OWASP Meetup - September 2016 - San Francisco

Important - For building security you must supply your first and last name as it appears on your ID or you won't be granted access to enter.

Agenda

• 6:30 Doors Open
• 6:45 - 7:30 Talk 1
Ron Hamilton, Performance Technology Partners (PTP)

Malicious actors are probing your web applications every day looking for vulnerabilities. Are you performing similar tests yourself? This presentation will introduce attendees to methods for testing applications in regard to a number of vulnerabilities outside the basic OWASP Top 10. The topics to be discussed will include, logic problems, harvesting, and other examples beyond the OWASP Top 10

• 7:45 - 8:30 Talk 2
Luca Carettoni, LinkedIn Defending against Java Deserialization Vulnerabilities

Java deserialization vulnerabilities have recently gained popularity due to a renewed interest from the security community. Despite being publicly discussed for several years, a significant number of Java based products are still affected. Whenever untrusted data is used within deserialization methods, an attacker can abuse this simple design anti-pattern to compromise your application. After a quick introduction of the problem, this talk will focus on discovering and defending against deserialization vulnerabilities. I will present a collection of techniques for mitigating attacks when turning off object serialization is not an option, and we will discuss practical recommendations that developers can use to help prevent these attacks.

• 8:30+ Networking
• 9 Doors Close

Pizza and drinks will be served.