OWASP Omaha

Welcome

Thank you for visiting the OWASP Omaha Chapter website! Here, you’ll find all the latest information about the OWASP Omaha Chapter including the leadership team members, the chapter board members, information about meetings, speakers, events, and so much more! Stay a while and look around. If you have any feedback for improving the site or want to submit a potential talk, please contact us using the email links in the side bar. We’d love to solicit new speakers and will work on automating talk submissions in the future.

Thank you for being part of this great OWASP Chapter and we hope you continue to show your support through OWASP membership or Chapter donations. We appreciate all of you and your diversified skills and hope to continue to provide technical talks that can broaden anyone’s knowledge. Don’t be afraid to

Participation

The Open Web Application Security Project (OWASP) is a nonprofit foundation that works to improve the security of software. All of our projects ,tools, documents, forums, and chapters are free and open to anyone interested in improving application security.

Chapters are led by local leaders in accordance with the Chapter Leader Handbook. Financial contributions should only be made online using the authorized online donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP Project, independent research, or related software security topic you would like to present.

Everyone is welcome and encouraged to participate in our Projects, Local Chapters, Events, Online Groups, and Community Slack Channel. We especially encourage diversity in all our initiatives. OWASP is a fantastic place to learn about application security, to network, and even to build your reputation as an expert. We also encourage you to be become a member or consider a donation to support our ongoing work, or a particular chapter.


Omaha OWASP Chapter History

The Omaha OWASP Chapter was rebooted in 2013.

The following individuals have participated as chapter leaders since the reboot:

  • Rob Temple
  • Scott Christensen
  • Michael Born
  • John Rogers
  • Zac Fowler
  • Fed Donovan
  • Justin Williams
  • Dave Pinos

Omaha OWASP has been very active in presenting at events like Nebraska Code Camp, NebraskaCERT, and the Nebraska Cyber Security Conference.

Research and Presentation topics have included Offensive Phython, Web Services Testing Cheat Sheet, and Mobile Application Security.

After a short hiatutus during 2019, the Omaha OWASP chapter has started peridioc chapter meetings with the Defcon 402 chapter.


Next Chapter Meeting

Presenter: TBD
Description: TBD
Date: TBD
Time: TBD
Location: TBD

Past Presentations

August 12, 2020 - Instrumentation Application Security Testing using the Java Sensor Toolkit (JST)

Presenter: Jeff Williams, Co-Founder/CTO, Contrast Security
Description: Software is incredibly hard to secure because it’s a
black box. We’ve spent decades trying to verify properties of software
by analyzing the source code, scanning, fuzzing, pentesting, etc… The
goal of “security observability” is to expose exactly what’s going on
inside an application while it’s running. In this talk, you’ll learn
how to use the free and open source Java Sensor Toolkit (JST) project
to easily create your own powerful runtime instrumentation without
coding. You can use JST to analyze security defenses, identify complex
vulnerabilities, create custom sandboxes, and enforce policy at runtime.
You can create your own IAST tests and your own RASP defenses. Ultimately,
security observability allows Dev, Sec, and Ops teams to work together in harmony,
so you can focus on delivering value at high velocity.
Slides: https://drive.google.com/file/d/162ge3qPcf5zVlkTHuARkNVMAslEoB8El/view?usp=sharing

May 20, 2020 - Patch or Die

Presenter: John M. Rogers, Lincoln Financial Group Description: John walks us through the security implications of
Software Composition Analysis and the importance of keeping software
components up to date.
Slides: https://drive.google.com/file/d/1RMirvb2gtcdhXTUxpuiw4sU-lWxLclP3/view?usp=sharing

Nov 12, 2019 - ELF Binary Analysis Introduction (combined meeting with DC402)

Presenter: Michael Born, Sr. Security Consultant, SecureSky, Inc.
Description: A beginner friendly lesson on analyzing 64-bit ELF binaries on Linux using built-in command line tools, debuggers like the Gnu Debugger and EDB, and will cover the ELF Specification on 64-bit operating systems.

Aug 24, 2018 - Exploiting CORS and Beyond

Presenter: Adam Schaal
Description: Covers what CORS is, why it is used in a lot of places today, and why it’s a terrible, no-good, very bad thing in production. We will cover how to manually detect weak CORS policies and how to exploit said policies.

May 18, 2018 - A  no-nonsense look at applying machine learning to your WAF logs

Presenter: Heather Lawrence, NARI
Description: Applying Machine Learning to WAF logs

February 16, 2018 - Deserialization attacks with the JS for the lulz

Presenter: Andy Freeborn, ACI Worldwide
Description: Deserialization attacks with JS
Slides: https://drive.google.com/drive/folders/1tLk6L4m3Lb_dxkcahn5NYXSfU4oyJMdL?usp=sharing

October, October 20, 2017

Presenter: Mike Douglas, Deliveron
Description: Continuous Security Validation using security at every step including automated tests with each check in using VSTS and OWASP ZAP docker containers in a CI/CD pipeline.
Slides: https://drive.google.com/drive/folders/0B4t_HSHrO2GxaHRuc2VtVkFTTUk?usp=sharing

August 25, 2017 - Single Sign-On Security

Presenter: Joel Gunderson, Union Pacific
Description: Single Sign-On Security from his perspective as a red team member at Union Pacific. Joel will focus specifically on SAML.
Slides: https://drive.google.com/file/d/0B8UHsn2i5kmGb0JBSGVxOGZtV0tnbUpFZWgwMTkxUnp5dkVR/view?usp=sharing

June 15, 2017 - IREM Nebraska Membership Lunch Talk

Presenter: John Rogers, Lincoln Financial, OWASP Omaha
Description: Cyber Security topics for Real Estate Professionals
Slides: https://drive.google.com/file/d/0Bw2xJWT-Q7YKazIycmFpQXBmQW8/view?usp=sharing

Wed May 24, 2017 - OWASP Presentations - Lightning Talks

Presenter: John Rogers, Lincoln Financial, OWASP Omaha
Description: Framework for performing Enterprise Application Security Assessments

Presenter: Michael Born, NTT Security (US), Inc., OWASP Omaha
Description: Intro to Kali Linux
SLides: https://drive.google.com/file/d/0Bw2xJWT-Q7YKVEFvZC1mTHdsbTQ/view?usp=sharing

Wed Mar 22, 2017 - OWASP Presentations - Lightning Talks

Presenter: Justin Williams, American Title, OWASP Omaha
Description: Deobfuscating VB macro based malware.

Presenter: Michael Born, NTT Security (US), Inc., OWASP Omaha
Description: Dissecting unknown shellcode
Presentations: https://drive.google.com/open?id=0B4t_HSHrO2GxZC1sVzJZcGlqbXc

Thur Feb 16, 2017 - ISACA Omaha Chapter Lunch Talk

Presenter: John Rogers, Lincoln Financial, OWASP Omaha
Description: Vendor Security Assessments
Presentations: https://drive.google.com/file/d/0Bw2xJWT-Q7YKZlhVZVNHUERobDQ/view?usp=sharing

Fri Dec 9, 2016 - OWASP Presentations - Lighting Talks

Presenter: Andrew Freeborn, Tenable
Description: research on SWAMP.

Presenter: John Rogers, Lincoln Financial Group (LFG)
Description: Automating ZAP with Python and Jenkins.

Presenter: Michael Born, NTT Security (US), Inc.
Description: Lessons learned while teaching classes at OWASP AppSec conferences.
Presentations: https://drive.google.com/open?id=0B4t_HSHrO2Gxcm1nOUtPRG5wVmc

Thur Sep 29, 2016 - OWASP Presentations - Nebraska Cyber Security Conference

Presenter: John Rogers, LFG
Description: The requirements and pitfalls of vendor security assessments.
Slides: https://drive.google.com/open?id=0Bw2xJWT-Q7YKSE5tekVMelBlY3c

Presenter: Justin Williams, American Title
Description: Powershell for the sysadmin and future pen-tester.
Slides: https://drive.google.com/open?id=0B2ZXN-dDkIy0MERyZFExNDBJOFE

Presenter: Ron Woerner, Bellevue University
Description: Common tools used cybersecurity assessments, investigations, and administration.
Slides: https://drive.google.com/drive/folders/0BzwQjnDmptwfYU9TS2VBS3VqZ28

Tues Aug 18, 2016 - Chapter Meeting - Powershell

Presenter: Justin Williams, American Title
Description: Powershell for the sysadmin and future pen-tester.
Slides: https://drive.google.com/folderview?id=0B4t_HSHrO2GxQ0xpTXRuQUxraVU

Tues Nov 17, 2015 - Chapter Meeting - Offensive Python - Hands-On Lab

Presenter: Michael Born, Solutionary
Description: Hands-On Offensive Python lab
Video: https://www.youtube.com/watch?v=a6_kCzQ3Yyg

Thursday, October 29, 2015 - OWASP / ISC2 Networking Event

Description: Combined OWASP / ISC2 Networking Event
Sponsor: Solutionary, Inc.

Wednesday, October 14, 2015 - OWASP Soup to Nuts - UNL: National Cyber Security Awareness Month

Presenters: John Rogers CISSP GWAPT GSSP-JAVA: Lincoln Financial Group, Zac Fowler: University of Nebraska at Omaha
Description: Introduction to OWASP, its mission, some of its projects, and upcoming local chapter meetings.
Slides: https://drive.google.com/a/owasp.org/file/d/0Bw2xJWT-Q7YKTmtPd001V2QxUEU/view?usp=sharing

Wednesday, September 30, 2015 - OWASP Soup to Nuts - OCIO Presentation

Presenters: John Rogers: Lincoln Financial Group, Zac Fowler: University of Nebraska at Omaha
Description: Introduction to OWASP- its mission, some of its projects, and upcoming local chapter meetings.
Slides: https://drive.google.com/a/owasp.org/folderview?id=0B4t_HSHrO2GxRXAzbDhybE5vZXc&usp=sharing

Thursday, April 30, 2015 - Web Services Testing Cheat Sheet

Presenter: Michael Born: Lincoln Financial Group
Description: Web Service Testing Cheat Sheet project.
Video: http://www.youtube.com/watch?v=iVLGskMZJSw

Thursday, Dec 18, 2014 - Visit the SWAMP

Presenter: SWAMP Leadership Team
Description: The Software Assurance Marketplace (SWAMP) is an open initiative that brings together goals for advancing the quality and adoption rate of security software tools, lowering thresholds for use, and making their output easier to interpret, by creating a repository of tools and and resources for all. During this chapter meeting we will be providing an introduction of SWAMP by its leaders via live WebEx, followed by a discussion about the marketplace and how we could all benefit.
Notes: https://docs.google.com/document/d/1zew3VdaIFWxYolj8qO3Rg5IKxp_pPBqFZNC1zpFfxAw/edit?usp=sharing

Wed Nov 19, 2014 - NEbraskaCERT CSF Joint Meeting - Security Q\&A Panel

Host: NEbraskaCERT
Panelists:

  • Sharon Welna -Information Security Officer at UNMC
  • Vlad Liska - Director of Operational Risk & Controls TD Ameritrade
  • Chet Uber - Director Project Vigilant LLC
  • Waton, Larry - Information Security Officer - First Data Technologies
  • Gary Sparks - Faculty Metropolitan Community College

Thu Oct 9, 2014 - Securing Android: Tips from a First-Time Builder and OWASP Put to the Test

Presenter: Zac Fowler, UNO’s College of Information Science and Technology
Description: Common app use cases such as local storage and API communication, pitfalls he found, as well as remediations for first-timers. To close, he will share how the steps he used can be applied to (almost) any project, and how OWASP plays a role in incrementally improving the way you approach security.
Slides: https://drive.google.com/folderview?id=0B4t_HSHrO2GxeGxaTmhRdDNISGc&usp=sharing
Video: http://youtu.be/6LsxjRPAogM?t=7m59s

Thu June 12, 2014 - OWASP in Payment Card Security: Secure Coding, OWASP, and PCI 3.0 DSS Requirement 6

Presenter: Rob Temple, Joel VanBrandwijk, and Ryan Misek from Mutual of Omaha
Description: PCI DSS’ infamous Requirement 6 focuses on secure systems and applications, including secure coding and web application firewalls. OWASP has been noted in the PCI DSS as a trusted resource for secure coding and application vulnerability management. Join us for our next OWASP Omaha chapter meeting as we explore the some of these resources and discuss ways that OWASP can help meet this requirement.
Video: https://www.youtube.com/watch?v=oe2ngtR2mJU
Slides: https://drive.google.com/folderview?id=0B4t_HSHrO2GxRHpDc2tGZ2szZUk&usp=sharing

Sat Mar 29 2014 - Web Application Security - So many tools, so little time Redux

Presenter: John M. Rogers, Senior Application Security Engineer, Lincoln Financial Group
Description: This talk focuses on the first three candidates of the 2013 OWASP Top 10.

Thu Mar 13, 2014 - Vetting Third Party Vendor Applications

Presenter: John M. Rogers, Senior Application Security Engineer, Lincoln Financial Group
Description: How to acquire and validate information that will provide assurance that your third party vendor applications adhere to your standards and are free from the common web application vulnerabilities. The discussion will also include what basic requirements are needed to accept a web application security assessment report from an independent security assessment firm.
Video: http://youtu.be/Z5gcT53Wydc
Slides: https://drive.google.com/folderview?id=0B4t_HSHrO2GxZ1N6OUxVYXE2Q2M&usp=sharing

Thu Dec 5, 2013 - Mobile Application Security Assessments

Presenter: Michael Born, Solutionary
Description: Step by step demonstration of setting up and performing a mobile application security assessment on both Android and iOS. Included in the presentation will be an example iOS Security Assessment performed by Michael along with a hands on walk through of a Jailbroken iOS device file system.
Video: http://www.youtube.com/watch?v=VRnj816ec-8

Thu Sep 12, 2013 - The OWASP Way: Understanding the OWASP Vision and the Top Ten

Presenter: Scott Christiansen, Software Security Engineer, TD Ameritrade
Description: Understanding the OWASP Vision and the OWASP Top Ten
Slides: https://www.owasp.org/images/4/40/OWASP_Vision_and_Top_Ten_-_Sept_12_-_Scott_Christiansen.pptx

Thu Jun 6, 2013 - Web Application Security - So many tools, so little time

Presenter: John M. Rogers, Senior Application Security Engineer, Lincoln Financial Group
Description: Focus on the first three candidates of the 2013 OWASP Top 10.

Thu Mar 7, 2013 - Welcome to OWASP Omaha!

Presenters: OWASP Omaha Chapter Leadership
Description: Meet the chapter leaders and learn more about OWASP Omaha


Next OWASP Omaha Chapter Event

Title: Secure Code Warrior Tournament
Event Start: Tuesday, September 15, 2020 at 7:00 PM CDT
Event End: Friday, September 18, 2020 at 11:59 PM CDT
Description: Improve your secure coding skills by joining the OWASP Omaha Secure Coding tournament on September 15th, 7:00PM CDT through September 18th, 11:59PM CDT. The tournament allows you to compete against the other participants in a series of vulnerable code challenges that ask you to identify a problem, locate insecure code, and fix a vulnerability.

All challenges are based on the OWASP Top 10, and players can choose to compete in a range of software languages including Java EE, Java Spring, C# MVC, C# WebForms, Go, Ruby on Rails, Python Django & Flask, Scala Play, Node.JS, React, and both iOS and Android development languages.

Throughout the tournament, players earn points and watch as they climb to the top of the leaderboard. Prizes will be awarded to the top finishers! First place will receive a hoodie, and lots of bragging rights!
Slack: https://owaspomahatournament.slack.com
Event Signup: https://discover.securecodewarrior.com/OWASPOmaha-tournament.html


The Open Web Application Security Project (OWASP) is a nonprofit foundation that works to improve the security of software. All of our projects, tools, documents, forums, and chapters are free and open to anyone interested in improving application security. Please consider donating to OWASP to continue expanding growth, development and knowledge opportunities.

Click Here to Donate