Jump to: navigation, search


3 May 2013 12:00 - 14:00 (Please RSVP to


ANZ, 833 Collins St, Docklands, Melbourne VIC 3008

Room Location: Core C

Please ask about OWASP at reception and they will direct you to the room (room: Core C).

The easiest way to get there is to hop on the tram number 48 or 11, on Collins St and go right to the end of Collins. Alternatively, walk down Collins St this is a walking distance . This will be the last stop.

Speaker One

Jim Manico (All the way from the Hawaii doing the OZ circuit)

First Topic

Top Ten Web Defenses

We cannot “firewall” or “patch” our way to secure websites. In the past, security professionals thought firewalls, Secure Sockets Layer (SSL), patching, and privacy policies were enough. Today, however, these methods are outdated and ineffective, as attacks on prominent, well-protected websites are occurring every day. Citigroup, PBS, Sega, Nintendo, Gawker, AT&T, the CIA, the US Senate, NASA, Nasdaq, the NYSE, Zynga, and thousands of others have something in common – all have had websites compromised in the last year. No company or industry is immune. Programmers need to learn to build websites differently. This talk will review the top coding techniques developers need to master in order to build a low-risk, high-security web application.

About the speaker

Jim Manico is the VP of Security Architecture for WhiteHat Security. Jim is also a global board member of OWASP, is the host of the OWASP Podcast Series, is the committee chair of the OWASP Connections Committee, is the project manager of the OWASP Cheatsheet series, and is a significant contributor to several additional OWASP projects. Jim provides secure coding and developer awareness training for WhiteHat Security using his 8+ years of experience delivering developer-training courses for SANS, Aspect Security and others. He brings 16 years of database-driven Web software development and analysis experience to WhiteHat and OWASP as well. Jim works on the beautiful island of Kauai, Hawaii where he lives with his wife Tracey.

Speaker Two

Eldar Marcussen

Second Topic

Hiding Apache backdoors

A while back I wrote a stealth backdoor for Apache, trying to avoid several types of detection (AV, IDS, etc.) and leave at little forensic evidence as possible. The end result was a very stealthy backdoor and this presentation covers the techniques that were used to achieve this.

About the speaker

Eldar Marcussen is a Principal Consultant with BAE Systems Detica. In his spare time he’s a dad and sometimes write open source security tools.

Hope to see you all there to enjoy the presentation and some refreshments but only if you RSVP! :)

OWASP Melbourne :)