Embed Size (px)
Citation preview
OWASP FoundationOWASP does not endorse or recommend commercial products or services, allowing our community to remain vendor neutral with the
collective wisdom of the best minds in software security worldwide.
OWASP Foundation, NYC Chapter Exploits & Innovation
OWASP was established in 2001. In 2004 it
became a 501(c)(3) not-for-profit charitable
organization focused on improving the security
of software.
The mission is to make software security visible
so that individuals and organizations worldwide
can make informed decisions about true
software security risks.
Everyone is free to participate in OWASP and
all of our materials are available under a free
and open software license.
12/7 AGENDA
6:00pm Welcome Networking / Social
6:15pm Royal Hansen, Goldman Sachs
6:30pm iOS Spelunking, Mikhail Sosonkin
7:30pm “Goldfish Pond” w/ Joe Bernik
● SimpleRISK, Josh Sokol● OpCode41, Ken Belva
8:30pm State of Bug Bounties, Leif Dreizler
9:30pm After Party
THANK YOU!OWASP Leaders, Members
Meet-Up Attendees
Venue Host - Goldman Sachs
Tonight’s Meeting Sponsors
Hewlett Packard, ProactiveRISK, Synack, Lifars, Illumio, LogRhythm
NYCSeed, ff Venture Capital
Thank you to our our corporate supporters that enable us to make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks
LOCAL SUPPORT PROVIDED BYers
Corporate Membership
2015 Chapter Summary Wrap Up
Active events
- Project Sprints- Virtual Village- Cheat Sheets- Top 10 IR- ++Other projects
Active people
125
2016 Chapter Goals
Quarterly Chapter Meetings
Career Development / Training
Project Sprints
Highlight & Promote Innovation
Membership Growth
<insert your area of focus>
Got Idea, Training, Talk, Project?
“01100011 01101111 01100100 01100101”
Open-Source
Tactical and Practical
SUBMIT ONLINE Speaker Committee Selection
How Can You Help?Local / Global Technical Committee
- Improve X- Projects- Speakers
Local / Global Business Committee
- Improve Y- Events- Logistics
2016 Leadership● Determine mission and purpose. It is the board's
responsibility to create and review a statement of mission and purpose that articulates the organization's goals, means, and primary constituents served.
● Select the chief executive. Boards must reach consensus on the chief executive's responsibilities and undertake a careful search to find the most qualified individual for the position.
● Support and evaluate the chief executive. The board should ensure that the chief executive has the moral and professional support he or she needs to further the goals of the organization.
● Ensure effective planning. Boards must actively participate in an overall planning process and assist in implementing and monitoring the plan's goals.
● Monitor and strengthen programs and services. The board's responsibility is to determine which programs are consistent with the organization's mission and monitor their effectiveness.
● Ensure adequate financial resources. One of the board's foremost responsibilities is to secure adequate resources for the organization to fulfill its mission.
● Protect assets and provide proper financial oversight. The board must assist in developing the annual budget and ensuring that proper financial controls are in place.
● Build a competent board. All boards have a responsibility to articulate prerequisites for candidates, orient new members, and periodically and comprehensively evaluate their own performance.
● Ensure legal and ethical integrity. The board is ultimately responsible for adherence to legal standards and ethical norms.
● Enhance the organization's public standing. The board should clearly articulate the organization's mission, accomplishments, and goals to the public and garner support from the community.
Active Chapters Globally
OWASP AppSecEMEA 2016June 27 - 1 July Rome Italy
HACKNYC 2016July 18th - 21st
● Call for Trainers!● Hackathon● Bug Bounty
OWASP AppSecUSA 2016October 11-14, Washington, DC
New York Metro Joint Cyber Security ConferenceOctober 2016
InfraGard - New York Metro
ISACA - New York Metro
ISACA - New Jersey
ISACA - Greater Hartford CT
(ISC)2 - New Jersey
ISSA - New York
OWASP - NYC, LI, BKLN
HTCIA - Northeast Region
ACFE - New Jersey
HELP WANTED
FREE TRAINING Welcome to the OWASP Video Collection ONLINE: www.owasp.org
1.1 OWASP AppSecUSA 2015 Conference 1.2 OWASP NYC Cyber Security Channel 1.3 OWASP AppSecEU 2015 Conference 1.4 OWASP Global Webinars 1.5 OWASP AppSecUSA 2014 Conference 1.6 OWASP AppSec Europe 2014 Conference 1.7 OWASP AppSec California 2014 Conference 1.8 OWASP AppSecUSA 2013 Conference 1.9 OWASP AppSec EU Research 2013 Conference 1.10 OWASP AppSec Video Tutorial Series w/ Jerry Hoff 1.11 OWASP AppSecUSA 2012 Conference 1.12 OWASP AppSecUSA 2011 Conference 1.13 OWASP Summit 2011 1.14 OWASP Appsec DC 2010 Conference 1.15 OWASP USA 2010 Conference 1.16 OWASP EU 2010 Conference 1.17 OWASP FROC 2010 Conference 1.18 OWASP USA 2009 Conference 1.19 OWASP AppSecEMEA 2009 Conference 1.20 OWASP Israel 2008 1.21 OWASP AppSecUSA 2008 Conference 1.22 OWASP SnowFROC 1.23 OWASP Minneapolis/St. Paul (OWASP MSP)
The Software Assurance Forum for Excellence in Code (SAFECode) is a non-profit organization exclusively dedicated to increasing trust in information and communications technology products and services through the advancement of effective software assurance methods. SAFECode is a global, industry-led effort to identify and promote best practices for developing and delivering more secure and reliable software, hardware and services.
Courses include:
● Introduction to Cryptography Secure● Memory Handling in C● Threat Modeling● Secure Java Programming● Cross Site Scripting (XSS)● Product Penetration Testing● Auth 101: A Passwords Backgrounder for Everyone● DOH: Default, Obscure and Hidden Content for Everyone● An Introduction to Windows Access Controls● File Permissions Linux and OS X Injections● SQL and Beyond CSRF● Cross Site Request Forgery for Everyone
Details: https://training.safecode.org/courses
Community
Questions
