Next Meetup

OWASP OC November dinner meeting: Oh you got this? Practical Attacks on the Mode
Speaker: Moses Frost, Security Architect, Cisco Topic: Oh, you got this? Practical Attacks on the Mode Abstract: Have you ever been on a Web Assessment, Bug Bounty, Pen Test, or Red Team and encountered a component using the latest frameworks, languages, libraries, or on the infrastructure? This presentation will provide a practical guide to approach these types of scenarios. Many of these technologies are strikingly new, probably visually stunning, but are they entirely secure? This talk will explore concepts like Modernized languages, Exposed In-Memory Databases, Proxies, Breaking Microservices, and more. We will show demos of how to abuse the latest architectures and frameworks. Follow me as we break the stuff that everyone else is just riding by, or discovering on accident. Much of the internet today is built on web technologies. These web technologies, the underlying infrastructure, the tooling to support it are changing at an incredibly rapid pace. Attackers, Assessment Teams, and others will have a difficult time understanding what this looks like in totality. This talk attempts to apply legacy concepts to Modern Applications, Libraries, and Infrastructure. We will have a few example demos’ to help cement concepts to the audience. The presentation is an attempt to cobble together several ideas into a single succinct talk. Most of the web attack concepts that exist together are still focusing on the simplistic views of SQL injection, XSS, password brute forcing, and the like. How do those paradigms change when there are no direct queries or when everything applications have been artificially limited by technologies like mobile. This talk boils down how to approach a more complicated application using the latest and greatest developer technologies. Speaker Bio: Someone or another has employed Moses Frost for the last 19 years. He started with BBS’s and ran a few, in the early 90’s, and his first non-Microsoft Operating System was Slackware and Linux 1.2 He is now employed Cisco Security Architect and is an Instructor and Author for the SANS Institute. You can catch him teaching Network or Web Penetration Testing at SANS, or catch him at a conference. He is prolifically twittering so find him on twitter @mosesrenegade. He is a seldom blogger at Schedule: 6:00pm Food, Drinks & Networking 6:40pm Presentation (followed by Q&A) A raffle will be held at the end of the meeting for OWASP swag and a free conference pass to the AppSec Cali 2019 conference. You must be present to win.


1691 Kettering St · Irvine, CA

What we're about

OWASP Orange County Chapter. The Open Web Application Security Project (OWASP) is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of software. Our mission is to make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks.

Support your Orange County Chapter: only $50 for the entire year!

Become an OWASP Member TODAY (

Members (1,177)

Photos (159)