OWASP Vancouver - Securing Git

We are excited to go back to in-person events and enhance member experience through face-to-face interactions. Please see COVID safety information below.

6:00-6:10pm: networking, eating, drinking, getting ready.

6:10-7:10pm: Securing Git with Julius Musseau
The default "out-of-the-box" config for most Git setups (e.g., github, gitlab, bitbucket, etc.) is not great. In this talk Julius will show how to:

• Quickly tighten up your git repository config to prevent most badness.
• How to prevent malicious metadata from getting in.
• How to completely eliminate bad files (e.g., passwords, private keys) from repositories.
• Finally, for those that are so inclined, some weird ways you can hide files in existing git repositories, potentially bypassing scrutiny.

Speaker: Julius Musseau has long been obsessed with Java Jar files. He was the primary author on a 40 page academic journal article all about identifying Jar files (“Software Bertillonage”)! In the last 5 years Julius has worked as co-founder and CTO at MergeBase, a Vancouver based application-security company devoted to Jar files, NPM files, DLL files, Ruby Gem Files, Elixir Mix files, etc. As you can see, Julius has really branched out lately! Julius is the author of a leading Log4J detector: https://github.com/mergebase/log4j-detector

7:10-8:00pm: discussion

***

Pandemic safety: all participants will be seated 2 meters apart. Masks encouraged.

Thank yous: we would like to give big thanks to PayPal for hosting and feeding us, and all the volunteers for helping make this happen!

OWASP Vancouver web site can be found here, where you can find more info and stay connected with us.