWASP: Cheating a Hacking Game for Fun and ProfitMonday, June 19, 2017 from 6-8pm at WebMDhttp://calagator.org/events/12504719562017-06-19T18:00:00-07:002017-06-19T20:00:00-07:00<div class="vevent">
<h1 class="summary">OWASP: Cheating a Hacking Game for Fun and Profit</h1>
<div class='date'><time class="dtstart dt-start" title="2017-06-19T18:00:00" datetime="2017-06-19T18:00:00">Monday, June 19, 2017 from 6</time>–<time class="dtend dt-end" title="2017-06-19T20:00:00" datetime="2017-06-19T20:00:00">8pm</time></div>
<div class="location vcard">
<a href='/venues/202395261' class='url'>
<span class='fn org'>WebMD</span>
</a>
<div class="adr">
<div class="street-address">2701 Northwest Vaughn Street</div>
<span class="locality">Portland</span>
, <span class="region">OR</span>
<span class="postal-code">97210</span>
<div class='country-name'>US<div>
(<a href='https://maps.google.com/maps?q=2701%20Northwest%20Vaughn%20Street,%20Portland%20OR%2097210%20US'>map</a>)
</div>
</div>
<div class="description">
<p><b>Abstract</b></p>
<p>All modern software, but the most trivial one, relies on common libraries to perform routine work. Your software may be bastion of security, exhaustively tested and evaluated, but once a vulnerability is discovered in a library you depend on, all bets are off. These large and pervasive vulnerabilities quickly become popular targets, exploited by everybody from script kiddies, to professional hackers, to state actors. It is no surprise that the use of vulnerable libraries is included in the OWASP Top 10 list. The Australian Signals Directorate (ASD) lists patching operating systems and applications as two of their top four strategies to mitigate security incidents!</p>
<p>During a recent hacking game, we've identified and exploited a vulnerability not anticipated by the developers. One little crack in a widely used library gave us the footing we needed to construct an attack chain of remote code execution, file upload, data exfil, source code disassembly, and branching into a private network, all despite extremely high level of hardening on the target from unintended attacks. We'll share with you how a safe and fun library exploitation can be in the confines of a hacking game, and how there are serious implications for your corporate applications where the stakes are much higher.</p>
<p><b>Speakers:</b></p>
<p><b>Alexei Kojenov</b> is a Senior Application Security Engineer with years of prior software development experience. During his career with IBM, he gradually moved from writing code to breaking code. Since late 2016, Alexei has been working as a consultant at Aspect Security, helping businesses identify and fix vulnerabilities and design secure applications.</p>
<p><b>Alex Ivkin</b> is a senior security architect with experience in a broad array of computer security domains, focusing on Identity and Access Governance (IAG/IAM), Application Security, Security Information and Event management (SIEM), Governance, Risk and Compliance (GRC).
Throughout his consulting career Alex has worked with large and small organizations to help drive security initiatives and deploy various types of enterprise-class identity management and application security systems. Alex is an established and recognized security expert, a speaker at various industry conferences, holds numerous security certifications, including CISSP and CISM, two bachelor’s degrees and a master’s degree in computer science with a minor in psychology.
</p>
</div>
<h3>Links</h3>
<ul>
<li><a class="url" href="https://www.owasp.org/index.php/Portland">Website</a></li>
</ul>
<div class="tags">
<h3>Tags</h3>
<p><a class="p-category" href="/events/tag/owasp">owasp</a>, <a class="p-category" href="/events/tag/security">security</a></p>
</div>
<div class='single_view_right'>
<a href='http://calagator.org/events/1250471956.ics'>Download to iCal</a>
<div id='edit_link'>
<p>You can <a href="http://calagator.org/events/1250471956/edit">edit this event</a>.</p>
</div>
<div id='metadata'>
This item was added directly to Calagator <br /><strong>Monday, May 22, 2017 at 9am</strong>.
</div>
</div>
</div>
45.5375 -122.7078tag:calagator.org,2005:Calagator::Event/12504721422017-06-29T09:48:06-07:002017-07-06T09:16:05-07:00OWASP: How Billion Dollar Enterprises Manage Application Security at ScaleTuesday, July 25, 2017 from 6-8pm at New Relichttp://calagator.org/events/12504721422017-07-25T18:00:00-07:002017-07-25T20:00:00-07:00<div class="vevent">
<h1 class="summary">OWASP: How Billion Dollar Enterprises Manage Application Security at Scale</h1>
<div class='date'><time class="dtstart dt-start" title="2017-07-25T18:00:00" datetime="2017-07-25T18:00:00">Tuesday, July 25, 2017 from 6</time>–<time class="dtend dt-end" title="2017-07-25T20:00:00" datetime="2017-07-25T20:00:00">8pm</time></div>
<div class="location vcard">
<a href='/venues/202392091' class='url'>
<span class='fn org'>New Relic</span>
</a>
<div class="adr">
<div class="street-address">111 SW 5th Avenue, Suite 2700</div>
<span class="locality">Portland</span>
, <span class="region">Oregon</span>
<span class="postal-code">97204</span>
<div class='country-name'>United States<div>
(<a href='https://maps.google.com/maps?q=111%20SW%205th%20Avenue,%20Suite%202700,%20Portland%20Oregon%2097204%20United%20States'>map</a>)
</div>
</div>
<div class="description">
<p><b>Abstract: </b>Security Compass recently completed a research study by surveying companies across multiple industries with the goal of discovering how large, complex organizations address application security at scale. The majority of respondents surveyed were multinational organizations who reported annual earnings greater than $1 billion USD. Through this new research study, we have gleamed novel insights on how large organizations manage application security at scale. Through this presentation, we will reveal aggregated insights, industry trends, and best practices that illuminate how organizations are addressing application security at scale, so that you may apply and compare these learnings to the state of application security at your own organization.</p>
<p><b>Speaker: Rohit Sethi - Chief Operating Officer, Security Compass </b></p>
<p>Rohit Sethi joined Security Compass as the second full-time employee. As COO, Rohit is responsible for setting and achieving corporate objectives, company alignment and driving strategy to execution. Previous to this role, he managed the SD Elements team. Rohit specializes in building security into software, working with several large companies in different organizations. Rohit has appeared as a security expert on television outlets as such as Bloomberg, CNBC, FoxNews, and several others. He has also spoken at numerous industry conferences and/or written articles on major websites such as CNN.com, the Huffington Post and InfoQ.</p>
</div>
<h3>Links</h3>
<ul>
<li><a class="url" href="https://www.owasp.org/index.php/Portland">Website</a></li>
</ul>
<div class="tags">
<h3>Tags</h3>
<p><a class="p-category" href="/events/tag/owasp">owasp</a>, <a class="p-category" href="/events/tag/security">security</a></p>
</div>
<div class='single_view_right'>
<a href='http://calagator.org/events/1250472142.ics'>Download to iCal</a>
<div id='edit_link'>
<p>You can <a href="http://calagator.org/events/1250472142/edit">edit this event</a>.</p>
</div>
<div id='metadata'>
This item was added directly to Calagator <br /><strong>Thursday, June 29, 2017 at 9:48am</strong> and last updated <br /><strong>Thursday, July 6, 2017 at 9:16am</strong>.
</div>
</div>
</div>
45.5225 -122.676tag:calagator.org,2005:Calagator::Event/12504724632017-09-06T11:40:48-07:002017-09-07T10:15:02-07:00OWASP: Crypto 101 - Part 1Monday, September 18, 2017 from 6-8pm at New Relichttp://calagator.org/events/12504724632017-09-18T18:00:00-07:002017-09-18T20:00:00-07:00<div class="vevent">
<h1 class="summary">OWASP: Crypto 101 - Part 1</h1>
<div class='date'><time class="dtstart dt-start" title="2017-09-18T18:00:00" datetime="2017-09-18T18:00:00">Monday, September 18, 2017 from 6</time>–<time class="dtend dt-end" title="2017-09-18T20:00:00" datetime="2017-09-18T20:00:00">8pm</time></div>
<div class="location vcard">
<a href='/venues/202395692' class='url'>
<span class='fn org'>New Relic</span>
</a>
<div class="adr">
<div class="street-address">111 SW 5th Avenue, Suite 500</div>
<span class="locality">Portland</span>
, <span class="region">OR</span>
<span class="postal-code">97204</span>
<div class='country-name'>USA<div>
(<a href='https://maps.google.com/maps?q=111%20SW%205th%20Avenue,%20Suite%20500,%20Portland%20OR%2097204%20USA'>map</a>)
</div>
</div>
<div class="description">
<p>The media keeps talking about this Cryptography thing. Information Security teams pressure internal operations and development, as well as, vendors to support encrypted data and transport.How can we responsibly implement cryptography in our projects?</p>
<p>In the first of a 2-part series, we will discuss major types of encryption, including symmetric, asymmetric and hashing. We will cover the simple principles behind symmetric encryption, then lightly touch modern asymmetric functions, without the math! We will also cover certificate usage.</p>
<p>After our talk, you will understand the difference between AES, RSA and SHA. You will also understand how the web uses encryption and certificates to keep our transactions secure.</p>
<p>The second part of the series presented by Tim Morgan, will focus on, SSL/TLS's PKI, certificate validation, how basic crypto goes wrong (lacking integrity protection, padding oracle attacks, weak password hashes, etc), and explore what <em>safe</em> cryptographic libraries are out there and how to use them.</p>
<p>SPEAKER: Brian Ventura</p>
<p>Brian is a SANS Instructor and works locally for the City of Portland as an Information Security Architect. Brian co-teaches a PCC course this fall, focused on preparing for the CISSP certification.</p>
</div>
<h3>Links</h3>
<ul>
<li><a class="url" href="https://www.owasp.org/index.php/Portland">Website</a></li>
</ul>
<div class="tags">
<h3>Tags</h3>
<p><a class="p-category" href="/events/tag/owasp">owasp</a>, <a class="p-category" href="/events/tag/security">security</a></p>
</div>
<div class='single_view_right'>
<a href='http://calagator.org/events/1250472463.ics'>Download to iCal</a>
<div id='edit_link'>
<p>You can <a href="http://calagator.org/events/1250472463/edit">edit this event</a>.</p>
</div>
<div id='metadata'>
This item was added directly to Calagator <br /><strong>Wednesday, September 6, 2017 at 11:40am</strong> and last updated <br /><strong>Thursday, September 7, 2017 at 10:15am</strong>.
</div>
</div>
</div>
45.5222 -122.6763tag:calagator.org,2005:Calagator::Event/12504726672017-10-12T10:08:58-07:002017-10-18T10:34:14-07:00Portland Java User Group (PJUG)Tuesday, October 17, 2017 from 7-8pm at New Relichttp://calagator.org/events/12504726672017-10-17T19:00:00-07:002017-10-17T20:00:00-07:00<div class="vevent">
<h1 class="summary">Portland Java User Group (PJUG)</h1>
<div class='date'><time class="dtstart dt-start" title="2017-10-17T19:00:00" datetime="2017-10-17T19:00:00">Tuesday, October 17, 2017 from 7</time>–<time class="dtend dt-end" title="2017-10-17T20:00:00" datetime="2017-10-17T20:00:00">8pm</time></div>
<div class="location vcard">
<a href='/venues/202392091' class='url'>
<span class='fn org'>New Relic</span>
</a>
<div class="adr">
<div class="street-address">111 SW 5th Avenue, Suite 2700</div>
<span class="locality">Portland</span>
, <span class="region">Oregon</span>
<span class="postal-code">97204</span>
<div class='country-name'>United States<div>
(<a href='https://maps.google.com/maps?q=111%20SW%205th%20Avenue,%20Suite%202700,%20Portland%20Oregon%2097204%20United%20States'>map</a>)
</div>
</div>
<div class="description">
<p>Agenda:</p>
<ul>
<li>Discuss how we're planning to help PJUG appeal to a broader more diverse audience.</li>
<li>Chris Hansen will present his take-aways from JavaOne last month.</li>
<li>Sean Sullivan from gilt.com will present on web application security and Apache Struts.</li>
</ul>
<p>Abstract:</p>
<p>In September 2017, Equifax announced a major security breach. The breach may have exposed sensitive data for over 100 million US consumers. The breach was due, in part, to a vulnerability in an older release of Apache Struts 2.x</p>
<p>This talk will examine the vulnerabilities from the Apache Struts framework. We will review the underlying Java code and discuss the fixes that were applied by the Apache Struts team.</p>
<p>Presenter:</p>
<p>Sean Sullivan is a Principal Software Engineer at HBC Digital. Sean has been a member of the HBC/Gilt team since 2011.</p>
<p>Slides:
<a href="https://speakerdeck.com/sullis/apache-struts-and-the-equifax-data-breach">https://speakerdeck.com/sullis/apache-struts-and-the-equifax-data-breach</a></p>
</div>
<h3>Links</h3>
<ul>
<li><a class="url" href="https://www.meetup.com/PDXJUG/events/244104845/">Website</a></li>
</ul>
<div class="tags">
<h3>Tags</h3>
<p><a class="p-category" href="/events/tag/Equifax">Equifax</a>, <a class="p-category" href="/events/tag/java">java</a>, <a class="p-category" href="/events/tag/jvm">jvm</a>, <a class="p-category" href="/events/tag/newrelic">newrelic</a>, <a class="p-category" href="/events/tag/opensource">opensource</a>, <a class="p-category" href="/events/tag/owasp">owasp</a>, <a class="p-category" href="/events/tag/portland">portland</a>, <a class="p-category" href="/events/tag/security">security</a></p>
</div>
<div class='single_view_right'>
<a href='http://calagator.org/events/1250472667.ics'>Download to iCal</a>
<div id='edit_link'>
<p>You can <a href="http://calagator.org/events/1250472667/edit">edit this event</a>.</p>
</div>
<div id='metadata'>
This item was added directly to Calagator <br /><strong>Thursday, October 12, 2017 at 10:08am</strong> and last updated <br /><strong>Wednesday, October 18, 2017 at 10:34am</strong>.
</div>
</div>
</div>
45.5225 -122.676tag:calagator.org,2005:Calagator::Event/12504727582017-11-01T09:52:44-07:002017-11-02T15:11:53-07:00OWASP: Cryptography 101/Part 2 - When Good Crypto Goes BadTuesday, November 14, 2017 from 6-8pm at Jama Software (New Office)http://calagator.org/events/12504727582017-11-14T18:00:00-08:002017-11-14T20:00:00-08:00<div class="vevent">
<h1 class="summary">OWASP: Cryptography 101/Part 2 - When Good Crypto Goes Bad</h1>
<div class='date'><time class="dtstart dt-start" title="2017-11-14T18:00:00" datetime="2017-11-14T18:00:00">Tuesday, November 14, 2017 from 6</time>–<time class="dtend dt-end" title="2017-11-14T20:00:00" datetime="2017-11-14T20:00:00">8pm</time></div>
<div class="location vcard">
<a href='/venues/202394847' class='url'>
<span class='fn org'>Jama Software (New Office)</span>
</a>
<div class="adr">
<div class="street-address">135 SW Taylor Suite 200</div>
<span class="locality">Portland</span>
, <span class="region">Oregon</span>
<span class="postal-code">97204</span>
<div class='country-name'>United States<div>
(<a href='https://maps.google.com/maps?q=135%20SW%20Taylor%20Suite%20200,%20Portland%20Oregon%2097204%20United%20States'>map</a>)
</div>
</div>
<div class="description">
<p><b>Abstract</b></p>
<p>A well known security expert and cryptographer, Thomas H. Ptáček, once said:</p>
<p> "<i>If You're Typing the Letters A-E-S Into Your Code You're Doing It Wrong</i>".</p>
<p>Wait, what?!? Doesn't everyone use AES? Of course we do. Is AES broken? Nope. In this developer-oriented talk I'll explore the kinds of mistakes programmers commonly make when implementing cryptosystems; just how easily these problems can be exploited in the real world; and what Thomas meant by his statement.</p>
<p><b>Speaker's Bio</b></p>
<p>Tim taught himself how to write software at the age of twelve and has been a die-hard technologist ever since. After earning his computer science degrees (B.S., Harvey Mudd College and M.S., Northeastern University), Tim spent 8 years helping build a Boston-based information security consulting practice that was recently acquired. In 2014, Tim founded Blindspot Security where he has continued his work as a security consultant, helping his customers understand how digital intruders can gain access to their critical business assets through network, application, and comprehensive security assessments.</p>
</div>
<h3>Links</h3>
<ul>
<li><a class="url" href="https://www.owasp.org/index.php/Portland">Website</a></li>
</ul>
<div class="tags">
<h3>Tags</h3>
<p><a class="p-category" href="/events/tag/owasp">owasp</a>, <a class="p-category" href="/events/tag/security">security</a></p>
</div>
<div class='single_view_right'>
<a href='http://calagator.org/events/1250472758.ics'>Download to iCal</a>
<div id='edit_link'>
<p>You can <a href="http://calagator.org/events/1250472758/edit">edit this event</a>.</p>
</div>
<div id='metadata'>
This item was added directly to Calagator <br /><strong>Wednesday, November 1, 2017 at 9:52am</strong> and last updated <br /><strong>Thursday, November 2, 2017 at 3:11pm</strong>.
</div>
</div>
</div>
45.5166 -122.6749tag:calagator.org,2005:Calagator::Event/12504731102018-01-11T12:17:02-08:002018-01-11T12:58:32-08:00OWASP: AppSec Testing Beyond Pen TestTuesday, January 23, 2018 from 6-8pm at Jama Software (New Office)http://calagator.org/events/12504731102018-01-23T18:00:00-08:002018-01-23T20:00:00-08:00<div class="vevent">
<h1 class="summary">OWASP: AppSec Testing Beyond Pen Test</h1>
<div class='date'><time class="dtstart dt-start" title="2018-01-23T18:00:00" datetime="2018-01-23T18:00:00">Tuesday, January 23, 2018 from 6</time>–<time class="dtend dt-end" title="2018-01-23T20:00:00" datetime="2018-01-23T20:00:00">8pm</time></div>
<div class="location vcard">
<a href='/venues/202394847' class='url'>
<span class='fn org'>Jama Software (New Office)</span>
</a>
<div class="adr">
<div class="street-address">135 SW Taylor Suite 200</div>
<span class="locality">Portland</span>
, <span class="region">Oregon</span>
<span class="postal-code">97204</span>
<div class='country-name'>United States<div>
(<a href='https://maps.google.com/maps?q=135%20SW%20Taylor%20Suite%20200,%20Portland%20Oregon%2097204%20United%20States'>map</a>)
</div>
</div>
<div class="description">
<p><b>Abstract:</b>
Most web application security testing efforts are concentrated around penetration testing which is an art based on a hacker’s psyche, thought process, and determination to exploit vulnerabilities. But, does it yield a high level of confidence and sense of security in a developer’s mind? The answer is a “maybe” especially when the bad guy is obsessed with figuring out new exploits to hack your application. The web application developers have to think about intrinsic security - that is, building security throughout the SDLC. We build applications based upon well-formed customer requirements. Why should we not, then, build our applications based upon the fundamental principles of security and then harden security from the hacker’s perspective?</p>
<p><b>Bio:</b>
Principal consultant at Gupta Consulting LLC., Bhushan Gupta is passionate about development methods and tools that yield more secure web applications especially in the agile software development environment. As a researcher he has keen interest in understanding and applying fundamental principles and known methodologies to develop dependable and secure software solutions. His interests extend to Social Engineering and Attack Surface Analysis. Bhushan worked at Hewlett-Packard for 13 years in various roles including software quality lead, engineer, software process architect, and software productivity manager. He then developed a strong interest in web application security while working as a quality engineer for Nike Inc. Bhushan has been studying various facets of web application security and promoting how to apply common sense approach to build secure solutions. He is a certified Six Sigma Black Belt (HP and ASQ) and an adjunct faculty member at the Oregon Institute of Technology in Software Engineering. To learn more about Bhushan’s contributions to SDLC, visit <a href="http://www.bgupta.com">www.bgupta.com</a></p>
</div>
<h3>Links</h3>
<ul>
<li><a class="url" href="https://www.owasp.org/index.php/Portland">Website</a></li>
</ul>
<div class="tags">
<h3>Tags</h3>
<p><a class="p-category" href="/events/tag/AppSec">AppSec</a>, <a class="p-category" href="/events/tag/owasp">owasp</a>, <a class="p-category" href="/events/tag/security">security</a></p>
</div>
<div class='single_view_right'>
<a href='http://calagator.org/events/1250473110.ics'>Download to iCal</a>
<div id='edit_link'>
<p>You can <a href="http://calagator.org/events/1250473110/edit">edit this event</a>.</p>
</div>
<div id='metadata'>
This item was added directly to Calagator <br /><strong>Thursday, January 11, 2018 at 12:17pm</strong> and last updated <br /><strong>Thursday, January 11, 2018 at 12:58pm</strong>.
</div>
</div>
</div>
45.5166 -122.6749tag:calagator.org,2005:Calagator::Event/12504732452018-02-07T07:57:59-08:002018-02-07T07:57:59-08:00OWASP February Chapter Meeting : Jon Bottarini on Bug Bounties Monday, February 26, 2018 from 6-8pm at Jive Softwarehttp://calagator.org/events/12504732452018-02-26T18:00:00-08:002018-02-26T20:00:00-08:00<div class="vevent">
<h1 class="summary">OWASP February Chapter Meeting : Jon Bottarini on Bug Bounties </h1>
<div class='date'><time class="dtstart dt-start" title="2018-02-26T18:00:00" datetime="2018-02-26T18:00:00">Monday, February 26, 2018 from 6</time>–<time class="dtend dt-end" title="2018-02-26T20:00:00" datetime="2018-02-26T20:00:00">8pm</time></div>
<div class="location vcard">
<a href='/venues/202391809' class='url'>
<span class='fn org'>Jive Software</span>
</a>
<div class="adr">
<div class="street-address">915 SW Stark St., Suite 400</div>
<span class="locality">Portland</span>
, <span class="region">Oregon</span>
<span class="postal-code">97205</span>
<div class='country-name'>United States<div>
(<a href='https://maps.google.com/maps?q=915%20SW%20Stark%20St.,%20Suite%20400,%20Portland%20Oregon%2097205%20United%20States'>map</a>)
</div>
</div>
<div class="description">
<p>Jon Bottarini will be presenting on bug bounties (from both a hacker and a program perspective), common mistakes in the software development lifecycle that make it easier to find bugs, and what developers can do to understand their full attack surface.</p>
<p>Bio:</p>
<p>Jon Bottarini is a Technical Program Manager at HackerOne, where he is responsible for managing the bug bounty programs for the US Department of Defense and other companies looking to leverage talent from hacker-powered security. In his free time he is also a hacker and bug bounty hunter who has reported vulnerabilities to worldwide brands and organizations such as New Relic, Apple, Google, the US Department of Defense, and many more.</p>
<p>Twitter: <a href="https://www.twitter.com/jon_bottarini">https://www.twitter.com/jon_bottarini</a><br>
LinkedIn: <a href="http://www.linkedin.com/in/jonbottarini">http://www.linkedin.com/in/jonbottarini</a></p>
</div>
<h3>Links</h3>
<ul>
<li><a class="url" href="https://www.owasp.org/index.php/Portland">Website</a></li>
</ul>
<div class="tags">
<h3>Tags</h3>
<p><a class="p-category" href="/events/tag/AppSec">AppSec</a>, <a class="p-category" href="/events/tag/owasp">owasp</a>, <a class="p-category" href="/events/tag/security">security</a></p>
</div>
<div class='single_view_right'>
<a href='http://calagator.org/events/1250473245.ics'>Download to iCal</a>
<div id='edit_link'>
<p>You can <a href="http://calagator.org/events/1250473245/edit">edit this event</a>.</p>
</div>
<div id='metadata'>
This item was added directly to Calagator <br /><strong>Wednesday, February 7, 2018 at 7:57am</strong>.
</div>
</div>
</div>
45.5218 -122.68tag:calagator.org,2005:Calagator::Event/12504733662018-03-02T09:26:44-08:002018-03-02T09:26:44-08:00Portland OWASP - Container Security presentation by Deron JensenThursday, March 8, 2018 from 6-8pm at New Relichttp://calagator.org/events/12504733662018-03-08T18:00:00-08:002018-03-08T20:00:00-08:00<div class="vevent">
<h1 class="summary">Portland OWASP - Container Security presentation by Deron Jensen</h1>
<div class='date'><time class="dtstart dt-start" title="2018-03-08T18:00:00" datetime="2018-03-08T18:00:00">Thursday, March 8, 2018 from 6</time>–<time class="dtend dt-end" title="2018-03-08T20:00:00" datetime="2018-03-08T20:00:00">8pm</time></div>
<div class="location vcard">
<a href='/venues/202392091' class='url'>
<span class='fn org'>New Relic</span>
</a>
<div class="adr">
<div class="street-address">111 SW 5th Avenue, Suite 2700</div>
<span class="locality">Portland</span>
, <span class="region">Oregon</span>
<span class="postal-code">97204</span>
<div class='country-name'>United States<div>
(<a href='https://maps.google.com/maps?q=111%20SW%205th%20Avenue,%20Suite%202700,%20Portland%20Oregon%2097204%20United%20States'>map</a>)
</div>
</div>
<div class="description">
<p>Deron Jensen, manager of the Product Security team at New Relic, will speak about container security!</p>
<p>This presentation will show how the Linux kernel and container technologies can isolate and control the processes to provide a secure, isolated compute system. Docker or other technologies can be used to manage capabilities and securely deploy containers. This will demonstrate vulnerabilities unique to containers, and techniques to break out of vulnerable containers. We will show examples of deploying microservices securely with containers and areas that need further research to allow other applications to run securely in a private or public cloud.</p>
</div>
<div class="tags">
<h3>Tags</h3>
<p><a class="p-category" href="/events/tag/owasp">owasp</a>, <a class="p-category" href="/events/tag/security">security</a></p>
</div>
<div class='single_view_right'>
<a href='http://calagator.org/events/1250473366.ics'>Download to iCal</a>
<div id='edit_link'>
<p>You can <a href="http://calagator.org/events/1250473366/edit">edit this event</a>.</p>
</div>
<div id='metadata'>
This item was added directly to Calagator <br /><strong>Friday, March 2, 2018 at 9:26am</strong>.
</div>
</div>
</div>
45.5225 -122.676tag:calagator.org,2005:Calagator::Event/12504733602018-03-01T08:22:23-08:002018-03-06T16:32:31-08:00OWASP Chapter Meeting: Alexei Kojenov on Deserialization AttacksMonday, April 16, 2018 from 6-7:30pm at Cambia Health Solutionshttp://calagator.org/events/12504733602018-04-16T18:00:00-07:002018-04-16T19:30:00-07:00<div class="vevent">
<h1 class="summary">OWASP Chapter Meeting: Alexei Kojenov on Deserialization Attacks</h1>
<div class='date'><time class="dtstart dt-start" title="2018-04-16T18:00:00" datetime="2018-04-16T18:00:00">Monday, April 16, 2018 from 6</time>–<time class="dtend dt-end" title="2018-04-16T19:30:00" datetime="2018-04-16T19:30:00">7:30pm</time></div>
<div class="location vcard">
<a href='/venues/202393986' class='url'>
<span class='fn org'>Cambia Health Solutions</span>
</a>
<div class="adr">
<div class="street-address">100 SW Market Street</div>
<span class="locality">Portland</span>
, <span class="region">OR</span>
<span class="postal-code">97201</span>
<div class='country-name'>us<div>
(<a href='https://maps.google.com/maps?q=100%20SW%20Market%20Street,%20Portland%20OR%2097201%20us'>map</a>)
</div>
</div>
<div class="description">
<h1>Overview</h1>
<p>Insecure deserialization was recently added to OWASP's list of the top 10 most critical web application security risks, yet it is by no means a new vulnerability category. Data serialization and deserialization have been used widely in applications, services and frameworks, with many programming languages supporting them natively. Deserialization got more attention recently as a potential vehicle to conduct several types of attacks: data tampering, authentication bypass, privilege escalation, various injections and, finally, remote code execution. Two recent vulnerabilities in Apache Commons and Apache Struts, both allowing remote code execution, helped raise awareness of this risk.</p>
<p>We will discuss how data serialization and deserialization are used in software, the dangers of deserializing untrusted input, and how to avoid insecure deserialization vulnerabilities.</p>
<h1>Speaker</h1>
<p>Alexei Kojenov is a Senior Application Security Consultant with years of prior software development experience. During his career with IBM, he gradually moved from writing code to breaking code. Since late 2016, Alexei has been working as a consultant at Aspect Security, helping businesses identify and fix vulnerabilities and design secure applications. Aspect Security was recently acquired by Ernst&Young and joined EY Advisory cybersecurity practice.</p>
<br>
<hr>
<p>The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list: <a href="https://lists.owasp.org/mailman/listinfo/owasp-portland">https://lists.owasp.org/mailman/listinfo/owasp-portland</a></p>
<p>Meetings are free and open to the public.</p>
</div>
<h3>Links</h3>
<ul>
<li><a class="url" href="https://www.owasp.org/index.php/Portland">Website</a></li>
</ul>
<div class="tags">
<h3>Tags</h3>
<p><a class="p-category" href="/events/tag/deserialization">deserialization</a>, <a class="p-category" href="/events/tag/java">java</a>, <a class="p-category" href="/events/tag/owasp">owasp</a>, <a class="p-category" href="/events/tag/rce">rce</a>, <a class="p-category" href="/events/tag/remote code execution">remote code execution</a>, <a class="p-category" href="/events/tag/security">security</a></p>
</div>
<div class='single_view_right'>
<a href='http://calagator.org/events/1250473360.ics'>Download to iCal</a>
<div id='edit_link'>
<p>You can <a href="http://calagator.org/events/1250473360/edit">edit this event</a>.</p>
</div>
<div id='metadata'>
This item was added directly to Calagator <br /><strong>Thursday, March 1, 2018 at 8:22am</strong> and last updated <br /><strong>Tuesday, March 6, 2018 at 4:32pm</strong>.
</div>
</div>
</div>
45.5112 -122.6778tag:calagator.org,2005:Calagator::Event/12504736342018-04-22T19:16:53-07:002018-09-04T22:23:47-07:00SANS Community EventThursday, May 10, 2018 from 6:30-8:30pm at Portland City Grillhttp://calagator.org/events/12504736342018-05-10T18:30:00-07:002018-05-10T20:30:00-07:00<div class="vevent">
<h1 class="summary">SANS Community Event</h1>
<div class='date'><time class="dtstart dt-start" title="2018-05-10T18:30:00" datetime="2018-05-10T18:30:00">Thursday, May 10, 2018 from 6:30</time>–<time class="dtend dt-end" title="2018-05-10T20:30:00" datetime="2018-05-10T20:30:00">8:30pm</time></div>
<div class="location vcard">
<a href='/venues/202390414' class='url'>
<span class='fn org'>Portland City Grill</span>
</a>
<div class="adr">
<div class="street-address">111 SW 5th Ave #3000, Portland, OR 97204</div>
<span class="locality">Portland</span>
, <span class="region">Oregon</span>
<span class="postal-code">97204</span>
<div class='country-name'>US<div>
(<a href='https://maps.google.com/maps?q=111%20SW%205th%20Ave%20%233000,%20Portland,%20OR%2097204,%20Portland%20Oregon%2097204%20US'>map</a>)
</div>
</div>
<div class="description">
<p>Join SANS Instructors Brian Ventura and Derek Hill for an evening of conversation regarding Secure configurations - Built-in Security Enhancements and the benefit of the CISSP certification from a hiring manager perspective.</p>
<p>TOPICS
1. In the information security news, we regularly hear about the latest vulnerabilities with recommendations to scramble and patch immediately. This is an important aspect of our industry, however there are other security considerations. Are there configurations we can set now in our systems and software that will protect us? Let's explore secure configurations and see what we find.</p>
<ol>
<li>The Hiring Manager is looking at your resume – why does CISSP matter? While the CISSP is not the only thing we look at, it is a great starting point. What knowledge does the CISSP provide and how does one prepare for the exam?</li>
</ol>
<p>Who is Brian Ventura: Brian Ventura is an Information Security Architect by day and SANS instructor by night. Brian volunteers with the Portland ISSA and OWASP chapters, focusing on educational opportunities. For SANS, he regularly teaches CyberDefense courses like the CIS Controls, Risk Management, and Security Essentials. Brian has a Security Essentials (SEC401) course in Portland, June 18-23. Come join in the learning experience!</p>
<p>Who is Derek Hill? Derek Hill has over 25 years of experience in IT and Information Security. He currently manages an Application Security Team, an Infrastructure Security Team (Blue Team) and a Data Privacy Engineering team at HP Inc. in Vancouver, WA. His teams are responsible for ensuring that HP’s internally developed applications are secure as well as the AWS infrastructure that is hosting these applications. Prior to his current position, Derek held IT management and technical roles at both large and small companies. In each role, he has focused on delivering excellent services, uptime and security for all the projects/staff he managed.</p>
<p>Derek holds an MBA from Willamette University and an undergraduate degree in Management Information Systems from Oregon State University. He has various security credentials including a CISSP and multiple GIAC certifications.</p>
<p>DATE: Thursday, May 10, 2018</p>
<p>Registration: 6:30 PM</p>
<p>Presentation: 7 :00 PM - 8:30 PM</p>
<p>RSVP by sending a confirmation email to Shelley Wark-Martyn @ <a href="mailto:swmartyn@sans.org">swmartyn@sans.org</a></p>
<p>Appetizers and drinks will be served.</p>
<p>We look forward to having you join us.</p>
</div>
<h3>Links</h3>
<ul>
<li><a class="url" href="https://www.sans.org/">Website</a></li>
</ul>
<div class="tags">
<h3>Tags</h3>
<p><a class="p-category" href="/events/tag/ISACA">ISACA</a>, <a class="p-category" href="/events/tag/SANS">SANS</a>, <a class="p-category" href="/events/tag/information">information</a>, <a class="p-category" href="/events/tag/issa">issa</a>, <a class="p-category" href="/events/tag/owasp">owasp</a>, <a class="p-category" href="/events/tag/security">security</a></p>
</div>
<div class='single_view_right'>
<a href='http://calagator.org/events/1250473634.ics'>Download to iCal</a>
<div id='edit_link'>
<p>You can <a href="http://calagator.org/events/1250473634/edit">edit this event</a>.</p>
</div>
<div id='metadata'>
This item was added directly to Calagator <br /><strong>Sunday, April 22, 2018 at 7:16pm</strong> and last updated <br /><strong>Tuesday, September 4, 2018 at 10:23pm</strong>.
</div>
</div>
</div>
45.5225 -122.6755tag:calagator.org,2005:Calagator::Event/12504737282018-05-10T20:49:55-07:002018-05-15T21:23:52-07:00OWASP Chapter Meeting - Pen Testing: How to Get Bigger Bang for your BuckTuesday, May 22, 2018 from 6-7:30pm at Jama Software (New Office)http://calagator.org/events/12504737282018-05-22T18:00:00-07:002018-05-22T19:30:00-07:00<div class="vevent">
<h1 class="summary">OWASP Chapter Meeting - Pen Testing: How to Get Bigger Bang for your Buck</h1>
<div class='date'><time class="dtstart dt-start" title="2018-05-22T18:00:00" datetime="2018-05-22T18:00:00">Tuesday, May 22, 2018 from 6</time>–<time class="dtend dt-end" title="2018-05-22T19:30:00" datetime="2018-05-22T19:30:00">7:30pm</time></div>
<div class="location vcard">
<a href='/venues/202394847' class='url'>
<span class='fn org'>Jama Software (New Office)</span>
</a>
<div class="adr">
<div class="street-address">135 SW Taylor Suite 200</div>
<span class="locality">Portland</span>
, <span class="region">Oregon</span>
<span class="postal-code">97204</span>
<div class='country-name'>United States<div>
(<a href='https://maps.google.com/maps?q=135%20SW%20Taylor%20Suite%20200,%20Portland%20Oregon%2097204%20United%20States'>map</a>)
</div>
</div>
<div class="description">
<p>Panel Discussion - Join local industry practitioners as they discuss the best practices used in getting superior results from your Pen Testing. Also share your ideas on Dos and Dont's of Pen testing.</p>
<p>Moderator - Brian Ventura </p>
<p>Panelists - Alexie Kojenov, Ian Melven, Benny Zhao, and Scott Cutler </p>
<p></p>
<p>Alexei Kojenov is a Senior Application Security Consultant with years of prior software development experience. During his career with IBM, he gradually moved from writing code to breaking code. Since late 2016, Alexei has been working as a consultant at Aspect Security, helping businesses identify and fix vulnerabilities and design secure applications. Aspect Security was recently acquired by Ernst&Young and joined EY Advisory cybersecurity practice. </p>
<p> Ian Melven is Principal Security Engineer at New Relic. He has worked in security for almost 20 years, including roles at Mozilla, Adobe, McAfee and @stake. </p>
<p> Benny Zhao is a Security Engineer at Jive Software. His experience focuses on identifying code vulnerabilities and securing software by building tools to help automate security testing. </p>
<p> Scott Cutler has been interested in computer security since he was a kid, and started attending DefCon in 2004. He got his Computer Science degree from UC Irvine in 2009 while working for the on-campus residential network department for 4 years. After graduating he worked first as QA for a SAN NIC card manufacturer, then switched to essentially create their DevOps program from scratch. From these jobs he has gained a lot of experience with networking, build processes, Linux/Unix administration and scripting, and Python development. In 2012 Scott began working in the security field full time as a FIPS, Common Criteria, and PCI Open Protocol evaluator for InfoGard Laboratories (now UL Transaction Security). During this time he got his OSCP and a good understanding of federal security requirements, assessment processes, and documentation (ask him about NIST SPs!). In 2015 scott switched over to Aspect Security (now EY) to put his OSCP to good use and became a full-time application security engineer, doing pen-tests as well as developing both internal and external training.</p>
</div>
<h3>Links</h3>
<ul>
<li><a class="url" href="http://www.owasp.org">Website</a></li>
</ul>
<div class="tags">
<h3>Tags</h3>
<p><a class="p-category" href="/events/tag/OWASP Top Ten">OWASP Top Ten</a>, <a class="p-category" href="/events/tag/Pen Testing">Pen Testing</a>, <a class="p-category" href="/events/tag/owasp">owasp</a>, <a class="p-category" href="/events/tag/security">security</a></p>
</div>
<div class='single_view_right'>
<a href='http://calagator.org/events/1250473728.ics'>Download to iCal</a>
<div id='edit_link'>
<p>You can <a href="http://calagator.org/events/1250473728/edit">edit this event</a>.</p>
</div>
<div id='metadata'>
This item was added directly to Calagator <br /><strong>Thursday, May 10, 2018 at 8:49pm</strong> and last updated <br /><strong>Tuesday, May 15, 2018 at 9:23pm</strong>.
</div>
</div>
</div>
45.5166 -122.6749tag:calagator.org,2005:Calagator::Event/12504738192018-05-28T08:39:46-07:002018-06-12T13:46:43-07:00OWASP Portland Chapter Meeting - Machine Learning vs Cryptocoin MinersMonday, June 18, 2018 from 6-8pm at WebMDhttp://calagator.org/events/12504738192018-06-18T18:00:00-07:002018-06-18T20:00:00-07:00<div class="vevent">
<h1 class="summary">OWASP Portland Chapter Meeting - Machine Learning vs Cryptocoin Miners</h1>
<div class='date'><time class="dtstart dt-start" title="2018-06-18T18:00:00" datetime="2018-06-18T18:00:00">Monday, June 18, 2018 from 6</time>–<time class="dtend dt-end" title="2018-06-18T20:00:00" datetime="2018-06-18T20:00:00">8pm</time></div>
<div class="location vcard">
<a href='/venues/202395261' class='url'>
<span class='fn org'>WebMD</span>
</a>
<div class="adr">
<div class="street-address">2701 Northwest Vaughn Street</div>
<span class="locality">Portland</span>
, <span class="region">OR</span>
<span class="postal-code">97210</span>
<div class='country-name'>US<div>
(<a href='https://maps.google.com/maps?q=2701%20Northwest%20Vaughn%20Street,%20Portland%20OR%2097210%20US'>map</a>)
</div>
</div>
<div class="description">
<p><b>Machine Learning vs Cryptocoin Miners </b>
<b>Description:</b>
With the advent of cryptocurrencies as a prevalent economic entity, attackers have begun turning compromised boxes and environments into cash via cryptocoin mining. This has given rise for the opportunity to detect compromised environments by analyzing network traffic logs for evidence of cryptocoin miners. Specifically, I'll be reviewing various ML and statistical analysis techniques leveraged against VPC Flow Logs. This talk will not be a deep dive of the math involved but instead a general discussion of these techniques and why I chose them.</p>
<p><b>Speaker's Bio:</b>
Jonn Callahan is a principal appsec consultant at nVisium. Jonn was previously heavily involved in the OWASP DC and NoVA chapters. He has been working in appsec for half a decade now, initially within the DoD and now commercially with many high-visibility companies. Recently, Jonn has been digging into ML to find ways to bridge it and the security industry in an intelligent and usable fashion.
</p>
</div>
<h3>Links</h3>
<ul>
<li><a class="url" href="http://www.owasp.org">Website</a></li>
</ul>
<div class="tags">
<h3>Tags</h3>
<p><a class="p-category" href="/events/tag/cryptocurrency">cryptocurrency</a>, <a class="p-category" href="/events/tag/machine learning">machine learning</a>, <a class="p-category" href="/events/tag/owasp">owasp</a>, <a class="p-category" href="/events/tag/security">security</a></p>
</div>
<div class='single_view_right'>
<a href='http://calagator.org/events/1250473819.ics'>Download to iCal</a>
<div id='edit_link'>
<p>You can <a href="http://calagator.org/events/1250473819/edit">edit this event</a>.</p>
</div>
<div id='metadata'>
This item was added directly to Calagator <br /><strong>Monday, May 28, 2018 at 8:39am</strong> and last updated <br /><strong>Tuesday, June 12, 2018 at 1:46pm</strong>.
</div>
</div>
</div>
45.5375 -122.7078tag:calagator.org,2005:Calagator::Event/12504739362018-06-25T10:31:08-07:002018-06-25T10:33:38-07:00OWASP Portland Chapter Meeting - OAuth 2.0 SimplifiedMonday, July 16, 2018 from 6-8pm at NWEAhttp://calagator.org/events/12504739362018-07-16T18:00:00-07:002018-07-16T20:00:00-07:00<div class="vevent">
<h1 class="summary">OWASP Portland Chapter Meeting - OAuth 2.0 Simplified</h1>
<div class='date'><time class="dtstart dt-start" title="2018-07-16T18:00:00" datetime="2018-07-16T18:00:00">Monday, July 16, 2018 from 6</time>–<time class="dtend dt-end" title="2018-07-16T20:00:00" datetime="2018-07-16T20:00:00">8pm</time></div>
<div class="location vcard">
<a href='/venues/202393937' class='url'>
<span class='fn org'>NWEA</span>
</a>
<div class="adr">
<div class="street-address">121 Northwest Everett Street</div>
<span class="locality">Portland</span>
, <span class="region">OR</span>
<span class="postal-code">97209</span>
<div class='country-name'>US<div>
(<a href='https://maps.google.com/maps?q=121%20Northwest%20Everett%20Street,%20Portland%20OR%2097209%20US'>map</a>)
</div>
</div>
<div class="description">
<p>OAuth 2.0 Simplified: The OAuth 2.0 authorization framework has become the industry standard in providing secure access to web APIs. OAuth allows users to grant external applications access to their data, such as profile data, photos, and email, without compromising security. However, OAuth can be intimidating when first starting out. In this talk, Aaron Parecki will break down the various OAuth workflows and provide a simplified overview of the framework, highlighting a few typical use cases for web apps, mobile apps and browserless devices.</p>
<p>Speaker's Bio: Aaron Parecki is a developer advocate at Okta, and maintains oauth.net. He's the co-founder of IndieWebCamp, a yearly unconference focusing on data ownership and online identity, and is the editor of the W3C Webmention and Micropub specifications.</p>
</div>
<h3>Links</h3>
<ul>
<li><a class="url" href="https://www.owasp.org/index.php/Portland">Website</a></li>
</ul>
<div class="tags">
<h3>Tags</h3>
<p><a class="p-category" href="/events/tag/oauth">oauth</a>, <a class="p-category" href="/events/tag/owasp">owasp</a>, <a class="p-category" href="/events/tag/security">security</a></p>
</div>
<div class='single_view_right'>
<a href='http://calagator.org/events/1250473936.ics'>Download to iCal</a>
<div id='edit_link'>
<p>You can <a href="http://calagator.org/events/1250473936/edit">edit this event</a>.</p>
</div>
<div id='metadata'>
This item was added directly to Calagator <br /><strong>Monday, June 25, 2018 at 10:31am</strong> and last updated <br /><strong>Monday, June 25, 2018 at 10:33am</strong>.
</div>
</div>
</div>
45.5253 -122.6719tag:calagator.org,2005:Calagator::Event/12504740682018-07-31T11:03:30-07:002018-07-31T11:03:30-07:00OWASP Portland Chapter Meeting - Security Internships: Bringing up the next generation of hackersThursday, August 9, 2018 from 6-8pm at New Relichttp://calagator.org/events/12504740682018-08-09T18:00:00-07:002018-08-09T20:00:00-07:00<div class="vevent">
<h1 class="summary">OWASP Portland Chapter Meeting - Security Internships: Bringing up the next generation of hackers</h1>
<div class='date'><time class="dtstart dt-start" title="2018-08-09T18:00:00" datetime="2018-08-09T18:00:00">Thursday, August 9, 2018 from 6</time>–<time class="dtend dt-end" title="2018-08-09T20:00:00" datetime="2018-08-09T20:00:00">8pm</time></div>
<div class="location vcard">
<a href='/venues/202395636' class='url'>
<span class='fn org'>New Relic</span>
</a>
<div class="adr">
<div class="street-address">111 SW 5th Avenue, 27th floor</div>
<span class="locality">Portland</span>
, <span class="region">OR</span>
<span class="postal-code">97204</span>
<div class='country-name'>us<div>
(<a href='https://maps.google.com/maps?q=111%20SW%205th%20Avenue,%2027th%20floor,%20Portland%20OR%2097204%20us'>map</a>)
</div>
</div>
<div class="description">
<p>Anna Lorimer will present Security Internships: Bringing up the next generation of hackers</p>
<p>Software engineering internships are increasingly popular and are becoming an integral part of career development for newcomers to the tech scene.They’re also valuable to any organization because they give senior engineers the opportunity to pass on knowledge and make it easier to find full time hires down the road. While there’s plenty of information about how to run a software engineering internship, the same can’t be said for security internships. In this talk I’ll discuss how security internships differ from regular software engineering internships, how to find interns, and how to structure internships to set up both your organization and the intern(s) for success.</p>
<p>Bio:</p>
<p>Anna Lorimer is an undergraduate student studying math and computer science at the University of Waterloo in Waterloo, Canada. She’s done 5 internships over the course of her undergraduate career and is currently doing her sixth with New Relic’s Product Security Team in Portland. She is also the co-founder of StarCon, a technology conference focused on the joy of technology and building a community around sharing technical knowledge.</p>
</div>
<div class="tags">
<h3>Tags</h3>
<p><a class="p-category" href="/events/tag/internship">internship</a>, <a class="p-category" href="/events/tag/owasp">owasp</a>, <a class="p-category" href="/events/tag/security">security</a></p>
</div>
<div class='single_view_right'>
<a href='http://calagator.org/events/1250474068.ics'>Download to iCal</a>
<div id='edit_link'>
<p>You can <a href="http://calagator.org/events/1250474068/edit">edit this event</a>.</p>
</div>
<div id='metadata'>
This item was added directly to Calagator <br /><strong>Tuesday, July 31, 2018 at 11:03am</strong>.
</div>
</div>
</div>
45.5222 -122.6763tag:calagator.org,2005:Calagator::Event/12504740692018-07-31T11:09:14-07:002018-08-31T00:23:59-07:00OWASP Portland Chapter Meeting - SAST and the Bad Human Code ProjectTuesday, September 18, 2018 from 6-8pm at Simple 120 SE Clay St Floor 2, Portland, OR 97214http://calagator.org/events/12504740692018-09-18T18:00:00-07:002018-09-18T20:00:00-07:00<div class="vevent">
<h1 class="summary">OWASP Portland Chapter Meeting - SAST and the Bad Human Code Project</h1>
<div class='date'><time class="dtstart dt-start" title="2018-09-18T18:00:00" datetime="2018-09-18T18:00:00">Tuesday, September 18, 2018 from 6</time>–<time class="dtend dt-end" title="2018-09-18T20:00:00" datetime="2018-09-18T20:00:00">8pm</time></div>
<div class="location vcard">
<a href='/venues/202396024' class='url'>
<span class='fn org'>Simple 120 SE Clay St Floor 2, Portland, OR 97214</span>
</a>
<div class="adr">
<div class="street-address">120 SE Clay St Floor 2</div>
<span class="locality">Portland</span>
, <span class="region">OR</span>
<span class="postal-code">97214</span>
<div class='country-name'>United States<div>
(<a href='https://maps.google.com/maps?q=120%20SE%20Clay%20St%20Floor%202,%20Portland%20OR%2097214%20United%20States'>map</a>)
</div>
</div>
<div class="description">
<p>SAST and the Bad Human Code Project</p>
<p>Static application security testing (SAST) is the automated analysis of source code both in its text and compiled forms. Lint is considered to be one of the first tools to analyze source code and this year marks its 40th anniversary. Even though it wasn't explicitly searching for security vulnerabilities back then, it did flag suspicious constructs. Today there are a myriad of tools to choose from both open source and commercial. We’ll talk about things to consider when evaluating web application scanners then turn our attention to finding additional ways to aggregate and correlate data from other sources such as git logs, code complexity analyzers and even rosters of students who completed secure coding training in an attempt to build a predictive vulnerability model for any new application that comes along.
We’re also looking for people to contribute to a new open source initiative called “The Bad Human Code Project.” The goal is to create a one-stop corpus of intentionally vulnerable code snippets in as many languages as possible.</p>
<p>Speaker's Bio:
John L. Whiteman is a web application security engineer at Oregon Health and Science University. He builds security tools and teaches a hands-on secure coding class to developers, researchers and anyone else interested in protecting data at the institution. He previously worked as a security researcher for Intel's Open Source Technology Center. John recently completed a Master of Computer Science at Georgia Institute of Technology specializing in Interactive Intelligence. He loves talking with like-minded people who are interested in building the next generation of security controls using technologies such as machine learning and AI.</p>
</div>
<div class="tags">
<h3>Tags</h3>
<p><a class="p-category" href="/events/tag/owasp">owasp</a>, <a class="p-category" href="/events/tag/sast">sast</a>, <a class="p-category" href="/events/tag/security">security</a>, <a class="p-category" href="/events/tag/static analysis">static analysis</a></p>
</div>
<div class='single_view_right'>
<a href='http://calagator.org/events/1250474069.ics'>Download to iCal</a>
<div id='edit_link'>
<p>You can <a href="http://calagator.org/events/1250474069/edit">edit this event</a>.</p>
</div>
<div id='metadata'>
This item was added directly to Calagator <br /><strong>Tuesday, July 31, 2018 at 11:09am</strong> and last updated <br /><strong>Friday, August 31, 2018 at 12:23am</strong>.
</div>
</div>
</div>
45.5112 -122.6644tag:calagator.org,2005:Calagator::Event/12504743522018-09-27T23:45:18-07:002018-09-27T23:45:18-07:00OWASP Portland 2018 Training DayWednesday, October 3, 2018 from 8am-7:40pm at World Trade Centerhttp://calagator.org/events/12504743522018-10-03T08:00:00-07:002018-10-03T19:40:00-07:00<div class="vevent">
<h1 class="summary">OWASP Portland 2018 Training Day</h1>
<div class='date'><time class="dtstart dt-start" title="2018-10-03T08:00:00" datetime="2018-10-03T08:00:00">Wednesday, October 3, 2018 from 8am</time>–<time class="dtend dt-end" title="2018-10-03T19:40:00" datetime="2018-10-03T19:40:00">7:40pm</time></div>
<div class="location vcard">
<a href='/venues/202390078' class='url'>
<span class='fn org'>World Trade Center</span>
</a>
<div class="adr">
<div class="street-address">121 SW Salmon</div>
<span class="locality">Portland</span>
, <span class="region">Oregon</span>
<span class="postal-code">97204</span>
<div class='country-name'>US<div>
(<a href='https://maps.google.com/maps?q=121%20SW%20Salmon,%20Portland%20Oregon%2097204%20US'>map</a>)
</div>
</div>
<div class="description">
<p>For the third year in a row, the Portland OWASP chapter is proud to host our information security training day! This is be an excellent opportunity for those interested to receive top quality information security and application security training for prices far lower than normally offered. It's also a great chance to network with the local infosec community and meet those who share your interests.</p>
<p>OWASP Portland 2018 Training Day will be October 3, 2018.</p>
<p>Courses
Courses will be held in two tracks: four in the morning session, and four in the afternoon session. Each participant can register for one morning course, or one afternoon course, or one of each.</p>
<p>The Portland OWASP chapter is hosting its 3rd annual training day. This will be an excellent opportunity for students to receive quality information security and application security training for next to nothing. It will also be a great chance to network with the local infosec community. For more information, see the main event page.</p>
<p>Courses are held in four tracks: four in the morning session, and four in the afternoon session. Each student can register for one morning course, or one afternoon course, or one of each!</p>
<p>NOTE: If you see that a course is sold out, then it is unlikely we will have any additional seats in that course. You can email ian DOT melven AT owasp.org OR benny DOT zhao AT owasp.org OR bhushan DOT Gupta AT owasp.org to request being added to the waiting list. Please be sure to specify which class(es) you want to be added to the wait list for.</p>
<p>OWASP Portland 2018 Training Day will be October 3, 2018. This year we'll be located at:</p>
<p>World Trade Center Portland
121 SW Salmon St.
Portland, OR 97204.
Later in the evening, a social mixer will also be held at Rock Bottom Restaurant & Brewery, just a short walk away:</p>
<p>206 SW Morrison St
Portland, OR 97204</p>
<p>Time Activity
8:00 AM - 8:30 AM Morning Registration and Continental Breakfast
8:30 AM - 12:00 PM Intro to Hacking Web 3.0
(Mick Ayzenberg)</p>
<p>Introduction to Computer Forensics
(Kris Rosenberg)</p>
<p>Intro to Practical Internal Vulnerability Scanning
(Patterson Cake)</p>
<p>Incident Handling in Cloud Environment - a primer
(Derek Hill)</p>
<p>12:00 PM - 1:30 PM Lunch on your own - Meet a new friend and grab a bite!</p>
<p>1:00 PM - 1:30 PM Afternoon Registration (for those attending only in the afternoon)</p>
<p>1:30 PM - 5:00 PM Advanced Application Security Testing
(Timothy Morgan)</p>
<p>AppSec Testing Beyond Pen Test
(Bhushan Gupta)</p>
<p>Applied Physical Attacks on Embedded Systems, Introductory Version
(Joe FitzPatrick)</p>
<p>Advanced Custom Network Protocol Fuzzing
(Joshua Pereyda)</p>
<p>5:00 PM - 7:30 PM Evening Mixer @ Rock Bottom Restaurant and Brewery</p>
<p>Want to get news and information on our 2018 Training Day? Subscribe to the Portland OWASP mailing list or follow @PortlandOWASP on Twitter!</p>
</div>
<h3>Links</h3>
<ul>
<li><a class="url" href="https://www.eventbrite.com/e/portland-owasp-training-day-2018-tickets-48203102778">Website</a></li>
</ul>
<div class="tags">
<h3>Tags</h3>
<p><a class="p-category" href="/events/tag/AppSec">AppSec</a>, <a class="p-category" href="/events/tag/hacking">hacking</a>, <a class="p-category" href="/events/tag/opensource">opensource</a>, <a class="p-category" href="/events/tag/owasp">owasp</a>, <a class="p-category" href="/events/tag/security">security</a>, <a class="p-category" href="/events/tag/training">training</a></p>
</div>
<div class='single_view_right'>
<a href='http://calagator.org/events/1250474352.ics'>Download to iCal</a>
<div id='edit_link'>
<p>You can <a href="http://calagator.org/events/1250474352/edit">edit this event</a>.</p>
</div>
<div id='metadata'>
This item was added directly to Calagator <br /><strong>Thursday, September 27, 2018 at 11:45pm</strong>.
</div>
</div>
</div>
45.5162 -122.675tag:calagator.org,2005:Calagator::Event/12504744812018-10-22T10:10:33-07:002018-10-22T10:10:33-07:00OWASP Portland Chapter Meeting - OWASP Juice Shop! Thursday, November 8, 2018 from 6-8pm at New Relichttp://calagator.org/events/12504744812018-11-08T18:00:00-08:002018-11-08T20:00:00-08:00<div class="vevent">
<h1 class="summary">OWASP Portland Chapter Meeting - OWASP Juice Shop! </h1>
<div class='date'><time class="dtstart dt-start" title="2018-11-08T18:00:00" datetime="2018-11-08T18:00:00">Thursday, November 8, 2018 from 6</time>–<time class="dtend dt-end" title="2018-11-08T20:00:00" datetime="2018-11-08T20:00:00">8pm</time></div>
<div class="location vcard">
<a href='/venues/202392091' class='url'>
<span class='fn org'>New Relic</span>
</a>
<div class="adr">
<div class="street-address">111 SW 5th Avenue, Suite 2700</div>
<span class="locality">Portland</span>
, <span class="region">Oregon</span>
<span class="postal-code">97204</span>
<div class='country-name'>United States<div>
(<a href='https://maps.google.com/maps?q=111%20SW%205th%20Avenue,%20Suite%202700,%20Portland%20Oregon%2097204%20United%20States'>map</a>)
</div>
</div>
<div class="description">
<p>The Portland Chapter of the Open Web Application Security Project (OWASP) will be hosting an introduction to OWASP Juice Shop [<a href="https://github.com/bkimminich/juice-shop">https://github.com/bkimminich/juice-shop</a>]. OWASP Juice Shop is an intentionally insecure web application for security trainings written entirely in JavaScript which encompasses the entire OWASP Top Ten [<a href="https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project">https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project</a>] and other severe security flaws. The session will provide a top level overview of the Juice Shop playground and how to get started with it, as well as an opportunity for attendees to team up to teach and learn from each other in a fun Capture The Flag competition.</p>
<p>David Quisenberry (@dmqpdx16) will be facilitating the session. He's a developer with Daylight Studio and explorer of application security issues.</p>
</div>
<h3>Links</h3>
<ul>
<li><a class="url" href="https://www.owasp.org/index.php/Portland">Website</a></li>
</ul>
<div class="tags">
<h3>Tags</h3>
<p><a class="p-category" href="/events/tag/AppSec">AppSec</a>, <a class="p-category" href="/events/tag/ctf">ctf</a>, <a class="p-category" href="/events/tag/juiceshop">juiceshop</a>, <a class="p-category" href="/events/tag/owasp">owasp</a>, <a class="p-category" href="/events/tag/security">security</a></p>
</div>
<div class='single_view_right'>
<a href='http://calagator.org/events/1250474481.ics'>Download to iCal</a>
<div id='edit_link'>
<p>You can <a href="http://calagator.org/events/1250474481/edit">edit this event</a>.</p>
</div>
<div id='metadata'>
This item was added directly to Calagator <br /><strong>Monday, October 22, 2018 at 10:10am</strong>.
</div>
</div>
</div>
45.5225 -122.676tag:calagator.org,2005:Calagator::Event/12504745672018-11-14T15:46:39-08:002018-11-14T15:46:39-08:00OWASP Portland Chapter MeetingThursday, December 6, 2018 from 6-8pm at Jama Software (New Office)http://calagator.org/events/12504745672018-12-06T18:00:00-08:002018-12-06T20:00:00-08:00<div class="vevent">
<h1 class="summary">OWASP Portland Chapter Meeting</h1>
<div class='date'><time class="dtstart dt-start" title="2018-12-06T18:00:00" datetime="2018-12-06T18:00:00">Thursday, December 6, 2018 from 6</time>–<time class="dtend dt-end" title="2018-12-06T20:00:00" datetime="2018-12-06T20:00:00">8pm</time></div>
<div class="location vcard">
<a href='/venues/202394847' class='url'>
<span class='fn org'>Jama Software (New Office)</span>
</a>
<div class="adr">
<div class="street-address">135 SW Taylor Suite 200</div>
<span class="locality">Portland</span>
, <span class="region">Oregon</span>
<span class="postal-code">97204</span>
<div class='country-name'>United States<div>
(<a href='https://maps.google.com/maps?q=135%20SW%20Taylor%20Suite%20200,%20Portland%20Oregon%2097204%20United%20States'>map</a>)
</div>
</div>
<div class="description">
<p>Interested in web application security? OWASP is for you. The Open Web Application Security Project aims to improve the security of software. Portland has a vibrant chapter and this is our regular chapter meeting.</p>
<p>Unfortunately, our speaker this month has come down with laryngitis so we're going to be showing a few of the talks from this year's AppSecUSA conference with pizza. To vote on which talk you would be interested in viewing go to this <a href="https://twitter.com/PortlandOWASP/status/1069652247963791361">tweet</a></p>
</div>
<h3>Links</h3>
<ul>
<li><a class="url" href="https://www.owasp.org/index.php/Portland">Website</a></li>
</ul>
<div class="tags">
<h3>Tags</h3>
<p><a class="p-category" href="/events/tag/AppSec">AppSec</a>, <a class="p-category" href="/events/tag/owasp">owasp</a>, <a class="p-category" href="/events/tag/security">security</a></p>
</div>
<div class='single_view_right'>
<a href='http://calagator.org/events/1250474567.ics'>Download to iCal</a>
<div id='edit_link'>
<p>You can <a href="http://calagator.org/events/1250474567/edit">edit this event</a>.</p>
</div>
<div id='metadata'>
This item was added directly to Calagator <br /><strong>Wednesday, November 14, 2018 at 3:46pm</strong>.
</div>
</div>
</div>
45.5166 -122.6749tag:calagator.org,2005:Calagator::Event/12504747062018-12-17T08:57:04-08:002018-12-17T08:57:04-08:00OWASP Portland Chapter Meeting - Docker SecurityWednesday, January 9, 2019 from 6-8pm at New Relichttp://calagator.org/events/12504747062019-01-09T18:00:00-08:002019-01-09T20:00:00-08:00<div class="vevent">
<h1 class="summary">OWASP Portland Chapter Meeting - Docker Security</h1>
<div class='date'><time class="dtstart dt-start" title="2019-01-09T18:00:00" datetime="2019-01-09T18:00:00">Wednesday, January 9, 2019 from 6</time>–<time class="dtend dt-end" title="2019-01-09T20:00:00" datetime="2019-01-09T20:00:00">8pm</time></div>
<div class="location vcard">
<a href='/venues/202392091' class='url'>
<span class='fn org'>New Relic</span>
</a>
<div class="adr">
<div class="street-address">111 SW 5th Avenue, Suite 2700</div>
<span class="locality">Portland</span>
, <span class="region">Oregon</span>
<span class="postal-code">97204</span>
<div class='country-name'>United States<div>
(<a href='https://maps.google.com/maps?q=111%20SW%205th%20Avenue,%20Suite%202700,%20Portland%20Oregon%2097204%20United%20States'>map</a>)
</div>
</div>
<div class="description">
<p>Docker has become a very popular tool for deploying server applications. It aims to solve many problems with dependency management and drift between development and production environments, and make it easy for developers to deploy their software quickly.</p>
<p>This talk is about how to use all of this wonderful convenience for evil. It will cover Docker containers and how they work (and how to infect them with malware), some services commonly used in Docker infrastructure and how to find and exploit them, and some Docker-specific post-exploitation strategies. It will also cover best practices for mitigating and detecting attacks on your Docker infrastructure and how to create a healthy security culture among your Docker engineers.</p>
<p>Josh is a Linux security practitioner and developer based in Portland, Oregon. He works as a security engineer at New Relic, where he builds security visibility tools, breaks SaaS software, and helps developers build secure infrastructure.</p>
</div>
<h3>Links</h3>
<ul>
<li><a class="url" href="https://www.meetup.com/OWASP-Portland-Chapter/events/257033486/">Website</a></li>
</ul>
<div class="tags">
<h3>Tags</h3>
<p><a class="p-category" href="/events/tag/AppSec">AppSec</a>, <a class="p-category" href="/events/tag/docker">docker</a>, <a class="p-category" href="/events/tag/owasp">owasp</a>, <a class="p-category" href="/events/tag/security">security</a></p>
</div>
<div class='single_view_right'>
<a href='http://calagator.org/events/1250474706.ics'>Download to iCal</a>
<div id='edit_link'>
<p>You can <a href="http://calagator.org/events/1250474706/edit">edit this event</a>.</p>
</div>
<div id='metadata'>
This item was added directly to Calagator <br /><strong>Monday, December 17, 2018 at 8:57am</strong>.
</div>
</div>
</div>
45.5225 -122.676tag:calagator.org,2005:Calagator::Event/12504747682019-01-04T15:56:21-08:002019-01-04T15:56:21-08:00Portland OWASP Chapter Meeting - Building a Security Program From Nothing with Kendra AshTuesday, February 26, 2019 from 6-8pm at Vacasahttp://calagator.org/events/12504747682019-02-26T18:00:00-08:002019-02-26T20:00:00-08:00<div class="vevent">
<h1 class="summary">Portland OWASP Chapter Meeting - Building a Security Program From Nothing with Kendra Ash</h1>
<div class='date'><time class="dtstart dt-start" title="2019-02-26T18:00:00" datetime="2019-02-26T18:00:00">Tuesday, February 26, 2019 from 6</time>–<time class="dtend dt-end" title="2019-02-26T20:00:00" datetime="2019-02-26T20:00:00">8pm</time></div>
<div class="location vcard">
<a href='/venues/202396082' class='url'>
<span class='fn org'>Vacasa</span>
</a>
<div class="adr">
<div class="street-address">850 Northwest 13th Avenue</div>
<span class="locality">Portland</span>
, <span class="region">OR</span>
<span class="postal-code">97209</span>
<div class='country-name'>US<div>
(<a href='https://maps.google.com/maps?q=850%20Northwest%2013th%20Avenue,%20Portland%20OR%2097209%20US'>map</a>)
</div>
</div>
<div class="description">
<p>Companies are starting to build security programs with no prior experience as awareness about cyber threats increases. Often this is at a later stage when the company has a fully staffed engineering team and accumulated security debt. This talk is about how to build a security program from nothing using stakeholder analysis and risk assessments to help prioritize remediation efforts and avoid getting overwhelmed. A healthy and effective security program relies on building relationships throughout the company, enlisting security champions, and leveraging tooling and automation as effectively as possible. Kendra Ash will be sharing some of the lessons learned on our journey building a security program from scratch over the last several months.</p>
<p>Kendra Ash (<a href="https://twitter.com/securelykash">@securelykash</a>) is an information security engineer at Vacasa, actively building a security team and program by leveraging guidance from her network and industry standards.</p>
</div>
<h3>Links</h3>
<ul>
<li><a class="url" href="https://www.meetup.com/OWASP-Portland-Chapter/events/257716836/">Website</a></li>
</ul>
<div class="tags">
<h3>Tags</h3>
<p><a class="p-category" href="/events/tag/AppSec">AppSec</a>, <a class="p-category" href="/events/tag/owasp">owasp</a>, <a class="p-category" href="/events/tag/security">security</a></p>
</div>
<div class='single_view_right'>
<a href='http://calagator.org/events/1250474768.ics'>Download to iCal</a>
<div id='edit_link'>
<p>You can <a href="http://calagator.org/events/1250474768/edit">edit this event</a>.</p>
</div>
<div id='metadata'>
This item was added directly to Calagator <br /><strong>Friday, January 4, 2019 at 3:56pm</strong>.
</div>
</div>
</div>
45.529 -122.6843tag:calagator.org,2005:Calagator::Event/12504749262019-01-28T09:09:30-08:002019-01-28T09:09:30-08:00Portland OWASP - Breaching the Cyber Security Job Industry with Ryan KrauseTuesday, March 12, 2019 from 6-8pm at Simple 120 SE Clay St Floor 2, Portland, OR 97214http://calagator.org/events/12504749262019-03-12T18:00:00-07:002019-03-12T20:00:00-07:00<div class="vevent">
<h1 class="summary">Portland OWASP - Breaching the Cyber Security Job Industry with Ryan Krause</h1>
<div class='date'><time class="dtstart dt-start" title="2019-03-12T18:00:00" datetime="2019-03-12T18:00:00">Tuesday, March 12, 2019 from 6</time>–<time class="dtend dt-end" title="2019-03-12T20:00:00" datetime="2019-03-12T20:00:00">8pm</time></div>
<div class="location vcard">
<a href='/venues/202396024' class='url'>
<span class='fn org'>Simple 120 SE Clay St Floor 2, Portland, OR 97214</span>
</a>
<div class="adr">
<div class="street-address">120 SE Clay St Floor 2</div>
<span class="locality">Portland</span>
, <span class="region">OR</span>
<span class="postal-code">97214</span>
<div class='country-name'>United States<div>
(<a href='https://maps.google.com/maps?q=120%20SE%20Clay%20St%20Floor%202,%20Portland%20OR%2097214%20United%20States'>map</a>)
</div>
</div>
<div class="description">
<p>Breaching the Cyber Security Job Industry</p>
<p>Despite the growing popularity of the cyber security industry, many job hunters still find it challenging to break into the field. With numerous entry-level cyber security jobs requiring one, two, or sometimes even three years of security-related experience, how are inexperienced applicants supposed to get their foot in the door?</p>
<p>This talk will discuss some of the challenges that potential employees face while looking for careers in the cyber security industry. It will explore potential career paths for new high school and college graduates, mid-career employees with a technical background, as well as mid-career employees with no technical background. The discussion will also focus on ways to help position yourself for success in the industry, touching on security internships, university diplomas, industry certificates, Portland-based security meetings, and self-study resources.</p>
<p>Ryan Krause is a penetration tester based in the Portland, Oregon area. He has worked in various areas of the security field for the past 11 years for companies such as HP, eEye Digital Security/BeyondTrust, and Comcast with a primary focus on application security and development. He is currently a consultant at NetSPI where he performs web and network penetration tests and assists clients with reducing their overall security exposure.</p>
</div>
<h3>Links</h3>
<ul>
<li><a class="url" href="https://www.meetup.com/OWASP-Portland-Chapter/events/258470135/">Website</a></li>
</ul>
<div class="tags">
<h3>Tags</h3>
<p><a class="p-category" href="/events/tag/AppSec">AppSec</a>, <a class="p-category" href="/events/tag/Careers">Careers</a>, <a class="p-category" href="/events/tag/Pen Testing">Pen Testing</a>, <a class="p-category" href="/events/tag/owasp">owasp</a>, <a class="p-category" href="/events/tag/security">security</a></p>
</div>
<div class='single_view_right'>
<a href='http://calagator.org/events/1250474926.ics'>Download to iCal</a>
<div id='edit_link'>
<p>You can <a href="http://calagator.org/events/1250474926/edit">edit this event</a>.</p>
</div>
<div id='metadata'>
This item was added directly to Calagator <br /><strong>Monday, January 28, 2019 at 9:09am</strong>.
</div>
</div>
</div>
45.5112 -122.6644tag:calagator.org,2005:Calagator::Event/12504751712019-03-01T09:55:40-08:002019-03-01T09:55:40-08:00Portland OWASP - OWASP Top Ten For Javascript Developers with Lewis ArdernWednesday, April 10, 2019 from 6-8pm at New Relichttp://calagator.org/events/12504751712019-04-10T18:00:00-07:002019-04-10T20:00:00-07:00<div class="vevent">
<h1 class="summary">Portland OWASP - OWASP Top Ten For Javascript Developers with Lewis Ardern</h1>
<div class='date'><time class="dtstart dt-start" title="2019-04-10T18:00:00" datetime="2019-04-10T18:00:00">Wednesday, April 10, 2019 from 6</time>–<time class="dtend dt-end" title="2019-04-10T20:00:00" datetime="2019-04-10T20:00:00">8pm</time></div>
<div class="location vcard">
<a href='/venues/202392091' class='url'>
<span class='fn org'>New Relic</span>
</a>
<div class="adr">
<div class="street-address">111 SW 5th Avenue, Suite 2700</div>
<span class="locality">Portland</span>
, <span class="region">Oregon</span>
<span class="postal-code">97204</span>
<div class='country-name'>United States<div>
(<a href='https://maps.google.com/maps?q=111%20SW%205th%20Avenue,%20Suite%202700,%20Portland%20Oregon%2097204%20United%20States'>map</a>)
</div>
</div>
<div class="description">
<p>OWASP Top 10 for JavaScript Developers</p>
<p>The OWASP Top 10 is a powerful awareness document for web application security. It represents a broad consensus about the most critical security risks to web applications.</p>
<p>With the release of the OWASP TOP 10 2017 we saw new issues rise as contenders of most common issues in the web landscape. Much of the OWASP documentation displays issues, and remediation advice/code relating to Java, C++, and C#; however not much relating to JavaScript. JavaScript has drastically changed over the last few years with the release of Angular, React, and Vue, alongside the popular use of NodeJS and its libraries/frameworks. This talk will introduce you to the OWASP Top 10 explaining JavaScript client and server-side vulnerabilities.</p>
<p>Lewis Ardern is a Senior Security Consultant at Synopsys. His primary areas of expertise are in web security and security engineering. Lewis enjoys creating and delivering security training to various types of organizations and institutes in topics such as web and JavaScript security. He is also the founder of the Leeds Ethical Hacking Society and has helped develop projects such as bXSS (<a href="https://github.com/LewisArdern/bXSS">https://github.com/LewisArdern/bXSS</a>) and SecGen (<a href="https://github.com/cliffe/secgen">https://github.com/cliffe/secgen</a>).</p>
</div>
<h3>Links</h3>
<ul>
<li><a class="url" href="https://www.meetup.com/OWASP-Portland-Chapter/events/259395373/">Website</a></li>
</ul>
<div class="tags">
<h3>Tags</h3>
<p><a class="p-category" href="/events/tag/AppSec">AppSec</a>, <a class="p-category" href="/events/tag/Vue">Vue</a>, <a class="p-category" href="/events/tag/angular"><img title="angular" alt="angular" src="/assets/tag_icons/angular-0adbfce59e44d005d132b6f4e6a4665e86f2035362378f7c0b413030572710f5.png" /> angular</a>, <a class="p-category" href="/events/tag/ember">ember</a>, <a class="p-category" href="/events/tag/javascript"><img title="javascript" alt="javascript" src="/assets/tag_icons/javascript-6abd4d1aeb784c814b3ef6ce94436f030aad9dfe0f5255ea43a181edc84c4c0c.png" /> javascript</a>, <a class="p-category" href="/events/tag/node">node</a>, <a class="p-category" href="/events/tag/owasp">owasp</a>, <a class="p-category" href="/events/tag/react">react</a>, <a class="p-category" href="/events/tag/security">security</a></p>
</div>
<div class='single_view_right'>
<a href='http://calagator.org/events/1250475171.ics'>Download to iCal</a>
<div id='edit_link'>
<p>You can <a href="http://calagator.org/events/1250475171/edit">edit this event</a>.</p>
</div>
<div id='metadata'>
This item was added directly to Calagator <br /><strong>Friday, March 1, 2019 at 9:55am</strong>.
</div>
</div>
</div>
45.5225 -122.676tag:calagator.org,2005:Calagator::Event/12504754282019-04-13T08:55:52-07:002019-04-13T08:55:52-07:00Portland OWASP - InfoSec and AppSec: Recruiting, Interviewing, Hiring Q&ATuesday, May 14, 2019 from 6-8pm at Zapprovedhttp://calagator.org/events/12504754282019-05-14T18:00:00-07:002019-05-14T20:00:00-07:00<div class="vevent">
<h1 class="summary">Portland OWASP - InfoSec and AppSec: Recruiting, Interviewing, Hiring Q&A</h1>
<div class='date'><time class="dtstart dt-start" title="2019-05-14T18:00:00" datetime="2019-05-14T18:00:00">Tuesday, May 14, 2019 from 6</time>–<time class="dtend dt-end" title="2019-05-14T20:00:00" datetime="2019-05-14T20:00:00">8pm</time></div>
<div class="location vcard">
<a href='/venues/202396241' class='url'>
<span class='fn org'>Zapproved</span>
</a>
<div class="adr">
<div class="street-address">1414 NW Northrup Street #700</div>
<span class="locality">Portland</span>
, <span class="region">OR</span>
<span class="postal-code">97209</span>
<div class='country-name'>USA<div>
(<a href='https://maps.google.com/maps?q=1414%20NW%20Northrup%20Street%20%23700,%20Portland%20OR%2097209%20USA'>map</a>)
</div>
</div>
<div class="description">
<p>Following up Ryan Krause's talk on breaking into the cybersecurity industry, May's chapter meeting hosted by Zapproved will offer attendees an opportunity to hear from hiring managers and InfoSec/AppSec leaders on what they look for in hiring for their roles and thoughts on career progression. Attendees will have ample opportunity to ask questions and engage our panel.</p>
<h2>Panel:</h2>
<h3>Zefren Edior - Umpqua Bank</h3>
<p>Zefren currently works at Umpqua Bank, and he is the Information Security Assurance Lead. He has 10 plus years of experience in IT operations, information security, risk management, compliance and audit. He mentors and advises students, who have worked at public accounting firms, big tech companies, and startups. He is passionate about technology, cybersecurity, and helping people align their knowledge, skills, and abilities to achieve personal and professional growth.</p>
<h3>Patterson Cake - Haven Information Security / PeaceHealth</h3>
<p>Patterson has been in information technology for over 20 years, focusing on security for the past several years in offensive, defensive and leadership roles. He is the founder of Haven Information Security, an instructor for SANS, and the Principal Cybersecurity Engineer for PeaceHealth.</p>
<h3>Josha Bronson - Bronsec</h3>
<p>Josha is a founder at bronsec, working with clients big and small on all aspects of security. Former security team founder at yammer.</p>
<h3>Sam Harwin - Salesforce</h3>
<p>Sam leads a technical team of security engineers that assess a wide variety of Enterprise facing infrastructure for the organization. They focus on performing technical security testing, risk assessments, and providing business risk guidance on a wide variety of infrastructure technologies such as operating systems (Mac, Linux, Windows, iOS, Android), devices (mobile, embedded technologies, IOT), networks (wired, wireless, cloud), and applications (endpoint, mobile, public cloud).</p>
<h3>Philip Jenkins - Zapproved</h3>
<p>Philip is director of compliance and IT at Zapproved. He has over 20 years’ experience in IT security, network management, system engineering, and IT processes. His past experience includes Director of Security at Jama Software and CISO at Strands Finance. Philip holds his CISSP and CISM certifications and is a recognized leader in information security. He is active in (ISC)2, ISACA, OWASP, InfraGard, and ISSA.</p>
</div>
<h3>Links</h3>
<ul>
<li><a class="url" href="https://www.meetup.com/OWASP-Portland-Chapter/events/260486258/">Website</a></li>
</ul>
<div class="tags">
<h3>Tags</h3>
<p><a class="p-category" href="/events/tag/AppSec">AppSec</a>, <a class="p-category" href="/events/tag/Careers">Careers</a>, <a class="p-category" href="/events/tag/owasp">owasp</a>, <a class="p-category" href="/events/tag/security">security</a></p>
</div>
<div class='single_view_right'>
<a href='http://calagator.org/events/1250475428.ics'>Download to iCal</a>
<div id='edit_link'>
<p>You can <a href="http://calagator.org/events/1250475428/edit">edit this event</a>.</p>
</div>
<div id='metadata'>
This item was added directly to Calagator <br /><strong>Saturday, April 13, 2019 at 8:55am</strong>.
</div>
</div>
</div>
45.5312 -122.6881tag:calagator.org,2005:Calagator::Event/12504757002019-06-03T09:21:38-07:002019-06-03T09:21:38-07:00Portland OWASP - Security Requirement Elicitation with Bhushan GuptaWednesday, June 19, 2019 from 6-8pm at CloudBolt Softwarehttp://calagator.org/events/12504757002019-06-19T18:00:00-07:002019-06-19T20:00:00-07:00<div class="vevent">
<h1 class="summary">Portland OWASP - Security Requirement Elicitation with Bhushan Gupta</h1>
<div class='date'><time class="dtstart dt-start" title="2019-06-19T18:00:00" datetime="2019-06-19T18:00:00">Wednesday, June 19, 2019 from 6</time>–<time class="dtend dt-end" title="2019-06-19T20:00:00" datetime="2019-06-19T20:00:00">8pm</time></div>
<div class="location vcard">
<a href='/venues/202396338' class='url'>
<span class='fn org'>CloudBolt Software</span>
</a>
<div class="adr">
<div class="street-address">531 SE 14th Ave Suite 106</div>
<span class="locality">Portland</span>
, <span class="region">OR</span>
<span class="postal-code">97214</span>
<div class='country-name'>US<div>
(<a href='https://maps.google.com/maps?q=531%20SE%2014th%20Ave%20Suite%20106,%20Portland%20OR%2097214%20US'>map</a>)
</div>
</div>
<div class="description">
<p>Web Application Security spreads over the application functionality, the platform it is running on, the development and deployment environment, third-party applications used, and last but not least, the open source code it utilizes. The requirements breadth is mind-boggling. You ignore any of these aspects and you become vulnerable.</p>
<p>This talk will discuss a structured approach to establish essential security requirements based on the CIA triad. The discussion will then expand over how these requirements manifest in the industry standards such as PCI, Government agencies, and globally. It will also delve into third party and open source code scenarios. The audience will take home a checklist of different aspects of security requirements to consider when building a Web application.</p>
<p>Bio: Bhushan Gupta, Gupta Consulting, LLC.</p>
<p>Proven champion for quality and well-versed with software quality engineering, and an AppSec researcher, Bhushan is the principal consultant at Gupta Consulting, LLC. A Certified Six Sigma Black Belt (ASQ), he possesses deep and broad experience in solving complex problems, change management, and coaching and mentoring. As a member of Open Web Application Security Project (OWASP), he is dedicated to driving the AppSec to higher levels via integration of security into Agile software development life cycle. His research areas are: elicitation of security requirements, comprehensive testing approaches beyond penetration testing, application of test tools and use of AI (Machine Learning) in secure web application development.</p>
<p>Bhushan has a MS in Computer Science (1985) from New Mexico Tech and has worked at Hewlett-Packard and Nike Inc. in various roles. He was a faculty member at the Oregon Institute of Technology, Software Engineering department, from 1985 to 1995 and is currently an Adjunct Faculty member.</p>
</div>
<h3>Links</h3>
<ul>
<li><a class="url" href="https://www.meetup.com/OWASP-Portland-Chapter/events/261650911/">Website</a></li>
</ul>
<div class="tags">
<h3>Tags</h3>
<p><a class="p-category" href="/events/tag/AppSec">AppSec</a>, <a class="p-category" href="/events/tag/owasp">owasp</a>, <a class="p-category" href="/events/tag/security">security</a></p>
</div>
<div class='single_view_right'>
<a href='http://calagator.org/events/1250475700.ics'>Download to iCal</a>
<div id='edit_link'>
<p>You can <a href="http://calagator.org/events/1250475700/edit">edit this event</a>.</p>
</div>
<div id='metadata'>
This item was added directly to Calagator <br /><strong>Monday, June 3, 2019 at 9:21am</strong>.
</div>
</div>
</div>
45.5188 -122.6518tag:calagator.org,2005:Calagator::Event/12504758012019-06-24T14:59:59-07:002019-06-24T14:59:59-07:00Portland OWASP - The Easy (and Secure!) Way to Build JavaScript Web Apps with OAuth 2 & OIDC with Jake FeaselWednesday, July 10, 2019 from 6-8pm at New Relichttp://calagator.org/events/12504758012019-07-10T18:00:00-07:002019-07-10T20:00:00-07:00<div class="vevent">
<h1 class="summary">Portland OWASP - The Easy (and Secure!) Way to Build JavaScript Web Apps with OAuth 2 & OIDC with Jake Feasel</h1>
<div class='date'><time class="dtstart dt-start" title="2019-07-10T18:00:00" datetime="2019-07-10T18:00:00">Wednesday, July 10, 2019 from 6</time>–<time class="dtend dt-end" title="2019-07-10T20:00:00" datetime="2019-07-10T20:00:00">8pm</time></div>
<div class="location vcard">
<a href='/venues/202392091' class='url'>
<span class='fn org'>New Relic</span>
</a>
<div class="adr">
<div class="street-address">111 SW 5th Avenue, Suite 2700</div>
<span class="locality">Portland</span>
, <span class="region">Oregon</span>
<span class="postal-code">97204</span>
<div class='country-name'>United States<div>
(<a href='https://maps.google.com/maps?q=111%20SW%205th%20Avenue,%20Suite%202700,%20Portland%20Oregon%2097204%20United%20States'>map</a>)
</div>
</div>
<div class="description">
<p>What are the best current practices for building modern, completely standards-based (OIDC) web applications? Which flow should you use? How should you renew expired access tokens? How do you work with multiple resource servers? How do you achieve single-sign on? How can you make logging into your app as seamless as possible? We will demonstrate how simple it is to do all of this using open source libraries maintained by ForgeRock. Together we will deep dive into what these libraries are doing for you behind the scenes: PKCE, service workers, IndexedDB storage, hidden iframes, and more. In the end you will have all the tools at your disposal to easily build your next modern web app with OIDC.</p>
<p>Jake Feasel
Developer Experience Lead; Forgerock</p>
<p>Jake has been working in the web platform for 20 years, all the while primarily interested in the use of standards and open source technologies. Jake is currently a senior engineer at ForgeRock, where he has been for the last seven years. He is most recently responsible for improving the ways in which developers interact with the ForgeRock Identity Platform.</p>
</div>
<h3>Links</h3>
<ul>
<li><a class="url" href="https://www.meetup.com/OWASP-Portland-Chapter/events/262593317/">Website</a></li>
</ul>
<div class="tags">
<h3>Tags</h3>
<p><a class="p-category" href="/events/tag/AppSec">AppSec</a>, <a class="p-category" href="/events/tag/OIDC">OIDC</a>, <a class="p-category" href="/events/tag/javascript"><img title="javascript" alt="javascript" src="/assets/tag_icons/javascript-6abd4d1aeb784c814b3ef6ce94436f030aad9dfe0f5255ea43a181edc84c4c0c.png" /> javascript</a>, <a class="p-category" href="/events/tag/oauth2">oauth2</a>, <a class="p-category" href="/events/tag/owasp">owasp</a>, <a class="p-category" href="/events/tag/security">security</a></p>
</div>
<div class='single_view_right'>
<a href='http://calagator.org/events/1250475801.ics'>Download to iCal</a>
<div id='edit_link'>
<p>You can <a href="http://calagator.org/events/1250475801/edit">edit this event</a>.</p>
</div>
<div id='metadata'>
This item was added directly to Calagator <br /><strong>Monday, June 24, 2019 at 2:59pm</strong>.
</div>
</div>
</div>
45.5225 -122.676tag:calagator.org,2005:Calagator::Event/12504758752019-07-12T09:02:31-07:002019-07-12T09:02:31-07:00Portland OWASP: Using Graph Theory to Understand Security with Tim MorganTuesday, August 13, 2019 from 6-8pm at Simplehttp://calagator.org/events/12504758752019-08-13T18:00:00-07:002019-08-13T20:00:00-07:00<div class="vevent">
<h1 class="summary">Portland OWASP: Using Graph Theory to Understand Security with Tim Morgan</h1>
<div class='date'><time class="dtstart dt-start" title="2019-08-13T18:00:00" datetime="2019-08-13T18:00:00">Tuesday, August 13, 2019 from 6</time>–<time class="dtend dt-end" title="2019-08-13T20:00:00" datetime="2019-08-13T20:00:00">8pm</time></div>
<div class="location vcard">
<a href='/venues/202393154' class='url'>
<span class='fn org'>Simple</span>
</a>
<div class="adr">
<div class="street-address">1615 SE 3rd Ave, Suite 200</div>
<span class="locality">Portland</span>
, <span class="region">OR</span>
<span class="postal-code">97214</span>
<div class='country-name'>US<div>
(<a href='https://maps.google.com/maps?q=1615%20SE%203rd%20Ave,%20Suite%20200,%20Portland%20OR%2097214%20US'>map</a>)
</div>
</div>
<div class="description">
<p>Using Graph Theory to Understand Security</p>
<p>Information security is hard. It must be, because we keep getting hacked. One aspect that makes it so difficult is the level of complexity that exists in even a modestly-sized digital infrastructure. Humans can consider only so many security relationships, trust boundaries, and attack scenarios at once. This complexity makes it hard to decide where to focus our defensive resources and we're regularly led astray by the latest shiny tool or security advisory. Remarkably, our adversaries actually have a similar challenge: once a digital intruder gains a foothold in an environment that is completely new to them, how do they know what next steps they should take to efficiently achieve their goal? The environments they attack are not only complex, they are also unexplored landscapes that must be mapped out.</p>
<p>This is where graph theory can lend a hand. Several open source tools, such as BloodHound and Infection Monkey, provide intruders (whether that be your friendly neighborhood pentester or your adversaries) with easy ways to map out infrastructures and identify the quickest path to your crown jewels. While this is certainly alarming, we can also use these tools ourselves to find out what our infrastructures look like in the eyes of an attacker.</p>
<p>In this talk, Tim will provide a brief introduction to graph theory, show some demos of the free tools that use it, and discuss how he is using these techniques to build automated threat models "at scale" to make defenders' lives easier.</p>
<p>Speaker: Timothy Morgan</p>
<p>After earning his computer science degrees (B.S., Harvey Mudd College and M.S., Northeastern University) and spending a short time as a software developer, Tim began his career in application security and vulnerability research. In his work as a consultant over the past 14 years, Tim has led projects as varied as application pentests, incident response, digital forensics, secure software development training, phishing exercises, and breach simulations. Tim has also presented his independent research on Windows registry forensics, XML external entities attacks, web application timing attacks, and practical application cryptanalysis at conferences such as DFRWS, OWASP's AppSec USA, BSidesPDX, and BlackHat USA.</p>
<p>For the past three years Tim has been building an innovative new risk-based vulnerability management product (DeepSurface) that helps his customers gain a much deeper understanding of the complex relationships present in their digital infrastructures. Visit kanchil.com to learn more about Tim's latest R&D effort.</p>
</div>
<h3>Links</h3>
<ul>
<li><a class="url" href="https://www.meetup.com/OWASP-Portland-Chapter/events/263095211/">Website</a></li>
</ul>
<div class="tags">
<h3>Tags</h3>
<p><a class="p-category" href="/events/tag/AppSec">AppSec</a>, <a class="p-category" href="/events/tag/graphs">graphs</a>, <a class="p-category" href="/events/tag/infosec">infosec</a>, <a class="p-category" href="/events/tag/owasp">owasp</a></p>
</div>
<div class='single_view_right'>
<a href='http://calagator.org/events/1250475875.ics'>Download to iCal</a>
<div id='edit_link'>
<p>You can <a href="http://calagator.org/events/1250475875/edit">edit this event</a>.</p>
</div>
<div id='metadata'>
This item was added directly to Calagator <br /><strong>Friday, July 12, 2019 at 9:02am</strong>.
</div>
</div>
</div>
45.5114 -122.6628tag:calagator.org,2005:Calagator::Event/12504759432019-08-01T17:28:59-07:002019-08-01T17:28:59-07:00Portland OWASP - Threat Modeling in 2019 with Adam ShostackWednesday, October 9, 2019 from 6-8pm at New Relichttp://calagator.org/events/12504759432019-10-09T18:00:00-07:002019-10-09T20:00:00-07:00<div class="vevent">
<h1 class="summary">Portland OWASP - Threat Modeling in 2019 with Adam Shostack</h1>
<div class='date'><time class="dtstart dt-start" title="2019-10-09T18:00:00" datetime="2019-10-09T18:00:00">Wednesday, October 9, 2019 from 6</time>–<time class="dtend dt-end" title="2019-10-09T20:00:00" datetime="2019-10-09T20:00:00">8pm</time></div>
<div class="location vcard">
<a href='/venues/202392091' class='url'>
<span class='fn org'>New Relic</span>
</a>
<div class="adr">
<div class="street-address">111 SW 5th Avenue, Suite 2700</div>
<span class="locality">Portland</span>
, <span class="region">Oregon</span>
<span class="postal-code">97204</span>
<div class='country-name'>United States<div>
(<a href='https://maps.google.com/maps?q=111%20SW%205th%20Avenue,%20Suite%202700,%20Portland%20Oregon%2097204%20United%20States'>map</a>)
</div>
</div>
<div class="description">
<p>Attacks always get better, so your threat modeling needs to evolve. Learn what's new and important in threat modeling in 2019. Computers that are things are subject to different threats, and systems face new threats from voice cloning and computational propaganda and the growing importance of threats “at the human layer.” Take home actionable ways to ensure your security engineering is up to date.</p>
<p>Speaker: Adam Shostack
Adam is a leading expert on threat modeling, and a consultant, entrepreneur, technologist, author and game designer. He's a member of the BlackHat Review Board, and helped create the CVE and many other things. He currently helps many organizations improve their security via <a href="https://associates.shostack.org/">Shostack & Associates</a>, and advises startups including as a Mach37 Star Mentor. While at Microsoft, he drove the Autorun fix into Windows Update, was the lead designer of the SDL Threat Modeling Tool v3 and created the "Elevation of Privilege" game. Adam is the author of <a href="https://www.amazon.com/Threat-Modeling-Designing-Adam-Shostack/dp/1118809998/ref=as_li_ss_tl?ie=UTF8&qid=1504107491&sr=8-1&keywords=threat+modeling&linkCode=ll1&tag=adamshostack-20&linkId=cc4d1967c923c9c8b254ee2d20dc564f">Threat Modeling: Designing for Security</a>, and the co-author of <a href="https://www.amazon.com/New-School-Information-Security-ebook/dp/B004UAALZ0/ref=as_li_ss_tl?ie=UTF8&linkCode=ll1&tag=adamshostack-20&linkId=8ef6dabf941ae63313313cef60cef269">The New School of Information Security</a>.</p>
</div>
<h3>Links</h3>
<ul>
<li><a class="url" href="https://www.meetup.com/OWASP-Portland-Chapter/events/263660173/">Website</a></li>
</ul>
<div class="tags">
<h3>Tags</h3>
<p><a class="p-category" href="/events/tag/AppSec">AppSec</a>, <a class="p-category" href="/events/tag/owasp">owasp</a>, <a class="p-category" href="/events/tag/security">security</a>, <a class="p-category" href="/events/tag/threat modeling">threat modeling</a></p>
</div>
<div class='single_view_right'>
<a href='http://calagator.org/events/1250475943.ics'>Download to iCal</a>
<div id='edit_link'>
<p>You can <a href="http://calagator.org/events/1250475943/edit">edit this event</a>.</p>
</div>
<div id='metadata'>
This item was added directly to Calagator <br /><strong>Thursday, August 1, 2019 at 5:28pm</strong>.
</div>
</div>
</div>
45.5225 -122.676tag:calagator.org,2005:Calagator::Event/12504763112019-10-07T15:41:01-07:002019-10-07T15:41:01-07:00Portland OWASP Chapter Meeting: Overcoming Your Greatest InfoSec Adversary: You!Tuesday, November 12, 2019 from 6-8pm at Zapprovedhttp://calagator.org/events/12504763112019-11-12T18:00:00-08:002019-11-12T20:00:00-08:00<div class="vevent">
<h1 class="summary">Portland OWASP Chapter Meeting: Overcoming Your Greatest InfoSec Adversary: You!</h1>
<div class='date'><time class="dtstart dt-start" title="2019-11-12T18:00:00" datetime="2019-11-12T18:00:00">Tuesday, November 12, 2019 from 6</time>–<time class="dtend dt-end" title="2019-11-12T20:00:00" datetime="2019-11-12T20:00:00">8pm</time></div>
<div class="location vcard">
<a href='/venues/202396241' class='url'>
<span class='fn org'>Zapproved</span>
</a>
<div class="adr">
<div class="street-address">1414 NW Northrup Street #700</div>
<span class="locality">Portland</span>
, <span class="region">OR</span>
<span class="postal-code">97209</span>
<div class='country-name'>USA<div>
(<a href='https://maps.google.com/maps?q=1414%20NW%20Northrup%20Street%20%23700,%20Portland%20OR%2097209%20USA'>map</a>)
</div>
</div>
<div class="description">
<p>Tips on formulating complete sentences without acronyms, learning to pretend you aren't the smartest person in the room, choosing the right animations for your PowerPoint presentations, and more! Let's be honest, you probably didn't get into info-sec because of your love for public speaking, your mastery of written and verbal communication, or your highly-tuned social skills! Regardless, these things are key to your success or failure in info-sec. Dare to join me for a frank if somewhat tongue-in-cheek conversation regarding strategies for simplifying complex conversations, recognizing and overcoming common communication obstacles, translating leet-speak to business language and creating effective visual presentations.</p>
<p>Speaker:
Patterson Cake</p>
<p>Patterson has been in information technology for over 20 years, focusing on security for the past several years in offensive, defensive and leadership roles. He is the founder of Haven Information Security, an instructor for SANS, and the Principal Cybersecurity Engineer for PeaceHealth.</p>
</div>
<h3>Links</h3>
<ul>
<li><a class="url" href="https://www.meetup.com/OWASP-Portland-Chapter/events/265489799/">Website</a></li>
</ul>
<div class="tags">
<h3>Tags</h3>
<p><a class="p-category" href="/events/tag/AppSec">AppSec</a>, <a class="p-category" href="/events/tag/infosec">infosec</a>, <a class="p-category" href="/events/tag/owasp">owasp</a></p>
</div>
<div class='single_view_right'>
<a href='http://calagator.org/events/1250476311.ics'>Download to iCal</a>
<div id='edit_link'>
<p>You can <a href="http://calagator.org/events/1250476311/edit">edit this event</a>.</p>
</div>
<div id='metadata'>
This item was added directly to Calagator <br /><strong>Monday, October 7, 2019 at 3:41pm</strong>.
</div>
</div>
</div>
45.5312 -122.6881tag:calagator.org,2005:Calagator::Event/12504764352019-11-15T22:38:55-08:002019-11-15T22:38:55-08:00Study Night: Introduction to the Command Line Debugger GDBTuesday, December 3, 2019 from 7:30-8:30pm at ^H Hackerspace, 7608 North Interstate Avenue, Portland, OR, United Stateshttp://calagator.org/events/12504764352019-12-03T19:30:00-08:002019-12-03T20:30:00-08:00<div class="vevent">
<h1 class="summary">Study Night: Introduction to the Command Line Debugger GDB</h1>
<div class='date'><time class="dtstart dt-start" title="2019-12-03T19:30:00" datetime="2019-12-03T19:30:00">Tuesday, December 3, 2019 from 7:30</time>–<time class="dtend dt-end" title="2019-12-03T20:30:00" datetime="2019-12-03T20:30:00">8:30pm</time></div>
<div class="location vcard">
<a href='/venues/202395462' class='url'>
<span class='fn org'>^H Hackerspace, 7608 North Interstate Avenue, Portland, OR, United States</span>
</a>
<div class="adr">
</div>
</div>
<div class="description">
<p>The OWASP Portland Chapter is pleased to announce regular Study Nights. Study Nights are smaller, bitesize, digestible, skill building mini lectures or workshops for those interested in learning new skills, tools, tricks, or new CTF challenges. It’s also meant for members to practice communication skills and teamwork in a supportive environment.</p>
<p>Study Nights will meet the first Tuesday of each month at the ^H hackerspace in North Portland. Doors will be at 7pm, event will start at 7:30pm and wrap up by 8:30. Please bring your computer and preferred note taking mechanisms.</p>
<p>The December topic will be an introduction to the command line debugger GDB, presented by Allison Naaktgeboren. Please be sure to have GDB installed if it is not installed by default and your preferred command line interface available.</p>
</div>
<h3>Links</h3>
<ul>
<li><a class="url" href="https://www.meetup.com/OWASP-Portland-Chapter/events/266510325">Website</a></li>
</ul>
<div class="tags">
<h3>Tags</h3>
<p><a class="p-category" href="/events/tag/owasp">owasp</a></p>
</div>
<div class='single_view_right'>
<a href='http://calagator.org/events/1250476435.ics'>Download to iCal</a>
<div id='edit_link'>
<p>You can <a href="http://calagator.org/events/1250476435/edit">edit this event</a>.</p>
</div>
<div id='metadata'>
This item was added directly to Calagator <br /><strong>Friday, November 15, 2019 at 10:38pm</strong>.
</div>
</div>
</div>
tag:calagator.org,2005:Calagator::Event/12504764442019-11-20T09:11:05-08:002019-11-20T10:46:31-08:00Portland OWASP Chapter Meeting: So You Want to Teach Security? Bully for You!Tuesday, December 10, 2019 from 6-8pm at Autodesk Inchttp://calagator.org/events/12504764442019-12-10T18:00:00-08:002019-12-10T20:00:00-08:00<div class="vevent">
<h1 class="summary">Portland OWASP Chapter Meeting: So You Want to Teach Security? Bully for You!</h1>
<div class='date'><time class="dtstart dt-start" title="2019-12-10T18:00:00" datetime="2019-12-10T18:00:00">Tuesday, December 10, 2019 from 6</time>–<time class="dtend dt-end" title="2019-12-10T20:00:00" datetime="2019-12-10T20:00:00">8pm</time></div>
<div class="location vcard">
<a href='/venues/202396361' class='url'>
<span class='fn org'>Autodesk Inc</span>
</a>
<div class="adr">
<div class="street-address">221 SE Ankeny St</div>
<span class="locality">Portland</span>
, <span class="region">OR</span>
<span class="postal-code">97214</span>
<div class='country-name'>us<div>
(<a href='https://maps.google.com/maps?q=221%20SE%20Ankeny%20St,%20Portland%20OR%2097214%20us'>map</a>)
</div>
</div>
<div class="description">
<p>This talk focuses on building a security curriculum and teaching it, whether individually, at the workplace or in academia. Start with the following question: Am I the right person to do it? A novice can be downright dangerous, while an expert who can't teach as useful as a waterproof teabag. Security education is the first line of defense, but who trains the trainers? Are students getting their money's worth? What differentiates your training from others? Join the speaker to share life lessons, funny anecdotes, and useful advice on lecturing, "curriculuming", and critiquing. Learn what it means to containerize a syllabus, deploy labs in a continuous integration-like environment using open source tools and why markdown is a better tool than PowerPoint for creating new content. Consider security textbooks as obsolete, "office hours" mandatory, and the impact of the Family Educational Rights and Privacy Act (FERPA). There will be a test at the end of the talk.</p>
<p>Speaker: John L. Whiteman</p>
<p>John is a product security expert and instructor at Intel in Oregon. He's also a part-time adjunct instructor teaching cybersecurity at the University of Portland. In a past life, John was a shipboard and classroom instructor in the United States Navy, training hundreds of sailors in the dark arts of passive sonar and torpedo countermeasure systems (in case the former didn't pan out). He also did a stint as a news director for a small radio station in Colorado. John has an M.S. in Computer Science from Georgia Tech and a B.A. in Asian Studies from the University of Maryland UC. He holds CISSP, CCSP and CEH security certifications. John blogs and loves to podcast for the OWASP chapter in Portland.</p>
</div>
<h3>Links</h3>
<ul>
<li><a class="url" href="https://www.meetup.com/OWASP-Portland-Chapter/events/266600231/">Website</a></li>
</ul>
<div class="tags">
<h3>Tags</h3>
<p><a class="p-category" href="/events/tag/AppSec">AppSec</a>, <a class="p-category" href="/events/tag/infosec">infosec</a>, <a class="p-category" href="/events/tag/owasp">owasp</a></p>
</div>
<div class='single_view_right'>
<a href='http://calagator.org/events/1250476444.ics'>Download to iCal</a>
<div id='edit_link'>
<p>You can <a href="http://calagator.org/events/1250476444/edit">edit this event</a>.</p>
</div>
<div id='metadata'>
This item was added directly to Calagator <br /><strong>Wednesday, November 20, 2019 at 9:11am</strong> and last updated <br /><strong>Wednesday, November 20, 2019 at 10:46am</strong>.
</div>
</div>
</div>
45.5224 -122.6634tag:calagator.org,2005:Calagator::Event/12504766352020-01-04T11:16:59-08:002020-01-04T11:16:59-08:00Portland OWASP Study Night: Burp Suite Basics with Sophia AndersonTuesday, January 7, 2020 from 7:30-8:30pm at Ctrl-H / PDX Hackerspacehttp://calagator.org/events/12504766352020-01-07T19:30:00-08:002020-01-07T20:30:00-08:00<div class="vevent">
<h1 class="summary">Portland OWASP Study Night: Burp Suite Basics with Sophia Anderson</h1>
<div class='date'><time class="dtstart dt-start" title="2020-01-07T19:30:00" datetime="2020-01-07T19:30:00">Tuesday, January 7, 2020 from 7:30</time>–<time class="dtend dt-end" title="2020-01-07T20:30:00" datetime="2020-01-07T20:30:00">8:30pm</time></div>
<div class="location vcard">
<a href='/venues/202396269' class='url'>
<span class='fn org'>Ctrl-H / PDX Hackerspace</span>
</a>
<div class="adr">
<div class="street-address">7608 N Interstate Ave</div>
<span class="locality">Portland</span>
, <span class="region">OR</span>
<span class="postal-code">97217</span>
<div class='country-name'>us<div>
(<a href='https://maps.google.com/maps?q=7608%20N%20Interstate%20Ave,%20Portland%20OR%2097217%20us'>map</a>)
</div>
</div>
<div class="description">
<p>Happy New Year! Welcome to our second ever OWASP PDX study night. Our January topic will be "Burp Suite Basics" presented by Sophia Anderson. Sophia is a security consultant for NetSPI performing web application penetration tests for Fortune 500 clients to discover vulnerabilities. Sorry no pizza unless you want to bring :).</p>
<p>Study Nights are smaller, bitesize, digestible, skill building mini lectures or workshops for those interested in learning new skills, tools, tricks, or new CTF challenges. It’s also meant for members to practice communication skills and teamwork in a supportive environment.</p>
<p>Study Nights meet the first Tuesday of each month at the ^H hackerspace in North Portland. Doors will be at 7pm, event will start at 7:30pm and wrap up by 8:30. Please bring your computer with Burp Suite installed and preferred note taking mechanisms.</p>
<p>Seating is limited</p>
<p>RSVP: <a href="https://www.meetup.com/OWASP-Portland-Chapter/events/267644393/">https://www.meetup.com/OWASP-Portland-Chapter/events/267644393/</a></p>
</div>
<h3>Links</h3>
<ul>
<li><a class="url" href="https://www.meetup.com/OWASP-Portland-Chapter/events/267644393/">Website</a></li>
</ul>
<div class="tags">
<h3>Tags</h3>
<p><a class="p-category" href="/events/tag/AppSec">AppSec</a>, <a class="p-category" href="/events/tag/infosec">infosec</a>, <a class="p-category" href="/events/tag/owasp">owasp</a></p>
</div>
<div class='single_view_right'>
<a href='http://calagator.org/events/1250476635.ics'>Download to iCal</a>
<div id='edit_link'>
<p>You can <a href="http://calagator.org/events/1250476635/edit">edit this event</a>.</p>
</div>
<div id='metadata'>
This item was added directly to Calagator <br /><strong>Saturday, January 4, 2020 at 11:16am</strong>.
</div>
</div>
</div>
45.5782 -122.6818tag:calagator.org,2005:Calagator::Event/12504766372020-01-06T09:28:02-08:002020-01-06T09:28:02-08:00Portland OWASP Chapter Meeting - Introduction to Burp Suite with Ryan KrauseMonday, January 13, 2020 from 6-9pm at Vacasahttp://calagator.org/events/12504766372020-01-13T18:00:00-08:002020-01-13T21:00:00-08:00<div class="vevent">
<h1 class="summary">Portland OWASP Chapter Meeting - Introduction to Burp Suite with Ryan Krause</h1>
<div class='date'><time class="dtstart dt-start" title="2020-01-13T18:00:00" datetime="2020-01-13T18:00:00">Monday, January 13, 2020 from 6</time>–<time class="dtend dt-end" title="2020-01-13T21:00:00" datetime="2020-01-13T21:00:00">9pm</time></div>
<div class="location vcard">
<a href='/venues/202395308' class='url'>
<span class='fn org'>Vacasa</span>
</a>
<div class="adr">
<div class="street-address">926 NW 13th Street</div>
<span class="locality">Portland</span>
, <span class="region">OR</span>
<span class="postal-code">97209</span>
<div class='country-name'>USA<div>
(<a href='https://maps.google.com/maps?q=926%20NW%2013th%20Street,%20Portland%20OR%2097209%20USA'>map</a>)
</div>
</div>
<div class="description">
<p>Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application’s attack surface, through to finding and exploiting security vulnerabilities. Burp gives you full control, letting you combine advanced manual techniques with state-of-the-art automation, to make your work faster, more effective, and more fun.</p>
<p>The speaker covers the basics of the tool along with real-world experiences and techniques that can help you as a pen tester.</p>
<p>Speaker: Ryan Krause</p>
<p>Ryan is a penetration tester based in the Portland, Oregon area. He has worked in various areas of the security field for the past 11 years for companies such as HP, eEye Digital Security/BeyondTrust, and Comcast with a primary focus on application security and development. He is currently a consultant at NetSPI where he performs web and network penetration tests and assists clients with reducing their overall security exposure.</p>
</div>
<h3>Links</h3>
<ul>
<li><a class="url" href="https://www.meetup.com/OWASP-Portland-Chapter/events/267693352/">Website</a></li>
</ul>
<div class="tags">
<h3>Tags</h3>
<p><a class="p-category" href="/events/tag/AppSec">AppSec</a>, <a class="p-category" href="/events/tag/infosec">infosec</a>, <a class="p-category" href="/events/tag/owasp">owasp</a></p>
</div>
<div class='single_view_right'>
<a href='http://calagator.org/events/1250476637.ics'>Download to iCal</a>
<div id='edit_link'>
<p>You can <a href="http://calagator.org/events/1250476637/edit">edit this event</a>.</p>
</div>
<div id='metadata'>
This item was added directly to Calagator <br /><strong>Monday, January 6, 2020 at 9:28am</strong>.
</div>
</div>
</div>
45.5299 -122.6842tag:calagator.org,2005:Calagator::Event/12504765302019-12-17T20:02:10-08:002019-12-17T20:02:10-08:00Portland OWASP Chapter Meeting: CMD+CTRL Web Application Cyber RangeTuesday, February 11, 2020 from 5:30-9pm at Zapprovedhttp://calagator.org/events/12504765302020-02-11T17:30:00-08:002020-02-11T21:00:00-08:00<div class="vevent">
<h1 class="summary">Portland OWASP Chapter Meeting: CMD+CTRL Web Application Cyber Range</h1>
<div class='date'><time class="dtstart dt-start" title="2020-02-11T17:30:00" datetime="2020-02-11T17:30:00">Tuesday, February 11, 2020 from 5:30</time>–<time class="dtend dt-end" title="2020-02-11T21:00:00" datetime="2020-02-11T21:00:00">9pm</time></div>
<div class="location vcard">
<a href='/venues/202396335' class='url'>
<span class='fn org'>Zapproved</span>
</a>
<div class="adr">
<div class="street-address">1414 NW Northrup Street #700</div>
<span class="locality">Portland</span>
, <span class="region">OR</span>
<span class="postal-code">97209</span>
<div class='country-name'>USA<div>
(<a href='https://maps.google.com/maps?q=1414%20NW%20Northrup%20Street%20%23700,%20Portland%20OR%2097209%20USA'>map</a>)
</div>
</div>
<div class="description">
<p>Want to test your skills in identifying web app vulnerabilities? Join OWASP Portland and Security Innovation as members compete in CMD+CTRL, a web application cyber range where players exploit their way through hundreds of vulnerabilities that lurk in business applications today. Success means learning quickly that attack and defense is all about thinking on your feet.</p>
<p>For each vulnerability you uncover, you are awarded points. Climb the interactive leaderboard for a chance to win fantastic prizes! CMD+CTRL is ideal for development teams to train and develop skills, but anyone involved in keeping your organization’s data secure can play - from developers and managers and even CISOs.</p>
<p>All you need is your laptop and your inner evil-doer.</p>
<p>Register early to reserve your spot and get a sneak peek at our cheat sheets and FAQs!</p>
</div>
<h3>Links</h3>
<ul>
<li><a class="url" href="https://www.meetup.com/OWASP-Portland-Chapter/events/267265705">Website</a></li>
</ul>
<div class="tags">
<h3>Tags</h3>
<p><a class="p-category" href="/events/tag/AppSec">AppSec</a>, <a class="p-category" href="/events/tag/infosec">infosec</a>, <a class="p-category" href="/events/tag/owasp">owasp</a></p>
</div>
<div class='single_view_right'>
<a href='http://calagator.org/events/1250476530.ics'>Download to iCal</a>
<div id='edit_link'>
<p>You can <a href="http://calagator.org/events/1250476530/edit">edit this event</a>.</p>
</div>
<div id='metadata'>
This item was added directly to Calagator <br /><strong>Tuesday, December 17, 2019 at 8:02pm</strong>.
</div>
</div>
</div>
45.5312 -122.688tag:calagator.org,2005:Calagator::Event/12504767482020-01-26T21:17:15-08:002020-01-26T21:21:52-08:00Portland OWASP Study Night: Intro to Threat Modeling with Ray and ZakTuesday, February 18, 2020 from 7:30-8:30pm at CTRL-Hhttp://calagator.org/events/12504767482020-02-18T19:30:00-08:002020-02-18T20:30:00-08:00<div class="vevent">
<h1 class="summary">Portland OWASP Study Night: Intro to Threat Modeling with Ray and Zak</h1>
<div class='date'><time class="dtstart dt-start" title="2020-02-18T19:30:00" datetime="2020-02-18T19:30:00">Tuesday, February 18, 2020 from 7:30</time>–<time class="dtend dt-end" title="2020-02-18T20:30:00" datetime="2020-02-18T20:30:00">8:30pm</time></div>
<div class="location vcard">
<a href='/venues/202394748' class='url'>
<span class='fn org'>CTRL-H</span>
</a>
<div class="adr">
<div class="street-address">7608 N Interstate Ave.</div>
<span class="locality">Portland</span>
, <span class="region">Oregon</span>
<span class="postal-code">97217</span>
<div class='country-name'>US<div>
(<a href='https://maps.google.com/maps?q=7608%20N%20Interstate%20Ave.,%20Portland%20Oregon%2097217%20US'>map</a>)
</div>
</div>
<div class="description">
<p>Threat modeling is a vital skill for security hats of all colors, as well as for product designers, managers and developers. Ray is a Life Coach and Conspiracy Theorist. He does AppSec in his non-spare time for money. Zak is an Application Security Engineer with many years of development experience.</p>
<p>Bring your own dinner/snacks. No provided pizza.</p>
<p>Study Nights are smaller, bitesize, digestible, skill building mini lectures or workshops for those interested in learning new skills, tools, tricks, or new CTF challenges. It’s also meant for members to practice communication skills and teamwork in a supportive environment.</p>
<p>Study Nights meet the first Tuesday of each month at the ^H hackerspace in North Portland. Doors will be at 7pm, event will start at 7:30pm and wrap up by 8:30. Please bring your computer with Burp Suite installed and preferred note taking mechanisms.</p>
<p>Seating is limited</p>
<p>RSVP: <a href="https://www.meetup.com/OWASP-Portland-Chapter/events/268231564/">https://www.meetup.com/OWASP-Portland-Chapter/events/268231564/</a></p>
</div>
<div class="tags">
<h3>Tags</h3>
<p><a class="p-category" href="/events/tag/AppSec">AppSec</a>, <a class="p-category" href="/events/tag/infosec">infosec</a>, <a class="p-category" href="/events/tag/owasp">owasp</a></p>
</div>
<div class='single_view_right'>
<a href='http://calagator.org/events/1250476748.ics'>Download to iCal</a>
<div id='edit_link'>
<p>You can <a href="http://calagator.org/events/1250476748/edit">edit this event</a>.</p>
</div>
<div id='metadata'>
This item was added directly to Calagator <br /><strong>Sunday, January 26, 2020 at 9:17pm</strong> and last updated <br /><strong>Sunday, January 26, 2020 at 9:21pm</strong>.
</div>
</div>
</div>
45.5782 -122.682tag:calagator.org,2005:Calagator::Event/12504768972020-02-26T20:26:01-08:002020-02-26T20:26:01-08:00Exploring OWASP Juice Shop (with Burp Suite)Tuesday, March 3, 2020 from 7:30-8:30pm at CTRL-Hhttp://calagator.org/events/12504768972020-03-03T19:30:00-08:002020-03-03T20:30:00-08:00<div class="vevent">
<h1 class="summary">Exploring OWASP Juice Shop (with Burp Suite)</h1>
<div class='date'><time class="dtstart dt-start" title="2020-03-03T19:30:00" datetime="2020-03-03T19:30:00">Tuesday, March 3, 2020 from 7:30</time>–<time class="dtend dt-end" title="2020-03-03T20:30:00" datetime="2020-03-03T20:30:00">8:30pm</time></div>
<div class="location vcard">
<a href='/venues/202394748' class='url'>
<span class='fn org'>CTRL-H</span>
</a>
<div class="adr">
<div class="street-address">7608 N Interstate Ave.</div>
<span class="locality">Portland</span>
, <span class="region">Oregon</span>
<span class="postal-code">97217</span>
<div class='country-name'>US<div>
(<a href='https://maps.google.com/maps?q=7608%20N%20Interstate%20Ave.,%20Portland%20Oregon%2097217%20US'>map</a>)
</div>
</div>
<div class="description">
<p>In this class, we’ll be exploring how to find the vulnerabilities in OWASP Juice Shop with Burp Suite (and maybe some other security tools if we get some time). You’ll learn to set up the environment to play with in your own time. As well as learning to practically apply the different features of Burp Suite and when it is and isn’t the most optimal tool. This will help you to reproduce security vulnerabilities or help find them for bug bounty programs.</p>
<p>Bio: Jordan is an Application Security Engineer at New Relic and a graduate from the University of Pittsburgh with a degree in computer science. She’s Champion ranked in Rocket League and does yoga in her free time.</p>
<p>Seating is limited</p>
<p>RSVP: <a href="https://www.meetup.com/OWASP-Portland-Chapter/events/269026936/">https://www.meetup.com/OWASP-Portland-Chapter/events/269026936/</a></p>
<p>OWASP Juice Shop: <a href="https://owasp.org/www-project-juice-shop/">https://owasp.org/www-project-juice-shop/</a></p>
<p>Burp Suite CE: <a href="https://portswigger.net/burp/releases/professional-community-2020-1?requestededition=community">https://portswigger.net/burp/releases/professional-community-2020-1?requestededition=community</a></p>
</div>
<div class="tags">
<h3>Tags</h3>
<p><a class="p-category" href="/events/tag/AppSec">AppSec</a>, <a class="p-category" href="/events/tag/infosec">infosec</a>, <a class="p-category" href="/events/tag/owasp">owasp</a></p>
</div>
<div class='single_view_right'>
<a href='http://calagator.org/events/1250476897.ics'>Download to iCal</a>
<div id='edit_link'>
<p>You can <a href="http://calagator.org/events/1250476897/edit">edit this event</a>.</p>
</div>
<div id='metadata'>
This item was added directly to Calagator <br /><strong>Wednesday, February 26, 2020 at 8:26pm</strong>.
</div>
</div>
</div>
45.5782 -122.682tag:calagator.org,2005:Calagator::Event/12504768382020-02-22T00:23:55-08:002020-02-22T00:23:55-08:00Portland OWASP - Kendra Ash - Security Mixer!Wednesday, March 18, 2020 from 6-8pm at New Relichttp://calagator.org/events/12504768382020-03-18T18:00:00-07:002020-03-18T20:00:00-07:00<div class="vevent">
<h1 class="summary">Portland OWASP - Kendra Ash - Security Mixer!</h1>
<div class='date'><time class="dtstart dt-start" title="2020-03-18T18:00:00" datetime="2020-03-18T18:00:00">Wednesday, March 18, 2020 from 6</time>–<time class="dtend dt-end" title="2020-03-18T20:00:00" datetime="2020-03-18T20:00:00">8pm</time></div>
<div class="location vcard">
<a href='/venues/202392091' class='url'>
<span class='fn org'>New Relic</span>
</a>
<div class="adr">
<div class="street-address">111 SW 5th Avenue, Suite 2700</div>
<span class="locality">Portland</span>
, <span class="region">Oregon</span>
<span class="postal-code">97204</span>
<div class='country-name'>United States<div>
(<a href='https://maps.google.com/maps?q=111%20SW%205th%20Avenue,%20Suite%202700,%20Portland%20Oregon%2097204%20United%20States'>map</a>)
</div>
</div>
<div class="description">
<p>Join us for a night of networking and discussion about security. Kendra will kick it off with a short talk about how to make friends with your developers through automation. Then we will split up into groups and allow people to discuss cloud security, application security, devops and jobs.</p>
<p>Bio: Kendra Ash (@securelykash) is a security engineer at Vacasa, actively building out an application security program by leveraging guidance from her network and incorporating industry standards. She is also actively involved with the Portland OWASP chapter.</p>
<p>RSVP: <a href="https://www.meetup.com/OWASP-Portland-Chapter/events/268903220/">https://www.meetup.com/OWASP-Portland-Chapter/events/268903220/</a></p>
</div>
<div class="tags">
<h3>Tags</h3>
<p><a class="p-category" href="/events/tag/AppSec">AppSec</a>, <a class="p-category" href="/events/tag/infosec">infosec</a>, <a class="p-category" href="/events/tag/owasp">owasp</a></p>
</div>
<div class='single_view_right'>
<a href='http://calagator.org/events/1250476838.ics'>Download to iCal</a>
<div id='edit_link'>
<p>You can <a href="http://calagator.org/events/1250476838/edit">edit this event</a>.</p>
</div>
<div id='metadata'>
This item was added directly to Calagator <br /><strong>Saturday, February 22, 2020 at 12:23am</strong>.
</div>
</div>
</div>
45.5225 -122.676tag:calagator.org,2005:Calagator::Event/12504769812020-04-15T20:42:03-07:002020-04-15T20:42:03-07:00Portland OWASP Training Night (Virtual) - Learn 10 Things About WiresharkTuesday, April 21, 2020 from 7:30-8:30am at Onlinehttp://calagator.org/events/12504769812020-04-21T07:30:00-07:002020-04-21T08:30:00-07:00<div class="vevent">
<h1 class="summary">Portland OWASP Training Night (Virtual) - Learn 10 Things About Wireshark</h1>
<div class='date'><time class="dtstart dt-start" title="2020-04-21T07:30:00" datetime="2020-04-21T07:30:00">Tuesday, April 21, 2020 from 7:30</time>–<time class="dtend dt-end" title="2020-04-21T08:30:00" datetime="2020-04-21T08:30:00">8:30am</time></div>
<div class="location vcard">
<a href='/venues/202390270' class='url'>
<span class='fn org'>Online</span>
</a>
<div class="adr">
<div class="street-address">placeholder for on-line events</div>
(<a href='https://maps.google.com/maps?q=placeholder%20for%20on-line%20events,%20%20%20%20'>map</a>)
</div>
</div>
<div class="description">
<p>In this class, we'll briefly go over the 10 things that I would like to show anyone using wireshark. There are no prerequisites for this presentation. If you would like to follow along please install the most recent 3.x version of Wireshark. Example packet captures will be provided.</p>
<p>Kevan Vanhoff is a Network Security Engineer living in Portland, Oregon.</p>
<p>RSVP: <a href="https://www.meetup.com/OWASP-Portland-Chapter/events/270075900/">https://www.meetup.com/OWASP-Portland-Chapter/events/270075900/</a></p>
</div>
<div class="tags">
<h3>Tags</h3>
<p><a class="p-category" href="/events/tag/AppSec">AppSec</a>, <a class="p-category" href="/events/tag/infosec">infosec</a>, <a class="p-category" href="/events/tag/owasp">owasp</a></p>
</div>
<div class='single_view_right'>
<a href='http://calagator.org/events/1250476981.ics'>Download to iCal</a>
<div id='edit_link'>
<p>You can <a href="http://calagator.org/events/1250476981/edit">edit this event</a>.</p>
</div>
<div id='metadata'>
This item was added directly to Calagator <br /><strong>Wednesday, April 15, 2020 at 8:42pm</strong>.
</div>
</div>
</div>
tag:calagator.org,2005:Calagator::Event/12504770572020-06-07T14:48:34-07:002020-06-07T14:48:34-07:00Portland, Oregon OWASP Study Night (Virtual) - Detect Complex Code Patterns Using Semantic GrepTuesday, June 9, 2020 from 7:30-8:30pm at Virtual Meetinghttp://calagator.org/events/12504770572020-06-09T19:30:00-07:002020-06-09T20:30:00-07:00<div class="vevent">
<h1 class="summary">Portland, Oregon OWASP Study Night (Virtual) - Detect Complex Code Patterns Using Semantic Grep</h1>
<div class='date'><time class="dtstart dt-start" title="2020-06-09T19:30:00" datetime="2020-06-09T19:30:00">Tuesday, June 9, 2020 from 7:30</time>–<time class="dtend dt-end" title="2020-06-09T20:30:00" datetime="2020-06-09T20:30:00">8:30pm</time></div>
<div class="location vcard">
<a href='/venues/202394596' class='url'>
<span class='fn org'>Virtual Meeting</span>
</a>
<div class="adr">
</div>
</div>
<div class="description">
<p>RSVP: <a href="https://www.meetup.com/OWASP-Portland-Chapter/events/271144214/">https://www.meetup.com/OWASP-Portland-Chapter/events/271144214/</a></p>
<p>Abstract:
We’ll discuss a program analysis tool we’re developing called Semgrep. It's a multilingual semantic tool for writing security and correctness queries on source code (for Python, Java, Go, C, and JS) with a simple “grep-like” interface. The original author, Yoann Padioleau, worked on Semgrep’s predecessor, Coccinelle, for Linux kernel refactoring, and later developed Semgrep while at Facebook. He’s now full time with us at r2c.</p>
<p>Semgrep is a free open-source program analysis toolkit that finds bugs using custom analysis we’ve written and OSS code checks. Semgrep is ideal for security researchers, product security engineers, and developers who want to find complex code patterns without extensive knowledge of ASTs or advanced program analysis concepts.</p>
<p>Speaker bio:
Clint Gibler (@clintgibler) is the Head of Security Research for r2c, a small startup working on giving security tools directly to developers. Previously, Clint was a Research Director at NCC Group, a global security consulting firm, where he helped companies implement security automation and DevSecOps best practices as well as performed penetration tests for companies ranging from large enterprises to new startups.Clint has previously spoken at conferences including BlackHat USA, AppSec USA/EU/Cali, BSidesSF, and DevSecCon Seattle/London/Tel Aviv/Singapore. Clint holds a Ph.D. in Computer Science from the University of California, Davis.Want to keep up with security research? Check out <em>tl;dr sec</em>, Clint’s newsletter that contains summaries of artisanally curated, top talks and useful security links and resources from around the web.</p>
<p>RSVP: <a href="https://www.meetup.com/OWASP-Portland-Chapter/events/271144214/">https://www.meetup.com/OWASP-Portland-Chapter/events/271144214/</a></p>
</div>
<div class="tags">
<h3>Tags</h3>
<p><a class="p-category" href="/events/tag/AppSec">AppSec</a>, <a class="p-category" href="/events/tag/infosec">infosec</a>, <a class="p-category" href="/events/tag/owasp">owasp</a></p>
</div>
<div class='single_view_right'>
<a href='http://calagator.org/events/1250477057.ics'>Download to iCal</a>
<div id='edit_link'>
<p>You can <a href="http://calagator.org/events/1250477057/edit">edit this event</a>.</p>
</div>
<div id='metadata'>
This item was added directly to Calagator <br /><strong>Sunday, June 7, 2020 at 2:48pm</strong>.
</div>
</div>
</div>
tag:calagator.org,2005:Calagator::Event/12504771202020-07-13T12:06:41-07:002020-07-13T12:06:41-07:00Portland OWASP Study Night - Secure Code Warrior Tournament Study SessionThursday, July 16, 2020 from 7:30-8:30pm at Virtualhttp://calagator.org/events/12504771202020-07-16T19:30:00-07:002020-07-16T20:30:00-07:00<div class="vevent">
<h1 class="summary">Portland OWASP Study Night - Secure Code Warrior Tournament Study Session</h1>
<div class='date'><time class="dtstart dt-start" title="2020-07-16T19:30:00" datetime="2020-07-16T19:30:00">Thursday, July 16, 2020 from 7:30</time>–<time class="dtend dt-end" title="2020-07-16T20:30:00" datetime="2020-07-16T20:30:00">8:30pm</time></div>
<div class="location vcard">
<a href='/venues/202396506' class='url'>
<span class='fn org'>Virtual</span>
</a>
<div class="adr">
</div>
</div>
<div class="description">
<p>Topic - Secure Code Warrior Tournament Study Session. We'll cover how to register for our upcoming tournament, cover the game rules, navigate through the menus and do a few practice challenges. Let's be new to this together! This meeting will also be recorded and posted to the PDX OWASP YouTube channel.</p>
<p>Host: Samuel Lemly</p>
<p>RSVP: <a href="https://www.meetup.com/OWASP-Portland-Chapter/events/271905106/">https://www.meetup.com/OWASP-Portland-Chapter/events/271905106/</a></p>
</div>
<div class="tags">
<h3>Tags</h3>
<p><a class="p-category" href="/events/tag/AppSec">AppSec</a>, <a class="p-category" href="/events/tag/ctf">ctf</a>, <a class="p-category" href="/events/tag/infosec">infosec</a>, <a class="p-category" href="/events/tag/owasp">owasp</a>, <a class="p-category" href="/events/tag/secure coding">secure coding</a></p>
</div>
<div class='single_view_right'>
<a href='http://calagator.org/events/1250477120.ics'>Download to iCal</a>
<div id='edit_link'>
<p>You can <a href="http://calagator.org/events/1250477120/edit">edit this event</a>.</p>
</div>
<div id='metadata'>
This item was added directly to Calagator <br /><strong>Monday, July 13, 2020 at 12:06pm</strong>.
</div>
</div>
</div>
tag:calagator.org,2005:Calagator::Event/12504770992020-06-30T19:17:43-07:002020-06-30T19:17:43-07:00OWASP Portland, Oregon - Secure Coding Tournament (Virtual)Tuesday, July 21, 2020 at 8am through Friday, July 24, 2020 at 8pm at Virtualhttp://calagator.org/events/12504770992020-07-21T08:00:00-07:002020-07-24T20:00:00-07:00<div class="vevent">
<h1 class="summary">OWASP Portland, Oregon - Secure Coding Tournament (Virtual)</h1>
<div class='date'><time class="dtstart dt-start" title="2020-07-21T08:00:00" datetime="2020-07-21T08:00:00">Tuesday, July 21, 2020 at 8am</time> through <time class="dtend dt-end" title="2020-07-24T20:00:00" datetime="2020-07-24T20:00:00">Friday, July 24, 2020 at 8pm</time></div>
<div class="location vcard">
<a href='/venues/202396506' class='url'>
<span class='fn org'>Virtual</span>
</a>
<div class="adr">
</div>
</div>
<div class="description">
<p>Secure Code Warrior is going to be hosting a July virtual tournament for our OWASP Portland, Oregon chapter. It's free!</p>
<p>Improve your secure coding skills by joining the OWASP Portland Secure Coding tournament on July 21st 8:00AM PDT through July 24th 8:00PM PDT. The tournament allows you to compete against the other participants in a series of vulnerable code challenges that ask you to identify a problem, locate insecure code, and fix a vulnerability.</p>
<p>All challenges are based on the OWASP Top 10, and players can choose to compete in a range of software languages including Java EE, Java Spring, C# MVC, C# WebForms, Go, Ruby on Rails, Python Django & Flask, Scala Play, Node.JS, React, and both iOS and Android development languages.</p>
<p>Throughout the tournament, players earn points and watch as they climb to the top of the leaderboard. Prizes will be awarded to the top finishers! First place will receive a hoodie, and lots of bragging rights!</p>
<p>Tournament times: July 21- July 24th 8:00 AM 9:00 PM</p>
<p>Practice times: July 14th - July 21st 8:00 AM</p>
<p>RSVP: <a href="https://www.meetup.com/OWASP-Portland-Chapter/events/271638472/">https://www.meetup.com/OWASP-Portland-Chapter/events/271638472/</a></p>
</div>
<div class="tags">
<h3>Tags</h3>
<p><a class="p-category" href="/events/tag/AppSec">AppSec</a>, <a class="p-category" href="/events/tag/ctf">ctf</a>, <a class="p-category" href="/events/tag/infosec">infosec</a>, <a class="p-category" href="/events/tag/owasp">owasp</a>, <a class="p-category" href="/events/tag/secure coding">secure coding</a></p>
</div>
<div class='single_view_right'>
<a href='http://calagator.org/events/1250477099.ics'>Download to iCal</a>
<div id='edit_link'>
<p>You can <a href="http://calagator.org/events/1250477099/edit">edit this event</a>.</p>
</div>
<div id='metadata'>
This item was added directly to Calagator <br /><strong>Tuesday, June 30, 2020 at 7:17pm</strong>.
</div>
</div>
</div>
tag:calagator.org,2005:Calagator::Event/12504772492020-08-27T09:06:54-07:002020-08-27T09:06:54-07:00PDX OWASP - Cloud Security Lunch and Learn with Ashish PatelWednesday, September 16, 2020 from noon-1pm at Virtualhttp://calagator.org/events/12504772492020-09-16T12:00:00-07:002020-09-16T13:00:00-07:00<div class="vevent">
<h1 class="summary">PDX OWASP - Cloud Security Lunch and Learn with Ashish Patel</h1>
<div class='date'><time class="dtstart dt-start" title="2020-09-16T12:00:00" datetime="2020-09-16T12:00:00">Wednesday, September 16, 2020 from noon</time>–<time class="dtend dt-end" title="2020-09-16T13:00:00" datetime="2020-09-16T13:00:00">1pm</time></div>
<div class="location vcard">
<a href='/venues/202396506' class='url'>
<span class='fn org'>Virtual</span>
</a>
<div class="adr">
</div>
</div>
<div class="description">
<p>Summary of the Talk:
Automate The CloudSec Things - How to automate your response to security incidents within the public cloud space using your current security stack and AWS Lambda.</p>
<p>Speaker's Bio:
Ashish Patel is a security engineer on the Box Infrastructure Security team. He usually lives in the realm of cloud security and automating security related tasks that scale across multiple clouds & attack surfaces.</p>
<p>RSVP: <a href="https://www.meetup.com/OWASP-Portland-Chapter/events/272846648/">https://www.meetup.com/OWASP-Portland-Chapter/events/272846648/</a></p>
</div>
<div class="tags">
<h3>Tags</h3>
<p><a class="p-category" href="/events/tag/AppSec">AppSec</a>, <a class="p-category" href="/events/tag/cloudsec">cloudsec</a>, <a class="p-category" href="/events/tag/infosec">infosec</a>, <a class="p-category" href="/events/tag/owasp">owasp</a></p>
</div>
<div class='single_view_right'>
<a href='http://calagator.org/events/1250477249.ics'>Download to iCal</a>
<div id='edit_link'>
<p>You can <a href="http://calagator.org/events/1250477249/edit">edit this event</a>.</p>
</div>
<div id='metadata'>
This item was added directly to Calagator <br /><strong>Thursday, August 27, 2020 at 9:06am</strong>.
</div>
</div>
</div>
tag:calagator.org,2005:Calagator::Event/12504774332020-11-15T20:19:31-08:002020-11-15T20:19:31-08:00PDX OWASP - Automate OWASP ZAP Lunch and Learn with Roop KaurWednesday, November 18, 2020 from midnight-1am at Online via Zoomhttp://calagator.org/events/12504774332020-11-18T00:00:00-08:002020-11-18T01:00:00-08:00<div class="vevent">
<h1 class="summary">PDX OWASP - Automate OWASP ZAP Lunch and Learn with Roop Kaur</h1>
<div class='date'><time class="dtstart dt-start" title="2020-11-18T00:00:00" datetime="2020-11-18T00:00:00">Wednesday, November 18, 2020 from midnight</time>–<time class="dtend dt-end" title="2020-11-18T01:00:00" datetime="2020-11-18T01:00:00">1am</time></div>
<div class="location vcard">
<a href='/venues/202396542' class='url'>
<span class='fn org'>Online via Zoom</span>
</a>
<div class="adr">
</div>
</div>
<div class="description">
<p>Overview:
Use OWASP ZAP to detect web application vulnerabilities in a CI/CD pipeline; for this, how we automate ZAP with existing automation scripts.</p>
<p>Speaker:
Roop Kaur, an engineer at Zapproved</p>
<p>RSVP:
<a href="https://www.meetup.com/OWASP-Portland-Chapter/events/274622842/">https://www.meetup.com/OWASP-Portland-Chapter/events/274622842/</a></p>
</div>
<div class="tags">
<h3>Tags</h3>
<p><a class="p-category" href="/events/tag/AppSec">AppSec</a>, <a class="p-category" href="/events/tag/infosec">infosec</a>, <a class="p-category" href="/events/tag/owasp">owasp</a></p>
</div>
<div class='single_view_right'>
<a href='http://calagator.org/events/1250477433.ics'>Download to iCal</a>
<div id='edit_link'>
<p>You can <a href="http://calagator.org/events/1250477433/edit">edit this event</a>.</p>
</div>
<div id='metadata'>
This item was added directly to Calagator <br /><strong>Sunday, November 15, 2020 at 8:19pm</strong>.
</div>
</div>
</div>
tag:calagator.org,2005:Calagator::Event/12504776662021-04-09T21:05:18-07:002021-04-09T21:05:18-07:00Application Security -- The Framework, Processes and Tools to Secure Your AppsWednesday, May 19, 2021 from noon-1pm at Virtualhttp://calagator.org/events/12504776662021-05-19T12:00:00-07:002021-05-19T13:00:00-07:00<div class="vevent">
<h1 class="summary">Application Security -- The Framework, Processes and Tools to Secure Your Apps</h1>
<div class='date'><time class="dtstart dt-start" title="2021-05-19T12:00:00" datetime="2021-05-19T12:00:00">Wednesday, May 19, 2021 from noon</time>–<time class="dtend dt-end" title="2021-05-19T13:00:00" datetime="2021-05-19T13:00:00">1pm</time></div>
<div class="location vcard">
<a href='/venues/202396695' class='url'>
<span class='fn org'>Virtual</span>
</a>
<div class="adr">
</div>
</div>
<div class="description">
<p>RSVP: <a href="https://www.meetup.com/OWASP-Portland-Chapter/events/277480846/">https://www.meetup.com/OWASP-Portland-Chapter/events/277480846/</a></p>
<p>Excerpt:</p>
<p>Traditionally, breaches that make the news are about stealing data and that data being resold for financial gains. Think Target, Ashley Madison, Marriott and so many more. Recently a spotlight was put on supply chain security via the SolarWinds breach and how that affected many companies. The adversaries were able to inject malicious code into applications that have a lot or rights and are widely deployed in many organizations, small and large alike.</p>
<p>We will discuss the framework, your SDLC (SDL, SSDLC, etc.) – Secure Development Lifecycle – to lay out how you are going to develop and secure your applications. Customers care about this. Once you have your SDLC, you need to define your processes, select your tools, integrate them into your SDLC and finally automate those tools. This is not a short process and often multiple iterations are necessary to get to a good place. The goal of this presentation is to make you aware of a variety of tools that are out there, the various steps along the way of your SDLC you need to take and how to complete each of these steps.</p>
<p>BIO:</p>
<p>Derek Hill has over 25 years of experience in Information Security and Information Technology. He is currently the Director of AppSec engineering at ForgeRock, an Identity and Access management company, based in Vancouver, WA. He is responsible for implementing and improving the company’s product security on a continual basis. He works closely with software engineers and security engineers in multiple countries to ensure the ForgeRock products are developed securely and tested in all phases of the development lifecycle. In addition to his full time job, Derek is also a SANS community instructor teaching Security Leadership and CISSP prep courses.</p>
<p>Prior to his current position, Derek held Information Security, IT management and technical roles at both large and small companies. In each role, he consistently focused on managing high-performing teams, delivering efficient solutions and providing excellent services to a variety of stakeholders, maximizing uptime and security. Derek also has significant experience in cloud technologies, responsible for moving, securing and maintaining them in various cloud environments through their lifecycle.</p>
</div>
<div class="tags">
<h3>Tags</h3>
<p><a class="p-category" href="/events/tag/AppSec">AppSec</a>, <a class="p-category" href="/events/tag/cloudsec">cloudsec</a>, <a class="p-category" href="/events/tag/infosec">infosec</a>, <a class="p-category" href="/events/tag/owasp">owasp</a></p>
</div>
<div class='single_view_right'>
<a href='http://calagator.org/events/1250477666.ics'>Download to iCal</a>
<div id='edit_link'>
<p>You can <a href="http://calagator.org/events/1250477666/edit">edit this event</a>.</p>
</div>
<div id='metadata'>
This item was added directly to Calagator <br /><strong>Friday, April 9, 2021 at 9:05pm</strong>.
</div>
</div>
</div>
tag:calagator.org,2005:Calagator::Event/12504777652021-06-12T12:29:02-07:002021-06-12T12:29:02-07:00AppSec Pacific NorthwestSaturday, June 19, 2021 from 10am-5pmhttp://calagator.org/events/12504777652021-06-19T10:00:00-07:002021-06-19T17:00:00-07:00<div class="vevent">
<h1 class="summary">AppSec Pacific Northwest</h1>
<div class='date'><time class="dtstart dt-start" title="2021-06-19T10:00:00" datetime="2021-06-19T10:00:00">Saturday, June 19, 2021 from 10am</time>–<time class="dtend dt-end" title="2021-06-19T17:00:00" datetime="2021-06-19T17:00:00">5pm</time></div>
<div class="description">
<p>PNWSEC, aka, Pacific Northwest Application Security Conference is a free application security conference that will be held Saturday, June 19th. It is a virtual, online event sponsored by the OWASP chapters of Portland, Vancouver, and Victoria.</p>
<p>Kymberlee Price and Jim Manico to keynote! All of the speakers and workshops can be found on the website: <a href="https://pnwcon.com/">https://pnwcon.com/</a></p>
<p>Stretching the Truth: Attacking the Elastic Agent
By Zander Work</p>
<p>Starting Left with Cloud Security
By Stefania Chaplin</p>
<p>Fuzzing Python Native Extensions
By Lucas Amorim</p>
<p>CVE-2020-17049: Kerberos Bronze Bit Attack
By Jake Karnes</p>
<p>Zero-Trust - The Paradigm Shift Required in a Post-pandemic World
By Timothy Morgan</p>
<p>Ad-Tech for Security People
By Will Whittaker</p>
<p>Secure Coding of Industrial Control Systems
By Vivek Ponnada</p>
<p>Six Ways Known-vulnerabilities Sneak Into Docker Containers
By Julius Musseau</p>
<p>Effects Malware Hunting in Cloud Environment
By Filipi Pires</p>
<p>Honeytokens: Detecting attacks to your web apps using decoys and deception
By Dana Epp</p>
<p>Don’t B-MAD: Making Threat Modeling Less Painful
By Adam Shostack</p>
<p>Women in Appsec: Advice to Differentiate Your Skills
By Aarti Gadhia</p>
<p>Cultivating Cyber Warriors
By Patterson Cake</p>
<p>Insiders Guide to Mobile AppSec with OWASP MASVS
By Brian Reed</p>
<p>Follow us on Twitter at @pnwseccon to see when the workshops are going to be released.</p>
</div>
<h3>Links</h3>
<ul>
<li><a class="url" href="https://pnwcon.com/">Website</a></li>
</ul>
<div class="tags">
<h3>Tags</h3>
<p><a class="p-category" href="/events/tag/AppSec">AppSec</a>, <a class="p-category" href="/events/tag/conference">conference</a>, <a class="p-category" href="/events/tag/cyber security">cyber security</a>, <a class="p-category" href="/events/tag/owasp">owasp</a></p>
</div>
<div class='single_view_right'>
<a href='http://calagator.org/events/1250477765.ics'>Download to iCal</a>
<div id='edit_link'>
<p>You can <a href="http://calagator.org/events/1250477765/edit">edit this event</a>.</p>
</div>
<div id='metadata'>
This item was added directly to Calagator <br /><strong>Saturday, June 12, 2021 at 12:29pm</strong>.
</div>
</div>
</div>
tag:calagator.org,2005:Calagator::Event/12504777502021-05-31T14:52:00-07:002021-05-31T14:52:00-07:00OWASP PDX: My Journey to Becoming a CISSP : Study Tips and Life-lessons with Sarba RoyTuesday, June 29, 2021 from noon-1pm at Virtualhttp://calagator.org/events/12504777502021-06-29T12:00:00-07:002021-06-29T13:00:00-07:00<div class="vevent">
<h1 class="summary">OWASP PDX: My Journey to Becoming a CISSP : Study Tips and Life-lessons with Sarba Roy</h1>
<div class='date'><time class="dtstart dt-start" title="2021-06-29T12:00:00" datetime="2021-06-29T12:00:00">Tuesday, June 29, 2021 from noon</time>–<time class="dtend dt-end" title="2021-06-29T13:00:00" datetime="2021-06-29T13:00:00">1pm</time></div>
<div class="location vcard">
<a href='/venues/202396695' class='url'>
<span class='fn org'>Virtual</span>
</a>
<div class="adr">
</div>
</div>
<div class="description">
<p>Sarba is currently the Product Security Consultant at Umpqua Bank where she is collaborating and acting as a security advisor to the Product teams when new digital technologies and/or business needs are identified. She is also the Membership Chair for the Women In Cybersecurity(WiCyS) Oregon Affiliate, the Chapter Lead for Infosec Girls - Oregon and the Founding member of WomenH2H, a global community for women leaders and changemakers. She is also a passionate volunteer and advocate for women’s empowerment, education equity while being a writer and mentor at heart, dedicated to helping individuals and organizations become more compassionate, curious and cybersmart.</p>
<p>RSVP: <a href="https://www.meetup.com/OWASP-Portland-Chapter/events/278536668/">https://www.meetup.com/OWASP-Portland-Chapter/events/278536668/</a></p>
</div>
<div class="tags">
<h3>Tags</h3>
<p><a class="p-category" href="/events/tag/AppSec">AppSec</a>, <a class="p-category" href="/events/tag/infosec">infosec</a>, <a class="p-category" href="/events/tag/owasp">owasp</a></p>
</div>
<div class='single_view_right'>
<a href='http://calagator.org/events/1250477750.ics'>Download to iCal</a>
<div id='edit_link'>
<p>You can <a href="http://calagator.org/events/1250477750/edit">edit this event</a>.</p>
</div>
<div id='metadata'>
This item was added directly to Calagator <br /><strong>Monday, May 31, 2021 at 2:52pm</strong>.
</div>
</div>
</div>
tag:calagator.org,2005:Calagator::Event/12504779132021-09-08T23:16:54-07:002021-09-08T23:16:54-07:00OWASP PDX - InfoSec Panel DiscussionThursday, September 23, 2021 from noon-1pm at Virtualhttp://calagator.org/events/12504779132021-09-23T12:00:00-07:002021-09-23T13:00:00-07:00<div class="vevent">
<h1 class="summary">OWASP PDX - InfoSec Panel Discussion</h1>
<div class='date'><time class="dtstart dt-start" title="2021-09-23T12:00:00" datetime="2021-09-23T12:00:00">Thursday, September 23, 2021 from noon</time>–<time class="dtend dt-end" title="2021-09-23T13:00:00" datetime="2021-09-23T13:00:00">1pm</time></div>
<div class="location vcard">
<a href='/venues/202396695' class='url'>
<span class='fn org'>Virtual</span>
</a>
<div class="adr">
</div>
</div>
<div class="description">
<p>Let's talk InfoSec!</p>
<p>RSVP: <a href="https://www.meetup.com/OWASP-Portland-Chapter/events/280657220/">https://www.meetup.com/OWASP-Portland-Chapter/events/280657220/</a></p>
<p>Bios:</p>
<p>Cassie Clark:
Passionate about bringing humans into security. She develops awareness programs focused on behavior change, user enablement, and culture. As Security Awareness Lead Engineer at Brex, she built and leads security awareness for employees and customers. Prior to Brex, she built the security awareness function at Cruise and focused on security engagement at Salesforce. She holds a Master’s degree in Women’s Studies and can often be seen holding a cup of coffee.</p>
<p>Traci Esteve:
As Director of Technology Governance and Risk for The Standard in Portland, Oregon, Traci Esteve is committed to protecting the confidentiality, integrity, and availability of information and processing resources. She began her career as a developer and infrastructure engineer. This led to her rise to a premier technical architect at Accenture and to expanding the practice in Asia and Europe. Her journey includes staying home to raise her two sons and serving as an advisor to organizations to increase profitability, maximize customer value, and effectively meet regulatory requirements. She has a BS in Applied Science, MBA certification from Miami University, and a certification in Cybersecurity Risk Management from Harvard University. Traci enjoys cooking with her family, drawing, hiking, and encouraging high-school students to believe in themselves.</p>
</div>
<div class="tags">
<h3>Tags</h3>
<p><a class="p-category" href="/events/tag/AppSec">AppSec</a>, <a class="p-category" href="/events/tag/infosec">infosec</a>, <a class="p-category" href="/events/tag/owasp">owasp</a></p>
</div>
<div class='single_view_right'>
<a href='http://calagator.org/events/1250477913.ics'>Download to iCal</a>
<div id='edit_link'>
<p>You can <a href="http://calagator.org/events/1250477913/edit">edit this event</a>.</p>
</div>
<div id='metadata'>
This item was added directly to Calagator <br /><strong>Wednesday, September 8, 2021 at 11:16pm</strong>.
</div>
</div>
</div>
tag:calagator.org,2005:Calagator::Event/12504808832024-01-03T11:22:25-08:002024-01-03T11:22:25-08:00Hacking a SaaS: A Practical Guide to Understanding Attack and DefenseThursday, January 18, 2024 from 5:30-7:30pm at Solutional Inchttp://calagator.org/events/12504808832024-01-18T17:30:00-08:002024-01-18T19:30:00-08:00<div class="vevent">
<h1 class="summary">Hacking a SaaS: A Practical Guide to Understanding Attack and Defense</h1>
<div class='date'><time class="dtstart dt-start" title="2024-01-18T17:30:00" datetime="2024-01-18T17:30:00">Thursday, January 18, 2024 from 5:30</time>–<time class="dtend dt-end" title="2024-01-18T19:30:00" datetime="2024-01-18T19:30:00">7:30pm</time></div>
<div class="location vcard">
<a href='/venues/202397628' class='url'>
<span class='fn org'>Solutional Inc</span>
</a>
<div class="adr">
<div class="street-address">301 SE 2nd AVE</div>
<span class="locality">Portland</span>
, <span class="region">OR</span>
<span class="postal-code">97214</span>
<div class='country-name'>USA<div>
(<a href='https://maps.google.com/maps?q=301%20SE%202nd%20AVE,%20Portland%20OR%2097214%20USA'>map</a>)
</div>
</div>
<div class="description">
<p>Hacking a SaaS: A Practical Guide to Understanding Attackers and Defending Against Them</p>
<p>In this talk, we will delve into the mindset of an attacker and explore the vulnerabilities they exploit in SaaS systems. We will cover the following topics:</p>
<p>What motivates hackers to target SaaS systems (5%)
How hackers conduct reconnaissance on SaaS systems (50%)
The anatomy of exploit chains (40%)
Strategies for defending against attacks (5%)
Our goal is to provide a practical guide to understanding attackers and defending against them. We will share lots of hacker tips and tricks, and provide plenty of quiz moments to train your intuition. Our focus will be on vulnerabilities that hackers actually care about, rather than theoretical ones. All of our examples will be based on real-world exploit chains, and we will explore multiple vulnerabilities chained together to create media-news-headline-worthy outcomes. By the end of this talk, you will have a better understanding of how attackers think and operate, and you will be better equipped to defend against their attacks.</p>
<p>Our January host and sponsor is Solutional Inc, and the talk will take place in their Portland office at 301 SE 2nd Ave.</p>
<p>Please RSVP here if you are planning to attend.</p>
<p>This is a monthly event of OWASP's Portland chapter.</p>
</div>
<h3>Links</h3>
<ul>
<li><a class="url" href="https://www.meetup.com/owasp-portland-chapter/events/297889289/">Website</a></li>
</ul>
<div class="tags">
<h3>Tags</h3>
<p><a class="p-category" href="/events/tag/cybersecurity">cybersecurity</a>, <a class="p-category" href="/events/tag/owasp">owasp</a>, <a class="p-category" href="/events/tag/penetration testing">penetration testing</a>, <a class="p-category" href="/events/tag/saas">saas</a>, <a class="p-category" href="/events/tag/software security">software security</a></p>
</div>
<div class='single_view_right'>
<a href='http://calagator.org/events/1250480883.ics'>Download to iCal</a>
<div id='edit_link'>
<p>You can <a href="http://calagator.org/events/1250480883/edit">edit this event</a>.</p>
</div>
<div id='metadata'>
This item was added directly to Calagator <br /><strong>Wednesday, January 3, 2024 at 11:22am</strong>.
</div>
</div>
</div>
45.5215 -122.6643