OWASP Ottawa February 2018 Meetup
Details
5:00 Networking and Pizza
6:00 PM: Technical Talks
- Lightning Talk - Hash Length Extension Attacks
Abstract:
We all know that hashes cannot be reversed, but that doesn't mean that they cannot be tampered with.
Bio:
Dave Petrasovic is a UI Developer at Nokia and has 9 years of experience with full stack development. 2. Cross Site Scripting (XSS) Deep Dive
------------------------------------------------------------------------------------------------ - Cross Site Scripting (XSS) Deep Dive
Abstract:
What IS Cross Site Scripting? Also know as ‘XSS’, cross site scripting is a web application vulnerability that allows an attacker to inject their own script into your application, manipulating your application into trusting it, as if their script was part of the application. The attack is then executed against users of your application in the browser. XSS is common, dangerous, and easy to find with automated tools, which is why it is #A6 on the OWASP Top Ten. This Application Security Lesson will teach you what XSS, how to differentiate the 3 types of XSS, explain how to find it, but most importantly, how to prevent it. This talk also includes a live demonstration of the vulnerability, with audience participation.
Bio:
Tanya Janca is an application security evangelist, technical advisor, web application penetration tester and vulnerability assessor, international public speaker and trainer, ethical hacker, OWASP DevSlop Project Leader, OWASP Ottawa Chapter Leader, Effective Altruist and has been developing software since the late 90’s. She has worn many hats and done many things, including; Web App PenTesting, Technical Training/Speaking, Custom Apps/Software Development, COTS Admin/Implementation, Incident Response, Enterprise Architect, Project and People Management, and even Tech Support. She can currently be found speaking at conferences, helping the Government of Canada secure their web applications or training software developers.
------------------------------------------------------------------------------------------------ - WordPress Security
Abstract:
You may have heard that WordPress isn't secure. This would be incorrect. However, as the web's most popular Content Management System, it is a popular target for attacks. In this presentation, we'll talk about common attacks on WordPress sites, and the steps you can take as a user to make your site more secure. We'll also take an introductory look at how to write secure themes and plugins for WordPress if you're a developer looking to extend its functionality.
Bio:
Currently the Director of IT at Actionable.co, Shawn Hooper has been a web developer since the 90s. The past several years have been spent specializing in WordPress. He is a core contributor to the WordPress open source project, teaches CampTech Ottawa's WordPress for beginners course, and is a regular speaker at WordCamp events across Canada and the United States.
