Austin Security Professionals Happy Hour, March 9, 2017
← Older revision
Revision as of 02:14, 3 March 2017
(2 intermediate revisions by the same user not shown)
Line 6:
Line 6:
=Upcoming Events=
=Upcoming Events=
−
==
OWASP
Austin
Chapter Meeting
,
February 28
, 2017 ==
+
== Austin
Security Professionals Happy Hour
,
March 9
, 2017 ==
−
'''When:''' Tuesday,
February
28th @ 11:45 AM - 1:00 PM
+
'''When''': Thursday, March 9th, 5:00 pm - 7:00 pm
+
+
'''Where''': Sherlock’s Baker St. Pub & Grill, 9012 Research Blvd, Austin, TX 78758 (corner of Hwy 183 and Burnet Rd). We meet in the large room to the right as you walk in, normally on the far side of the room.
+
+
'''What''': The Austin Security Professionals Happy Hour is a monthly event coordinated by the Austin OWASP and Capital of Texas ISSA Chapters and sponsored by various companies. We try to meet every second Thursday of the month from January to September (but occasionally we make schedule adjustments when needed). The event is an informal social gathering of local information security professionals. If you're involved with InfoSec or even if you have an interest, come on out for drinks, good food and conversation.
+
+
'''Sponsor''': Rapid7
+
+
<blockquote>Rapid7 is engineering better security with simple, innovative solutions for IT security's most critical challenges. Our security data and analytics solutions collect, contextualize, correlate, and analyze the security data you need to dramatically reduce threat exposure and detect compromise in real-time. They speed investigations so you can halt threats and clean up systems fast. Plus, our analytics give you the specific information you need to systematically improve security processes within your organization. Unlike traditional vulnerability assessment or incident management, Rapid7's comprehensive data collection, attacker intelligence and user-behavior analytics give you immediate insight into the security state of your assets and users from the endpoint to the cloud. We offer unmatched capabilities to spot intruders leveraging today's #1 attack vector, compromised credentials. Our ability to help goes beyond our innovative technology. Rapid7 security experts can help you advance your security program, whether you need emergency breach response or to transform your security processes and better align investments to your organization's risk and needs. Rapid7 is trusted by more than 4,150 organizations across 90 countries, including 34% of the Fortune 1000. Our products are top rated by Gartner®, Forrester® and SC Magazine. For more information about Rapid7, please visit http://www.rapid7.com.</blockquote>
+
+
'''RSVP:''' http://aus-sec-happy-hour-2017-03.eventbrite.com
+
+
[[#Upcoming Events|Back to Top]]
+
+
== OWASP Austin Chapter Meeting, March 28, 2017 ==
+
+
'''When:''' Tuesday,
March
28th @ 11:45 AM - 1:00 PM
'''Where:''' National Instruments, 11500 N. Mopac.Building C
'''Where:''' National Instruments, 11500 N. Mopac.Building C
−
'''Title:'''
Building and Breaking Password Reset Mechanisms
+
'''Title:'''
DevSecOps Lessons from Detroit to Deming
−
<blockquote>
It happens to everyone
,
you forgot your password. Now you need to get back into your account and prove you are who you say
,
but without using your password as proof
.
How
,
then
,
can that be done securely? More interestingly, how can it be done insecurely? This talk will dissect a number
of
security vulnerabilities found
in
real
-
world password reset mechanisms
,
and discuss how password reset mechanisms should be built
.
</blockquote>
+
<blockquote>
In 1982
,
the city of Detroit saw 15
,
000 vehicles roll off its production lines every day
.
To achieve this goal
,
Detroit's line workers were being measured on velocity
,
often at the expense
of
quality. At the same time, auto workers
in
Japan
-
- applying lessons from W. Edwards Deming -- were implementing new supply chain management practices which enabled them to manufacture higher quality vehicles
,
for less cost, at higher velocity. As a result, from 1962 to 1982, the Detroit auto industry lost 20% of its domestic market to Japan
.
−
'''Speaker
:
''' Dan Crowley
+
The parallels between the auto industry of 35 years ago and software development practices in place today are remarkable. DevOps teams around the world are consuming billions of open source components and containerized applications to improve productivity at a massive scale. The good news
:
they are accelerating time to market. The bad news: many of the components and containers they are using are fraught with defects including critical security vulnerabilities.
−
<blockquote>Daniel Crowley is a Senior
Security
Engineer and Regional Research Director for NCC Group Austin
,
tasked with finding
and
exploiting flaws in everything
from
Web applications and cryptosystems to ATMs, smart homes, and industrial control systems. He denies all allegations of unicorn smuggling and questions your character for even suggesting it. He has been working in information security since 2004. Daniel is TIME’s 2006 Person
of the
Year. He has developed and released various free security tools such as MCIR,
a
powerful Web application exploitation training
and research
platform,
and
FeatherDuster, an automated modular cryptanalysis tool
.
He does his own charcuterie and brews his own beer. He is a frequent speaker at conferences including Black Hat, DEFCON, Shmoocon, Chaos Communications Camp
, and
SOURCE
.
Daniel can open a door lock with his computer but still can’t launch ICBMs by whistling into a phone. He has been interviewed by various print and television media including Forbes
,
CNN, and the Wall Street Journal. He holds the noble title
of
Baron in
the
micronation of Sealand. His work has been included in books
and
college courses
.
</blockquote>
+
This session aims to enlighten
Security,
DevOps,
and
development professionals by sharing results
from
the 2017 State
of the
Software Supply Chain Report --
a
blend of public
and
proprietary data with expert
research and
analysis
.
The presentation will also reveal findings from the 2017 DevSecOps Community survey where over 2
,
200 professionals shared their experiences blending DevOps
and
security practices together
.
Throughout the discussion
,
Derek will share lessons that Deming employed decades ago to help us accelerate adoption
of the
right DevSecOps culture, practices,
and
measures today
.
−
'''Food
:
''' Tacodeli. PLEASE RSVP so we can be sure to have enough for all!
+
Attendees in this session will learn
:
−
Only those who RSVP will be eligible for any drawings/giveaways that may take place!
+
- What our analysis of 60,000 applications reveals about the quality and security of software built with open source components
−
'''RSVP:''' https://owasp
-
austin-2017-february.eventbrite.com
+
-
How organizations like PayPal, Intuit, Fannie Mae and the Department of Defense are utilizing
the
DevOps principles of software supply chain automation
−
+
−
Or if you can not attend we should be broadcasting
the
meeting via
+
−
'''GoToMeeting:''' https://attendee.gotowebinar.com/register/8544259058178237955
+
−
[[#Upcoming Events|Back to Top]]
+
- Why avoiding open source components and containers over 3 years old might be a really good idea
−
== Austin Security Professionals Happy Hour, March 9, 2017 ==
+
- How to balance the need for speed with quality and security -- early in the development lifecycle
−
''
'When''': Thursday
,
March 9th
,
5:00 pm - 7:00 pm
+
Attend this discussion and leverage the insights to understand how your organization
'
s application DevOpsSec practices compare to others. We
'
ll share the industry benchmarks to take back and discuss with your Security
,
DevOps
,
and Development teams.</blockquote>
−
'''
Where
'''
: Sherlock’s Baker St. Pub & Grill, 9012 Research Blvd, Austin, TX 78758 (corner of Hwy 183 and Burnet Rd). We meet in the large room to the right as you walk in, normally on the far side of the room
.
+
'''
Speaker:
'''
Derek E
.
Weeks
−
'''What''': The Austin Security Professionals Happy Hour is
a
monthly event coordinated by
the
Austin OWASP and Capital
of
Texas ISSA Chapters
and
sponsored by various companies
.
We try
to
meet every second Thursday
of the
month from January to September (but occasionally we make schedule adjustments when needed)
.
The event
is
an informal social gathering
of
local information security professionals. If you're involved with InfoSec or even if you have an interest, come on out for drinks, good food
and
conversation
.
+
<blockquote>After flying to 40 countries and racing through
a
half-Ironman competition, Derek woke up one morning on
the
top
of
Kilimanjaro
and
saw the world in a new light
.
Soon after, Derek become a huge advocate of applying proven supply chain management principles into AppSec practices
to
improve efficiencies and sustain long-lasting competitive advantages. He currently serves as vice president and DevSecOps advocate at Sonatype, creators
of the
Nexus repository manager and the global leader in solutions for software supply chain automation
.
Derek
is
also the co-founder
of
the All Day DevOps conference
and
the lead researcher behind the annual State of the Software Supply Chain report
.
</blockquote>
−
'''
Sponsor
'''
: Rapid7
+
'''
Food:
'''
Tacodeli. PLEASE RSVP so we can be sure to have enough for all!
−
<blockquote>Rapid7 is engineering better security with simple, innovative solutions
for
IT security's most critical challenges. Our security data and analytics solutions collect, contextualize, correlate, and analyze the security data you need to dramatically reduce threat exposure and detect compromise in real-time. They speed investigations so you can halt threats and clean up systems fast. Plus, our analytics give you the specific information you need to systematically improve security processes within your organization. Unlike traditional vulnerability assessment or incident management, Rapid7's comprehensive data collection, attacker intelligence and user-behavior analytics give you immediate insight into the security state of your assets and users from the endpoint to the cloud. We offer unmatched capabilities to spot intruders leveraging today's #1 attack vector, compromised credentials. Our ability to help goes beyond our innovative technology. Rapid7 security experts can help you advance your security program, whether you need emergency breach response or to transform your security processes and better align investments to your organization's risk and needs. Rapid7 is trusted by more than 4,150 organizations across 90 countries, including 34% of the Fortune 1000. Our products are top rated by Gartner®, Forrester® and SC Magazine. For more information about Rapid7, please visit http:
/
/www.rapid7.com.</blockquote>
+
Only those who RSVP will be eligible
for
any drawings
/
giveaways that may take place!
−
'''RSVP:'''
http
://
aus
-
sec-happy-hour
-2017-
03
.eventbrite.com
+
'''RSVP:'''
https
://
owasp
-
austin
-2017-
march
.eventbrite.com
+
+
Or if you can not attend we should be broadcasting the meeting via
+
'''GoToMeeting:''' https://attendee.gotowebinar.com/register/8592614480056211459
[[#Upcoming Events|Back to Top]]
[[#Upcoming Events|Back to Top]]
Line 76:
Line 92:
==2017==
==2017==
----
----
+
+
=== OWASP Austin Chapter Meeting, February 28, 2017 ===
+
+
'''When:''' Tuesday, February 28th @ 11:45 AM - 1:00 PM
+
+
'''Where:''' National Instruments, 11500 N. Mopac.Building C
+
+
'''Title:''' Building and Breaking Password Reset Mechanisms
+
+
<blockquote>It happens to everyone, you forgot your password. Now you need to get back into your account and prove you are who you say, but without using your password as proof. How, then, can that be done securely? More interestingly, how can it be done insecurely? This talk will dissect a number of security vulnerabilities found in real-world password reset mechanisms, and discuss how password reset mechanisms should be built.</blockquote>
+
+
'''Speaker:''' Dan Crowley
+
+
<blockquote>Daniel Crowley is a Senior Security Engineer and Regional Research Director for NCC Group Austin, tasked with finding and exploiting flaws in everything from Web applications and cryptosystems to ATMs, smart homes, and industrial control systems. He denies all allegations of unicorn smuggling and questions your character for even suggesting it. He has been working in information security since 2004. Daniel is TIME’s 2006 Person of the Year. He has developed and released various free security tools such as MCIR, a powerful Web application exploitation training and research platform, and FeatherDuster, an automated modular cryptanalysis tool. He does his own charcuterie and brews his own beer. He is a frequent speaker at conferences including Black Hat, DEFCON, Shmoocon, Chaos Communications Camp, and SOURCE. Daniel can open a door lock with his computer but still can’t launch ICBMs by whistling into a phone. He has been interviewed by various print and television media including Forbes, CNN, and the Wall Street Journal. He holds the noble title of Baron in the micronation of Sealand. His work has been included in books and college courses.</blockquote>
+
+
[[#Listing of Past Meetings and Events|Back to Top]]
=== Austin Security Professionals Happy Hour, February 9, 2017 ===
=== Austin Security Professionals Happy Hour, February 9, 2017 ===