OWASP Austin

Home Page    Chapter Leadership    Study Groups    Past Events    Sponsorship    Event Archive


Welcome to the Austin chapter homepage. The Chapter Leader is Kyle Smith. See below for full list of all chapter leadership board.

Upcoming Events

Austin Security Professionals Happy Hour sponsored by Sonatype and NowSecure, February 13, 2020

When: Thursday, February 13th, 5:30 pm - 7:30 pm

Where: Brass Tap @ Domain Austin, 10910 Domain Dr, Austin, TX 78758 (across from the iPic Theaters). We meet in the separate room inside the bar, to the left as you enter. Parking: Park in either parking garages to the left or right of iPic (map of Domain).

What: The Austin Security Professionals Happy Hour is a monthly event coordinated by the Austin OWASP and Capital of Texas ISSA Chapters and sponsored by various companies. We try to meet every second Thursday of the month from January to September (but occasionally we make schedule adjustments when needed). The event is an informal social gathering of local information security professionals. If you’re involved with InfoSec or even if you have an interest, come on out for drinks, good food and conversation.

Sponsors: Sonatype and NowSecure

Sonatype: Sonatype is the leader in software supply chain automation technology with more than 300 employees, over 1,000 enterprise customers, and is trusted by more than 10 million software developers. Sonatype’s Nexus platform enables DevOps teams and developers to automatically integrate security at every stage of the modern development pipeline by combining in-depth component intelligence with real-time remediation guidance.
NowSecure: Everyone hates False Positives! Get the speed AND coverage you need with NowSecure automated mobile app security testing from the creators of FRIDA and RADARE. Speak with our security experts about OWASP Mobile Security Program, see our tools and get a free mobile app scan. Learn more at www.nowsecure.com.

RSVP: https://aus-sec-happy-hour-2020-02.eventbrite.com

back to top

OWASP Austin Chapter Meeting
February 25, 2020

When: Tuesday, February 25th @ 11:45 AM - 1:00 PM

Where: National Instruments, 11500 N. Mopac.Building C (Directions: GoogleMaps, MapQuest)

Title: Using Nmap’s XSLT switch to better organize result scan data

Nmap is an old-friend and one of the most-used tools in our box. On scans against large-scale networks, identifying ports with web applications might be easy using some common command line switches, but gathering the normal output to enumerate and identify targets is difficult. This talk is about using Nmap's XML output switch combined with customized XSLT documents to save time and organize the output in a format, such as CSV, that provides penetration testers with richer analysis capabilities or even HTML that is "report ready". We will look more closely at the XML output that Nmap provides (including NSE data) and learn how XSLT can be harnessed to derive usable custom documents. This talk will have application to some or all of the following OWASP Testing procedures: ASVS 9 Communication Security Requirements (9.1.1, 9.2.2) OTG-INFO-004 Enumerate Applications on Web Server OTG-CONFIG-006 Test HTTP Methods OTG-CRYPST-001 Testing for Weak SSL/TLS Ciphers, Insufficient Transport Layer Protection …others, as NSE scripts are applicable and the Penetration Testing Execution Standard


Mark Spears is a Sr. Security Consultant for Solis Security - an Austin-based security firm that performs DFIR, GRC, MSSP, and Penetration Testing where he currently leads the Red Team doing a lot IP-based and Web Application testing while mentoring his younger peers. Throughout Mark's 20+ years in the industry, he has been a:

· Programmer in a wide range of compiled and scripted languages but focused mainly on the Microsoft stack

· Teacher at different schools on all topics of database design, coding, and web development.

· Entrepreneur who wrote payments software as a Level 1 PCI Gateway and acting CISO for 8 years until helping bring the company to a sale.

· Virtual CISO for several companies simultaneously including multiple banks providing monthly security services, audit support, and annual Risk Assessments based on GLBA or other needed compliance frameworks.

· Constant student and teacher seeking mentors while mentoring.

</blockquote> RSVP: https://owasp-austin-2020-february.eventbrite.com [back to top](#welcome)