1 / 12

OWASP Denver June 2012 Hosting

Andy Lewis Chapter Leader Denver OWASP ALewis@owasp.org. OWASP Denver June 2012 Hosting.com. Welcome!. You are at the Denver OWASP meeting Please set pagers & cellphones to stun Please thank our hosts, sponsor, & speakers: Hosting.com – Clint Pickney SilverTail Systems – Laz.

hina
Download Presentation

OWASP Denver June 2012 Hosting

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Andy Lewis Chapter Leader Denver OWASP ALewis@owasp.org OWASP DenverJune 2012Hosting.com

  2. Welcome! • You are at the Denver OWASP meeting • Please set pagers & cellphones to stun • Please thank our hosts, sponsor, & speakers: • Hosting.com – Clint Pickney • SilverTail Systems – Laz

  3. Bathrooms, smoking, parking, etc • Parking - please use visitor parking. NOTE: they lock the garage at 9:30(?) • Smoking - outside in designated areas • Restrooms – you’ll need an escort • Vending machines/food/drinks – pizza, beer, and beverages provided by Hosting.com. Please drink responsibly. • Wireless – please don’t attach, don’t attack, don’t do anything else that would cause Hosting.com not to invite us back…

  4. Agenda • Welcome • Introductions • Thank our hosts & raffle sponsors - Hosting.com and SilverTail Systems • What’s an OWASP? • Pass the salt • Chapter Business • Tonight’s topic - “Emerging Threats" • Closing - Chapter Business, thank hosts, next meeting, and tonight’s watering hole – right here!

  5. OWASP Mission (1st meeting, anyone?) Open non-profit charitable foundation dedicated to enabling organizations make informed decisions to develop, maintain, and acquire software they can trust Making Security Visible Through… Documentation Top Ten, Dev. Guide, Design Guide, Testing Guide, … Tools *** ESAPI, *** WebGoat, WebScarab, Site Generator, Report Generator, CSRF Guard, CSRF Tester, Stinger, Pantera, … Working Groups Browser Security, Industry Sectors, Access Control (XACML), Education, Mobile Phone Security, Preventive Security, OWASP SDL, OWASP Governance, RIA SecurityCommunity and Awareness Local Chapters, Conferences, Tutorials, Mailing Lists 5

  6. OWASP Chapters – a GLOBAL phenomenon 6

  7. Pass the Salt • LinkedIn got breached • It happens • I hope you’ve changed your password, because LI saves passwords as unsalted hashes… • How OWASP can help… • Google “OWASP Password Storage Cheat Sheet” • Notice the reference links for proscriptive guidance for java, php, etc • Don’t reinvent the wheel (and look at the other cheat sheets too) • PASS THE SALT • Please share this with at least one Developer • Unsalted hashes should be a crime, but salting isn’t widely taught • If your friend is way ahead, encourage him or her to add to the cheat sheets – salting routines for Joomla, Ruby, etc are still needed • Friends don’t let friends use unsalted hashes as passwords…

  8. Membership Benefits

  9. Denver Chapter Business • SnowFROC! www.snowfroc.com NEED $$$ to reserve space! • FROC Chair - Kathy Thaxton • NEED TO RESERVE SPACE NOW – please become a member • Membership… • Please consider joining OWASP – it’s like PBS. Nobody’s coming into your living room to shake you down, but a portion of everything you donate goes directly the the Chapter • Get a snazzy @owasp.org email address • Jobs – LinkedIn, others??? • Staying current: • Mailing list • Twitter @owasp303 • Linked in OWASP Denver group • Other chapter business?

  10. Job • Job Title: Coding Compliance Officer Location: AURORA,CO • Duration: 3 months (Contract to Hire) Job#: 5295 • Contact: Avinash 303-990-5876/77 avinash.negi@softecinc.com • Skills: MEDICAL CODING( 5.0+ YRS ) ,TRAINING( 5.0+ YRS ) ,HIPAA( 5.0+ YRS ) ,HEALTHCARE CLAIMS PROCESSING( 5.0+ YRS ) ,ICD-9/10( 5.0+ YRS ) ,MEDICAL BILLING( 5.0+ YRS ) • J • ob Description: • The Coding Compliance and Education Specialist Coordinates and reports on day-to-day coding compliance, education, training and quality improvement functions within the Health Information Management department. • More details available from Avinash

  11. Next Meeting • Next meeting will be September 19th • 3rd Wednesday of the month • Topic tbd – anybody got ideas for a topic and/or speaker? • Final 2012 meeting will be in October – trying to get Wh1t3Rabbit (~70% chance right now)

  12. Tonight: • Laz – “Emerging Threats” • About Laz - SnowFROC Hero • Prior to his position as Directory of Strategy at SilverTail Systems, Laz served as head of Information Security with the Sears Online Business Unit. He has been involved in IT security for the past 20 years, consulting with and auditing Fortune 500 companies and government agencies. Laz holds several patents for controlling personally identifiable information, Information Security, and Information Technology. He is also an active contributor to security standards and policies initiatives regarding compliance and Information Security methodologies, policies, and web application security. Laz is a published author, has served in the United States Air Force, holds a Masters in Computer Information Security from the University of Denver and an MBA from Pepperdine University.

More Related