OWASP NJ/NYC Chapter Meeting


Session Details

• AppSec USA 2013 Review and Recap: NY and NJ Chapter Leaders

• Tony Dimichele, CISO at BNP Paribas: Review of BNPs AppSec Program

• The Exploit Development Process

Session Abstract: This WebAppSec presentation will introduce InfoSec managers, less technical AppSec security professionals and beginners to the process of examining code to write exploits. We will use the 2013 Wordpress URL redirect vulnerability (CVE[masked]) as a step-by-step case study and tutorial. The methodology presented may be generalized to other platforms as it is not web application specific. The presentation will contain a lot of pictures so that people of all skill levels may follow along to better understand the process as if they are sitting over the researcher's shoulder. Please note that it will not introduce advanced web app debugging techniques.

Speaker Bio: 

Kenneth F. Belva is the Publisher and Editor-in-Chief of bloginfosec.com. He currently works full-time in the financial services vertical at a multinational conglomerate. He conducts both technical and non-technical risk assessments focusing on web-based application security while helping deliver security solutions to the business units within his division.

At the OWASP AppSec2013 confrerence BugCrowd valided three of his 0-day vulnerabilities he found in Yahoo, Yandex and Angelist within the first two days of BugBash2013. He was previously on the board of the New York Metro Chapter of the Information Systems Security Association (ISSA) where he served in various capacities over the past 9 years. He has spoken and moderated at the United Nations as well as presented on AT&T’s Internet Security News Network (ISNN) on discovering unknown web application vulnerabilities as well as being interviewed on security enablement.

• AppSec at DevOps Speed and Portfolio Scale

Session Abstract: Application security programs often have difficulty scaling to large enterprise portfolios while maintaining speed, coverage, and accuracy.  In this talk, John will discuss why the traditional approach to application security is rapidly becoming infeasible. Then he will share strategies for building a program that can deal with the realities of Agile and DevOps-style software development.  In particular, John will discuss recent experiences using a variety of simple tools to perform continuous application security verification during the build and deployment process.

Speaker Bio: 

John leads Aspect’s Application Security Programs consulting practice which enables organizations to securely design, implement and maintain their information systems in a responsible, practical and sustainable way. As an IT professional for over 25 years, John has concentrated solely on IT security for the last 16 years. During his career he has held various leadership positions including Enterprise Security Architect and Application Security Program Manager. Some of John’s key accomplishments include the implementation of an enterprise-wide IT security program for a large financial services institution, the security design and implementation of an enterprise single sign-on and authorization system and the automation of security processes and tools into a continuous integration environment. John has designed and implemented secure architecture and supporting processes for some of the most critical and complex systems across industry sectors including Financial Services, Central Banking, Government Agencies, US Treasury, and Transportation. John holds dual degrees in Mathematics and Computer Science from West Chester University.

Join or login to comment.

  • Markus

    Room was too cold

    January 31, 2014

  • Majid M.

    Excellent meeting, interesting talks, thanks!

    January 30, 2014

  • Tom B.

    January 30, 2014

  • Vijay B.

    One last point, folks traveling using their Metrocard should use the ones which have cash charged on it. The monthly Metrocard pass will not work on the Path network.

    January 27, 2014

  • Vijay B.

    Hello Everyone. For the folks coming from NYC, you can take the PATH train to the Newport Pavonia Station. The Path Train stops at 9th st, 14th st, 23rd st and 33rd st on 6th avenue. Trains are every 10 mins during that time. We can also take the exchange place Path train from WTC. More details at:

    The building is also accessible via NJT LightRail in case you were coming in from Hoboken or central Jersey: http://www.njtransit.com

    For the members driving in, you can set your GPS to: 525 Washington Blvd, Jersey City, NJ 07310.

    The building is called "Newport Tower" and has the name on it, along with the number 525 in front. It is located directly opposite the Newport Pavonia Path station and is in front of the Newport mall. Pictures of the building are available online.

    The event is in the 2nd Floor. Hope to see you all there! Cheers.

    January 27, 2014

  • Yang L.

    The closest station should be new port mall at the link below:

    January 27, 2014

  • Harry Y.

    Gene, get off at Pavonia Newport. Metting is short walk from Pavonia Newport Path Station. From WTC make sure to take the Hoboken Train. MetroCard will work.

    1 · January 27, 2014

  • Eugene Y.

    Haven't crossed the river in a while. Does PATH take MetroCard? I plan on taking the PATH train from downtown NYC. What stop should I get off in Jersey City? Thank you.

    January 27, 2014

  • Robert S.

    Welcome to Super Bowl Sunday where the two teams are going to be staying in Jersey City!

    One team in the Hyatt and the other in the Westin.

    There will be extensive police presence and street closures including part of Christopher Columbus Drive, and the southbound lane of Washington blvd in front of 499 Washington blvd. If you are driving, allow additional travel time. If you are taking the light rail or the path, increased police presence, police boats in the water, and random bag checks.

    Be prepared and allow extra time coming to the event.

    January 24, 2014

  • Nolan H.

    First time attending. Excited and nervous.

    January 22, 2014

126 went

Our Sponsors

People in this
Meetup are also in:

Imagine having a community behind you

Get started Learn more

We just grab a coffee and speak French. Some people have been coming every week for months... it creates a kind of warmth to the group.

Rafaël, started French Conversation Group

Sign up

Meetup members, Log in

By clicking "Sign up" or "Sign up using Facebook", you confirm that you accept our Terms of Service & Privacy Policy