OWASP Meeting in January – Title: DevOps and Security – A match made (and broken) in the cloud

No Comments

Screenshot from 2016-01-21 18:39:17

Date: Wed, 20 Jan 2016 10:17:30 -0700
From: Joaquin Fuentes <joaquin.fuentes@owasp.org>
To: owasp-phoenix@lists.owasp.org
Subject: [Owasp-phoenix] OWASP Meeting in January

Dear *Owasp-phoenix Subscribers,*

Happy New Year! I’m excited to announce our next OWASP Phoenix chapter meeting, which will be held at Early Warning on Thursday,  January 28.  Seth Law will be presenting on DevOps and Security – A  match made (and broken) in the cloud.

First time attendees should show up about 15-20 minutes early to  facilitate the badging process; a picture ID is required.  For return visitors, a RSVP through the meetup site will allow me to ask for your badge to be pre-printed.

Free pizza will be provided shortly before the presentation.

Notably, Seth Law is flying in to give us this presentation.  Thanks to
nVisium <https://nvisium.com> for sponsoring his travel.

Regards, Joaquin
If you use Meetup.com, please RSVP so that I know how many potential
attendees we might have.  http://www.meetup.com/owasp-phoenix

Details have been posted to the Chapter Page:
https://www.owasp.org/index.php/Phoenix

Jan 28: Seth Law

Title: DevOps and Security – A match made (and broken) in the cloud

Abstract: DevOps is the new Agile, allowing organizations to move faster and deploy code quicker. Yet in the quest for continuous delivery, security can fall by the wayside, opening an organization up to data exposure and malicious exploitation. This talk will cover current security research into the technology behind DevOps, examples of failures, and how to prevent the same from happening in your organization. Technologies discussed will include AWS, Git, Hudson/Jenkins, and more. In the end, the presentation should help attendees understand the risks involved in running a DevOps environment.

Bio: Seth Law is the Director of Research & Development at nVisium and
wrangles the research efforts into all areas of application security. An
experienced Application Security Professional with years of security
experience, Seth has worked in multiple disciplines, from software
development to network protection, as a manager, contributor, and speaker.
Seth explores the world of application security via @sethlaw.
————– next part ————–
An HTML attachment was scrubbed…
URL: <http://lists.owasp.org/pipermail/owasp-phoenix/attachments/20160120/c2276d8e/attachment-0001.html>

——————————

_______________________________________________
Owasp-phoenix mailing list
Owasp-phoenix@lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-phoenix

End of Owasp-phoenix Digest, Vol 84, Issue 1

DEF CON 24 Homework Begins!

No Comments

DEF CON 24 Homework Begins!

As you know, DEF CON 24’s theme is “Rise of the Machines”. To help you get up to speed on some of the ideas that inspired the theme, and get you thinking about the looming conflict between human and machine intelligences, we’re going to post some books, movies, and other media you might want to check out in advance of the con.

 

Source: DEF CON® Hacking Conference – Recent News

From Michael M

No Comments
Bitfork Members

The next OWASP Phoenix chapter meeting, which will be
held at Early Warning on Wednesday, October 14, 2015.  6:30 – 7:30

Nate Power is a Senior Security Penetration Tester working for Rapid7
Global Services. Nate is an expert at Web Application testing and seeking
out vulnerabilities in common frameworks.

Nate  is flying in from out of town to give the talk so lets all show up and represent. This would be a good venue to network.

If you use Meetup.com, please RSVP so that I know how many potential
attendees we might have.  http://www.meetup.com/owasp-phoenix

Details have been posted to the Chapter Page:
https://www.owasp.org/index.php/Phoenix

Wednesday, Oct 14
Time: 6:30 – 7:30 Location: Early Warning 16552 N 90th St Ste 100,
Scottsdale, AZ 85260
Room: Checkin with Security Officer, picture ID required
Title: *Hacking Corporate Em@il Systems*
Presenter(s): *Nate Power*
In this talk we will discuss current email system attack vectors and how
these systems can be abused and leveraged to break into corporate networks.
A penetration testing methodology will be discussed and technical
demonstrations of attacks will be shown. Phases of this methodology include
information gathering, network mapping, vulnerability identification,
penetration, privilege escalation, and maintaining access. Methods for
organizations to better protect systems will also be discussed.