Malaysia

Malaysia

OWASP Malaysia &amp; MySecurity Community

OWASP Malaysia Project now officially handle and organize by MySecurity Community. It was non-profit organization. We are pleasure and welcome to all Malaysian to join us and share the knowledge, skill, idea and related to make OWASP Malaysia Project are benefit to everybody. OWASP Malaysia Project as well are the pioneer project for Web Security Application and we tied with Malaysia Government Security Agency &amp; Organization to promote and give awareness to Malaysian specially to government,university and public. Any private sector want to contribute and sponsor are welcome.

Join the local Malaysia chapter Facebook Page

Join the local Malaysia Chapter Discussion Facebook Group

Follow our twitter OWASP Malaysia #owaspmy 

OWASP Malaysia Linkedin Group

OWASP Malaysia Official Telegram Group

OWASP Malaysia Meetup Planning Schedule

OWASP Malaysia Translation Project (OMTP) We need any volunteer for our translation project from English - Malay Please free to contact any of our BOM for update the Project

OWASP Malaysia Slack - OWASP Malaysia Slack  Interest to join Please [mailto:fazli@owasp.org Email] us your legitimate email for registration

'''NOTE: OWASP now promote for who want to become Official Members for Malaysia Chapter. You can get special rate and discount and get email @owasp.org with 25GB space. Please register at here as individual(Memberships) and to see the example how to (REGISTER) OWASP Memberships'''

=News= For all new members and existing member please free to contribute to OWASP Malaysia Chapter and if you are commitment to help OWASP Malaysia please subscribe OWASP Membership for individual. For Corporate sponsor OWASP Malaysia please contact OWASP Admin.

We are welcome to join our conversation. If any query don't hesitate to contact [mailto:admin@owasp.my OWASP Admin]. Everyone is welcome to join us at our chapter meetings.

Related Security Events for this years.

AMDI-USM OSS Day (AMDIOSS) 23 December 2010
=Webinar=

2012
===Secure Mobile App Development: Differences from Traditional Approach - 31 January 2012 10.00p.m PST  Automated Hacking Tools - Meet the New Rock Stars in the Cyber Underground  27 June 2012 9.00a.m GMT=== =Board Of Members= Chapter Leader - [mailto:fazli(at)owasp.my Mohd Fazli Azran]

Board Of Members 2010


 * University Representative - [mailto:nurhizam.safie(at)aeu.edu.my Dr. Nurhizam Safie] (Asia eUniversity)
 * Government Representative - [mailto:naim.ibrahim(at)moha.gov.my Mohd Naim Mohd Ibrahim] (Ministry Of Home Affairs)
 * Community Representative - [mailto:noc(at)ipx.noc.net.my Wan Adnan Wan Jaafar] (NOC IPX)
 * Private Sector Representative - [mailto:shahriman(at)scan-associates.net Muhammad Shahriman Samsudin](Scan Associates)
 * Sec. Professional Representative - [mailto:adli(at)cybersecurity.my Adli Wahid] (MyCERT CyberSecurity)

Advisor - [mailto:amir(at)mysecurity.my Amir Haris] (MyNIC Berhad)

Observer - [mailto:info(at)mysecurity.my MySecurity Community] (MySecurity)

=Meeting Chapter=

OWASP Meetup Q2 2017
OWASP Malaysia is Open Web Application Security Project for Malaysia Chapter. We like to share and discuss about security. Feel to join and participate as community. This is Open Source Project by OWASP Foundation.


 * Topic : OWASP Malaysia Meetup Q2 2017
 * Date : 18 July 2017 (Tuesday)
 * Time : 8.00a.m - 2.00p.m
 * Venue : Auditorium Hall, Microsoft Malaysia, Level 26, Petronas Tower 3, KLCC
 * Event Program:

8.00a.m - 9.00a.m - Arrival Participant 9.00a.m - 9.10a.m - Official Launch & Opening Speech by Microsoft Malaysia 9.10a.m - 9.20a.m - Speech by OWASP Malaysia Chapter Leader 9.20a.m - 10.00a.m - Breakfast 10.00a.m - 10.35a.m - Speech By Walter Wong - TBA 10.35a.m - 11.10a.m - Speech By Sanjay WS - TBA 11.10a.m - 11.45p.m - Speech By TBA 11.45a.m - 12.20p.m - Speech By Hasnan Hasim - Rimau WAF 12.20p.m - 1.00p.m - Speech By Sina Manavi- TBA 1.00p.m - 2.00p.m - Pre Lunch by Microsoft

Sanjay WS is a CTO of Astiotech Sdn Bhd and MVP Entreprise Security. In this session, I would like to share the security problems that are still plaguing Windows users until we see a worldwide pandemic security fear recently on ransomware. We walkthrough the historical security journey of Windows users and what Microsoft has done to address them. In Windows 10, Microsoft claims to have a silver bullet approach alongside other security primers in Windows 10, will it make the cut? You decide. I also hope to present a custom compromise in Windows that can easily be exploited in any version of Windows and let’s turn on this security solution and see if it survives.
 * Topic - The Security Problem and The Security Solution




 * Topic - Rimau WAF

Walter Wong is a technical lead in Gain Secure, a Malaysian-based company. The company specialized for providing secure application development and user experience (UX) consultation services to customers. Walter is a Microsoft MVP for developer security and Microsoft Azure. Research on application development security is Walter's personal interest. He also successfully discovered many websites vulnerabilities including some high traffic websites over the past few years. Walter often speaks at technical conferences such as Visual Studio 2010 Launch, TechEd SEA, Security Symposium, TechNet/MSDN, Tech Insights and more. Hosting the application in the cloud infrastructure does not guaranty your application and data security by default. It’s developer responsibility to ensure the application developed, configured and hosted is secure by default. Come and join Walter in his demo packed rollercoaster ride to understand more about Microsoft Azure security features. If you looking forward for a demo how to break the application hosted in Azure, this is the session you don’t want to miss.
 * Topic - TBA



Sina Manavi is a Senior Consultant at EC-Council and official OWASP member since 2012. He has wide experience in Penetration Testing, Digital Forensics, Incident Handling and Malware Analysis. He has been a speaker in different government agencies and universities for the past years in Malaysia as well as Iran. He has developed different penetration testing books and contents. Sina trained over 500+ security experts in Information Security Industry across Malaysia and Iran. Sina reported various 0-days vulnerabilities to different government agencies and enterprises as an ethical hacker.
 * Topic - TBA



OWASP Meetup Q3 2016
OWASP Malaysia is Open Web Application Security Project for Malaysia Chapter. We like to share and discuss about security. Feel to join and participate as community. This is Open Source Project by OWASP Foundation.


 * Topic : OWASP Malaysia Meetup Q3 2016
 * Date : 22 September 2016 (Thursday)
 * Time : 8.00a.m - 2.00p.m
 * Venue : Hall Level 7, CyberSecurity Malaysia
 * Event Program:

8.00a.m - 9.00a.m - Arrival Participant 9.00a.m - 9.10a.m - Official Launch & Opening Speech by CEO CyberSecurity Malaysia 9.10a.m - 9.20a.m - Speech by OWASP Malaysia Chapter Leader 9.20a.m - 10.00a.m - Breakfast 10.00a.m - 10.35a.m - Speech By Melvin Lim (Infoblox) - Data Exfiltration over DNS 10.35a.m - 11.10a.m - Speech By Mohamed Fadzlee Sulaiman (CSM) - CyberDEF: Uncovering Future Threats 11.10a.m - 11.45p.m - Speech By Ahmad Ashraff bin Ahmad (ISC) - Security Through Obscurity : Good or Bad? 11.45a.m - 12.20p.m - Speech By Azril Rahim (ISC) - A Practical Low Cost Cyber Threat Intelligence for SME 12.20p.m - 1.00p.m - Speech by Jay Chow (Rapid7) - Application Assessment for the Modern World 1.00p.m - 2.00p.m - Pre Lunch by CSM

Ahmad Ashraff bin Ahmad will share on his 6 years experience conducting penetration testing and bug bounty hunting related to the 'Security Through Obscurity'. Is it the right choice to depend on security appliance? Is it bad to leave the code vulnerable while being protected by these 'obscurity'? What's the impact to the community?. Ahmad Ashraff was a chemical engineering student from UTP. Choose to be in the ITsec because of his believe in 'following your passion' will lead to the right path. 6 years as a pentester. Have been with multiple security companies to learn the strong,weakness,gaps that is currently missing in ITsec MY. Active in bug bounty, 1st place in Malaysia. 1st place in Bugcrowd.Currently working as a IT Security Specialist.
 * Topic - Security Through Obscurity : Good or Bad?



Started off as Solutions Specialist, Melvin carries with him over 13 years of security focus experiences working with leading companies like Bluecoat, McAfee, Akamai and Infoblox. With cyber defense always at the the top of his mind, he provided threat briefing, network security assessment workshops for many organisations in ASEAN, reviewed their network security posture for vulnerabilities,. In a few occasions, Melvin was called back by the organization when the security gaps he highlighted were subsequently exploited by the attackers. In Infoblox, Melvin focuses on data leakage over DNS, defense in depth against DNS DDoS and exploits, which are some of the least addressed security gaps in many organizations today.
 * Topic - Data Exfiltration over DNS




 * Topic - Application Assessment for the Modern World

Jay Chow brings with him more than 10 years of experience in the areas of network and security consulting, implementation, and support. Jay Chow has been on the ground designing, consulting and leading several key government and MNC security projects. Bearing deep practical and strong technical understanding on various security technologies in the market, Jay has been a valuable resource in providing security insights. In his role with Rapid7, Jay focuses on assisting mid-to-large enterprises engineer better security across the South Asia region by visualizing, contextualizing and extracting more insights on their current risk and security exposure.




 * Topic - A Practical Low Cost Cyber Threat Intelligence for SME

Azril Rahim is a passionate cyber security expert with over 13 years of experiance. He is also an advocate for open source software where he also developed codes for computer security as well network and general purpose tools. His interest on computer security focuses on vulnerability assessment, pen-test, computer and network forensics, cyber threats intelligence, PKI and secure communication & network programming. He is also has won several awards from the Malaysian government for his work contribution in computer security. He is also hold several international certifications in computer security. Most of his cyber security work are proven hands on and validated via research papers, written & presented technical presentations, hands on work and also computer codes codings. More information about Azril work on computer security & programming can be obtain at his website at http://azrilrahim.site88.net



Mohamed Fadzlee Bin Sulaiman is currently leading CyberDEF unit under Digital Forensics Department, CyberSecurity Malaysia. Eight years of experience in digital forensics has emphasized his credibility in solving criminal and civil cases in major fields including Computer Forensics, Network Forensics, Mobile Phone and Video Forensics. With CyberDEF he has been assisting organization and corporate companies by providing comprehensive cyber security solution especially for Critical National Information Infrastructure (CNII) sectors. Based on the prosecution necessity, he has also experienced as an expert witness to provide testimonial for various cases in court. To date, Mr. Fadzlee has conducted and handled analysis for more than hundred digital forensic cases including hacking, financial crimes, harassment, seditious,bribery, IP theft and etc. Occasionally, he is invited as a speaker and trainer at Government Linked Companies (GLC), local and foreign Law Enforcement Agencies.



OWASP Meetup Q3 2015
OWASP Malaysia is Open Web Application Security Project for Malaysia Chapter. We like to share and discuss about security. Feel to join and participate as community. This is Open Source Project by OWASP Foundation.


 * Topic : OWASP Malaysia Meetup Q3 2015
 * Date : 14 September 2015 (Monday)
 * Time : 9.00a.m - 2.00p.m
 * Venue : Banquet Hall, Level 29, UniKL MIIT, Jln Sultan Ismail, KL
 * Event Program:

9.00a.m - 10.00a.m - Arrival Participant 10.00a.m - 10.10a.m - Official Launch & Opening Speech by  10.10a.m - 10.20a.m  - Speech by OWASP Malaysia Chapter Leader 10.20a.m - 10.30a.m - Breakfast 10.30a.m - 11.05a.m - Speech By  Adnan Mohd Shukor (BlueCoat) - Attacker Toolkit and Strategic Web Compromise 11.05a.m - 11.40a.m - Speech By Sina Manavi (Kaapagam Technologies) - 11.40a.m - 12.15p.m - Speech By Farhan Faisal - Network Threat Visibility 12.15p.m - 1.00p.m - Speech By Adli Wahid (APNIC) -  Establishing Security Response Capabilities 1.00p.m - 2.00p.m - Social Network (Refreshment)

Adnan Mohd Shukor or (@xanda) is a Threat Analyst at BlueCoat System. He detects, analyzes, and blocks web threats and one of his areas of expertise is in exploit kit detection. He also contributed codes and patches to several open source projects and communities before, and most of them are in IT security related projects. Prior to joining BlueCoat System, he was the Senior Analyst at Malaysia CERT, CyberSecurity Malaysia
 * Topic - Attacker Toolkit and Strategic Web Compromise



Sina Manavi s a security enthusiast interested in penetration testing and digital forensics investgation. He has a master`s degree in computer science in the field of digital forensic investigation, and also certificate holder of CEH and CHFL. He has conducted many security talks and practical workshops and training on web/network/mobole penetration testing in Malaysia. His main interest is in mobile app penetration testing. He started his IT career as a software and database developer, and later joined the software database designing field. Currently, he works as professional trainer and information security consultant for Kaapagam Technologies Sdn Bhd in Malaysia.
 * Topic -



Farhan Faisal He started his way in system administration, exposed to the real threats every day,gaining real experience from live system. Got GPEN, CCNA, and work experience in MyCERT allows him to work on real customer's network and various environment. He have done Network Forensic, Incident Management, Penetration Testing, and Security Monitoring for various organization and government agencies. He runs his company Scan Insight Sdn Bhd, and right now building External Threat Monitoring
 * Topic - Network Threat Visibility



Adli Wahid (@adliwahid) is a Security Specialist at the Asia Pacific Network Information Centre (APNIC) in Brisbane, Australia. He does a lot of engagement with network operators, CERTs/CSIRTs, Law Enforcement and Inter-Government Agencies. He is also a member on the Board of Directors of the Forum of Incident Response and Security Teams (FIRST). Prior to joining APNIC he was the Head of Malaysia CERT at CyberSecurity Malaysia and a member of MUFG-CERT (Bank of Tokyo-Mitsubishi UFJ) You can read some of his activities at APNIC’s blog https://blog.apnic.net/
 * Topic - Establishing Security Response Capabilities



OWASP Meetup Q2 2015
OWASP Malaysia is Open Web Application Security Project for Malaysia Chapter. We like to share and discuss about security. Feel to join and participate as community. This is Open Source Project by OWASP Foundation.


 * Topic : OWASP Malaysia Meetup Q2 2015
 * Date : 12 June 2015 (Friday)
 * Time : 8.00a.m - 2.00p.m
 * Venue : Theater Room, Level 7, CyberSecurity Malaysia, Seri Kembangan, Selangor
 * Event Program:

8.30a.m - 9.00a.m - Arrival Participant 9.00a.m - 9.10a.m - Official Launch & Opening Speech by Dr. Amirudin Abdul Wahab CEO CyberSecurity Malaysia (CSM) 9.10a.m - 9.20a.m - Speech by OWASP Malaysia Chapter Leader 9.20.a.m - 9.50a.m - Speech By Fatah Al-Farihin (CSM) - Zero day malware detection/prevention using open source software - Proof of Concept 9.50a.m - 10.20a.m - Speech By Dick Bussiere (Tenable Security)- The increasing importance of Continuous Network Monitoring in today’s Cyberworld 10.20a.m - 10.35a.m - Rest 10.35a.m - 11.05a.m - Talk by Walter Wong (GainSecure) - Security Awareness for .Net Developers 11.05a.m - 11.45a.m - Speech by Azril Aari (Infoblox) - Advance Financial Malware: GameOver Zeus - The art of espionage, data ex-filtration and network disruption 11.45a.m - 12.15a.m - Speech By Ken Too (Vectra Network) - An Analysis of Recent Cyber Attacks 12.15p.m - 2.00p.m - Social Network (Friday Pray)

Abstract: Zero day malware detection/prevention using open source software - Proof of Concept Today, as computer attacks tend to be malware-centric, the cyber criminals have introduced sophistication in their attack techniques that makes the traditional way of protecting the enterprise with firewalls, intrusion detection systems and antivirus software at the network perimeter ineffective. While maintaining Honeypot technology to collect malware information from the Internet & internal organizations, we would like to present a proof on concept on mitigating zero day malware using several combination of open source projects involving malware collection from network traffic, ssl interception, sandboxing. evading anti-vm, network ids/ips, process flow, etc. From the idea, we are welcoming contributions & collaboration from the public & education sector.

Bio: Mr Fatah is currently a Senior Analyst under Malware Research Centre, MyCERT Department. He has already worked in information security domain for almost 10 years in most domain in security posture assessment (penetration testing, source code audit, wireless assessment, web assessment, database assessment, etc.), software development, geographical information system, managed security services, and others. He holds information security professional certification such as GWAPT, OSWiSP, HP ArcSight Certified Professional, ITILv3, CNE6, etc.



Abstract: The increasing importance of Continuous Network Monitoring in today’s Cyberworld

Bio : Mr. Dick Bussiere is Tenable Network Security’s Principal Architect for the Asia Pacific Region. In this multifaceted role, Mr. Bussiere is responsible for evangelizing the criticality of vulnerability assessment, vulnerability management, and thorough security monitoring as part of an organizations enhanced security posture. Mr. Bussiere is a frequent public speaker on these and other security and networking mattersMr. Bussiere frequently assists Financial Services Organizations, Governments, and Managed Security Service Providers in adopting a regimen of pro-active vulnerability management to help them reduce their vulnerability footprint.

Prior to Tenable, Mr. Bussiere was Arbor Network’s Solution Architect for Asia Pacific. In this role, Mr. Bussiere assisted organizations in assessing their risk exposure to Distributed Denial of Service attacks. He has advised several regulatory bodies on recommended legislation to protect critical infrastructure against DDoS attacks. Mr. Bussiere is a seasoned technical architect with over 20 years of experience in ICT security, computer networking, and engineering. Mr. Bussiere has a strong background in Research and Development, including both software and hardware engineering.

Mr. Bussiere was a principle in an ICT security consulting firm and provided consulting services to numerous business, academic and government organizations. Activities included developing network security architectures with an emphasis on intrusion detection and prevention techniques, as well as the development of comprehensive organizational security policies. Additionally, Mr. Bussiere was an active contributor to the IEEE P1901 Power Line Communication security architecture and specification. Mr. Bussiere is the holder of five patents related to computer networking. He was also an active participant in the IEEE and IETF working groups.



Abstract: Security Awareness for .Net Developers Design and code carefully can protect today's complicated business application. With the rising of cyber–attacks in recent years, developer security become an important aspects for all software business. If you are .Net developer, this session will show you the tips and tricks of secure your applications, understand security threat, tools and others.

Bio: Walter is the founder for Gain Secure based in Malaysia. The company specialized for providing secure application development and user experience (UX) consultation services to customers. Walter is a Microsoft MVP for developer security. Research on application development security is Walter's personal interest. He also successfully discovered many websites vulnerabilities including some high traffic websites over the past few years. Walter often speaks at technical conferences such as TechDays Hong Kong, TechEd SEA, Security Symposium, TechNet/MSDN, Tech Insights and more.



Abstract: Advance Financial Malware: GameOver Zeus - The art of espionage, data ex-filtration and network disruption GameOver ZeuS (GoZ) is the most sophisticated & the most researched malware to date. Since the released of the 2nd version of the original gruesome ZeuS malware, the new variant so-called “gameover” comes with a different strength and capabilities. It is more resilient, stealthy and deadly. It has cause the lost of millions of dollars and there are no specific methods to stop it. This has forced the FBI to put a bounty head for its creator.

Without any leading leaked source codes on its new capabilities & strength, most leading knowledge on GoZ is based on a 2 years of “assumption” from various threat intelligence's collected share data around the globe. The assumption date were derived from analyzing its network behavior and some reverse-engineered dumped codes since 2013.

This presentation contents will be based on the collaborate data that has been collected by Infoblox's Threat Intelligence group. The focus will be in discussing GoZ capabilities, how to detect & mitigate it.

Bio: Mr Azril is currently a core security researcher with Infoblox's Threat Intelligence Group based in Santa Clara, California USA. He has already worked in information security domain for almost 12 years with interest in computer forensics, PKI, trusted computing, virtualization, secure programming, penetration testing and malware analysis. He has been an active speaker at international industry conferences since 2005. He has authored several technical papers and developed award winning open source software particularly in computer forensics, trusted computing & virtualization. Graduated with 2 degrees in computer science and operation management from the University of Missouri, he also holds information security professional certifications such as GCFA, CEI, ECSP and CEH.



Abstract: An Analysis of Recent Cyber Attacks Over the past year, cyber attacks have gone from being a worst-case scenario for security teams to a real-world certainty. Yet for all the recent investment and focus on cyber security, attackers continue to succeed at stealing or destroying our most valued assets. In this discussion, we will deconstruct recent cyber attacks to see what is working in security and where the industry still has gaps. Then we will go beyond the search for simplistic silver bullets, and propose new models of defense-in-depth that can apply generically to detecting today's most sophisticated attacks. This session will cover: -         An analysis of recent cyber attacks and what they have in common -         Understanding the inherent advantages attackers enjoy today, and how we can turn the tables -         Proposing a repeatable methodology for automating the detection of breaches and APTs

Bio: Ken Too Ken Too is a Technical Director for Datapath Networks Sdn Bhd, focused on solutions using machine learning and data science that provide protection beyond the perimeter. Ken has a long history in security and had been working with HP & CSC. His discussion will deconstruct recent cyber attacks and how they are unfolding globally with a goal to propose repeatable and generic solutions to prevent damage to valuable assets.



https://docs.google.com/forms/d/1UQb-EYR4oXh0qmelrM1SB7Abyj7R4LFdZi_kLtIbU4E/viewform
 * Please register here:

This events will covered by local newspaper and media by



OWASP Meetup Q1 2015
We welcome all the people that have interest to join this mini events and it open to everybody. Meetup with all hacker around Malaysian and Open Discussion with CyberSecurity Malaysia


 * Date : 19 January 2015
 * Avenue: Dewan Seminar, Menara Razak, UTM Jalan Semarak, Kuala Lumpur


 * Schedule
 * Time : 9.00a.m - 1.00p.m


 * Event Program:

9.00a.m - 10.00a.m  - Arrival Participant 10.00a.m - 10.10a.m - Opening Speech by CSM VVIP 10.10a.m - 10.20a.m - Speech by OWASP Malaysia Chapter Leader 10.20a.m - 11.20a.m - Speech By Saharudin Saat - Capturing Web Application Threats Virtual CMS Honeypot 11.20a.m - 12.20p.m - Speech by Sandeep Nain - Introducing Application Security In Your Organization Think Like a Developer 12.20p.m - 1.00p.m  - Social Network 1.00p.m - 2.00p.m   - Refreshment


 * Please register here :

https://docs.google.com/forms/d/1UQb-EYR4oXh0qmelrM1SB7Abyj7R4LFdZi_kLtIbU4E/viewform
 * Required registration at (https://docs.google.com/a/owasp.org/forms/d/1b5I0n2KyvuyqmsNb68PCs-w7mNruWpLXIbY74qVcf2o Click Here])

University Technology Malaysia (Maps)

Facebook Event https://www.facebook.com/events/381598735333730/

Title : Capturing Web Application Threats - Virtual CMS Honeypot by Saharudin Saat

Opensource Content Management System (CMS) is very popular and widely used by web administrators around the world nowadays because of their simplicity for the instant web application solution. Consequently, web applications have increasingly been the focus of attackers because of the unintentional web vulnerabilities that comes from the newly introduced functionality. This project aims at enhancing the level of security for CMS inside the Universiti Teknologi MARA (UiTM) network by providing the most extensive way on developing Virtual CMS Honeypots. The outcome is hoped to ease the web administrators to monitor any kind of computer threats such as hackers, worms and viruses in more comfortable and efficient way. The results also will provide the administrator some form of countermeasures for security purposes and traffic analysis. Using Customize Awstats, Snort, AcidBase and Proxy will provide a Honeypot for a rapidly expandable network and suit for the web administrator especially at UiTM to monitor webserver traffic activity and any latest computer threats.

BIO : Saharudin Saat is a System Administrator at Ministry of Domestic Trade Cooperatives and Consumerism with over 15 years of computer experience. Saharudin's expertise in server technology, network security and cloud computing. He is also a consultant for open source software and cloud computing for some government related agencies.

Winner of the Kaspersky Southeast Asia Cup IT Security for the next generation 2009.Won third place in Malaysian Government Open Source Software Award (MyGOSS) 2012 .Saharudin holds a Degree in Computer Science (Hons) Data Communication and Networking from the Universiti Teknologi MARA Malaysia.



Title: Introducing Application Security in Your Organization - Think Like a Developer by Sandeep Nain

To protect your enterprise from application layer attacks, your application security program needs to be goal-oriented and should be supported by a central team of professionals enabled with the best of the breed technologies; following effective processes. If you are wondering, how you can build such an application security program that effectively leverages secure development methodologies while being scalable and effective for a complex organization, this is the session to attend. In this session Speaker will cover:


 * 1. How to build secure development lifecycle for development teams using modern software development methodologies
 * 2. Challenges of enforcing secure development lifecycle at an enterprise scale
 * 3. Reasons why most application security programmes fail and how we can collaborate with development teams for easier enterprise adoption

BIO : Sandeep Nain is Managing Principal in HP Enterprise Security Products and leads Fortify Solution Consulting Services. In this role, he is responsible for the business growth and delivery of software security solutions for South Pacific and Asia region. Sandeep and his team help customers understand their business requirement for application security programme, assess their current security maturity state, design solutions which fit their need and deliver outcomes that exceed expectations.

Before joining HP, Sandeep was a Managing Partner at Appsecure, an application security specialist firm where he built and led the application security consulting team to provide enterprise grade application security solutions to Australian market. Prior to this, Sandeep held various security consulting positions at Pure Hacking, Fortify, IBM and Accenture. With an IT career spanning over 13 years, Sandeep is an accomplished Application Security Expert. He has worked alongside many high-profile national and international organisations, enabling them to produce secure software. He has extensive experience with enterprise grade software languages, software development frameworks, mobile platforms and security and risk management frameworks which makes him a perfect security advisor to our clients.

Sandeep has been actively involved in industry open source projects such as OWASP (Australia) and is active in the development of papers and initiatives published through the community. Sandeep has presented on application and database security at a number of national and international conferences. Academically, Sandeep holds a Master of Technology degree in Information Technology with specialization in Distributed Computing and several industry certifications including CISSP, CSSLP and CEH.




 * Required

OWASP Meetup Q4 2014

 * Date : 4 November 2014 (Tuesday)
 * Time : 8.00a.m - 1.00p.m
 * Veneu: Dewan Seminar, Menara Razak, UTM, Jalan Semarak

Event Program:

Agenda 8.00a.m - 9.00a.m - Arriving all OWASPrians 9.00a.m - 9.15a.m - Opening Speech By OWASP Malaysia 9.15a.m - 10.15a.m - Opening Ceremony by Prof. Dr. Shamsul bin Sahibuddin (Dean of Advanced Informatics School, UTM) 9.45a.m - 10.15a.m - Social Activity 10.15.a.m - 11.15a.m Tobias Gondrom (OWASP Foundation) 10.15 .m - 10.45a.m - Wann Senn (Regal Paradigm) 1.45a.m - 12.15p.m - Amir Haris Ahmad (Localhost) 12.15p.m - 1.00p.m - Megat Muazzam Abdul Mutalib (CyberSecurity Malaysia) 1.00p.m - Networking & End

This events is FOC to all OWASPrian and Non-OWASPrian

Please Register and confirm your attendant here:

https://docs.google.com/forms/d/1J05m6wonvb6BYvAgK90JXN40PFkIWLX1XqR-dXlKs64/viewform

Our Speaker:

OWASP Meetup Q1 2014
C-3A-03, Block c, Level 3A, Phileo Damansara 1, No. 9, Jalan 16/11 off Jalan Damansara, 46350,Petaling Jaya, Selangor, Malaysia.
 * Date : 17 March 2014 (Monday)
 * Time : 10.00a.m - 12.00p.m
 * Venue: Nexperts Academy Sdn Bhd
 * [[Image:nexpert.png]]

Event Program:

9.30a.m - 10.00a.m - Arrival Participant 10.00a.m - 10.10a.m - Opening Speech by OWASP Malaysia Chapter Leader 9.10a.m - 9.20a.m - Speech by Mr. Aatif Khan (Hack Defense) 9.20.a.m - 12.00a.m - Web Security 2.0 Threat - Aatif Khan - Hacking Windows 7/8 wit USB - Aatif Khan 12.50p.m - 1.00p.m - Social Network

BIO: Aatif Khan



Speaker Profile: Aatif Khan, Application Security Evangelist, has delivered highly technical security training for conferences, universities, and corporate clients like Bank of America, Verizon,Amazon, Google, Yahoo, etc. to excellent reviews. He is also one of the main founding member of HDCRB (Hack Defense Certification Review Board). Aatif consults for application security, and is having specialization in security assessments/penetration testing, infosec training's, and reverse engineering/malware analysis. Apart from his stupendous exposure in application security consulting from several years, he has also worked with Defense Personnel, Cyber Crime Police Officials and has also delivered over more than 2000 hours of Information Security training to IT Security Professional's & Government Agencies. He has authored Books entitled "Ethical Hacking", "Advance Penetration Testing", "Backtrack Starter Manual" published by Packt Publications, UK. He is popularly known for designing the most advance course on "Advance Penetration Testing" with his Lab Book & Lab Exam, and has received stupendous feedback from top notch security experts. You can find more about him here - facebook.com/thenapsterkhan

Please register here :

https://docs.google.com/a/bio-xcell.my/forms/d/1kpxanFk4SeM5bwB9PbBdpKj1ZT9LWVxbpBqZowcGuSo/viewform

OWASP Meetup Q2 2013

 * Date : 16 July 2013 (Tuesday)
 * Time : 9.00a.m - 1.00p.m
 * Venue: IMATEC, INTAN, Bukit Kiara
 * [[Image:INTAN.gif|300x200px]]

Event Program:

8.30a.m - 9.00a.m - Arrival Participant 9.00a.m - 9.10a.m - Opening Speech by INTAN VVIP 9.10a.m - 9.20a.m - Speech by OWASP Malaysia Chapter Leader 9.20.a.m - 10.20a.m - Speech By Tobias Gordon - CISO for Manager 10.20a.m - 10.35a.m - Rest 10.35a.m - 10.50a.m - Talk by INTAN (TBA) 10.50a.m - 11.50a.m - Speech by Drew William - Governance, Risk and Compliance 11.50a.m - 12.50a.m - Speech By Tobias Gordon - Secure Coding 12.50p.m - 1.00p.m - Social Network

BIO: Tobias Gondrom



"Tobias Gondrom is CEO at Thames Stanley, a boutique Global CISO and Information Security & Risk Management Advisory based in Hong Kong, United Kingdom and Germany.

He has 15 yrs of experience in software development, application security, cryptography, electronic signatures and global standardization organizations working for independent software vendors and large global corporations in the financial, technology and government sector.

Over the years, he has trained and advised dozens of CISOs and senior information security leaders around the globe. Since 2003 he is the chair of working groups of the IETF (www.ietf.org), a member of the IETF security directorate, and since 2010 chair of the web security WG at the IETF. He has been in a number of project and chapter leadership roles for OWASP since 2007. Currently, he is a board member of the OWASP London and the CSA Hong Kong and Macau chapters and leads the OWASP CISO Report and Survey project. He is an ISC2 CSSLP and CISSP Instructor. Tobias has authored the Internet standards RFC 4998 and RFC 6283, also co-authored the books „Secure Electronic Archiving“ and the OWASP CISO Guide and is a frequent presenter at conferences and publication of articles (e.g. AppSec, IETF, ISSE, ...).

BIO: Drew Williams



Drew Williams has a pedigree in information management and security that began more than 30 years ago while serving as a journalist and public affairs liaison in the U.S. Navy, participating in key military missions that included the U.S. counter-deterrent against the Soviet invasion of Afghanistan in 1979, and the attempted hostage rescue operation in Tehran in 1980.

On matters of State, Drew served on the President’s Partnership for Critical Infrastructure Security (a precursor to the Department of Homeland Security), and was one of a handful of original drafters of the 1996 Health Information Portability and Accountability Act (HIPAA) Security Policy guidelines for the U.S. government, the 1998 Common Vulnerabilities Enumeration (CVE) reporting model for how viruses and security risks are reported, and was a founding member of the Intrusion Detection Consortium (1999), and worked on the early stages of Common Criteria parameters for infosec product development. In 2004, Drew established the Center for Policy and Compliance for Configuresoft/VM-Ware, and lectures annually in Southeast Asia on IT security trends and best practices, and was named by a security consortium in Australia as “One of the top 20 most influential people in IT security in the Pacific” in 2010.

Please register here :

https://docs.google.com/a/owasp.org/forms/d/1KvFM22I3PkMaG087vNgB6m-DHHfOZyR3VRXgkexYxHY/viewform

OWASP Meetup Q1 2013
We welcome all the people that have interest to join this mini events and it open to everybody. Meetup with all hacker around Malaysian and Open Discussion with CyberSecurity Malaysia


 * Date : 3 April 2013
 * Avenue: Theater Room, Level 7, Bangunan Sapura@Mines, Seri Kembangan, Selangor
 * Schedule

12.30p.m - Lunch (Provided by CSM) 1.00p.m - Registration 2.00p.m - Opening Speech by CSM VVIP 2.10p.m - Welcome Remark by Mohd Fazli Azran (OWASP Malaysia) 2.20p.m - Speech by MyCERT - Activity Hacking & Report 2012 2.45p.m - Speech by Jim Manico - Top 10 Web Security Defense 3.45p.m - Tea Break 4.10p.m - Q&A with the presenter (MyCERT, Jim & OWASP) 4.45p.m - Social Network 5.00p.m - Dismiss


 * Required registration at (https://docs.google.com/a/owasp.org/forms/d/1jS_17ppypXiX3fEtScjWimktGy4eBx0EdsyQoJ-H7h0/viewform?pli=1 Click Here])

CyberSecurity Malaysia (Maps)

Facebook Event https://www.facebook.com/events/575425859134709/

Title: Top Ten Web Security Defenses

We cannot “firewall” or “patch” our way to secure websites. In the past, security professionals thought firewalls, Secure Sockets Layer (SSL), patching, and privacy policies were enough. Today, however, these methods are outdated and ineffective, as attacks on prominent, well-protected websites are occurring every day. Citigroup, PBS, Sega, Nintendo, Gawker, AT&T, the CIA, the US Senate, NASA, Nasdaq, the NYSE, Zynga, and thousands of others have something in common – all have had websites compromised in the last year. No company or industry is immune. Programmers need to learn to build websites differently. This talk will review the top coding techniques developers need to master in order to build a low-risk, high-security web application.



BIO: Jim Manico is the VP of Security Architecture for WhiteHat Security, a web security firm. He authors and delivers developer security awareness training for WhiteHat Security and has a background as a software developer and architect. Jim is also a global board member for the OWASP foundation. He manages and participates in several OWASP projects, including the OWASP cheat sheet series and the OWASP podcast series.


 * Required

OWASP Meetup Q2 2013
We welcome all the people that have interest to join this mini events and it open to everybody. Meetup with all hacker around Malaysian and Open Discussion with CyberSecurity Malaysia


 * Date : 3 April 2013
 * Avenue: Theater Room, Level 7, Bangunan Sapura@Mines, Seri Kembangan, Selangor
 * Schedule

12.30p.m - Lunch (Provided by CSM) 1.00p.m - Registration 2.00p.m - Opening Speech by CSM VVIP 2.10p.m - Welcome Remark by Mohd Fazli Azran (OWASP Malaysia) 2.20p.m - Speech by MyCERT - Activity Hacking & Report 2012 2.45p.m - Speech by Jim Manico - Top 10 Web Security Defense 3.45p.m - Tea Break 4.10p.m - Q&A with the presenter (MyCERT, Jim & OWASP) 4.45p.m - Social Network 5.00p.m - Dismiss


 * Required registration at (https://docs.google.com/a/owasp.org/forms/d/1jS_17ppypXiX3fEtScjWimktGy4eBx0EdsyQoJ-H7h0/viewform?pli=1 Click Here])

CyberSecurity Malaysia (Maps)

Facebook Event https://www.facebook.com/events/575425859134709/

Title: Top Ten Web Security Defenses

We cannot “firewall” or “patch” our way to secure websites. In the past, security professionals thought firewalls, Secure Sockets Layer (SSL), patching, and privacy policies were enough. Today, however, these methods are outdated and ineffective, as attacks on prominent, well-protected websites are occurring every day. Citigroup, PBS, Sega, Nintendo, Gawker, AT&T, the CIA, the US Senate, NASA, Nasdaq, the NYSE, Zynga, and thousands of others have something in common – all have had websites compromised in the last year. No company or industry is immune. Programmers need to learn to build websites differently. This talk will review the top coding techniques developers need to master in order to build a low-risk, high-security web application.



BIO: Jim Manico is the VP of Security Architecture for WhiteHat Security, a web security firm. He authors and delivers developer security awareness training for WhiteHat Security and has a background as a software developer and architect. Jim is also a global board member for the OWASP foundation. He manages and participates in several OWASP projects, including the OWASP cheat sheet series and the OWASP podcast series.


 * Required

Computer Security Day 2011
We welcome all the people that have interest to join the mini events and it open to everybody. Meetup with all hacker around Malaysian and Open Discussion with CyberSecurity Malaysia


 * Date : 30 November 2011
 * Avenue: Theater Room, Level 7, Bangunan Sapura@Mines, Seri Kembangan, Selangor
 * Schedule

1.00p.m - 2.00p.m  - Registration (Lunch Provided) 2.00p.m - Arrival Lt Col. (R) Prof Dato' Husin Bin Jazri 2.05p.m - Opening Speech by MC 2.10p.m - Doa 2.15p.m - Opening Speech by Mohd Fazli Azran (OWASP Malaysia) 2.20p.m - Introduction by the participant 2.50p.m - Presentation about CSM & activity CSM for 2012-2013 - Corporate Video - MyCERT Introduction by Adli Wahid Vice President Responsive Service CSM Dialogue 3.15p.m - Speech by CEO CyberSecurity Malaysia Lt Col. (R) Prof Dato' Husin Bin Jazri 3.40p.m - Q & A session 4.20p.m - Tea Break and Networking 4.50p.m - Dismiss


 * Required registration at (Click Here)

CyberSecurity Malaysia (Maps)

Facebook Event https://www.facebook.com/events/147779481990578/
 * Required

AMDI-USM OSS Day 2010

 * Date : 23 December 2010 Thurday
 * Time : 8.00a.m - 5.00p.m
 * Avenue : Hotel Seri Malaysia, Kepala Batas, Pulau Pinang Malaysia

AMDI USM OSS DAY will show a variety of interactive mix of activities that consistent with the objective to promote and bring awareness about Open Source Software in general:

Seminar: 9 talks related to the awareness of Open Source will be held consisting of activists, consumers, application developers or experienced specialists who also come from the Open Source industry itself.

Demonstration: as with any conference, AMDI USM OSS DAY will be holding a demonstration open to visitors who present at the event square. The demonstration is consist by activists, community and society where will provide an opportunity for visitors to know and see more closely what is open source and proprietary technology. We also promote activities in the demonstration area to enliven the program.

To register please click at here AMDI-USM (AMDI-USM OSS Day 2010)

OWASP 4th Meeting Malaysia Chapter

 * Date : 23 November 2010 Tuesday
 * Time : 2.00p.m - 5.00p.m
 * Avenue : Malaysian Computer Emergency Response Team (MyCERT), CyberSecurity Malaysia, Level 7, SAPURA@MINES, Jln Tasik, Mines Resort City, Seri Kembangan, Selangor


 * Agenda

2.00 : Arrival participant 2.10 : Offensive Security - Muhammad Muslim Mansor 3.40 : Web Application Firewalls: What are we really getting into? - Alex Tan 5.10 : Refreshment


 * Web : www.owasp.my
 * Twitter : @owaspmy #owaspmy
 * Facebook : http://www.facebook.com/OWASP.Malaysia to RSVP

OWASP 3rd Meeting Malaysia Chapter

 * Date : 19 October 2010 Tuesday
 * Time : 2.00p.m - 5.00p.m
 * Avenue : Malaysian Computer Emergency Response Team (MyCERT), CyberSecurity Malaysia, Level 7, SAPURA@MINES, Jln Tasik, Mines Resort City, Seri Kembangan, Selangor


 * Agenda

2.00 : Arrival participant 3.00 : Opening Speech 3.05 : Brian Ritchie - Topic TBA 4.05 : Adnan Mohd Syukor - Topic TBA 5.05 : Refreshment


 * Web : www.owasp.my
 * Twitter : @owaspmy #owaspmy
 * Facebook : http://www.facebook.com/OWASP.Malaysia to RSVP

OWASP 2nd Meeting Malaysia Chapter

 * Date : 15 May 2010 Saturday
 * Time : 3.00p.m - 5.00p.m
 * Avenue : City University College Of Science Technology (CUCST)

Map: City University

Topic :

1) Outbound Monitoring - the Forgotten Child in Infosec (1 hour)     2) Introduction to the new and highly lethal HTTP DDOS attack technique.(1 hour)

Registration Fee : FOC

Parking Fee : FOC (More Parking)

Registration : http://www.facebook.com/event.php?eid=123844360964411&amp;index=1

Speaker : Wong Onn Chee Background :

Wong Onn Chee : Chief Tehnology Office, Resolvo System, Singapore



Onn Chee is currently working as the Chief Technology Officer in Resolvo Systems, a leading information leakage expert in Asia. He has led numerous large-scale projects, primarily in the government and defence sectors. His areas of expertise include information leakage protection, web security and security strategy. Onn Chee is a founding member and the first Vice-President of the Information Systems Security Association (ISSA), Singapore Chapter, the largest international, not-for-profit association for security professionals. He was also a former member of the Center of Internet Security (US) which provides well-recognised security benchmarks for various systems which are commonly used by US Federal Government and private organisations. Onn Chee is also the current Singapore chapter lead of Open Web Application Security Project (OWASP) which publishes the widely respected OWASP Top 10 web vulnerabilities. Other than being a information security professional, Onn Chee is also trained in BS 7799/ISO 17799, ISO 9000 and ITIL. He is also a certified Project Management Professional (PMP) and certified PRINCE2 Practitioner. In 2007, Onn Chee was appointed as the President of International Association of Software Architect (IASA), Singapore Chapter.

For more detail please contact: Mobile : 013-2048672 Email : fazli@owasp.org

OWASP 1st Official Meeting Malaysia Chapter

 * Date : 31 March 2010 Wednesday
 * Time : 2.30p.m - 5.00p.m
 * Avenue : CyberSecurity Malaysia (Sapura Building), Level 7, Jln Tasik, Mines Resort City, Seri Kembangan, Selangor


 * Agenda

2.30 : Arrival participant 3.00 : Opening Speech 3.15 : Introduction of OWASP 3.30 : Introduction of CyberSecurity Malaysia, Summary Report and Incident of Web in Malaysia 4.00 : Meeting Start - Chair Meeting : OWASP Malaysia Chapter Leader :                Comittee Members - CyberSecurity Malaysia, MySecurity Community


 * OWASP Board Of Members election.

BOM - University Representative BOM - Government Representative BOM - Community Representative BOM - Security Professional Representative BOM - Private Sector Representative


 * OWASP activities

1) Workshop 2) Events


 * Register Here : It FOC this is meeting not Workshop/Training/Seminar

http://www.facebook.com/event.php?eid=357732261091&amp;index=1

=Conference=

OWASP Day KL 2011 (OWASP Day KL 2011) 20-21 September 2011
=Workshop= ==Bengkel Asas Keselamatan 2015 (Bengkel Asas Keselamatan Server Dari Ancaman Penggodam 2015) 21 September 2015==

=Supporter=

Community
=Sponsors=

=Members=

Here our Official OWASP Members list 2016:

 * 1) Adli Wahid
 * 2) Lim Soo Kok
 * 3) Gurdip Singh
 * 4) Rajivarnan Raveendradasan
 * 5) Krishna Rajagopal
 * 6) Mohd Rahim Muhamad
 * 7) Mohd Hanafiah
 * 8) Norazlan Norden
 * 9) Shazil Imri Mohd Hizam
 * 10) Khairul Marjan
 * 11) Zulazly Khalid
 * 12) Mohamad Hamizi Jamaludin
 * 13) Mohamed Ashraf Husni Zai
 * 14) Anthony Hing Kheong
 * 15) Hidzuan Hashim
 * 16) Razif Hashim
 * 17) Wati Darma
 * 18) Matlan Dahari
 * 19) Ahmad Aizuddin Aizat Tajul Arif
 * 20) Amir Osman
 * 21) Muhammad Zuhair Abd Rahman
 * 22) Norzaidi Baharudin
 * 23) Mohd Sufian Ahmad
 * 24) Azlina Ahmad
 * 25) Raihan Ahmad
 * 26) Ahmad Amran Ahmad
 * 27) Mohammad Zahir Mat Salleh
 * 28) Mohd Khairuddin Che Ibrahim
 * 29) Muhammad Najmi Ahmad Zabidi
 * 30) Sofian Akasah
 * 31) Mohd Shahril Hussin

Here our Official OWASP Members list 2015:

 * 1) Mohd Azri Abdullah
 * 2) Ahmad Amran Ahmad
 * 3) Mohd Sufian Ahmad
 * 4) Norzaidi Baharudin
 * 5) Ahmad Aizuddin Aizat Tajul Arif
 * 6) Arif Fahmi Fisal
 * 7) Ab Malek Idris
 * 8) Mohamad Hamizi Jamaludin
 * 9) Chien Shing Kuan
 * 10) Shaifullnizam Mohamad
 * 11) Simon Lim
 * 12) Charles Loh
 * 13) Shazil Imri Mohd Hizam
 * 14) Mohd Firdaus Ramlan
 * 15) Bharanidharan Shanmugam
 * 16) Kam Yim Siew
 * 17) James Tan
 * 18) Choong Tan Fook
 * 19) Adli Wahid
 * 20) Kiang Chong Yong
 * 21) Lillian Nasharitah Boney Abdullah
 * 22) Hidzuan Hashim
 * 23) Neo Wong Wei Zhen
 * 24) Harisfazillah Jamel
 * 25) Yong Kiang Chong
 * 26) Kamal Tam
 * 27) Jalani Sidek
 * 28) Hafidz Nasruddin
 * 29) Tajul Azhar Mohd Tajul Ariffin
 * 30) Mohammed Mirza
 * 31) Hafiz Ismail

Here our Official OWASP Members list 2014:

 * 1) James Tan
 * 2) Mohd Syazwan Mohd Shafie
 * 3) Willie Poh
 * 4) Bharanidharan Shanmugam
 * 5) Shaiffulnizam Mohamad
 * 6) Fakrul Adli Mohd Zaki
 * 7) Hidzuan Hashim
 * 8) Kenneth Lau
 * 9) Adzmely Mansor
 * 10) Amir Osman
 * 11) Ahmad Kiambang
 * 12) Mohammed Mirza
 * 13) Samad Mayang
 * 14) Rahmat Tuah
 * 15) Sabariah Kesuma
 * 16) Mohd Som
 * 17) Kamal Tam
 * 18) Razif Hashim
 * 19) Mohd Rahim
 * 20) Hafiz Ratnasari
 * 21) Jalani Sidek
 * 22) Choong Tan Fook
 * 23) Matlan Dahari
 * 24) Yew Seng Ong
 * 25) Mokhtar Azman Mohamed
 * 26) Wati Darma
 * 27) Khairul Marjan
 * 28) Ling Koh Yew
 * 29) Lim Soo Kok
 * 30) Chuan Kian Tan
 * 31) Anthony Hing Kheong
 * 32) Kiang Chong Yong
 * 33) Adli Wahid
 * 34) Norzaidi Baharudin