OWASP Albuquerque
Welcome
OWASP Albuquerque is for anyone here in town to discuss software security topics. We have a couple discussion ideas in mind, but we are also eager to hear what you would like to talk about too!
Next Event: Basics of SQL injection
Monday, November 27, 2023, at 4 pm
UNM Centennial Library, DEN2
UNM student Franklin Pezzuti Dyer will discuss the basics of how databases might be used for web applications, how a web app can manipulate a database using SQL, and how this can leave an app open for attack if SQL commands are handled unsafely. The meeting will consist of a short introductory talk, followed by a lab session consisting of SQL injection exercises on deliberately vulnerable websites hosted by Portswigger.
If you would like to participate in the lab session, please come prepared with a Portswigger account, and a proxy of your choice installed. You will need this to capture, examine and modify HTTP packets. You could use Burp Suite (software by Portswigger, recommended) or an open-source alternative like mitmproxy.
Our space is limited to 16 people, so please RSVP to [email protected].
Agenda:
- Say Howdy
- Featured presentation “Basics of SQL injection”
- Pitch ideas and recruit volunteers for future presentations
Centennial Science and Engineering Library
Centennial Library is located on the University of New Mexico campus, near the corner of University Blvd. and Central Ave.
Public parking is across the stree on University Blvd. Street parking is available south of Central Ave.
The entrance is a small building that leads you underground.
A valid government-issued or student picture ID is required to enter the Centennial Science and Engineering Library. Have your photo ID ready to show at the downstairs turnstile.
Example
Put whatever you like here: news, screenshots, features, supporters, or remove this file and don’t use tabs at all.
Thursday, October 26, 2023, at 4 pm
Breaking into websites using misconfigurations
UNM Centennial Library, DEN2
Security research student Alex Adams will give a presentation about exploiting misconfigurations of the Google Authentication Toolkit in the wild. Learn about the Google Identity Toolkit API and common ways you might find it misconfigured. This talk will discuss some methods to spot issues with websites in general, common tools used by hackers for web penetration, and then go into a specific example of gaining unauthorized access to a website.
Agenda:
- Meet and greet
- Featured presentation “Breaking into websites using misconfigurations”
- Pitch ideas and recruit volunteers for future presentations
Wednesday, August 30, 2023, 3 pm - 6 pm
UNM Centennial Library, DEN2
Agenda:
- Get to know each other
- Pitch ideas for future meetings
- We may have a future talk about network security.
- Meeting time should be later, starting around 5 or 5:30.
- Informal presentation and discussion about code injection attacks at 4 pm. If you have thoughts or experience in this area, please come and share!
- Putting up with input (A03:2021 - Injection)
- Demo of SQL injection and reflected XSS using MAMP