OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.
Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member?
- To view pictures from OWASP Bangalore's 2011 Meetings: click here.
The next OWASP meeting along with null/G4H/SecurityXploded is scheduled for 14th December 2013.
ThoughtWorks, Ground Floor, ACR Mansion, 147/f, 8th Main Road, 3rd Block, Koramangala, Bangalore - 560034 Google Map Link
09:30 - 10:05: Web Application Security for Beginners: Cross Site Scripting - Prasanna K / Jayesh Singh This is a multipart series on Web Application Security. This session will cover DOM based XSS, the identification and concept behind it. The session will also cover filter bypasses and different XSS payloads in that context.
10:05 - 10:15: Introductions
10:15 - 10:50: Overview of ISO 27001 - Rupam Bhattacharya The session will include a brief introduction to standards and ISO 27001. Moving on to ISO 27001 domains, it's relevance to management, company and it's benefits. After this, the talk will cover ISO guidelines for asset management, asset classification, User registration, password management, clear work environment, operating system, application controls and network security and other domains of ISO 27001. The talk will end with changes in 2013 version from the 2005 version and Q&A.
10:50 - 11:25: XSS - From injection to root - Abeer Banerjee This talk + demo will represent an end to end PoC for XSS and will cover cookie theft, session hijack and gaining a shell.
11:25 - 11:45: Networking and Break
11:45 - 12:20: Struts Validation Framework - Satish
This session will describe what Validation Frameworks are. These are used to secure information from entering business model in an MVC architecture. “Struts Validation framework” is a set of predefined plugin codes which have proven best practices in Data validation. We will also answer the question of why such frameworks are used?
A couple of online resources that are recommended for the interested. 1) Basic understanding of MVC Architecture http://en.wikipedia.org/wiki/Multitier_architecture#Three-tier_architecture http://en.wikipedia.org/wiki/Model%E2%80%93view%E2%80%93controller 2) Basic understanding Struts framework http://struts.apache.org/ 3) Basic understanding for Struts-Validation Framework http://struts.apache.org/release/2.3.x/docs/validation.html
12:20 - 12:40: Feedback and Topic discussion for next month meet
12:40 - 14:00: Dissecting the APT malware functionalities - Monappa This talking is going to be the continuation of Part 1 (Reversing & Decrypting Communications of HeartBeat RAT), In part 1, the speaker covered how malware decrypts strings in memory, demonstrated how it collected system information and encrypted the collected information before sending it to the C2 server. The speaker also showed how to determine the encryption alogirthm and showed how to decrypt the intial C2 communication. In part 2, the speaker will show how to determine various functionalities supported by HeartBeat RAT and will also cover various commands supported by the HeartBeat RAT and will also be showing how to decrypt the various communications between infected machine and the command and control server.
Previous Meeting Venue and Dates
|26||14th December 2013||ThoughtWorks Office (http://goo.gl/bokSL)||9:30 AM|
|25||1st November 2012||KPMG Office||7 PM|
|24||16th May 2012||Kieon (http://g.co/maps/dahhv)||10 AM|
|23||19th May 2012||Kieon (http://g.co/maps/dahhv)||10 AM|
|22||21th April 2012||Kieon (http://g.co/maps/dahhv)||10 AM|
|21||10th March 2012||Kieon (http://g.co/maps/dahhv)||10 AM|
|20||04th February 2012||Kieon (http://g.co/maps/dahhv)||10 AM|
|19||07th January 2012||Kieon||10 AM|
|18||3rd October 2009||Praxeva India||10 AM|
|17||19th September 2009||Praxeva India||10 AM|
|16||5th September 2009||Praxeva India||10 AM|
|15||12 July 2009||Cubbon Park||10.30 AM|
|14||07 June 2009||ICH, Church Street||09.00 AM|
|13||11 April 2009||ThoughtWorks Bangalore, (DevCamp2)||10.00 AM|
|12||07 March 2009||Yahoo, Embassy Golf Links Business Park||11.00 AM|
|11||02 February 2009||India Coffee House, MG Road||9.00 AM|
|10||11 January 2009||India Coffee House, MG Road||9.00 AM|
|9||14 December 2008||India Coffee House, MG Road||9.00 AM|
|8||16 November 2008||India Coffee House, MG Road||9.00 AM|
|7||13 September 2008||IIM Bangalore (Part of BarCamp Bangalore-7)|| |
|6||09 August 2008||Microland Office||3.00 PM|
|5||12 July 2008||RSA Office (Part of Secure Camp)||9.30 AM|
|4||29 June 2008||India Coffee House, MG Road||9.30AM|
|3||28 June 2007||(Part of Barcamp Bangalore-4)|| |
Subscribe to Mailing list - https://lists.owasp.org/mailman/listinfo/owasp-bangalore
Receive SMS Alerts - http://labs.google.co.in/smschannels/subscribe/OwaspBangalore