Omaha OWASP Chapter History

The Omaha OWASP Chapter was rebooted in 2013.

The following individuals have participated as chapter leaders since the reboot:

• Rob Temple
• Scott Christensen
• Michael Born
• John Rogers
• Zac Fowler
• Fed Donovan
• Justin Williams
• Dave Pinos

Omaha OWASP has been very active in presenting at events like Nebraska Code Camp, NebraskaCERT, and the Nebraska Cyber Security Conference. Research and Presentation topics have included Offensive Phython, Web Services Testing Cheat Sheet, Mobile Application Security, Binary Analysis, Open Source Tools for application security testing, and many more.

Next Chapter Meeting

Presenter: TBD
Description: TBD Q1 2022
Date: TBD
Time: TBD
Location: TBD
RSVP: TBD

Past Presentations

November 10, 2021

Presenter: Michael Born
Description: Q4 Meeting: Securing your Applications with the OWASP Application Security Verification Standard
Video: https://youtu.be/APoYDJ4SRAE
Slides: https://shorturl.at/gqCMR

August 25, 2021

Presenter: Michael Born
Description: Q3 Meeting: Security Innovation Boot Camp and Cyber Range event kick off

May 12, 2021

Presenter: Aaron Clark (CryptoJones)
Description: Q2 Meeting - Introduction to the OWASP Top 10
Slides: https://github.com/CryptoJones/OWASP-OMAHA-QTR2-MTG

March 24, 2021

Presenter: Michael Born, Chapter Leader
Description: Q1 Chapter Meeting, 2021 kickoff, introductions, and
to discuss the 2021 plan for the chapter while soliciting feedback. This
was a fairly laid back meeting to solicit feedback from attendees about
what they would like to see from the chapter in 2021.

November 18, 2020

Presenter: Joint Meeting: A Panel Q&A (emphasis on Government’s role in CyberSecurity)
Description: NEbraska CERT Joint Meeting

August 12, 2020 - Instrumentation Application Security Testing using the Java Sensor Toolkit (JST)

Presenter: Jeff Williams, Co-Founder/CTO, Contrast Security
Description: Software is incredibly hard to secure because it’s a
black box. We’ve spent decades trying to verify properties of software
by analyzing the source code, scanning, fuzzing, pentesting, etc… The
goal of “security observability” is to expose exactly what’s going on
inside an application while it’s running. In this talk, you’ll learn
how to use the free and open source Java Sensor Toolkit (JST) project
to easily create your own powerful runtime instrumentation without
coding. You can use JST to analyze security defenses, identify complex
vulnerabilities, create custom sandboxes, and enforce policy at runtime.
You can create your own IAST tests and your own RASP defenses. Ultimately,
security observability allows Dev, Sec, and Ops teams to work together in harmony,
so you can focus on delivering value at high velocity.
Slides: https://drive.google.com/file/d/162ge3qPcf5zVlkTHuARkNVMAslEoB8El/view?usp=sharing

May 20, 2020 - Patch or Die

Presenter: John M. Rogers, Lincoln Financial Group Description: John walks us through the security implications of
Software Composition Analysis and the importance of keeping software
components up to date.
Slides: https://drive.google.com/file/d/1RMirvb2gtcdhXTUxpuiw4sU-lWxLclP3/view?usp=sharing

Nov 12, 2019 - ELF Binary Analysis Introduction (combined meeting with DC402)

Presenter: Michael Born, Sr. Security Consultant, SecureSky, Inc.
Description: A beginner friendly lesson on analyzing 64-bit ELF binaries on Linux using built-in command line tools, debuggers like the Gnu Debugger and EDB, and will cover the ELF Specification on 64-bit operating systems.

Aug 24, 2018 - Exploiting CORS and Beyond

Presenter: Adam Schaal
Description: Covers what CORS is, why it is used in a lot of places today, and why it’s a terrible, no-good, very bad thing in production. We will cover how to manually detect weak CORS policies and how to exploit said policies.

May 18, 2018 - A  no-nonsense look at applying machine learning to your WAF logs

Presenter: Heather Lawrence, NARI
Description: Applying Machine Learning to WAF logs

February 16, 2018 - Deserialization attacks with the JS for the lulz

Presenter: Andy Freeborn, ACI Worldwide
Description: Deserialization attacks with JS
Slides: https://drive.google.com/drive/folders/1tLk6L4m3Lb_dxkcahn5NYXSfU4oyJMdL?usp=sharing

October, October 20, 2017

Presenter: Mike Douglas, Deliveron
Description: Continuous Security Validation using security at every step including automated tests with each check in using VSTS and OWASP ZAP docker containers in a CI/CD pipeline.
Slides: https://drive.google.com/drive/folders/0B4t_HSHrO2GxaHRuc2VtVkFTTUk?usp=sharing

August 25, 2017 - Single Sign-On Security

Presenter: Joel Gunderson, Union Pacific
Description: Single Sign-On Security from his perspective as a red team member at Union Pacific. Joel will focus specifically on SAML.
Slides: https://drive.google.com/file/d/0B8UHsn2i5kmGb0JBSGVxOGZtV0tnbUpFZWgwMTkxUnp5dkVR/view?usp=sharing

June 15, 2017 - IREM Nebraska Membership Lunch Talk

Presenter: John Rogers, Lincoln Financial, OWASP Omaha
Description: Cyber Security topics for Real Estate Professionals
Slides: https://drive.google.com/file/d/0Bw2xJWT-Q7YKazIycmFpQXBmQW8/view?usp=sharing

Wed May 24, 2017 - OWASP Presentations - Lightning Talks

Presenter: John Rogers, Lincoln Financial, OWASP Omaha
Description: Framework for performing Enterprise Application Security Assessments

Presenter: Michael Born, NTT Security (US), Inc., OWASP Omaha
Description: Intro to Kali Linux
SLides: https://drive.google.com/file/d/0Bw2xJWT-Q7YKVEFvZC1mTHdsbTQ/view?usp=sharing

Wed Mar 22, 2017 - OWASP Presentations - Lightning Talks

Presenter: Justin Williams, American Title, OWASP Omaha
Description: Deobfuscating VB macro based malware.

Presenter: Michael Born, NTT Security (US), Inc., OWASP Omaha
Description: Dissecting unknown shellcode
Presentations: https://drive.google.com/open?id=0B4t_HSHrO2GxZC1sVzJZcGlqbXc

Thur Feb 16, 2017 - ISACA Omaha Chapter Lunch Talk

Presenter: John Rogers, Lincoln Financial, OWASP Omaha
Description: Vendor Security Assessments
Presentations: https://drive.google.com/file/d/0Bw2xJWT-Q7YKZlhVZVNHUERobDQ/view?usp=sharing

Fri Dec 9, 2016 - OWASP Presentations - Lighting Talks

Presenter: Andrew Freeborn, Tenable
Description: research on SWAMP.

Presenter: John Rogers, Lincoln Financial Group (LFG)
Description: Automating ZAP with Python and Jenkins.

Presenter: Michael Born, NTT Security (US), Inc.
Description: Lessons learned while teaching classes at OWASP AppSec conferences.
Presentations: https://drive.google.com/open?id=0B4t_HSHrO2Gxcm1nOUtPRG5wVmc

Thur Sep 29, 2016 - OWASP Presentations - Nebraska Cyber Security Conference

Presenter: John Rogers, LFG
Description: The requirements and pitfalls of vendor security assessments.
Slides: https://drive.google.com/open?id=0Bw2xJWT-Q7YKSE5tekVMelBlY3c

Presenter: Justin Williams, American Title
Description: Powershell for the sysadmin and future pen-tester.
Slides: https://drive.google.com/open?id=0B2ZXN-dDkIy0MERyZFExNDBJOFE

Presenter: Ron Woerner, Bellevue University
Description: Common tools used cybersecurity assessments, investigations, and administration.
Slides: https://drive.google.com/drive/folders/0BzwQjnDmptwfYU9TS2VBS3VqZ28

Tues Aug 18, 2016 - Chapter Meeting - Powershell

Presenter: Justin Williams, American Title
Description: Powershell for the sysadmin and future pen-tester.
Slides: https://drive.google.com/folderview?id=0B4t_HSHrO2GxQ0xpTXRuQUxraVU

Tues Nov 17, 2015 - Chapter Meeting - Offensive Python - Hands-On Lab

Presenter: Michael Born, Solutionary
Description: Hands-On Offensive Python lab
Video: https://www.youtube.com/watch?v=a6_kCzQ3Yyg

Thursday, October 29, 2015 - OWASP / ISC2 Networking Event

Description: Combined OWASP / ISC2 Networking Event
Sponsor: Solutionary, Inc.

Wednesday, October 14, 2015 - OWASP Soup to Nuts - UNL: National Cyber Security Awareness Month

Presenters: John Rogers CISSP GWAPT GSSP-JAVA: Lincoln Financial Group, Zac Fowler: University of Nebraska at Omaha
Description: Introduction to OWASP, its mission, some of its projects, and upcoming local chapter meetings.
Slides: https://drive.google.com/a/owasp.org/file/d/0Bw2xJWT-Q7YKTmtPd001V2QxUEU/view?usp=sharing

Wednesday, September 30, 2015 - OWASP Soup to Nuts - OCIO Presentation

Presenters: John Rogers: Lincoln Financial Group, Zac Fowler: University of Nebraska at Omaha
Description: Introduction to OWASP- its mission, some of its projects, and upcoming local chapter meetings.
Slides: https://drive.google.com/a/owasp.org/folderview?id=0B4t_HSHrO2GxRXAzbDhybE5vZXc&usp=sharing

Thursday, April 30, 2015 - Web Services Testing Cheat Sheet

Presenter: Michael Born: Lincoln Financial Group
Description: Web Service Testing Cheat Sheet project.
Video: http://www.youtube.com/watch?v=iVLGskMZJSw

Thursday, Dec 18, 2014 - Visit the SWAMP

Presenter: SWAMP Leadership Team
Description: The Software Assurance Marketplace (SWAMP) is an open initiative that brings together goals for advancing the quality and adoption rate of security software tools, lowering thresholds for use, and making their output easier to interpret, by creating a repository of tools and and resources for all. During this chapter meeting we will be providing an introduction of SWAMP by its leaders via live WebEx, followed by a discussion about the marketplace and how we could all benefit.
Notes: https://docs.google.com/document/d/1zew3VdaIFWxYolj8qO3Rg5IKxp_pPBqFZNC1zpFfxAw/edit?usp=sharing

Wed Nov 19, 2014 - NEbraskaCERT CSF Joint Meeting - Security Q\&A Panel

Host: NEbraskaCERT
Panelists:

• Sharon Welna -Information Security Officer at UNMC
• Vlad Liska - Director of Operational Risk & Controls TD Ameritrade
• Chet Uber - Director Project Vigilant LLC
• Waton, Larry - Information Security Officer - First Data Technologies
• Gary Sparks - Faculty Metropolitan Community College

Thu Oct 9, 2014 - Securing Android: Tips from a First-Time Builder and OWASP Put to the Test

Presenter: Zac Fowler, UNO’s College of Information Science and Technology
Description: Common app use cases such as local storage and API communication, pitfalls he found, as well as remediations for first-timers. To close, he will share how the steps he used can be applied to (almost) any project, and how OWASP plays a role in incrementally improving the way you approach security.
Slides: https://drive.google.com/folderview?id=0B4t_HSHrO2GxeGxaTmhRdDNISGc&usp=sharing
Video: http://youtu.be/6LsxjRPAogM?t=7m59s

Thu June 12, 2014 - OWASP in Payment Card Security: Secure Coding, OWASP, and PCI 3.0 DSS Requirement 6

Presenter: Rob Temple, Joel VanBrandwijk, and Ryan Misek from Mutual of Omaha
Description: PCI DSS’ infamous Requirement 6 focuses on secure systems and applications, including secure coding and web application firewalls. OWASP has been noted in the PCI DSS as a trusted resource for secure coding and application vulnerability management. Join us for our next OWASP Omaha chapter meeting as we explore the some of these resources and discuss ways that OWASP can help meet this requirement.
Video: https://www.youtube.com/watch?v=oe2ngtR2mJU
Slides: https://drive.google.com/folderview?id=0B4t_HSHrO2GxRHpDc2tGZ2szZUk&usp=sharing

Sat Mar 29 2014 - Web Application Security - So many tools, so little time Redux

Presenter: John M. Rogers, Senior Application Security Engineer, Lincoln Financial Group
Description: This talk focuses on the first three candidates of the 2013 OWASP Top 10.

Thu Mar 13, 2014 - Vetting Third Party Vendor Applications

Presenter: John M. Rogers, Senior Application Security Engineer, Lincoln Financial Group
Description: How to acquire and validate information that will provide assurance that your third party vendor applications adhere to your standards and are free from the common web application vulnerabilities. The discussion will also include what basic requirements are needed to accept a web application security assessment report from an independent security assessment firm.
Video: http://youtu.be/Z5gcT53Wydc
Slides: https://drive.google.com/folderview?id=0B4t_HSHrO2GxZ1N6OUxVYXE2Q2M&usp=sharing

Thu Dec 5, 2013 - Mobile Application Security Assessments

Presenter: Michael Born, Solutionary
Description: Step by step demonstration of setting up and performing a mobile application security assessment on both Android and iOS. Included in the presentation will be an example iOS Security Assessment performed by Michael along with a hands on walk through of a Jailbroken iOS device file system.
Video: http://www.youtube.com/watch?v=VRnj816ec-8

Thu Sep 12, 2013 - The OWASP Way: Understanding the OWASP Vision and the Top Ten

Presenter: Scott Christiansen, Software Security Engineer, TD Ameritrade
Description: Understanding the OWASP Vision and the OWASP Top Ten
Slides: https://www.owasp.org/images/4/40/OWASP_Vision_and_Top_Ten_-_Sept_12_-_Scott_Christiansen.pptx

Thu Jun 6, 2013 - Web Application Security - So many tools, so little time

Presenter: John M. Rogers, Senior Application Security Engineer, Lincoln Financial Group
Description: Focus on the first three candidates of the 2013 OWASP Top 10.

Thu Mar 7, 2013 - Welcome to OWASP Omaha!

Presenters: OWASP Omaha Chapter Leadership
Description: Meet the chapter leaders and learn more about OWASP Omaha

Next OWASP Omaha Chapter Event

Title: TBD
Kick Off: TBD
Event Start: TBD
Event End: TBD
Description: TBD
Slack: TBD
Event Signup: TBD

Previous OWASP Omaha Chapter Events

Title: Security Innovation Boot Camp and Cyber Range
Event Start: August 26, 2021
Event End: September 25, 2021
Description: Instructor run Boot Camp and hands on Cyber Range made available for free to OWASP Omaha

Title: Secure Code Warrior Tournament
Event Start: Tuesday, September 15, 2020 at 7:00 PM CDT
Event End: Friday, September 18, 2020 at 11:59 PM CDT
Description: Improve your secure coding skills by joining the OWASP Omaha Secure Coding tournament on September 15th, 7:00PM CDT through September 18th, 11:59PM CDT. The tournament allows you to compete against the other participants in a series of vulnerable code challenges that ask you to identify a problem, locate insecure code, and fix a vulnerability.

All challenges are based on the OWASP Top 10, and players can choose to compete in a range of software languages including Java EE, Java Spring, C# MVC, C# WebForms, Go, Ruby on Rails, Python Django & Flask, Scala Play, Node.JS, React, and both iOS and Android development languages.

Throughout the tournament, players earn points and watch as they climb to the top of the leaderboard. Prizes will be awarded to the top finishers! First place will receive a hoodie, and lots of bragging rights!