OWASP Dublin - February Meetup

OWASP Dublin are delighted to announce KPMG will be sponsoring & hosting the next OWASP Dublin chapter meetup.

We will have some great talks from industry experts, details can be found below:

Speaker 1: Conor McShea is a consultant in the KPMG Cyber Defence team in Belfast. He has 3 years of experience working across both the defence and response streams before committing to the defence team for over a year. His focus is now web application, API and infrastructure penetration testing of large financial companies.

Conor’s talk will cover OWASP top 10 in large financial company’s web applications. He will leverage his experience to deliver this talk touching on trends and vulnerabilities he has seen whilst testing these applications which deal with sensitive user data.

Speaker 2: Archit Aggarwal is a senior consultant in the KPMG Cyber Defence and Response team. He has a total experience of 7 years in the offensive security domain. His main focus areas are web application security, active directory security, and infrastructure security.

In this talk, Archit will share how exploiting basic password flaws in an internal web application paved the way for the compromise of an organisation's internal network. He will discuss the main vulnerabilities discovered, the approach taken during the assessment, and key security insights to safeguard networks.

Speaker 3: Mackenzie Jackson is a developer and security advocate with a passion for DevOps and application security. As the co-founder and former CTO of the health tech company Conpago, he learned first-hand how critical it is to build secure applications with robust developer operations.

Today Mackenzie continues his passion for security by working with the GitGuardian research team to uncover the latest trends malicious actors are using. Mackenzie is also the host of The Security Repo podcast, an established security writer, an experienced global speaker, and appeared as an expert in documentaries and television broadcasts.

Talk: The attacker's guide to exploiting secrets
Elevator pitch

Exposed secrets like API keys are regularly exploited by attackers. We will outline various methods used to discover and exploit these secrets, including, abusing git repos, exploiting misconfigurations, decompiling containers & reverse engineering mobile applications to expose the secrets within.

This will be an exciting evening, so please ensure you register early.

Refreshments will be available and plenty of opportunity to speak with others in the Secuirty Community.

A big thanks to our hosts for the evening KPMG.