CiNPA - Security SIG

AppSec Night: Topic#1) "Why The Web Is Broken", Bill Sempf

Abstract:
You have probably been hacked. You might not even know it with all of the high profile newsworthy breaches in recent years. The fact is, so many web applications are easy targets these days. Why? The web is inherently insecure. If you build web applications there is a good chance you are writing sites that are easy targets. If you use web applications you may be an easy target as well. In this session we will take a look at the underbelly of the app security industry, discuss security principles and best practices, and see how to build better web apps and surf safely.

Bio:
Bill Sempf is a software security architect. His breadth of experience includes business and technical analysis, software design, development, testing, server management and maintenance, and security. With over 20 years of professional experience he has participated in the creation of well over 300 applications for large and small companies, managed the software infrastructure of two Internet service providers, coded complex software happily in every environment imaginable, tested the security of all natures of applications and APs, and made mainframes talk to cell phones. He is the author of C# 5 All in One for Dummies and Windows 8 Programming with HTML5 For Dummies; a coauthor of Effective Visual Studio.NET and many other books, a frequent contributor to industry magazines; and has recently been an invited speaker for the ACM and IEEE, BlackHat, CodeMash, DerbyCon, BSides, DevEssentials, the International XML Web Services Expo and the Association of Information Technology Professionals. Bill also serves on the board of the Columbus branch of the Open Web Application Security Project (OWASP), and is the Administrative Director of Locksport International.

AppSec Night: Topic#2) "OWASP Top 10 - 2017 Overview", Matt Scheurer

OWASP stands for the “Open Web Application Security Project”, which is sometimes termed interchangeably as “AppSec”. We will present an overview of the recently updated OWASP Top 10 list from 2017 and review what has changed since the previous 2013 release. We will also share resources to get started on a path towards self-learning for those who are new to AppSec testing.

AppSecNight Topic#3) "Exploiting OWASP Vulnerabilities", Cameron Maerz

Cameron Maerz, Sr. Penetration Tester at Mafazo, will demonstrate how some of the OWASP Top 10 vulnerabilities are exploited by malicious threat actors.

About Us:

The CiNPA Security SIG is the Cincinnati Networking Professionals Association Security Special Interest Group. We meet monthly on the third Thursday of each month starting at 6:30 p.m.

The CiNPA Security SIG's monthly meeting format typically consists of one or two main monthly meeting topics featuring live presentations or demonstrations promoting open and interactive group discussions. Our focus is primarily on the defensive side of information security, but we delve into all other areas of cyber-security as well. Information security news, announcements, and round-table discussions follow our main meeting topics.

Attendee Benefits:

• Attendance qualifies for 2 hours of CPE or CEU credit towards certification renewals

• Maintaining awareness of new vulnerabilities and exploits

• Learning about the latest security tools, utilities, products, services, solutions, strategies, techniques, frameworks, and best practices

• Sharing of information regarding trends concerning enterprise systems and technology

• Hearing announcements of upcoming area security conferences and events

• Networking with peers in the local Information Security (InfoSec) community