What we're about

The Open Web Application Security Project (OWASP) is a not-for-profit, worldwide organization focused on improving the security of application software. Our mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.

The OWASP Los Angeles chapter typically meets on the 4th Wednesday every month for dinner, a great security-related speaker and great networking. We frequently go out for post-talk drinks to socialize and understand what security is really about. Join the movement today!

Become an OWASP Member TODAY (https://www.owasp.org/index.php/Individual_Member)
Support your LA Chapter: only $50 for the entire year!

Upcoming events (1)

OWASP LA Monthly Dinner Meeting - July 24, 2019

ServiceTitan

Join Us as We Have Two Great Speakers at this Special Meeting! ** Topic 1 ** Want to make $3000 a month working from home? Disrupting a money mule network. Speaker: Liam O’Murchu Biography: Liam O’Murchu is a director with the Security Technology and Response group with Symantec. Over the past 15 years O’Murchu has investigated and responded to the most sophisticated cyber attacks to ever emerge, from professional cyber-criminals targeting financial institutions, to government backed threats targeting critical infrastructure. His analysis of Stuxnet uncovered its true objective, to disrupt uranium enrichment in Iran. The analysis detailed how sophisticated attacks on critical infrastructure are carried out in the modern era. The analysis is featured in the book, "Countdown to Zeroday" by Kim Zetter and the "Zerodays" feature film documentary by Academy award winner Alex Gibney, which was shortlisted for best documentary at the Academy Awards in 2017. A frequent speaker on T.V., radio and in printed press, O'Murchu has continued to analyze threats from election hacking to financial heists to espionage and to represent that research to the public. Most recently O’Murchu testified at the trial of a group of malware authors he tracked for 12 years, where the authors were found guilty of 21 counts of computer abuse and financial fraud charges. He continues to work closely with law enforcement to identify and apprehend malware authors. In 2012 O'Murchu was awarded the ISSA’s President’s Award honoring exceptional contributions to the security community. Abstract: We've all seen the ads for work-from-home schemes often accompanied by a picture of a cheque for thousands of dollars and a testimonial from a happy employee who only worked a few hours a week to earn the money. These legitimate looking ads are often fronts for money laundering services. Working with the FBI, Symantec recently disrupted a botnet that made extensive use of such work-from-home schemes. This talk looks in detail at one specific instance of such a scheme where we gained visibility into every detail of the scheme, from recruitment, to conversations with the ‘employees’, and ultimately, to the criminals behind the scheme. Vast technical and social skills are needed to operate such a scheme successfully while evading law enforcement. This talk shows the dangers of such scheme and how security researcher cooperation and information sharing brought down such an operation. =========================================================== ** Topic 2 ** Common API Security Pitfalls Speaker: Philippe De Ryck Biography: Philippe De Ryck is the founder of Pragmatic Web Security, where he travels the world to train developers on web security and security engineering. He holds a Ph.D. in web security from KU Leuven. Google recognizes Philippe as a Google Developer Expert for his knowledge of web security and security in Angular applications. Abstract: The shift towards an API landscape indicates a significant evolution in the way we build applications. The rise of JavaScript and mobile applications have sparked an explosion of easily-accessible REST APIs. But how do you protect access to your API? Which security aspects are no longer relevant? Which security features are an absolutely must-have, and which additional security measures do you need to take into account? These are hard questions, as evidenced by the deployment of numerous insecure APIs. Attend this session to find out about common API security pitfalls, that often result in compromised user accounts and unauthorized access to your data. We expose the problem that lies at the root of each of these pitfalls, and offer actionable advice to address these security problems. After this session, you will know how to assess the security of your APIs, and the best practices to improve them towards the future.

Past events (96)

OWASP LA Monthly Dinner Meeting - June 26, 2019

Signal Sciences

Photos (207)