OWASP Foundation (Overview Slides) is a professional association of global members and is and open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.
Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member?
May 2015 meet on 23rd May, 2015 (Saturday) - 03:00 PM IST
Note – OWASP Delhi chapter meets are free and open to everyone. Prior registrations are mandatory in order to be allowed to attend the meet.
For Registration/RSVP please visit - http://bit.ly/1L9sWMn
3:00 PM - 3:15 PM: Introductions
3:15 PM - 3:30 PM: News Bytes by Sandeep Garg
3:30 PM - 4:00 PM: SQL Injection behind the scene by Prateek Sharma
About Prateek: Prateek is currently working with DELL as a module lead with experience of over 5 years in Software development and application security mainly on .Net
4:00 PM - 5:00 PM: Cryptographic Implementations in Software Development - Part 2 by Arjun Singh
About Arjun: Software developer for about 15 years, currently at Adobe. Working on web applications and web application security for last two years.
5:00 PM - 5:15 PM: Tea/Coffee/Networking Break
5:15 PM – 6:00 PM: I know what you installed last summer by Saurabh (Remote)
Abstract: This talk is going to be centered around Yasuo, an open-source vulnerable application scanner purely written in Ruby. If you search through Exploit-db, there are over 10,000 remotely exploitable vulnerabilities that exist in tons of web applications and could allow an attacker to completely compromise the back-end server. These vulnerabilities range from RCE to malicious file uploads to SQL injection to LFI and so on. We often talk about exploiting JBoss jmx-console, Apache tomcat manager but that’s just scratching the surface.
A random wise man once said – “It’s not about what, it’s about where”. With all the modern network protections these days, a smart hacker, good or bad, is always looking for that one IP, one port, one application that could be exploited to penetrate through the network. Yasuo is built to quickly scan the network for such vulnerable applications thus serving pwnable targets on a silver platter.
During this talk, we will elaborate on the development of Yasuo, the problem, the challenges and how it can be effective in hacking an organization in the real-world scenario.
About Saurabh: Saurabh has a bachelor’s degree in Electronics & Telecommunications. He currently works at Trustwave SpiderLabs and is part of Network Pentest team. During his industry experience of over a decade, Saurabh has worked across diversified industry verticals such as Banking, Aerospace, Building solutions, Process and Control Systems and has developed expertise is various aspects of Information security. Saurabh specializes in web application & network security, with secret crush on binary reverse engineering. He has contributed towards proof-of-concept exploits and white papers in infosec domain as well as delivered security trainings to various fortune 500 clients globally and at reputed security conferences such as CansecWest and BlackHat. Saurabh has also spoken at some of the reputed security conferences including Derbycon, Toorcon, Hack3rcon and BSides Toronto.
6:00 PM - 6:30 PM: Feedback and Topic Discussion for Next Month
When: 23rd May, 2015 (Saturday) - 03:00 PM IST
Where: Adobe Systems I-1A, City Center, Sector-25A, Noida – 201301
Nearest Landmark: 200 meters ahead of Spice Mall
How to Reach Venue: 3 KMs from Noida Sector-18 Metro station. Rickshaw from there should cost ~50 rupees
Nearest Metro Stations: 1. Noida Sector 18 2. Noida City Center
Google Maps - http://goo.gl/13WyMa
Join our low traffic mailing list for events information and technical discussions
Follow @OWASPdelhi for event updates on Twitter
Join our LinkedIn group for event updates on LinkedIn
OWASP Delhi Blog
OWASP Delhi Meeting - April 25th, 2015
OWASP Delhi Meeting - March 28th, 2015
OWASP Delhi Meeting - January 31st, 2015
OWASP Delhi Meeting - December 13th, 2014
OWASP Delhi Meeting - November 22nd, 2014
OWASP Delhi Meeting - October 18th, 2014
OWASP Delhi Meeting - September 20th, 2014
OWASP Delhi Meeting - August 31st, 2014
OWASP Delhi Meeting - July 26th, 2014 || OWASP Delhi July, 2014 Meeting Blog Post
Chapter Revival in June 2014
OWASP Delhi Meeting - Oct 30th, 2010
OWASP Delhi Meeting - May 2009
OWASP Delhi Meeting - January & February (Combined) 2009
OWASP Delhi Meeting - November 29th 2008
OWASP Delhi Meeting - October 18th 2008
Archived Page of Delhi Chapter
Past Committee Members for Delhi Chapter