Null & OWASP Delhi Combined Meeting October 2014

When: October 18th, 2014 (Saturday), 4:00 PM IST

Venue: Sapient Corporation, Unitech Infospace SEZ Tower-B, Building No-8 Sector 21, Old Delhi - Gurgaon Road Dundahera, Gurgaon 122016 Haryana, India, Main Office Number: +91 (124) 499 6000

Nearest Landmark: Trident Hotel.(Straight from Trident Hotel towards Dundahera Village and left from T Point, Unitech building will be on the right. RBS and Amdocs offices are in the same complex.)

Nearest Metro Stations: · IndusIand Bank Cyber City Rapid Metro Station · MG Road Metro Station · Sikanderpur Metro Station

Google Maps: Click here!

Note: RSVP/Registration is mandatory else Sapient Security Personnel won't allow you in. Please do so here – http://goo.gl/KsmDX7

Session Details/Agenda:

4:00 PM - 4:10 PM: Introductions by null and OWASP Delhi Team

4:10 PM - 4:20 PM: Welcome Video from Thom Langford, Director, Global Security Office, Sapient

4:20 PM - 4:30 PM: News Bytes and What's New by null and OWASP Delhi Team

4:30 PM - 5:30 PM: IronWASP - The Open Source Web Security Scanner that is made in India

Abstract: It is generally believed that all innovation in the security space happens in the west and then trickles down to India. But did you know that there is one project from India that has pioneered new techniques years back that have only recently been adopted by others. And some of these techniques might probably only be adopted sometime in the future. I am the founder of this project and I will tell you its story.

About the Speaker: Lavakumar Kuppan is the CTO of Ironwasp Information Security Solutions Pvt Ltd and founder of the IronWASP Project. IronWASP is one of the world's best open source web security scanners and is Asia's largest open source security project. He is also a well known security researcher and speaker. His research works have been covered by prominent media groups like Forbes. The web security scanning technology developed by him won an innovation award from the Indian Department of Science & Technology and Lockheed Martin. He was awarded the Black Shield Luminaire award for his work in the field of security. You can find out more about him and his projects at lavakumar.com

5:30 PM - 5:45 PM: Tea/Coffee/Networking Break

5:45 PM - 6:15 PM: UNICODE For Fun and Profit

Abstract: Currently, UNICODE is getting more and more popular in computing world. With an initiative to register domain names with UNICODE characters, the world will see even more prevalent use of UNICODE. Such widespread use of UNICODE opens the door to some attack vectors (specially spoofing etc) which were slightly harder to perform. The talk will discuss 3 such attacks (extension spoofing, URL spoofing, and phishing) using RTLO, LTRO and some other special properties of UNICODE. Demo and proof of concept codes will be presented for each attack. The talk will also discuss about countermeasures for such attacks.

About the Speaker: Ankur Vats is an independent security researcher specialising in web security and related fields. His areas of expertise are web security, network security and secure coding practices. He can be reached on facebook (ankur.vats.735), and email (vats.ankur452@gmail.com).

6:15 PM - 6:45 PM: I know what you did on your system: Analyzing User Activities

Abstract: The talk will cover various aspects of User Activity Forensics including but not restricted to, file system activity, network activity, machine name, interfaces, machine image sources and USB port(s) usage. This will help attendees understand ways to detect suspicious activity on the system that may comprise the security posture of the system or may have already done so.

About the Speaker: Vaibhav Gupta (one of the Chapter Lead) is currently working with Adobe as a Security Researcher. Previous to this, he was working with a Fortune 500 company dealing with application security and network security assignments as a Sr. Information Security Engineer. His interests/experience lies in: → Application Security → 0-day & Malware Analysis → Fuzzing → Network Penetration Testing

6:45 PM - 7:00 PM: Feedback and Topic Discussion for Next Month In case of any queries or issues please feel free to reach out to the chapter leaders.