1st Web Security Days OWASP Turkey

From OWASP
Revision as of 04:21, 17 July 2007 by Bunyamin (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

1st Web Security Days - July 14 (Turkey 2007)

First of the Web Security Days has been realized by Owasp-Turkey chapter on 14th of July 2007 in İstanbul. With a ~70 registered attendees, it was great to have a pack of web security oriented people for a five hours of mostly technical presentations.

Dinis Cruz (Chief OWASP Evangelist) actively participating with his two presentations, attendees had the chance of capturing a first hand understanding of OWASP’s general structure, projects, the current state, in short, the spirit. Moreover, Dinis also presented a general view of an application audit by combining the best of two worlds; black box testing and source code review. Both of the presentations are humbly translated into Turkish onsite.

Ferruh Mavituna has launched his fresh new testing/attacking tool on what he dubbed as “XSS Tunnelling” vowing the audience. Bunyamin Demir has provided a general overview of modsecurity WAF module of Apache with practical attack and prevention steps. Bedirhan Urgun has demoed an attack vector (cache poisoning) by using HRS, backed up with a master/zombie scenerio implemented on Attack API. Finally, Omur Camci has demonstrated fundamental Java security functionalities such as creating partial trust policies and signing jar files.

We’d like to thank our sponsors; Gelisim Platformu and Pro-G Security.

Encouraged with this one, we hope next meeting (could it be 6th September with Owasp Live…) will be more fluent, beneficial and definitely crowded.

Thanks again to all participated.

Last but not the least, presentation materials will be available soon and links to those materials (ppt, videos and papers) will be published here.


OWASP-Turkey chapter

Agenda

Saturday 14 July 2007
Time: 11:00-18:00

Address to the meeting are:

Gelisim Platformu - Gayrettepe 80310 Istanbul - Turkey

Agenda
11:00-11:05 Registration and Opening - OWASP-Turkey
11:05-12:00 OWASP World (tools, documents, projects,etc..) - Dinis Cruz (Chief Evangelist)
12:10-12:30 HTTP Response Splitting, Demo (Web Cache Poisoning and a little more) - Bedirhan Urgun
12:30-13:45 Lunch
13:45-14:25 XSS Tunnelling - Ferruh Mavituna
14:35-15:00 Web Application Security With ModSecurity - Bunyamin Demir
15:10-16:50 Security Practices In Java - GP Bilisim Kulubu
16:50-16:10 Break
16:10-16:50 Live Demo Of An Web Application Security Review (And Source Code Analysis) - Dinis Cruz
17:00-17:45 Q&A and What can we do for OWASP?
17:45-18:00 Closing - OWASP-Turkey


The event was sponsored by Gelisim Platformu and Pro-G Security

Gelisim platformu logo.gif    Pro-g_web_security_days_logo.gif