What we’re about
This is the meetup headquarters for the Bay Area chapter of the Open Web Application Security Project (OWASP). This group is dedicated to bringing together the massive amount of Bay Area web application security talent and interest in the form of presentations, talks, conferences, and any other kind of get-together we want to come up with.
We're looking to facilitate all types of meetings between members, from formal conferences to little meetups at a Bay Area coffee shop. The key advantage of meetup.com is that we can benefit from the shared calendar, which is available via iCal, Google Calendar, etc.
We encourage you to get involved in every way possible. Recommend events, put together a local meetup at a coffee shop, restaurant, or bar, or put together a talk to present at one of these venues.
We look forward to hearing from you and seeing you at a local event!
Upcoming events (2)
See all- April meetup180 Townsend St, San Francisco, CA
We're excited to announce our upcoming April meetup, which will be hosted by the wonderful team at Truffle Security. Get ready for insightful discussions, delicious refreshments, and the chance to network with some of the brightest minds in the industry.
Agenda:
5-5.45Pm :- Doors open, networking and food
5.45-6.30PM :- Leaked Secrets and Unlimited Miles
6.30-7.15PM :- Secrets from a bygone era
7.15-8 PM :- The Internet is broken, Putting IPv6 into perspective
8PM Doors closed.Talk#1: Leaked Secrets and Unlimited Miles by Sam Curry
Nearly every major rewards program (United MileagePlus, American Express, Southwest Rapid Rewards, etc.) is powered by a single provider: points.com. Join us as we discuss vulnerabilities identified in points.com and other pieces of airline infrastructure which lead to mass PII disclosure, an infinite money glitch, and free upgrades.Talk #2 - Secrets from a bygone era by Dylan Ayrey
GitHub is a platform that was designed for sharing, it wasn't designed for unsharing. So how difficult does it become to unshare? This talk will dig into all the different ways your secrets might get replicated, propagated, persisted, and shared, for decades following your mistake.Talk#3 The Internet is broken, Putting IPv6 into perspective
Description:
Most of the Internet is currently running on a legacy version of the Internet Protocol: IPv4. Despite of this, the number of engineers, especially in security, who know how to use IPv6 is relatively low. In this talk, previously presented internally at NCC Group, I will show you why today's Internet does not live up to its original vision, take you back to the past to show you what the IPv4 Internet used to look like and through this reveal the secrets that will make you understand IPv6.Speaker:Denis Smajlović, Founding Security Consultant at Nova Information Security. With a background in security consulting having worked for some of the largest financial institutions in Scandinavia and biggest tech companies in the Bay Area, I started Nova to provide web application and network pentesting services with the idea that we are able to work closer with clients and provide greater value.
- Hacker Days:- The Anatomy of a Breach : Lessons from common mistakesEndor Labs, Palo Alto, CA
Hello...Are you ready to dive into world of enterprise security ?. Join us for an exciting Hacker Days, where we'll explore some of the Information Security essential requirements and it's a shared responsibility to protect systems and data. In this workshop, we will play roles of Developer/End-user/Security Engineer and explore various common mistakes which lead to critical security issues. We will also discuss the best practices for preventing such attacks.
Thank you very much to Endor Labs for gracious providing us the venue and Levo.ai - the guardians of the API galaxy! for sponsoring the food and drinks.
This event is in partnership pacific hackers community https://www.pacifichackers.org/Workshop outline:
* Overview
- Introduction: Responsibilities of different roles.
- Demo application walkthrough: A custom .net web application and a mobile app.
- Tools: BurpSuite, Wireshark, ApkTool
* Developer mistakes: Various mistakes done by developers will be explained along with the impact and how to identify and prevent them.
- Hardcoded Secrets
- Login Credentials
- Lack of Awareness
- Security Misconfiguration
* End-user mistakes: As end-users, one can be a victim of cyber attack due to simple mistakes. Let's explore scenarios with live demo.
- Wi-Fi Attack
- Offer and Freebies
* Security Engineer mistakes: Security engineers are responsible for detecting vulnerabilities and recommending fixes. But we are also human being and can commit mistakes which can lead to attacks.
- Misusing available tools
- Lack of scoping
- Few OWASP top 10 vulnerability demo
* Closing Note
* Q&ASpeaker Details:
Name: Sarwar Jahan M
Linkedin: https://www.linkedin.com/in/sarwarjahanm/
Bio: Sarwar Jahan is currently working as a Senior Enterprise Security Engineer, who worked at tech giants like Synopsys, Microsoft and Salesforce. He has 10+ years of experience and was ranked among top ethical hackers globally. He is passionate about sharing knowledge with the community and running a non-profit initiative called InfoSecCamp to spread security awareness among people by conducting Boot Camps.(