Bay Area OWASP Meeting (San Francisco) March 18th @ 6PM - Gap Inc March 18, 2009

---

OWASP Bay Area will host its next meeting at Gap Inc in San Francisco on Wednesday, March 18th. As usual attendance is free and food and beverages will be provided. This will be an awesome event and a great opportunity to network with industry peers. The event is open to the public; please forward this invite to your colleagues and friends who are interested in computer and application security.

Back to the Future - Phishing and Malware by Brendan OConner, Saleforce.com
Abstract: The more things change, the more they stay the same. We'll take a trip back in time to look at the phishing and anti-malware solutions of the past. Why did they fail? With companies investing hundreds of thousands of dollars or more in these solutions, what does the future of this space look like and what tricks can you apply to stay one step ahead?
Bio: Brendan O'Connor is originally from the Midwest , currently residing in the Bay Area as a security engineer . He worked in security for a communications company for four years before switching to the financial sector in 2004 and onto Software as a Service in 2008. Brendan currently works on the Product Security team at Salesforce.com, where his duties include vulnerability research, security architecture, and application security.
Testing Methodologies: White-box, Gray-Box, Black-box or Something Else by Kirk Greene, Accuvant
Abstract: In this presentation we will discuss the different testing methodologies used when assessing the security of both binary applications as well as web-based applications. We will focus on the differences and advantages as they relate to black-box testing, white-box testing, gray-box testing, reverse engineering, and fuzzing. Unfortunately there is no one testing methodology that provides the best balance of time and accuracy for every application, in this talk we will provide metrics for helping decide what methodology should be used for what types of applications.
Bio: Kirk has been providing security consulting services for over a decade. Through that time Kirk has served clients in a variety of industries including federal and local government, healthcare, financial services, telecommunications, e-Commerce, fuel and natural gases, manufacturing, application service providers, gaming, Internet start-ups, and Internet service providers. In his tenure with Accuvant, Kirk has performed a variety of consulting and managerial responsibilities from developing and performing financial institution regulation audits to managing performing enterprise assessments for multi-national corporations. Kirk is a Certified Information Systems Security Professional (CISSP), ISS Certified Engineer, PCI Qualified Data Security Professional (QDSP), Qualified Payment Application Security Professional (QPASP).

Organized by SF-OWASP

---

Ticket Info:  Attendee, Free

Official Website: http://bayareaowasp-upcoming.eventbrite.com