14 June 2014

null Meetup: OWASP

People who are into software security (web app security and the like...), you'd be happy to know that OWASP Bangalore organizes meetups every now-and-then to share knowledge. Today, there were around 40 people who attended the session at ThoughtWorks, Koramangala.

For those of you who haven't heard of null: "null is India's largest open security community. Registered as a non-profit society in 2010. null is Open, is professional, is inclusive, responsible and most importantly completely volunteer driven".

The agenda today was:
  • OWASP Mobile Top 10 - Part 2 by Anant Shrivastava 
  • Security NEWS Bytes by Nishanth Kumar 
  • Flash based XSS by Abeer Banerjee
  • BEeF by Prashanth Sivarajan  
  • ESAPI  by Satish

Although I couldn't attend the entire session, I did get to hear about the need for encryption (SSL/TLS), the discovery of Heartbleed, the use of msfconsole (I mentioned to them as a word of caution that it should be used only for testing vulnerabilities in one's own application, and never be used on other websites on the internet, as it is not legal to do so) and Perfect Forward Secrecy.
Also briefly covered, were topics on BEeF, BURP suite for app security, ESAPI, WebGoat, PE studio and some news feeds (one of which surprised me - apparently, TrueCrypt isn't secure anymore).

What's more important than the knowledge sharing here, is the networking. They have a networking session, where experts in various security domains stand at different corners of the room and you get a chance to meet them and talk to them. Makes sense, and worth attending the meetup for this very reason. You get to network with many other people who are into security, and can learn from them.

If you'd like to attend future sessions, registrations are on swachalit.

p.s.: A session can only be as interesting as the persons conducting it. This particular session had speakers who were very slow, so you might want to use your discretion on whether a session is helping you or not.

No comments: