OWASP local chapter meeting
Thursday, December 18, 2014 from 3:30 PM to 8:00 PM (CET)
San Francisco, California
London, United Kingdom
it is pleasure to inform you that next OWASP local chapter meeting is coming! We will meet 18th of December. This time we will have 3 speakers:
- Jan Kopecky has been in world of IT security for more than 10 years. He is interested in web application security, exploit development, malware research and reverse engineering. Currently Jan works as senior web application pentester for insurance company based in EU. He also started his private company four years ago. In his freetime he .. Well he does not have much freetime.
- Nicolas Gregoire has more than 13 years of experience in penetration testing and auditing of networks and (mostly web) applications. A few years ago, he founded Agarri, a small company where he finds security bugs for customers and for fun. His research was presented at numerous conferences around the world and he was publicly thanked by tons of vendors for responsibly disclosing vulnerabilities in their products. He occasionally participates in bug bounties, and earned the highest rewards from Prezi (twice) and Yahoo.
- Dr.-Ing. Mario Heiderich, handsome heart-breaker, philanthropist billionaire, bon-vivant and (as he loves to call himself) "security researcher" is from Berlin, likes everything between lesser- and greater-than, leads the small yet exquisite pen-test company called Cure53 and pesters peaceful attendees on various 5th tier conferences with his hastily assembled powerpoint-slides. Mario was raised by Gorillas in Nepal and has actual hair on his teeth.
Jan will speak about exploitation (details coming soon)
Nicolas - Hunting for top bounties
I recently participated to a few bug bounties, with a focus on XML technologies and SSRF. As a result, I pwned Prezi, Yahoo, and Facebook (among others). Big compromises implying big rewards, I earned quite some money. Around 50k$ in 20 days, for pwning production networks, that's a hobby that most sane people should enjoy!
Mario - In the DOM, no one will hear you scream
This talk is about the DOM and its twilight zones. We'll have a look at the weird parts and talk about where and why this might be security critical and affect your precious online applications, browser extensions or packaged apps. To understand the foundations of what the DOM has become by today, we'll further explore the historical parts — who created the DOM, what was the intention and how fought dirty about it during the browser wars.
Finally, we'll see a DOM based attack called DOM Clobbering. An attack, that is everything but obvious and affected a very popular and commonly used Rich Text Editor. Be prepared for a lot of tech-talk as
well as fear and loathing in the browser window. But don't shed no tears, there's a tool that fixes the security crazy for you and thistalk will present it.
The event will occur in the room number 309 (3rd floor). Below you can find agenda (which might change slightly):
15:30 - 16:00 Registration
16:00 - 16:45 Jan
17:00 - 17:45 Nicolas
18:00 - 18:45 Mario
19:00 - 20:00 Pizza and open discussion