Your invited to the OWASP Li chapter with presenters Ken Johnson and Jack Mannino on Thrusday April 25, 2013 at the TIBCO Offices in Garden CIty. Ken's AbstractWhile working to secure rails applications in a truly Agile development environment, it became clear that the Rails and Ruby ecosystem needed attention from the security community in the form of free and open training, and the events that have transpired within the last few months have only reinforced that belief. RailsGoat is an attempt to bring attention to both the problems that most frequently occur in Rails as well as the solutions for remediation. To accomplish this, we've built a vulnerable Rails application that aligns with the OWASP Top 10 and can be used as a training tool for Rails-based development shops.About the Speaker:Ken Johnson is the former Manager of LivingSocial.com's application security team where he built their security program before leaving for his true home as the CTO of nVisium Security, a VA-based application security company. Ken is the primary developer of the Web Exploitation Framework and contributes to other open source application security projects as often as time permits. He has spoken at AppSec DC 2010 and 2012, OWASP NoVA and Phoenix chapters, Northern Virginia Hackers Association (NoVAH) and is a contributor to the Attack Research team.Jack's Abstract:Like it or not, your developers copy and paste code and "borrow" ideas from open source projects. This presentation will detail the results of analyzing over 100,000 Android applications available publicly on GitHub. We will examine the most prevalent frameworks and libraries in use and discuss their implications for security. Our focus is less theoretical and more practical based on what developers are actually doing and using within their apps. From there, we will take a deeper look at common vulnerabilities that are systemic throughout the Android application ecosystem. We will look at specific examples of vulnerable real-world applications, and fix code on the fly.About the Speaker:Jack Mannino is the CEO of nVisium Security, a VA-based application security company. At nVisium, he helps to ensure that large corporations, government agencies, and software startups have the tools they need to build and maintain successful security initiatives. He is an active Android security researcher/tinkerer, and has a keen interest in identifying security issues and trends on a large scale. Jack is a leader and founder of the OWASP Mobile Security Project. He is the lead developer for the OWASP GoatDroid project, and is the chairman of the OWASP Northern Virginia chapter.
Meeting Attendee 0.00