Bay Area May '21 Meetup

Get ready for a set of 3 new exciting talks brought by experienced speakers in the security industry!

We'd also love to connect with you on Slack:


1. Please request an invite to OWASP Slack here: https://owasp-slack.herokuapp.com/. You should do this ahead of time to give yourself time to join.


2. Join us in #bayarea



• 10:00 - Welcome

•10:05 - 10:40 - The Tangled Web and Its Same Origin Policy (Pankaj Mouriya)
• 10:40 - 11:15 - Understanding the new NIST Security and Privacy Framework additions around RASP and IAST (Timothy Chiu)

• 11:15 - 11:50 - What's a data vault? And why do you need it? (Manish Ahluwalia)

Talk 1: The Tangled Web and Its Same Origin Policy

Same Origin Policy is the Fundamental Security Model of the web, it's been very long that I have been struggling around Same Origin Policy and to overcome this struggle, I did some google and went through some books, watched some boring yet fruitful videos and ended up giving this talk. Having a deep understanding of the Same Origin Policy model is important especially if you are a Security Analyst or developer for secure web development.

In this talk I will try to make it easy to understand and will keep your brains engaged so that it does not turn into a boring lecture. We will learn about Same Origin Policy with DOM, browser tabs, iframes, importance of SOP and how it is applied to web storage, images, CSS, JS, etc. I will also talk about Same Origin Policy exceptions and ways to get around Same Origin Policy with detailed explanation to postMessage API, URI fragment and CORS etc.

Speaker Bio -
Pankaj is Security Analyst at Appsecco. Pankaj is a Web Security and Cloud Security enthusiast with a strong passion for Information Security. Pankaj has extensive experience in Web Application, Network and Mobile Application security assessments. Pankaj is community manager at null –The Open Security community and an active speaker and contributor at various security communities.

Talk 2: Understanding the new NIST Security and Privacy Framework additions around RASP and IAST (Timothy Chiu)

Join us for a discussion on the new NIST SP800-53 Application Security Framework Requirements for RASP and IAST. You'll learn about the final release of revision 5 to this version of SP800-53, which now includes RASP and IAST. The new framework was released by NIST on September 23, 2020.

The presentation will cover: the state of application security, new additions, compliance timing requirements, overview of RASP, and overview of IAST.

Speaker Bio:

Timothy Chiu is the VP of Marketing for K2 Cyber Security, Inc. Prior to joining K2, Tim served as a product marketing executive for Symantec (through the acquisition of Blue Coat). At Symantec, Tim drove product launches, analyst relations and product evangelism for Symantec’s web security products. Tim has an MBA from Santa Clara University, a BSEE from the University of Pennsylvania and BS from the Wharton School of Business.

Talk 3: What's a data vault? And why do you need it? (Manish Ahluwalia)

The complexity of hybrid data center infrastructures and the rise of
compliance risk today has led to the creation of the data vault. These data vaults have been created by organizations of all sizes, from healthcare startups to digital-first financial services firms to solve the problem of governance for privacy data, such as your data of birth, your doctor’s name and other PII. We will explore architectural patterns and best practices to create a privacy data vault that lets you store and easily govern sensitive data based on your needs.

What you’ll take away: what is data vault, how to adopt a data vault pattern, special considerations, and access controls.

Speaker Bio:
Manish has over 2 decades of experience in the software industry, with over 10 years in information-security. He currently works at Skyflow as Head of Customer Security and Privacy. Previously, he was running Security at NerdWallet.