I became a member in the OWASP (Open Web Application Security Project) today. I am glad to support the great initiative for Web Application Security, which has been taken by OWASP.
For all reading this, please become OWASP members, it is a great initiative, which is completely free. We should do all we can to support it. It costs just $50 for the Individual membership for a year.
Please join up and make a difference
Showing posts with label owasp. Show all posts
Showing posts with label owasp. Show all posts
Sunday, June 7, 2009
OWASP Bangalore Chapter Meet: 7th June 2009
It was the first meeting of the OWASP Bangalore Chapter that I was attending. The meeting was scheduled at 9am at the India Coffee House on Church Street in Bangalore. Although, the location was not the most suitable, especially keeping in mind that that presentations on App Sec and other Info Sec related issues would be part of the meeting. Nevertheless, it was nice seeing some energy from this chapter.
Rajiv Vishwa's was the only presentation on using Firefox as the ultimate App Sec assessment tool. Rajiv demonstrated the use of several Mozilla Addons like Tamper Data, XSS-Me, SQL Inject-me demoed over Webgoat to a small group of dedicated OWASPers in Bangalore. It was an interesting presentation, which highlighted the fact, that there are several tools for performing AppSec assessments and a pen-tester would never really have to leave the comfort of the browser to perform security testing for applications. Mozilla provides several other addons like Firebug, FoxyProxy, etc, which allow the easy assessment of web applications. Although Rajiv had to leave early, I took over and we discussed talked more AppSec. I stressed on the use of exploit frameworks like Metasploit for Pentests and also discussed how Application development needs to be given the impetus, it so badly deserves from the security standpoint. We signed off on a positive note.
The Bangalore Chapter has some great energy going but needs a lot more to live up to the reputation of being the OWASP Chapter in the Silicon Valley of India. It would be great to see more Bangaloreans interested in AppSec and InfoSec attend the Chapter meets and play an active role in the development of this community. I will try and get in touch with the ISACA Chapter in Bangalore for some joint meetings and meeting space. Hopefully, things should go well on that front. I would request anyone part of the OWASP Bangalore Mailing list to actively participate and probably initiate some action on the location issue for the chapter. There is a nice quote which I would like to share with all of you, "I ask not for lighter burden, but for stronger shoulders".
Thanks
Rajiv Vishwa's was the only presentation on using Firefox as the ultimate App Sec assessment tool. Rajiv demonstrated the use of several Mozilla Addons like Tamper Data, XSS-Me, SQL Inject-me demoed over Webgoat to a small group of dedicated OWASPers in Bangalore. It was an interesting presentation, which highlighted the fact, that there are several tools for performing AppSec assessments and a pen-tester would never really have to leave the comfort of the browser to perform security testing for applications. Mozilla provides several other addons like Firebug, FoxyProxy, etc, which allow the easy assessment of web applications. Although Rajiv had to leave early, I took over and we discussed talked more AppSec. I stressed on the use of exploit frameworks like Metasploit for Pentests and also discussed how Application development needs to be given the impetus, it so badly deserves from the security standpoint. We signed off on a positive note.
The Bangalore Chapter has some great energy going but needs a lot more to live up to the reputation of being the OWASP Chapter in the Silicon Valley of India. It would be great to see more Bangaloreans interested in AppSec and InfoSec attend the Chapter meets and play an active role in the development of this community. I will try and get in touch with the ISACA Chapter in Bangalore for some joint meetings and meeting space. Hopefully, things should go well on that front. I would request anyone part of the OWASP Bangalore Mailing list to actively participate and probably initiate some action on the location issue for the chapter. There is a nice quote which I would like to share with all of you, "I ask not for lighter burden, but for stronger shoulders".
Thanks
Tuesday, May 19, 2009
OWASP Chennai Meet - 17 May 2009
The OWASP Chennai Chapter meet was held on the 17th of May 2009 at Chennai. It was very nice to see some dynamism from the OWASP Community in India. I am happy to see great steps being taken by the Chennai OWASP Team (Chandrasekar and the rest) in taking initiative.
The talks scheduled for the day were on Globalization and its role in Information Security and Mobile Crimes
I was invited to speak and I spoke on Application Security Risk, in a talk entitled "Application Security Risk - The Full Circle"
Here's the presentation:
This presentation highlights the importance of Application Security Risk and how to perform effective and comprehensive Risk Assessments for Web Applications to provide for a robust protection strategy. It highlights how an effective Application Security Risk Assessment can result in the development of a secure SDLC, feed the Security Testing area with threat modeling and the development of "Abuse Cases" and become the foundation for a strong and secure web application.
The talks scheduled for the day were on Globalization and its role in Information Security and Mobile Crimes
I was invited to speak and I spoke on Application Security Risk, in a talk entitled "Application Security Risk - The Full Circle"
Here's the presentation:
OWASP Chennai Talk - Application Security Risk - The Full Circle
View more presentations from abhaybhargav.
This presentation highlights the importance of Application Security Risk and how to perform effective and comprehensive Risk Assessments for Web Applications to provide for a robust protection strategy. It highlights how an effective Application Security Risk Assessment can result in the development of a secure SDLC, feed the Security Testing area with threat modeling and the development of "Abuse Cases" and become the foundation for a strong and secure web application.
Subscribe to:
Comments (Atom)