Please note that all Bangalore null meets are free for anyone to attend. There are absolutely no fees. Just come with an open mind and willingness to share and learn.
The schedule for this month’s meet is as outlined below:
09:30 – 10:15: Web Application Security for Beginners: XML Injection – Jayesh Singh
This is a multipart series on Web Application Security. This session will cover XML Injection attacks, the identification and concepts behind it. The speaker will also talk about different types of XML data manipulation and the mitigation for this vulnerability.
10:15 – 10:25: Introductions
10:25 – 11:00: OAuth Tokens and their Security – Vindhya Nagaraj
This talk will begin with a description of REST and continue to discuss OAuth Implementation & its security.
11:00 – 11:40: A primer on Manual Source Code review – Sandesh Anand
Sandesh will give us a quick overview of code review in general and demonstrate some interesting instances where reviewing code manually can be useful. In addition, we will “attempt” to answer the following questions with this talk:
1. Why review code when you can find XSS (other common issues) through a pen-test?
2. Are there any instances where manual code review trumps automated (tool-based) review?
He will have a lot of Java code snippets to review for the talk. We can review as many as time permits.
11:40 – 12:00 Networking session followed by a break
12:00 – 12:30: LFI to Remote Code Execution – Sharath Unni
The speaker will demo LFI discovery both manually and using scanners. Various other ways of achieving RCE via LFI also will be covered.
12:30 – 13:00: Getting started with IPtables – Part 2 – Nishanth Kumar
The talk will cover the following:
– Review of Part 1
– Understanding IPTable Rules
– Options available in writing IPTable rules
– Some customized commands and some examples
13:00 – 13:30: (In)Security in E-commerce – Shadab & Ankur
To understand such a growing market and customers, all the companies try to capture the maximum amount of information, helping them to provide a better experience. With integration of third party tools, open source, analytics over the website, there is a huge risk of information leakage/data compromise/User compromise etc. The speakers will talk about security around Information Flow, User Tracking, Public Disclosure, Lifecycle of a security Bug, Traceability/Monitor-ability revolving around E-commerce domain.
13:30 – 13:45: Feedback and Topic discussion for next month meet
ThoughtWorks, ACR Mansion,
147/f, 8th Main Road, 3rd Block, Koramangala,
Bangalore – 560034
Google Maps: http://goo.gl/bokSL
Co-ordinates: 12.928715, 77.628897
Landmarks : Next to Satya’s Bar, near Mercure Hotel, near Raheja Residency and close to 3rd Block Koramangala BDA