Difference between revisions of "Sydney"

From OWASP
Jump to: navigation, search
(30 intermediate revisions by 9 users not shown)
Line 1: Line 1:
{{Chapter Template|chaptername=Sydney|extra=The chapter leader is [mailto:Chris.Gatford@purehacking.com Chris Gatford]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-sydney|emailarchives=http://lists.owasp.org/pipermail/owasp-sydney}}
+
{{Chapter Template|chaptername=Sydney|extra=The chapter leaders are [mailto:norman.yue@owasp.org Norman Yue] and [mailto:Paul.Theriault@owasp.org Paul Theriault] .
 +
<br> We are always looking for speakers - email one of the chapter leaders with your idea!
 +
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-sydney|emailarchives=http://lists.owasp.org/pipermail/owasp-sydney}}  
  
Hi and welcome to the OWASP Sydney Chapter Page!
+
== Next Meeting  ==
  
Currently we are looking for a venue and speakers to present at our informal sessions to the small group of 20 - 40 people.
+
14th of August 2013: OWASP Sydney informal meetup. Assembly Bar, next to Chef's Gallery.<br>
 +
7th of August 2013: Mac reversing get-together. 31 Market Street, next to the QVB (go to the end without the statue of the Queen, align to Darling Harbor and cross the road).
  
 +
== Previous Meetings  ==
  
NEXT MEETING;  May 14th 2008, 6:00 pm - 8:00 pm
+
{|
 +
! align="left"| Type
 +
! Date
 +
! Duration (hours)
 +
|-
 +
|OSX Reversing Workshop
 +
|27 August 2013
 +
|2.0
 +
|-
 +
|OSX Reversing Workshop
 +
|20 August 2013
 +
|2.0
 +
|-
 +
|OSX Reversing Workshop
 +
|15 August 2013
 +
|2.0
 +
|-
 +
|Meetup
 +
|14 August 2013
 +
|2.0
 +
|-
 +
|OSX Reversing Workshop
 +
|7 August 2013
 +
|2.0
 +
|-
 +
|Meetup
 +
|28 July 2010
 +
|2.0
 +
|-
 +
|Meetup
 +
|20 April 2010
 +
|2.0
 +
|-
 +
|Meetup
 +
|23 March 2010
 +
|2.0
 +
|}
  
Please join us for a FREE networking and learning session:
+
=== Date: Wednesday, 28th July 2010  ===
  
When: Wednesday, May 14th 2008, 6:00 pm - 8:00 pm
+
'''Presentations: '''
Location:  KPMG
+
Auditorium (Located on the Ground floor at the rear)
+
10 Shelley Street (main entrance located on Sussex Street)
+
Sydney  NSW  2000
+
  
Agenda
+
*Robert Lee, PriceWaterHouse Coopers, Vulnerabilities &amp; Google’s Jarlsberg Application
6:00 - 6:20 Peer-to-Peer Networking with Tea & Coffee
+
*Alex Kouzemchenko, Azimuth Security, WAFs: How I love Thee.<br>
  
6:20 - 6:30 Sydney Chapter Update
+
=== Date: Tuesday, 20rd April 2010  ===
  
6:30 - 7:30 Technical Presentation "Flash Application Vulnerabilities" Paul Theriault, Senior Associate, SIFT
+
'''Presentations: '''
  
OWASP Sydney is very kindly being supported by KPMG in providing the venue and refreshments.
+
'''Lightning Talks!'''
  
RSVP: Chris@penetrationtester.com
+
*Louis Nyffenegger - ‘SQL injection in “order by” clauses’
 +
*Raphael Speyer – ECMAscript 5
 +
*Christian Heinrich - OWASP Top Ten 2010
 +
*Daniel Grzelak – Recon Tool Demonstration
  
Presentation:
+
=== Date: Tuesday, 23rd March 2010'''<br>''' ===
Paul's presentation will be an introduction to the detection and analysis of Flash based malware. Providing technical insights in to the analysis process and providing examples of deconstructing content as well as some suggested countermeasures.
+
'''Presentations: '''
 +
*'''PDF Hacking - Paul Theriault''' (Link TBA)
 +
*:The plan is to run an informal workshop style presentation with the following objectives:
 +
*#Provide an introduction to PDF format, scripting capabilities and other “features” you wouldn’t expect to see in a document format
 +
*#Learn some basic tools &amp; techniques for analyzing malicious PDF files, for great justice
 +
*#Learn some basic tools &amp; techniques for creating malicious PDF files, for great science
 +
*#Look at the security implications of PDFs and what can be done in an enterprise environment to reduce these risks (uninstall Reader?)
 +
*'''Incident Case Study - Charles Carmakal (Link TBA)'''
 +
*:Review of the security breach landscape in the US and go through an interesting case study. It involved organised criminals from eastern Europe, over $100M of losses, and incredible sophistication. The initial point of entry for this breach was the web - SQL injection, linked databases, privilege escalation, development/deployment of custom malware.
  
 
+
[[Category:Australia]]
Speaker BIO:
+
Paul is a Senior Associate with SIFT, and has extensive experience in both technical and policy areas of IT security ranging from application code review and testing, to business-wide risk assessment and management. Paul is a proficient security incident handler with experience in malware and vulnerability analysis, anti-virus monitoring and patch management.
+
 
+
Paul holds a degree in Computer Science from the University of Sydney, during the completion of which he was awarded the prize for IT Security with a perfect score of 100. He is a Member of the Open Web Application Security Project (OWASP), and has also provided Guest Lectures at the Communications University of China, Beijing.
+
 
+
Paul has supported SIFT’s clients through providing Board-level risk management guidance, and has completed low-level technical security testing for systems making up vital parts of Australia’s financial markets critical infrastructure
+

Revision as of 22:30, 24 September 2013

Contents

OWASP Sydney

Welcome to the Sydney chapter homepage. The chapter leaders are Norman Yue and Paul Theriault .
We are always looking for speakers - email one of the chapter leaders with your idea!
Click here to join the local chapter mailing list.

Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is and open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

Btn donate SM.gif to this chapter or become a local chapter supporter.

Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG

Next Meeting

14th of August 2013: OWASP Sydney informal meetup. Assembly Bar, next to Chef's Gallery.
7th of August 2013: Mac reversing get-together. 31 Market Street, next to the QVB (go to the end without the statue of the Queen, align to Darling Harbor and cross the road).

Previous Meetings

Type Date Duration (hours)
OSX Reversing Workshop 27 August 2013 2.0
OSX Reversing Workshop 20 August 2013 2.0
OSX Reversing Workshop 15 August 2013 2.0
Meetup 14 August 2013 2.0
OSX Reversing Workshop 7 August 2013 2.0
Meetup 28 July 2010 2.0
Meetup 20 April 2010 2.0
Meetup 23 March 2010 2.0

Date: Wednesday, 28th July 2010

Presentations:

  • Robert Lee, PriceWaterHouse Coopers, Vulnerabilities & Google’s Jarlsberg Application
  • Alex Kouzemchenko, Azimuth Security, WAFs: How I love Thee.

Date: Tuesday, 20rd April 2010

Presentations:

Lightning Talks!

  • Louis Nyffenegger - ‘SQL injection in “order by” clauses’
  • Raphael Speyer – ECMAscript 5
  • Christian Heinrich - OWASP Top Ten 2010
  • Daniel Grzelak – Recon Tool Demonstration

Date: Tuesday, 23rd March 2010

Presentations:

  • PDF Hacking - Paul Theriault (Link TBA)
    The plan is to run an informal workshop style presentation with the following objectives:
    1. Provide an introduction to PDF format, scripting capabilities and other “features” you wouldn’t expect to see in a document format
    2. Learn some basic tools & techniques for analyzing malicious PDF files, for great justice
    3. Learn some basic tools & techniques for creating malicious PDF files, for great science
    4. Look at the security implications of PDFs and what can be done in an enterprise environment to reduce these risks (uninstall Reader?)
  • Incident Case Study - Charles Carmakal (Link TBA)
    Review of the security breach landscape in the US and go through an interesting case study. It involved organised criminals from eastern Europe, over $100M of losses, and incredible sophistication. The initial point of entry for this breach was the web - SQL injection, linked databases, privilege escalation, development/deployment of custom malware.