Difference between revisions of "Bangalore"

From OWASP
Jump to: navigation, search
(Chapter News)
(10th Floor, PayPal, Tower 11,)
(13 intermediate revisions by one user not shown)
Line 3: Line 3:
 
== '''Chapter News''' ==
 
== '''Chapter News''' ==
  
* Planning to do a special OWASP Meeting on 8th of Feb 2014, please await further annoucements.  
+
* Special OWASP Meeting on 8th of Feb 2014 -  A Systematic Method for Manual Web Pentesting by [http://www.utilisec.com/about/#Justin Justin Searle]
 
* null and OWASP are doing a JavaScript Security Hands-on Workshop on 21st December 2013 [http://null.co.in/2013/12/10/null-bachaav-client-side-javascript-security-21st-december-2013/]
 
* null and OWASP are doing a JavaScript Security Hands-on Workshop on 21st December 2013 [http://null.co.in/2013/12/10/null-bachaav-client-side-javascript-security-21st-december-2013/]
 
* To view pictures from OWASP Bangalore's 2011 Meetings: [https://plus.google.com/photos/112137565701189658529/albums/5668208377032936625?banner=pwa click here].
 
* To view pictures from OWASP Bangalore's 2011 Meetings: [https://plus.google.com/photos/112137565701189658529/albums/5668208377032936625?banner=pwa click here].
  
== '''Next Meeting'''  ==
+
=== Next Meeting ===
The next OWASP meeting along with null/G4H/SecurityXploded is scheduled for 18th January 2014.  
+
Special OWASP Meet is a workshop by Justin Searle ([http://www.utilisec.com/about/#Justin His Profile]) on 8th of Feb 2014. Event starts at 10:30 AM. Workshop timing is from 2 PM - 6 PM.
  
=== '''Venue''' ===
+
==== '''Workshop A Systematic Method for Manual Web Pentesting by Justin Searle''' ====
ThoughtWorks, Ground Floor, ACR Mansion, 147/f, 8th Main Road, 3rd Block, Koramangala, Bangalore - 560034
+
Come have a taste of the official [http://samurai.inguardians.com/ Samurai-WTF Web Testing Framework] training course offered at Black Hat and OWASP conferences.  During this workshop, we'll do a quick overview of the web pen-testing methodology, then the instructors will lead you through the process of testing and exploiting web applications.  The primary emphasis of this workshop is teaching you how to integrate SamuraiWTF tools into your own manual testing procedures to improve your overall pentest workflow.
[http://goo.gl/bokSL Google Map Link]
+
  
=== '''Schedule''' ===
+
==== '''Registration Information''' ====
  
{| class="wikitable"
+
===== Entry for registered people only =====
|-
+
'''
! Start Time
+
Registrations have closed. 50 people have confirmed that they have already been informed. Please note no one will be accepted at the venue if your name is not listed.'''
! End Time
+
 
! Title
+
==== '''Venue''' ====
! Speakers
+
 
! Description
+
===== 10th Floor, PayPal, Tower 11, =====
! References
+
'''Pritech Park SEZ, Eco Space Campus''' RMZ Ecospace Internal Rd, Adarsh Palm Retreat, Bellandur Bangalore, Karnataka 560103‎
|-
+
 
| 09:30
+
'''[http://goo.gl/maps/m0JNz Google Map Link] | [http://osm.org/go/yy4epm0iY?m=&node=428420612 Open Street Map Link]'''
| 10:10
+
 
| Web Application Security for Beginners: DOM Based XSS
+
* From the main gate, keep going straight till you reach a roundabout. Pritech Park SEZ has its own security.  
| Jayesh Singh
+
* People with two wheelers and cars can find visitor parking toward the right. There are helpful guards to direct you.
| This is a multipart series on Web Application Security. This session will cover part 2 of the DOM based XSS subsection, the identification and concepts behind it. The session will also cover filter bypasses and different XSS payloads in that context.
+
* Most guards will know Tower 11, once you enter the building take the elevators directly to the 10th Floor.  
| [https://www.owasp.org/index.php/Cross-site_Scripting_%28XSS%29 OWASP Cross Site Scripting]
+
 
|-
+
PayPal office is in a IT Park. Usually such places have strict security requirements. '''So please do be on time and carry some type of Govenrment ID Proof'''
| 10:10
+
 
| 10:20
+
=== '''Software Required''' ===
| Introductions
+
 
|
+
'''This is only required if you are planning to work with Justin during the workshop'''
| Introduction for new comers and start of the meet for everyone.  
+
 
|
+
Please download the latest version of SamuraiWTF and have it running on your laptops before the workshop begins.  For in the interest of time, we will assume you have everything installed and running, ready for class.  
|-
+
 
| 10:20
+
You can download SamuraiWTF at:
| 10:50
+
 
| Automated Source code review using Fortify
+
http://sourceforge.net/projects/samurai/files/SamuraiWTF%202.0%20Branch/
| Rupam Bhattacharya
+
| This talk+demo will cover the automated source code review tool called Fortify . The demo will show on how to configure Fortify, select rules based on pre-determined conditions and scan the code for different vulnerabilities.
+
|
+
|-
+
| 10:50
+
| 11:20
+
| Struts Validation Framework Part 2
+
| Satish
+
| This session is the second part of the talk on Validation frameworks. These frameworks are used to secure information from entering business model in an MVC architecture. “Struts Validation framework” is a set of predefined plugin codes which have proven best practices in Data validation. We will take a look at the working of the framework and understand how malicious data is treated.
+
| [http://struts.apache.org/release/2.3.x/docs/validation.html Struts Validation Framework]
+
|-
+
| 11:20
+
| 11:40
+
| Networking Session and Break
+
| Everyone
+
| The idea of the networking session is for everyone to get up, go around the room and say hi to various attendees and the experts.
+
|
+
|-
+
| 11:40
+
| 12:20
+
| Security Onion
+
| Nishanth Kumar
+
| Security Onion is an full Linux distribution with packet capture, network-based and host-based intrusion detection intrusion detection systems (NIDS and HIDS, respectively) and other powerful analysis tools. The talk will cover the following aspects of this OS:
+
# Introduction of Security Onion
+
# Tools included in the OS and usage of these tools for exploitation.
+
# How to do Analysis of Packets using tools
+
|
+
|-
+
| 12:20
+
| 12:50
+
| Web Application Security: The pitfalls and the brickwalls, a developer perspective
+
| Vamsi Krishna
+
| This is a multi-part series on common developer mistakes that result in major security vulnerabilities. This month we will see how unsanitized data causes SQL injection due to poor programming practices. We will also take a look at Insecure Direct Object references where a developer does not anticipate a permission model for objects resulting in unauthorized access to data.
+
|
+
|-
+
| 12:50
+
| 13:10
+
| Feedback and Topic discussion for next month meet
+
|
+
|
+
|}
+
  
 
== '''Previous Meeting Venue and Dates'''  ==
 
== '''Previous Meeting Venue and Dates'''  ==
Line 92: Line 50:
 
! Venue  
 
! Venue  
 
! Time
 
! Time
 +
|-
 +
| 27
 +
| 18th January 2014
 +
| ThoughtWorks Office (http://goo.gl/bokSL)
 +
| 9:30 AM
 +
|-
 
|-
 
|-
 
| 26
 
| 26

Revision as of 03:16, 5 February 2014

Contents

OWASP Bangalore

Welcome to the Bangalore chapter homepage. The chapter leaders are Prashant Kv and Akash Mahajan
Click here to join the local chapter mailing list.

Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is and open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

Btn donate SM.gif to this chapter or become a local chapter supporter.

Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG

Chapter News

  • Special OWASP Meeting on 8th of Feb 2014 -  A Systematic Method for Manual Web Pentesting by Justin Searle
  • null and OWASP are doing a JavaScript Security Hands-on Workshop on 21st December 2013 [1]
  • To view pictures from OWASP Bangalore's 2011 Meetings: click here.

Next Meeting

Special OWASP Meet is a workshop by Justin Searle (His Profile) on 8th of Feb 2014. Event starts at 10:30 AM. Workshop timing is from 2 PM - 6 PM.

Workshop A Systematic Method for Manual Web Pentesting by Justin Searle

Come have a taste of the official Samurai-WTF Web Testing Framework training course offered at Black Hat and OWASP conferences.  During this workshop, we'll do a quick overview of the web pen-testing methodology, then the instructors will lead you through the process of testing and exploiting web applications.  The primary emphasis of this workshop is teaching you how to integrate SamuraiWTF tools into your own manual testing procedures to improve your overall pentest workflow.

Registration Information

Entry for registered people only

Registrations have closed. 50 people have confirmed that they have already been informed. Please note no one will be accepted at the venue if your name is not listed.

Venue

10th Floor, PayPal, Tower 11,

Pritech Park SEZ, Eco Space Campus RMZ Ecospace Internal Rd, Adarsh Palm Retreat, Bellandur Bangalore, Karnataka 560103‎

Google Map Link | Open Street Map Link

  • From the main gate, keep going straight till you reach a roundabout. Pritech Park SEZ has its own security.
  • People with two wheelers and cars can find visitor parking toward the right. There are helpful guards to direct you.
  • Most guards will know Tower 11, once you enter the building take the elevators directly to the 10th Floor.

PayPal office is in a IT Park. Usually such places have strict security requirements. So please do be on time and carry some type of Govenrment ID Proof

Software Required

This is only required if you are planning to work with Justin during the workshop

Please download the latest version of SamuraiWTF and have it running on your laptops before the workshop begins.  For in the interest of time, we will assume you have everything installed and running, ready for class.  

You can download SamuraiWTF at:

http://sourceforge.net/projects/samurai/files/SamuraiWTF%202.0%20Branch/

Previous Meeting Venue and Dates

No Date Venue Time
27 18th January 2014 ThoughtWorks Office (http://goo.gl/bokSL) 9:30 AM
26 14th December 2013 ThoughtWorks Office (http://goo.gl/bokSL) 9:30 AM
25 1st November 2012 KPMG Office 7 PM
24 16th May 2012 Kieon (http://g.co/maps/dahhv) 10 AM
23 19th May 2012 Kieon (http://g.co/maps/dahhv) 10 AM
22 21th April 2012 Kieon (http://g.co/maps/dahhv) 10 AM
21 10th March 2012 Kieon (http://g.co/maps/dahhv) 10 AM
20 04th February 2012 Kieon (http://g.co/maps/dahhv) 10 AM
19 07th January 2012 Kieon 10 AM
18 3rd October 2009 Praxeva India 10 AM
17 19th September 2009 Praxeva India 10 AM
16 5th September 2009 Praxeva India 10 AM
15 12 July 2009 Cubbon Park 10.30 AM
14 07 June 2009 ICH, Church Street 09.00 AM
13 11 April 2009 ThoughtWorks Bangalore, (DevCamp2) 10.00 AM
12 07 March 2009 Yahoo, Embassy Golf Links Business Park 11.00 AM
11 02 February 2009 India Coffee House, MG Road 9.00 AM
10 11 January 2009 India Coffee House, MG Road 9.00 AM
9 14 December 2008 India Coffee House, MG Road 9.00 AM
8 16 November 2008 India Coffee House, MG Road 9.00 AM
7 13 September 2008 IIM Bangalore (Part of BarCamp Bangalore-7)
6 09 August 2008 Microland Office 3.00 PM
5 12 July 2008 RSA Office (Part of Secure Camp) 9.30 AM
4 29 June 2008 India Coffee House, MG Road 9.30AM
3 28 June 2007 (Part of Barcamp Bangalore-4)
2 2006

1 2006

Meeting Summaries

Summaries from Past Meetings

Stay Tuned

Subscribe to Mailing list - https://lists.owasp.org/mailman/listinfo/owasp-bangalore

Twitter Update - https://twitter.com/owaspbangalore