OWASP Foundation (Overview Slides) is a professional association of global members and is and open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.
Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member?
In March's OWASP Brisbane Chapter meeting, Paul Ducklin will present a session titled "Live Malware Attack!" :
Widespread, fast internet connectivity has an ugly side: growing opportunity for cybercriminality. You can visualise the scale of the problem by considering that Sophos Labs processes some 20,000 malware sample submissions, and identifies some 30,000 newly infected web pages, *every day*.
These infected pages are rarely on web sites set up specially by the cybercriminals. They are *your* websites, remotely hacked and subverted by criminals who then use your servers to redirect innocent visitors to overtly malicious content.
Come to this talk and find out, through a live demo (safely done, but using real malware) how a modern cybercriminal attack works. Understand how even a well-informed user can be tricked.
We will track an attack through:
- a scam email linking to...
- a legitimate but compromised site, redirecting to...
- creates a web page on the fly inside the browser which...
- unleashes a drive-by exploit which...
- crashes your browser so that it...
- connects to Hong Kong and silently downloads...
- a bot which includes...
- a rootkit which shrouds the bot from sight and...
- begs the question, "what do we do now?"
Know how your enemy is likely to attack and you will be much better prepared to answer that final question!
This session is interactive, meaning that you are encouraged to interject with observations or questions at any time during the presentation. (Learning is supposed to be fun :-) )
Paul's Biography can be found here: http://www.sophos.com/pressoffice/contacts/pauld.html
Venue: CERT Australia Offices, Level 11, 301 Coronation Drive, Milton.
Time: 5:30pm (Pizza) for a 6pm start
Date: Tuesday 1st March
Close: Session is expected to be completed by 7:30pm.
RSVP: Online at http://owasp-brisbane.eventbrite.com