Malta

=Upcoming Events=

OWASP Malta Chapter Meeting, December, 2018
When:
 * Date: Thursday 19th December 2018
 * Time: 18:30

Where:

Malta Information Technology Agency

MITA Data Centre, Triq Il - Ferrovija, Santa Venera

Map: https://goo.gl/maps/bspHHkT5xkz

Title: Reverse proxies & Inconsistency (from ZeroNights 2018)

Modern websites are growing more complex with different reverse proxies and load balancers covering them. They are used for various purposes: request routing, caching, putting additional headers, restricting access. In other words, reverse proxies must both parse incoming requests and modify them in a particular way. However, path parsing may turn out to be quite a challenge due to mismatches in the parsing of different web servers. Moreover, request converting may imply a wide range of different consequences from a information security point of view. I have analyzed different reverse proxies with different configurations, the ways they parse requests, apply rules, and perform caching. In this talk, I will both speak about general processes and the intricacies of proxy operation and demonstrate the examples of bypassing restrictions, expanding access to a web application, and new attacks through the web cache deception and cache poisoning.

Speaker:  Aleksei "GreenDog" Tiurin (Senior Security Researcher at Acunetix)

Back to Top

=Past Meetings and Events=

Listing of Past Meetings and Events
2018 | 2017 | 2016]

OWASP Malta Chapter Meeting, August, 2018
When: Where:
 * Date: Wednesday 1st August 2018
 * Time: From 18:00

Malta Information Technology Agency

MITA Data Centre, Triq Il - Ferrovija, Santa Venera

Map: https://goo.gl/maps/bspHHkT5xkz

Title: Blockchain Security

Overview of all the areas around blockchain security, including supporting infrastructure, smart contract security, etc.

Speaker: Rodrigo Marcos

Back to Top

OWASP Malta Chapter Meeting, June, 2018
When: Where:
 * Date: Thursday 21st June 2018
 * Time: 18:30

MCAST IICT - MCAST Main Campus,

Triq Kordin, Paola PLA 9032

Map: https://goo.gl/maps/W6gUjDb19xo

Title: IT SECURITY: A SLIDE FROM THE BOTTOM TO THE TOP

Technological advances shape the way we work and live now and for years to come. Breakthroughs are the order of the day and web applications are created practically on the fly. Combine that with mass distribution and all of a sudden security, best-practice frameworks and even regulations get relegated to the catching-up zone. In this talk Mark Fenech will adopt Information Security principles for the development of web applications, so that management, developers and business stakeholders alike will have a framework within which they can ruminate for more secure web applications.

Speaker: Mark Fenech

With over 20 years of experience in the IT and Financial Services industry, Mark Fenech heads the IT Audit Team within a local bank. Ranging from technical, less technical and outright non-technical domains, Mark’s skills extend across multiple disciplines required within IT Auditing, IT Risk Management, Cybersecurity and other various IT Management Processes. Mark is a Certified Information Systems Auditor (CISA, ISACA), Certified in Risk and Information System Controls (CRISC, ISACA), holds certifications in Cybersecurity (CSX, ISACA) and in the Governance and Management Framework for Enterprise IT (COBIT, ISACA), is a Member of the Business Continuity Institute (MBCI), holds a Teacher’s Warrant from the Council for the Teaching Profession, and is also a Competent Communicator (CC, Toastmasters International). In addition, Mark holds a BSc in Mathematics and Computer Science from the University of Malta, and an MBA from the Maastricht School of Management. He is also a seasoned Public Speaker and speaks frequently on a variety of topics for educational purposes and for raising awareness within different entities.

Back to Top

OWASP Malta Chapter Meeting, April, 2018
When: Where:
 * Date: Thursday 19th April 2018
 * Time: 18:30

MCAST IICT - MCAST Main Campus,

Triq Kordin, Paola PLA 9032

Map: https://goo.gl/maps/W6gUjDb19xo

Title: Porting a Proof of Concept C code into universal python exploit (OpenSSH).

Summary:

OpenSSH lets you grant SFTP access to users without allowing full command execution using “ForceCommand internal-sftp”. However, if you misconfigure the server and don’t use ChrootDirectory, the user will be able to access all parts of the filesystem that he has access to – including procfs. On modern Linux kernels (>=2.6.39, I think), /proc/self/maps     reveals the memory layout and /proc/self/mem lets you write to arbitrary memory positions.

This talk will provide an overview of the exploitation process for the OpenSSH vulnerability and the challenges and techniques used to create an universal exploit for 32 and 64 bit architectures.

Speaker: Adam Simuntis and Mindaugas Slusnys

Back to Top

OWASP Malta Chapter Meeting, October, 2018
When: Where:
 * Date: Friday 19th October 2018
 * Time: From 18:00

Malta Information Technology Agency

MITA Data Centre, Triq Il - Ferrovija, Santa Venera

Map: https://goo.gl/maps/bspHHkT5xkz

Talk 1: Manning Infosec Strategy

There are three main factors that influence how information security is dealt with these days - (1) the presumed risk if we don’t do it (or do it badly), (2) the pace at which technologies and business styles change and (3) the lack of a structure behind any infosec activities.

It’s clear to me that these are just some of the challenges infosec teams must deal with nowadays. This talk will open the floor to a discussion of blockers, challenges and drivers discussing the evolution of the roles associated with infosec and later merging best practice recommendations with an infosec strategy to dealing with risks. Finally, once a strategy is adopted, the presentation will present some ideas on how to gauge progress– such that efforts to improve are both meaningful and measurable.

Speaker: Donald Tabone

Donald currently manages the Infosec team @ LeoVegas. He teaches the subject at a Masters level with Middlesex University and has worked for many years in the fields of Information Security, IT Auditing and Risk Management. With a career spanning more than 20 years working across Europe and the US, he is a long-standing Gold member of ISACA and also has the honour of working as a Technical Forensic Court Expert for the Courts of Malta.

Talk 2: MDR vs SIEM

SIEM's are awesome tools and have gained huge traction in past years. While they've without a doubt changed the landscape of cyber security, they leave quite a few holes which most info-sec pro's are unaware of. Jean-Michel will be explaining how both existing and prospective users of SIEM tools can avoid these caveat's and make the most of their technology reach.

Speaker: Jean-Michel Azzopardi

Jean-Michel is the Ceo of Kralanx Cyber Security. He has experience under IBM as an SAP consultant and has sold cyber security software to Apple, Huawei and countless government organizations around the world.

Back to Top

OWASP Malta Chapter Meeting, December, 2016
When: 9th December @ 18:30 - 20:30

Where: Middlesex University, Triq Alamein, Pembroke, Malta

Title: Introduction to OWASP Malta || Memorable Hacks in the Gaming industry

As one of the key market verticals in Malta is iGaming, we will open the OWASP chapter covering a number of ingenius hacks see through history. Rodrigo will cover a number of interesting scenarios of hacks applied to the gaming sector.

Speaker: Rodrigo Marcos

Back to Top

=Chapter Leadership=

Our Chapter Leadership
=Sponsorship Opportunities=

Sponsorship Opportunities with our Chapter
The Malta OWASP Chapter can offer your company several sponsorship opportunities. If you are interested in taking advantage of any of these opportunities, please contact Rodrigo Marocs, the Malta OWASP Chapter Leader.