OWASP in Vegas: Black Hat USA and Def Con 21

OWASP Community Members -

Many of you will surely be in Las Vegas next week for one or more of the conference events going on: Black Hat USA, B-Sides Las Vegas, and Def Con 21.  I wanted to give you an update on where to find OWASP while you are there!

Are you going to Vegas and want to help us promote OWASP? Or are you presenting on OWASP and we missed you in this call out? Or do you want to schedule some face time with OWASP staff members (Sarah Baso, Kelly Santalucia, or Samantha Groves)?  Contact us  with updates and requests.

OWASP will have a booth (table top E3) at Black Hat in the foyer area outside the Emperor's Ballroom. Stop by and visit with OWASP staff, volunteers, board members and pick up a Las Vegas "emergency kit"!

OWASP Projects giving demos at the Black Hat Arsenal

OWASPXENOTIX XSS EXPLOIT FRAMEWORK, 

presented by Ajin Abraham: 

Xenotix XSS Exploit Framework is a penetration testing tool to detect and exploit XSS vulnerabilities in Web Applications. It is basically a payload list based XSS Scanner and XSS Exploitation kit and has has the world's second largest XSS Payload list. It provides a penetration tester the ability to test all the XSS payloads available in the payload list against a web application to test for XSS vulnerabilities. The tool supports both manual mode and automated time sharing based test modes. The exploitation framework in the tool includes a XSS encoder, a victim side XSS keystroke logger, an Executable Drive-by downloader and a XSS Reverse Shell. These exploitation tools will help the penetration tester to create proof of concept attacks on vulnerable web applications during the creation of a penetration test report.

OWASPBROKEN WEB APPLICATIONS VM,  presented by Chuck Willis:

The Open Web Application Security Project (OWASP) Broken Web Applications project provides a free and open source virtual machine loaded with web applications containing security vulnerabilities. This session will showcase the project VM and exhibit how it can be used for training, testing, and experimentation by people in a variety of roles. Demonstrations will cover how the project can be used by penetration testers who discover and exploit web application vulnerabilities, by developers and others who prevent and defend against web application attacks, and by individuals who respond to web application incidents. New features and applications in the recently released version 1.1 of the VM will also be highlighted.

OWASP DEPENDENCY-CHECK, 

presented by Jeremy Long:

Does your application have dependencies on 3rd party libraries? Do you know if those same libraries have published CVEs? Dependency-Check, an OWASP project, can help by providing identification and monitoring of application dependencies. The core engine can scan the libraries and will create an inventory of all the dependent libraries and whether or not there are any published CVEs. Dependency-Check's new build plugins will be demonstrated as well as how the tool can be used to perform continuous monitoring of your applications and their dependencies.

No official booth but many OWASPers will be floating around the conference, volunteering as goons at swag, and participating in talks.

Are you ready to party?

OWASPAppSec USA is sponsoring "Def Con Parties" on Friday night at the Rio Hotel. This party is open to anyone with a Def Con badge.