owasp denver june 2012 hosting
DESCRIPTION
Andy Lewis Chapter Leader Denver OWASP [email protected]. OWASP Denver June 2012 Hosting.com. Welcome!. You are at the Denver OWASP meeting Please set pagers & cellphones to stun Please thank our hosts, sponsor, & speakers: Hosting.com – Clint Pickney SilverTail Systems – Laz. - PowerPoint PPT PresentationTRANSCRIPT
Copyright © The OWASP FoundationPermission is granted to copy, distribute and/or modify this document under the terms of the OWASP License.
The OWASP Foundation
OWASP
http://www.owasp.org
OWASP DenverJune 2012Hosting.com
Andy LewisChapter LeaderDenver [email protected]
OWASP
Welcome!
You are at the Denver OWASP meetingPlease set pagers & cellphones to stunPlease thank our hosts, sponsor, & speakers: Hosting.com – Clint Pickney
SilverTail Systems – Laz
OWASP
Bathrooms, smoking, parking, etc
Parking - please use visitor parking. NOTE: they lock the garage at 9:30(?)
Smoking - outside in designated areasRestrooms – you’ll need an escortVending machines/food/drinks – pizza, beer,
and beverages provided by Hosting.com. Please drink responsibly.
Wireless – please don’t attach, don’t attack, don’t do anything else that would cause Hosting.com not to invite us back…
OWASP
Agenda
• Welcome• Introductions• Thank our hosts & raffle sponsors -
Hosting.com and SilverTail Systems• What’s an OWASP?• Pass the salt• Chapter Business• Tonight’s topic - “Emerging Threats"• Closing - Chapter Business, thank hosts, next
meeting, and tonight’s watering hole – right here!
OWASP 5
OWASP Mission (1st meeting, anyone?)Open non-profit charitable foundation dedicated to enabling
organizations make informed decisions to develop, maintain, and acquire software they can trust
Making Security Visible Through…
DocumentationTop Ten, Dev. Guide, Design Guide, Testing Guide, …
Tools*** ESAPI, *** WebGoat, WebScarab, Site Generator,
Report Generator, CSRF Guard, CSRF Tester, Stinger, Pantera, …
Working GroupsBrowser Security, Industry Sectors, Access Control (XACML),
Education, Mobile Phone Security, Preventive Security, OWASP SDL, OWASP Governance, RIA
SecurityCommunity and AwarenessLocal Chapters, Conferences, Tutorials, Mailing Lists
OWASP
OWASP Chapters – a GLOBAL phenomenon
6
OWASP
Pass the SaltLinkedIn got breached
• It happens • I hope you’ve changed your password, because LI saves
passwords as unsalted hashes…
How OWASP can help…
• Google “OWASP Password Storage Cheat Sheet”
• Notice the reference links for proscriptive guidance for java, php, etc
• Don’t reinvent the wheel (and look at the other cheat sheets too)
PASS THE SALT
Please share this with at least one Developer• Unsalted hashes should be a crime, but salting isn’t widely taught
• If your friend is way ahead, encourage him or her to add to the cheat sheets – salting routines for Joomla, Ruby, etc are still needed
Friends don’t let friends use unsalted hashes as passwords…
OWASP
Membership Benefits
OWASP
Denver Chapter BusinessSnowFROC! www.snowfroc.com NEED $$$ to reserve space!
• FROC Chair - Kathy Thaxton • NEED TO RESERVE SPACE NOW – please become a member
Membership…
• Please consider joining OWASP – it’s like PBS. Nobody’s coming into your living room to shake you down, but a portion of everything you donate goes directly the the Chapter
• Get a snazzy @owasp.org email address
Jobs – LinkedIn, others???
Staying current:• Mailing list
• Twitter @owasp303
• Linked in OWASP Denver group
Other chapter business?
OWASP
JobJob Title: Coding Compliance Officer Location: AURORA,CO
Duration: 3 months (Contract to Hire) Job#: 5295
Contact: Avinash 303-990-5876/77 [email protected]
Skills: MEDICAL CODING( 5.0+ YRS ) ,TRAINING( 5.0+ YRS ) ,HIPAA( 5.0+ YRS ) ,HEALTHCARE CLAIMS PROCESSING( 5.0+ YRS ) ,ICD-9/10( 5.0+ YRS ) ,MEDICAL BILLING( 5.0+ YRS )
J
ob Description:
The Coding Compliance and Education Specialist Coordinates and reports on day-to-day coding compliance, education, training and quality improvement functions within the Health Information Management department.
More details available from Avinash
OWASP
Next Meeting
• Next meeting will be September 19th
• 3rd Wednesday of the month
• Topic tbd – anybody got ideas for a topic and/or speaker?
• Final 2012 meeting will be in October – trying to get Wh1t3Rabbit (~70% chance right now)
OWASP
Tonight:Laz – “Emerging Threats”
About Laz - SnowFROC HeroPrior to his position as Directory of Strategy at SilverTail Systems, Laz
served as head of Information Security with the Sears Online Business Unit. He has been involved in IT security for the past 20 years, consulting with and auditing Fortune 500 companies and government agencies. Laz holds several patents for controlling personally identifiable information, Information Security, and Information Technology. He is also an active contributor to security standards and policies initiatives regarding compliance and Information Security methodologies, policies, and web application security. Laz is a published author, has served in the United States Air Force, holds a Masters in Computer Information Security from the University of Denver and an MBA from Pepperdine University.