Owasp Chapter Meeting #27
Event Information
Description
Date: Friday 29.5
Location: Life Science Center Keilaranta 10-16
Seats limited to: 80
17:30 Welcome coffee
18:00 Opening words / Petteri Arola, OWASP Helsinki
18:05 Word from our sponsor / Nixu
18:15 50 Shades of AppSec / Troy Hunt
19:00 Break
19:15 Hack yourself first: how go on the cyber-offence before online attackers do / Troy Hunt
20:00-23:00 Refreshments and Sauna on the 7th floor
As always, the event is free and open to anyone, so spread the word to your fellows too!
Abstracts:
User Group Presentation 1: 50 Shades of AppSec
The AppSec industry is enormously diverse and it only continues to diverge as we put more software into more things with more connections. It’s an industry that’s fluctuating between the sophisticated to the absurd, the intelligent to the primitive and the scary to the outright hilarious. There’s valuable lessons to be taken away from these events and applied in our future security efforts.
In this talk, Troy is going to cover a broad spectrum of what’s happening in our industry – an entire 50 shades of it in only 45 minutes – and you’ll get a sense of just how challenging it’s becoming for those of us working in AppSec to keep ahead of the attacks. Troy will cover everything from the social aspects of hacking through to some of the more obscure attacks and the increasing challenges we have as defenders.
User Group Presentation 2: Hack yourself first: how go on the cyber-offence before online attackers do
The prevalence of online attacks against websites has accelerated quickly recently and the same risks continue to be exploited. However, these are often easily identified directly within the browser; it’s just a matter of understanding the vulnerable patterns to look for.
‘Hack Yourself First’ is all about developers building up cyber-offence skills and proactively seeking out security vulnerabilities in their own websites before an attacker does. It recognises that we have huge volumes of existing websites that haven’t gone through sufficient security review plus we continue to create new content that even when built with security in mind, still needs testing from the perspective of a cybercriminal.
In this session we’ll look at website security from the attacker’s perspective and exploit common risks in a vulnerable web application. We’ll also explore ways to easily grab credit cards, gain immediate FTP access to thousands of websites, crack password cryptography you think is secure and hijack wifi.