Software
Security Practitioners' Forum (August 25, 2008) [VMware]
Submitted by tintagel on Mon, 2008-08-25 18:30. Events | Meetings | Software | SPF | Vendor2008-08-25 19:00
2008-08-25 21:00
Etc/GMT-7
The monthly meeting of the Security Practitioners' Forum (Security Users' Group)
- **Special Note**
- Be sure to check out the special event ISSA Security Forum that preceeds our regularly scheduled meeting. The event is free to attend for AZSPF mambers and guests, just be sure to pre-register.
- Topic: VMware
- VMware & Security
- Presenter: Rob Randell
Virtualization is becoming a very hot topic in IT industry and in datacenters around the world. Along with the popularity comes the inevitable security concerns associated with any new technology. Virtualization is no exception to that rule. In this presentation, Rob Randell, Senior Security Specialist at VMware will talk about the security implications of virtualization. Included in this talk will be a general virtualization overview covering the different types of virtualization in the market today focusing mostly on the most recognized form, being hardware virtualization. Also covered will be the security concepts introduced by virtualization, security advantages of virtualization, and common concerns and misconceptions will also be covered.
About the Speaker:
Rob Randell. CISSP is a Senior Security Specialist at VMware where he is responsible for working with customers to help them understand the security stance of VMware and its platforms . Rob has over 14 years of experience in the IT world and over 10 years in the Security industry. Rob came to VMware as part of the acquisition of Determina, which provided software to provide true zero day protection of the most critical memory based vulnerabilities. Prior to Determina Rob was a Senior SE at Webroot software and Vericept Corporation in which he was responsible for building the SE team. Rob spent over six years prior to these positions on the operations side of the house managing and securing datacenters in the telecom industry.
Security Practitioners' Forum (February 25, 2008) [Building Malware]
Submitted by tintagel on Mon, 2008-02-25 18:30. Exploits | Meetings | Methodology | Research | Software | SPF2008-02-25 18:30
2008-02-25 20:30
Etc/GMT-7
The monthly meeting of the Security Practitioners' Forum (Security Users' Group)
- Topic: Building Malware.
- Learn to think like the Black Hats to better defend ourselves.
- Presenter: Erik Graham et. al. plus forum participation!
At the February '08 AZSPF meeting we will discuss the the topic of Building Malware. This will be a highly interactive discussion lead by an industry expert with practical hands-on malware analysis experience. During the discussion we will conceptually design a piece of malware in pseudocode to illuminate the subject and facilitate discussion of catching/preventing malware.
The Arizona Security Practitioner's Forum is an organic group for InfoSEC Professionals.
QuietMove Web Application Security Training (December 3 - 7, 2007)
Submitted by tintagel on Wed, 2007-11-14 00:39. Risk Analysis | Software | Training | Vendor | Vulnerabilities2007-12-03 08:00
2007-12-07 17:00
Etc/GMT-7
Dec. 3-7 in San Diego
3 Tracks of Web Application Security Training
QuietMove in cooperation with Business Partners Solutions will be conducting web application security training the week of Dec 3-7.
Learning about the threats, countermeasures, and immediately applicable development strategies which can be used to integrate security into your Software Development Life Cycle (SDLC) is a proven risk reduction strategy.
All classes qualify as OWASP Top Ten Training, per v1.0 and v1.1 of the PCI Data Security Standard (PCI DSS).
Phoenix OWASP (November 8, 2007) [TBD]
Submitted by tintagel on Wed, 2007-03-21 10:56. Applied | Events | Meetings | Software | Vulnerabilities2007-11-08 18:30
2007-11-08 20:00
Etc/GMT-7
What: Phoenix OWASP
Where:
UAT - University of Advancing Technology
Auditorium
2625 West Baseline Road
Tempe, Arizona
85283-1056
Entrance back of building
When
6:30PM, Thursday, November 8th
Agenda
- 6:30 to 6:45 News & Introductions
- 6:45 to 7:45 (1 hour): TBD Presenter / Presentation
- 7:45 to 8:00: Wrap up
- 8:00: Social @ The Tilted Kilt
Tilted Kilt
Phoenix OWASP (September 13, 2007) [TBD]
Submitted by tintagel on Wed, 2007-03-21 10:55. Applied | Events | Meetings | Software | Vulnerabilities2007-09-13 18:30
2007-09-13 20:00
Etc/GMT-7
What: Phoenix OWASP
Where:
UAT - University of Advancing Technology
Auditorium
2625 West Baseline Road
Tempe, Arizona
85283-1056
Entrance back of building
When
6:30PM, Thursday, September 13th
Agenda
- 6:30 to 6:45 News & Introductions
- 6:45 to 7:45 (1 hour): TBD Presenter / Presentation
- 7:45 to 8:00: Wrap up
- 8:00: Social @ The Tilted Kilt
Tilted Kilt
Phoenix OWASP (July 12, 2007) [TBD]
Submitted by tintagel on Wed, 2007-03-21 10:53. Applied | Events | Meetings | Software | Vulnerabilities2007-07-12 18:30
2007-07-12 20:00
Etc/GMT-7
What: Phoenix OWASP
Where:
UAT - University of Advancing Technology
Auditorium
2625 West Baseline Road
Tempe, Arizona
85283-1056
Entrance back of building
When
6:30PM, Thursday, July 12th
Agenda
- 6:30 to 6:45 News & Introductions
- 6:45 to 7:45 (1 hour): TBD Presenter / Presentation
- 7:45 to 8:00: Wrap up
- 8:00: Social @ The Tilted Kilt
Tilted Kilt
Phoenix OWASP (May 10, 2007) [TBD]
Submitted by tintagel on Wed, 2007-03-21 10:48. Applied | Events | Meetings | Software | Vulnerabilities2007-05-10 18:30
2007-05-10 20:00
Etc/GMT-7
What: Phoenix OWASP
Where:
UAT - University of Advancing Technology
Auditorium
2625 West Baseline Road
Tempe, Arizona
85283-1056
Entrance back of building
When
6:30PM, Thursday, May 10th
Agenda
- 6:30 to 6:45 News & Introductions
- 6:45 to 7:45 (1 hour): TBD Presenter / Presentation
- 7:45 to 8:00: Wrap up
- 8:00: Social @ The Tilted Kilt
Tilted Kilt
File and Directory Enumeration with Google Sitemap
Submitted by tintagel on Sun, 2006-10-15 22:17. Exploits | Software | VulnerabilitiesOur friend Adam Muntner recently blogged about an undocumented (probably unplanned) feature of Googls's Sitemap XML protocol. Tuens out it makes finiding unpublished content on webservers even easier! In this blog entry Adam expalains how it works.
"While playing with the Google Webmaster tools, I came across the “Sitemap” XML protocol which is used to inform search engines about pages on your website that are available for crawling... Far more interesting - you can find pages in the sitemap.xml which would not be indexed if it weren’t for the Sitemap protocol."
I wonder if Governor Schwarzenegger is worried!
Shared Libraries, Code Execution & Security
Submitted by tintagel on Mon, 2006-08-14 09:05. Applied | Research | SoftwareSecurity Focus have Part 1 in a series of articles about shared libraries in Linux and Windows posted. It is a good primer for the security professional with some coding experience.
Open Source Malware Search Engine
Submitted by tintagel on Wed, 2006-07-19 16:11. Exploits | Research | Software | VulnerabilitieseWeek are reporting that HD Moore has released a Malware Search Engine that can find live malware binaries and source through Gogle. From the article: "The new Malware Search project provides a Web interface that allows anyone to enter the name of a known virus or Trojan and find Google results for Web sites hosting malicious executables." According to a Slashdot post: "The tool then searches for actual malware signatures and uses the signature output from ClamAV to find the name of the malware. This is then used in conjunction with a PE signature matching method to form a Google query. Afterwards the malware can then be downloaded directly from Google."
