6:00 - 6:30 Food, drink, and networking
6:30 - 7:15 Chapter business and group discussion
7:15 - 8:00 Featured presentation
Featured Presentation: Access Control Design Best Practices
Access Control is a necessary security control at almost every layer within a web application. This talk will discuss several of the key access control anti-patterns commonly found during website security audits. These access control anti-patterns include hard-coded security policies, lack of horizontal access control, and "fail open" access control mechanisms. In reviewing these and other access control problems, we will discuss and design a positive access control mechanism that is data contextual, activity based, configurable, flexible, and deny-by-default - among other positive design attributes that make up a robust web-based access-control mechanism.
Jim Manico is the VP of Security Architecture for WhiteHat Security. Jim is also a global board member of OWASP, is the host of the OWASP Podcast Series, is the committee chair of the OWASP Connections Committee, is the project manager of the OWASP Cheatsheet series, and is a significant contributor to several additional OWASP projects. Jim provides secure coding and developer awareness training for WhiteHat Security using his 8+ years of experience delivering developer-training courses for SANS, Aspect Security and others. He brings 16 years of database-driven Web software development and analysis experience to WhiteHat and OWASP as well. Jim works on the beautiful island of Kauai,Hawaii where he lives with his wife Tracey.
Seating is limited and is prioritized for those who RSVP. Parking is available through the Whittier Neighborhood Zone. Food and drinks will be provided and there will be a networking session preceding the meeting. As always, meetings are free to attend.
Our continued thanks to Aerstone for providing the venue and the refreshments.