—< NORTHEAST OHIO INFORMATION SECURITY FORUM MEETING
—< Wednesday December 15, 2010
—< 6:30 PM – 8:00 PM
—< Pizza and social start 6:00 PM
—< Location: Park Center Plaza #1, 6100 Oak Tree Blvd, off Rockside Road, Independence, Ohio
—< Open to everyone and free as always
The Northeast Ohio Information Security Forum will meet for its
monthly meeting on Wednesday January 19, 2010 starting at 6:30 PM.
It will be held in the lower level of the Park Center Plaza #1
building (in the large room on lower level) off of Rockside Road in
Independence. I’ve included links to maps and directions in this email.
We have two talks planned…
+++ What the FOCA – Chris Murrey, SecureState
+++ Vulnerabilities in Third Party Web Applications – Gary McCully, SecureState
See bottom of email for talk abstracts.
PRIZES! Did we get your attention? We plan to have some prize
giveaways as well.
Don’t forget to come early, starting at 6:00 PM, for pizza and pop.
Another great meeting from NEO Info Sec Forum – we hope to see you
there!
– NEOISF Board –
============================================================
[Location]
Park Center Plaza 1
6100 Oak Tree Blvd
Google maps link: TinyURL link http://tinyurl.com/neoisfmtg
[Directions]
1. I-77
2. Rockside Road exit
3. West on Rockside Road
4. 2nd light go South onto Oak Tree Blvd
5. Pull into the 3rd driveway on the right
6. Go to lower level
Signs will be posted on the building.
============================================================
TALK ABSTRACTS
Title: What the FOCA – Chris Murrey, SecureState
In this presentation, Chris Murrey of SecureState will provide a detailed overview of FOCA, a tool for extracting metadata as well as discovery of systems. Attendees will leave with a thorough understanding of the tool, including proper use.
Chris Murrey’s BIO: As a member of SecureState’s Profiling Team, Chris Murrey is passionate about the role he plays in ethical hacking. Mr. Murrey performs technical security assessments on a weekly basis, specifically Web Application Security Assessments and External Penetration Tests. An Offensive Security Certified Professional and Microsoft Certified Systems Administrator, Mr. Murrey previously worked in the IT sector for a Cleveland printing company and as a “jack of all trades” for a multi-million dollar corporation.
Title: Vulnerabilities in Third Party Web Applications, Gary McCully
It’s a third party web application. . . Of course it’s secure. They
have a whole team of people who thoroughly test their software before
it’s released to the public.” Many organizations are installing third
party web applications in their production environment without
subjecting the applications to a formal web application security
assessment. These organizations assume that third party software is
more secure than the web applications that are internally designed.
All web applications, whether they are third party or not, should go
through a formal web application security review before they are
placed in the production environment. To illustrate the risks of
installing an insecure third party web application, Gary McCully will
walk through a series of vulnerabilities he has found in a third party
web application which can lead to remote code execution on the
underlying operating system.
Gary’s BIO: Gary McCully is a Security Consultant on SecureState’s Profiling Team.
At SecureState, Mr. McCully performs Vulnerability Assessments, War
Dialing, Firewall Reviews, Penetration Tests, Physical Penetration
Tests, and Web Application Security Reviews.
Mr. McCully recently passed the CISSP certification exam, establishing
himself as an (ISC)2 Associate. Passionate about expanding his
knowledge and expertise, Mr. McCully’s research interests include the
discovery and exploitation of buffer overflows, lock picking, and SSL
vulnerabilities.
Before joining SecureState, Mr. McCully worked as a Security Analyst
at National City Bank, where he was responsible for the corporate
usage compliance program, and offshore user access. Mr. McCully also
worked with technical teams to ensure software was implemented with
proper security controls, and assisted with the Vendor Security Review
Program.
