FOR IMMEDIATE RELEASE:
Open Web Application Security Project (OWASP) announces AppSec USA 2010, the premiere web application security conference in North America
Los Angeles, California – July 9, 2010 - Open Web Application Security Project (OWASP) announces AppSec USA, which will be held from September 7 to 10 at the University of California at Irvine.
The conference consists of two days of in-depth training classes on September 7 and 8, followed by two days of plenary sessions on September 9 and 10. BOF (Birds of Feathers) sessions and panel discussions round out the conference offerings.
Jeff Williams, keynote speaker and Chairman of the OWASP Foundation notes, “Software is simultaneously getting radically more critical, complex, and interconnected. This creates a perfect storm for attackers, who are having a field day with our systems. We will never hack our way secure. Instead, we need to change the way we think about software, build software, and buy software. OWASP's audacious goal is to reach all developers everywhere and help them build rugged code - because our future depends on it”.
Williams continues, “I've attended many OWASP AppSec Conferences, and they truly bring together the leading researchers, innovators, and community leaders to focus on application security in a free and open noncommercial forum. There's a fantastic sense of community and shared purpose. We encourage anyone interested in secure code to come and find out what application security is all about. Our 501(c)(3) not-for-profit status allows us to keep prices extremely low”.
Another keynote speaker, Bill Cheswick, is a well known security researcher with AT&T Research; his very popular book Firewalls and Internet Security has influenced many security practitioners.
The third keynote speaker, David Rice, is an internationally recognized information security professional. Mr. Rice , author of the highly acclaimed book, Geekonomics, which promotes awareness of the true cost of insecure software, made significant contributions to advance the security of our nation’s critical infrastructure.
HD Moore, the final keynote speaker, is widely acclaimed for his creativity and technical skills, and brings a distinct perspective to AppSec. Mr. Moore’s best known contribution to the security community is the Metasploit Project, an open-source project which can be used to find vulnerabilities in computer systems in order to protect or exploit them.
Irvine, located in Southern California, is beautiful year-round and the UC Irvine campus offers famous architecture, a large park, art, and modern facilities in a pleasant environment. Irvine is situated in the heart of Orange County and is next door to Los Angeles, San Diego, and many other attractions.
Richard Greenberg, Co-Chair of Conference Organizing Committee, says, “If you can only get away from the office for one conference, this is it. We all are aware of the insidious exploits taking advantage of all types of application security vulnerabilities”.
Greenberg continues, “We need to learn from the experts in order to counter the attacks - to build solid and secure applications. The knowledge we pride ourselves of amassing is insufficient to meet the new evolving threats. Only by sharing our collective wisdom and experiences can we realistically expect to protect our assets”.
The conference is still soliciting sponsors of different levels.
For more information on sponsorship, or to register, please visit http://www.AppSecUSA.org or contact Kate Hartmann at kate.hartmann@owasp.org.
Friday, July 09, 2010
Tuesday, February 16, 2010
Know Your Neighbor
Protecting sensitive and confidential information at work is everyone's job. There are usually a vast amount of security protections in place, but there are additional safeguards we can all practice.
Something as simple as knowing who your neighbors are can go a long way towards providing these protections. If you know who should be in the neighboring office or looking at the computer on the next desk, you can help protect information by making sure that the person you observe has a right to be there. If you do not believe that the person has that right, asking the simple questions like, “Who are you?” and, “Why are you here?” can be a tremendous help. Asking your supervisor if the person has a right to be there is another way to protect information. As supervisors and managers, you must respect and support your subordinates’ inquiries.
It is everyone’s responsibility to look out for and report any suspected Privacy or Security breach. You don’t have to be sure there is a breach, you just have to be observant. If something doesn’t look right, alert the people who have the job of being sure. This responsibility to be observant and report what doesn’t look right can protect more than just information. This is a good practice at any time.
The simple question you need to ask yourself is, “If it was my information being displayed, should this person be looking at it or taking it away? If you don’t like the answer, do the right thing and report the situation in a timely manner, before it can become a security incident. Notify your supervisor or your Help Desk if you think things are not right. It is all of our jobs!
Wednesday, July 08, 2009
Be Careful with Facebook and Other Social Sites
The information you post online could be used by those with malicious intent to conduct social engineering scams and attempt to steal your identity or access your financial data. In addition, the sites are increasingly sources of worms, viruses and other malicious code. You may be prompted to click on a video on someone's page, which could bring you to a malicious website, for example. If you are accessing a site that has malicious code your machine could become infected. For examples of some common social networking scams, visit the Council of Better Business Bureaus.
It's also important to realize that information you post can be viewed by a broad audience, and could have lasting implications. College admissions officers and school administrators, for example, do visit these sites and in some cases, admissions have been denied to applicants, or disciplinary actions have been taken because of information or photos posted online. Employers also review these sites for information about potential job applicants.
What can you do to protect yourself?
1) Make sure your computer is protected before visiting sites - make sure you have a firewall and anti-virus software on your computer and that it is up-to-date. Keep your operating system up-to-date as well.
2) Do not assume you are in a trusted environment - just because you are on someone's page you know, it is still prudent to use caution when navigating pages and clicking on links or photos, because links, images or other content contained on the pages may include malicious code.
3) Be cautious in how much sensitive and/or personal information you provide - remember that the more information you post, the easier it may be for an attacker to use that information to steal your identity or access your data. Never post confidential information.
4) Use common sense when communicating with users you DO know - confirm electronic requests for loans or donations from your social networking friends and associates. The communications could be from someone who has stolen the credentials of the person you know with the intent of scamming as many people as possible.
5) Use common sense when communicating with users you DON'T know - be cautious about whom you allow to contact you or how much and what type of information you share with strangers online.
6) Understand what information is collected and shared - pay attention to the policies and terms of the sites; they may be sharing your email address or other details with other companies.
7) Make sure you know what sites your child is visiting - be involved in your child's activities and know with whom he/she is communicating and what information is being posted by them or about them by others.
8) Be aware of any expectations or limitations on your presence as an official government employee (e.g., conducted during non-business hours versus business hours, providing personal versus official department opinions, etc.).
For additional information on social networking tips visit:
Cyber Safety for Children: www.cybersafety.ca.gov
US-CERT: http://www.us-cert.gov/cas/tips/ST06-003.html
Stay Safe Online: http://www.staysafeonline.info/content/social-networking
Cyber Smart:, http://cybersmartcurriculum.org/safetysecurity/networking/
GetNetWise: http://kids.getnetwise.org/safetyguide/technology/socialnetworking
OnGuard Online: http://www.onguardonline.gov/topics/social-networking-sites.aspx and http://www.onguardonline.gov/topics/safety-tips-tweens-teens.aspx
TechMission, Inc. Safe Families: http://www.safefamilies.org/socialnetworking.php
It's also important to realize that information you post can be viewed by a broad audience, and could have lasting implications. College admissions officers and school administrators, for example, do visit these sites and in some cases, admissions have been denied to applicants, or disciplinary actions have been taken because of information or photos posted online. Employers also review these sites for information about potential job applicants.
What can you do to protect yourself?
1) Make sure your computer is protected before visiting sites - make sure you have a firewall and anti-virus software on your computer and that it is up-to-date. Keep your operating system up-to-date as well.
2) Do not assume you are in a trusted environment - just because you are on someone's page you know, it is still prudent to use caution when navigating pages and clicking on links or photos, because links, images or other content contained on the pages may include malicious code.
3) Be cautious in how much sensitive and/or personal information you provide - remember that the more information you post, the easier it may be for an attacker to use that information to steal your identity or access your data. Never post confidential information.
4) Use common sense when communicating with users you DO know - confirm electronic requests for loans or donations from your social networking friends and associates. The communications could be from someone who has stolen the credentials of the person you know with the intent of scamming as many people as possible.
5) Use common sense when communicating with users you DON'T know - be cautious about whom you allow to contact you or how much and what type of information you share with strangers online.
6) Understand what information is collected and shared - pay attention to the policies and terms of the sites; they may be sharing your email address or other details with other companies.
7) Make sure you know what sites your child is visiting - be involved in your child's activities and know with whom he/she is communicating and what information is being posted by them or about them by others.
8) Be aware of any expectations or limitations on your presence as an official government employee (e.g., conducted during non-business hours versus business hours, providing personal versus official department opinions, etc.).
For additional information on social networking tips visit:
Cyber Safety for Children: www.cybersafety.ca.gov
US-CERT: http://www.us-cert.gov/cas/
Stay Safe Online: http://www.staysafeonline.
Cyber Smart:, http://cybersmartcurriculum.
GetNetWise: http://kids.getnetwise.org/
OnGuard Online: http://www.onguardonline.gov/
TechMission, Inc. Safe Families: http://www.safefamilies.org/
Subscribe to:
Posts (Atom)
