Hi all,

My name is Blythe and I am the Assistant Site Director of CodeChix. We are actually hosting two OWASP events in Downtown Palo Alto next week, a technical talk and a hands-on workshop, both presented by Mack Staples (Zenefits). I have more information and links below... I hope to see some of you there!

OWASP Tech Talk- Thursday June 23rd, 7pm, Downtown Palo Alto

This talk will introduce students to OWASP, an open-source, community-driven project focused on web and mobile security. We’ll explore the most prolific OWASP project, the OWASP Top 10. This project, active for over a decade, lists the 10 most significant categories of security vulnerabilities currently in the wild. This introductory talk will expose students to these vulnerabilities, ranging from well-known issues such as SQL Injection to more obscure, but very common, issues like Cross-Site Request Forgery. Students will learn how each of these 10 issues are created, how they can be abused, the impact of exploiting them, and how they can be avoided.

Click here for tickets to the OWASP tech talk!

OWASP Hands-On Workshop Saturday June 25th 10am, Downtown Palo Alto

 Note: You do not have to attend the tech talk in order to attend the workshop, though it is highly recommended

The workshop portion will build upon the concepts introduced in the talk. Students will have the opportunity to see all of the Top 10 issues in action, and learn how to exploit the issues in a true-to-life vulnerable web application. Some of the topics we’ll explore are bypassing authentication with SQL Injection, stealing sensitive data through Cross-Site Scripting, and abusing access control mechanisms through Force Browsing. By the end of the workshop, students will be able to identify, exploit, and explain all of the Top 10 vulnerabilities, as well as understand how to develop applications without introducing these common issues.

Finally, time permitting, we may explore the OWASP Mobile Top 10. Like the Web Top 10 list, this project lists the ten most serious issues found in mobile applications today.

Students will need their own wifi-enabled laptop with Firefox and an intercept proxy such as Burp Suite (preferred), Charles Proxy, or OWASP ZAP. We’ll cover the best way to configure these tools in the workshop. To get the most out of the workshop, students will need to have a grasp of basic web application architecture, plus basic skills in HTML, web forms, and JavaScript.

** Lunch and snacks will be provided **

Click here for tickets to the OWASP hands-on workshop!

You need to be a member of OWASP to add comments!


Email me when people reply –