OWASP Houston Chapter

OWASP Houston November Mini-Con

Nov 14, 2013 · 6:00 PM
Sheraton Suites Houston Galleria

Eventbrite sign up is open. Sign up now to reserve seating and refreshments.

Please join us on November 14th for the fourth installment of OWASP Houston's 2013 Mini-Con series. Seating and drinks are reserved for guests that have signed up through eventbrite. If there are no tickets available, a wait list will for a seat will be opened. If you do not have a ticket and would like to come, please come to the event early. Limited standing room will be available.

Reception begins at 6:00PM. Our speakers at this event included Jason Reeder, Johnathan Kuskos, and Daniel Buentello. Jason will starting the evening with our first presentation at 6:30PM. The event will be finished by 9:00PM.

This will be the last meeting of 2013. Thank you for all your support. We are currently planning the 2014 year.

To find out about future events, sign up for our meetup group.

Johnathan Kuskos will be presenting methods of WAF bypassing, breaking client-side validation, and advanced SQL injection obsfucation.

The first bandaid that web app administrators typically apply to their site is a web application firewall. Most lack the technical skill set to tune it properly, or leave default settings "as is". Whitelists can be difficult to customize appropriately and blacklists usually fall prey to persistent attackers. Spoiler alert: All WAF's can be bypassed. This becomes even more devastating when the WAF is the only line of defense. This presentation will focus on injection obfuscation, and include a few cool tricks for bypassing pesky WAF blacklists and filters that I've come across on my journey to become a more thorough penetration tester.

Kuskos is a Senior Application Security Engineer and newly appointed Security Check Supervisor for WhiteHat Security. He has a bad habit of going home and hacking after he's done hacking at his day job. As an active participant in responsible disclosure, he can be found on publicly recognized "Whitehat" lists for Shopify, Twitter, Mozilla, Netflix, Google, Meraki, LastPass, Barracuda Networks, and Etsy.

Daniel Buentello will be presenting his Derby Con 2013 talk titled, "Weaponizing your Coffee Pot":

As SoC price continue to drop and their implementation continues to rise, connected “”appliances”" (Internet of Things)will be become an attractive avenue for cyber criminals. Due to the fact they provide no traditional feedback (monitor) or input (mouse/keyboard) If one were able to compromise an embedded host it would be the perfect vantage point for a MITM attack or a beachhead to launch other attacks. I plan to guide you through some of the steps from initial reconnaissance to building binaries for different architectures. Then end goal being to take over the host without breaking designed functionality (stealthy), being able to run third party binaries at start (lethal), and surviving basic removal techniques (persistent) aka weaponizing.

This event is sponsored by

Accuvant

Baracuda

Alert Logic

cPanel

FAQs

What are my parking options ?

Parking is freely available in the garage behind the hotel. We will be validating parking at registration. This benefit applies to everyone that attends the event regardless of your ticket holding status.

Do I have to bring my printed ticket to the event?

You don't have to bring your ticket, but it might help speed up things. We can verify the name you register with.

The name on the registration/ticket doesn't match the attendee. Is that okay?

If you can't make it and want to print your ticket for a friend that can, that's fine.

Join or login to comment.

Hit enter to add your reply

Raul F.

This was great, we finished the meeting with three good conferences.

0 · November 14, 2013
A former member

Looking forward to it.

0 · October 24, 2013