addressalign-toparrow-leftarrow-rightbackbellblockcalendarcameraccwcheckchevron-downchevron-leftchevron-rightchevron-small-downchevron-small-leftchevron-small-rightchevron-small-upchevron-upcircle-with-checkcircle-with-crosscircle-with-pluscontroller-playcrossdots-three-verticaleditemptyheartexporteye-with-lineeyefacebookfolderfullheartglobegmailgooglegroupshelp-with-circleimageimagesinstagramFill 1light-bulblinklocation-pinm-swarmSearchmailmessagesminusmoremuplabelShape 3 + Rectangle 1ShapeoutlookpersonJoin Group on CardStartprice-ribbonprintShapeShapeShapeShapeImported LayersImported LayersImported Layersshieldstartickettrashtriangle-downtriangle-uptwitteruserwarningyahoo

OWASP Monthly Meeting - February 19, 2014: NOTE New Date for this meeting


Los Angeles OWASP Chapter Board WINS Best Chapter Leader!

Join OWASP today and become a member

Topic: Building a shield of security - Vulnerability Management by the numbers and dumb robots

This presentation discusses how builders, breakers and defenders should look at vulnerability management when attempting to keep hackers at bay?? We shall discuss the most common vulnerabilities which are not detected by security tools nor automation but nevertheless are common and can be used to commit real fraud resulting in financial loss. We will look at some real world examples from the trenches, discuss business logic and authorisation testing, how we approach these and why automation does not work to detect such critical issues. We will see that Web Application Firewalls are ineffective against such attacks and why the only practical solution is to apply a layered approach across the SDLC and by focusing on the application as a logical state machine.


Speaker: Rahim Jina - BCC Risk Advisory

Rahim has been an active member of OWASP since 2008 and has contributed to many projects such as the OWASP Security Code Review Guide and is an ex-board member of the Irish Chapter. Previously Rahim was a senior security consultant at a ?big 4? professional services firm and more recently, the head of security for Fonality Inc, a VoIP service provider based in Los Angeles. Rahim is currently a director for BCC Risk Advisory (bccriskadvisory.com), based in Dublin, Ireland. He is also responsible for the security architecture of the edgescan.com vulnerability management solution.

Thanks to our sponsor

Qualys

The Leading Provider of Information Security and Compliance Cloud Solutions The QualysGuard Cloud Platform and integrated suite of solutions helps businesses simplify security operations and lower the cost of compliance by delivering critical security intelligence on demand and automating the full spectrum of auditing, compliance and protection for IT systems and web applications.

The QualysGuard® service is used today by more than 6,700 customers in over 100 countries, including a majority of the Forbes Global 100, and performs more than 1 billion IP scans/audits per year. QualysGuard Web Application Scanning (WAS) is used by over 1000 customers worldwide.

Qualys is a proud supporter of the web applications security community through OWASP at both the global and local levels through sponsorships of projects and in initiatives such as the Web Application Security Persons of the Year (WASPY) Awards.



Join or login to comment.

  • Doug

    w00t. Great sp3ak3r(z)!

    February 20, 2014

  • A former member
    A former member

    Can I seek in late/is the meetup still going?

    February 19, 2014

  • Matti S

    Remember SCALE 12x is this Fri, Sat, Sun. Feb 21, 22, 23 2014. We will have a table at the expo on Sat and Sun to promote OWASP and security.
    The full conference pass ( $70 ) includes most of the Friday events ( SCALE 12x will have a great Keynote on Friday evening )
    We've setup a 50% off code ($35 ) for members ( code = OWASP )
    We've got a couple of our members presenting on security topics at SCALE this year!!
    https://www.socallinuxexpo.org/scale12x

    Please help promote OWASP at SCALE. I would love to see a security related BOFs on Fri or Sat nights after the sessions.

    Hope to see everyone soon.

    1 · February 18, 2014

    • Matti S

      On Friday night we will have Lawrence Lessig provide the keynote, if you have issues with some of the Cyber security related laws I think you will really enjoy his presentation.

      February 19, 2014

  • Jeff C.

    Do we have to be members of OWASP to attend this event?

    February 19, 2014

    • A former member
      A former member

      Hope not :)

      February 19, 2014

    • Aaron

      no you do not have to be members to attend. Everyone is welcome

      February 19, 2014

  • malcolm

    Maybe -

    February 16, 2014

Our Sponsors

  • Contrast Security

    Secure Apps at their Source.

  • OWASP - LA

    Sponsorship

  • Riot Games

    Our goal is to become the most player-focused company in the world.

  • AsTech

    AsTech helps customers become application security heroes.

  • incapsula

    incapsula

  • Verizon

    Verizon DEFEND - Comprehensive cloud-based WAF and DDoS protection

  • Bugcrowd

    An innovator in crowdsourced security testing for the enterprise.

  • Absolute Software

    Industry standard in endpoint and management solutions

  • Prevoty

    www.prevoty.com

  • Whitehat Security

    End-to-end solutions for Web security.

  • GreenSQL

    Database Security and Compliance for EVERY organisation.

  • AUTHENTIC8

    Authentic8 puts you back in control.

  • Guidance Software

    Recognized worldwide as the industry leader in endpoint investigation

  • Check Point

    The worldwide leader in securing the Internet

  • WinMagic

    Makes it easy to secure data!

  • ioActive

    IOActive security consultancy with global presence and deep expertise

  • Akana

    Akana

  • Qualys

    QualysGuard Web Application Scanning (WAS)

  • Click below:

    https://www.owasp.org/index.php/Membership

  • Cigital, Inc

    The world’s largest consulting firm specializing in software security

  • Trend Micro

    A global leader in security software

  • Checkmarx

    Ensures your application remains hacker-proof.

  • SecureAuth

    SecureAuth is a technology leader in enterprise identity governance.

  • Symantec Corporation

    Provide security, storage and systems management solutions

  • BeyondTrust

    The global leader in privileged identity and threat management solutions

  • Security Innovation

    The Application Security Company

  • Palo Alto Networks

    Their Next-Generation Firewall enables applications

  • Arxan Technologies

    Sharing thought leadership & best practices on mobile apps security

  • Bay Dynamics

    IT Analytics

  • Venafi

    Inventor and market leader: Enterprise Key & Certificate Management

  • Trustwave

    Simple solutions to your complex security and compliance challenges

  • Phone Factor

    Multi-factor authentication to protect against today's threats

  • Gemalto

    Gemalto (formerly SafeNet)

  • PhishMe

    PhishMe

  • Contrast Security

    Empower developers to build secure applications.

People in this
Meetup are also in:

Sign up

Meetup members, Log in

By clicking "Sign up" or "Sign up using Facebook", you confirm that you accept our Terms of Service & Privacy Policy