The Open Web Application Security Project (OWASP) is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of software. Our mission is to make software security visible, so that individuals and organizations which means it is in a unique position to provide impartial, practical information about AppSec to individuals, corporations, universities, government agencies and other organizations worldwide. Operating as a community of like-minded professionals, OWASP issues software tools and knowledge-based documentation on application security.
The OWASP Dublin group is an open and welcoming place for anyone interested in IT Security, hacking or cybersecurity.
OWASP Dublin are delighted to announce that Facebook will be sponsoring & hosting the next OWASP Dublin chapter meetup. We will have two speakers on the night along with some light refreshments.
You must book your seat at EventBrite https://www.eventbrite.ie/e/owasp-dublin-april-meetup-tickets-59788967411
17:00 Open for registration
17.30 "Product Security Assessments"
Otto Ebeling - Facebook Security engineer
Having previously worked in anti-virus and security consulting, Otto joined Facebook in 2013 and currently works in the Product Security Assessments and Analysis team in London. His current focus is reviewing back-end services and their interactions with the front end for security bugs, as well as working with the static analysis teams to automate the detection of such bugs.
The Product Security Assessments and Analysis team performs application security reviews of new features and functionality being developed by FB software engineers. In this talk, Otto will briefly describe the review process and go over anonymised versions of a few reviews and discuss example security bugs and follow-up steps.
18:30-ish "MITRE ATT&CK Framework: A Fan’s Guide"
Ranjith Unnikrishnan - Senior Cyber Security Consultant, PwC
Ranjith has over 6 years of consulting experience, working with global clients on penetration testing, red teaming, purple teaming, threat hunting and security architecture assessments. He spends a lot of his time trying to climb the “Pyramid of Pain” using analytical techniques and open source projects. Ranjith holds a Bachelor of Engineering in IT, CISSP, SANS GPEN, GCIA, CHFI and Splunk Architect certification. He is also part of the SANS Advisory Board, supporting the development of GIAC courseware. He is currently passionate about helping clients and the cyber security blue teaming community in operationalising the MITRE ATT&CK framework in their respective environments.
We have always been looking for a common language to understand the adversarial techniques and their modus operandi. How can we move from talking about detecting various attack techniques, tactics and procedures (TTPs) used by adversarial groups, to actually being able to deploy detection? Come to this talk to see how MITRE’s Enterprise ATT&CK framework can potentially help us do that. Let us delve a little deeper into various use cases, open source tools and approaches for using this framework. It does not matter if you have an endpoint detection and response (EDR) solution in place or not, we can still go beyond traditional IOC based detection and start threat hunting.