OWASP New Zealand - Auckland-area Meetup

The Auckland-area OWASP Meetup takes place on the second Tuesdays of March, May, July, September, and November. There are no Meetups in January, as our members enjoy their holidays.

At each meeting, we'll have the following general agenda:

6:00 - 6:25 - Introductions and Administrative Items
6:25 - 7:00 - OWASP Top 10 Focus Discussion
7:00 - 7:30 - Networking and Refreshments
7:30 - 8:30 Technical Presentation, followed by Discussion/Q&A
8:30 Adjourn to local pub/eatery, if desired, for further networking

July Top 10 Focus: A4 - XML External Entity (XXE)
July Technical Topic: Hacking JSON Web Tokens; Speaker: Ben Dechrai, Auth0

For our July meeting, we'll be treated to a presentation from Ben Dechrai, who's visiting New Zealand from Melbourne.

Abstract:
In the world of authentication and authorisation, you might have heard of JWTs, or JSON Web Tokens, which are used to encapsulate a user's identity, or convey information to another system that defines permissions of what can be performed.

They're secure; they're signed; they're the best thing since sliced bread!

So you've adopted them into your applications and now feel much safer. The chances things will go wrong are slim. Right?

This talk will introduce some ways JWT implementations can go wrong, together with live demos, and take you on a journey to understand how to make sure you can trust these handy payloads in your applications and APIs.

Flux Federation (https://www.fluxfederation.com/) will be our host and sponsor this month. Their offices are located on Level 3 of the Kauri Timber Building (104 Fanshawe Street). They have also kindly agreed to provide our pizza and drinks for the evening.

We're always looking for presenters and topics for future meetings - contact John (john.dileo@owasp.org) if you have an idea for a topic, or a presentation you'd like to make.