1st Web Security Days OWASP Turkey
1st Web Security Days - July 14 (Turkey 2007)
First of the Web Security Days has been realized by Owasp-Turkey chapter on 14th of July 2007 in İstanbul. With a ~70 registered attendees, it was great to have a pack of web security oriented people for a five hours of mostly technical presentations.
Dinis Cruz (Chief OWASP Evangelist) actively participating with his two presentations, attendees had the chance of capturing a first hand understanding of OWASP’s general structure, projects, the current state, in short, the spirit. Moreover, Dinis also presented a general view of an application audit by combining the best of two worlds; black box testing and source code review. Both of the presentations are humbly translated into Turkish onsite.
Ferruh Mavituna has launched his fresh new testing/attacking tool on what he dubbed as “XSS Tunnelling” vowing the audience. Bunyamin Demir has provided a general overview of modsecurity WAF module of Apache with practical attack and prevention steps. Bedirhan Urgun has demoed an attack vector (cache poisoning) by using HRS, backed up with a master/zombie scenerio implemented on Attack API. Finally, Omur Camci has demonstrated fundamental Java security functionalities such as creating partial trust policies and signing jar files.
We’d like to thank our sponsors; Gelisim Platformu and Pro-G Security.
Encouraged with this one, we hope next meeting (could it be 6th September with Owasp Live…) will be more fluent, beneficial and definitely crowded.
Thanks again to all participated.
Last but not the least, presentation materials will be available soon and links to those materials (ppt, videos and papers) will be published here.
Saturday 14 July 2007
Address to the meeting are:
Gelisim Platformu - Gayrettepe 80310 Istanbul - Turkey
|11:00-11:05||Registration and Opening - OWASP-Turkey|
|11:05-12:00||OWASP World (tools, documents, projects,etc..) - Dinis Cruz (Chief Evangelist)|
|12:10-12:30||HTTP Response Splitting, Demo (Web Cache Poisoning and a little more) - Bedirhan Urgun|
|13:45-14:25||XSS Tunnelling - Ferruh Mavituna|
|14:35-15:00||Web Application Security With ModSecurity - Bunyamin Demir|
|15:10-16:50||Security Practices In Java - GP Bilisim Kulubu|
|16:10-16:50||Live Demo Of An Web Application Security Review (And Source Code Analysis) - Dinis Cruz|
|17:00-17:45||Q&A and What can we do for OWASP?|
|17:45-18:00||Closing - OWASP-Turkey|
The event was sponsored by Gelisim Platformu and Pro-G