OWASP Toronto - March 2017 Chapter Event

This is a past event

61 people went

Location visible to members


Please join us at the March 2017 OWASP Toronto chapter event!

This month, Amazon has graciously offered to host us in their Toronto office!

IMPORTANT - We are making special changes to our RSVP process to adapt to this new venue:

• ONLY attendees who confirmed through our chapter's Meetup.com event page will be allowed entry. So please confirm your presence if you are planning to come. This is required so that visitor badges can be created for those on the list and provided by the reception at the Amazon office.

• The RSVP period will run from March 3 to March 12. This is to allow enough time for visitor badges to be created, and to plan for the event's logistics.

• If you need to make change to your attendance status, please do so by March 12. We understand that plans change, but given a limited space, please be mindful of others in the community who may benefit from the event.If you have any questions, please feel free to reach reach out to us.


Here is the agenda for the event:


1 - Overview and Intro to OWASP Projects - Yuk Fai Chan

A quick overview of the OWASP will be presented for those who are unfamiliar with the global organization, followed by a introduction of OWASP Projects - the process, the people, and some examples - from Flagship, Lab to Incubator.

Yuk Fai Chan is with the OWASP Toronto chapter. He also works as a security consultant.

2 - Vulnerabilities from upstream on down - Max Veytsman

Security vulnerabilities in open source software are patched by maintainers every day, but most of the software your servers have installed is coming from a package manager.

When a new vulnerability in openssl is disclosed, how does it make it to the corresponding Ubuntu package? How long does it take?

Every distribution has a security team. I'm going to describe the work that they do, talk about how vulnerabilities are prioritized and discuss some statistics about their operations.

Max Veytsman is a recovering pentester. Nowadays, he's helping the world patch its software at Appcanary.