2012-11-15

← Older revision

Revision as of 00:11, 16 November 2012

(One intermediate revision by one user not shown)

Line 1:

Line 1:



{{Chapter Template|chaptername=Louisville|extra=The chapter leaders are: [mailto:ksullivan31@gmail.com Kristen Sullivan],[mailto:CHAlexander@ups.com Carl Alexander], [mailto:Brian.Blankenship@kindredhealthcare.com Brian Blankenship], [mailto:
jkoenig
@
humana
.
com
Curtis Koenig], and [mailto:irongeek@irongeek.com Adrian Crenshaw]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-Louisville|emailarchives=http://lists.owasp.org/pipermail/owasp-Louisville}}

+

{{Chapter Template|chaptername=Louisville|extra=The chapter leaders are: [mailto:ksullivan31@gmail.com Kristen Sullivan],[mailto:CHAlexander@ups.com Carl Alexander], [mailto:Brian.Blankenship@kindredhealthcare.com Brian Blankenship], [mailto:
curtis.koenig
@
owasp
.
org
Curtis Koenig], and [mailto:irongeek@irongeek.com Adrian Crenshaw]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-Louisville|emailarchives=http://lists.owasp.org/pipermail/owasp-Louisville}}

Louisville

Louisville

Line 5:

Line 5:

== Upcoming Events ==

== Upcoming Events ==



==
Announcement from OWASP Louisville Chapter - MEETING NOV 11TH -
'''
TOM ESTON
'''
TO SPEAK!!! =
=

+

==
Past Events==



Meeting: Louisville OWASP
- '''Nov 11th , 11:30 AM – 1 PM'''

+

'''
Please note: videos of our meetings are below in the presentations sections. We will try to take video of each meeting based on the speaker
'
s permission. Demos may be omitted.
''
'

+

{|class
=
"collapsible collapsed wikitable"

+

|
-

+

! Past Events

+

|-

+

|
'''Nov 11th
2011
, 11:30 AM – 1 PM'''

'''Meeting Location:'''

'''Meeting Location:'''

Line 17:

Line 22:

'''Tom Eston''' is the manager of the SecureState Profiling Team. Tom leads a team of highly skilled penetration testers that provides attack and penetration testing services for SecureState’s clients. Tom focuses much of his research on new technologies such as social media, mobile devices and new web technology. He is the founder of SocialMediaSecurity.com which is an open source community dedicated to exposing the insecurities of social media. Tom is also a security blogger, co-host of the Security Justice and Social Media Security podcasts and is a frequent speaker at security user groups and national conferences including DerbyCon, Notacon, OWASP AppSec, Black Hat USA, DEFCON and ShmooCon.

'''Tom Eston''' is the manager of the SecureState Profiling Team. Tom leads a team of highly skilled penetration testers that provides attack and penetration testing services for SecureState’s clients. Tom focuses much of his research on new technologies such as social media, mobile devices and new web technology. He is the founder of SocialMediaSecurity.com which is an open source community dedicated to exposing the insecurities of social media. Tom is also a security blogger, co-host of the Security Justice and Social Media Security podcasts and is a frequent speaker at security user groups and national conferences including DerbyCon, Notacon, OWASP AppSec, Black Hat USA, DEFCON and ShmooCon.



+

|-



+

|'''
Chapter Meeting– Friday, May 21, 2010 11:30am-1pm - Lunch provided
'''



+



+



+



== Louisville OWASP (Open Web Application Security Project)
Chapter Meeting– Friday, May 21, 2010 11:30am-1pm - Lunch provided
==

+



+



+

'''To RSVP:'''  Just send a message to '''[mailto:brian.r.blankenship@gmail.com Brian Blankenship]''' and indicate how many are coming.

'''To RSVP:'''  Just send a message to '''[mailto:brian.r.blankenship@gmail.com Brian Blankenship]''' and indicate how many are coming.

Line 62:

Line 61:

'''Please sign up for our mailing list. We will not abuse the list or send many emails, but we’d like to use it to send out our meeting invites and reminders. Thank you so very much for your participation. You’re attendance and involvement make our group great and help attract the very best speakers in the industry!'''

'''Please sign up for our mailing list. We will not abuse the list or send many emails, but we’d like to use it to send out our meeting invites and reminders. Thank you so very much for your participation. You’re attendance and involvement make our group great and help attract the very best speakers in the industry!'''



+

|-



+

|'''
Louisville ISACA is having a Mini CEH training course / lab that I think everyone might be interested in.  We would like to share this with ISSA and OWASP members for the $700  price.
'''



+



===
Louisville ISACA is having a Mini CEH training course / lab that I think everyone might be interested in.  We would like to share this with ISSA and OWASP members for the $700  price.
===

+

'''Details are posted on our site: http://www.isacaky.org/2010/certified-ethical-hacker-ceh-training-may-13-14th/'''

'''Details are posted on our site: http://www.isacaky.org/2010/certified-ethical-hacker-ceh-training-may-13-14th/'''

Line 99:

Line 96:

skype: lorna.alamri

skype: lorna.alamri

lorna.alamri@owasp.org''

lorna.alamri@owasp.org''



+

|-



==  NEXT CHAPTER MEETING TBA ==

+

|
The January 2010 OWASP meeting featured a presentation from '''Rafal Los''' of HP.



+



==  Past Meetings ==

+



+



'''Please note: videos of our meetings are below in the presentations sections. We will try to take video of each meeting based on the speaker's permission. Demos may be omitted.'''

+



+



The January 2010 OWASP meeting featured a presentation from '''Rafal Los''' of HP.

+

'''''Speaker: Rafal Los on Flash and Web 2.0 security'''''

'''''Speaker: Rafal Los on Flash and Web 2.0 security'''''

'''Rafal Los, Security Specialist with Hewlett-Packard's Application Security Center (ASC), is an industry veteran who has worked in a variety of security positions— from consultant to Information Security Officer in the Fortune 100— within some of the most demanding business environments. Rafal’s unique blend of technical expertise and business knowledge enable him to teach audiences about security techniques, programs and processes that they can both understand strategically, and realistically apply. He has extensive experience in security testing, risk analysis and management, penetration testing and architecture and policy. Previous successes include building and implementing a successful web application security program for one of the largest and most diverse companies in the world.'''

'''Rafal Los, Security Specialist with Hewlett-Packard's Application Security Center (ASC), is an industry veteran who has worked in a variety of security positions— from consultant to Information Security Officer in the Fortune 100— within some of the most demanding business environments. Rafal’s unique blend of technical expertise and business knowledge enable him to teach audiences about security techniques, programs and processes that they can both understand strategically, and realistically apply. He has extensive experience in security testing, risk analysis and management, penetration testing and architecture and policy. Previous successes include building and implementing a successful web application security program for one of the largest and most diverse companies in the world.'''



+

|-

+

|

Line 121:

Line 113:

'''''Site takedown services, anti-phishing filters, and millions of dollars worth of protective technologies…..and the spear phishers are still successful! This presentation will discuss why this is the case. Today, phishing is a key component in a “hackers” repertoire. Phishers are combining social engineering with application security flaws in well known websites to make automated detection of targeted phishing attacks almost impossible. The result - hijacked online brokerage accounts, stolen identities and e-bank robberies. During this talk, I will present the techniques used by attackers to execute such spear phishing attacks, and real-world cases that I have responded to that will provide perspective on the impact. I will then discuss countermeasures that have been proven to be effective and are recommended by reputed bodies like SANS and Carnegie Mellon University.'''''

'''''Site takedown services, anti-phishing filters, and millions of dollars worth of protective technologies…..and the spear phishers are still successful! This presentation will discuss why this is the case. Today, phishing is a key component in a “hackers” repertoire. Phishers are combining social engineering with application security flaws in well known websites to make automated detection of targeted phishing attacks almost impossible. The result - hijacked online brokerage accounts, stolen identities and e-bank robberies. During this talk, I will present the techniques used by attackers to execute such spear phishing attacks, and real-world cases that I have responded to that will provide perspective on the impact. I will then discuss countermeasures that have been proven to be effective and are recommended by reputed bodies like SANS and Carnegie Mellon University.'''''



+

|-



+

|
The second OWASP meeting will featured a presentation from '''Adrian Crenshaw of Irongeek'''. Adrian is a Louisville based Security professional that has worked in the IT industry for the last twelve years.



The second OWASP meeting will featured a presentation from '''Adrian Crenshaw of Irongeek'''. Adrian is a Louisville based Security professional that has worked in the IT industry for the last twelve years.

+

'''Adrian runs the  information security website Irongeek.com, which specializes in videos and  articles that illustrate how to use various pen-testing and security tools. He's currently working on an MBA, but is interested in getting a network security/research/teaching job in academia. Please see the description from Adrian on his presentation on the 19th.'''

'''Adrian runs the  information security website Irongeek.com, which specializes in videos and  articles that illustrate how to use various pen-testing and security tools. He's currently working on an MBA, but is interested in getting a network security/research/teaching job in academia. Please see the description from Adrian on his presentation on the 19th.'''

Line 130:

Line 121:

'''''Description: A while back I wanted to start covering more web application pen-testing tools and concepts in some of my videos and live classes. Of course, I needed vulnerable web apps to illustrate common web security problems. I like the WebGoat project, but sometimes it's a little hard to figure out exactly what they want you to do to exploit a given web application, and it's written in J2EE (not a layman friendly language).  In an attempt to have something simple to use as a demo in my videos and in class, I started the Mutillidae project. Mutillidae is a deliberately vulnerable set of PHP scripts meant to illustrate the OWASP Top 10. This talk will cover installing Mutillidae in a test environment, and how to use it to illustrate the OWASP Top 10 web vulnerabilities in easy to understand terms.'''''

'''''Description: A while back I wanted to start covering more web application pen-testing tools and concepts in some of my videos and live classes. Of course, I needed vulnerable web apps to illustrate common web security problems. I like the WebGoat project, but sometimes it's a little hard to figure out exactly what they want you to do to exploit a given web application, and it's written in J2EE (not a layman friendly language).  In an attempt to have something simple to use as a demo in my videos and in class, I started the Mutillidae project. Mutillidae is a deliberately vulnerable set of PHP scripts meant to illustrate the OWASP Top 10. This talk will cover installing Mutillidae in a test environment, and how to use it to illustrate the OWASP Top 10 web vulnerabilities in easy to understand terms.'''''



+

|-



+

|
March 2009



+



March 2009

+

'''The first Louisville OWASP meeting was launched with the help of the Kentuckiana ISSA Chapter, on Friday March 6 2009. The Louisville OWASP chapter is closely associated with the Kentuckiana ISSA chapter and will offer ISSA members, other security professionals, application developers, and all other interested parties, a free forum to learn and discuss the newest developments in application security. Following March’s meeting, we will meet quarterly on a different day and time. The information on future meetings will be following soon. Please provide feedback to the board.'''

'''The first Louisville OWASP meeting was launched with the help of the Kentuckiana ISSA Chapter, on Friday March 6 2009. The Louisville OWASP chapter is closely associated with the Kentuckiana ISSA chapter and will offer ISSA members, other security professionals, application developers, and all other interested parties, a free forum to learn and discuss the newest developments in application security. Following March’s meeting, we will meet quarterly on a different day and time. The information on future meetings will be following soon. Please provide feedback to the board.'''

Line 139:

Line 128:

Everyone is welcome to join us at our chapter meetings.

Everyone is welcome to join us at our chapter meetings.

+

|-

+

|}

[[Category:OWASP Chapter]]

[[Category:OWASP Chapter]]

Line 148:

Line 139:

*[mailto:CHAlexander@ups.com Carl Alexander]

*[mailto:CHAlexander@ups.com Carl Alexander]

*[mailto:Brian.Blankenship@kindredhealthcare.com Brian Blankenship]

*[mailto:Brian.Blankenship@kindredhealthcare.com Brian Blankenship]



*[mailto:
jkoenig
@
humana
.
com
Curtis Koenig]

+

*[mailto:
curtis.koenig
@
owasp
.
org
Curtis Koenig]

*[mailto:irongeek@irongeek.com Adrian Crenshaw]

*[mailto:irongeek@irongeek.com Adrian Crenshaw]

Show more