Running since June 2013, every month we have 2 talks focused on Security or Technology - followed by socialising with like minded people – and you can find out exactly what to expect on the About Us section of our Meetup page. Past talk details are on our wiki on http://corksec.com/. All people with any sort of an interest or level of knowledge in Security, Hacking and Emerging Technology are more than welcome to attend and feel free to bring like minded colleagues and friends.
Our talks come from our community so if you have an idea for a topic (anything for 10-60 minutes) please email us at [masked] . Whether you are an experienced presenter, or presenting for your first time - CorkSec is a great venue for it - and we are happy to help you prepare and mentor you.
Doors open at 19:00 with talks starting at 19:15.
TALK 1: Introduction to Buffer Overflow vulnerabilities by Ravi Vashatkar
Buffer overflows are well known in the security industry to be one among the oldest vulnerabilities that exist even today. This talk followed by a demonstration will let one understand how these vulnerabilities can be detected and exploited along with measures that can be taken to prevent and/or mitigate them. We'll cover
- What is Buffer overflow ?
- Short history and trends.
- Computer fundamentals: Stack & Heap memory organization.
- An overview of CPU registers and Assembly language.
- How can stack buffer overflow vulnerability be exploited ? (Practical demonstration)
- How to prevent and/mitigate these vulnerabilities.
TALK 2: Securing web applications with minimal resources by Aivaras Prudnikovas
Competitive environment, expectations of users and authorities require one to find better and more efficient solutions to securing applications. User authentication is one of the first cross cutting concerns one needs to implement and yet it is always challenging and time consuming. How do you reduce time, resources and increase security at the same time? Would you invest in your engineers or buy services of a third party authentication provider or maybe do something in between? After working on various authentication implementations starting with ad-hoc approaches to integrating with third party auth vendors there is no single answer - the devil is in the details.