Sunday, December 30, 2012
Friday, December 21, 2012
AppSecUSA 2013
AppSecUSA 2013
Considering the Mayans did not end the world today… we’re clear to throw the biggest software security focused event in the world with your help - SAVE THE DATE AppSecUSA 2013
Monday November 18th – Thursday 21th 2013
1
We are now confirmed in the heart of NYC at the Marriot Marquee at Time Square NYC. The location and hotel
is absolutely AMAZING and if you have never visited NYC you will not want to
miss this opportunity : http://www.marriott.com/hotels/travel/nycmq-new-york-marriott-marquis/
The planning team is hard at work with many community members to make it a conference/summit experience! To do so we are OPEN for suggestions and the
best way to capture them for the planning committee is in the following online
location: https://www.google.com/moderator/#16/e=201fc2
Want to suggest a keynote? A working session on a framework, a committee meeting, a builder meet breaker dojo? Want to DJ the at swank after party or recommend a restaurant or activity?
There are NO bad suggestions only the suggestions that we don’t hear about in time and get supported by YOU the community to give us enough run-way to make them possible.
We will follow the Builder, Breaker, Defender track
themes for talks and will be holding a Call for Trainers and Speakers when we
reach that milestone.
Check it out: https://www.google.com/moderator/#16/e=201fc2 and over the next few weeks the website (http://www.appsecusa.org) website will be online with and
supporting materials.
Tuesday, December 18, 2012
OWASP Italy Day 2012: Highlights
Wednesday, December 12, 2012
12 Days of Christmas w/ Hacker Claus
Ok script kiddies, gather around and sing with me;
On the 1st day of Christmas a malicious hacker faxed to me <pause> poof of SQLi in a production website (database using SELECT * FROM members WHERE username = 'admin'--' AND password = 'password') with a username list -- it appeared they also taped the 4 pages of data to create a loop in the fax machine sending a unlimited amount of fax pages to me resulting in a denial of service on my office fax machine
On the 2nd of Christmas the hackers gave to me a Cross Site Scripting in my critical web application < IMG SRC="javascript:alert('XSS');" > and a link to cheat other sheets to at: https://www.owasp.org/index.php/Cheat_Sheetsand WAF suggestions for monitoring and potentially blocking the input, output, or system service calls which do not meet the configured policy of the firewall
On the 3rd of Christmas the hackers gave to me Direct Object Reference on a critical system that provided full admin access to the application because I was stupid.... http://yourwebsite.com/secret/adminconsole:8050
On the 4th day of Christmas the hackers gave to me.... "A FREE .PDF Book on how to find application security flaws (http://www.owasp.org/images/5/56/OWASP_Testing_Guide_v3.pdf )” and a video series https://www.owasp.org/index.php/OWASP_Appsec_Tutorial_Series
On the 5th day of Christmas the malicious hackers drove by my office and used Aircrack to recovery my Wifi WEP password and changed my SSID to "Hacked"and left it as an Open AP
On the 6th day of Christmas the hackers gave to me code snips of critical system code on the new secret internal project that he trolled and picked up from PasteBin Ugh.
On the 7th day of Christmas a hacker breached my door using a "9999" cut bump keyon door #1, a shim on door #2 and and placed a "boom" sign inside my desk draw that was locked to prove a point about my lame physical security... and they drank my 18 year old scotch too!
On the 8th day of Christmas the hackers returned to me a bag of dumpster diving treasure to point out lack of cross-cut shredding that included bills from trusted vendors with account info, credit card carbons, internal printed emails, customer data and more...
On the 9th day of Christmas the hackers hacked me via an email aimed at my wife concerning a refund of a holiday purchase with targeted malware using a custom packer that bypassed my installed and updated corporate AV investment, then after getting a remote shell he popped my work laptop that was also connected to my personal LAN that was unpatched due to the holiday freeze then exported the cert on the VPN client installed a keystroke logger on the computer that I use for business to capture the password.... ouch..
On the 10th day of Christmas the malicious hackers came back..... after it was updated and guessed my lame WPA password after being upgraded from WEP on Day 5 and changed it to "Hacked Again" and made it Open AP again
On the 11th day of Christmas the hackers knocked down my e-commerce website during the busy online shopping season with a Denial of Service Tool -- and suggested I look at the OWASP CRS Mod_Security project
On the 12th day of Christmas the hackers mailed to me a link to the breach report archives and state laws http://datalossdb.org/us_states
After having his A$$ handed to me in 201x..... I started to read the OWASP Foundation website @ http://www.owasp.organd found things like a new Enterprise Security API (EASPI), Free Videos, Guidance on Mobile Security, Jobs Postings from around the world and over 100+ other projects: https://www.owasp.org/index.php/Category:OWASP_Project . He also planned to attend both AppSec events and after review of the *NEW* About OWASP member flyer, his organization was supportative of him joining the professional community of builders, breakers and defenders in the community. https://www.owasp.org/images/4/49/OWASP_Brochure_-_Global.pdf
Happy Holidays!
Monday, December 10, 2012
AppSec 2013: OWASP Projects Track Call for Entries
This CFE is now closed. We will not be accepting any more submissions.
This year for AppSec APAC 2013, we are offering a limited number of FREE speaking opportunities to OWASP Project Leaders, as well as FREE conference admission for the representatives of the chosen projects. We would like to invite ALL OWASP Project Leaders to apply.
This year for AppSec APAC 2013, we are offering a limited number of FREE speaking opportunities to OWASP Project Leaders, as well as FREE conference admission for the representatives of the chosen projects. We would like to invite ALL OWASP Project Leaders to apply.
The APAC 2013 OWASP Project Track (OPT) forum differs from OSS in that only OWASP Projects can apply to participate. This is a great opportunity for OWASP Project Leaders to showcase their project as an official conference presenter. Please note that successful OPT applicants are responsible for developing and presenting in their designated time slot at the conference.
One of the benefits of participating in the AppSec APAC 2013 Project Track is that OWASP Project Leaders have the option of requesting financial assistance from the Foundation to cover travel and hotel expenses ONLY. This funding is only available to projects that have been selected to participate in the Project Track at AppSec APAC 2013. Preference will be given to OWASP Project Leaders that are applying to present at the conference that is closest to their region. Additionally, preference will be given to OWASP Project Leaders that have not presented or participated in the Project Track forum.
APPLICATION DEADLINES
OPT Applications are due: December 28, 2012
CONFERENCE DATE
February 19-22, 2013
All OPT presentations will be held between February 21-22, 2013.
For an opportunity to present your open source project through the OPT at AppSec APAC 2013, please submit your application using the OSPT APAC 2013 Application.
AppSec 2013: Open Source Showcase Call for Entries
This CFE is now closed. We will not be accepting any more submissions.
This year for AppSec APAC 2013, we are offering a limited number of FREE booth spaces to open source projects, as well as FREE conference admission for the representatives of the chosen projects. We would like to invite ALL open source projects to apply.
This year for AppSec APAC 2013, we are offering a limited number of FREE booth spaces to open source projects, as well as FREE conference admission for the representatives of the chosen projects. We would like to invite ALL open source projects to apply.
The APAC 2013 Open Source Showcase is not just for OWASP projects. All open source projects are encouraged to apply for an opportunity to showcase, demo, and/or promote their project. Showcase participants will be responsible for manning their booth during their allocated time.
One of the benefits of participating in the AppSec APAC 2013 Showcase is that OWASP Project Leaders have the option of requesting financial assistance from the Foundation to cover travel and hotel expenses ONLY. This funding is only available to projects that have been selected to participate in the Showcase at AppSec APAC 2013. Preference will be given to OWASP Project Leaders that are applying to present at the conference that is closest to their region. Additionally, preference will be given to OWASP Project Leaders that have not presented or participated in the OSS forum.
APPLICATION DEADLINES
OSS Applications are due: December 28, 2012
CONFERENCE DATE
February 19-22, 2013
All OSS presentations will be held between February 21-22, 2013.
For an opportunity to showcase your open source project at AppSec APAC 2013, please submit your application using the Open Source Showcase form.
Wednesday, December 5, 2012
OWASP 2013
2013 planning is underway for OWASP. We've got lots of great local
initiatives taking place at our numerous chapters all over the world. I
have no doubt these local efforts will continue to prosper (find your local chapter here).
Looking at OWASP overall, what do you want to see in 2013?
Do you have areas where you'd like to focus and help OWASP grow?
--
Michael Coates | OWASP | @_mwc
Looking at OWASP overall, what do you want to see in 2013?
Do you have areas where you'd like to focus and help OWASP grow?
--
Michael Coates | OWASP | @_mwc
Monday, December 3, 2012
OWASP Spain Chapter Receives Award!
OWASP Spain has received an award in recognition for their cooperation and continued support for the dissemination of web application security in Spain.
The award was given by the RedSeguridad Magazine in a ceremony in which prizes were awarded to various institutions and ended in a lively cocktail party.
Vicente Aguilera Diaz, the OWASP Spain Chapter Leader, was present to receive the award on behalf of the chapter. There were more than 200 attendees during the celebration, with all leading figures in the security industry from Spain present during the event.
This is the second award for the OWASP Spain Chapter, as in 2008 they received another important award from SIC magazine.
We would love to congratulate Vicente, and all active participants in the OWASP Spain Chapter. Well done to you all!
IBM Software Summit: OWASP Spain in Review
Vicente Aguilera Díaz, the OWASP Spain Chapter Leader, was pleased to give a presentation at this congress of great importance for the country, which took place in Madrid.
With over 2000 attendees, OWASP had great visibility with participation at this event!
You can find more information about the event here: IBM Software Summit #START013.
Subscribe to:
Posts (Atom)