OWASP Suffolk Chapter

 
 
 

No agenda, no slides, no recording, 100% unscripted.

Practical learning: Live ethical hacking challenges, workshops, CTFs and sharing of knowledge.

 
 
 

For the past two years I've been using OWASP ZAP and PortSwigger's Burp Suite (Community Edition), switching between the two as I learned hacking techniques and took part in CTFs. Each has their own pros and cons, features I like, quirks, and even room for improvement.

For this event we will be taking a slow walk through the interfaces and features of both tools side-by-side with both pointed at a vulnerable target.

This will be an interactive session where you can ask questions throughout. This event is aimed at the beginner who wishes to know more about these two popular tools. This is an unbiased demonstration and both tools will be in an out-of-the-box state with no optional extras / add-ons / plugins installed.

Agenda:

• OWASP updates
• Live interactive demonstration of ZAP and Burp Suite CE

Disclaimer: As always our events are designed to educate. Any tools and techniques demonstrated are for informative purposes only. We do not endorse their use for malicious purposes.

This talk will not be recorded.

 
 
 

No agenda, no slides, no recording, 100% unscripted.

Practical learning: Live ethical hacking challenges, workshops, CTFs and sharing of knowledge.

 
 
 

Injection vulnerabilities remain a common problem today. A single mistake could expose your whole database and customer data or give an attacker the ability to remotely execute code on your server.

We will look at some examples of coding mistakes that can lead to injection vulnerabilities and discuss how they could be mitigated.

This is a joint event provided by OWASP Bristol and OWASP Suffolk.

Agenda:

• OWASP updates
• Injection Vulnerabilities talk

Disclaimer: As always our events are designed to educate. Any tools and techniques demonstrated are for informative purposes only. We do not endorse their use for malicious purposes.