St. Louis OWASP - September Meeting
Details
Agenda:
6:00-6:30pm - Gather and mingle
(Food & Beverages provided courtesy of our sponsor)
6:30-7:15pm - JS & Node Vulnerabilities by Igor Matlin
Abstract: Node.js popularity is soaring. Six years after its debut, and the language’s framework boasts more 2M downloads a month.
Before accelerating too quickly, it is important to understand the power – and corresponding mishaps – of this language. In this talk, we demonstrate new attack techniques against applications built on top of the Node.js language. Attacks include:
· Application-layer DDoS attacks. Bringing a server to its knees with just 4(!) requests.
· Password exposure attacks. Leveraging the “Forgot My Password” feature of applications in order to reveal the passwords of all the application’s users
· Business logic attacks. Running malicious code on all machines of users of the applications when exploiting a weak business feature.
Bio:
Igor has over 20 years of technical experience in high-tech companies as a software engineer and technical lead. Prior to joining Checkmarx as our Senior Solutions Architect, Igor worked as a Technical Manager at Myriad, a leading mobile software company, and as a Software Engineer and Product Manager at Novarra, acquired by Nokia in 2010.
Brief Break
7:30-8:15pm - Intro to MWCCOE by Tony Bryan
Bio: As Executive Director of Midwest Cyber Center of Excellence (MWCCOE), Tony brings a wide variety of expertise, and a big desire to serve his community. Tony is responsible for building strong programs to engage veterans and students in the cyber industry and ensuring long-term viability of the organization’s mission.
Event Sponsor:
https://a248.e.akamai.net/secure.meetupstatic.com/photos/event/3/b/a/9/600_454155273.jpeg
As always, please refer back to the OWASP Wiki Page for further details.
St. Louis OWASP - September Meeting