What we’re about
The Open Worldwide Application Security Project (OWASP®) is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of software. Our mission is to make software security visible so individuals and organizations can make informed decisions. OWASP is uniquely positioned to provide impartial, practical information about AppSec to individuals, corporations, universities, government agencies, and other organizations worldwide. Operating as a community of like-minded professionals, OWASP issues software tools and knowledge-based documentation on application security.
OWASP Philly works to embody this mission with our members and visitors by hosting bi-monthly technical speaker meetings, with off months hosting special events and working towards contributing to OWASP projects.
Upcoming events (1)
See all- Preventing and Detecting IDOR + Hands on Hacking with LogSnareThe Black Sheep Pub & Restaurant, Philadelphia, PA
Hey Friends! Hope everyone had a most excellent summer, and now that we have passed the equinox we can officially begin our Fall lineup! While security never sleeps, I do enjoy our summer breaks, and I am excited to return to see everyone’s smiling faces and hear about what we’ve all been up to!
Please join us for this session where our very own Zac Davis takes the floor. This presentation builds on a 2024 OWASP Philly talk where Zac explored Insecure Direct Object References (IDOR), one of the most common and impactful web application vulnerabilities (and his personal favorite to exploit).
In this session, Zac will revisit real-world IDOR examples before showing how DomainGuard has implemented both preventive and detective controls to protect its platform against these attacks. The talk will conclude with a hands-on exercise using LogSnare, an intentionally vulnerable web application designed to help participants practice identifying and exploiting IDOR flaws. (https://github.com/sea-erkin/log-snare)
See you all there,
HiggsPS Lite Refreshments will be served :)
