OWASP Nashville

Welcome to the OWASP Nashville Chapter!

OWASP Nashville

Although COVID has created unprecedented challenges for all of us, OWASP Nashville is alive and well! We will be meeting in October. See below for details!

The chapter leaders are Mark Geeslin, Joel Tomassini, Brandon Evans, and Casey Rosini.

Next Meeting / Event

Meetup

OWASP Nashville meetings are posted on our Meetup page. Please visit http://www.meetup.com/OWASP-Nashville-Chapter for all chapter event information.

Join the OWASP Nashville group on Meetup to be notified when the details of the next event are published.

Participation

The Open Web Application Security Project (OWASP) is a nonprofit foundation that works to improve the security of software. All of our projects, tools, documents, forums, and chapters are free and open to anyone interested in improving application security.

Chapters are led by local leaders in accordance with the Chapter Leader Handbook. Financial contributions should be made online using the authorized online donation channels. To be a speaker at any OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP Project, independent research, or related software security topic you would like to present.

Everyone is welcome and encouraged to participate in our Projects, Local Chapters, and Events. We especially encourage diversity in all our initiatives. OWASP is a fantastic place to learn about application security, to network, and even to build your reputation as an expert. We also encourage you to become a member or consider a donation to support our ongoing work.


Past Events

10/27/2020: Defending Multicloud Infrastructure

Senior Application Security Engineer at Asurion, Instructor for the SANS Institute, and OWASP Nashville Co-Leader Brandon Evans discussed how to defend infrastructure and applications running in Amazon Web Services (AWS), Microsoft Azure, and the Google Cloud Platform (GCP). Brandon is the lead author of SANS SEC510: Multicloud Security Assessment and Defense. For more information, visit: SANS.org/SEC510

05/19/2020: Web Application Cyber Range for Fun & Profit

For our first virtual Meetup, Security Innovation ran one of their CMD+CTRL Cyber Ranges in which our chapter competed:

Stuck at home, but still want to test your skills in identifying web app vulnerabilities? OWASP Nashville and Security Innovation invite you to virtually compete in CMD+CTRL, a web application cyber range where players exploit their way through hundreds of vulnerabilities that lurk in business applications today. Success means learning quickly that attack and defense is all about thinking on your feet.

For each vulnerability you uncover, you are awarded points. Climb the interactive leaderboard for a chance to win fantastic prizes! CMD+CTRL is ideal for development teams to train and develop skills, but anyone involved in keeping your organization’s data secure can play - from developers and managers and even CISOs.

All you need is your laptop and your mischievous, curious inner-self and you’ll be ready to hack away!

Meetup

Security Innovation

10/22/2019: Serverless Security for Dummies

Tal Melamed (@4ppsec), Head of Security Research at Protego Labs and Co-Leader of the OWASP Serverless Top 10, flew in to teach us about Serverless Security:

In moving to serverless technology, such as AWS Lambda or Azure Functions, we shift some security responsibilities to the infrastructure provider by eliminating the need to manage servers. Unfortunately, that doesn’t mean we’re entirely absolved of all security duties. Serverless functions still execute code and can still be vulnerable to application-level attacks. As a new type of architecture, serverless presents new security challenges. Some are equal to traditional application development, but some take a new form. Attackers are thinking differently, and developers must do so as well to gain the upper hand.

In this talk, Tal Melamed will dive into serverless risks. Discussing why they are different from traditional attacks, how to exploit them and how we should protect our application against them.

Meetup

Asurion

06/13/2019: MusicCityCon

MusicCityCon 2019

Instead of a normal OWASP Meetup, we held our inaugural MusicCityCon conference.

Presentations Archived on YouTube Meetup Agenda and Sponsors

05/07/2019: CMD+CTRL Web Application Cyber Range

Security Innovation ran an instance of their Shadow Bank Cyber Range in which our chapter competed:

Want to test your skills in identifying web app vulnerabilities? Join OWASP Nashville and Security Innovation as members compete in CMD+CTRL, a web application cyber range where players exploit their way through hundreds of vulnerabilities that lurk in business applications today. Success means learning quickly that attack and defense is all about thinking on your feet.

For each vulnerability you uncover, you are awarded points. Climb the interactive leaderboard for a chance to win fantastic prizes! CMD+CTRL is ideal for development teams to train and develop skills, but anyone involved in keeping your organization’s data secure can play - from developers and managers and even CISOs.

Meetup

Sponsors

Asurion Security Innovation

03/19/2019: Exploring the Dark Web

For our inaugural OWASP Nashville Chapter Meetup, Chapter Co-Leader Joel Tomassini presented on how to explore the Dark Web securely.

Meetup

Sponsors

Asurion