My name is Blythe and I am the Assistant Site Director of CodeChix. We are actually hosting two OWASP events in Downtown Palo Alto next week, a technical talk and a hands-on workshop, both presented by Mack Staples (Zenefits). I have more information and links below... I hope to see some of you there!
OWASP Tech Talk- Thursday June 23rd, 7pm, Downtown Palo Alto
This talk will introduce students to OWASP, an open-source, community-driven project focused on web and mobile security. We’ll explore the most prolific OWASP project, the OWASP Top 10. This project, active for over a decade, lists the 10 most significant categories of security vulnerabilities currently in the wild. This introductory talk will expose students to these vulnerabilities, ranging from well-known issues such as SQL Injection to more obscure, but very common, issues like Cross-Site Request Forgery. Students will learn how each of these 10 issues are created, how they can be abused, the impact of exploiting them, and how they can be avoided.
Note: You do not have to attend the tech talk in order to attend the workshop, though it is highly recommended
The workshop portion will build upon the concepts introduced in the talk. Students will have the opportunity to see all of the Top 10 issues in action, and learn how to exploit the issues in a true-to-life vulnerable web application. Some of the topics we’ll explore are bypassing authentication with SQL Injection, stealing sensitive data through Cross-Site Scripting, and abusing access control mechanisms through Force Browsing. By the end of the workshop, students will be able to identify, exploit, and explain all of the Top 10 vulnerabilities, as well as understand how to develop applications without introducing these common issues.
Finally, time permitting, we may explore the OWASP Mobile Top 10. Like the Web Top 10 list, this project lists the ten most serious issues found in mobile applications today.
** Lunch and snacks will be provided **