Difference between revisions of "Singapore"

From OWASP
Jump to: navigation, search
(Local News)
(26 intermediate revisions by 3 users not shown)
Line 1: Line 1:
{{Chapter Template|chaptername=Singapore|extra=The chapter leader is [mailto:onnchee@resolvo.com Wong Onn Chee]
+
{{Chapter Template|chaptername=Singapore|extra=The chapter leader is [mailto:ocwong@owasp.org Wong Onn Chee]
 
<paypal>Singapore</paypal>
 
<paypal>Singapore</paypal>
 
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-singapore|emailarchives=http://lists.owasp.org/pipermail/owasp-singapore}}
 
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-singapore|emailarchives=http://lists.owasp.org/pipermail/owasp-singapore}}
  
Contact Information for Onn Chee is as follow:
 
  
Mobile:      (65) 9838 7930
+
== Local News ==
 +
  '''Bypassing Local Microsoft Security Policies'''
  
Skype VOIP:   ocwong
+
Date: 28 Feb 2013
 +
 
 +
Venue:  Prudential Assurance Company Singapore (Pte) Ltd (not Prudential Towers!)
 +
156 Cecil Street #10-00, Far Eastern Bank Building, Singapore 069544
 +
 
 +
Welcome to the 1st meetup of 2013!
 +
 
 +
In this presentation, the speaker, Paul Craig, will share on the following:
 +
 
 +
Local Microsoft security policies are one of the few areas of security that are rarely researched or focused on by the security community. These policies are designed to prevent local users from accessing functionality which has been "Disabled By Your Administrator". From Local Group Policy, Software Restriction Policies, App Locker to Internet Explorer, each Microsoft technology has its own way of restricting what you can and cannot do. For local exploitation attempt these technologies can be troublesome, frustrating and restrict the true potential of your attack. This talk will cover a broad view of the current attacks against Microsoft local policies and the underlying issues affecting this form of security.
 +
 
 +
'''Speaker Profile'''
 +
 
 +
Paul is the Principal Security Consultant at Security-Assessment.com Singapore. Labeled "A malicious hacker" by the media in his native New Zealand, Paul is now based in sunny Singapore where he leads the SE Asian Penetration Testing Team. Paul has been an avid security researcher and all-round advocate for security from a young age with a passion for exploitation and finding creative methods of getting shell.
 +
 
 +
 
 +
Many thanks to Prudential for providing the venue for our chapter evenings!
 +
 
 +
Please RSVP to our meetup.com site (http://www.meetup.com/SGSecurityMG/) latest by 28 Feb 2013.
 +
 
 +
See ya!
 +
 
 +
 
 +
 
 +
'''AISP-OWASP: New web attacks & short intro on IT Impact of SG data privacy law'''
 +
 
 +
Date: 14 Nov 2012
 +
 
 +
Venue:  Prudential Assurance Company Singapore (Pte) Ltd (not Prudential Towers!)
 +
156 Cecil Street #10-00, Far Eastern Bank Building, Singapore 069544
 +
 
 +
Welcome to the 7th session of the joint AISP-OWASP series of chapter evenings!
 +
 
 +
In this presentation, the speaker, Ryan Baxendale will share on these topics:
 +
 
 +
- Tips and tricks for hacking Microsoft SharePoint sites.
 +
 
 +
- Taking advantage of administrative interfaces to get shell.
 +
 
 +
- Breaking end to end encryption implemented in JavaScript.
 +
 
 +
- Weak two factor authentication and how to get around it.
 +
 
 +
- Abusing poorly designed password reset functions to get admin access.
 +
 
 +
- Bypassing a web application firewall.
 +
 
 +
 
 +
Many thanks to Prudential for providing the venue for our chapter evenings!
 +
 
 +
There are some more interesting topics and speakers being lined up for this series and more information will be given once the details are confirmed.
 +
 
 +
Do join us for these joint AISP-OWASP chapter evenings and interact with your peers!
 +
 
 +
Please RSVP to our meetup.com site (http://www.meetup.com/SGSecurityMG/) latest by 12 Nov 2012.
 +
 
 +
See ya!
 +
 
 +
 
 +
 
 +
'''AISP-OWASP: New web attacks & short intro on IT Impact of SG data privacy law'''
 +
 
 +
Date: 7 Nov 2012
 +
 
 +
Venue:  Prudential Assurance Company Singapore (Pte) Ltd (not Prudential Towers!)
 +
156 Cecil Street #10-00, Far Eastern Bank Building, Singapore 069544
 +
 
 +
Welcome to the 6th session of the joint AISP-OWASP series of chapter evenings!
 +
 
 +
In this presentation, the speaker, Onn Chee will share some latest discoveries of web attacks and walk through a short 30-min introduction to the IT impact of the new Singapore Personal Data Protection Act.
 +
 
 +
 
 +
Many thanks to Prudential for providing the venue for our chapter evenings!
 +
 
 +
There are some more interesting topics and speakers being lined up for this series and more information will be given once the details are confirmed.
 +
 
 +
Do join us for these joint AISP-OWASP chapter evenings and interact with your peers!
 +
 
 +
Please RSVP to our meetup.com site (http://www.meetup.com/SGSecurityMG/) latest by 5 Nov 2012.
 +
 
 +
See ya!
 +
 
 +
 
 +
'''AISP-OWASP: WAFs - An attacker's perspective'''
 +
 
 +
Date: 29 Oct 2012
 +
 
 +
Venue:  Prudential Assurance Company Singapore (Pte) Ltd (not Prudential Towers!)
 +
156 Cecil Street #10-00, Far Eastern Bank Building, Singapore 069544
 +
 
 +
Welcome to the 5th session of the joint AISP-OWASP series of chapter evenings!
 +
 
 +
In this presentation, the speaker, Bernhard will look at the effectiveness of WAFs from the perspective of a long-time security tester.
 +
 
 +
 
 +
 
 +
Many thanks to Prudential for providing the venue for our chapter evenings!
 +
 
 +
There are some more interesting topics and speakers being lined up for this series and more information will be given once the details are confirmed.
 +
 
 +
Do join us for these joint AISP-OWASP chapter evenings and interact with your peers!
 +
 
 +
Please RSVP to our meetup.com site (http://www.meetup.com/SGSecurityMG/) latest by 26 Oct 2012.
 +
 
 +
See ya!
 +
 
 +
 
 +
 
 +
'''AISP-OWASP: Dynamic Web Defense'''
 +
 
 +
Date: 22 Oct 2012
 +
 
 +
Venue:  Prudential Assurance Company Singapore (Pte) Ltd (not Prudential Towers!)
 +
156 Cecil Street #10-00, Far Eastern Bank Building, Singapore 069544
 +
 
 +
Welcome to the 4th session of the joint AISP-OWASP series of chapter evenings!
 +
 
 +
In this presentation, the speaker, Bernard, will share on the latest developments in dynamic web defense techniques used by WAFs.
 +
 
 +
 
 +
Many thanks to Prudential for providing the venue for our chapter evenings!
 +
 
 +
There are some more interesting topics and speakers being lined up for this series and more information will be given once the details are confirmed.
 +
 
 +
Do join us for these joint AISP-OWASP chapter evenings and interact with your peers!
 +
 
 +
Please RSVP to our meetup.com site (http://www.meetup.com/SGSecurityMG/) latest by 20 Oct 2012.
 +
 
 +
See ya!
 +
 
 +
 
 +
 
 +
 
 +
'''AISP-OWASP Joint Series: Learn how Taiwanese organisations defend themselves against constant Chinese cyber attacks'''
 +
 
 +
Date: 3 Oct 2012
 +
 
 +
Venue:  Prudential Assurance Company Singapore (Pte) Ltd (not Prudential Towers!)
 +
156 Cecil Street #10-00, Far Eastern Bank Building, Singapore 069544
 +
 
 +
 
 +
Welcome to the 3rd session of the joint AISP-OWASP series of chapter evenings!
 +
 
 +
It has long been rumored that the Chinese government has an army of trained hackers to carry out national level attacks. Taiwan, despite being their closest neighbor in terms of language and culture, become a convenient target and constant victim since they have opposing political stance.
 +
 
 +
As Taiwan has been moving into e-government since 2005, this phenomenon forced the Taiwanese government to strengthen their IT security, especially on application security.
 +
 
 +
In this presentation, the speaker, Kae Bin, will share some common attacks that was observed and how does Taiwan react to those constant bombardment from their friendly neighbor.
 +
 
 +
 
 +
 
 +
Many thanks to Prudential for providing the venue for our chapter evenings!
 +
 
 +
There are some more interesting topics and speakers being lined up for this series and more information will be given once the details are confirmed.
 +
 
 +
Do join us for these joint AISP-OWASP chapter evenings and interact with your peers!
 +
 
 +
Please RSVP to our meetup.com site (http://www.meetup.com/SGSecurityMG/) latest by 1 Oct 2012.
 +
 
 +
See ya!
 +
 
 +
 
 +
'''AISP-OWASP Joint Series: Security Testing with OWASP ZAP'''
 +
 
 +
Date: 18 Sep 2012
 +
 
 +
Venue:  Prudential Assurance Company Singapore (Pte) Ltd
 +
156 Cecil Street #10-00, Far Eastern Bank Building, Singapore 069544
 +
 
 +
 
 +
Welcome to the 2nd session of the joint AISP-OWASP series of chapter evenings!
 +
 
 +
AISP and OWASP Singapore have lined up a series of speakers to share on interesting security topics related to web security.
 +
 
 +
'''12 Sep 2012'''
 +
 
 +
1) Use of OWASP ESAPI to defend against OWASP Top 10 Risks by Wong Onn Chee
 +
 
 +
'''18 Sep 2012'''
 +
 
 +
2) Use of OWASP ZAP to assess security of web application by Cecil Su
 +
 
 +
'''3 Oct 2012'''
 +
 
 +
3) Learn how Taiwanese organisations defend themselves against constant Chinese cyber attacks by Tan Kae Bin
 +
 
 +
'''11 Oct 2012'''
 +
 
 +
4) Dynamic Web Defense by Bernard Tan
 +
 
 +
Many thanks to Prudential for providing the venue for our chapter evenings!
 +
 
 +
There are some more interesting topics and speakers being lined up for this series and more information will be given once the details are confirmed.
 +
 
 +
Do join us for these joint AISP-OWASP chapter evenings and interact with your peers!
 +
 
 +
Please RSVP to secretariat@aisp.sg latest by 16 Sep 2012.
 +
 
 +
See ya!
 +
 
 +
 
 +
'''AISP-OWASP Joint Series: Use of OWASP ESAPI to Defend Against OWASP Top 10 Risks'''
 +
 
 +
Date: 12 Sep 2012
 +
 
 +
Venue:  Prudential Assurance Company Singapore (Pte) Ltd
 +
156 Cecil Street #10-00, Far Eastern Bank Building, Singapore 069544
 +
 
 +
 
 +
Welcome to the 1st session of the joint AISP-OWASP series of chapter evenings!
 +
 
 +
AISP and OWASP Singapore have lined up a series of speakers to share on interesting security topics related to web security.
 +
 
 +
'''12 Sep 2012'''
 +
 
 +
1) Use of OWASP ESAPI to defend against OWASP Top 10 Risks by Wong Onn Chee
 +
 
 +
'''18 Sep 2012'''
 +
 
 +
2) Use of OWASP ZAP to assess security of web application by Cecil Su
 +
 
 +
'''3 Oct 2012'''
 +
 
 +
3) Learn how Taiwanese organisations defend themselves against constant Chinese cyber attacks by Tan Kae Bin
 +
 
 +
Many thanks to Prudential for providing the venue for our chapter evenings!
 +
 
 +
There are some more interesting topics and speakers being lined up for this series and more information will be given once the details are confirmed.
 +
 
 +
Do join us for these joint AISP-OWASP chapter evenings and interact with your peers!
 +
 
 +
Please RSVP to secretariat@aisp.sg latest by 10 Sep 2012.
 +
 
 +
See ya!
 +
 
 +
 
 +
'''HITBSecConf2012 - Malaysia: #TenYearsInTheBox'''
 +
 
 +
[[File:Hitb2012kul-banner-300-250.jpg]]
 +
 
 +
Date: 8th - 11th October
 +
 
 +
Venue: InterContinental, Kuala Lumpur, Malaysia
 +
 
 +
Website: [http://conference.hitb.org/hitbsecconf2012kul/ HITBSecConf2012 Malaysia Portal]
 +
 
 +
To commemorate '''TEN YEARS''' of playing host to the brilliant minds that have helped shaped the security landscape to where it is today, HITBSecConf2012 – Malaysia (#HITB2012KUL) will be welcoming back on stage over 42 of our most popular speakers from the last 10 years!
 +
 
 +
Here's your chance to meet the legends of the computer security industry including the likes of John ‘Captain Crunch’ Draper, The Founders of The Pirate Bay, Mikko Hypponen, DNS guru and president of ISC, Paul Vixie,OpenBSD creator Theo de Raadt and even members of the LEGENDARY iPhone Dev Team and jailbreak DreamTeam will be on hand for a very very special iOS / OS X panel discussion! Featuring @MuscleNerd @pod2g @planetbeing and joined by non other than Charlie @0xcharlie Miller and Stefan @i0n1c
 +
Esser!
 +
 
 +
The event takes place on the 8th till 11th of October and as always we kick off the first two days with 8 tracks of hands on technical training sessions (8th and 9th October) followed by the 2-day triple track conference with NO KEYNOTES, NO LAB SESSIONS and NO SIGINT slots.
 +
 
 +
We’re also ramping up this year’s show by expanding on HITB favorites – including an expanded CommSec village with an updated round-the-clock 36 hour nonstop Capture The Flag competition and also an expanded 36 hour HackWEEKDAY hackathon to go with it. Registration for HackWEEKDAY is COMPLETELY FREE and we strongly encourage professional developers and students to sign up.
 +
 
 +
Do note that there will only be a maximum of 1010 seats for the conference on the 10th and 11th of October and registration is already open. OWASP members are entitled to the conference seats at SGD580 (normal price SGD640) - Discount code is limited to the first 15 sign ups on a first-come, first-serve basis.
 +
 
 +
Register Online:
 +
[http://conference.hitb.org/hitbsecconf2012kul/register/ HITBSecConf2012 Malaysia Registration]
 +
 
 +
Please contact Onn Chee for the discount code. Do note only paid registered OWASP members are eligible for the discounts.
 +
 
 +
 
 +
'''23 April 2012 meetup: Rethinking web-application architecture for the Cloud'''
 +
 
 +
Unless your organization is unique, not all your data is sensitive. This raises the question: should scarce security resources be used to protect 100% of your data?  The logical approach should be to build your IT infrastructure in a manner that optimizes your investments: protecting what matters while managing non-sensitive data with minimal controls.
 +
 
 +
This talk presents an architecture for building the next generation of web-applications.  This architecture allows you to leverage emerging technologies such as cloud-computing, cloud-storage and enterprise key-management Infrastructure (EKMI) to derive benefits such as lower costs, faster time-to-market and immense scalability with smaller investments – while proving compliance to PCI-DSS, HIPAA/HITECH and similar data-security regulations.  We call this "Regulatory Compliant Cloud Computing (RC3)".  Papers describing RC3 can be found on the following websites:
 +
 
 +
IBM: http://ibm.co/rc3dw
 +
 
 +
ISSA Journal: http://bit.ly/rc3issa
 +
 
 +
InfoQ: http://bit.ly/rc3infoq
 +
 
 +
StrongAuth: http://www.strongauth.com/pdf/RC3-WebAppArch-1.2-2.pdf
 +
 
 +
 
 +
'''Speaker's Bio'''
 +
 
 +
Arshad is the CTO of StrongAuth, Inc., a Silicon Valley-based company focused on encryption and key-management for the last 11 years.  He is the architect and lead developer of many open-source cryptographic software including CSRTool, StrongKey, KeyAppliance and the CryptoEngine.  He has written many papers and spoken at many conferences - most recently at OWASP AppSec 2012 - on the subject of encryption and key-management.
 +
 
 +
'''Meetup details'''
 +
 
 +
Monday, April 23, 2012 7:00 PM
 +
 
 +
Prudential Assurance Company Singapore (Pte) Ltd
 +
 
 +
156 Cecil Street #10-00, Far Eastern Bank Building
 +
 
 +
Singapore 069544
 +
 
 +
 
 +
'''Please RSVP at http://security.meetup.com/77
 +
 
 +
See ya!'''
 +
 
 +
'''OWASP Singapore is a Supporting Organisation for Asia Cloud Conference 2011 scheduled to be held the Grand Hyatt Hotel Singapore on 2 Nov 2011'''
 +
 
 +
The [http://cloud.questexevents.net/ Asia Cloud 2011 Conference] will provide insights and key learning to understand how your organization can take advantage of cloud technologies. Leading industry practitioners will address the emerging cloud technology trends, examine best practices in successfully integrating cloud technologies into the enterprise’s infrastructure and meets various challenges in managing cloud’s performance in the enterprise.
 +
 
 +
'''Members Benefits!!'''
 +
 
 +
The above event organiser has given two complimentary delegate passes for two registered OWASP SG members (first-come-first-serve basis).
 +
Priority will be given to those registered members who did not enjoy free complimentary passes before.
 +
Contact me @ ocwong@owasp.org if you want one of the complimentary delegate passes.
 +
 
 +
Note: Conference seats at this event are complimentary to senior-level end users of IT solutions. The fee for other professionals to attend this event is US$995. The Organizer reserves the final right to accept or reject any registrations.
 +
 
 +
[[File:AsiaCloudForum_100x100.png]]
 +
 
 +
 
 +
'''OWASP Singapore is a Supporting Organisation for IDA's Information Security Seminar 2011 from 13-14 April 2011'''
 +
 
 +
Members Benefits!!
 +
 
 +
The above event organiser has given two complimentary delegate passes for two registered OWASP SG members (first-come-first-serve basis).
 +
Contact me @ ocwong@owasp.org if you want the one of the complimentary delegate passes.
 +
 
 +
For other members, you too can enjoy discounted affiliate rates when you register.
 +
 
 +
[http://www.aisp.org.sg/iss2011/ Click here to know more about Information Security Seminar 2011]
 +
 
 +
[[File:bg.jpg]]
 +
 
 +
 
 +
'''OWASP Singapore is a Supporting Organisation for Info Security Conference 2011 in Singapore on 5 May 2011'''
 +
 
 +
Members Benefits!!
 +
 
 +
The above event organiser has given two complimentary delegate passes for two registered OWASP SG members (first-come-first-serve basis).
 +
Contact me @ ocwong@owasp.org if you want the one of the complimentary delegate passes.
 +
 
 +
[http://infosecurity.questexevents.net/ Click here to know more about Info Security Conference Singapore]
 +
 
 +
[[File:infosec2011_600x100.gif]]
  
Email:      ocwong@usa.net
 
  
== Local News ==
 
  
 
  '''OWASP Moves to MediaWiki Portal - 11:31, 20 May 2006 (EDT)'''
 
  '''OWASP Moves to MediaWiki Portal - 11:31, 20 May 2006 (EDT)'''
Line 20: Line 353:
 
the latest OWASP related information. Enjoy!
 
the latest OWASP related information. Enjoy!
  
The chapter leader is [mailto:ocwong@usa.net Onn Chee] and the co-leader is [mailto:donald.ong@gmail.com Donald Ong]
+
The chapter leader is [mailto:ocwong@owasp.org Onn Chee].
 +
 
 +
Contact Information for Onn Chee is as follow:
 +
 
 +
Mobile:      (65)  9838 7930
 +
 
 +
Skype VOIP:    ocwong
 +
 
 +
Email:      ocwong@owasp.org
 +
 
 +
 
 +
'''OWASP Singapore have combined its activities with Singapore Security Meetup Group (SSMG) since Dec 2007'''
 +
 
 +
We are holding our regular joint OWASP-SSMG meetings on the 2nd Thursday of each month.
 +
 
 +
Do check out http://www.meetup.com/SGSecurityMG/ for the calendar of events.
 +
 
 +
For our past meetings, please check out http://www.meetup.com/SGSecurityMG/calendar/past_list/
 +
 
 +
For ease of management, updates on activities will be made on the http://www.meetup.com/SGSecurityMG/, though updates will still be sent to OWASP Singapore mailing list.
 +
 
  
  
Line 47: Line 400:
 
Venue : GeekTerminal
 
Venue : GeekTerminal
  
  '''OWASP Singapore Jan Chapter Meeting on 19:30, 10 Jan 2007 (SGT)'''
+
  '''OWASP Singapore Jan Chapter Meeting on 19:30, 10 Jan 2008 (SGT)'''
  
 
Venue : SODS, 51 Tras Street
 
Venue : SODS, 51 Tras Street
  
  '''OWASP Singapore Feb Chapter Meeting on 19:30, 14 Feb 2007 (SGT)'''
+
  '''OWASP Singapore Feb Chapter Meeting on 19:30, 14 Feb 2008 (SGT)'''
  
 
Venue : SODS, 51 Tras Street (We loved each other so much that we met on Valentine's Day!)
 
Venue : SODS, 51 Tras Street (We loved each other so much that we met on Valentine's Day!)
  
  '''OWASP Singapore Feb Chapter Meeting on 19:30, 13 Mar 2007 (SGT)'''
+
  '''OWASP Singapore Feb Chapter Meeting on 19:30, 13 Mar 2008 (SGT)'''
  
 
Venue : SODS, 51 Tras Street
 
Venue : SODS, 51 Tras Street
  
  '''OWASP Singapore Apr Chapter Meeting on 19:30, 10 Apr 2007 (SGT)'''
+
  '''OWASP Singapore Apr Chapter Meeting on 19:30, 10 Apr 2008 (SGT)'''
  
 
Venue : JCU, 2 Bukit Merah Central, #03-01, SPRING Singapore Building, S(159835) (http://www.jcu.edu.sg/ContactUs_Location.htm)
 
Venue : JCU, 2 Bukit Merah Central, #03-01, SPRING Singapore Building, S(159835) (http://www.jcu.edu.sg/ContactUs_Location.htm)
Line 65: Line 418:
 
Topic : Intro to WebGoat by Onn Chee and a Hacking demo by Johnny.
 
Topic : Intro to WebGoat by Onn Chee and a Hacking demo by Johnny.
  
  '''OWASP Singapore May Chapter Meeting on 19:30, 29 May 2007 (SGT)'''
+
  '''OWASP Singapore May Chapter Meeting on 19:30, 29 May 2008 (SGT)'''
  
 
Venue : JCU, 2 Bukit Merah Central, #03-01, SPRING Singapore Building, S(159835) (http://www.jcu.edu.sg/ContactUs_Location.htm)
 
Venue : JCU, 2 Bukit Merah Central, #03-01, SPRING Singapore Building, S(159835) (http://www.jcu.edu.sg/ContactUs_Location.htm)
  
 
Topic : Intro to WebScarab by Rogan and Burp proxy suite by Rick.
 
Topic : Intro to WebScarab by Rogan and Burp proxy suite by Rick.
 +
 +
[[Category:Singapore]]

Revision as of 07:27, 26 January 2013

Contents

OWASP Singapore

Welcome to the Singapore chapter homepage. The chapter leader is Wong Onn Chee

funds to OWASP earmarked for Singapore.

Click here to join the local chapter mailing list.

Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is and open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

Btn donate SM.gif to this chapter or become a local chapter supporter.

Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG


Local News

Bypassing Local Microsoft Security Policies

Date: 28 Feb 2013

Venue: Prudential Assurance Company Singapore (Pte) Ltd (not Prudential Towers!) 156 Cecil Street #10-00, Far Eastern Bank Building, Singapore 069544

Welcome to the 1st meetup of 2013!

In this presentation, the speaker, Paul Craig, will share on the following:

Local Microsoft security policies are one of the few areas of security that are rarely researched or focused on by the security community. These policies are designed to prevent local users from accessing functionality which has been "Disabled By Your Administrator". From Local Group Policy, Software Restriction Policies, App Locker to Internet Explorer, each Microsoft technology has its own way of restricting what you can and cannot do. For local exploitation attempt these technologies can be troublesome, frustrating and restrict the true potential of your attack. This talk will cover a broad view of the current attacks against Microsoft local policies and the underlying issues affecting this form of security.

Speaker Profile

Paul is the Principal Security Consultant at Security-Assessment.com Singapore. Labeled "A malicious hacker" by the media in his native New Zealand, Paul is now based in sunny Singapore where he leads the SE Asian Penetration Testing Team. Paul has been an avid security researcher and all-round advocate for security from a young age with a passion for exploitation and finding creative methods of getting shell.


Many thanks to Prudential for providing the venue for our chapter evenings!

Please RSVP to our meetup.com site (http://www.meetup.com/SGSecurityMG/) latest by 28 Feb 2013.

See ya!


AISP-OWASP: New web attacks & short intro on IT Impact of SG data privacy law

Date: 14 Nov 2012

Venue: Prudential Assurance Company Singapore (Pte) Ltd (not Prudential Towers!) 156 Cecil Street #10-00, Far Eastern Bank Building, Singapore 069544

Welcome to the 7th session of the joint AISP-OWASP series of chapter evenings!

In this presentation, the speaker, Ryan Baxendale will share on these topics:

- Tips and tricks for hacking Microsoft SharePoint sites.

- Taking advantage of administrative interfaces to get shell.

- Breaking end to end encryption implemented in JavaScript.

- Weak two factor authentication and how to get around it.

- Abusing poorly designed password reset functions to get admin access.

- Bypassing a web application firewall.


Many thanks to Prudential for providing the venue for our chapter evenings!

There are some more interesting topics and speakers being lined up for this series and more information will be given once the details are confirmed.

Do join us for these joint AISP-OWASP chapter evenings and interact with your peers!

Please RSVP to our meetup.com site (http://www.meetup.com/SGSecurityMG/) latest by 12 Nov 2012.

See ya!


AISP-OWASP: New web attacks & short intro on IT Impact of SG data privacy law

Date: 7 Nov 2012

Venue: Prudential Assurance Company Singapore (Pte) Ltd (not Prudential Towers!) 156 Cecil Street #10-00, Far Eastern Bank Building, Singapore 069544

Welcome to the 6th session of the joint AISP-OWASP series of chapter evenings!

In this presentation, the speaker, Onn Chee will share some latest discoveries of web attacks and walk through a short 30-min introduction to the IT impact of the new Singapore Personal Data Protection Act.


Many thanks to Prudential for providing the venue for our chapter evenings!

There are some more interesting topics and speakers being lined up for this series and more information will be given once the details are confirmed.

Do join us for these joint AISP-OWASP chapter evenings and interact with your peers!

Please RSVP to our meetup.com site (http://www.meetup.com/SGSecurityMG/) latest by 5 Nov 2012.

See ya!


AISP-OWASP: WAFs - An attacker's perspective

Date: 29 Oct 2012

Venue: Prudential Assurance Company Singapore (Pte) Ltd (not Prudential Towers!) 156 Cecil Street #10-00, Far Eastern Bank Building, Singapore 069544

Welcome to the 5th session of the joint AISP-OWASP series of chapter evenings!

In this presentation, the speaker, Bernhard will look at the effectiveness of WAFs from the perspective of a long-time security tester.


Many thanks to Prudential for providing the venue for our chapter evenings!

There are some more interesting topics and speakers being lined up for this series and more information will be given once the details are confirmed.

Do join us for these joint AISP-OWASP chapter evenings and interact with your peers!

Please RSVP to our meetup.com site (http://www.meetup.com/SGSecurityMG/) latest by 26 Oct 2012.

See ya!


AISP-OWASP: Dynamic Web Defense

Date: 22 Oct 2012

Venue: Prudential Assurance Company Singapore (Pte) Ltd (not Prudential Towers!) 156 Cecil Street #10-00, Far Eastern Bank Building, Singapore 069544

Welcome to the 4th session of the joint AISP-OWASP series of chapter evenings!

In this presentation, the speaker, Bernard, will share on the latest developments in dynamic web defense techniques used by WAFs.


Many thanks to Prudential for providing the venue for our chapter evenings!

There are some more interesting topics and speakers being lined up for this series and more information will be given once the details are confirmed.

Do join us for these joint AISP-OWASP chapter evenings and interact with your peers!

Please RSVP to our meetup.com site (http://www.meetup.com/SGSecurityMG/) latest by 20 Oct 2012.

See ya!



AISP-OWASP Joint Series: Learn how Taiwanese organisations defend themselves against constant Chinese cyber attacks

Date: 3 Oct 2012

Venue: Prudential Assurance Company Singapore (Pte) Ltd (not Prudential Towers!) 156 Cecil Street #10-00, Far Eastern Bank Building, Singapore 069544


Welcome to the 3rd session of the joint AISP-OWASP series of chapter evenings!

It has long been rumored that the Chinese government has an army of trained hackers to carry out national level attacks. Taiwan, despite being their closest neighbor in terms of language and culture, become a convenient target and constant victim since they have opposing political stance.

As Taiwan has been moving into e-government since 2005, this phenomenon forced the Taiwanese government to strengthen their IT security, especially on application security.

In this presentation, the speaker, Kae Bin, will share some common attacks that was observed and how does Taiwan react to those constant bombardment from their friendly neighbor.


Many thanks to Prudential for providing the venue for our chapter evenings!

There are some more interesting topics and speakers being lined up for this series and more information will be given once the details are confirmed.

Do join us for these joint AISP-OWASP chapter evenings and interact with your peers!

Please RSVP to our meetup.com site (http://www.meetup.com/SGSecurityMG/) latest by 1 Oct 2012.

See ya!


AISP-OWASP Joint Series: Security Testing with OWASP ZAP

Date: 18 Sep 2012

Venue: Prudential Assurance Company Singapore (Pte) Ltd 156 Cecil Street #10-00, Far Eastern Bank Building, Singapore 069544


Welcome to the 2nd session of the joint AISP-OWASP series of chapter evenings!

AISP and OWASP Singapore have lined up a series of speakers to share on interesting security topics related to web security.

12 Sep 2012

1) Use of OWASP ESAPI to defend against OWASP Top 10 Risks by Wong Onn Chee

18 Sep 2012

2) Use of OWASP ZAP to assess security of web application by Cecil Su

3 Oct 2012

3) Learn how Taiwanese organisations defend themselves against constant Chinese cyber attacks by Tan Kae Bin

11 Oct 2012

4) Dynamic Web Defense by Bernard Tan

Many thanks to Prudential for providing the venue for our chapter evenings!

There are some more interesting topics and speakers being lined up for this series and more information will be given once the details are confirmed.

Do join us for these joint AISP-OWASP chapter evenings and interact with your peers!

Please RSVP to secretariat@aisp.sg latest by 16 Sep 2012.

See ya!


AISP-OWASP Joint Series: Use of OWASP ESAPI to Defend Against OWASP Top 10 Risks

Date: 12 Sep 2012

Venue: Prudential Assurance Company Singapore (Pte) Ltd 156 Cecil Street #10-00, Far Eastern Bank Building, Singapore 069544


Welcome to the 1st session of the joint AISP-OWASP series of chapter evenings!

AISP and OWASP Singapore have lined up a series of speakers to share on interesting security topics related to web security.

12 Sep 2012

1) Use of OWASP ESAPI to defend against OWASP Top 10 Risks by Wong Onn Chee

18 Sep 2012

2) Use of OWASP ZAP to assess security of web application by Cecil Su

3 Oct 2012

3) Learn how Taiwanese organisations defend themselves against constant Chinese cyber attacks by Tan Kae Bin

Many thanks to Prudential for providing the venue for our chapter evenings!

There are some more interesting topics and speakers being lined up for this series and more information will be given once the details are confirmed.

Do join us for these joint AISP-OWASP chapter evenings and interact with your peers!

Please RSVP to secretariat@aisp.sg latest by 10 Sep 2012.

See ya!


HITBSecConf2012 - Malaysia: #TenYearsInTheBox

Hitb2012kul-banner-300-250.jpg

Date: 8th - 11th October

Venue: InterContinental, Kuala Lumpur, Malaysia

Website: HITBSecConf2012 Malaysia Portal

To commemorate TEN YEARS of playing host to the brilliant minds that have helped shaped the security landscape to where it is today, HITBSecConf2012 – Malaysia (#HITB2012KUL) will be welcoming back on stage over 42 of our most popular speakers from the last 10 years!

Here's your chance to meet the legends of the computer security industry including the likes of John ‘Captain Crunch’ Draper, The Founders of The Pirate Bay, Mikko Hypponen, DNS guru and president of ISC, Paul Vixie,OpenBSD creator Theo de Raadt and even members of the LEGENDARY iPhone Dev Team and jailbreak DreamTeam will be on hand for a very very special iOS / OS X panel discussion! Featuring @MuscleNerd @pod2g @planetbeing and joined by non other than Charlie @0xcharlie Miller and Stefan @i0n1c Esser!

The event takes place on the 8th till 11th of October and as always we kick off the first two days with 8 tracks of hands on technical training sessions (8th and 9th October) followed by the 2-day triple track conference with NO KEYNOTES, NO LAB SESSIONS and NO SIGINT slots.

We’re also ramping up this year’s show by expanding on HITB favorites – including an expanded CommSec village with an updated round-the-clock 36 hour nonstop Capture The Flag competition and also an expanded 36 hour HackWEEKDAY hackathon to go with it. Registration for HackWEEKDAY is COMPLETELY FREE and we strongly encourage professional developers and students to sign up.

Do note that there will only be a maximum of 1010 seats for the conference on the 10th and 11th of October and registration is already open. OWASP members are entitled to the conference seats at SGD580 (normal price SGD640) - Discount code is limited to the first 15 sign ups on a first-come, first-serve basis.

Register Online: HITBSecConf2012 Malaysia Registration

Please contact Onn Chee for the discount code. Do note only paid registered OWASP members are eligible for the discounts.


23 April 2012 meetup: Rethinking web-application architecture for the Cloud

Unless your organization is unique, not all your data is sensitive. This raises the question: should scarce security resources be used to protect 100% of your data? The logical approach should be to build your IT infrastructure in a manner that optimizes your investments: protecting what matters while managing non-sensitive data with minimal controls.

This talk presents an architecture for building the next generation of web-applications. This architecture allows you to leverage emerging technologies such as cloud-computing, cloud-storage and enterprise key-management Infrastructure (EKMI) to derive benefits such as lower costs, faster time-to-market and immense scalability with smaller investments – while proving compliance to PCI-DSS, HIPAA/HITECH and similar data-security regulations. We call this "Regulatory Compliant Cloud Computing (RC3)". Papers describing RC3 can be found on the following websites:

IBM: http://ibm.co/rc3dw

ISSA Journal: http://bit.ly/rc3issa

InfoQ: http://bit.ly/rc3infoq

StrongAuth: http://www.strongauth.com/pdf/RC3-WebAppArch-1.2-2.pdf


Speaker's Bio

Arshad is the CTO of StrongAuth, Inc., a Silicon Valley-based company focused on encryption and key-management for the last 11 years. He is the architect and lead developer of many open-source cryptographic software including CSRTool, StrongKey, KeyAppliance and the CryptoEngine. He has written many papers and spoken at many conferences - most recently at OWASP AppSec 2012 - on the subject of encryption and key-management.

Meetup details

Monday, April 23, 2012 7:00 PM

Prudential Assurance Company Singapore (Pte) Ltd

156 Cecil Street #10-00, Far Eastern Bank Building

Singapore 069544


Please RSVP at http://security.meetup.com/77

See ya!

OWASP Singapore is a Supporting Organisation for Asia Cloud Conference 2011 scheduled to be held the Grand Hyatt Hotel Singapore on 2 Nov 2011

The Asia Cloud 2011 Conference will provide insights and key learning to understand how your organization can take advantage of cloud technologies. Leading industry practitioners will address the emerging cloud technology trends, examine best practices in successfully integrating cloud technologies into the enterprise’s infrastructure and meets various challenges in managing cloud’s performance in the enterprise.

Members Benefits!!

The above event organiser has given two complimentary delegate passes for two registered OWASP SG members (first-come-first-serve basis). Priority will be given to those registered members who did not enjoy free complimentary passes before. Contact me @ ocwong@owasp.org if you want one of the complimentary delegate passes.

Note: Conference seats at this event are complimentary to senior-level end users of IT solutions. The fee for other professionals to attend this event is US$995. The Organizer reserves the final right to accept or reject any registrations.

AsiaCloudForum 100x100.png


OWASP Singapore is a Supporting Organisation for IDA's Information Security Seminar 2011 from 13-14 April 2011

Members Benefits!!

The above event organiser has given two complimentary delegate passes for two registered OWASP SG members (first-come-first-serve basis). Contact me @ ocwong@owasp.org if you want the one of the complimentary delegate passes.

For other members, you too can enjoy discounted affiliate rates when you register.

Click here to know more about Information Security Seminar 2011

Bg.jpg


OWASP Singapore is a Supporting Organisation for Info Security Conference 2011 in Singapore on 5 May 2011

Members Benefits!!

The above event organiser has given two complimentary delegate passes for two registered OWASP SG members (first-come-first-serve basis). Contact me @ ocwong@owasp.org if you want the one of the complimentary delegate passes.

Click here to know more about Info Security Conference Singapore

Infosec2011 600x100.gif


OWASP Moves to MediaWiki Portal - 11:31, 20 May 2006 (EDT)

OWASP is pleased to announce the arrival of OWASP 2.0!

OWASP 2.0 utilizes the MediaWiki portal to manage and provide the latest OWASP related information. Enjoy!

The chapter leader is Onn Chee.

Contact Information for Onn Chee is as follow:

Mobile: (65) 9838 7930

Skype VOIP: ocwong

Email: ocwong@owasp.org


OWASP Singapore have combined its activities with Singapore Security Meetup Group (SSMG) since Dec 2007

We are holding our regular joint OWASP-SSMG meetings on the 2nd Thursday of each month.

Do check out http://www.meetup.com/SGSecurityMG/ for the calendar of events.

For our past meetings, please check out http://www.meetup.com/SGSecurityMG/calendar/past_list/

For ease of management, updates on activities will be made on the http://www.meetup.com/SGSecurityMG/, though updates will still be sent to OWASP Singapore mailing list.


OWASP Singapore Get Together on 19:30, 9 Oct 2007 (SGT)

We will meet at Geek Terminal (http://www.geekterminal.com)

Address: 55 Market Street 01-01 Singapore 048941

Telephone No: +65 65570098

Nearest Carpark: Golden Shoe Carpark Nearest MRT: Raffles Place MRT

OWASP Singapore Nov Chapter Meeting on 19:30, 7 Nov 2007 (SGT)

Michael Boman will be presenting "Overcoming USB (In)Security"

Venue : GeekTerminal

OWASP Singapore Dec Chapter Meeting on 19:30, 13 Dec 2007 (SGT)

Venue : GeekTerminal

OWASP Singapore Jan Chapter Meeting on 19:30, 10 Jan 2008 (SGT)

Venue : SODS, 51 Tras Street

OWASP Singapore Feb Chapter Meeting on 19:30, 14 Feb 2008 (SGT)

Venue : SODS, 51 Tras Street (We loved each other so much that we met on Valentine's Day!)

OWASP Singapore Feb Chapter Meeting on 19:30, 13 Mar 2008 (SGT)

Venue : SODS, 51 Tras Street

OWASP Singapore Apr Chapter Meeting on 19:30, 10 Apr 2008 (SGT)

Venue : JCU, 2 Bukit Merah Central, #03-01, SPRING Singapore Building, S(159835) (http://www.jcu.edu.sg/ContactUs_Location.htm)

Topic : Intro to WebGoat by Onn Chee and a Hacking demo by Johnny.

OWASP Singapore May Chapter Meeting on 19:30, 29 May 2008 (SGT)

Venue : JCU, 2 Bukit Merah Central, #03-01, SPRING Singapore Building, S(159835) (http://www.jcu.edu.sg/ContactUs_Location.htm)

Topic : Intro to WebScarab by Rogan and Burp proxy suite by Rick.