" rel="stylesheet">
Skip Main Navigation
Page Content
This event has ended

OWASP Bay Area Application Security Summit - July 1st, 2010

Mandeep Khera, OWASP Bay Area Leader

Thursday, July 1, 2010 from 9:00 AM to 3:00 PM (PDT)

OWASP Bay Area Application Security Summit - July 1st,...

Ticket Information

Type End Quantity
OWASP Bay Area - July 1st, 2010 Ended Free  

Share OWASP Bay Area Application Security Summit - July 1st, 2010

Event Details

OWASP Bay Area will host its next Application Security Summit at the SAP Offices in Palo Alto on July 1st, 2010. As usual attendance is free and food and beverages will be provided. This is an excellent event with great speakers and a great opportunity to network with industry peers. The event is open to the public; please forward this invite to your colleagues and friends who are interested in computer and application security.

We have an excellent line-up of speakers.

Please note that due to security issues, your must pre-register. Badges will be ready for the registered attendees at the Executive Briefing Center (2nd Floor)  where you will check in.

WHAT: OWASP Bay Area Chapter - Application Security Summit
WHEN: Thursday, July 1st, 2010 - From 9 A.M. to 3.00 P.M. 
WHERE: SAP Offices, Palo Alto - See below for directions


8:45 AM - 9:00 AM ... Check-in, registration, breakfast, networking
9:00 AM - 9:15 AM ... Welcome Remarks and Overview of OWASP Bay Area - Mandeep Khera, Bay Area Chapter Leader

9:15 AM - 10:00 AM .... Drive By Downloads- How to Avoid Getting A Cap Popped in your App - Neil Daswani, Co-founder, Dasient
10:00 AM - 10:45 AM ...
Building Secure Web Applications In a Cloud Services Environment - Misha Logvinov, VP of Online Operations, IronKey and Alex Bello, Director  of Technical Operations and Product Security, IronKey
10:45 AM - 11:15 AM ... Networking Break, refreshments
11:15 AM - 12:00 Noon ...
Cloudy with a Chance of Hack - Lars Ewe, CTO and VP of Engineering, Cenzic
Noon - 1:30   -    Networking Lunch
1:30 PM - 2:15 PM ...
Application Security Deployment Tradeoffs - Anoop Reddy, Senior Manager, Products, Citrix
2:15 PM - 3:00
PM ... MashUp SSL - Extending SSL for Security Mashups - Siddharth Bajaj, Principal Engineer, Verisign

Detailed Abstracts and Speaker Bios

Drive By Downloads: How To Avoid Getting A Cap Popped In Your App: Which browser do you claim? What color is your screen-saver? It is a world wide hood out there, don’t let yourself become the next victim of a drive by… a drive by download. Email attachments have become synonymous with computer viruses and consumers have become accustom to questioning the legitimacy of email touting male enhancement drugs and lottery winnings. This means hackers are having to come up with new ways to distribute malware. Today, just by loading an infected webpage of from a legitimate website, a virus can be downloaded without any other interaction and will often go undetected. Once the virus is on a PC, hackers can access the computer remotely and steal sensitive information like banking passwords, send out spam or install more malicious executables.

In this talk, we describe in technical detail the "anatomy of a modern web-based malware attack." Web-based malware attacks have evolved significantly over the past 4 years. We present the state-of-the-art in web-based malware attacks and describe how the techniques used have evolved over time.
Bio -
Neil Daswani is a co-founder of Dasient, Inc., a security company backed by some of the most influential investors in Silicon Valley and New York. In the past, Neil has served in a variety of research, development, teaching, and managerial roles at Google, Stanford University, DoCoMo USA Labs, Yodlee, and Bellcore (now Telcordia Technologies). While at Stanford, Neil co-founded the Stanford Center Professional Development (SCPD) Security Certification Program (http://proed.stanford.edu/?security). He has published extensively, frequently gives talks at industry and academic conferences, and has been granted several U.S. patents. He received a Ph.D. and a master's in computer science from Stanford University, and earned a bachelor's in computer science with honors with distinction from Columbia University. Neil is also the lead author of "Foundations of Security: What Every Programmer Needs To Know" (published by Apress; ISBN 1590597842; http://tinyurl.com/33xs6g. More information about Neil is available at http://www.neildaswani.com.

Building Secure Web Applications: This presentation will go over core principles involved in launching secure web applications and effectively managing security in a cloud services environment. We will discuss best practices for implementing security programs, review examples of things done right and wrong, and address specific steps required for creating and maintaining a sustainable security framework for your web applications.
Bio - Misha Logvinov is the Vice President of Online Operations at IronKey. In this position, Mr. Logvinov and his team are responsible for designing, implementing and supporting a highly-scalable mission critical infrastructure for IronKey's next-generation security products and services. Mr. Logvinov brings to IronKey over a decade of management experience in information technology, operations and security. Throughout his career, he has been responsible for implementing hundreds of customer solutions, supporting millions of online users, managing complex backoffice applications and building some of the world's most secure online service environments. Prior to IronKey, Mr. Logvinov spent six years at Yodlee, one of the leading online financial service providers. He held various management roles during his tenure, most recently, as Director of Operations Delivery. Mr. Logvinov's earlier experiences included IT management at Outcome, Inc. and INTERSHOP Communications. Mr. Logvinov holds a BA in Business Administration from Plekhanov Russian Academy of Economics. He is a Certified Information Systems Security Professional (CISSP) and a Certified Information Security Manager (CISM).

Bio - Alex Bello has been involved in the computer security field for the last six years with over ten years of combined experience in technical operations, web application development and security. Mr. Bello is currently serving as the Director of Technical Operations and the Product Security Team Lead at IronKey. Mr. Bello is responsible for architecture, operations and security management of the IronKey online services portfolio as well as IronKey products security testing and research. Prior to IronKey, Mr. Bello spent over three years consulting for various security organizations on infrastructure architecture, security research and web application development projects. Earlier in his career, Mr. Bello managed technical operations at one of the biggest online social marketplaces. In addition to his work at IronKey, for the last five years Mr. Bello has been responsible for technical operations and engineering at Anti-Phishing Working Group (APWG) supporting data aggregation, processing and consumption technologies behind one of the largest anti-phishing UBLs.

Cloudy with a chance of a hack: Cloud computing is a cost effective and efficient way for enterprises to automate their processes. However organizations need to be aware of the pitfalls of the many cloud computing solutions out there - one of the main ones being security. Most of these solutions were built for ease of use and without necessarily security in mind. Companies should ask the solution provider the security measures used in developing the application and get an independent verification to make sure there are no gaping holes. With over 75% of attacks occurring through the Web, any attack through these applications can lead to leakage of confidential information and embarrassment.
Bio – Lars Ewe: Chief Technology Officer and VP of Engineering for Cenzic. Lars Ewe is a technology executive with broad background in (web) application development and security, middleware infrastructure, software development and application/system manageability technologies. Throughout his career Lars has held key positions in engineering and product management in a variety of different markets. Prior to Cenzic, Lars was software development director at Advanced Micro Devices, Inc., responsible for AMD's overall systems manageability and related security strategy and all related engineering efforts.

Application Security Deployment Tradeoffs: Application security tradeoffs and choices are made at various stages of application design, development and deployment. This talk will cover deployment aspects of application security. Based on experience in designing, developing and deploying application security solutions and products for the past 10 years, I will do a case study based analysis of security costs and tradeoffs. Specifically, we will correlate security choices during deployment with our observations regarding the relatively higher adoption of security features and products that have an incremental deployment plan over those that are more intrusive and/or are operationally more expensive.
Bio – Anoop Reddy Anoop Reddy has been working in Security and Application Firewalls for the past 8 years and has led many innovations as part of Teros and Citrix. He was the Architect and Technical Lead at Teros and now manages the Engineering Development for the Application Firewall product lines at Citrix.

MashSSL - Extending SSL for securing mashups: In this presentation we will describe MashSSL and how it can be used to solve a fundamental Internet security problem - when two web applications communicate through a potentially un-trusted user they do not have any standard way of mutually authenticating each other and establishing a trusted channel. MashSSL is a new multi-party protocol that has been expressly designed to inherit the security properties of SSL, and to be able to leverage its trust infrastructure. We will also discuss how this can be used to secure a variety of multi-party environments including mashups using Cross-domain XHR, OpenAJAX, as well as scenarios such as OpenID and OAuth.
Bio – Siddharth Bajaj is researching new technologies in the areas of Internet Trust, Identity and Authentication including how these can be applied to solve problems in verticals such as healthcare, online content and cloud computing. Siddharth has been with VeriSign since 1999 and has fulfilled variety of technical leadership roles. He was involved in the development of the VeriSign PKI services platform as well as the early conceptualization and architecture of more recent VeriSign products such as UA and VIP.


Venue and Directions:

3410 Hillview Ave, Palo Alto,
Building 1
Executive  Briefing Center (2nd Floor)


101 South (from San Francisco)

  1. Take Highway 101 South.
  2. Exit onto San Antonio Road South.
  3. Turn right at the first light onto E. Charleston Road.
  4. Continue on E. Charleston Road past El Camino Real. When you cross El Camino Real, E. Charleston Road becomes Arastradero Road.
  5. Continue on Arastradero Road past the Foothill Expressway.
  6. Turn right at stop sign onto Hillview Avenue.
  7. 3410 Hillview Avenue is on the left side of the road.

101 North (from San Jose)

  1. Take Highway 101 North.
  2. Take the San Antonio Road exit.
  3. Turn left at the stop sign and cross over Highway 101.
  4. Turn right at the first light onto E. Charleston Road.
  5. Continue on E. Charleston Road past El Camino Real. When you cross El Camino Real, E. Charleston Road becomes Arastradero Road.
  6. Continue on Arastradero Road past the Foothill Expressway.
  7. Turn right at stop sign onto Hillview Avenue.
  8. 3410 Hillview Avenue is on the left side of the road.

280 South (from San Francisco) From San Francisco Airport: Take 380 West to 280 South

  1. Take Highway 280 South.
  2. Take the Page Mill Road exit.
  3. Turn left at the stop sign onto Page Mill Road.
  4. Turn right onto Deer Creek Road.
  5. Turn left at stop sign onto Arstradero Road.
  6. Turn left at stop sign onto Hillview Avenue.
  7. 3410 Hillview is located on the left hand side of the road.

280 North (from San Jose)Take Highway 280 North

  1. Take the Page Mill Road exit.
  2. Keep right and merge onto Page Mill Road.
  3. Turn right onto Deer Creek Road.
  4. Turn left at stop sign onto Arstradero Road.
  5. Turn left at stop sign onto Hillview Avenue.
  6. 3410 Hillview is located on the left hand side of the road.


Have questions about OWASP Bay Area Application Security Summit - July 1st, 2010? Contact Mandeep Khera, OWASP Bay Area Leader

When & Where

SAP Offices
3410 Hillview Ave
Building 1
Palo Alto, CA

Thursday, July 1, 2010 from 9:00 AM to 3:00 PM (PDT)

  Add to my calendar


Mandeep Khera, OWASP Bay Area Leader

  Contact the Organizer
OWASP Bay Area Application Security Summit - July 1st, 2010
Palo Alto, CA Events Conference

Interested in hosting your own event?

Join millions of people on Eventbrite.

Please log in or sign up

In order to purchase these tickets in installments, you'll need an Eventbrite account. Log in or sign up for a free account to continue.