Cork

From OWASP
Jump to: navigation, search

OWASP Cork

Welcome to the Cork chapter homepage. Owasp logo ireland small.jpg
Click here to join the local chapter mailing list.

Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is and open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

Btn donate SM.gif to this chapter or become a local chapter supporter.

Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG

Becoming a chapter sponsor means that you get your organisation mentioned in meeting promotion (including on this page), recognition at the beginning of the meeting and promotional material at the meeting.
We currently have the following sponsorship options available:
€250 for an individual meeting sponsorship
€1500 for annual chapter sponsorship
Contact any of the board members below for more information.


OWASP Cork Board

Should you have a question about the local chapter, would like to get more involved contact any of the following people below

Chapter Leads:

Details and registration for all chapter meetingsis available on our Meet-Up page: http://www.meetup.com/OWASP-Cork/

Chapter Meetings - 2015

Cork Security Event - Mach 24

Amalgamating IT Security Best Practices Within an Organisation

On March 24th we held a joing security event with CorkSec, ISACA, and (ISC)2. Slides from the talks are available here:
Securing Innovation
The Weakest Link


Chapter meetings are provided free of charge although OWASP membership is encouraged and besides supporting the organisation, will provide the holder with benefits in other areas such as free/discounted entry to conferences, etc.

Chapter Meetings - 2014

Details and registration for all chapter meetingsis available on our Meet-Up page: http://www.meetup.com/OWASP-Cork/

OWASP December Event

Chapter Meeting - December 11 2014
When Where
Thursday 11 December 2014

Doors: 19:00
Talks start: 19:15
Venue Location: UCC, Western Gateway Building, Room G04

Venue Address: Western Road, Cork
Venue Map: Google Maps
(Registration. Register here)

DESCRIPTION

The next OWASP Cork Chapter meeting is taking place on Thursday December 11th in UCC (Western Gateway Building, WGB G04) at 7PM.

Hope to see you there. There are two talks lined up:

Talk 1: Eoin Carroll - Android Webview Exploitation

Bio:

Eoin Carroll is an IT Security Engineer and member of OWASP since 2009. Based in Cork and works on all things security with keen interests in the Android Stack, Threat Modeling, HTML5, Cryptanalysis, Reversing and Exploitation.

Eoin has 13 years’ experience spanning across the IT, Semi-Conductor and Medical Device industries, working as an Electronic Engineer for 10 yrs and in Security for the last 3 years.

Android Webview Exploitation

This talk will focus on the AddJavascriptInterface which is remotely exploitable leading to Shell and Cross Application Scripting (XAS). Eoin will discuss the importance of Threat Modeling with cross platform development frameworks such as Phonegap/Cordova as well as security tools such as Drozer and AFE (Android Exploitation Framework).

The session will finish with a MITM demo exploiting the AddJavascriptInterface.

Slides are available here: OWASP Android Webview Explotiation


Talk 2: Eoin Keary & Rahim Jina - 2014 EdgeScan Vulnerability Stats Report

Eoin Keary - BCC Risk Advisory / OWASP

Eoin is international board member and vice chair of OWASP, The Open Web Application Security Project (owasp.org), and during his time in OWASP he has lead the OWASP Testing and Security Code Review Guides and also contributed to OWASP SAMM, and the OWASP Cheat Sheet Series. Eoin is a well-known technical leader in industry in the area of software security and penetration testing, and has led global security engagements for some of the world's largest financial services and consumer products companies. He was a senior manager, responsible for penetration testing in EMEA for a “big 4” professional services firm for 4.5 years. He is the CTO and founder of BCC Risk Advisory Ltd (bccriskadvisory.com) an Irish company who specialise in secure application development, advisory, penetration testing, Mobile & Cloud security and training. Eoin has delivered security training and talks for OWASP to over 600 developers in the past year including events such as RSA (2013), RSA Europe, OWASP EU (2013), OWASP Dublin 2013.

Rahim Jina - BCC Risk Advisory / OWASP

Rahim is a member of OWASP and has contributed to many open source security projects over the past 8 years such as the OWASP Testing and Security Code Review Guides and also OWASP SAMM. Previously Rahim was a senior consultant at a “big 4” professional services for and the head of security for a large VoIP/IPT company in Los Angeles, USA and now works as the Director of information security for BCC Risk Advisory (bccriskadvisory.com). His is also responsible for the security architecture of the edgescan.com vulnerability management solution.


We will go along to the Woolshed bar for some drinks and chats after the talk: (http://www.woolshedbaa.com/cork/)


Chapter meetings are provided free of charge although OWASP membership is encouraged and besides supporting the organisation, will provide the holder with benefits in other areas such as free/discounted entry to conferences, etc.

OWASP September Event

Chapter Meeting - September 22 2014
When Where
Monday 22nd September

Doors: 19:00
Talks start: 19:15
Venue Location: UCC (WGB G.14)

Venue Address: Western Gateway Building, UCC, Western Rd, Cork, Ireland
Venue Map: Google Maps
(Registration. Register here)

DESCRIPTION

The next OWASP Cork Chapter meeting is taking place on Monday September 22nd in UCC (WGB G.14) at 7PM.

We would like to treat all attendees to some beer and pizza after the talks in the Woolshed bar (Mardyke - http://www.woolshedbaa.com/cork/)

Hope to see you there.

There are two talks lined up:

Talk 1: Introduction to OWASP ZAP

Overview of the OWASP ZAP tool.

The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.

It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing.

ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.


Talk 2: Mark Denihan - OWASP Security Shepherd

The OWASP Security Shepherd project has been designed and implemented with the aim of fostering and improving security awareness among a varied skill set demographic. Shepherd covers the OWASP Top Ten web app risks and has recently been injected with totally new content to cover the OWASP Top Ten Mobile risks as well. Many of these levels include insufficient mitigations and protections to these risks, such as blacklist filters, atrocious encoding schemes, barbaric security mechanisms and poor security configuration. The modules have been crafted to provide not only a challenge for a security novice, but security professionals as well. In this presentation we're going to look at the Shepherd platform itself from both a learning and teaching perspective. Some of Shepherd's lessons and challenges will be demonstrated and we'll also walkthrough how easy it is to stand up a Security Shepherd instance and how it can be tailored to suit any web/mobile app sec teaching environments.


Chapter meetings are provided free of charge although OWASP membership is encouraged and besides supporting the organisation, will provide the holder with benefits in other areas such as free/discounted entry to conferences, etc.

OWASP September Event

Chapter Meeting - Joint event with CorkSec
When Where
Tuesday 2nd September

Doors: 19:00
Talks start: 19:15
Venue Location: SoHo

Venue Address: Grand Parade, Cork, Ireland
Venue Map: Google Maps
(Registration. Register here)

DESCRIPTION

The first OWASP Cork Chapter meeting is taking place on Tuesday September 1st upstairs in SoHo bar on Grand Parade. This meeting is a joint event with the CorkSec group (http://www.meetup.com/CorkSec/). We would love if you could stay around after for a chat and some networking.

There are two talks lined up:

Talk 1: Web to Shell by Darren Fitzpatrick

Darren will introduce the concept of getting a shell through a website. This basically means remotely taking over the server on which a web application is installed. After a little theory, he will go about delivering demonstrations of this in action. Demos will include common attack vectors of this type and one recent and quite common ruby on rails specific remote exploit.


Talk 2: How I got into Security by Jack Baylor

In this short talk I'll be covering:

  • my education and previous work experience
  • what courses I wish I'd covered but didn't
  • how I got interested initially
  • how I started researching and networking
  • how I came about working in Qualcomm
  • how some others broke into security (through polling others here and through talking to people on LinkedIn etc...),
  • what courses I intend to take in the next 1, 2 and 5 years

Everyone is welcome to join us at our chapter meetings.

Other OWASP Chapters in Ireland

OWASP Dublin

https://www.owasp.org/index.php/Ireland-Dublin


OWASP Limerick

https://www.owasp.org/index.php/Limerick