If we have’t approached you, but you believe you have new research that the security community would enjoy hearing about, we invite you to submit your presentation topic for consideration. Preference will be given to speakers who can present new and innovative technical content to a broad audience.

To speak at upcoming OWASP Cleveland meeting please submit your bio and talk abstract via email to Sabrina Powers.

Chapter Meetings

To join the chapter mailing list, please visit our mailing list homepage. The list is used to discuss the meetings and to arrange meeting locations. Please check the mailing list before coming to a meeting to confirm the location and time and to catch any last minute notes.

The OWASP Cleveland chapter is sponsored by SecureState.

OWASP Foundation (Click Here For 2011 Overview Slides) is a professional association of global members and is and open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook.

As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button.

To be a speaker and any OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Cleveland OWASP chapter is sponsored by SecureState.

The chapter leader is Ken Stasiak

Please join us for the next Cleveland OWASP Chapter meeting taking place at SecureState Headquarters on Thursday, November 3from Noon-2pm. This meeting is free and open to the public. Lunch will be provided. Our guest speaker this month is John Jacott from Veracode’s Solutions Enablement Group. He will be speaking on “The Mobile App Top 10 Risks”. Talk abstract and speaker bio is below:

“The Mobile App Top 10 Risks”

Rapid adoption of mobile devices and mobile apps has created a significant and unbounded security risk for the enterprise.  The mobile app threat is quickly progressing from simple “premium SMS and call” attacks that directly monetize by running up the victim’s bill, to full- blown mobile botnet functionality. Enterprises must recognize the need to enable a mobile workforce with meaningful applications that allow them to be productive, while maintaining the security of sensitive data on the device and internal networks.

Modern mobile applications run on mobile devices that have the functionality of a desktop or laptop running a general purpose operating system. In this respect, many of the risks are similar to those of traditional spyware, Trojan software, and insecurely designed apps. However, mobile devices are not just small computers. Mobile devices are designed around personal and communication functionality, which make the top mobile applications risks different from the top traditional computing risks.

Mr. Jacott will discuss the mobile app top 10 list and provide some insight into mobile research conducted.

Speaker Bio:

Mr. Jacott has over 15 years of experience and leads Veracode’s Solutions Enablement group for partners and strategic accounts. His extensive auditing experience, lately as PCI QSA and IRCA Lead Auditor for Information Security Management Systems, provides a complete and pragmatic perspective on application security and information security controls. He has worked as an Information Security Consultant and Information Security Program Manager for several large Fortune 100 firms. 

Seats are filling fast! Please RSVP to Sabrina Powers via email (spowers@securestate.com) ASAP to reserve your seat.

When:
November 3,2011 Noon-2pm

Where:
SecureState Headquarters
23340 Miles Road
Cleveland, OH 44128

Upcoming Cleveland OWASP Meeting Thursday, August 18, Noon to 2 p.m. SecureState Headquarters (23340 Miles Road, Bedford Heights, OH 44128) Featuring Rafal Los, “You’re Going to Need a Bigger Shovel – A Critical Look at Software Security Assurance”.

As always, Open Web Application Security Project (OWASP) is free and open to the public, but you must RSVP. Lunch will be provided. Please RSVP to Sabrina Powers, via email by August 16th: spowers@securestate.com

“You’re Going to Need a Bigger Shovel – A Critical Look at Software Security Assurance”

Talk Abstract: OWASP has certainly pushed forward many great advancements in Software Security Assurance, yet you are still fighting your organization to allow you to scan applications before they go live. Somewhere between the avalanche of site breaches, new technologies, and new apps, you are going to need a better strategy. Let’s face it, if you want to keep playing the game with today’s rules, you’re going to need a bigger shovel… or you can simply choose to evolve your game.

This talk will cover why Software Security Assurance programs are still lagging in a majority of organizations, and provide a critical look at how a shift in strategy can help you fall behind a little slower.

Speaker Bio: Rafal Los is a Global Security and Cloud Strategist for the software business at Hewlett-Packard (HP). Rafal brings together a decade and a half of security expertise coupled with a deep understanding of consumer and enterprise technology trends. Rafal combines knowledge of industry, customer, and technology solutions- bridging the gaps between security technologies and business needs, such as elastic, cloud-based computing.

Rafal focuses on how organizations can demonstrate the business value of security, and cloud solutions by implementing practical ideas and measuring risk reduction. He has spent over 12 years in various facets of information security and data protection, from technical research to building programs at companies ranging from startups to Fortune 50 enterprises. Rafal is a regular speaker at public and private information security and quality conferences (including OWASP, SecTor, Defcon, Black Hat, SANS, and others). Additionally, Rafal contributes regularly to organizations, such as OWASP and others promoting education, openness, and standards.

Prior to joining HP, Los led the web application security program and served as a security lead at a Global Fortune 100. Los also worked with various sub-businesses by leading security engineering, architecture, and by building web application security programs. Los has a long history of strategic success with organizations large and small, providing critical strategic leadership on products, services, and strategy.

Rafal received his B.S. in Computer Information Systems from Concordia University, River Forest, Illinois.

SecureState is proud to sponsor the Cleveland chapter of OWASP and we are bringing back the quarterly meetings by bringing in some of the top speakers in the application security community.  This quarter we have web application security ninja Kevin Johnson that will be speaking.  The title of his talk is “Ninja Developers: Application Security Testing and Your SDLC”.

Talk Abstract

The security of enterprise software is one of the key risks organizations can start to control today.  As new applications are developed and legacy software is updated, incorporating a measure of security testing can be one of the most critical ways to positively impact an organizations security posture.  To properly validate the security of enterprise applications a 3rd party penetration test or assessment may be enlisted – but the cost of testing each application quickly makes this impractical.  This situation presents a challenging problem.  In this presentation, penetration testing ninja Kevin Johnson of Secure Ideas will explain how your development staff can incorporate techniques distilled from years of experience into your organizatio’s development and release methodology.  Whether you’re using Agile, RUP or Google programming, these tips and tricks will enable your developers to produce higher quality, more secure code right from the start.  Kevin will reveal some of the secrets of the masters learned from experience and industry leadership over the past decade – and show you how you can insert security into your software development lifecycle with minimal disruption and maximum effectiveness.

Speaker Bio

Kevin Johnson is a security consultant and founder of Secure Ideas. Kevin came to security from a development and system administration background. He has many years of experience performing security services for fortune 100 companies, and in his spare time he contributes to a large number of open source security projects. Kevi’s involvement in open-source projects is spread across a number of projects and efforts. He is the founder of many different projects and has worked on others. He founded BASE, which is a Web front-end for Snort analysis. He also founded and continues to lead the SamuraiWTF live DVD. This is a live environment focused on Web penetration testing. He also founded Yokoso and Laudanum, which are focused on exploit delivery. Kevin is a certified instructor for SANS and the author of Security 542: Web Application Penetration Testing and Ethical Hacking. He also presents at industry events, including DEFCON and ShmooCon, and for various organizations, like Infragard, ISACA, ISSA, and the University of Florida.

As always, the Cleveland OWASP Chapter meetings are FREE and lunch is included!  However, you need to RSVP soon as seats are filling fast.  Please RSVP to Sabrina Powers via email: spowers@securestate.com.  Our meeting this month will be hosted at SecureState headquarters:

When: Tuesday, March 22nd Noon – 2pm
Where: SecureState, 23340 Miles Road, Cleveland, OH 44128
Lunch is provided.  Free and open to the public but you must RSVP!

Also be sure to sign up on the official OWASP Cleveland Chapter mailing list for future meeting announcements!