align-toparrow-leftarrow-rightbackbellblockcalendarcamerachatcheckchevron-downchevron-leftchevron-rightchevron-small-downchevron-small-leftchevron-small-rightchevron-small-upchevron-upcircle-with-crosscrosseditfacebookglobegoogleimagesinstagramlocation-pinmagnifying-glassmailmoremuplabelShape 3 + Rectangle 1outlookpersonplusImported LayersImported LayersImported Layersshieldstartwitteryahoo

October Meeting

Title: Hack Yourself First: How to go on the cyber-offence before online attackers do

Abstract: 'Hack Yourself First' is all about developers building up cyber-offence skills and proactively seeking out security vulnerabilities in their own websites before an attacker does. It recognises that we have huge volumes of existing websites that haven’t gone through sufficient security review plus we continue to create new content that even when built with security in mind, still needs testing from the perspective of a cybercriminal.  In this session we’ll look at website security from the attacker’s perspective and exploit common risks in a vulnerable web application. The session is entirely web framework agnostic – if your website uses HTML and is loaded over HTTP, this session is for you!

Bio: Troy Hunt is a prolific blogger, speaker and antagonist of poorly secured websites. A Microsoft MVP for Developer Security, Troy’s focus is on helping developers secure the web by demonstrating the execution of attacks and then walking through the mechanics of the mitigations. Troy’s also the author of two Pluralsight courses that follow this pattern – the OWASP Top 10 for ASP.NET and Hack Yourself First – as well as the creator of ASafaWeb, the Automated Security Analyser for ASP.NET websites.

Title: Whitelist is the New Black

Abstract: Damian will be discussing the perils of using blacklists and how easily they can typically be bypassed for attacks such as Cross-Site Scripting (XSS), SQL Injection (SQLi), and File Uploads. He will also cover why whitelists should be favored over blacklists and some techniques for proper implementation.

Bio: Damian Profancik is a Security Consultant in the Application Security Group of Trustwave’s SpiderLabs. He has worked as a server/network infrastructure and security consultant for over 12 years with the last 4 years solely focused on information security. His main focus has been on application security and vulnerability research. He has worked in this capacity both independently and for a number of companies ranging from small businesses to fortune 100 enterprises. His work has included network penetration testing, application penetration testing, reverse engineering, exploit development, architectural design analysis, code review, and forensics. He is actively involved in the Information Security community through speaking engagements at events DerbyCon, ShmooCon, OWASP, and ISSA, and he is a co-leader for the local OWASP chapter.

Food, drink and location provided by Pondurance

Join or login to comment.

  • Todd G.

    Damian's slides have been put in the meetup file share. Troy's aren't available (yet), as he is still giving that talk a few places. Carl will get that loaded when it becomes available.

    November 4, 2013

  • Chris K.

    While the audio/visual delays and drops can really be annoying, I think I look at this from a different point of view. It was awesome to be able to have a presentation from Tony from the other side of the world and be able to interact. Connecting with people and ideas from other areas of practice and other parts of the world is just as vital as communicating regularly with other practitioners in our immediate area. I love that these OWASP meetings can provide both.

    October 30, 2013

  • Jeremy J.

    This was my first OWASP meetup. The presentations were eye-opening and informative. I definitely came away with some ideas to chew on. Thanks for putting this together.

    October 30, 2013

  • Rick C.

    I was not able to stay for the whole meeting but enjoyed what I could

    October 30, 2013

  • Tyler H.

    Great time tonight. Thanks.

    October 29, 2013

30 went

People in this
Meetup are also in:

Sign up

Meetup members, Log in

By clicking "Sign up" or "Sign up using Facebook", you confirm that you accept our Terms of Service & Privacy Policy