Difference between revisions of "Ireland-Limerick"

From OWASP
Jump to: navigation, search
(11 intermediate revisions by one user not shown)
Line 11: Line 11:
 
<br>'''OWASP Ireland-Limerick'''<br>Address - TBD<br><paypal>Ireland-Limerick</paypal> <br>  
 
<br>'''OWASP Ireland-Limerick'''<br>Address - TBD<br><paypal>Ireland-Limerick</paypal> <br>  
  
== OWASP Ireland Limerick 2012 Events ==
+
== OWASP Ireland Limerick 2013 Events ==
  
 
<br>  
 
<br>  
  
== OWASP Ireland Limerick Day ==
+
== OWASP Ireland Limerick Chapter Meeting ==
 
<br>  
 
<br>  
'''When:''' 09/11/2012 2:00pm - 6:00pm
+
'''When:''' 21/02/2013 7:00pm - 9:00pm
 
<br><br>
 
<br><br>
'''Where:''' Absolute Hotel, Sir Harry's Mall , Limerick  
+
'''Where:''' Limerick City Council, City Hall, Merchants Quay  
 
<br><br>
 
<br><br>
'''Sponsors:''' '''WhiteHat Security, Genworth Financial, Mozilla'''
+
'''Sponsors:''' '''Genworth Financial'''
 
<br><br>
 
<br><br>
 +
This free event is open to all participants with an interest in application security. <br>
 
<span style="color: red; text-decoration:">  
 
<span style="color: red; text-decoration:">  
This free event is open to all participants with an interest in application security. <br>Entry is limited to '''only 50 participants'''. Registration is required - if you are planning to attend you must RSVP at http://owasp-ireland-limerick-day-2012.eventbrite.com   
+
Registration is required - if you are planning to attend please RSVP at http://owasp-limerick-february-2013.eventbrite.com/  
 
</span>
 
</span>
 
<br><br>
 
<br><br>
Line 32: Line 33:
 
'''AGENDA'''
 
'''AGENDA'''
 
<br><br>
 
<br><br>
2:00 - 2:10 '''OWASP Limerick/Munster Chapter - Introduction, Agenda and Speakers'''
+
19:00 - 19:05  '''OWASP Limerick/Munster Chapter - Introduction, Agenda and Speakers'''
 
<br><br>
 
<br><br>
2:10 - 3:00<br>
+
 
'''Building Security Into Frameworks''' - presented by Jerry Hoff, VP of the Static Code Analysis Division at WhiteHat Security 
+
19:10 - 20:00 '''Zombie Browsers, spiced with Rootkit Extensions''' - presented by Balázs Zoltán
 
<br><br>  
 
<br><br>  
'''Abstract:''' Who is doing it right. In this talk, Jerry will discuss the importance of security controls in mobile and web frameworks. The talk features a tour through a spectrum of languages and frameworks. A tip of the hat will be given to frameworks and security controls that demonstrably mitigate vulnerabilities, resulting in more secure code. A wag of the finger will be given to frameworks that either lack essential security controls, or implement them improperly.  Many of the OWASP Top 10 vulnerabilities and their corresponding security controls will be discussed. Participants will walk away with a better understanding of the security libraries available across a wide array of popular web technologies.
+
'''Abstract:''' As malicious browser extensions currently are not detected by antivirus products, they are able to do enormous harm - not only by compromising one’s personal online activities, personal data and accounts, but even his/her business data. Hardly any anti-malware product offers real protection against these attacks, and even mobile phones might be vulnerable.
 
<br><br>
 
<br><br>
'''Presenter:''' Jerry Hoff is the VP of the Static Code Analysis Division at WhiteHat Security. Prior to joining WhiteHat, Jerry was a co-founder and managing partner at Infrared Security. Jerry has worked at a number of fortune ten financial firms, along with years of hands-on security consulting, where he specialized in manual code review, web and mobile application penetration testing, and architecture reviews. He speaks regularly at numerous security organizations and security events, such as those held by ISSA, ISACA, IANS, Gartner and OWASP.
+
'''Presenter:''' Balázs Zoltán (OSCP, C|HFI, CISSP, CPTS, MCP) is an ITSEC consultant at Deloitte. From 2006-2010 Zoltán worked as an IT Security Expert at Erste Bank Hungary, and from 2010 he works as an IT Security team leader, at Erste. On ITSEC conferences he likes to present about malwares, IPv6, pass-the-hash, browser malware.
 
+
Jerry also has years of development and teaching experience. He taught for over seven years at Washington University's CAIT program, and the microcomputer program at University of Missouri in St. Louis. Jerry is the writer/producer of the very popular OWASP Appsec Tutorial Series and the lead developer for the OWASP WebGoat.NET project.
+
 
<br><br><br>  
 
<br><br><br>  
3:00 - 3:50<br>
 
'''Building Secure Applications: SQLi Training Session''' presented by Marian Ventuneac, Security Architect, Genworth Financial
 
<br><br>
 
'''Abstract:''' For developers and InfoSec professionals alike, this talk will provide a practical approach to identifying and preventing SQL Injection vulnerabilities in Web applications. Testing techniques, tools and secure coding best practices for Java, .NET, PHP, etc will be discussed.
 
<br><br>
 
'''Presenter:''' Marian Ventuneac is a Security Architect with a Genworth Financial and the leader of OWASP Ireland-Limerick Chapter. As a Senior Consultant and Security Engineer, Marian previously provided software development and application security consultancy services for companies such as Dell Services, Perot Systems and Original Solutions Ltd.
 
  
As part of his research on Application Security, he collaborated with vendors such as Google, Symantec, IBM, and Salesforce on assessing and improving the security of various enterprise solutions. Marian holds a Computer Science degree by Technical University of Cluj-Napoca, as well as a MEng in Applied Security Frameworks and a PhD on Formal Verification of Security Protocols by the University of Limerick.
+
20:00 - 20:10  '''OWASP Limerick/Munster Chapter Raffle'''
 +
<br>
 +
* Free ticket for upcoming OWASP Limerick AppSec Training Day
 +
* Two representative Information Security books 
 
<br><br><br>  
 
<br><br><br>  
3:50 - 4:10 '''Tea/Coffee Break, Networking/Socialising'''
+
20:10 - 20:50  '''Malware (zero-day) Analysis in an Operational Environment''' - presented by Richard Costelloe
<br><br><br>
+
4:10 - 5:00<br>
+
'''Unused Assets: Gaining an advantage''' - presented by Mark Goodwin, Security Engineer at Mozilla
+
 
<br><br>  
 
<br><br>  
'''Abstract:''' Web Application security flaws seem to be getting more and more attention yet developers have never had more tools at their disposal; modern browsers have many security features that are seldom used and there are security tools intended for developers which are almost exclusively used by security people. This talk discusses why this might be the case and looks at some things we can do to catch some security problems early and, in the process, help developers with security awareness.  
+
'''Abstract:''' This presentation reviews a response-methodology to a multi-stage, 'zero-day' malware attack against a corporate information-systems network. Included in this analysis are detailed explanations of evasive techniques such as social-engineering, spear-phishing, SMTP spoofing, HTTP and JavaScript obfuscation, binary code-packing, password and data harvesting, data encryption and exfiltration, file-droppers, process-injection and bot-nets. Included will be an overview of defensive-methodologies and processes such as system and network hardening and monitoring, data de-obfuscation, decoding and decryption, static and dynamic analysis of malware code and binaries and forensic best practises.  
 
<br><br>
 
<br><br>
'''Presenter:''' Mark Goodwin works on application security for Mozilla, creators of the popular Firefox web browser. At work, Mark works with web and browser security. At home, he plays with the security too; web, phone apps, consumer electronics - all sorts. Mark has previously worked on Internet banking, e-commerce, embedded systems and logistics software
+
'''Presenter:''' Richard Costelloe (MA, CISSP, CEH) is an Information-Security professional currently employed by Murex Dublin (Enterprise Risk Management), focusing on Information Security governance, compliance and policy development, risk-management, staff training & education, data-leaks, working with IT teams for system-hardening and penetration-testing and software-development teams with code-reviews and application-security audits for Murex’s Java/C++ products.
 
<br><br><br>   
 
<br><br><br>   
5:00 - 5:45<br>
 
'''Countering jamming attacks against mobile communication''' - presented by Reiner Dojen, Lecturer, Department of Electronic and Computer Engineering, University of Limerick
 
<br><br>
 
'''Abstract:''' Satellite communications are nowadays employed in the provision of advanced personal communication services. However, interference with the radio transmission medium of satellite communications is a common threat: unintentional interferences occur frequently and jamming attacks can be achieved using low-grade technology. This talk discusses a new DoS attack against protocols for satellite communications, where an attacker interrupts the authentication phase by jamming a single message. A solution for preventing this attack is also presented.
 
<br><br>
 
'''Presenter:''' Reiner Dojen is a Lecturer in the Department of Electronic and Computer Engineering at the University of Limerick, Ireland. Received title of Dipl-Ing.(FH) from University of Applied Sciences Osnabrück, Germany, MEng from University of Limerick and PhD from University of Limerick.
 
  
Reiner has worked for over 10 years on effective security protocols and their verification. Further research interests include Cryptography, Data and Network Security, Automated Theorem Proving and application vulnerability research.
+
20:50 - 21:00 '''Networking/Socialising''' <br><br>  
<br><br><br>
+
5:45 - 6:00 '''Networking/Socialising''' <br><br>  
+
  
 
== Past Events ==
 
== Past Events ==
  
 
'''2012 Meetings'''
 
'''2012 Meetings'''
 +
 +
[[OWASP_Limerick_Day_2012]]
  
 
[[OWASP_Limerick_July_2012]]
 
[[OWASP_Limerick_July_2012]]

Revision as of 09:34, 12 February 2013

OWASP Ireland-Limerick

Welcome to the Ireland-Limerick chapter homepage.
Click here to join the local chapter mailing list.

Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is and open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

Btn donate SM.gif to this chapter or become a local chapter supporter.

Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG become a Member or Annual Chapter Sponsor(s).

OWASP Ireland-Limerick Board

Should you have a question about the local chapter, would like to get more involved contact ANY of the following people below


OWASP Ireland-Limerick
Address - TBD

funds to OWASP earmarked for Ireland-Limerick.

OWASP Ireland Limerick 2013 Events


OWASP Ireland Limerick Chapter Meeting


When: 21/02/2013 7:00pm - 9:00pm

Where: Limerick City Council, City Hall, Merchants Quay

Sponsors: Genworth Financial

This free event is open to all participants with an interest in application security.
Registration is required - if you are planning to attend please RSVP at http://owasp-limerick-february-2013.eventbrite.com/

For ISACA and (ISC)² members: This event qualifies for free CPE credits/hours.

AGENDA

19:00 - 19:05 OWASP Limerick/Munster Chapter - Introduction, Agenda and Speakers

19:10 - 20:00 Zombie Browsers, spiced with Rootkit Extensions - presented by Balázs Zoltán

Abstract: As malicious browser extensions currently are not detected by antivirus products, they are able to do enormous harm - not only by compromising one’s personal online activities, personal data and accounts, but even his/her business data. Hardly any anti-malware product offers real protection against these attacks, and even mobile phones might be vulnerable.

Presenter: Balázs Zoltán (OSCP, C|HFI, CISSP, CPTS, MCP) is an ITSEC consultant at Deloitte. From 2006-2010 Zoltán worked as an IT Security Expert at Erste Bank Hungary, and from 2010 he works as an IT Security team leader, at Erste. On ITSEC conferences he likes to present about malwares, IPv6, pass-the-hash, browser malware.


20:00 - 20:10 OWASP Limerick/Munster Chapter Raffle

  • Free ticket for upcoming OWASP Limerick AppSec Training Day
  • Two representative Information Security books




20:10 - 20:50 Malware (zero-day) Analysis in an Operational Environment - presented by Richard Costelloe

Abstract: This presentation reviews a response-methodology to a multi-stage, 'zero-day' malware attack against a corporate information-systems network. Included in this analysis are detailed explanations of evasive techniques such as social-engineering, spear-phishing, SMTP spoofing, HTTP and JavaScript obfuscation, binary code-packing, password and data harvesting, data encryption and exfiltration, file-droppers, process-injection and bot-nets. Included will be an overview of defensive-methodologies and processes such as system and network hardening and monitoring, data de-obfuscation, decoding and decryption, static and dynamic analysis of malware code and binaries and forensic best practises.

Presenter: Richard Costelloe (MA, CISSP, CEH) is an Information-Security professional currently employed by Murex Dublin (Enterprise Risk Management), focusing on Information Security governance, compliance and policy development, risk-management, staff training & education, data-leaks, working with IT teams for system-hardening and penetration-testing and software-development teams with code-reviews and application-security audits for Murex’s Java/C++ products.


20:50 - 21:00 Networking/Socialising

Past Events

2012 Meetings

OWASP_Limerick_Day_2012

OWASP_Limerick_July_2012

OWASP_Limerick_February_2012


2011 Meetings

OWASP_Limerick_October2011

OWASP_Limerick_March_2011