OWASP meetup


After our unofficial reboot last October, we are organizing the first official OWASP local chapter event in Copenhagen. This will be a recurrent event, hosted four times a year.
Call for participation:
We welcome brief talks on web, application, and network security from competent speakers in the area. For this event we will focus on automated testing of input validation vulnerabilities.
The talk proposal should abide to the OWASP principles: to promote and disseminate knowledge and tools in application security that respect its core values, of openness, support for innovation, global reach and integrity. The talks should be vendor-neutral, that is not publicity talks for a specific company or a proprietary tool, but about interesting experiences in security that can engage and foster discussion in the local community *.
Please contact us with your proposal including a title, name and short bio of the speaker, and a short description of the talk (max 300 words).
As this will be a recurring event, we welcome as many submissions as possible, and reserve keep interesting talk proposals for the future editions.
* There will be plenty of time for networking and publicity in the social part of the event.
Deadline for proposing talks: March 8th
Submission: please submit the application at [masked], or alternatively, at the OWASP mailing list [masked]
Schedule (tentative):
17:00 - 17:30: Networking, who is hiring, drinks
17:30 - 17:40: Welcome, introductions, upcoming events
17:40 - 18:00: Focus on the OWASP top 10
18:00 - 18:15: Break
18:15 - 19:00: Guest talk(s):
Title: XSSER: From XSS to RCE 3.0
Abstract: This presentation demonstrates how an attacker can utilise XSS to execute arbitrary code on the web server when an administrative user inadvertently triggers a hidden XSS payload. Custom tools and payloads integrated with Metasploit's Meterpreter in a highly automated approach will be demonstrated live, including post-exploitation scenarios and interesting data that can be obtained from compromised web applications. This version includes more payloads for common web apps and various other improvements too!"
Bio: Hans-Michael Varbaek is an active part of the TDC Group Penetration Testing Team. He has previously worked as a Senior Security Consultant in Sydney, Australia and Denmark as well. Hans has been in the ethical hacking community for around a decade under various handles, and has contributed to several public projects online, including The Exploit Database as a blog writer about web application security.
19:00 - 21:45: Food provided by ITU, Flash CTF Competition (organized by our students)
21:45 - 22:00: Announcing the winners, final remarks
There will be plenty of time and occasions for networking, to learn about interesting events and job opportunities in the area, and social activities. Food and drinks will be provided by ITU, and our students will organize a flash CTF competition.