InfoSecGirls and WoSec Pune Meet - 29th Feb, 2020

Details

Hi All,

This is going to an in-person meet

The purpose of WoSec and InfoSecGirls is to develop leadership, promote active membership and participation, and contributions by security professional communities, globally and locally.

Time: 11AM - 2PM (IST)

Speakers:
Jeenika Anadani
Topic: Local File Inclusion | Directory Traversal
Abstract:
Web applications are still vulnerable to certain attacks that were commonly well-known earlier but they still exist today. LFI is once such vulnerability and people like beginners often tend to get confused between LFI and Directory Traversal. LFI vulnerability can be found in many web applications via chain of attacks but still it can also be found directly.
Thus, in this talk we will cover:
What is LFI
What is Directory Traversal
Differences
Examples
Impacts and Mitigations
demo
Duration: 20-30 minutes
Level: Beginner

Neelam Verma
Topic: Industrial control system(ICS)
Abstract:
Industrial control system(ICS) is a collective term used to describe different types of control systems and related instrumentation, which include the devices,systems,network and controls used to operate and automate industrial processes.
Sub-topic
What is ICS?
SCADA
HMI
RTU
PLC
Types of ICS network
Modbus
Need of ICS Security
Duration: 30-45 minutes.
Level: Beginners and intermediate

Prasad Salvi
Topic: Secure Coding Proactive Controls
Abstract:
Secure coding is the practice of developing computer software in a way that guards against the accidental introduction of security vulnerabilities. Defects, bugs and logic flaws are consistently the primary cause of commonly exploited software vulnerabilities.
In this talk, we are going to discuss the OWASP secure coding proactive controls that would help developers create secure web applications. For a developer, it is very important to understand the inherent risks his application faces and how secure coding can help mitigate it. We would see some vulnerable code snippets and their mitigation. For pen testers, this session would help understand how to test for different vulnerabilities if the application if not securely coded.
At the end of the session, the audience would be comfortable in applying the controls in their day to day development activities.

Note: This is a talk and not a hands-on training.
Duration: 2 hours
Level: Beginners and intermediate

Venue: Qualys, SB Road
Behind Pantaloons