Difference between revisions of "Ireland-Limerick"

From OWASP
Jump to: navigation, search
(36 intermediate revisions by one user not shown)
Line 11: Line 11:
 
<br>'''OWASP Ireland-Limerick'''<br>Address - TBD<br><paypal>Ireland-Limerick</paypal> <br>  
 
<br>'''OWASP Ireland-Limerick'''<br>Address - TBD<br><paypal>Ireland-Limerick</paypal> <br>  
  
== OWASP Ireland Limerick 2011 Meetings ==
+
== OWASP Ireland Limerick 2013 Events ==
  
 
<br>  
 
<br>  
  
== Next Meeting ==
+
== OWASP Ireland Limerick Chapter Meeting ==
 
<br>  
 
<br>  
'''When:''' 12/10/2011 7:00pm - 9:00pm
+
'''When:''' 21/02/2013 7:00pm - 9:00pm
 
<br><br>
 
<br><br>
'''Where:''' Venue to be decided (Limerick City Council or University of Limerick)
+
'''Where:''' Limerick City Council, City Hall, Merchants Quay 
 
<br><br>
 
<br><br>
This free event is open to all participants with an interest in application security ([http://www.regonline.com/register/checkin.aspx?eventid=1019494 registration] is required - http://www.regonline.com/register/checkin.aspx?eventid=1019494). 
+
'''Sponsors:''' '''Genworth Financial'''
 
<br><br>
 
<br><br>
'''For ISACA and (ISC)² members: This event qualifies for free CPE credits/hours.'''
+
This free event is open to all participants with an interest in application security. <br>
 +
<span style="color: red; text-decoration:">
 +
Registration is required - if you are planning to attend please RSVP at http://owasp-limerick-february-2013.eventbrite.com/ 
 +
</span>
 +
<br><br>
 +
For ISACA and (ISC)² members: This event qualifies for free CPE credits/hours.
 
<br><br>
 
<br><br>
  
 
'''AGENDA'''
 
'''AGENDA'''
 +
<br><br>
 +
19:00 - 19:05  '''OWASP Limerick/Munster Chapter - Introduction, Agenda and Speakers'''
 
<br><br>
 
<br><br>
  
19:00 - 19:45<br>
+
19:10 - 20:00  '''Zombie Browsers, spiced with Rootkit Extensions''' - presented by Balázs Zoltán
'''Title:''' Introduction to OWASP Top 10 Security Risks - presented by Marian Ventuneac
+
<br><br>  
<br>  
+
'''Abstract:''' As malicious browser extensions currently are not detected by antivirus products, they are able to do enormous harm - not only by compromising one’s personal online activities, personal data and accounts, but even his/her business data. Hardly any anti-malware product offers real protection against these attacks, and even mobile phones might be vulnerable.
'''Abstract:''' This presentation will review the OWASP Top 10 Security Risks (2010 edition) and how it can be effectively used to assess and strengthen application security.
+
<br><br>
<br>
+
'''Presenter:''' Balázs Zoltán (OSCP, C|HFI, CISSP, CPTS, MCP) is an ITSEC consultant at Deloitte. From 2006-2010 Zoltán worked as an IT Security Expert at Erste Bank Hungary, and from 2010 he works as an IT Security team leader, at Erste. On ITSEC conferences he likes to present about malwares, IPv6, pass-the-hash, browser malware.
'''Presenter:''' [http://www.owasp.org/index.php/User:Marian_Ventuneac Marian Ventuneac]
+
<br><br>
<br>
+
'''Download:''' [https://www.owasp.org/images/c/c5/OWASPIreland-Limerick_20130221_Zombie_Browsers.pdf Zombie Browsers]
'''Download:'''
+
<br><br><br>
<br><br><br>
+
 
19:50 - 20:00<br>
+
20:00 - 20:10  '''OWASP Limerick/Munster Chapter Raffle'''  
'''Title:''' European Data Protection Act - presented by Ger O’Mahony
+
<br>
+
'''Abstract:''' This presentation will focus on IT Governance and Data Protection Act requirements. An overview of DPA will be provided to help in assessing your organisations level of compliance. 
+
<br>  
+
'''Presenter:''' Ger O'Mahony is the IT Process and Control Manager for Genworth Financial and he has been working in IT Governance for the past 7 years. In his distant past, Ger worked in the areas of software development and financial control.
+
<br>  
+
'''Download:'''
+
<br><br><br>  
+
20:05 - 20:45<br>
+
'''Title:''' Practical Penetration Testing with Burp Suite - presented by Máirtín O'Sullivan
+
<br>
+
'''Abstract:''' Máirtín will introduce the Burp Suite, demo the key functionality that the tool provides (both in the free and pro editions) and explain how both inexperienced and experienced application penetration testers can get the most out of the tool. This session will be a practical demonstration of the tool against sample vulnerable web applications.
+
 
<br>
 
<br>
'''Presenter:''' Máirtín O'Sullivan is a Consultancy Team Lead within Espion Group and has over eight years of information security experience. Máirtín has performed over a hundred application penetration tests and has recently been responsible for the implementation of a secure software development lifecycle within an organisation of over twelve hundred developers.
+
* Free ticket for upcoming OWASP Limerick AppSec Training Day
'''Download:'''
+
* Two representative Information Security books 
 
<br><br><br>  
 
<br><br><br>  
'''OWASP Limerick Chapter Raffle:''' One (or two - subject to sponsorship) representative application security book(s) will be available for this event.  
+
20:10 - 20:50  '''Malware (zero-day) Analysis in an Operational Environment''' - presented by Richard Costelloe
<br><br><br>  
+
<br><br>
'''Networking/Socialising''' <br><br>  
+
'''Abstract:''' This presentation reviews a response-methodology to a multi-stage, 'zero-day' malware attack against a corporate information-systems network. Included in this analysis are detailed explanations of evasive techniques such as social-engineering, spear-phishing, SMTP spoofing, HTTP and JavaScript obfuscation, binary code-packing, password and data harvesting, data encryption and exfiltration, file-droppers, process-injection and bot-nets. Included will be an overview of defensive-methodologies and processes such as system and network hardening and monitoring, data de-obfuscation, decoding and decryption, static and dynamic analysis of malware code and binaries and forensic best practises.
 +
<br><br>
 +
'''Presenter:''' Richard Costelloe (MA, CISSP, CEH) is an Information-Security professional currently employed by Murex Dublin (Enterprise Risk Management),  focusing on Information Security governance, compliance and policy development, risk-management, staff training & education, data-leaks, working with IT teams for system-hardening and penetration-testing and software-development teams with code-reviews and application-security audits for Murex’s Java/C++ products.
 +
<br><br>
 +
'''Download:''' [https://www.owasp.org/images/7/7e/OWASPIreland-Limerick_20130221_Malware_Analysis.pdf Malware Analysis]
 +
<br><br><br>
 +
 
 +
20:50 - 21:00 '''Networking/Socialising''' <br><br>  
  
 
== Past Events ==
 
== Past Events ==
 +
 +
'''2012 Meetings'''
 +
 +
[[OWASP_Limerick_Day_2012]]
 +
 +
[[OWASP_Limerick_July_2012]]
 +
 +
[[OWASP_Limerick_February_2012]]
 +
  
 
'''2011 Meetings'''
 
'''2011 Meetings'''
 +
 +
[[OWASP_Limerick_October2011]]
  
 
[[OWASP_Limerick_March_2011]]
 
[[OWASP_Limerick_March_2011]]
 +
 +
<br><br>
  
 
__NOTOC__ <headertabs />  
 
__NOTOC__ <headertabs />  
  
 
[[Category:Ireland]]
 
[[Category:Ireland]]

Revision as of 16:41, 24 February 2013

OWASP Ireland-Limerick

Welcome to the Ireland-Limerick chapter homepage.
Click here to join the local chapter mailing list.

Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is and open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

Btn donate SM.gif to this chapter or become a local chapter supporter.

Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG become a Member or Annual Chapter Sponsor(s).

OWASP Ireland-Limerick Board

Should you have a question about the local chapter, would like to get more involved contact ANY of the following people below


OWASP Ireland-Limerick
Address - TBD

funds to OWASP earmarked for Ireland-Limerick.

OWASP Ireland Limerick 2013 Events


OWASP Ireland Limerick Chapter Meeting


When: 21/02/2013 7:00pm - 9:00pm

Where: Limerick City Council, City Hall, Merchants Quay

Sponsors: Genworth Financial

This free event is open to all participants with an interest in application security.
Registration is required - if you are planning to attend please RSVP at http://owasp-limerick-february-2013.eventbrite.com/

For ISACA and (ISC)² members: This event qualifies for free CPE credits/hours.

AGENDA

19:00 - 19:05 OWASP Limerick/Munster Chapter - Introduction, Agenda and Speakers

19:10 - 20:00 Zombie Browsers, spiced with Rootkit Extensions - presented by Balázs Zoltán

Abstract: As malicious browser extensions currently are not detected by antivirus products, they are able to do enormous harm - not only by compromising one’s personal online activities, personal data and accounts, but even his/her business data. Hardly any anti-malware product offers real protection against these attacks, and even mobile phones might be vulnerable.

Presenter: Balázs Zoltán (OSCP, C|HFI, CISSP, CPTS, MCP) is an ITSEC consultant at Deloitte. From 2006-2010 Zoltán worked as an IT Security Expert at Erste Bank Hungary, and from 2010 he works as an IT Security team leader, at Erste. On ITSEC conferences he likes to present about malwares, IPv6, pass-the-hash, browser malware.

Download: Zombie Browsers


20:00 - 20:10 OWASP Limerick/Munster Chapter Raffle

  • Free ticket for upcoming OWASP Limerick AppSec Training Day
  • Two representative Information Security books




20:10 - 20:50 Malware (zero-day) Analysis in an Operational Environment - presented by Richard Costelloe

Abstract: This presentation reviews a response-methodology to a multi-stage, 'zero-day' malware attack against a corporate information-systems network. Included in this analysis are detailed explanations of evasive techniques such as social-engineering, spear-phishing, SMTP spoofing, HTTP and JavaScript obfuscation, binary code-packing, password and data harvesting, data encryption and exfiltration, file-droppers, process-injection and bot-nets. Included will be an overview of defensive-methodologies and processes such as system and network hardening and monitoring, data de-obfuscation, decoding and decryption, static and dynamic analysis of malware code and binaries and forensic best practises.

Presenter: Richard Costelloe (MA, CISSP, CEH) is an Information-Security professional currently employed by Murex Dublin (Enterprise Risk Management), focusing on Information Security governance, compliance and policy development, risk-management, staff training & education, data-leaks, working with IT teams for system-hardening and penetration-testing and software-development teams with code-reviews and application-security audits for Murex’s Java/C++ products.

Download: Malware Analysis


20:50 - 21:00 Networking/Socialising

Past Events

2012 Meetings

OWASP_Limerick_Day_2012

OWASP_Limerick_July_2012

OWASP_Limerick_February_2012


2011 Meetings

OWASP_Limerick_October2011

OWASP_Limerick_March_2011