Growing up you always have those "little cousins" that follow the bigger kids... my cousin USMC, Capt Scott Cuomo Infantry Officer did that ++++
http://officer.marines.com/marine/quality_citizens/officer_interviews/scott_cuomo
His career has been amazing including 2 combat tours in IRAQ, as "Tip of the Spear" and battles such as Fallujah. He was deployed last week from Camp Lejeun...e, NC last week for his latest combat mission to Afghanistan - for me to watch from the sidelines after getting my own career knocked offline by a career ending injury - I truly miss it every day.
If you are the type to send a word of encouragement, care package of some jerky etc.. below is currently deployed information.
Captain Scott A. Cuomo
2/2 Fox Company
Unit 73075
FPO AE 09510-3075
29 October 2009
01 September 2009
11 August 2009
8 Days in Vegas = 11mins. of Video ;)
Burned the midnight oil and posted the 8 days of Vegas video... turns out that only 11 mins., is public ;) http://www.proactiverisk.com
Blackhat/Defcon Vegas 2009 from tom brennan on Vimeo.
14 July 2009
Q3 OWASP Update
Wanted to communicate a Q3 update about OWASP Foundation to all
mailing list members on a couple of high-level items.
#0 - OWASP @ Blackhat 2009 - If you will making the trip to #Blackhat
(that's twitter speak) be
sure to join us for the OWASP breakout briefing about Critical
Infrastructures July 29, 16:45 in Genoa room this is the OFFICIAL
meet-up.
#1 - OWASP EU Poland Videos are now online (thanks Seba) and people
can quickly get to them by going to http://www.owasp.tv or
http://www.owasp.org/index.php/OWASP_AppSec_Europe_2009_-_Poland see
OWASP blip videos share any of them with your teams = free SDLC
training
#2 - OWASP board meetings have been happening every month for
sometime now. One of the most common questions I get personally is
"what happened at the last meeting..." well its not a secret ivory
tower actually - we keep agenda's and results of each monthly meeting
ensuring that the OWASP ethics and principals are being adhered to.
So you can find this information both historic and future meetings
online see: http://www.owasp.org/index.php/OWASP_Board_Meetings -
should you have a topic that you feel is critical for OWASP Foundation
we request that you communicate first with the appropriate Global
Committee as the purpose of these groups is to be a VOICE for each
region in the world and then focus on a defined mission with a team of
energy filled persons see:
http://www.owasp.org/index.php/Global_Committee_Pages note each
committee is led by a board member as well.
Questions about money, tax returns etc., are all located online as
well see: http://www.owasp.org/index.php/OWASP_Foundation and managed
by Alison, what other professional technology group do you belong to
that is this transparent?
#3 - Global Committee's brings out another point - if you would like
to help OWASP continue to grow and have some cycles for selflessness
volunteerism or simply a suggestion based on your experiences - join
the mailing list and or contact the Global Committee
http://www.owasp.org/index.php/Global_Committee_Pages the best way to
change the world is to start with your local chapter, then region the
globally.
#4 - OWASP PodCasts http://www.owasp.org/index.php/OWASP_Podcast got
questions, comments or feedback for Jim Manico and team that have been
working very hard to bring you interviews with AppSec folks globally,
let them know send a email to podcast@owasp.org with your comments and
favorite episode and why.
#5 - OWASP Projects have been updated. Have a review of the existing
ones as well as detailed how-to on new projects see:
http://www.owasp.org/index.php/Category:OWASP_Project
#6 - HELP WANTED - The OWASP Job Board has lots of active postings of
firms looking for the best in the industry, if you are looking for
employment or if it is time to change gears and accelerate your career
visit http://www.owasp.org/index.php/OWASP_Jobs to have a look around
#7 - OWASP Conferences -
http://www.owasp.org/index.php/Category:OWASP_AppSec_Conference the
USA, DC OWASP event is going to be a BIG event plan now to attend it
lock in your hotels and travel early. If you would like to host a
conference in 2010 be sure to contact Kate Hartmann with your proposal
for consideration for 2010.
#8 - OWASP GRANTS/SoC want to work on a OWASP project? Want to
sponsor a OWASP project take the time to review the following:
http://www.owasp.org/index.php/OWASP_Season_of_Code_2009
There is so much energy and passion with the OWASP Foundation, thank
you for being a member of our mailing lists and if you are an
Individual Member (a $50.00 annual donation) or a Organization
Supporter (a $5000.00 annual donation) and Accredited University
Supporters are FREE so talk to your University if they are not on the
list already.
http://www.owasp.org/index.php/Membership#Current_OWASP_Organization_Supporters_.26_Individual_Members
THANK YOU FOR YOUR SUPPORT TO ALLOW US TO CONTINUE ON THE MISSION of
"to make application security visible, so that people and
organizations can make informed decisions about true application
security risks"
Tom Brennan
Volunteer Board Member
OWASP Foundation
Direct: 973-202-0122
http://www.linkedin.com/in/tombrennan
mailing list members on a couple of high-level items.
#0 - OWASP @ Blackhat 2009 - If you will making the trip to #Blackhat
(that's twitter speak) be
sure to join us for the OWASP breakout briefing about Critical
Infrastructures July 29, 16:45 in Genoa room this is the OFFICIAL
meet-up.
#1 - OWASP EU Poland Videos are now online (thanks Seba) and people
can quickly get to them by going to http://www.owasp.tv or
http://www.owasp.org/index.php/OWASP_AppSec_Europe_2009_-_Poland see
OWASP blip videos share any of them with your teams = free SDLC
training
#2 - OWASP board meetings have been happening every month for
sometime now. One of the most common questions I get personally is
"what happened at the last meeting..." well its not a secret ivory
tower actually - we keep agenda's and results of each monthly meeting
ensuring that the OWASP ethics and principals are being adhered to.
So you can find this information both historic and future meetings
online see: http://www.owasp.org/index.php/OWASP_Board_Meetings -
should you have a topic that you feel is critical for OWASP Foundation
we request that you communicate first with the appropriate Global
Committee as the purpose of these groups is to be a VOICE for each
region in the world and then focus on a defined mission with a team of
energy filled persons see:
http://www.owasp.org/index.php/Global_Committee_Pages note each
committee is led by a board member as well.
Questions about money, tax returns etc., are all located online as
well see: http://www.owasp.org/index.php/OWASP_Foundation and managed
by Alison, what other professional technology group do you belong to
that is this transparent?
#3 - Global Committee's brings out another point - if you would like
to help OWASP continue to grow and have some cycles for selflessness
volunteerism or simply a suggestion based on your experiences - join
the mailing list and or contact the Global Committee
http://www.owasp.org/index.php/Global_Committee_Pages the best way to
change the world is to start with your local chapter, then region the
globally.
#4 - OWASP PodCasts http://www.owasp.org/index.php/OWASP_Podcast got
questions, comments or feedback for Jim Manico and team that have been
working very hard to bring you interviews with AppSec folks globally,
let them know send a email to podcast@owasp.org with your comments and
favorite episode and why.
#5 - OWASP Projects have been updated. Have a review of the existing
ones as well as detailed how-to on new projects see:
http://www.owasp.org/index.php/Category:OWASP_Project
#6 - HELP WANTED - The OWASP Job Board has lots of active postings of
firms looking for the best in the industry, if you are looking for
employment or if it is time to change gears and accelerate your career
visit http://www.owasp.org/index.php/OWASP_Jobs to have a look around
#7 - OWASP Conferences -
http://www.owasp.org/index.php/Category:OWASP_AppSec_Conference the
USA, DC OWASP event is going to be a BIG event plan now to attend it
lock in your hotels and travel early. If you would like to host a
conference in 2010 be sure to contact Kate Hartmann with your proposal
for consideration for 2010.
#8 - OWASP GRANTS/SoC want to work on a OWASP project? Want to
sponsor a OWASP project take the time to review the following:
http://www.owasp.org/index.php/OWASP_Season_of_Code_2009
There is so much energy and passion with the OWASP Foundation, thank
you for being a member of our mailing lists and if you are an
Individual Member (a $50.00 annual donation) or a Organization
Supporter (a $5000.00 annual donation) and Accredited University
Supporters are FREE so talk to your University if they are not on the
list already.
http://www.owasp.org/index.php/Membership#Current_OWASP_Organization_Supporters_.26_Individual_Members
THANK YOU FOR YOUR SUPPORT TO ALLOW US TO CONTINUE ON THE MISSION of
"to make application security visible, so that people and
organizations can make informed decisions about true application
security risks"
Tom Brennan
Volunteer Board Member
OWASP Foundation
Direct: 973-202-0122
http://www.linkedin.com/in/tombrennan
12 July 2009
Blackhat 2009 Talks
Every year when Blackhat roles around taking the time to plot out the talks that will take up blocks of my time is a trade-off. Things I want to see/hear, things I want to learn more about..
My picks for Blackhat 2009 and Defcon 2009
-------------------------------------------------------
Blackhat - https://www.blackhat.com/html/bh-usa-09/bh-usa-09-schedule.html
Defcon - http://defcon.org/html/defcon-17/dc-17-schedule.html
July 29th
0850 - 0900 - KeyNote - Jeff Moss, always a good idea to catch the kick off for updates/changes and to hear what's new.
1000 - 1100 - Billy Hoffman & Matt Wood Veiled - A Browser Based Darknet
1115 - 1230 - CSO Panel: Black Hat Strategy Meeting
1515-1530 - Jeff Williams: There's a Fox in the Henhouse
16:45 - 1800 w/ Open Bar ;) Breakout Briefings: OWASP and Critical Infrastructure. Assets that are essential for the functioning of a society and economy and what together we can do to help w/Tom Brennan and OWASP (www.owasp.org) people from around the world.
1800 - 1930 Pwnie Awards
July 30th
1000-1100 Alex Stamos, Andrew Becherer & Nathan Wilcox:
Cloud Computing Models and Vulnerabilities - Raining on the Trendy New Parade
1115-1230 Jeremiah Grossman & Trey Ford: Mo' Money Mo' Problems
1345 - 1500 Haroon Meer, Nick Arvanitis & Marco Slaviero:
Clobbering the Cloud!
1515 - 1630 Kostya Kortchinsky: Cloudburst - Hacking 3D and Breaking out of VMware
2000 - 2200 Kart-Con www.fastlaplv.com
Friday
1000 Perspective of the DoD Chief Security Officer Robert Lentz Until: 10:50
1200 Kenshoto
1730 Fragging Game Servers Bruce Potter and Logan Lodge Until: 18:20
1830 Something about Network Security Dan Kaminsky
Sat
1200 RFID MythBusting Chris Paget
1300 Injectable Exploits: Two New Tools for Pwning Web Apps and Browsers
1400 MetaPhish Valsmith, Colin Ames and David Kerb (in and out maybe...)
1500 Hijacking Web 2.0 Sites with SSLstrip—Hands-on Training Sam Bowne
Sunday
1200 Unmasking You Joshua "Jabra" Abraham and Robert "RSnake" Hansen
1500 Confidence Game Theater cough Until: 15:50
1700 Awards/Wrapup w/ Dark Tangent
My picks for Blackhat 2009 and Defcon 2009
-------------------------------------------------------
Blackhat - https://www.blackhat.com/html/bh-usa-09/bh-usa-09-schedule.html
Defcon - http://defcon.org/html/defcon-17/dc-17-schedule.html
July 29th
0850 - 0900 - KeyNote - Jeff Moss, always a good idea to catch the kick off for updates/changes and to hear what's new.
1000 - 1100 - Billy Hoffman & Matt Wood Veiled - A Browser Based Darknet
1115 - 1230 - CSO Panel: Black Hat Strategy Meeting
1515-1530 - Jeff Williams: There's a Fox in the Henhouse
16:45 - 1800 w/ Open Bar ;) Breakout Briefings: OWASP and Critical Infrastructure. Assets that are essential for the functioning of a society and economy and what together we can do to help w/Tom Brennan and OWASP (www.owasp.org) people from around the world.
1800 - 1930 Pwnie Awards
July 30th
1000-1100 Alex Stamos, Andrew Becherer & Nathan Wilcox:
Cloud Computing Models and Vulnerabilities - Raining on the Trendy New Parade
1115-1230 Jeremiah Grossman & Trey Ford: Mo' Money Mo' Problems
1345 - 1500 Haroon Meer, Nick Arvanitis & Marco Slaviero:
Clobbering the Cloud!
1515 - 1630 Kostya Kortchinsky: Cloudburst - Hacking 3D and Breaking out of VMware
2000 - 2200 Kart-Con www.fastlaplv.com
Friday
1000 Perspective of the DoD Chief Security Officer Robert Lentz Until: 10:50
1200 Kenshoto
1730 Fragging Game Servers Bruce Potter and Logan Lodge Until: 18:20
1830 Something about Network Security Dan Kaminsky
Sat
1200 RFID MythBusting Chris Paget
1300 Injectable Exploits: Two New Tools for Pwning Web Apps and Browsers
1400 MetaPhish Valsmith, Colin Ames and David Kerb (in and out maybe...)
1500 Hijacking Web 2.0 Sites with SSLstrip—Hands-on Training Sam Bowne
Sunday
1200 Unmasking You Joshua "Jabra" Abraham and Robert "RSnake" Hansen
1500 Confidence Game Theater cough Until: 15:50
1700 Awards/Wrapup w/ Dark Tangent
25 June 2009
Cloud Security
Today started another effort for me.
To promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing.
http://www.cloudsecurityalliance.org
Download the following and take a look at v1.0
http://www.cloudsecurityalliance.org/guidance/csaguide.pdf
To promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing.
http://www.cloudsecurityalliance.org
Download the following and take a look at v1.0
http://www.cloudsecurityalliance.org/guidance/csaguide.pdf
21 June 2009
OWASP PodCast #26
OWASP PodCast listen to the madness of Application Security - Click Here
Host: Jim Manico
Copy Editor: Andre Gironda
Participants: Tom Brennan, Jeff Williams, Alex Smolen, Andre Gironda
Host: Jim Manico
Copy Editor: Andre Gironda
Participants: Tom Brennan, Jeff Williams, Alex Smolen, Andre Gironda
20 June 2009
Adrian Crenshaw's OWASP Top 5
Good job Adrian with the OWASP Top 5 and Mutillidae: Intro to common web vulnerabilities like Cross Site Scripting (XSS), SQL/Command Injection Flaws, Malicious File Execution/RFI, Insecure Direct Object Reference and Cross Site Request Forgery (CSRF/XSRF)
http://www.irongeek.com/i.php?page=videos/owasp-top-5-louisville
http://www.irongeek.com/i.php?page=videos/owasp-top-5-louisville
03 June 2009
14 May 2009
OWASP NYC / NJ
http://www.owasp.org/index.php/NYNJMetro
When: Tuesday, May 19th at 6:00pm - 9:30pm EST
Where: DTCC 55 Water Street, New York, New York 10041 MAP
Agenda:
6:00pm - Opening Remarks with Tom Brennan Global Board for OWASP Foundation.
6:15pm - Anurag Agarwal Web hacking: Tricks of the trade - The session will show you that why is web application security is such a big threat these days and how little you need to know to hack into a website. Anurag Agarwal will show you step by step on how a small error message can lead to a hacker completely owning the web application or how a hacker can steal all the credit card numbers in a matter of minutes if the application is vulnerable to sql injection. This action packed one-hour session will also cover some real life case studies on how some of the big names were hacked. This interactive session will be an eye opener for developers and executives alike and a good learning experience for all.
7:00pm - Industry Panel w/ Jim Routh CISO and Managing Director of our host DTCC & Mark Clancy Executive Vice President at Citigroup & Chris Hodder CTO of Bloomberg
7:30pm - OWASP Software Assurance Maturity Model created by Pravir Chandra - The Software Assurance Maturity Model (SAMM) is an open framework to help organizations formulate and implement a strategy for software security that is tailored to the specific risks facing the organization
8:30pm - Career Incident Response with Lee Kushner
About our venue host DTCC - DTCC's depository provides custody and asset servicing for 3.5 million securities issues from the United States and 110 other countries and territories, valued at $28 trillion. In 2008, DTCC settled more than $1.88 quadrillion in securities transactions More Info
Come prepared for a night of networking with your industry peers, enter raffles for sponsor provided prizes and learn new techniques in application security.
When: Tuesday, May 19th at 6:00pm - 9:30pm EST
Where: DTCC 55 Water Street, New York, New York 10041 MAP
Agenda:
6:00pm - Opening Remarks with Tom Brennan Global Board for OWASP Foundation.
6:15pm - Anurag Agarwal Web hacking: Tricks of the trade - The session will show you that why is web application security is such a big threat these days and how little you need to know to hack into a website. Anurag Agarwal will show you step by step on how a small error message can lead to a hacker completely owning the web application or how a hacker can steal all the credit card numbers in a matter of minutes if the application is vulnerable to sql injection. This action packed one-hour session will also cover some real life case studies on how some of the big names were hacked. This interactive session will be an eye opener for developers and executives alike and a good learning experience for all.
7:00pm - Industry Panel w/ Jim Routh CISO and Managing Director of our host DTCC & Mark Clancy Executive Vice President at Citigroup & Chris Hodder CTO of Bloomberg
7:30pm - OWASP Software Assurance Maturity Model created by Pravir Chandra - The Software Assurance Maturity Model (SAMM) is an open framework to help organizations formulate and implement a strategy for software security that is tailored to the specific risks facing the organization
8:30pm - Career Incident Response with Lee Kushner
About our venue host DTCC - DTCC's depository provides custody and asset servicing for 3.5 million securities issues from the United States and 110 other countries and territories, valued at $28 trillion. In 2008, DTCC settled more than $1.88 quadrillion in securities transactions More Info
Come prepared for a night of networking with your industry peers, enter raffles for sponsor provided prizes and learn new techniques in application security.
Subscribe to:
Posts (Atom)
In the News...
Subscribe To Techno-Blog
Posts
All Comments
