addressalign-toparrow-leftarrow-rightbackbellblockcalendarcameraccwcheckchevron-downchevron-leftchevron-rightchevron-small-downchevron-small-leftchevron-small-rightchevron-small-upchevron-upcircle-with-checkcircle-with-crosscircle-with-pluscrossdots-three-verticaleditemptyheartexporteye-with-lineeyefacebookfolderfullheartglobegmailgooglegroupshelp-with-circleimageimagesinstagramlinklocation-pinm-swarmSearchmailmessagesminusmoremuplabelShape 3 + Rectangle 1ShapeoutlookpersonJoin Group on CardStartprice-ribbonShapeShapeShapeShapeImported LayersImported LayersImported Layersshieldstartickettrashtriangle-downtriangle-uptwitteruserwarningyahoo

OWASP Meetup - September 2016 - San Francisco

  • Sep 7, 2016 · 6:30 PM
  • This location is shown only to members

Important - For building security you must supply your first and last name as it appears on your ID or you won't be granted access to enter.

Agenda

• 6:30 Doors Open
• 6:45 - 7:30 Talk 1
Ron Hamilton, Performance Technology Partners (PTP)

Malicious actors are probing your web applications every day looking for vulnerabilities.  Are you performing similar tests yourself? This presentation will introduce attendees to methods for testing applications in regard to a number of vulnerabilities outside the basic OWASP Top 10. The topics to be discussed will include, logic problems, harvesting, and other examples beyond the OWASP Top 10


• 7:45 - 8:30 Talk 2
Luca Carettoni, LinkedIn Defending against Java Deserialization Vulnerabilities

Java deserialization vulnerabilities have recently gained popularity due to a renewed interest from the security community. Despite being publicly discussed for several years, a significant number of Java based products are still affected. Whenever untrusted data is used within deserialization methods, an attacker can abuse this simple design anti-pattern to compromise your application. After a quick introduction of the problem, this talk will focus on discovering and defending against deserialization vulnerabilities. I will present a collection of techniques for mitigating attacks when turning off object serialization is not an option, and we will discuss practical recommendations that developers can use to help prevent these attacks.

• 8:30+ Networking
• 9 Doors Close 


Pizza and drinks will be served.

Join or login to comment.

  • A K.

    I missed to attend this. Are any links/slides/video recording available ?

    September 8

  • Christian

    Do they have bicycle parking?

    September 7

    • Bo T.

      Hi, im downstairs trying to come up. Is there going to be any entry after the first session?

      September 7

    • Theodore

      But there is parking around the corner in the street.

      September 7

  • Daniel B.

    How does the Waitlist work? If we're still on it today, is it worth showing up?

    3 · September 6

    • OS-23785

      +1

      1 · September 6

    • Michael C.

      Working to add people based on new slots that have open up.

      1 · September 7

  • Michael M.

    Do we need to supply our name ahead of time for building security, or is just an ID check at the door?

    August 24

    • Michael C.

      But we do need your full name ahead of time.

      August 24

    • Michael M.

      Thanks!

      August 24

People in this
Meetup are also in:

Sign up

Meetup members, Log in

By clicking "Sign up" or "Sign up using Facebook", you confirm that you accept our Terms of Service & Privacy Policy