New Jersey OWASP Chapter Meeting

Please join the NY and NJ OWASP Chapters as we hold our first meeting of 2014.  We will spend some time reviewing the hugely successful AppSec USA 2013 event and discuss our plans for 2014.

We are actively looking for speakers for this meeting and the Call for Papers is now open.  For more information on submitting a talk:

http://www.meetup.com/OWASP-NYC/pages/Speaker_Proposals/

If you have any questions, would like to submit a talk, or host meeting, please contact Israel at israel.bryski (at) owasp (dot) org.

Looking forward to a great year!  -  the NY and NJ Chapter Leaders


**************************************************

Session Details

• AppSec USA 2013 Review and Recap: NY and NJ Chapter Leaders


• Tony Dimichele, CISO at BNP Paribas: Review of BNPs AppSec Program


• The Exploit Development Process

Session Abstract: This WebAppSec presentation will introduce InfoSec managers, less technical AppSec security professionals and beginners to the process of examining code to write exploits. We will use the 2013 Wordpress URL redirect vulnerability (CVE[masked]) as a step-by-step case study and tutorial. The methodology presented may be generalized to other platforms as it is not web application specific. The presentation will contain a lot of pictures so that people of all skill levels may follow along to better understand the process as if they are sitting over the researcher's shoulder. Please note that it will not introduce advanced web app debugging techniques.

Speaker Bio: 

Kenneth F. Belva is the Publisher and Editor-in-Chief of bloginfosec.com. He currently works full-time in the financial services vertical at a multinational conglomerate. He conducts both technical and non-technical risk assessments focusing on web-based application security while helping deliver security solutions to the business units within his division.


At the OWASP AppSec2013 confrerence BugCrowd valided three of his 0-day vulnerabilities he found in Yahoo, Yandex and Angelist within the first two days of BugBash2013. He was previously on the board of the New York Metro Chapter of the Information Systems Security Association (ISSA) where he served in various capacities over the past 9 years. He has spoken and moderated at the United Nations as well as presented on AT&T’s Internet Security News Network (ISNN) on discovering unknown web application vulnerabilities as well as being interviewed on security enablement.

• AppSec at DevOps Speed and Portfolio Scale

Session Abstract: Application security programs often have difficulty scaling to large enterprise portfolios while maintaining speed, coverage, and accuracy.  In this talk, John will discuss why the traditional approach to application security is rapidly becoming infeasible. Then he will share strategies for building a program that can deal with the realities of Agile and DevOps-style software development.  In particular, John will discuss recent experiences using a variety of simple tools to perform continuous application security verification during the build and deployment process.

Speaker Bio: 

John leads Aspect’s Application Security Programs consulting practice which enables organizations to securely design, implement and maintain their information systems in a responsible, practical and sustainable way. As an IT professional for over 25 years, John has concentrated solely on IT security for the last 16 years. During his career he has held various leadership positions including Enterprise Security Architect and Application Security Program Manager. Some of John’s key accomplishments include the implementation of an enterprise-wide IT security program for a large financial services institution, the security design and implementation of an enterprise single sign-on and authorization system and the automation of security processes and tools into a continuous integration environment. John has designed and implemented secure architecture and supporting processes for some of the most critical and complex systems across industry sectors including Financial Services, Central Banking, Government Agencies, US Treasury, and Transportation. John holds dual degrees in Mathematics and Computer Science from West Chester University.

• Integrating Snort Alerts with Wireshark

Sorry for the late notice, the paint on the code isn't completely dry yet...

Session Abstract: This is a short, "rough cut" demo of a Wireshark plugin that pulls in snort alerts from a MySQL database.

Should find utility with red/blue teams and for those developing or learning to write Snort alerts.

Presenter: Jack Radigan, NJ side of the chapter.


Join or login to comment.

  • Tom B.

    January 30, 2014

  • Vijay B.

    Hello Everyone. For the folks coming from NYC, you can take the PATH train to the Newport Pavonia Station. The Path Train stops at 9th st, 14th st, 23rd st and 33rd st on 6th avenue. Trains are every 10 mins during that time. We can also take the exchange place Path train from WTC. More details at:
    http://www.panynj.gov/path/­

    The building is also accessible via NJT LightRail in case you were coming in from Hoboken or central Jersey: http://www.njtransit.com­

    For the members driving in, you can set your GPS to: 525 Washington Blvd, Jersey City, NJ 07310.

    The building is called "Newport Tower" and has the name on it, along with the number 525 in front. It is located directly opposite the Newport Pavonia Path station and is in front of the Newport mall. Pictures of the building are available online.

    The event is in the 2nd Floor. Hope to see you all there! Cheers.

    January 27, 2014

40 went

Our Sponsors

People in this
Meetup are also in:

Create your own Meetup Group

Get started Learn more
Bill

I started the group because there wasn't any other type of group like this. I've met some great folks in the group who have become close friends and have also met some amazing business owners.

Bill, started New York City Gay Craft Beer Lovers

Sign up

Meetup members, Log in

By clicking "Sign up" or "Sign up using Facebook", you confirm that you accept our Terms of Service & Privacy Policy