Owasp Bulawayo Meeting: Hack a bank using XSS

Actions Panel

Owasp Bulawayo Meeting: Hack a bank using XSS

By Trevor Sibanda

Date and time

Saturday, October 3, 2015 · 9:30am - 2:30pm CAT

Location

SkyHub

Suite 443(4th floor), 55 J.Moyo St between 4th and 3rd Avenue NUST CCE Building Bulawayo Zimbabwe

Description

OWASP Bulawayo
MEETUP - 3rd October 2015

3 October 2015 / 09:30 AM / ROOM 443, NUST CCE

Location

SkyHub

Suite 443, 55 J.Moyo, 4th Avenue,

NUST Center for Continuing Education Building

Starts 9:30 Am

AGENDA

Opening Remarks

  1. by Trevor Sibanda and Martin Mozgalev - Skyhub Manager

Introductions

Html and Javascript in 15 minutes.

by Michael Dera

Penetration testing methodology

Speaker TBA. ( 20 minute presentation + 10 minute Q&A )

Short Break

10 minutes.

Introduction to XSS

  • Presentation on Reflected XSS , Persistent XSS and DOM based XSS.

  • Two hands on demos on reflected and persistent xss

  • by Trevor Sibanda ~ 1 Hour

Capture the flag event.

  • Hack into a bank by exploiting an XSS vulnerability.

  • 1 Hour

XSS mitigation in PHP

  • by Tinashe Makuti

  • Access to source code used in demos + mitigation tips

Closing remarks, refreshments + networking

NOTES
  • Bring a laptop - Windows or Linux

  • Arrive by 9:30 Am

  • Limited spots, reservation needed.

FAQs

What is Owasp ?

The Open Web Application Security Project (OWASP) is a worldwide not-for-profit charitable organization focused on improving the security of software. Our mission is to make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks.

Everyone is free to participate in OWASP and all of our materials are available under a free and open software license. You'll find everything about OWASP here on or linked from our wiki and current information on our OWASP Blog. OWASP does not endorse or recommend commercial products or services, allowing our community to remain vendor neutral with the collective wisdom of the best minds in software security worldwide. We ask that the community look out for inappropriate uses of the OWASP brand including use of our name, logos, project names and other trademark issues.

Are there ID requirements or an age limit to enter the event?

No age requirements

What can/can't I bring to the event?

Bring a laptop.

Where can I contact the organizer with any questions?

Direct all questions to our Facebook page

Is my registration/ticket transferrable?

Yes, but let us know beforehand

Do I have to bring my printed ticket to the event?

No necessary. Just register online

About the organizer

Organized by
Trevor Sibanda

Trevor Sibanda is the Owasp Bulawayo Chapter Leader. An avid developer, computer security enthusiast, and a CREST Student partner and Kairos Society Fellow  amongst other things. He enjoys writing code in x86 Assembly, C++, Python, Rust and Scala.

Catch him at the Owasp meetup.