After a short break, OWASP NoVa is back in action!
As always, we will be providing good food and drinks for everyone that attends. If you have any special beer requests, please ask the chapter leaders in advance and they will try their best to make sure it's stocked at the meetup.
This month, we have several presenters, each with awesome topics to cover.
Dangerous Pseudorandom Number Generation
Presented by: Jon Callahan
Applications will often implement 'forgot password' functionality. Often times, the app will simply generate a new password and send it to the associated email address. This talk will briefly cover how this feature can allow an attacker to hijack accounts if implemented poorly.
Presented by: Jeremy Long
HTTP Strict Transport Security (HSTS)
Presented by: Geller Bedoya
HTTP Strict Transport Security (commonly referred to as HSTS) is an opt-in browser security mechanism that lets web site owners declare "Encrypted Communications Only". The HSTS header specifies a period of time during which the browser shall access the server in a secure manner. This firetalk is focused on HSTS internals, limitations, how it’s configured/deployed, and who’s using it.