addressalign-toparrow-leftarrow-rightbackbellblockcalendarcameraccwchatcheckchevron-downchevron-leftchevron-rightchevron-small-downchevron-small-leftchevron-small-rightchevron-small-upchevron-upcircle-with-crosscrosseditemptyheartfacebookfolderfullheartglobegmailgoogleimagesinstagramlinklocation-pinmagnifying-glassmailminusmoremuplabelShape 3 + Rectangle 1outlookpersonplusprice-ribbonImported LayersImported LayersImported Layersshieldstartrashtriangle-downtriangle-uptwitteruseryahoo

DependencyCheck, HTTP Strict Transport Security (HSTS), and Dangerous PRNG

After a short break, OWASP NoVa is back in action!

As always, we will be providing good food and drinks for everyone that attends. If you have any special beer requests, please ask the chapter leaders in advance and they will try their best to make sure it's stocked at the meetup.

This month, we have several presenters, each with awesome topics to cover.

Dangerous Pseudorandom Number Generation

Presented by: Jon Callahan

Applications will often implement 'forgot password' functionality. Often times, the app will simply generate a new password and send it to the associated email address. This talk will briefly cover how this feature can allow an attacker to hijack accounts if implemented poorly.

OWASP DependencyCheck

Presented by: Jeremy Long

Dependency-Check is a utility that identifies project dependencies and checks if there are any known, publicly disclosed, vulnerabilities. Currently Java and .NET dependencies are supported; however, support for Node.JS, client side JavaScript libraries, etc. is planned. This tool can be part of the solution to the OWASP Top[masked] A9 - Using Components with Known Vulnerabilities

HTTP Strict Transport Security (HSTS)

Presented by: Geller Bedoya

HTTP Strict Transport Security (commonly referred to as HSTS) is an opt-in browser security mechanism that lets web site owners declare "Encrypted Communications Only".  The HSTS header specifies a period of time during which the browser shall access the server in a secure manner. This firetalk is focused on HSTS internals, limitations, how it’s configured/deployed, and who’s using it. 

Join or login to comment.

  • John

    Great topics

    May 8, 2014

  • Iris R.

    Interesting and inspiring!

    May 8, 2014

  • John

    I looked up the address and was wonder how do we find the group once we get there?

    May 8, 2014

    • Jack M.

      ^^ What Jon said. It's on the 3rd floor in the "Chill Out Room". If you don't see the OWASP signs, follow the signs towards the Chill Out Room.

      1 · May 8, 2014

    • John

      Gotcha, thanks

      May 8, 2014

  • Joe

    Is there a webex or live meeting? Thanks

    May 8, 2014

  • Jack M.

    Chapter,

    We switched up the agenda this month from our original plan. We now have three great speakers, who are all local and OWASP NoVa regulars.

    May 6, 2014

Our Sponsors

  • Blue Canopy

    Blue Canopy is hosting the meetup and providing food and drinks.

People in this
Meetup are also in:

Sign up

Meetup members, Log in

By clicking "Sign up" or "Sign up using Facebook", you confirm that you accept our Terms of Service & Privacy Policy