OWASP - User contributions [en]

Suffolk

2019-05-19T20:25:58Z

Abhinav: /* TALKS: */

{{Chapter Template|chaptername=Suffolk|extra=The chapter leaders are [mailto:wojciech.cichon@owasp.org Wojciech Cichon] and [mailto:abhinav.sejpal@owasp.org Abhinav Sejpal]. Please follow as on Twitter [https://twitter.com/owaspsuffolk @owaspsuffolk] and subscribe to our [https://www.youtube.com/channel/UCGU_bGraZZZc37pQytdaH6w youtube channel].
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-Suffolk|emailarchives=http://lists.owasp.org/pipermail/owasp-Suffolk}}

==Meeting Sponsors==
The following is the list of organisations who have generously provided us with space for OWASP Suffolk chapter events
<table cellpadding="15" cellspacing="0">
<tr>
<td>
[[Image:UOS-IWIC-logo-RGB.jpg|link=https://www.uos.ac.uk/content/ipswich-waterfront-innovation-centre-0|alt=IWIC|200px]]
</td>
</tr>
</table>
==Next Meeting/Event(s)==
===[https://www.meetup.com/OWASP-Suffolk-Chapter/events/261011276/ Tuesday, 21 May 2019 (Ipswich)]===
Location: University of Suffolk, Waterfront Building, 19 Neptune Quay, Ipswich IP4 1QJ

====TALKS:====
* '''OWASP Suffolk Introduction, Welcome and News - WTC'''
:Welcome and an update on OWASP Projects & Events from the OWASP Suffolk Chapter Leader.
* '''Windows Active Directory Security Lowlights - Barry Myles'''
:Once an attacker is inside your organisation they very often will misuse Windows Active Directory for almost total compromise of every aspect of an organisation's computing infrastructure and the data it holds. This talk will describe how an attacker might do this, when they have done so in the past, the kinds of tools they would use, what common mistakes enable this, and how organisations could go about defending themselves both through changes in behaviour and changes to their setup.
====Speakers====
* Barry Myles leads an internal penetration testing team at BT, although tries to stay away from very traditional views of pen testing as much as possible. After becoming somewhat bored and jaded with project management work in 2006 he decided the life on an attacker was a very much more fun, but perhaps less constructive way of life. He enjoys large scale scanning, reverse engineering, cryptography, hardware hacking and network protocols a bit too much.
==Past Meeting/Event(s)==
===[https://www.meetup.com/OWASP-Suffolk-Chapter/events/260078150/ Tuesday, 23rd April 2019 (Ipswich)]===
Location: University of Suffolk, Waterfront Building, 19 Neptune Quay, Ipswich IP4 1QJ

====TALKS:====
* '''OWASP Suffolk Introduction, Welcome and News - WTC'''
:Welcome and an update on OWASP Projects & Events from the OWASP Suffolk Chapter Leader.
* '''Data Protection Act 2018 - Rebecca Moran''' [ [[Media:Owaspsuffolk-20190423.pdf|<nowiki/>]][https://www.slideshare.net/owaspsuffolk/data-protection-within-development PDF] ] [ [https://www.youtube.com/watch?v=8l39NhDwJe4 Video] ]
:An overview of the requirements of the new Data Protection Act 2018 (GDPR) and it’s influence in development and project management.

====Speakers====
* Rebecca Moran is owner of ReMo InfoSec - qualified ISO27001 lead implementer and auditor – preacher of the ISO27001 bible. Registered GDPR practitioner and all round data protection whiz.

===[https://www.meetup.com/OWASP-Suffolk-Chapter/events/259469036/ Tuesday, 19th March 2019 (Ipswich)]===
Location: University of Suffolk, Waterfront Building, 19 Neptune Quay, Ipswich IP4 1QJ

====TALKS:====
* '''OWASP Suffolk Introduction, Welcome and News - WTC'''
:Welcome and an update on OWASP Projects & Events from the OWASP Suffolk Chapter Leader.
* ''' Understanding how to prevent Sensitive Data Exposure - Simon Greatrix [ [[Media:Owaspsuffollk-20190319.pdf|<nowiki/>]][https://www.slideshare.net/owaspsuffolk/understanding-how-to-prevent-sensitive-data-exposure PDF] ] [ [https://www.youtube.com/watch?v=Z1nNq3wt7Bg Video] ]'''
: Sensitive data is often the target of any attack, and its exposure has the greatest risk of long-term damage. OWASP and the PCI DSS provide many recommendations. The internet provides even more. These can be hard to understand, hard to implement, and contradictory. I will be sharing my understanding of how the cryptographic algorithms work and how they should best be used.

====Speakers====
* Dr Simon Greatrix has been writing software since the late 70s and has worked as a security expert for e-commerce for nearly 20 years. He is currently working on SETL’s block chain product. Java has been his preferred programming language since 1996.

===Monday, 25th February 2019 (Ipswich)===
Location: Connexions, 159 Princess Street, Ipswich

====TALKS:====
* '''OWASP Suffolk Introduction, Welcome and News - WTC'''
:Welcome and an update on OWASP Projects & Events from the OWASP Suffolk Chapter Leader.
* '''Yet another talk on OWASP Top 10 - WTC [PDF]'''
: Brief overview of OWASP Top 10.

====TICKETS:====
This event is free to attend for both members and non-members of OWASP and is open to anyone interested in application security and cyber security. Please note that you MUST RSVP to book your place and get a ticket to be admitted to the event by building security - your name will be checked against the guest list.
Register to attend this event at OWASP Suffolk Chapter - [https://www.meetup.com/OWASP-Suffolk-Chapter/ Meetup] - RSVP to attend

== Local News ==
We reopened the chapter, and currently we are looking for venue and speakers.

If you have would like to present a talk on Application Security at any incoming OWASP Suffolk Chapter events, please send us the proposed talk title, abstract and your bio via e-mail:
wojciech.cichon@owasp.org

abhinav.sejpal@owasp.org

Everyone is welcome to join us at our chapter meetings.

[[Category:OWASP Chapter]]
[[Category:Europe]]

Suffolk

2019-04-20T15:56:36Z

Abhinav: Update the changes.

{{Chapter Template|chaptername=Suffolk|extra=The chapter leaders are [mailto:wojciech.cichon@owasp.org Wojciech Cichon] and [mailto:abhinav.sejpal@owasp.org Abhinav Sejpal].
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-Suffolk|emailarchives=http://lists.owasp.org/pipermail/owasp-Suffolk}}

==Meeting Sponsors==
The following is the list of organisations who have generously provided us with space for OWASP Suffolk chapter events
<table cellpadding="15" cellspacing="0">
<tr>
<td>
[[Image:UOS-IWIC-logo-RGB.jpg|link=https://www.uos.ac.uk/content/ipswich-waterfront-innovation-centre-0|alt=IWIC|200px]]
</td>
</tr>
</table>
==Next Meeting/Event(s)==
===[https://www.meetup.com/OWASP-Suffolk-Chapter/events/260078150/ Tuesday, 23rd April 2019 (Ipswich)]===
Location: University of Suffolk, Waterfront Building, 19 Neptune Quay, Ipswich IP4 1QJ

====TALKS:====
* '''OWASP Suffolk Introduction, Welcome and News - WTC'''
:Welcome and an update on OWASP Projects & Events from the OWASP Suffolk Chapter Leader.
* '''Data Protection Act 2018 - Rebecca Moran'''
:An overview of the requirements of the new Data Protection Act 2018 (GDPR) and it’s influence in development and project management.

====Speakers====
* Rebecca Moran is owner of ReMo InfoSec - qualified ISO27001 lead implementer and auditor – preacher of the ISO27001 bible. Registered GDPR practitioner and all round data protection whiz.

==Past Meeting/Event(s)==
===[https://www.meetup.com/OWASP-Suffolk-Chapter/events/259469036/ Tuesday, 19th March 2019 (Ipswich)]===
Location: University of Suffolk, Waterfront Building, 19 Neptune Quay, Ipswich IP4 1QJ

====TALKS:====
* '''OWASP Suffolk Introduction, Welcome and News - WTC'''
:Welcome and an update on OWASP Projects & Events from the OWASP Suffolk Chapter Leader.
* ''' Understanding how to prevent Sensitive Data Exposure - Simon Greatrix [ [[Media:Owaspsuffollk-20190319.pdf|PDF]] ] [ [https://www.youtube.com/watch?v=Z1nNq3wt7Bg Video] ]'''
: Sensitive data is often the target of any attack, and its exposure has the greatest risk of long-term damage. OWASP and the PCI DSS provide many recommendations. The internet provides even more. These can be hard to understand, hard to implement, and contradictory. I will be sharing my understanding of how the cryptographic algorithms work and how they should best be used.

====Speakers====
* Dr Simon Greatrix has been writing software since the late 70s and has worked as a security expert for e-commerce for nearly 20 years. He is currently working on SETL’s block chain product. Java has been his preferred programming language since 1996.

===Monday, 25th February 2019 (Ipswich)===
Location: Connexions, 159 Princess Street, Ipswich

====TALKS:====
* '''OWASP Suffolk Introduction, Welcome and News - WTC'''
:Welcome and an update on OWASP Projects & Events from the OWASP Suffolk Chapter Leader.
* '''Yet another talk on OWASP Top 10 - WTC [PDF]'''
: Brief overview of OWASP Top 10.

====TICKETS:====
This event is free to attend for both members and non-members of OWASP and is open to anyone interested in application security and cyber security. Please note that you MUST RSVP to book your place and get a ticket to be admitted to the event by building security - your name will be checked against the guest list.
Register to attend this event at OWASP Suffolk Chapter - [https://www.meetup.com/OWASP-Suffolk-Chapter/ Meetup] - RSVP to attend

== Local News ==
We reopened the chapter, and currently we are looking for venue and speakers.

If you have would like to present a talk on Application Security at any incoming OWASP Suffolk Chapter events, please send us the proposed talk title, abstract and your bio via e-mail:
wojciech.cichon@owasp.org

abhinav.sejpal@owasp.org

Everyone is welcome to join us at our chapter meetings.

[[Category:OWASP Chapter]]
[[Category:Europe]]

Suffolk

2019-04-20T15:49:12Z

Abhinav: Added email info.

{{Chapter Template|chaptername=Suffolk|extra=The chapter leaders are [mailto:wojciech.cichon@owasp.org Wojciech Cichon] and [mailto:abhinav.sejpal@owasp.org Abhinav Sejpal].
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-Suffolk|emailarchives=http://lists.owasp.org/pipermail/owasp-Suffolk}}

==Meeting Sponsors==
The following is the list of organisations who have generously provided us with space for OWASP Suffolk chapter events
<table cellpadding="15" cellspacing="0">
<tr>
<td>
[[Image:UOS-IWIC-logo-RGB.jpg|link=https://www.uos.ac.uk/content/ipswich-waterfront-innovation-centre-0|alt=IWIC|200px]]
</td>
</tr>
</table>
==Next Meeting/Event(s)==
===[https://www.meetup.com/OWASP-Suffolk-Chapter/events/260078150/ Tuesday, 23rd April 2019 (Ipswich)]===
Location: University of Suffolk, Waterfront Building, 19 Neptune Quay, Ipswich IP4 1QJ

====TALKS:====
* '''OWASP Suffolk Introduction, Welcome and News - WTC'''
:Welcome and an update on OWASP Projects & Events from the OWASP Suffolk Chapter Leader.
* '''Data Protection Act 2018 - Rebecca Moran'''
:An overview of the requirements of the new Data Protection Act 2018 (GDPR) and it’s influence in development and project management.

====Speakers====
* Rebecca Moran is owner of ReMo InfoSec - qualified ISO27001 lead implementer and auditor – preacher of the ISO27001 bible. Registered GDPR practitioner and all round data protection whiz.

==Past Meeting/Event(s)==
===[https://www.meetup.com/OWASP-Suffolk-Chapter/events/259469036/ Tuesday, 19th March 2019 (Ipswich)]===
Location: University of Suffolk, Waterfront Building, 19 Neptune Quay, Ipswich IP4 1QJ

====TALKS:====
* '''OWASP Suffolk Introduction, Welcome and News - WTC'''
:Welcome and an update on OWASP Projects & Events from the OWASP Suffolk Chapter Leader.
* ''' Understanding how to prevent Sensitive Data Exposure - Simon Greatrix [ [[Media:Owaspsuffollk-20190319.pdf|PDF]] ] [ [https://www.youtube.com/watch?v=Z1nNq3wt7Bg Video] ]'''
: Sensitive data is often the target of any attack, and its exposure has the greatest risk of long-term damage. OWASP and the PCI DSS provide many recommendations. The internet provides even more. These can be hard to understand, hard to implement, and contradictory. I will be sharing my understanding of how the cryptographic algorithms work and how they should best be used.

====Speakers====
* Dr Simon Greatrix has been writing software since the late 70s and has worked as a security expert for e-commerce for nearly 20 years. He is currently working on SETL’s block chain product. Java has been his preferred programming language since 1996.

===Monday, 25th February 2019 (Ipswich)===
Location: Connexions, 159 Princess Street, Ipswich

====TALKS:====
* '''OWASP Suffolk Introduction, Welcome and News - WTC'''
:Welcome and an update on OWASP Projects & Events from the OWASP Suffolk Chapter Leader.
* '''Yet another talk on OWASP Top 10 - WTC [PDF]'''
: Brief overview of OWASP Top 10.

====TICKETS:====
This event is free to attend for both members and non-members of OWASP and is open to anyone interested in application security and cyber security. Please note that you MUST RSVP to book your place and get a ticket to be admitted to the event by building security - your name will be checked against the guest list.
Register to attend this event at OWASP Suffolk Chapter - [https://www.meetup.com/OWASP-Suffolk-Chapter/ Meetup] - RSVP to attend

== Local News ==
We reopened the chapter, and currently we are looking for venue and speakers.

If you have would like to present a talk on Application Security at any incoming OWASP Suffolk Chapter events, please send me the proposed talk title, abstract and your bio via e-mail:
wojciech.cichon@owasp.org

abhinav.sejpal@owasp.org

Everyone is welcome to join us at our chapter meetings.

[[Category:OWASP Chapter]]
[[Category:Europe]]

User:Abhinav

2019-04-02T13:13:42Z

Abhinav: /* Abhinav Sejpal */

=== Abhinav Sejpal ===

Fell in love with the power of software at age 17, and he is still in love. He is a security researcher, and SecDevOps ninja working at [https://www.accenture.com/ Accenture UK]. Abhinav frequently speaks and runs technical sessions at security events and conferences around the world (OWASP AppSec USA, DevSecCon, OWASP Summit, Null and OWASP Meetup). He has reported security vulnerabilities to 200+ Unique product giants all over the world including Apple, Adobe, Twitter, Linkedin, Yahoo, Superdry, Pinterest, VK etc. He enjoys finding and exploiting software vulnerabilities via reverse engineering, source code auditing, fuzzing. He researches primarily focused DevSecOps, Android, iOS Mobile App and open source project like ASVS, OWASP Mobile Top 10, Mobile Security Framework etc. Abhinav has trained over 50+ researchers and developers in information security for companies and organisations across the world.

[[File:Abhinav_Sejpal.jpg]]

Blog: [https://www.bugwrangler.in https://bugwrangler.in]

Twitter: [https://www.twitter.com/AbhinavSejpal @Abhinav_Sejpal]

Github: [https://github.com/bugwrangler bugwrangler]

User:Abhinav

2018-11-10T00:29:26Z

Abhinav: /* Abhinav Sejpal */

=== Abhinav Sejpal ===

Fell in love with the power of software at age 17, and he is still in love. He is a security researcher, and SecDevOps ninja working at [https://www.accenture.com/ Accenture UK]. Abhinav frequently speaks and runs technical sessions at security events and conferences around the world (OWASP AppSec USA, DevSecCon, OWASP Summit, Null and OWASP Meetup). He has reported security vulnerabilities to 200+ Unique product giants all over the world including Apple, Adobe, Twitter, Linkedin, Yahoo, Superdry, Pinterest, VK etc. He enjoys finding and exploiting software vulnerabilities via reverse engineering, source code auditing, fuzzing. He researches primarily focused DevSecOps, Android, iOS Mobile App and open source project like ASVS, OWASP Mobile Top 10, Mobile Security Framework etc. Abhinav has trained over 50+ researchers and developers in information security for companies and organisations across the world.

[[File:Abhinav_Sejpal.jpg]]

Blog: https://bugwrangler.in

Twitter: [https://www.twitter.com/Abhinav_Sejpal @Abhinav_Sejpal]

Github: [https://github.com/bugwrangler bugwrangler]

User:Abhinav

2018-04-05T10:52:00Z

Abhinav: fixed typo.

=== Abhinav Sejpal ===

Fell in love with the power of software at age 17, and he is still in love. He is a security researcher working at [http://www.accenture.com/in-en/digital/Pages/digital-index.aspx Accenture Digital]. He has reported security vulnerabilities 200+ Unique product giants all over the world including Apple, Adobe , Twitter, Linkedin, Yahoo , Superdry, Pinterest, VK etc. He enjoys finding and exploiting software vulnerabilities via reverse engineering, source code auditing, fuzzing. He researches primarily focused DevSecOps, Android , iOS Mobile App and open source project like ASVS, OWASP Mobile Top 10, Mobile Security Framework etc.

Assists organizations, Stakeholders & Customers in achieving real risk reduction by ensuring that they have the people, technologies, and processes in place to enable business operations while preventing, detecting, and responding to attacks by sophisticated cyber adversaries. Deeply skilled in Security Vision, Leadership & Pen-testing. Conducted application penetration testing, Web & Mobile application security reviews, and source code security analysis for internal clients. Identified vulnerabilities posing a high risk to the business and communicated them to the appropriate stakeholders for remediation, resulting in improved security posture and increased attack resiliency.

[[File:Abhinav_Sejpal.jpg]]

Speaker @ OWASP, Null , Weekend Testing Chapter

Blog: https://bugwrangler.in

Twitter: [https://www.twitter.com/Abhinav_Sejpal @Abhinav_Sejpal]

Github: [https://github.com/bugwrangler bugwrangler]

User:Abhinav

2017-02-25T11:16:31Z

Abhinav:

=== Abhinav Sejpal ===

Fell in love with the power of software at age 17, and he is still in love. He is a security researcher working at [http://www.accenture.com/in-en/digital/Pages/digital-index.aspx Accenture Digital]. He has reported security vulnerabilities 50+ Unique product giants all over the world including Apple, Adobe , Twitter, Linkedin, Yahoo , Pinterest, VK etc. He enjoys finding and exploiting software vulnerabilities via reverse engineering, source code auditing, fuzzing. He researches primarily focused Android , iOS Mobile App and open source project like ASVS, OWASP Mobile Top 10, Mobile Security Framework etc.

Assists organizations, Stakeholders & Customers in achieving real risk reduction by ensuring that they have the people, technologies, and processes in place to enable business operations while preventing, detecting, and responding to attacks by sophisticated cyber adversaries. Deeply skilled in Security Vision, Leadership & Pen-testing. Conducted application penetration testing, Web & Mobile application security reviews, and source code security analysis for internal clients. Identified vulnerabilities posing a high risk to the business and communicated them to the appropriate stakeholders for remediation, resulting in improved security posture and increased attack resiliency.

[[File:Abhinav_Sejpal.jpg]]

Speaker @ OWASP, Null , Weekend Testing Bangalore Chapter

Blog: https://bugwrangler.in

Twitter: [https://www.twitter.com/Abhinav_Sejpal @Abhinav_Sejpal]

Github: [https://github.com/bugwrangler bugwrangler]

Clickjacking

2017-02-25T11:14:43Z

Abhinav: /* References */

Clickjacking, also known as a "UI redress attack", is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they were intending to click on the the top level page. Thus, the attacker is "hijacking" clicks meant for their page and routing them to another page, most likely owned by another application, domain, or both.

Using a similar technique, keystrokes can also be hijacked. With a carefully crafted combination of stylesheets, iframes, and text boxes, a user can be led to believe they are typing in the password to their email or bank account, but are instead typing into an invisible frame controlled by the attacker.

=Examples=

For example, imagine an attacker who builds a web site that has a button on it that says "click here for a free iPod". However, on top of that web page, the attacker has loaded an iframe with your mail account, and lined up exactly the "delete all messages" button directly on top of the "free iPod" button. The victim tries to click on the "free iPod" button but instead actually clicked on the invisible "delete all messages" button. In essence, the attacker has "hijacked" the user's click, hence the name "Clickjacking".

One of the most notorious examples of Clickjacking was an attack against the [http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager06.html Adobe Flash plugin settings page]. By loading this page into an invisible iframe, an attacker could trick a user into altering the security settings of Flash, giving permission for any Flash animation to utilize the computer's microphone and camera.

Clickjacking also made the news in the form of a [http://shiflett.org/blog/2009/feb/twitter-dont-click-exploit Twitter worm]. This clickjacking attack convinced users to click on a button which caused them to re-tweet the location of the malicious page, and propagated massively.

There have also been clickjacking attacks abusing Facebook's "Like" functionality. [http://threatpost.com/en_us/blogs/facebook-jacking-scams-expand-060310 Attackers can trick logged-in Facebook users to arbitrarily like fan pages, links, groups, etc]

= Defending against Clickjacking =
There are two main ways to prevent clickjacking:
# Sending the proper X-Frame-Options HTTP response headers that instruct the browser to not allow framing from other domains
# Employing defensive code in the UI to ensure that the current frame is the most top level window

For more information on Clickjacking defense, please see the the [[Clickjacking Defense Cheat Sheet]].

= References =
* [https://www.linkedin.com/pulse/20141202104842-120953718-why-am-i-anxious-about-clickjacking Why am I anxious about Clickjacking?]
: A Basic understanding of Clickjacking Attack

* https://developer.mozilla.org/en-US/docs/The_X-FRAME-OPTIONS_response_header
: Mozilla developer resource on The X-Frame-Options response header.

* [http://w2spconf.com/2010/papers/p27.pdf Busting Frame Busting: A study of clickjacking vulnerabilites on top sites]
: A study by the Stanford Web Security Group outlining problems with deployed frame busting code.

* [http://www.sectheory.com/clickjacking.htm Clickjacking, Sec Theory]
: A paper by Robert Hansen defining the term, its implications against Flash at the time of writing, and a disclosure timeline.

* [https://www.codemagi.com/blog/post/194 https://www.codemagi.com/blog/post/194]
: Framebreaking defense for legacy browsers that do not support X-Frame-Option headers.

* [[ClickjackFilter_for_Java_EE|Anti-clickjacking J2EE filter]]
: A simple J2EE servlet filter that sends anti-framing headers to the browser.

File:MASVS-levels-1.jpg

2016-11-11T14:34:09Z

Abhinav: OWASP Mobile Application Security Verification Standard (MASVS)

OWASP Mobile Application Security Verification Standard (MASVS)

File:MASVS-levels-2.jpg

2016-11-11T14:30:09Z

Abhinav:

Bangalore

2016-10-27T20:17:40Z

Abhinav: /* Previous Meeting Venue and Dates */

__NOTOC__

[[File:Owasp-bangalore-logo.png|OWASP Bangalore Chapter]]
{{Chapter Template|chaptername=Bangalore|extra=The chapter leaders are [mailto:kvprashant@owasp.org Prashant Kv], [mailto:riyaz.walikar@owasp.org Riyaz Walikar] and [[User:Makash | Akash Mahajan]] [mailto:akash.mahajan@owasp.org (akash.mahajan@owasp.org)] |mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-bangalore|emailarchives=http://lists.owasp.org/pipermail/owasp-bangalore}}

= '''Stay Updated''' =
=== Join our low traffic mailing list for event information ===
[[File:Mail-50%25smaller.jpeg]]
[https://lists.owasp.org/mailman/listinfo/owasp-bangalore Subscribe to OWASP Bangalore Mailing list]

=== Follow @owaspbangalore for event updates on Twitter ===
[[File:Twitter-bird-cropped-onwhite-40%25smaller.png]]
'''[https://twitter.com/owaspbangalore OWASP Bangalore Twitter Account]'''

=== Short Links for sharing and easy to remember ===
* Wiki Page - '''[https://bit.ly/owaspblr https://bit.ly/owaspblr]'''
* Next OWASP Bangalore Meet '''[https://bit.ly/owaspblr-meet https://bit.ly/owaspblr-meet]'''
* OWASP Bangalore Mailing List '''[https://bit.ly/owaspblr-mailinglist http://bit.ly/owaspblr-mailinglist]'''
* OWASP Global Google Calendar '''[https://bit.ly/owaspblr-googlecal http://bit.ly/owaspblr-googlecal]'''

= '''Chapter News''' =

=== 26 October 2016 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information

=== 24th September 2016 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information

=== 24th August 2016 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information

=== 09th July 2016 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information

=== 05th June 2016 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information

=== 07th May 2016 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information

=== 15th March 2016 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information

=== 20th Dec 2015 ===
* Details of the OWASP Bangalore Christmas special meeting has been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information

=== 05th Dec 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 11th Nov 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 25th Sep 2015 ===
* September month meet is moved by a day to Sunday 27th Sept at the same venue due to the Bangalore strike.

=== 18th Sep 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 15th Aug 2015 ===
* Venue and links updated. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 14th July 2015 ===
* Venue and links updated. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 2nd July 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 12th June 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 02nd June 2015 ===
* Details of the next OWASP Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 25th May 2015 ===
* Details of the next OWASP Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 20th May 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 24th March 2015 ===
* Details of the next OWASP Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 12th March 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 01st February 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 02nd January 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 5th December 2014 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 29th November 2014 ===
* We have added @abhinav_sejpal to tweet from @owaspbangalore. Looking forward to a more vibrant twitter account!

=== 26th November 2014 ===
* Many thanks to [https://twitter.com/shruthi76 @shruthi76] for creating a logo for OWASP Bangalore

=== 17th November 2014 ===
* Details of the OWASP Banglore Workshop on XWH2014 by Riyaz Walikar have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 16th November 2014 ===
* Details of the next Combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 4th November 2014 ===
* Our special meeting details have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link]

=== 14th October 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 17th September 2014 ===
* The OWASP Testing Guide v4 was released today. Our very own [https://www.owasp.org/index.php/User:Anant_Shrivastava Anant Shrivastava] from the Bangalore chapter has contributed a chapter on Fingerprinting Web Servers. Please follow the [https://www.owasp.org/index.php/Fingerprint_Web_Server_(OTG-INFO-002) link] to read the specific section.

=== 13th September 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 28th August 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.
* Riyaz Walikar updated his profile.

=== 11th July 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 6th Jun 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 5th Jun 2014 ===
* Very excited to have [mailto:riyaz.walikar@owasp.org Riyaz Walikar] joining us the third OWASP Bangalore Chapter Lead

=== Older News ===
* null/OWASP combined meet up on 24th May 2014
* We have a new twitter account [https://twitter.com/owaspbangalore @owaspbangalore]

= '''Next Meeting''' =

== OWASP Bangalore Meet - 19th November 2016, 09:30 AM - 02:00 PM ==

'''Add to Google Calendar'''
[https://calendar.google.com/calendar/hosted/owasp.org/event?action=TEMPLATE&tmeid=c3RmZGZuNHRpNnF0NzhpdGEyb3AwNW83aG8gaGw2Y2pnczZlcDFoN29uaXFndWV1MmJoYm9AZw&tmsrc=hl6cjgs6ep1h7oniqgueu2bhbo%40group.calendar.google.com Google Calendar Link]

=== '''Sessions''' ===
* [https://null.co.in/event_sessions/1110-android-security-for-beginners Android Security For Beginners by Lokesh Ranjan]
* [https://null.co.in/event_sessions/1112-introduction-to-vpn-security Introduction to VPN Security by shreedhar]
* [https://null.co.in/event_sessions/1115-demo-on-netcat Demo on Netcat by Rahul R]
* [https://null.co.in/event_sessions/1114-case-studies-of-authentication-and-authorization-bypass Case studies of Authentication and Authorization bypass by Sarwar Jahan M]
* [https://null.co.in/event_sessions/1116-tor-internals-and-hidden-services Tor Internals and Hidden Services by Gabbar]
* [https://null.co.in/event_sessions/1117-software-defined-radio Software defined radio by veerababu.p]

=== '''Venue''' ===
Citrix 
No. 33, Prestige Dynasty Ulsoor Road, Sivanchetti Gardens 
Yellappa Chetty Layout, Sivanchetti Gardens 
Bengaluru, Karnataka 560042 
 
Google Maps: [https://goo.gl/VaaEwb https://goo.gl/VaaEwb]

Please bring a Government issued ID card (Pan, Driving license, etc) for entry into the compound. 
Laptops have to be declared with serial numbers at the building security.

= '''Previous Meeting Venue and Dates''' =

{| class="wikitable"
|-
! No
! Date
! Venue
! Time
|-
| 61
| 16th Octomber 2016
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 60
| 10th September 2016
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 59
| 13th August 2016
| Roadrunnr, T floor (http://goo.gl/L2FLOh)
| 09:30 AM
|-
|-
| 58
| 16th July 2016
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 57
| 11th June 2016
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 56
| 7th May 2016
| Akamai (https://goo.gl/qqRw4b)
| 09:30 AM
|-
|-
| 55
| 16th April 2016
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 54
| 19th March 2016
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 54
| 20th Feb 2016
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 53
| 16th Jan 2016
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 52
| 12th Dec 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 51
| 21st Nov 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 50
| 17th Oct 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 49
| 27th Sept 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 48
| 29th Aug 2015
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 47
| 25th July 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 46
| 20th June 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 45
| 6th June 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 44
| 30th May 2015
| Microsoft Technology Center (http://goo.gl/69VZrL)
| 09:30 AM
|-
|-
| 43
| 16th May 2015
| Philips Innovation Campus (https://goo.gl/fAVWl9)
| 09:30 AM
|-
|-
| 42
| 25th April 2015
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 41
| 21st March 2015
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 40
| 21st February 2015
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 39
| 17th January 2015
| Sapient Consulting (http://goo.gl/hZmwyV)
| 09:30 AM
|-
|-
| 38
| 13th December 2014
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:00 AM
|-
|-
| 37
| 29th November 2014
| Triad Square Infosec (https://bit.ly/owaspmeet-xwh2014)
| 10:00 AM
|-
|-
| 36
| 22nd November 2014
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 35
| 15th November 2014
| PayPal Office (http://goo.gl/quBKaG)
| 10:00 AM
|-
|-
| 34
| 18th October 2014
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 33
| 20th September 2014
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 32
| 30th August 2014
| EMC Corporation (http://goo.gl/19Ueet)
| 09:30 AM
|-
|-
| 31
| 19th July 2014
| ThoughtWorks Office (http://goo.gl/bokSL)
| 09:30 AM
|-
|-
| 30
| 14th June 2014
| ThoughtWorks Office (http://goo.gl/bokSL)
| 09:30 AM
|-
|-
| 29
| 24th May 2014
| ThoughtWorks Office (http://goo.gl/bokSL)
| 10:00 AM
|-
|-
| 28
| 8th February 2014
| Paypal Office
| 10:00 AM
|-
| 27
| 18th January 2014
| ThoughtWorks Office (http://goo.gl/bokSL)
| 9:30 AM
|-
|-
| 26
| 14th December 2013
| ThoughtWorks Office (http://goo.gl/bokSL)
| 9:30 AM
|-
| 25
| 1st November 2012
| KPMG Office
| 7 PM
|-

|-
| 24
| 16th May 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 23
| 19th May 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 22
| 21th April 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 21
| 10th March 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 20
| 04th February 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 19
| 07th January 2012
| Kieon
| 10 AM
|-

|-
| 18
| 3rd October 2009
| Praxeva India
| 10 AM
|-
| 17
| 19th September 2009
| Praxeva India
| 10 AM
|-
| 16
| 5th September 2009
| Praxeva India
| 10 AM
|-
| 15
| 12 July 2009
| Cubbon Park
| 10.30 AM
|-
| 14
| 07 June 2009
| ICH, Church Street
| 09.00 AM
|-
| 13
| 11 April 2009
| ThoughtWorks Bangalore, ([http://www.devcamp.in/wiki/Main_Page DevCamp2])
| 10.00 AM
|-
| 12
| 07 March 2009
| Yahoo, Embassy Golf Links Business Park
| 11.00 AM
|-
| 11
| 02 February 2009
| India Coffee House, MG Road
| 9.00 AM
|-
| 10
| 11 January 2009
| India Coffee House, MG Road
| 9.00 AM
|-
| 9
| 14 December 2008
| India Coffee House, MG Road
| 9.00 AM
|-
| 8
| 16 November 2008
| India Coffee House, MG Road
| 9.00 AM
|-
| 7
| 13 September 2008
| IIM Bangalore (Part of BarCamp Bangalore-7)
| 
|-
| 6
| 09 August 2008
| Microland Office
| 3.00 PM
|-
| 5
| 12 July 2008
| RSA Office (Part of Secure Camp)
| 9.30 AM
|-
| 4
| 29 June 2008
| India Coffee House, MG Road
| 9.30AM
|-
| 3
| 28 June 2007
| (Part of Barcamp Bangalore-4)
| 
|-
| 2
| 2006
| 
| 
|-
| 1
| 2006
| 
| 
|}

= '''Meeting Summaries''' =
[[Bangalore/Archives|Summaries from Past Meetings]]

= '''Chapter Leaders'''=
== Current Chapter Leaders ==

=== KV Prashanth (2012 - Present) ===
=== Akash Mahajan (2012 - Present) ===

I am ''The Web Application Security Guy''. Apart from running a company offering application security consulting, I spend majority of my time doing volunteer work for OWASP as the Bangalore chapter leader and null - The Open Security Community as a Community Manager. I tweet about security quite regularly on twitter account [https://twitter.com/makash @makash]. Feel free to get in touch.

Twitter: [https://twitter.com/makash @makash]

=== Riyaz Walikar (2014 - Present) ===

Pentester/web security evangelist. I have been active in the security community for the better part of the last 7 years by working closely with the Bangalore OWASP chapter and null - The Open Security community.

My technical interests lie with programming, bug bounty, malware analysis, breaking web applications, playing CTFs, researching devices that fall under the Internet of Things category and penetration testing networks exposed to the Internet. When not writing/breaking code, you can find me sleeping, playing football, reading or fishing.

Blog: http://ibreak.software

Twitter: [https://www.twitter.com/riyazwalikar @riyazwalikar]

== Current Chapter volunteers ==

=== Abhinav Sejpal (2015 - Present) ===

Fell in love with the power of software at age 17, and he is still in love. He is a security researcher working at Accenture Digital. He has reported security vulnerabilities 50+ Unique product giants all over the world including Apple, Adobe , Twitter, Linkedin, Yahoo , Pinterest, VK etc. He enjoys finding and exploiting software vulnerabilities via reverse engineering, source code auditing, fuzzing. He researches primarily focused Android , iOS Mobile App and open source project like ASVS, OWASP Mobile Top 10, Mobile Security Framework etc.

Speaker @ OWASP, Null , Weekend Testing Bangalore Chapter

Blog: http://bugwrangler.in

Twitter: [https://www.twitter.com/Abhinav_Sejpal @Abhinav_Sejpal]

Github: [https://github.com/bugwrangler bugwrangler]

== Previous Chapter Leaders ==

=== Harinath (2002 - 2012) ===

<headertabs />

[[Category:India]]

Bangalore

2016-10-27T20:14:58Z

Abhinav: /* Chapter News */

__NOTOC__

[[File:Owasp-bangalore-logo.png|OWASP Bangalore Chapter]]
{{Chapter Template|chaptername=Bangalore|extra=The chapter leaders are [mailto:kvprashant@owasp.org Prashant Kv], [mailto:riyaz.walikar@owasp.org Riyaz Walikar] and [[User:Makash | Akash Mahajan]] [mailto:akash.mahajan@owasp.org (akash.mahajan@owasp.org)] |mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-bangalore|emailarchives=http://lists.owasp.org/pipermail/owasp-bangalore}}

= '''Stay Updated''' =
=== Join our low traffic mailing list for event information ===
[[File:Mail-50%25smaller.jpeg]]
[https://lists.owasp.org/mailman/listinfo/owasp-bangalore Subscribe to OWASP Bangalore Mailing list]

=== Follow @owaspbangalore for event updates on Twitter ===
[[File:Twitter-bird-cropped-onwhite-40%25smaller.png]]
'''[https://twitter.com/owaspbangalore OWASP Bangalore Twitter Account]'''

=== Short Links for sharing and easy to remember ===
* Wiki Page - '''[https://bit.ly/owaspblr https://bit.ly/owaspblr]'''
* Next OWASP Bangalore Meet '''[https://bit.ly/owaspblr-meet https://bit.ly/owaspblr-meet]'''
* OWASP Bangalore Mailing List '''[https://bit.ly/owaspblr-mailinglist http://bit.ly/owaspblr-mailinglist]'''
* OWASP Global Google Calendar '''[https://bit.ly/owaspblr-googlecal http://bit.ly/owaspblr-googlecal]'''

= '''Chapter News''' =

=== 26 October 2016 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information

=== 24th September 2016 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information

=== 24th August 2016 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information

=== 09th July 2016 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information

=== 05th June 2016 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information

=== 07th May 2016 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information

=== 15th March 2016 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information

=== 20th Dec 2015 ===
* Details of the OWASP Bangalore Christmas special meeting has been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information

=== 05th Dec 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 11th Nov 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 25th Sep 2015 ===
* September month meet is moved by a day to Sunday 27th Sept at the same venue due to the Bangalore strike.

=== 18th Sep 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 15th Aug 2015 ===
* Venue and links updated. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 14th July 2015 ===
* Venue and links updated. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 2nd July 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 12th June 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 02nd June 2015 ===
* Details of the next OWASP Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 25th May 2015 ===
* Details of the next OWASP Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 20th May 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 24th March 2015 ===
* Details of the next OWASP Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 12th March 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 01st February 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 02nd January 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 5th December 2014 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 29th November 2014 ===
* We have added @abhinav_sejpal to tweet from @owaspbangalore. Looking forward to a more vibrant twitter account!

=== 26th November 2014 ===
* Many thanks to [https://twitter.com/shruthi76 @shruthi76] for creating a logo for OWASP Bangalore

=== 17th November 2014 ===
* Details of the OWASP Banglore Workshop on XWH2014 by Riyaz Walikar have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 16th November 2014 ===
* Details of the next Combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 4th November 2014 ===
* Our special meeting details have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link]

=== 14th October 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 17th September 2014 ===
* The OWASP Testing Guide v4 was released today. Our very own [https://www.owasp.org/index.php/User:Anant_Shrivastava Anant Shrivastava] from the Bangalore chapter has contributed a chapter on Fingerprinting Web Servers. Please follow the [https://www.owasp.org/index.php/Fingerprint_Web_Server_(OTG-INFO-002) link] to read the specific section.

=== 13th September 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 28th August 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.
* Riyaz Walikar updated his profile.

=== 11th July 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 6th Jun 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 5th Jun 2014 ===
* Very excited to have [mailto:riyaz.walikar@owasp.org Riyaz Walikar] joining us the third OWASP Bangalore Chapter Lead

=== Older News ===
* null/OWASP combined meet up on 24th May 2014
* We have a new twitter account [https://twitter.com/owaspbangalore @owaspbangalore]

= '''Next Meeting''' =

== OWASP Bangalore Meet - 19th November 2016, 09:30 AM - 02:00 PM ==

'''Add to Google Calendar'''
[https://calendar.google.com/calendar/hosted/owasp.org/event?action=TEMPLATE&tmeid=c3RmZGZuNHRpNnF0NzhpdGEyb3AwNW83aG8gaGw2Y2pnczZlcDFoN29uaXFndWV1MmJoYm9AZw&tmsrc=hl6cjgs6ep1h7oniqgueu2bhbo%40group.calendar.google.com Google Calendar Link]

=== '''Sessions''' ===
* [https://null.co.in/event_sessions/1110-android-security-for-beginners Android Security For Beginners by Lokesh Ranjan]
* [https://null.co.in/event_sessions/1112-introduction-to-vpn-security Introduction to VPN Security by shreedhar]
* [https://null.co.in/event_sessions/1115-demo-on-netcat Demo on Netcat by Rahul R]
* [https://null.co.in/event_sessions/1114-case-studies-of-authentication-and-authorization-bypass Case studies of Authentication and Authorization bypass by Sarwar Jahan M]
* [https://null.co.in/event_sessions/1116-tor-internals-and-hidden-services Tor Internals and Hidden Services by Gabbar]
* [https://null.co.in/event_sessions/1117-software-defined-radio Software defined radio by veerababu.p]

=== '''Venue''' ===
Citrix 
No. 33, Prestige Dynasty Ulsoor Road, Sivanchetti Gardens 
Yellappa Chetty Layout, Sivanchetti Gardens 
Bengaluru, Karnataka 560042 
 
Google Maps: [https://goo.gl/VaaEwb https://goo.gl/VaaEwb]

Please bring a Government issued ID card (Pan, Driving license, etc) for entry into the compound. 
Laptops have to be declared with serial numbers at the building security.

= '''Previous Meeting Venue and Dates''' =

{| class="wikitable"
|-
! No
! Date
! Venue
! Time
|-
| 60
| 10th September 2016
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 59
| 13th August 2016
| Roadrunnr, T floor (http://goo.gl/L2FLOh)
| 09:30 AM
|-
|-
| 58
| 16th July 2016
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 57
| 11th June 2016
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 56
| 7th May 2016
| Akamai (https://goo.gl/qqRw4b)
| 09:30 AM
|-
|-
| 55
| 16th April 2016
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 54
| 19th March 2016
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 54
| 20th Feb 2016
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 53
| 16th Jan 2016
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 52
| 12th Dec 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 51
| 21st Nov 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 50
| 17th Oct 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 49
| 27th Sept 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 48
| 29th Aug 2015
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 47
| 25th July 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 46
| 20th June 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 45
| 6th June 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 44
| 30th May 2015
| Microsoft Technology Center (http://goo.gl/69VZrL)
| 09:30 AM
|-
|-
| 43
| 16th May 2015
| Philips Innovation Campus (https://goo.gl/fAVWl9)
| 09:30 AM
|-
|-
| 42
| 25th April 2015
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 41
| 21st March 2015
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 40
| 21st February 2015
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 39
| 17th January 2015
| Sapient Consulting (http://goo.gl/hZmwyV)
| 09:30 AM
|-
|-
| 38
| 13th December 2014
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:00 AM
|-
|-
| 37
| 29th November 2014
| Triad Square Infosec (https://bit.ly/owaspmeet-xwh2014)
| 10:00 AM
|-
|-
| 36
| 22nd November 2014
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 35
| 15th November 2014
| PayPal Office (http://goo.gl/quBKaG)
| 10:00 AM
|-
|-
| 34
| 18th October 2014
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 33
| 20th September 2014
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 32
| 30th August 2014
| EMC Corporation (http://goo.gl/19Ueet)
| 09:30 AM
|-
|-
| 31
| 19th July 2014
| ThoughtWorks Office (http://goo.gl/bokSL)
| 09:30 AM
|-
|-
| 30
| 14th June 2014
| ThoughtWorks Office (http://goo.gl/bokSL)
| 09:30 AM
|-
|-
| 29
| 24th May 2014
| ThoughtWorks Office (http://goo.gl/bokSL)
| 10:00 AM
|-
|-
| 28
| 8th February 2014
| Paypal Office
| 10:00 AM
|-
| 27
| 18th January 2014
| ThoughtWorks Office (http://goo.gl/bokSL)
| 9:30 AM
|-
|-
| 26
| 14th December 2013
| ThoughtWorks Office (http://goo.gl/bokSL)
| 9:30 AM
|-
| 25
| 1st November 2012
| KPMG Office
| 7 PM
|-

|-
| 24
| 16th May 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 23
| 19th May 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 22
| 21th April 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 21
| 10th March 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 20
| 04th February 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 19
| 07th January 2012
| Kieon
| 10 AM
|-

|-
| 18
| 3rd October 2009
| Praxeva India
| 10 AM
|-
| 17
| 19th September 2009
| Praxeva India
| 10 AM
|-
| 16
| 5th September 2009
| Praxeva India
| 10 AM
|-
| 15
| 12 July 2009
| Cubbon Park
| 10.30 AM
|-
| 14
| 07 June 2009
| ICH, Church Street
| 09.00 AM
|-
| 13
| 11 April 2009
| ThoughtWorks Bangalore, ([http://www.devcamp.in/wiki/Main_Page DevCamp2])
| 10.00 AM
|-
| 12
| 07 March 2009
| Yahoo, Embassy Golf Links Business Park
| 11.00 AM
|-
| 11
| 02 February 2009
| India Coffee House, MG Road
| 9.00 AM
|-
| 10
| 11 January 2009
| India Coffee House, MG Road
| 9.00 AM
|-
| 9
| 14 December 2008
| India Coffee House, MG Road
| 9.00 AM
|-
| 8
| 16 November 2008
| India Coffee House, MG Road
| 9.00 AM
|-
| 7
| 13 September 2008
| IIM Bangalore (Part of BarCamp Bangalore-7)
| 
|-
| 6
| 09 August 2008
| Microland Office
| 3.00 PM
|-
| 5
| 12 July 2008
| RSA Office (Part of Secure Camp)
| 9.30 AM
|-
| 4
| 29 June 2008
| India Coffee House, MG Road
| 9.30AM
|-
| 3
| 28 June 2007
| (Part of Barcamp Bangalore-4)
| 
|-
| 2
| 2006
| 
| 
|-
| 1
| 2006
| 
| 
|}

= '''Meeting Summaries''' =
[[Bangalore/Archives|Summaries from Past Meetings]]

= '''Chapter Leaders'''=
== Current Chapter Leaders ==

=== KV Prashanth (2012 - Present) ===
=== Akash Mahajan (2012 - Present) ===

I am ''The Web Application Security Guy''. Apart from running a company offering application security consulting, I spend majority of my time doing volunteer work for OWASP as the Bangalore chapter leader and null - The Open Security Community as a Community Manager. I tweet about security quite regularly on twitter account [https://twitter.com/makash @makash]. Feel free to get in touch.

Twitter: [https://twitter.com/makash @makash]

=== Riyaz Walikar (2014 - Present) ===

Pentester/web security evangelist. I have been active in the security community for the better part of the last 7 years by working closely with the Bangalore OWASP chapter and null - The Open Security community.

My technical interests lie with programming, bug bounty, malware analysis, breaking web applications, playing CTFs, researching devices that fall under the Internet of Things category and penetration testing networks exposed to the Internet. When not writing/breaking code, you can find me sleeping, playing football, reading or fishing.

Blog: http://ibreak.software

Twitter: [https://www.twitter.com/riyazwalikar @riyazwalikar]

== Current Chapter volunteers ==

=== Abhinav Sejpal (2015 - Present) ===

Fell in love with the power of software at age 17, and he is still in love. He is a security researcher working at Accenture Digital. He has reported security vulnerabilities 50+ Unique product giants all over the world including Apple, Adobe , Twitter, Linkedin, Yahoo , Pinterest, VK etc. He enjoys finding and exploiting software vulnerabilities via reverse engineering, source code auditing, fuzzing. He researches primarily focused Android , iOS Mobile App and open source project like ASVS, OWASP Mobile Top 10, Mobile Security Framework etc.

Speaker @ OWASP, Null , Weekend Testing Bangalore Chapter

Blog: http://bugwrangler.in

Twitter: [https://www.twitter.com/Abhinav_Sejpal @Abhinav_Sejpal]

Github: [https://github.com/bugwrangler bugwrangler]

== Previous Chapter Leaders ==

=== Harinath (2002 - 2012) ===

<headertabs />

[[Category:India]]

Bangalore

2016-10-27T19:51:44Z

Abhinav: /* Next Meeting */

__NOTOC__

[[File:Owasp-bangalore-logo.png|OWASP Bangalore Chapter]]
{{Chapter Template|chaptername=Bangalore|extra=The chapter leaders are [mailto:kvprashant@owasp.org Prashant Kv], [mailto:riyaz.walikar@owasp.org Riyaz Walikar] and [[User:Makash | Akash Mahajan]] [mailto:akash.mahajan@owasp.org (akash.mahajan@owasp.org)] |mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-bangalore|emailarchives=http://lists.owasp.org/pipermail/owasp-bangalore}}

= '''Stay Updated''' =
=== Join our low traffic mailing list for event information ===
[[File:Mail-50%25smaller.jpeg]]
[https://lists.owasp.org/mailman/listinfo/owasp-bangalore Subscribe to OWASP Bangalore Mailing list]

=== Follow @owaspbangalore for event updates on Twitter ===
[[File:Twitter-bird-cropped-onwhite-40%25smaller.png]]
'''[https://twitter.com/owaspbangalore OWASP Bangalore Twitter Account]'''

=== Short Links for sharing and easy to remember ===
* Wiki Page - '''[https://bit.ly/owaspblr https://bit.ly/owaspblr]'''
* Next OWASP Bangalore Meet '''[https://bit.ly/owaspblr-meet https://bit.ly/owaspblr-meet]'''
* OWASP Bangalore Mailing List '''[https://bit.ly/owaspblr-mailinglist http://bit.ly/owaspblr-mailinglist]'''
* OWASP Global Google Calendar '''[https://bit.ly/owaspblr-googlecal http://bit.ly/owaspblr-googlecal]'''

= '''Chapter News''' =

=== 24th September 2016 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information

=== 24th August 2016 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information

=== 09th July 2016 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information

=== 05th June 2016 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information

=== 07th May 2016 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information

=== 15th March 2016 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information

=== 20th Dec 2015 ===
* Details of the OWASP Bangalore Christmas special meeting has been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information

=== 05th Dec 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 11th Nov 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 25th Sep 2015 ===
* September month meet is moved by a day to Sunday 27th Sept at the same venue due to the Bangalore strike.

=== 18th Sep 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 15th Aug 2015 ===
* Venue and links updated. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 14th July 2015 ===
* Venue and links updated. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 2nd July 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 12th June 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 02nd June 2015 ===
* Details of the next OWASP Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 25th May 2015 ===
* Details of the next OWASP Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 20th May 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 24th March 2015 ===
* Details of the next OWASP Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 12th March 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 01st February 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 02nd January 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 5th December 2014 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 29th November 2014 ===
* We have added @abhinav_sejpal to tweet from @owaspbangalore. Looking forward to a more vibrant twitter account!

=== 26th November 2014 ===
* Many thanks to [https://twitter.com/shruthi76 @shruthi76] for creating a logo for OWASP Bangalore

=== 17th November 2014 ===
* Details of the OWASP Banglore Workshop on XWH2014 by Riyaz Walikar have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 16th November 2014 ===
* Details of the next Combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 4th November 2014 ===
* Our special meeting details have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link]

=== 14th October 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 17th September 2014 ===
* The OWASP Testing Guide v4 was released today. Our very own [https://www.owasp.org/index.php/User:Anant_Shrivastava Anant Shrivastava] from the Bangalore chapter has contributed a chapter on Fingerprinting Web Servers. Please follow the [https://www.owasp.org/index.php/Fingerprint_Web_Server_(OTG-INFO-002) link] to read the specific section.

=== 13th September 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 28th August 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.
* Riyaz Walikar updated his profile.

=== 11th July 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 6th Jun 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 5th Jun 2014 ===
* Very excited to have [mailto:riyaz.walikar@owasp.org Riyaz Walikar] joining us the third OWASP Bangalore Chapter Lead

=== Older News ===
* null/OWASP combined meet up on 24th May 2014
* We have a new twitter account [https://twitter.com/owaspbangalore @owaspbangalore]

= '''Next Meeting''' =

== OWASP Bangalore Meet - 19th November 2016, 09:30 AM - 02:00 PM ==

'''Add to Google Calendar'''
[https://calendar.google.com/calendar/hosted/owasp.org/event?action=TEMPLATE&tmeid=c3RmZGZuNHRpNnF0NzhpdGEyb3AwNW83aG8gaGw2Y2pnczZlcDFoN29uaXFndWV1MmJoYm9AZw&tmsrc=hl6cjgs6ep1h7oniqgueu2bhbo%40group.calendar.google.com Google Calendar Link]

=== '''Sessions''' ===
* [https://null.co.in/event_sessions/1110-android-security-for-beginners Android Security For Beginners by Lokesh Ranjan]
* [https://null.co.in/event_sessions/1112-introduction-to-vpn-security Introduction to VPN Security by shreedhar]
* [https://null.co.in/event_sessions/1115-demo-on-netcat Demo on Netcat by Rahul R]
* [https://null.co.in/event_sessions/1114-case-studies-of-authentication-and-authorization-bypass Case studies of Authentication and Authorization bypass by Sarwar Jahan M]
* [https://null.co.in/event_sessions/1116-tor-internals-and-hidden-services Tor Internals and Hidden Services by Gabbar]
* [https://null.co.in/event_sessions/1117-software-defined-radio Software defined radio by veerababu.p]

=== '''Venue''' ===
Citrix 
No. 33, Prestige Dynasty Ulsoor Road, Sivanchetti Gardens 
Yellappa Chetty Layout, Sivanchetti Gardens 
Bengaluru, Karnataka 560042 
 
Google Maps: [https://goo.gl/VaaEwb https://goo.gl/VaaEwb]

Please bring a Government issued ID card (Pan, Driving license, etc) for entry into the compound. 
Laptops have to be declared with serial numbers at the building security.

= '''Previous Meeting Venue and Dates''' =

{| class="wikitable"
|-
! No
! Date
! Venue
! Time
|-
| 60
| 10th September 2016
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 59
| 13th August 2016
| Roadrunnr, T floor (http://goo.gl/L2FLOh)
| 09:30 AM
|-
|-
| 58
| 16th July 2016
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 57
| 11th June 2016
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 56
| 7th May 2016
| Akamai (https://goo.gl/qqRw4b)
| 09:30 AM
|-
|-
| 55
| 16th April 2016
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 54
| 19th March 2016
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 54
| 20th Feb 2016
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 53
| 16th Jan 2016
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 52
| 12th Dec 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 51
| 21st Nov 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 50
| 17th Oct 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 49
| 27th Sept 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 48
| 29th Aug 2015
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 47
| 25th July 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 46
| 20th June 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 45
| 6th June 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 44
| 30th May 2015
| Microsoft Technology Center (http://goo.gl/69VZrL)
| 09:30 AM
|-
|-
| 43
| 16th May 2015
| Philips Innovation Campus (https://goo.gl/fAVWl9)
| 09:30 AM
|-
|-
| 42
| 25th April 2015
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 41
| 21st March 2015
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 40
| 21st February 2015
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 39
| 17th January 2015
| Sapient Consulting (http://goo.gl/hZmwyV)
| 09:30 AM
|-
|-
| 38
| 13th December 2014
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:00 AM
|-
|-
| 37
| 29th November 2014
| Triad Square Infosec (https://bit.ly/owaspmeet-xwh2014)
| 10:00 AM
|-
|-
| 36
| 22nd November 2014
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 35
| 15th November 2014
| PayPal Office (http://goo.gl/quBKaG)
| 10:00 AM
|-
|-
| 34
| 18th October 2014
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 33
| 20th September 2014
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 32
| 30th August 2014
| EMC Corporation (http://goo.gl/19Ueet)
| 09:30 AM
|-
|-
| 31
| 19th July 2014
| ThoughtWorks Office (http://goo.gl/bokSL)
| 09:30 AM
|-
|-
| 30
| 14th June 2014
| ThoughtWorks Office (http://goo.gl/bokSL)
| 09:30 AM
|-
|-
| 29
| 24th May 2014
| ThoughtWorks Office (http://goo.gl/bokSL)
| 10:00 AM
|-
|-
| 28
| 8th February 2014
| Paypal Office
| 10:00 AM
|-
| 27
| 18th January 2014
| ThoughtWorks Office (http://goo.gl/bokSL)
| 9:30 AM
|-
|-
| 26
| 14th December 2013
| ThoughtWorks Office (http://goo.gl/bokSL)
| 9:30 AM
|-
| 25
| 1st November 2012
| KPMG Office
| 7 PM
|-

|-
| 24
| 16th May 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 23
| 19th May 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 22
| 21th April 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 21
| 10th March 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 20
| 04th February 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 19
| 07th January 2012
| Kieon
| 10 AM
|-

|-
| 18
| 3rd October 2009
| Praxeva India
| 10 AM
|-
| 17
| 19th September 2009
| Praxeva India
| 10 AM
|-
| 16
| 5th September 2009
| Praxeva India
| 10 AM
|-
| 15
| 12 July 2009
| Cubbon Park
| 10.30 AM
|-
| 14
| 07 June 2009
| ICH, Church Street
| 09.00 AM
|-
| 13
| 11 April 2009
| ThoughtWorks Bangalore, ([http://www.devcamp.in/wiki/Main_Page DevCamp2])
| 10.00 AM
|-
| 12
| 07 March 2009
| Yahoo, Embassy Golf Links Business Park
| 11.00 AM
|-
| 11
| 02 February 2009
| India Coffee House, MG Road
| 9.00 AM
|-
| 10
| 11 January 2009
| India Coffee House, MG Road
| 9.00 AM
|-
| 9
| 14 December 2008
| India Coffee House, MG Road
| 9.00 AM
|-
| 8
| 16 November 2008
| India Coffee House, MG Road
| 9.00 AM
|-
| 7
| 13 September 2008
| IIM Bangalore (Part of BarCamp Bangalore-7)
| 
|-
| 6
| 09 August 2008
| Microland Office
| 3.00 PM
|-
| 5
| 12 July 2008
| RSA Office (Part of Secure Camp)
| 9.30 AM
|-
| 4
| 29 June 2008
| India Coffee House, MG Road
| 9.30AM
|-
| 3
| 28 June 2007
| (Part of Barcamp Bangalore-4)
| 
|-
| 2
| 2006
| 
| 
|-
| 1
| 2006
| 
| 
|}

= '''Meeting Summaries''' =
[[Bangalore/Archives|Summaries from Past Meetings]]

= '''Chapter Leaders'''=
== Current Chapter Leaders ==

=== KV Prashanth (2012 - Present) ===
=== Akash Mahajan (2012 - Present) ===

I am ''The Web Application Security Guy''. Apart from running a company offering application security consulting, I spend majority of my time doing volunteer work for OWASP as the Bangalore chapter leader and null - The Open Security Community as a Community Manager. I tweet about security quite regularly on twitter account [https://twitter.com/makash @makash]. Feel free to get in touch.

Twitter: [https://twitter.com/makash @makash]

=== Riyaz Walikar (2014 - Present) ===

Pentester/web security evangelist. I have been active in the security community for the better part of the last 7 years by working closely with the Bangalore OWASP chapter and null - The Open Security community.

My technical interests lie with programming, bug bounty, malware analysis, breaking web applications, playing CTFs, researching devices that fall under the Internet of Things category and penetration testing networks exposed to the Internet. When not writing/breaking code, you can find me sleeping, playing football, reading or fishing.

Blog: http://ibreak.software

Twitter: [https://www.twitter.com/riyazwalikar @riyazwalikar]

== Current Chapter volunteers ==

=== Abhinav Sejpal (2015 - Present) ===

Fell in love with the power of software at age 17, and he is still in love. He is a security researcher working at Accenture Digital. He has reported security vulnerabilities 50+ Unique product giants all over the world including Apple, Adobe , Twitter, Linkedin, Yahoo , Pinterest, VK etc. He enjoys finding and exploiting software vulnerabilities via reverse engineering, source code auditing, fuzzing. He researches primarily focused Android , iOS Mobile App and open source project like ASVS, OWASP Mobile Top 10, Mobile Security Framework etc.

Speaker @ OWASP, Null , Weekend Testing Bangalore Chapter

Blog: http://bugwrangler.in

Twitter: [https://www.twitter.com/Abhinav_Sejpal @Abhinav_Sejpal]

Github: [https://github.com/bugwrangler bugwrangler]

== Previous Chapter Leaders ==

=== Harinath (2002 - 2012) ===

<headertabs />

[[Category:India]]

Bangalore

2016-07-09T15:54:37Z

Abhinav: /* Previous Meeting Venue and Dates */

__NOTOC__

[[File:Owasp-bangalore-logo.png|OWASP Bangalore Chapter]]
{{Chapter Template|chaptername=Bangalore|extra=The chapter leaders are [mailto:kvprashant@owasp.org Prashant Kv], [mailto:riyaz.walikar@owasp.org Riyaz Walikar] and [[User:Makash | Akash Mahajan]] [mailto:akash.mahajan@owasp.org (akash.mahajan@owasp.org)] |mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-bangalore|emailarchives=http://lists.owasp.org/pipermail/owasp-bangalore}}

= '''Stay Updated''' =
=== Join our low traffic mailing list for event information ===
[[File:Mail-50%25smaller.jpeg]]
[https://lists.owasp.org/mailman/listinfo/owasp-bangalore Subscribe to OWASP Bangalore Mailing list]

=== Follow @owaspbangalore for event updates on Twitter ===
[[File:Twitter-bird-cropped-onwhite-40%25smaller.png]]
'''[https://twitter.com/owaspbangalore OWASP Bangalore Twitter Account]'''

=== Short Links for sharing and easy to remember ===
* Wiki Page - '''[https://bit.ly/owaspblr https://bit.ly/owaspblr]'''
* Next OWASP Bangalore Meet '''[https://bit.ly/owaspblr-meet https://bit.ly/owaspblr-meet]'''
* OWASP Bangalore Mailing List '''[https://bit.ly/owaspblr-mailinglist http://bit.ly/owaspblr-mailinglist]'''
* OWASP Global Google Calendar '''[https://bit.ly/owaspblr-googlecal http://bit.ly/owaspblr-googlecal]'''

= '''Chapter News''' =

=== 09th July 2016 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information

=== 05th June 2016 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information

=== 07th May 2016 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information

=== 15th March 2016 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information

=== 20th Dec 2015 ===
* Details of the OWASP Bangalore Christmas special meeting has been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information

=== 05th Dec 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 11th Nov 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 25th Sep 2015 ===
* September month meet is moved by a day to Sunday 27th Sept at the same venue due to the Bangalore strike.

=== 18th Sep 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 15th Aug 2015 ===
* Venue and links updated. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 14th July 2015 ===
* Venue and links updated. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 2nd July 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 12th June 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 02nd June 2015 ===
* Details of the next OWASP Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 25th May 2015 ===
* Details of the next OWASP Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 20th May 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 24th March 2015 ===
* Details of the next OWASP Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 12th March 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 01st February 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 02nd January 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 5th December 2014 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 29th November 2014 ===
* We have added @abhinav_sejpal to tweet from @owaspbangalore. Looking forward to a more vibrant twitter account!

=== 26th November 2014 ===
* Many thanks to [https://twitter.com/shruthi76 @shruthi76] for creating a logo for OWASP Bangalore

=== 17th November 2014 ===
* Details of the OWASP Banglore Workshop on XWH2014 by Riyaz Walikar have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 16th November 2014 ===
* Details of the next Combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 4th November 2014 ===
* Our special meeting details have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link]

=== 14th October 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 17th September 2014 ===
* The OWASP Testing Guide v4 was released today. Our very own [https://www.owasp.org/index.php/User:Anant_Shrivastava Anant Shrivastava] from the Bangalore chapter has contributed a chapter on Fingerprinting Web Servers. Please follow the [https://www.owasp.org/index.php/Fingerprint_Web_Server_(OTG-INFO-002) link] to read the specific section.

=== 13th September 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 28th August 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.
* Riyaz Walikar updated his profile.

=== 11th July 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 6th Jun 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 5th Jun 2014 ===
* Very excited to have [mailto:riyaz.walikar@owasp.org Riyaz Walikar] joining us the third OWASP Bangalore Chapter Lead

=== Older News ===
* null/OWASP combined meet up on 24th May 2014
* We have a new twitter account [https://twitter.com/owaspbangalore @owaspbangalore]

= '''Next Meeting''' =

== OWASP Bangalore meet - 16th July 2016 09:30 AM - 05:00 PM ==

'''Add to Google Calendar'''
[https://calendar.google.com/calendar/hosted/owasp.org/event?action=TEMPLATE&tmeid=cHJjc2hna2pzazVxNm85YzdhNDhjM2RpYmcgaGw2Y2pnczZlcDFoN29uaXFndWV1MmJoYm9AZw&tmsrc=hl6cjgs6ep1h7oniqgueu2bhbo%40group.calendar.google.com Google Calendar Link]

=== '''Sessions''' ===
* Beginners Talk on Physical Securty by Manasdeep
* Android Security Internals by Kartik Lalan
* Automated Information Gathering Using Recon-ng by narendra kumar sharma
* Node JS Security by Madhu Akula
* Security Intelligence by Raghavendran Gopal
* Platform Security using intel SGX by Pradyumna Padhan
* Linux Privilege Escalation techniques by Jagan Mohan
* Twitter Bug Hunt by Avinash
* MOD_SECURITY WAF by Chandrapal

=== '''Venue''' ===
Citrix 
No. 33, Prestige Dynasty Ulsoor Road, Sivanchetti Gardens 
Yellappa Chetty Layout, Sivanchetti Gardens 
Bengaluru, Karnataka 560042 

[https://www.google.com/maps/place/Citrix+R%26D+India/@12.975391,77.617454,3157m/data=!3m1!1e3!4m5!3m4!1s0x0:0xeb06e6d4193d7cba!8m2!3d12.9753911!4d77.6174541?hl=en-US GoogleMap]

=== '''Instructions''' ===
1. Please bring a Government issued ID card (Pan, Driving license, etc) for entry into the compound. 
2. Laptops have to be declared with serial numbers at the building security. 

= '''Previous Meeting Venue and Dates''' =

{| class="wikitable"
|-
! No
! Date
! Venue
! Time
|-
| 57
| 11th June 2016
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 56
| 7th May 2016
| Akamai (https://goo.gl/qqRw4b)
| 09:30 AM
|-
|-
| 55
| 16th April 2016
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 54
| 19th March 2016
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 54
| 20th Feb 2016
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 53
| 16th Jan 2016
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 52
| 12th Dec 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 51
| 21st Nov 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 50
| 17th Oct 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 49
| 27th Sept 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 48
| 29th Aug 2015
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 47
| 25th July 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 46
| 20th June 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 45
| 6th June 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 44
| 30th May 2015
| Microsoft Technology Center (http://goo.gl/69VZrL)
| 09:30 AM
|-
|-
| 43
| 16th May 2015
| Philips Innovation Campus (https://goo.gl/fAVWl9)
| 09:30 AM
|-
|-
| 42
| 25th April 2015
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 41
| 21st March 2015
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 40
| 21st February 2015
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 39
| 17th January 2015
| Sapient Consulting (http://goo.gl/hZmwyV)
| 09:30 AM
|-
|-
| 38
| 13th December 2014
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:00 AM
|-
|-
| 37
| 29th November 2014
| Triad Square Infosec (https://bit.ly/owaspmeet-xwh2014)
| 10:00 AM
|-
|-
| 36
| 22nd November 2014
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 35
| 15th November 2014
| PayPal Office (http://goo.gl/quBKaG)
| 10:00 AM
|-
|-
| 34
| 18th October 2014
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 33
| 20th September 2014
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 32
| 30th August 2014
| EMC Corporation (http://goo.gl/19Ueet)
| 09:30 AM
|-
|-
| 31
| 19th July 2014
| ThoughtWorks Office (http://goo.gl/bokSL)
| 09:30 AM
|-
|-
| 30
| 14th June 2014
| ThoughtWorks Office (http://goo.gl/bokSL)
| 09:30 AM
|-
|-
| 29
| 24th May 2014
| ThoughtWorks Office (http://goo.gl/bokSL)
| 10:00 AM
|-
|-
| 28
| 8th February 2014
| Paypal Office
| 10:00 AM
|-
| 27
| 18th January 2014
| ThoughtWorks Office (http://goo.gl/bokSL)
| 9:30 AM
|-
|-
| 26
| 14th December 2013
| ThoughtWorks Office (http://goo.gl/bokSL)
| 9:30 AM
|-
| 25
| 1st November 2012
| KPMG Office
| 7 PM
|-

|-
| 24
| 16th May 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 23
| 19th May 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 22
| 21th April 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 21
| 10th March 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 20
| 04th February 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 19
| 07th January 2012
| Kieon
| 10 AM
|-

|-
| 18
| 3rd October 2009
| Praxeva India
| 10 AM
|-
| 17
| 19th September 2009
| Praxeva India
| 10 AM
|-
| 16
| 5th September 2009
| Praxeva India
| 10 AM
|-
| 15
| 12 July 2009
| Cubbon Park
| 10.30 AM
|-
| 14
| 07 June 2009
| ICH, Church Street
| 09.00 AM
|-
| 13
| 11 April 2009
| ThoughtWorks Bangalore, ([http://www.devcamp.in/wiki/Main_Page DevCamp2])
| 10.00 AM
|-
| 12
| 07 March 2009
| Yahoo, Embassy Golf Links Business Park
| 11.00 AM
|-
| 11
| 02 February 2009
| India Coffee House, MG Road
| 9.00 AM
|-
| 10
| 11 January 2009
| India Coffee House, MG Road
| 9.00 AM
|-
| 9
| 14 December 2008
| India Coffee House, MG Road
| 9.00 AM
|-
| 8
| 16 November 2008
| India Coffee House, MG Road
| 9.00 AM
|-
| 7
| 13 September 2008
| IIM Bangalore (Part of BarCamp Bangalore-7)
| 
|-
| 6
| 09 August 2008
| Microland Office
| 3.00 PM
|-
| 5
| 12 July 2008
| RSA Office (Part of Secure Camp)
| 9.30 AM
|-
| 4
| 29 June 2008
| India Coffee House, MG Road
| 9.30AM
|-
| 3
| 28 June 2007
| (Part of Barcamp Bangalore-4)
| 
|-
| 2
| 2006
| 
| 
|-
| 1
| 2006
| 
| 
|}

= '''Meeting Summaries''' =
[[Bangalore/Archives|Summaries from Past Meetings]]

= '''Chapter Leaders'''=
== Current Chapter Leaders ==

=== KV Prashanth (2012 - Present) ===
=== Akash Mahajan (2012 - Present) ===

I am ''The Web Application Security Guy''. Apart from running a company offering application security consulting, I spend majority of my time doing volunteer work for OWASP as the Bangalore chapter leader and null - The Open Security Community as a Community Manager. I tweet about security quite regularly on twitter account [https://twitter.com/makash @makash]. Feel free to get in touch.

Twitter: [https://twitter.com/makash @makash]

=== Riyaz Walikar (2014 - Present) ===

Pentester/web security evangelist. I have been active in the security community for the better part of the last 7 years by working closely with the Bangalore OWASP chapter and null - The Open Security community.

My technical interests lie with programming, bug bounty, malware analysis, breaking web applications, playing CTFs, researching devices that fall under the Internet of Things category and penetration testing networks exposed to the Internet. When not writing/breaking code, you can find me sleeping, playing football, reading or fishing.

Blog: http://ibreak.software

Twitter: [https://www.twitter.com/riyazwalikar @riyazwalikar]

== Current Chapter volunteers ==

=== Abhinav Sejpal (2015 - Present) ===

Fell in love with the power of software at age 17, and he is still in love. He is a security researcher working at Accenture Digital. He has reported security vulnerabilities 50+ Unique product giants all over the world including Apple, Adobe , Twitter, Linkedin, Yahoo , Pinterest, VK etc. He enjoys finding and exploiting software vulnerabilities via reverse engineering, source code auditing, fuzzing. He researches primarily focused Android , iOS Mobile App and open source project like ASVS, OWASP Mobile Top 10, Mobile Security Framework etc.

Speaker @ OWASP, Null , Weekend Testing Bangalore Chapter

Blog: http://bugwrangler.in

Twitter: [https://www.twitter.com/Abhinav_Sejpal @Abhinav_Sejpal]

Github: [https://github.com/bugwrangler bugwrangler]

== Previous Chapter Leaders ==

=== Harinath (2002 - 2012) ===

<headertabs />

[[Category:India]]

Bangalore

2016-07-09T15:53:37Z

Abhinav: /* Chapter News */

__NOTOC__

[[File:Owasp-bangalore-logo.png|OWASP Bangalore Chapter]]
{{Chapter Template|chaptername=Bangalore|extra=The chapter leaders are [mailto:kvprashant@owasp.org Prashant Kv], [mailto:riyaz.walikar@owasp.org Riyaz Walikar] and [[User:Makash | Akash Mahajan]] [mailto:akash.mahajan@owasp.org (akash.mahajan@owasp.org)] |mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-bangalore|emailarchives=http://lists.owasp.org/pipermail/owasp-bangalore}}

= '''Stay Updated''' =
=== Join our low traffic mailing list for event information ===
[[File:Mail-50%25smaller.jpeg]]
[https://lists.owasp.org/mailman/listinfo/owasp-bangalore Subscribe to OWASP Bangalore Mailing list]

=== Follow @owaspbangalore for event updates on Twitter ===
[[File:Twitter-bird-cropped-onwhite-40%25smaller.png]]
'''[https://twitter.com/owaspbangalore OWASP Bangalore Twitter Account]'''

=== Short Links for sharing and easy to remember ===
* Wiki Page - '''[https://bit.ly/owaspblr https://bit.ly/owaspblr]'''
* Next OWASP Bangalore Meet '''[https://bit.ly/owaspblr-meet https://bit.ly/owaspblr-meet]'''
* OWASP Bangalore Mailing List '''[https://bit.ly/owaspblr-mailinglist http://bit.ly/owaspblr-mailinglist]'''
* OWASP Global Google Calendar '''[https://bit.ly/owaspblr-googlecal http://bit.ly/owaspblr-googlecal]'''

= '''Chapter News''' =

=== 09th July 2016 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information

=== 05th June 2016 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information

=== 07th May 2016 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information

=== 15th March 2016 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information

=== 20th Dec 2015 ===
* Details of the OWASP Bangalore Christmas special meeting has been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information

=== 05th Dec 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 11th Nov 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 25th Sep 2015 ===
* September month meet is moved by a day to Sunday 27th Sept at the same venue due to the Bangalore strike.

=== 18th Sep 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 15th Aug 2015 ===
* Venue and links updated. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 14th July 2015 ===
* Venue and links updated. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 2nd July 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 12th June 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 02nd June 2015 ===
* Details of the next OWASP Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 25th May 2015 ===
* Details of the next OWASP Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 20th May 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 24th March 2015 ===
* Details of the next OWASP Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 12th March 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 01st February 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 02nd January 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 5th December 2014 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 29th November 2014 ===
* We have added @abhinav_sejpal to tweet from @owaspbangalore. Looking forward to a more vibrant twitter account!

=== 26th November 2014 ===
* Many thanks to [https://twitter.com/shruthi76 @shruthi76] for creating a logo for OWASP Bangalore

=== 17th November 2014 ===
* Details of the OWASP Banglore Workshop on XWH2014 by Riyaz Walikar have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 16th November 2014 ===
* Details of the next Combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 4th November 2014 ===
* Our special meeting details have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link]

=== 14th October 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 17th September 2014 ===
* The OWASP Testing Guide v4 was released today. Our very own [https://www.owasp.org/index.php/User:Anant_Shrivastava Anant Shrivastava] from the Bangalore chapter has contributed a chapter on Fingerprinting Web Servers. Please follow the [https://www.owasp.org/index.php/Fingerprint_Web_Server_(OTG-INFO-002) link] to read the specific section.

=== 13th September 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 28th August 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.
* Riyaz Walikar updated his profile.

=== 11th July 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 6th Jun 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 5th Jun 2014 ===
* Very excited to have [mailto:riyaz.walikar@owasp.org Riyaz Walikar] joining us the third OWASP Bangalore Chapter Lead

=== Older News ===
* null/OWASP combined meet up on 24th May 2014
* We have a new twitter account [https://twitter.com/owaspbangalore @owaspbangalore]

= '''Next Meeting''' =

== OWASP Bangalore meet - 16th July 2016 09:30 AM - 05:00 PM ==

'''Add to Google Calendar'''
[https://calendar.google.com/calendar/hosted/owasp.org/event?action=TEMPLATE&tmeid=cHJjc2hna2pzazVxNm85YzdhNDhjM2RpYmcgaGw2Y2pnczZlcDFoN29uaXFndWV1MmJoYm9AZw&tmsrc=hl6cjgs6ep1h7oniqgueu2bhbo%40group.calendar.google.com Google Calendar Link]

=== '''Sessions''' ===
* Beginners Talk on Physical Securty by Manasdeep
* Android Security Internals by Kartik Lalan
* Automated Information Gathering Using Recon-ng by narendra kumar sharma
* Node JS Security by Madhu Akula
* Security Intelligence by Raghavendran Gopal
* Platform Security using intel SGX by Pradyumna Padhan
* Linux Privilege Escalation techniques by Jagan Mohan
* Twitter Bug Hunt by Avinash
* MOD_SECURITY WAF by Chandrapal

=== '''Venue''' ===
Citrix 
No. 33, Prestige Dynasty Ulsoor Road, Sivanchetti Gardens 
Yellappa Chetty Layout, Sivanchetti Gardens 
Bengaluru, Karnataka 560042 

[https://www.google.com/maps/place/Citrix+R%26D+India/@12.975391,77.617454,3157m/data=!3m1!1e3!4m5!3m4!1s0x0:0xeb06e6d4193d7cba!8m2!3d12.9753911!4d77.6174541?hl=en-US GoogleMap]

=== '''Instructions''' ===
1. Please bring a Government issued ID card (Pan, Driving license, etc) for entry into the compound. 
2. Laptops have to be declared with serial numbers at the building security. 

= '''Previous Meeting Venue and Dates''' =

{| class="wikitable"
|-
! No
! Date
! Venue
! Time
|-
| 56
| 7th May 2016
| Akamai (https://goo.gl/qqRw4b)
| 09:30 AM
|-
|-
| 55
| 16th April 2016
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 54
| 19th March 2016
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 54
| 20th Feb 2016
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 53
| 16th Jan 2016
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 52
| 12th Dec 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 51
| 21st Nov 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 50
| 17th Oct 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 49
| 27th Sept 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 48
| 29th Aug 2015
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 47
| 25th July 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 46
| 20th June 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 45
| 6th June 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 44
| 30th May 2015
| Microsoft Technology Center (http://goo.gl/69VZrL)
| 09:30 AM
|-
|-
| 43
| 16th May 2015
| Philips Innovation Campus (https://goo.gl/fAVWl9)
| 09:30 AM
|-
|-
| 42
| 25th April 2015
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 41
| 21st March 2015
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 40
| 21st February 2015
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 39
| 17th January 2015
| Sapient Consulting (http://goo.gl/hZmwyV)
| 09:30 AM
|-
|-
| 38
| 13th December 2014
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:00 AM
|-
|-
| 37
| 29th November 2014
| Triad Square Infosec (https://bit.ly/owaspmeet-xwh2014)
| 10:00 AM
|-
|-
| 36
| 22nd November 2014
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 35
| 15th November 2014
| PayPal Office (http://goo.gl/quBKaG)
| 10:00 AM
|-
|-
| 34
| 18th October 2014
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 33
| 20th September 2014
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 32
| 30th August 2014
| EMC Corporation (http://goo.gl/19Ueet)
| 09:30 AM
|-
|-
| 31
| 19th July 2014
| ThoughtWorks Office (http://goo.gl/bokSL)
| 09:30 AM
|-
|-
| 30
| 14th June 2014
| ThoughtWorks Office (http://goo.gl/bokSL)
| 09:30 AM
|-
|-
| 29
| 24th May 2014
| ThoughtWorks Office (http://goo.gl/bokSL)
| 10:00 AM
|-
|-
| 28
| 8th February 2014
| Paypal Office
| 10:00 AM
|-
| 27
| 18th January 2014
| ThoughtWorks Office (http://goo.gl/bokSL)
| 9:30 AM
|-
|-
| 26
| 14th December 2013
| ThoughtWorks Office (http://goo.gl/bokSL)
| 9:30 AM
|-
| 25
| 1st November 2012
| KPMG Office
| 7 PM
|-

|-
| 24
| 16th May 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 23
| 19th May 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 22
| 21th April 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 21
| 10th March 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 20
| 04th February 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 19
| 07th January 2012
| Kieon
| 10 AM
|-

|-
| 18
| 3rd October 2009
| Praxeva India
| 10 AM
|-
| 17
| 19th September 2009
| Praxeva India
| 10 AM
|-
| 16
| 5th September 2009
| Praxeva India
| 10 AM
|-
| 15
| 12 July 2009
| Cubbon Park
| 10.30 AM
|-
| 14
| 07 June 2009
| ICH, Church Street
| 09.00 AM
|-
| 13
| 11 April 2009
| ThoughtWorks Bangalore, ([http://www.devcamp.in/wiki/Main_Page DevCamp2])
| 10.00 AM
|-
| 12
| 07 March 2009
| Yahoo, Embassy Golf Links Business Park
| 11.00 AM
|-
| 11
| 02 February 2009
| India Coffee House, MG Road
| 9.00 AM
|-
| 10
| 11 January 2009
| India Coffee House, MG Road
| 9.00 AM
|-
| 9
| 14 December 2008
| India Coffee House, MG Road
| 9.00 AM
|-
| 8
| 16 November 2008
| India Coffee House, MG Road
| 9.00 AM
|-
| 7
| 13 September 2008
| IIM Bangalore (Part of BarCamp Bangalore-7)
| 
|-
| 6
| 09 August 2008
| Microland Office
| 3.00 PM
|-
| 5
| 12 July 2008
| RSA Office (Part of Secure Camp)
| 9.30 AM
|-
| 4
| 29 June 2008
| India Coffee House, MG Road
| 9.30AM
|-
| 3
| 28 June 2007
| (Part of Barcamp Bangalore-4)
| 
|-
| 2
| 2006
| 
| 
|-
| 1
| 2006
| 
| 
|}

= '''Meeting Summaries''' =
[[Bangalore/Archives|Summaries from Past Meetings]]

= '''Chapter Leaders'''=
== Current Chapter Leaders ==

=== KV Prashanth (2012 - Present) ===
=== Akash Mahajan (2012 - Present) ===

I am ''The Web Application Security Guy''. Apart from running a company offering application security consulting, I spend majority of my time doing volunteer work for OWASP as the Bangalore chapter leader and null - The Open Security Community as a Community Manager. I tweet about security quite regularly on twitter account [https://twitter.com/makash @makash]. Feel free to get in touch.

Twitter: [https://twitter.com/makash @makash]

=== Riyaz Walikar (2014 - Present) ===

Pentester/web security evangelist. I have been active in the security community for the better part of the last 7 years by working closely with the Bangalore OWASP chapter and null - The Open Security community.

My technical interests lie with programming, bug bounty, malware analysis, breaking web applications, playing CTFs, researching devices that fall under the Internet of Things category and penetration testing networks exposed to the Internet. When not writing/breaking code, you can find me sleeping, playing football, reading or fishing.

Blog: http://ibreak.software

Twitter: [https://www.twitter.com/riyazwalikar @riyazwalikar]

== Current Chapter volunteers ==

=== Abhinav Sejpal (2015 - Present) ===

Fell in love with the power of software at age 17, and he is still in love. He is a security researcher working at Accenture Digital. He has reported security vulnerabilities 50+ Unique product giants all over the world including Apple, Adobe , Twitter, Linkedin, Yahoo , Pinterest, VK etc. He enjoys finding and exploiting software vulnerabilities via reverse engineering, source code auditing, fuzzing. He researches primarily focused Android , iOS Mobile App and open source project like ASVS, OWASP Mobile Top 10, Mobile Security Framework etc.

Speaker @ OWASP, Null , Weekend Testing Bangalore Chapter

Blog: http://bugwrangler.in

Twitter: [https://www.twitter.com/Abhinav_Sejpal @Abhinav_Sejpal]

Github: [https://github.com/bugwrangler bugwrangler]

== Previous Chapter Leaders ==

=== Harinath (2002 - 2012) ===

<headertabs />

[[Category:India]]

Bangalore

2016-07-09T15:52:33Z

Abhinav: /* Next Meeting */

__NOTOC__

[[File:Owasp-bangalore-logo.png|OWASP Bangalore Chapter]]
{{Chapter Template|chaptername=Bangalore|extra=The chapter leaders are [mailto:kvprashant@owasp.org Prashant Kv], [mailto:riyaz.walikar@owasp.org Riyaz Walikar] and [[User:Makash | Akash Mahajan]] [mailto:akash.mahajan@owasp.org (akash.mahajan@owasp.org)] |mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-bangalore|emailarchives=http://lists.owasp.org/pipermail/owasp-bangalore}}

= '''Stay Updated''' =
=== Join our low traffic mailing list for event information ===
[[File:Mail-50%25smaller.jpeg]]
[https://lists.owasp.org/mailman/listinfo/owasp-bangalore Subscribe to OWASP Bangalore Mailing list]

=== Follow @owaspbangalore for event updates on Twitter ===
[[File:Twitter-bird-cropped-onwhite-40%25smaller.png]]
'''[https://twitter.com/owaspbangalore OWASP Bangalore Twitter Account]'''

=== Short Links for sharing and easy to remember ===
* Wiki Page - '''[https://bit.ly/owaspblr https://bit.ly/owaspblr]'''
* Next OWASP Bangalore Meet '''[https://bit.ly/owaspblr-meet https://bit.ly/owaspblr-meet]'''
* OWASP Bangalore Mailing List '''[https://bit.ly/owaspblr-mailinglist http://bit.ly/owaspblr-mailinglist]'''
* OWASP Global Google Calendar '''[https://bit.ly/owaspblr-googlecal http://bit.ly/owaspblr-googlecal]'''

= '''Chapter News''' =

=== 05th June 2016 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information

=== 07th May 2016 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information

=== 15th March 2016 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information

=== 20th Dec 2015 ===
* Details of the OWASP Bangalore Christmas special meeting has been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information

=== 05th Dec 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 11th Nov 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 25th Sep 2015 ===
* September month meet is moved by a day to Sunday 27th Sept at the same venue due to the Bangalore strike.

=== 18th Sep 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 15th Aug 2015 ===
* Venue and links updated. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 14th July 2015 ===
* Venue and links updated. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 2nd July 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 12th June 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 02nd June 2015 ===
* Details of the next OWASP Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 25th May 2015 ===
* Details of the next OWASP Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 20th May 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 24th March 2015 ===
* Details of the next OWASP Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 12th March 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 01st February 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 02nd January 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 5th December 2014 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 29th November 2014 ===
* We have added @abhinav_sejpal to tweet from @owaspbangalore. Looking forward to a more vibrant twitter account!

=== 26th November 2014 ===
* Many thanks to [https://twitter.com/shruthi76 @shruthi76] for creating a logo for OWASP Bangalore

=== 17th November 2014 ===
* Details of the OWASP Banglore Workshop on XWH2014 by Riyaz Walikar have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 16th November 2014 ===
* Details of the next Combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 4th November 2014 ===
* Our special meeting details have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link]

=== 14th October 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 17th September 2014 ===
* The OWASP Testing Guide v4 was released today. Our very own [https://www.owasp.org/index.php/User:Anant_Shrivastava Anant Shrivastava] from the Bangalore chapter has contributed a chapter on Fingerprinting Web Servers. Please follow the [https://www.owasp.org/index.php/Fingerprint_Web_Server_(OTG-INFO-002) link] to read the specific section.

=== 13th September 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 28th August 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.
* Riyaz Walikar updated his profile.

=== 11th July 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 6th Jun 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 5th Jun 2014 ===
* Very excited to have [mailto:riyaz.walikar@owasp.org Riyaz Walikar] joining us the third OWASP Bangalore Chapter Lead

=== Older News ===
* null/OWASP combined meet up on 24th May 2014
* We have a new twitter account [https://twitter.com/owaspbangalore @owaspbangalore]

= '''Next Meeting''' =

== OWASP Bangalore meet - 16th July 2016 09:30 AM - 05:00 PM ==

'''Add to Google Calendar'''
[https://calendar.google.com/calendar/hosted/owasp.org/event?action=TEMPLATE&tmeid=cHJjc2hna2pzazVxNm85YzdhNDhjM2RpYmcgaGw2Y2pnczZlcDFoN29uaXFndWV1MmJoYm9AZw&tmsrc=hl6cjgs6ep1h7oniqgueu2bhbo%40group.calendar.google.com Google Calendar Link]

=== '''Sessions''' ===
* Beginners Talk on Physical Securty by Manasdeep
* Android Security Internals by Kartik Lalan
* Automated Information Gathering Using Recon-ng by narendra kumar sharma
* Node JS Security by Madhu Akula
* Security Intelligence by Raghavendran Gopal
* Platform Security using intel SGX by Pradyumna Padhan
* Linux Privilege Escalation techniques by Jagan Mohan
* Twitter Bug Hunt by Avinash
* MOD_SECURITY WAF by Chandrapal

=== '''Venue''' ===
Citrix 
No. 33, Prestige Dynasty Ulsoor Road, Sivanchetti Gardens 
Yellappa Chetty Layout, Sivanchetti Gardens 
Bengaluru, Karnataka 560042 

[https://www.google.com/maps/place/Citrix+R%26D+India/@12.975391,77.617454,3157m/data=!3m1!1e3!4m5!3m4!1s0x0:0xeb06e6d4193d7cba!8m2!3d12.9753911!4d77.6174541?hl=en-US GoogleMap]

=== '''Instructions''' ===
1. Please bring a Government issued ID card (Pan, Driving license, etc) for entry into the compound. 
2. Laptops have to be declared with serial numbers at the building security. 

= '''Previous Meeting Venue and Dates''' =

{| class="wikitable"
|-
! No
! Date
! Venue
! Time
|-
| 56
| 7th May 2016
| Akamai (https://goo.gl/qqRw4b)
| 09:30 AM
|-
|-
| 55
| 16th April 2016
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 54
| 19th March 2016
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 54
| 20th Feb 2016
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 53
| 16th Jan 2016
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 52
| 12th Dec 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 51
| 21st Nov 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 50
| 17th Oct 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 49
| 27th Sept 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 48
| 29th Aug 2015
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 47
| 25th July 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 46
| 20th June 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 45
| 6th June 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 44
| 30th May 2015
| Microsoft Technology Center (http://goo.gl/69VZrL)
| 09:30 AM
|-
|-
| 43
| 16th May 2015
| Philips Innovation Campus (https://goo.gl/fAVWl9)
| 09:30 AM
|-
|-
| 42
| 25th April 2015
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 41
| 21st March 2015
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 40
| 21st February 2015
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 39
| 17th January 2015
| Sapient Consulting (http://goo.gl/hZmwyV)
| 09:30 AM
|-
|-
| 38
| 13th December 2014
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:00 AM
|-
|-
| 37
| 29th November 2014
| Triad Square Infosec (https://bit.ly/owaspmeet-xwh2014)
| 10:00 AM
|-
|-
| 36
| 22nd November 2014
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 35
| 15th November 2014
| PayPal Office (http://goo.gl/quBKaG)
| 10:00 AM
|-
|-
| 34
| 18th October 2014
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 33
| 20th September 2014
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 32
| 30th August 2014
| EMC Corporation (http://goo.gl/19Ueet)
| 09:30 AM
|-
|-
| 31
| 19th July 2014
| ThoughtWorks Office (http://goo.gl/bokSL)
| 09:30 AM
|-
|-
| 30
| 14th June 2014
| ThoughtWorks Office (http://goo.gl/bokSL)
| 09:30 AM
|-
|-
| 29
| 24th May 2014
| ThoughtWorks Office (http://goo.gl/bokSL)
| 10:00 AM
|-
|-
| 28
| 8th February 2014
| Paypal Office
| 10:00 AM
|-
| 27
| 18th January 2014
| ThoughtWorks Office (http://goo.gl/bokSL)
| 9:30 AM
|-
|-
| 26
| 14th December 2013
| ThoughtWorks Office (http://goo.gl/bokSL)
| 9:30 AM
|-
| 25
| 1st November 2012
| KPMG Office
| 7 PM
|-

|-
| 24
| 16th May 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 23
| 19th May 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 22
| 21th April 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 21
| 10th March 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 20
| 04th February 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 19
| 07th January 2012
| Kieon
| 10 AM
|-

|-
| 18
| 3rd October 2009
| Praxeva India
| 10 AM
|-
| 17
| 19th September 2009
| Praxeva India
| 10 AM
|-
| 16
| 5th September 2009
| Praxeva India
| 10 AM
|-
| 15
| 12 July 2009
| Cubbon Park
| 10.30 AM
|-
| 14
| 07 June 2009
| ICH, Church Street
| 09.00 AM
|-
| 13
| 11 April 2009
| ThoughtWorks Bangalore, ([http://www.devcamp.in/wiki/Main_Page DevCamp2])
| 10.00 AM
|-
| 12
| 07 March 2009
| Yahoo, Embassy Golf Links Business Park
| 11.00 AM
|-
| 11
| 02 February 2009
| India Coffee House, MG Road
| 9.00 AM
|-
| 10
| 11 January 2009
| India Coffee House, MG Road
| 9.00 AM
|-
| 9
| 14 December 2008
| India Coffee House, MG Road
| 9.00 AM
|-
| 8
| 16 November 2008
| India Coffee House, MG Road
| 9.00 AM
|-
| 7
| 13 September 2008
| IIM Bangalore (Part of BarCamp Bangalore-7)
| 
|-
| 6
| 09 August 2008
| Microland Office
| 3.00 PM
|-
| 5
| 12 July 2008
| RSA Office (Part of Secure Camp)
| 9.30 AM
|-
| 4
| 29 June 2008
| India Coffee House, MG Road
| 9.30AM
|-
| 3
| 28 June 2007
| (Part of Barcamp Bangalore-4)
| 
|-
| 2
| 2006
| 
| 
|-
| 1
| 2006
| 
| 
|}

= '''Meeting Summaries''' =
[[Bangalore/Archives|Summaries from Past Meetings]]

= '''Chapter Leaders'''=
== Current Chapter Leaders ==

=== KV Prashanth (2012 - Present) ===
=== Akash Mahajan (2012 - Present) ===

I am ''The Web Application Security Guy''. Apart from running a company offering application security consulting, I spend majority of my time doing volunteer work for OWASP as the Bangalore chapter leader and null - The Open Security Community as a Community Manager. I tweet about security quite regularly on twitter account [https://twitter.com/makash @makash]. Feel free to get in touch.

Twitter: [https://twitter.com/makash @makash]

=== Riyaz Walikar (2014 - Present) ===

Pentester/web security evangelist. I have been active in the security community for the better part of the last 7 years by working closely with the Bangalore OWASP chapter and null - The Open Security community.

My technical interests lie with programming, bug bounty, malware analysis, breaking web applications, playing CTFs, researching devices that fall under the Internet of Things category and penetration testing networks exposed to the Internet. When not writing/breaking code, you can find me sleeping, playing football, reading or fishing.

Blog: http://ibreak.software

Twitter: [https://www.twitter.com/riyazwalikar @riyazwalikar]

== Current Chapter volunteers ==

=== Abhinav Sejpal (2015 - Present) ===

Fell in love with the power of software at age 17, and he is still in love. He is a security researcher working at Accenture Digital. He has reported security vulnerabilities 50+ Unique product giants all over the world including Apple, Adobe , Twitter, Linkedin, Yahoo , Pinterest, VK etc. He enjoys finding and exploiting software vulnerabilities via reverse engineering, source code auditing, fuzzing. He researches primarily focused Android , iOS Mobile App and open source project like ASVS, OWASP Mobile Top 10, Mobile Security Framework etc.

Speaker @ OWASP, Null , Weekend Testing Bangalore Chapter

Blog: http://bugwrangler.in

Twitter: [https://www.twitter.com/Abhinav_Sejpal @Abhinav_Sejpal]

Github: [https://github.com/bugwrangler bugwrangler]

== Previous Chapter Leaders ==

=== Harinath (2002 - 2012) ===

<headertabs />

[[Category:India]]

Bangalore

2016-06-05T08:59:02Z

Abhinav: /* Chapter News */

__NOTOC__

[[File:Owasp-bangalore-logo.png|OWASP Bangalore Chapter]]
{{Chapter Template|chaptername=Bangalore|extra=The chapter leaders are [mailto:kvprashant@owasp.org Prashant Kv], [mailto:riyaz.walikar@owasp.org Riyaz Walikar] and [[User:Makash | Akash Mahajan]] [mailto:akash.mahajan@owasp.org (akash.mahajan@owasp.org)] |mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-bangalore|emailarchives=http://lists.owasp.org/pipermail/owasp-bangalore}}

= '''Stay Updated''' =
=== Join our low traffic mailing list for event information ===
[[File:Mail-50%25smaller.jpeg]]
[https://lists.owasp.org/mailman/listinfo/owasp-bangalore Subscribe to OWASP Bangalore Mailing list]

=== Follow @owaspbangalore for event updates on Twitter ===
[[File:Twitter-bird-cropped-onwhite-40%25smaller.png]]
'''[https://twitter.com/owaspbangalore OWASP Bangalore Twitter Account]'''

=== Short Links for sharing and easy to remember ===
* Wiki Page - '''[https://bit.ly/owaspblr https://bit.ly/owaspblr]'''
* Next OWASP Bangalore Meet '''[https://bit.ly/owaspblr-meet https://bit.ly/owaspblr-meet]'''
* OWASP Bangalore Mailing List '''[https://bit.ly/owaspblr-mailinglist http://bit.ly/owaspblr-mailinglist]'''
* OWASP Global Google Calendar '''[https://bit.ly/owaspblr-googlecal http://bit.ly/owaspblr-googlecal]'''

= '''Chapter News''' =

=== 11th June 2016 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information

=== 07th May 2016 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information

=== 15th March 2016 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information

=== 20th Dec 2015 ===
* Details of the OWASP Bangalore Christmas special meeting has been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information

=== 05th Dec 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 11th Nov 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 25th Sep 2015 ===
* September month meet is moved by a day to Sunday 27th Sept at the same venue due to the Bangalore strike.

=== 18th Sep 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 15th Aug 2015 ===
* Venue and links updated. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 14th July 2015 ===
* Venue and links updated. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 2nd July 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 12th June 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 02nd June 2015 ===
* Details of the next OWASP Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 25th May 2015 ===
* Details of the next OWASP Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 20th May 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 24th March 2015 ===
* Details of the next OWASP Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 12th March 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 01st February 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 02nd January 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 5th December 2014 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 29th November 2014 ===
* We have added @abhinav_sejpal to tweet from @owaspbangalore. Looking forward to a more vibrant twitter account!

=== 26th November 2014 ===
* Many thanks to [https://twitter.com/shruthi76 @shruthi76] for creating a logo for OWASP Bangalore

=== 17th November 2014 ===
* Details of the OWASP Banglore Workshop on XWH2014 by Riyaz Walikar have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 16th November 2014 ===
* Details of the next Combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 4th November 2014 ===
* Our special meeting details have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link]

=== 14th October 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 17th September 2014 ===
* The OWASP Testing Guide v4 was released today. Our very own [https://www.owasp.org/index.php/User:Anant_Shrivastava Anant Shrivastava] from the Bangalore chapter has contributed a chapter on Fingerprinting Web Servers. Please follow the [https://www.owasp.org/index.php/Fingerprint_Web_Server_(OTG-INFO-002) link] to read the specific section.

=== 13th September 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 28th August 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.
* Riyaz Walikar updated his profile.

=== 11th July 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 6th Jun 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 5th Jun 2014 ===
* Very excited to have [mailto:riyaz.walikar@owasp.org Riyaz Walikar] joining us the third OWASP Bangalore Chapter Lead

=== Older News ===
* null/OWASP combined meet up on 24th May 2014
* We have a new twitter account [https://twitter.com/owaspbangalore @owaspbangalore]

= '''Next Meeting''' =

== OWASP Bangalore meet - 14th May 2016 09:30 AM - 05:00 PM ==

'''Add to Google Calendar'''
[https://calendar.google.com/calendar/hosted/owasp.org/event?action=TEMPLATE&tmeid=cHJjc2hna2pzazVxNm85YzdhNDhjM2RpYmcgaGw2Y2pnczZlcDFoN29uaXFndWV1MmJoYm9AZw&tmsrc=hl6cjgs6ep1h7oniqgueu2bhbo%40group.calendar.google.com Google Calendar Link]

=== '''Sessions''' ===
* Android Security - Part 3 by jitendra kumar
* Targeted Attacks by Rahul Choudhary
* SQL Injection to shell by Krithika M. M.
* Case studies of recent network attacks by Devanshu Agarwal
* How I pwned you online by Nutan Kumar Panda
* An introduction to Single Sign On [with Demo] by Lakshmikiran
* Windows Privilege Escalation Techniques by Riyaz Walikar
* Metasploit basics and db usage by Arun.S

=== '''Venue''' ===
Citrix 
No. 33, Prestige Dynasty Ulsoor Road, Sivanchetti Gardens 
Yellappa Chetty Layout, Sivanchetti Gardens 
Bengaluru, Karnataka 560042 

[https://www.google.com/maps/place/Citrix+R%26D+India/@12.975391,77.617454,3157m/data=!3m1!1e3!4m5!3m4!1s0x0:0xeb06e6d4193d7cba!8m2!3d12.9753911!4d77.6174541?hl=en-US GoogleMap]

=== '''Instructions''' ===
1. Please bring a Government issued ID card (Pan, Driving license, etc) for entry into the compound. 
2. Laptops have to be declared with serial numbers at the building security. 

= '''Previous Meeting Venue and Dates''' =

{| class="wikitable"
|-
! No
! Date
! Venue
! Time
|-
| 56
| 7th May 2016
| Akamai (https://goo.gl/qqRw4b)
| 09:30 AM
|-
|-
| 55
| 16th April 2016
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 54
| 19th March 2016
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 54
| 20th Feb 2016
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 53
| 16th Jan 2016
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 52
| 12th Dec 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 51
| 21st Nov 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 50
| 17th Oct 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 49
| 27th Sept 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 48
| 29th Aug 2015
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 47
| 25th July 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 46
| 20th June 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 45
| 6th June 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 44
| 30th May 2015
| Microsoft Technology Center (http://goo.gl/69VZrL)
| 09:30 AM
|-
|-
| 43
| 16th May 2015
| Philips Innovation Campus (https://goo.gl/fAVWl9)
| 09:30 AM
|-
|-
| 42
| 25th April 2015
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 41
| 21st March 2015
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 40
| 21st February 2015
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 39
| 17th January 2015
| Sapient Consulting (http://goo.gl/hZmwyV)
| 09:30 AM
|-
|-
| 38
| 13th December 2014
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:00 AM
|-
|-
| 37
| 29th November 2014
| Triad Square Infosec (https://bit.ly/owaspmeet-xwh2014)
| 10:00 AM
|-
|-
| 36
| 22nd November 2014
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 35
| 15th November 2014
| PayPal Office (http://goo.gl/quBKaG)
| 10:00 AM
|-
|-
| 34
| 18th October 2014
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 33
| 20th September 2014
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 32
| 30th August 2014
| EMC Corporation (http://goo.gl/19Ueet)
| 09:30 AM
|-
|-
| 31
| 19th July 2014
| ThoughtWorks Office (http://goo.gl/bokSL)
| 09:30 AM
|-
|-
| 30
| 14th June 2014
| ThoughtWorks Office (http://goo.gl/bokSL)
| 09:30 AM
|-
|-
| 29
| 24th May 2014
| ThoughtWorks Office (http://goo.gl/bokSL)
| 10:00 AM
|-
|-
| 28
| 8th February 2014
| Paypal Office
| 10:00 AM
|-
| 27
| 18th January 2014
| ThoughtWorks Office (http://goo.gl/bokSL)
| 9:30 AM
|-
|-
| 26
| 14th December 2013
| ThoughtWorks Office (http://goo.gl/bokSL)
| 9:30 AM
|-
| 25
| 1st November 2012
| KPMG Office
| 7 PM
|-

|-
| 24
| 16th May 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 23
| 19th May 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 22
| 21th April 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 21
| 10th March 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 20
| 04th February 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 19
| 07th January 2012
| Kieon
| 10 AM
|-

|-
| 18
| 3rd October 2009
| Praxeva India
| 10 AM
|-
| 17
| 19th September 2009
| Praxeva India
| 10 AM
|-
| 16
| 5th September 2009
| Praxeva India
| 10 AM
|-
| 15
| 12 July 2009
| Cubbon Park
| 10.30 AM
|-
| 14
| 07 June 2009
| ICH, Church Street
| 09.00 AM
|-
| 13
| 11 April 2009
| ThoughtWorks Bangalore, ([http://www.devcamp.in/wiki/Main_Page DevCamp2])
| 10.00 AM
|-
| 12
| 07 March 2009
| Yahoo, Embassy Golf Links Business Park
| 11.00 AM
|-
| 11
| 02 February 2009
| India Coffee House, MG Road
| 9.00 AM
|-
| 10
| 11 January 2009
| India Coffee House, MG Road
| 9.00 AM
|-
| 9
| 14 December 2008
| India Coffee House, MG Road
| 9.00 AM
|-
| 8
| 16 November 2008
| India Coffee House, MG Road
| 9.00 AM
|-
| 7
| 13 September 2008
| IIM Bangalore (Part of BarCamp Bangalore-7)
| 
|-
| 6
| 09 August 2008
| Microland Office
| 3.00 PM
|-
| 5
| 12 July 2008
| RSA Office (Part of Secure Camp)
| 9.30 AM
|-
| 4
| 29 June 2008
| India Coffee House, MG Road
| 9.30AM
|-
| 3
| 28 June 2007
| (Part of Barcamp Bangalore-4)
| 
|-
| 2
| 2006
| 
| 
|-
| 1
| 2006
| 
| 
|}

= '''Meeting Summaries''' =
[[Bangalore/Archives|Summaries from Past Meetings]]

= '''Chapter Leaders'''=
== Current Chapter Leaders ==

=== KV Prashanth (2012 - Present) ===
=== Akash Mahajan (2012 - Present) ===

I am ''The Web Application Security Guy''. Apart from running a company offering application security consulting, I spend majority of my time doing volunteer work for OWASP as the Bangalore chapter leader and null - The Open Security Community as a Community Manager. I tweet about security quite regularly on twitter account [https://twitter.com/makash @makash]. Feel free to get in touch.

Twitter: [https://twitter.com/makash @makash]

=== Riyaz Walikar (2014 - Present) ===

Pentester/web security evangelist. I have been active in the security community for the better part of the last 7 years by working closely with the Bangalore OWASP chapter and null - The Open Security community.

My technical interests lie with programming, bug bounty, malware analysis, breaking web applications, playing CTFs, researching devices that fall under the Internet of Things category and penetration testing networks exposed to the Internet. When not writing/breaking code, you can find me sleeping, playing football, reading or fishing.

Blog: http://ibreak.software

Twitter: [https://www.twitter.com/riyazwalikar @riyazwalikar]

== Current Chapter volunteers ==

=== Abhinav Sejpal (2015 - Present) ===

Fell in love with the power of software at age 17, and he is still in love. He is a security researcher working at Accenture Digital. He has reported security vulnerabilities 50+ Unique product giants all over the world including Apple, Adobe , Twitter, Linkedin, Yahoo , Pinterest, VK etc. He enjoys finding and exploiting software vulnerabilities via reverse engineering, source code auditing, fuzzing. He researches primarily focused Android , iOS Mobile App and open source project like ASVS, OWASP Mobile Top 10, Mobile Security Framework etc.

Speaker @ OWASP, Null , Weekend Testing Bangalore Chapter

Blog: http://bugwrangler.in

Twitter: [https://www.twitter.com/Abhinav_Sejpal @Abhinav_Sejpal]

Github: [https://github.com/bugwrangler bugwrangler]

== Previous Chapter Leaders ==

=== Harinath (2002 - 2012) ===

<headertabs />

[[Category:India]]

Bangalore

2016-06-05T08:58:40Z

Abhinav: /* Previous Meeting Venue and Dates */

__NOTOC__

[[File:Owasp-bangalore-logo.png|OWASP Bangalore Chapter]]
{{Chapter Template|chaptername=Bangalore|extra=The chapter leaders are [mailto:kvprashant@owasp.org Prashant Kv], [mailto:riyaz.walikar@owasp.org Riyaz Walikar] and [[User:Makash | Akash Mahajan]] [mailto:akash.mahajan@owasp.org (akash.mahajan@owasp.org)] |mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-bangalore|emailarchives=http://lists.owasp.org/pipermail/owasp-bangalore}}

= '''Stay Updated''' =
=== Join our low traffic mailing list for event information ===
[[File:Mail-50%25smaller.jpeg]]
[https://lists.owasp.org/mailman/listinfo/owasp-bangalore Subscribe to OWASP Bangalore Mailing list]

=== Follow @owaspbangalore for event updates on Twitter ===
[[File:Twitter-bird-cropped-onwhite-40%25smaller.png]]
'''[https://twitter.com/owaspbangalore OWASP Bangalore Twitter Account]'''

=== Short Links for sharing and easy to remember ===
* Wiki Page - '''[https://bit.ly/owaspblr https://bit.ly/owaspblr]'''
* Next OWASP Bangalore Meet '''[https://bit.ly/owaspblr-meet https://bit.ly/owaspblr-meet]'''
* OWASP Bangalore Mailing List '''[https://bit.ly/owaspblr-mailinglist http://bit.ly/owaspblr-mailinglist]'''
* OWASP Global Google Calendar '''[https://bit.ly/owaspblr-googlecal http://bit.ly/owaspblr-googlecal]'''

= '''Chapter News''' =

=== 011th June 2016 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information

=== 07th May 2016 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information

=== 15th March 2016 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information

=== 20th Dec 2015 ===
* Details of the OWASP Bangalore Christmas special meeting has been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information

=== 05th Dec 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 11th Nov 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 25th Sep 2015 ===
* September month meet is moved by a day to Sunday 27th Sept at the same venue due to the Bangalore strike.

=== 18th Sep 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 15th Aug 2015 ===
* Venue and links updated. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 14th July 2015 ===
* Venue and links updated. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 2nd July 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 12th June 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 02nd June 2015 ===
* Details of the next OWASP Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 25th May 2015 ===
* Details of the next OWASP Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 20th May 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 24th March 2015 ===
* Details of the next OWASP Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 12th March 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 01st February 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 02nd January 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 5th December 2014 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 29th November 2014 ===
* We have added @abhinav_sejpal to tweet from @owaspbangalore. Looking forward to a more vibrant twitter account!

=== 26th November 2014 ===
* Many thanks to [https://twitter.com/shruthi76 @shruthi76] for creating a logo for OWASP Bangalore

=== 17th November 2014 ===
* Details of the OWASP Banglore Workshop on XWH2014 by Riyaz Walikar have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 16th November 2014 ===
* Details of the next Combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 4th November 2014 ===
* Our special meeting details have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link]

=== 14th October 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 17th September 2014 ===
* The OWASP Testing Guide v4 was released today. Our very own [https://www.owasp.org/index.php/User:Anant_Shrivastava Anant Shrivastava] from the Bangalore chapter has contributed a chapter on Fingerprinting Web Servers. Please follow the [https://www.owasp.org/index.php/Fingerprint_Web_Server_(OTG-INFO-002) link] to read the specific section.

=== 13th September 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 28th August 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.
* Riyaz Walikar updated his profile.

=== 11th July 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 6th Jun 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 5th Jun 2014 ===
* Very excited to have [mailto:riyaz.walikar@owasp.org Riyaz Walikar] joining us the third OWASP Bangalore Chapter Lead

=== Older News ===
* null/OWASP combined meet up on 24th May 2014
* We have a new twitter account [https://twitter.com/owaspbangalore @owaspbangalore]

= '''Next Meeting''' =

== OWASP Bangalore meet - 14th May 2016 09:30 AM - 05:00 PM ==

'''Add to Google Calendar'''
[https://calendar.google.com/calendar/hosted/owasp.org/event?action=TEMPLATE&tmeid=cHJjc2hna2pzazVxNm85YzdhNDhjM2RpYmcgaGw2Y2pnczZlcDFoN29uaXFndWV1MmJoYm9AZw&tmsrc=hl6cjgs6ep1h7oniqgueu2bhbo%40group.calendar.google.com Google Calendar Link]

=== '''Sessions''' ===
* Android Security - Part 3 by jitendra kumar
* Targeted Attacks by Rahul Choudhary
* SQL Injection to shell by Krithika M. M.
* Case studies of recent network attacks by Devanshu Agarwal
* How I pwned you online by Nutan Kumar Panda
* An introduction to Single Sign On [with Demo] by Lakshmikiran
* Windows Privilege Escalation Techniques by Riyaz Walikar
* Metasploit basics and db usage by Arun.S

=== '''Venue''' ===
Citrix 
No. 33, Prestige Dynasty Ulsoor Road, Sivanchetti Gardens 
Yellappa Chetty Layout, Sivanchetti Gardens 
Bengaluru, Karnataka 560042 

[https://www.google.com/maps/place/Citrix+R%26D+India/@12.975391,77.617454,3157m/data=!3m1!1e3!4m5!3m4!1s0x0:0xeb06e6d4193d7cba!8m2!3d12.9753911!4d77.6174541?hl=en-US GoogleMap]

=== '''Instructions''' ===
1. Please bring a Government issued ID card (Pan, Driving license, etc) for entry into the compound. 
2. Laptops have to be declared with serial numbers at the building security. 

= '''Previous Meeting Venue and Dates''' =

{| class="wikitable"
|-
! No
! Date
! Venue
! Time
|-
| 56
| 7th May 2016
| Akamai (https://goo.gl/qqRw4b)
| 09:30 AM
|-
|-
| 55
| 16th April 2016
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 54
| 19th March 2016
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 54
| 20th Feb 2016
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 53
| 16th Jan 2016
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 52
| 12th Dec 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 51
| 21st Nov 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 50
| 17th Oct 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 49
| 27th Sept 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 48
| 29th Aug 2015
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 47
| 25th July 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 46
| 20th June 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 45
| 6th June 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 44
| 30th May 2015
| Microsoft Technology Center (http://goo.gl/69VZrL)
| 09:30 AM
|-
|-
| 43
| 16th May 2015
| Philips Innovation Campus (https://goo.gl/fAVWl9)
| 09:30 AM
|-
|-
| 42
| 25th April 2015
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 41
| 21st March 2015
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 40
| 21st February 2015
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 39
| 17th January 2015
| Sapient Consulting (http://goo.gl/hZmwyV)
| 09:30 AM
|-
|-
| 38
| 13th December 2014
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:00 AM
|-
|-
| 37
| 29th November 2014
| Triad Square Infosec (https://bit.ly/owaspmeet-xwh2014)
| 10:00 AM
|-
|-
| 36
| 22nd November 2014
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 35
| 15th November 2014
| PayPal Office (http://goo.gl/quBKaG)
| 10:00 AM
|-
|-
| 34
| 18th October 2014
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 33
| 20th September 2014
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 32
| 30th August 2014
| EMC Corporation (http://goo.gl/19Ueet)
| 09:30 AM
|-
|-
| 31
| 19th July 2014
| ThoughtWorks Office (http://goo.gl/bokSL)
| 09:30 AM
|-
|-
| 30
| 14th June 2014
| ThoughtWorks Office (http://goo.gl/bokSL)
| 09:30 AM
|-
|-
| 29
| 24th May 2014
| ThoughtWorks Office (http://goo.gl/bokSL)
| 10:00 AM
|-
|-
| 28
| 8th February 2014
| Paypal Office
| 10:00 AM
|-
| 27
| 18th January 2014
| ThoughtWorks Office (http://goo.gl/bokSL)
| 9:30 AM
|-
|-
| 26
| 14th December 2013
| ThoughtWorks Office (http://goo.gl/bokSL)
| 9:30 AM
|-
| 25
| 1st November 2012
| KPMG Office
| 7 PM
|-

|-
| 24
| 16th May 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 23
| 19th May 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 22
| 21th April 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 21
| 10th March 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 20
| 04th February 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 19
| 07th January 2012
| Kieon
| 10 AM
|-

|-
| 18
| 3rd October 2009
| Praxeva India
| 10 AM
|-
| 17
| 19th September 2009
| Praxeva India
| 10 AM
|-
| 16
| 5th September 2009
| Praxeva India
| 10 AM
|-
| 15
| 12 July 2009
| Cubbon Park
| 10.30 AM
|-
| 14
| 07 June 2009
| ICH, Church Street
| 09.00 AM
|-
| 13
| 11 April 2009
| ThoughtWorks Bangalore, ([http://www.devcamp.in/wiki/Main_Page DevCamp2])
| 10.00 AM
|-
| 12
| 07 March 2009
| Yahoo, Embassy Golf Links Business Park
| 11.00 AM
|-
| 11
| 02 February 2009
| India Coffee House, MG Road
| 9.00 AM
|-
| 10
| 11 January 2009
| India Coffee House, MG Road
| 9.00 AM
|-
| 9
| 14 December 2008
| India Coffee House, MG Road
| 9.00 AM
|-
| 8
| 16 November 2008
| India Coffee House, MG Road
| 9.00 AM
|-
| 7
| 13 September 2008
| IIM Bangalore (Part of BarCamp Bangalore-7)
| 
|-
| 6
| 09 August 2008
| Microland Office
| 3.00 PM
|-
| 5
| 12 July 2008
| RSA Office (Part of Secure Camp)
| 9.30 AM
|-
| 4
| 29 June 2008
| India Coffee House, MG Road
| 9.30AM
|-
| 3
| 28 June 2007
| (Part of Barcamp Bangalore-4)
| 
|-
| 2
| 2006
| 
| 
|-
| 1
| 2006
| 
| 
|}

= '''Meeting Summaries''' =
[[Bangalore/Archives|Summaries from Past Meetings]]

= '''Chapter Leaders'''=
== Current Chapter Leaders ==

=== KV Prashanth (2012 - Present) ===
=== Akash Mahajan (2012 - Present) ===

I am ''The Web Application Security Guy''. Apart from running a company offering application security consulting, I spend majority of my time doing volunteer work for OWASP as the Bangalore chapter leader and null - The Open Security Community as a Community Manager. I tweet about security quite regularly on twitter account [https://twitter.com/makash @makash]. Feel free to get in touch.

Twitter: [https://twitter.com/makash @makash]

=== Riyaz Walikar (2014 - Present) ===

Pentester/web security evangelist. I have been active in the security community for the better part of the last 7 years by working closely with the Bangalore OWASP chapter and null - The Open Security community.

My technical interests lie with programming, bug bounty, malware analysis, breaking web applications, playing CTFs, researching devices that fall under the Internet of Things category and penetration testing networks exposed to the Internet. When not writing/breaking code, you can find me sleeping, playing football, reading or fishing.

Blog: http://ibreak.software

Twitter: [https://www.twitter.com/riyazwalikar @riyazwalikar]

== Current Chapter volunteers ==

=== Abhinav Sejpal (2015 - Present) ===

Fell in love with the power of software at age 17, and he is still in love. He is a security researcher working at Accenture Digital. He has reported security vulnerabilities 50+ Unique product giants all over the world including Apple, Adobe , Twitter, Linkedin, Yahoo , Pinterest, VK etc. He enjoys finding and exploiting software vulnerabilities via reverse engineering, source code auditing, fuzzing. He researches primarily focused Android , iOS Mobile App and open source project like ASVS, OWASP Mobile Top 10, Mobile Security Framework etc.

Speaker @ OWASP, Null , Weekend Testing Bangalore Chapter

Blog: http://bugwrangler.in

Twitter: [https://www.twitter.com/Abhinav_Sejpal @Abhinav_Sejpal]

Github: [https://github.com/bugwrangler bugwrangler]

== Previous Chapter Leaders ==

=== Harinath (2002 - 2012) ===

<headertabs />

[[Category:India]]

Bangalore

2016-06-05T08:53:37Z

Abhinav: /* Chapter News */

__NOTOC__

[[File:Owasp-bangalore-logo.png|OWASP Bangalore Chapter]]
{{Chapter Template|chaptername=Bangalore|extra=The chapter leaders are [mailto:kvprashant@owasp.org Prashant Kv], [mailto:riyaz.walikar@owasp.org Riyaz Walikar] and [[User:Makash | Akash Mahajan]] [mailto:akash.mahajan@owasp.org (akash.mahajan@owasp.org)] |mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-bangalore|emailarchives=http://lists.owasp.org/pipermail/owasp-bangalore}}

= '''Stay Updated''' =
=== Join our low traffic mailing list for event information ===
[[File:Mail-50%25smaller.jpeg]]
[https://lists.owasp.org/mailman/listinfo/owasp-bangalore Subscribe to OWASP Bangalore Mailing list]

=== Follow @owaspbangalore for event updates on Twitter ===
[[File:Twitter-bird-cropped-onwhite-40%25smaller.png]]
'''[https://twitter.com/owaspbangalore OWASP Bangalore Twitter Account]'''

=== Short Links for sharing and easy to remember ===
* Wiki Page - '''[https://bit.ly/owaspblr https://bit.ly/owaspblr]'''
* Next OWASP Bangalore Meet '''[https://bit.ly/owaspblr-meet https://bit.ly/owaspblr-meet]'''
* OWASP Bangalore Mailing List '''[https://bit.ly/owaspblr-mailinglist http://bit.ly/owaspblr-mailinglist]'''
* OWASP Global Google Calendar '''[https://bit.ly/owaspblr-googlecal http://bit.ly/owaspblr-googlecal]'''

= '''Chapter News''' =

=== 011th June 2016 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information

=== 07th May 2016 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information

=== 15th March 2016 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information

=== 20th Dec 2015 ===
* Details of the OWASP Bangalore Christmas special meeting has been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information

=== 05th Dec 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 11th Nov 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 25th Sep 2015 ===
* September month meet is moved by a day to Sunday 27th Sept at the same venue due to the Bangalore strike.

=== 18th Sep 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 15th Aug 2015 ===
* Venue and links updated. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 14th July 2015 ===
* Venue and links updated. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 2nd July 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 12th June 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 02nd June 2015 ===
* Details of the next OWASP Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 25th May 2015 ===
* Details of the next OWASP Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 20th May 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 24th March 2015 ===
* Details of the next OWASP Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 12th March 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 01st February 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 02nd January 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 5th December 2014 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 29th November 2014 ===
* We have added @abhinav_sejpal to tweet from @owaspbangalore. Looking forward to a more vibrant twitter account!

=== 26th November 2014 ===
* Many thanks to [https://twitter.com/shruthi76 @shruthi76] for creating a logo for OWASP Bangalore

=== 17th November 2014 ===
* Details of the OWASP Banglore Workshop on XWH2014 by Riyaz Walikar have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 16th November 2014 ===
* Details of the next Combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 4th November 2014 ===
* Our special meeting details have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link]

=== 14th October 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 17th September 2014 ===
* The OWASP Testing Guide v4 was released today. Our very own [https://www.owasp.org/index.php/User:Anant_Shrivastava Anant Shrivastava] from the Bangalore chapter has contributed a chapter on Fingerprinting Web Servers. Please follow the [https://www.owasp.org/index.php/Fingerprint_Web_Server_(OTG-INFO-002) link] to read the specific section.

=== 13th September 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 28th August 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.
* Riyaz Walikar updated his profile.

=== 11th July 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 6th Jun 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 5th Jun 2014 ===
* Very excited to have [mailto:riyaz.walikar@owasp.org Riyaz Walikar] joining us the third OWASP Bangalore Chapter Lead

=== Older News ===
* null/OWASP combined meet up on 24th May 2014
* We have a new twitter account [https://twitter.com/owaspbangalore @owaspbangalore]

= '''Next Meeting''' =

== OWASP Bangalore meet - 14th May 2016 09:30 AM - 05:00 PM ==

'''Add to Google Calendar'''
[https://calendar.google.com/calendar/hosted/owasp.org/event?action=TEMPLATE&tmeid=cHJjc2hna2pzazVxNm85YzdhNDhjM2RpYmcgaGw2Y2pnczZlcDFoN29uaXFndWV1MmJoYm9AZw&tmsrc=hl6cjgs6ep1h7oniqgueu2bhbo%40group.calendar.google.com Google Calendar Link]

=== '''Sessions''' ===
* Android Security - Part 3 by jitendra kumar
* Targeted Attacks by Rahul Choudhary
* SQL Injection to shell by Krithika M. M.
* Case studies of recent network attacks by Devanshu Agarwal
* How I pwned you online by Nutan Kumar Panda
* An introduction to Single Sign On [with Demo] by Lakshmikiran
* Windows Privilege Escalation Techniques by Riyaz Walikar
* Metasploit basics and db usage by Arun.S

=== '''Venue''' ===
Citrix 
No. 33, Prestige Dynasty Ulsoor Road, Sivanchetti Gardens 
Yellappa Chetty Layout, Sivanchetti Gardens 
Bengaluru, Karnataka 560042 

[https://www.google.com/maps/place/Citrix+R%26D+India/@12.975391,77.617454,3157m/data=!3m1!1e3!4m5!3m4!1s0x0:0xeb06e6d4193d7cba!8m2!3d12.9753911!4d77.6174541?hl=en-US GoogleMap]

=== '''Instructions''' ===
1. Please bring a Government issued ID card (Pan, Driving license, etc) for entry into the compound. 
2. Laptops have to be declared with serial numbers at the building security. 

= '''Previous Meeting Venue and Dates''' =

{| class="wikitable"
|-
! No
! Date
! Venue
! Time
|-
| 55
| 16th April 2016
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 54
| 19th March 2016
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 54
| 20th Feb 2016
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 53
| 16th Jan 2016
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 52
| 12th Dec 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 51
| 21st Nov 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 50
| 17th Oct 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 49
| 27th Sept 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 48
| 29th Aug 2015
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 47
| 25th July 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 46
| 20th June 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 45
| 6th June 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 44
| 30th May 2015
| Microsoft Technology Center (http://goo.gl/69VZrL)
| 09:30 AM
|-
|-
| 43
| 16th May 2015
| Philips Innovation Campus (https://goo.gl/fAVWl9)
| 09:30 AM
|-
|-
| 42
| 25th April 2015
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 41
| 21st March 2015
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 40
| 21st February 2015
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 39
| 17th January 2015
| Sapient Consulting (http://goo.gl/hZmwyV)
| 09:30 AM
|-
|-
| 38
| 13th December 2014
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:00 AM
|-
|-
| 37
| 29th November 2014
| Triad Square Infosec (https://bit.ly/owaspmeet-xwh2014)
| 10:00 AM
|-
|-
| 36
| 22nd November 2014
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 35
| 15th November 2014
| PayPal Office (http://goo.gl/quBKaG)
| 10:00 AM
|-
|-
| 34
| 18th October 2014
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 33
| 20th September 2014
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 32
| 30th August 2014
| EMC Corporation (http://goo.gl/19Ueet)
| 09:30 AM
|-
|-
| 31
| 19th July 2014
| ThoughtWorks Office (http://goo.gl/bokSL)
| 09:30 AM
|-
|-
| 30
| 14th June 2014
| ThoughtWorks Office (http://goo.gl/bokSL)
| 09:30 AM
|-
|-
| 29
| 24th May 2014
| ThoughtWorks Office (http://goo.gl/bokSL)
| 10:00 AM
|-
|-
| 28
| 8th February 2014
| Paypal Office
| 10:00 AM
|-
| 27
| 18th January 2014
| ThoughtWorks Office (http://goo.gl/bokSL)
| 9:30 AM
|-
|-
| 26
| 14th December 2013
| ThoughtWorks Office (http://goo.gl/bokSL)
| 9:30 AM
|-
| 25
| 1st November 2012
| KPMG Office
| 7 PM
|-

|-
| 24
| 16th May 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 23
| 19th May 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 22
| 21th April 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 21
| 10th March 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 20
| 04th February 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 19
| 07th January 2012
| Kieon
| 10 AM
|-

|-
| 18
| 3rd October 2009
| Praxeva India
| 10 AM
|-
| 17
| 19th September 2009
| Praxeva India
| 10 AM
|-
| 16
| 5th September 2009
| Praxeva India
| 10 AM
|-
| 15
| 12 July 2009
| Cubbon Park
| 10.30 AM
|-
| 14
| 07 June 2009
| ICH, Church Street
| 09.00 AM
|-
| 13
| 11 April 2009
| ThoughtWorks Bangalore, ([http://www.devcamp.in/wiki/Main_Page DevCamp2])
| 10.00 AM
|-
| 12
| 07 March 2009
| Yahoo, Embassy Golf Links Business Park
| 11.00 AM
|-
| 11
| 02 February 2009
| India Coffee House, MG Road
| 9.00 AM
|-
| 10
| 11 January 2009
| India Coffee House, MG Road
| 9.00 AM
|-
| 9
| 14 December 2008
| India Coffee House, MG Road
| 9.00 AM
|-
| 8
| 16 November 2008
| India Coffee House, MG Road
| 9.00 AM
|-
| 7
| 13 September 2008
| IIM Bangalore (Part of BarCamp Bangalore-7)
| 
|-
| 6
| 09 August 2008
| Microland Office
| 3.00 PM
|-
| 5
| 12 July 2008
| RSA Office (Part of Secure Camp)
| 9.30 AM
|-
| 4
| 29 June 2008
| India Coffee House, MG Road
| 9.30AM
|-
| 3
| 28 June 2007
| (Part of Barcamp Bangalore-4)
| 
|-
| 2
| 2006
| 
| 
|-
| 1
| 2006
| 
| 
|}

= '''Meeting Summaries''' =
[[Bangalore/Archives|Summaries from Past Meetings]]

= '''Chapter Leaders'''=
== Current Chapter Leaders ==

=== KV Prashanth (2012 - Present) ===
=== Akash Mahajan (2012 - Present) ===

I am ''The Web Application Security Guy''. Apart from running a company offering application security consulting, I spend majority of my time doing volunteer work for OWASP as the Bangalore chapter leader and null - The Open Security Community as a Community Manager. I tweet about security quite regularly on twitter account [https://twitter.com/makash @makash]. Feel free to get in touch.

Twitter: [https://twitter.com/makash @makash]

=== Riyaz Walikar (2014 - Present) ===

Pentester/web security evangelist. I have been active in the security community for the better part of the last 7 years by working closely with the Bangalore OWASP chapter and null - The Open Security community.

My technical interests lie with programming, bug bounty, malware analysis, breaking web applications, playing CTFs, researching devices that fall under the Internet of Things category and penetration testing networks exposed to the Internet. When not writing/breaking code, you can find me sleeping, playing football, reading or fishing.

Blog: http://ibreak.software

Twitter: [https://www.twitter.com/riyazwalikar @riyazwalikar]

== Current Chapter volunteers ==

=== Abhinav Sejpal (2015 - Present) ===

Fell in love with the power of software at age 17, and he is still in love. He is a security researcher working at Accenture Digital. He has reported security vulnerabilities 50+ Unique product giants all over the world including Apple, Adobe , Twitter, Linkedin, Yahoo , Pinterest, VK etc. He enjoys finding and exploiting software vulnerabilities via reverse engineering, source code auditing, fuzzing. He researches primarily focused Android , iOS Mobile App and open source project like ASVS, OWASP Mobile Top 10, Mobile Security Framework etc.

Speaker @ OWASP, Null , Weekend Testing Bangalore Chapter

Blog: http://bugwrangler.in

Twitter: [https://www.twitter.com/Abhinav_Sejpal @Abhinav_Sejpal]

Github: [https://github.com/bugwrangler bugwrangler]

== Previous Chapter Leaders ==

=== Harinath (2002 - 2012) ===

<headertabs />

[[Category:India]]

Bangalore

2016-06-05T08:50:38Z

Abhinav: /* Next Meeting */

__NOTOC__

[[File:Owasp-bangalore-logo.png|OWASP Bangalore Chapter]]
{{Chapter Template|chaptername=Bangalore|extra=The chapter leaders are [mailto:kvprashant@owasp.org Prashant Kv], [mailto:riyaz.walikar@owasp.org Riyaz Walikar] and [[User:Makash | Akash Mahajan]] [mailto:akash.mahajan@owasp.org (akash.mahajan@owasp.org)] |mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-bangalore|emailarchives=http://lists.owasp.org/pipermail/owasp-bangalore}}

= '''Stay Updated''' =
=== Join our low traffic mailing list for event information ===
[[File:Mail-50%25smaller.jpeg]]
[https://lists.owasp.org/mailman/listinfo/owasp-bangalore Subscribe to OWASP Bangalore Mailing list]

=== Follow @owaspbangalore for event updates on Twitter ===
[[File:Twitter-bird-cropped-onwhite-40%25smaller.png]]
'''[https://twitter.com/owaspbangalore OWASP Bangalore Twitter Account]'''

=== Short Links for sharing and easy to remember ===
* Wiki Page - '''[https://bit.ly/owaspblr https://bit.ly/owaspblr]'''
* Next OWASP Bangalore Meet '''[https://bit.ly/owaspblr-meet https://bit.ly/owaspblr-meet]'''
* OWASP Bangalore Mailing List '''[https://bit.ly/owaspblr-mailinglist http://bit.ly/owaspblr-mailinglist]'''
* OWASP Global Google Calendar '''[https://bit.ly/owaspblr-googlecal http://bit.ly/owaspblr-googlecal]'''

= '''Chapter News''' =

=== 07th May 2016 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information

=== 15th March 2016 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information

=== 20th Dec 2015 ===
* Details of the OWASP Bangalore Christmas special meeting has been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information

=== 05th Dec 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 11th Nov 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 25th Sep 2015 ===
* September month meet is moved by a day to Sunday 27th Sept at the same venue due to the Bangalore strike.

=== 18th Sep 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 15th Aug 2015 ===
* Venue and links updated. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 14th July 2015 ===
* Venue and links updated. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 2nd July 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 12th June 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 02nd June 2015 ===
* Details of the next OWASP Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 25th May 2015 ===
* Details of the next OWASP Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 20th May 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 24th March 2015 ===
* Details of the next OWASP Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 12th March 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 01st February 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 02nd January 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 5th December 2014 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 29th November 2014 ===
* We have added @abhinav_sejpal to tweet from @owaspbangalore. Looking forward to a more vibrant twitter account!

=== 26th November 2014 ===
* Many thanks to [https://twitter.com/shruthi76 @shruthi76] for creating a logo for OWASP Bangalore

=== 17th November 2014 ===
* Details of the OWASP Banglore Workshop on XWH2014 by Riyaz Walikar have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 16th November 2014 ===
* Details of the next Combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 4th November 2014 ===
* Our special meeting details have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link]

=== 14th October 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 17th September 2014 ===
* The OWASP Testing Guide v4 was released today. Our very own [https://www.owasp.org/index.php/User:Anant_Shrivastava Anant Shrivastava] from the Bangalore chapter has contributed a chapter on Fingerprinting Web Servers. Please follow the [https://www.owasp.org/index.php/Fingerprint_Web_Server_(OTG-INFO-002) link] to read the specific section.

=== 13th September 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 28th August 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.
* Riyaz Walikar updated his profile.

=== 11th July 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 6th Jun 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 5th Jun 2014 ===
* Very excited to have [mailto:riyaz.walikar@owasp.org Riyaz Walikar] joining us the third OWASP Bangalore Chapter Lead

=== Older News ===
* null/OWASP combined meet up on 24th May 2014
* We have a new twitter account [https://twitter.com/owaspbangalore @owaspbangalore]

== OWASP Bangalore meet - 19th March 2016 09:30 AM - 02:00 PM ==

'''Add to Google Calendar'''
[https://calendar.google.com/calendar/hosted/owasp.org/event?action=TEMPLATE&tmeid=NHMyOWw2cWVhYXA2aWc0Nm1maWl0YjZtZDAgaGw2Y2pnczZlcDFoN29uaXFndWV1MmJoYm9AZw&tmsrc=hl6cjgs6ep1h7oniqgueu2bhbo%40group.calendar.google.com Google Calendar Link]

=== '''Sessions''' ===
* Beginners: Netcat: Swiss Army Knife by Chandrapal
* iOS Security : Part2 by Anto joseph
* Snort by Shubhra Verma
* G4H : Browser Exploitation by AMol NAik
* An introduction to XXE attacks - OWASP Bangalore Session by Samit Anwer

=== '''Venue''' ===
Citrix 
No. 33, Prestige Dynasty Ulsoor Road, Sivanchetti Gardens 
Yellappa Chetty Layout, Sivanchetti Gardens 
Bengaluru, Karnataka 560042 

=== '''Instructions''' ===
1. Please bring a Government issued ID card (Pan, Driving license, etc) for entry into the compound. 
2. Laptops have to be declared with serial numbers at the building security. 

= '''Next Meeting''' =

== OWASP Bangalore meet - 14th May 2016 09:30 AM - 05:00 PM ==

'''Add to Google Calendar'''
[https://calendar.google.com/calendar/hosted/owasp.org/event?action=TEMPLATE&tmeid=cHJjc2hna2pzazVxNm85YzdhNDhjM2RpYmcgaGw2Y2pnczZlcDFoN29uaXFndWV1MmJoYm9AZw&tmsrc=hl6cjgs6ep1h7oniqgueu2bhbo%40group.calendar.google.com Google Calendar Link]

=== '''Sessions''' ===
* Android Security - Part 3 by jitendra kumar
* Targeted Attacks by Rahul Choudhary
* SQL Injection to shell by Krithika M. M.
* Case studies of recent network attacks by Devanshu Agarwal
* How I pwned you online by Nutan Kumar Panda
* An introduction to Single Sign On [with Demo] by Lakshmikiran
* Windows Privilege Escalation Techniques by Riyaz Walikar
* Metasploit basics and db usage by Arun.S

=== '''Venue''' ===
Citrix 
No. 33, Prestige Dynasty Ulsoor Road, Sivanchetti Gardens 
Yellappa Chetty Layout, Sivanchetti Gardens 
Bengaluru, Karnataka 560042 

[https://www.google.com/maps/place/Citrix+R%26D+India/@12.975391,77.617454,3157m/data=!3m1!1e3!4m5!3m4!1s0x0:0xeb06e6d4193d7cba!8m2!3d12.9753911!4d77.6174541?hl=en-US GoogleMap]

=== '''Instructions''' ===
1. Please bring a Government issued ID card (Pan, Driving license, etc) for entry into the compound. 
2. Laptops have to be declared with serial numbers at the building security. 

= '''Previous Meeting Venue and Dates''' =

{| class="wikitable"
|-
! No
! Date
! Venue
! Time
|-
| 55
| 16th April 2016
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 54
| 19th March 2016
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 54
| 20th Feb 2016
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 53
| 16th Jan 2016
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 52
| 12th Dec 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 51
| 21st Nov 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 50
| 17th Oct 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 49
| 27th Sept 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 48
| 29th Aug 2015
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 47
| 25th July 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 46
| 20th June 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 45
| 6th June 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 44
| 30th May 2015
| Microsoft Technology Center (http://goo.gl/69VZrL)
| 09:30 AM
|-
|-
| 43
| 16th May 2015
| Philips Innovation Campus (https://goo.gl/fAVWl9)
| 09:30 AM
|-
|-
| 42
| 25th April 2015
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 41
| 21st March 2015
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 40
| 21st February 2015
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 39
| 17th January 2015
| Sapient Consulting (http://goo.gl/hZmwyV)
| 09:30 AM
|-
|-
| 38
| 13th December 2014
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:00 AM
|-
|-
| 37
| 29th November 2014
| Triad Square Infosec (https://bit.ly/owaspmeet-xwh2014)
| 10:00 AM
|-
|-
| 36
| 22nd November 2014
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 35
| 15th November 2014
| PayPal Office (http://goo.gl/quBKaG)
| 10:00 AM
|-
|-
| 34
| 18th October 2014
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 33
| 20th September 2014
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 32
| 30th August 2014
| EMC Corporation (http://goo.gl/19Ueet)
| 09:30 AM
|-
|-
| 31
| 19th July 2014
| ThoughtWorks Office (http://goo.gl/bokSL)
| 09:30 AM
|-
|-
| 30
| 14th June 2014
| ThoughtWorks Office (http://goo.gl/bokSL)
| 09:30 AM
|-
|-
| 29
| 24th May 2014
| ThoughtWorks Office (http://goo.gl/bokSL)
| 10:00 AM
|-
|-
| 28
| 8th February 2014
| Paypal Office
| 10:00 AM
|-
| 27
| 18th January 2014
| ThoughtWorks Office (http://goo.gl/bokSL)
| 9:30 AM
|-
|-
| 26
| 14th December 2013
| ThoughtWorks Office (http://goo.gl/bokSL)
| 9:30 AM
|-
| 25
| 1st November 2012
| KPMG Office
| 7 PM
|-

|-
| 24
| 16th May 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 23
| 19th May 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 22
| 21th April 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 21
| 10th March 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 20
| 04th February 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 19
| 07th January 2012
| Kieon
| 10 AM
|-

|-
| 18
| 3rd October 2009
| Praxeva India
| 10 AM
|-
| 17
| 19th September 2009
| Praxeva India
| 10 AM
|-
| 16
| 5th September 2009
| Praxeva India
| 10 AM
|-
| 15
| 12 July 2009
| Cubbon Park
| 10.30 AM
|-
| 14
| 07 June 2009
| ICH, Church Street
| 09.00 AM
|-
| 13
| 11 April 2009
| ThoughtWorks Bangalore, ([http://www.devcamp.in/wiki/Main_Page DevCamp2])
| 10.00 AM
|-
| 12
| 07 March 2009
| Yahoo, Embassy Golf Links Business Park
| 11.00 AM
|-
| 11
| 02 February 2009
| India Coffee House, MG Road
| 9.00 AM
|-
| 10
| 11 January 2009
| India Coffee House, MG Road
| 9.00 AM
|-
| 9
| 14 December 2008
| India Coffee House, MG Road
| 9.00 AM
|-
| 8
| 16 November 2008
| India Coffee House, MG Road
| 9.00 AM
|-
| 7
| 13 September 2008
| IIM Bangalore (Part of BarCamp Bangalore-7)
| 
|-
| 6
| 09 August 2008
| Microland Office
| 3.00 PM
|-
| 5
| 12 July 2008
| RSA Office (Part of Secure Camp)
| 9.30 AM
|-
| 4
| 29 June 2008
| India Coffee House, MG Road
| 9.30AM
|-
| 3
| 28 June 2007
| (Part of Barcamp Bangalore-4)
| 
|-
| 2
| 2006
| 
| 
|-
| 1
| 2006
| 
| 
|}

= '''Meeting Summaries''' =
[[Bangalore/Archives|Summaries from Past Meetings]]

= '''Chapter Leaders'''=
== Current Chapter Leaders ==

=== KV Prashanth (2012 - Present) ===
=== Akash Mahajan (2012 - Present) ===

I am ''The Web Application Security Guy''. Apart from running a company offering application security consulting, I spend majority of my time doing volunteer work for OWASP as the Bangalore chapter leader and null - The Open Security Community as a Community Manager. I tweet about security quite regularly on twitter account [https://twitter.com/makash @makash]. Feel free to get in touch.

Twitter: [https://twitter.com/makash @makash]

=== Riyaz Walikar (2014 - Present) ===

Pentester/web security evangelist. I have been active in the security community for the better part of the last 7 years by working closely with the Bangalore OWASP chapter and null - The Open Security community.

My technical interests lie with programming, bug bounty, malware analysis, breaking web applications, playing CTFs, researching devices that fall under the Internet of Things category and penetration testing networks exposed to the Internet. When not writing/breaking code, you can find me sleeping, playing football, reading or fishing.

Blog: http://ibreak.software

Twitter: [https://www.twitter.com/riyazwalikar @riyazwalikar]

== Current Chapter volunteers ==

=== Abhinav Sejpal (2015 - Present) ===

Fell in love with the power of software at age 17, and he is still in love. He is a security researcher working at Accenture Digital. He has reported security vulnerabilities 50+ Unique product giants all over the world including Apple, Adobe , Twitter, Linkedin, Yahoo , Pinterest, VK etc. He enjoys finding and exploiting software vulnerabilities via reverse engineering, source code auditing, fuzzing. He researches primarily focused Android , iOS Mobile App and open source project like ASVS, OWASP Mobile Top 10, Mobile Security Framework etc.

Speaker @ OWASP, Null , Weekend Testing Bangalore Chapter

Blog: http://bugwrangler.in

Twitter: [https://www.twitter.com/Abhinav_Sejpal @Abhinav_Sejpal]

Github: [https://github.com/bugwrangler bugwrangler]

== Previous Chapter Leaders ==

=== Harinath (2002 - 2012) ===

<headertabs />

[[Category:India]]

Mobile Top 10 2014-M2

2016-03-31T06:14:32Z

Abhinav:

<center>[https://www.owasp.org/index.php/Projects/OWASP_Mobile_Security_Project_-_Top_Ten_Mobile_Risks Back To The Mobile Top Ten Main Page]</center>
{{Top_10_2010:SubsectionColoredTemplate|<center>Insecure Data Storage</center>||year=2014}}
{{Top_10_2010:SummaryTableHeaderBeginTemplate}}
{{Top_10_2010:SummaryTableValue-1-Template|Exploitability|EASY}}
{{Top_10_2010:SummaryTableValue-2-Template|Prevalence|COMMON}}
{{Top_10_2010:SummaryTableValue-2-Template|Detectability|EASY}}
{{Top_10_2010:SummaryTableValue-1-Template|Impact|SEVERE}}
{{Top_10_2010:SummaryTableHeaderEndTemplate}}
<td {{Template:Top 10 2010:SummaryTableRowStyleTemplate}}>Threats agents include the following: an adversary that has attained a lost/stolen mobile device; malware or a other repackaged app acting on the adversary's behalf that executes on the mobile device.</td>
<td {{Template:Top 10 2010:SummaryTableRowStyleTemplate}}>In the event that an adversary physically attains the mobile device, the adversary hooks up the mobile device to a computer with freely available software. These tools allow the adversary to see all third party application directories that often contain stored personally identifiable information (PII) or other sensitive information assets. An adversary may construct malware or modify a legitimate app to steal such information assets.</td>
<td colspan=2 {{Template:Top 10 2010:SummaryTableRowStyleTemplate}}>Insecure data storage vulnerabilities occur when development teams assume that users or malware will not have access to a mobile device's filesystem and subsequent sensitive information in data-stores on the device. Filesystems are easily accessible. Organizations should expect a malicious user or malware to inspect sensitive data stores.

Rooting or jailbreaking a mobile device circumvents any encryption protections. When data is not protected properly, specialized tools are all that is needed to view application data.</td>
<td {{Template:Top 10 2010:SummaryTableRowStyleTemplate}}>Insecure data storage can result in data loss, in the best case, for one user. In the worst case, for many users. Common valuable pieces of data seen stored include:
* Usernames
* Authentication tokens
* Passwords
* Cookies
* Location data
* UDID/EMEI, Device Name, Network Connection Name
* Personal Information: DoB, Address, Social, Credit Card Data
* Application Data:
** Stored application logs e.g For an android Apps ADB logcat
** Debug information
** Cached application messages
** Transaction histories</td>
<td {{Template:Top 10 2010:SummaryTableRowStyleTemplate}}>Insecure data storage vulnerabilities typically lead to the following business risks for the organization that owns the risk app:
* Identity Theft
* Fraud
* Reputation Damage
* External Policy Violation (PCI)
* or Material Loss.</td>
{{Top_10_2010:SummaryTableEndTemplate}}

{{Mobile_Top_10_2012:SubsectionAdvancedTemplate|type={{Mobile_Top_10_2012:StyleTemplate}}|number=1|risk=1}}
It is important to threat-model your mobile app to understand the information assets it processes and how the underlying APIs handle those assets. These APIs should store sensitive information securely. Places OWASP most often sees data being stored insecurely include the following:

* SQLite databases
* Log Files
* Plist Files
* XML Data Stores or Manifest Files
* Binary data stores
* Cookie stores
* SD Card
* Cloud synced

When applying encryption and decryption to sensitive information assets, malware may perform a binary attack on the app in order to steal encryption or decryption keys. Once it steals the keys, it will decrypt the local data and steal sensitive information. See OWASP Mobile Top Ten 2014 Category M10 for more information on this topic.

{{Mobile_Top_10_2012:SubsectionAdvancedTemplate|type={{Mobile_Top_10_2012:StyleTemplate}}|number=2|risk=1}}
The cardinal rule of mobile apps is to not store data unless absolutely necessary. As a developer you have to assume that the data is forfeited as soon as it touches the phone. You also have to consider the implications of losing mobile users' data to a silent jailbreak or root exploit. If the usability versus security trade-off is too much for you, OWASP recommends scrutinizing your platforms data security APIs and making sure you’re calling them appropriately. The lesson here is to know what data is being stored and protect it appropriately.

'''iOS Specific Best Practices:'''
* Never store credentials on the phone file system. Force the user to authenticate using a standard web or API login scheme (over HTTPS) to the application upon each opening and ensure session timeouts are set at the bare minimum to meet the user experience requirements.
* Where storage or caching of information is necessary consider using a standard iOS encryption library such as CommonCrypto. However, for particularly sensitive apps, consider using whitebox cryptography solutions that avoid the leakage of binary signatures found within common encryption libraries.
* If the data is small, using the provided apple keychain API is recommended but, once a phone is jailbroken or exploited the keychain can be easily read. This is in addition to the threat of a bruteforce on the devices PIN, which as stated above is trivial in some cases.
* For databases consider using SQLcipher for Sqlite data encryption
* For items stored in the keychain leverage the most secure API designation, kSecAttrAccessibleWhenUnlocked (now the default in iOS 5) and for enterprise managed mobile devices ensure a strong PIN is forced, alphanumeric, larger than 4 characters.
* For larger or more general types of consumer-grade data, Apple’s File Protection mechanism can safely be used (see NSData Class Reference for protection options).
* Avoid using NSUserDefaults to store sensitive pieces of information as it stores data in plist files.
* Be aware that all data/entities using NSManagedObects will be stored in an unencrypted database file.
* Avoid exclusively relying upon hardcoded encryption or decryption keys when storing sensitive information assets.
* Consider providing an additional layer of encryption beyond any default encryption mechanisms provided by the operating system.

'''Android Specific Best Practices:'''
* For local storage the enterprise android device administration API can be used to force encryption to local file-stores using “setStorageEncryption”
* For SD Card Storage some security can be achieved via the ‘javax.crypto’ library. You have a few options, but an easy one is simply to encrypt any plain text data with a master password and AES 128.
* Ensure any shared preferences properties are '''NOT''' MODE_WORLD_READABLE unless explicitly required for information sharing between apps.
* Avoid exclusively relying upon hardcoded encryption or decryption keys when storing sensitive information assets.
* Consider providing an additional layer of encryption beyond any default encryption mechanisms provided by the operating system.

{{Mobile_Top_10_2012:SubsectionAdvancedTemplate|type={{Mobile_Top_10_2012:StyleTemplate}}|number=3|risk=1}}

'''A Visual Example:'''

iGoat is a purposefully vulnerable mobile app for the security community to explore these types of vulnerabilities first hand. In the exercise below, we enter our credentials and log in to the fake bank app. Then, we navigate to the file system. Within the applications directory, we can see a database called “credentials.sqlite”. Exploring this database reveals that the application is storing our username and credentials (Jason:pleasedontstoremebro!) in plain text.

[[Image:Screen%20Shot%202012-12-19%20at%206.34.23%20AM.png]]
[[Image:Screen%20Shot%202012-12-19%20at%206.44.51%20AM.png]]
[[Image:Screen%20Shot%202012-12-19%20at%2010.11.15%20AM.png]]
{{Mobile_Top_10_2012:SubsectionAdvancedTemplate|type={{Mobile_Top_10_2012:StyleTemplate}}|number=4|risk=1}}
* [https://www.owasp.org/index.php/IOS_Developer_Cheat_Sheet OWASP ][https://www.owasp.org/index.php/IOS_Developer_Cheat_Sheet IOS Developer Cheat Sheet]
* [http://source.android.com/tech/security/ Google Androids Developer Security Topics 1]
* [http://developer.android.com/training/articles/security-tips.html Google Androids Developer Security Topics 2]
* [https://developer.apple.com/library/mac/ Apple's Introduction to Secure Coding]
* [http://h30499.www3.hp.com/t5/Application-Security-Fortify-on/Exploring-The-OWASP-Mobile-Top-10-M1-Insecure-Data-Storage/ba-p/5904609 Fortify On Demand Blog - Exploring The OWASP Mobile Top 10: Insecure Data Storage]

Bangalore

2015-12-24T04:43:43Z

Abhinav: /* Registration */

__NOTOC__

[[File:Owasp-bangalore-logo.png|OWASP Bangalore Chapter]]
{{Chapter Template|chaptername=Bangalore|extra=The chapter leaders are [mailto:kvprashant@owasp.org Prashant Kv], [mailto:riyaz.walikar@owasp.org Riyaz Walikar] and [[User:Makash | Akash Mahajan]] [mailto:akash.mahajan@owasp.org (akash.mahajan AT OWASP DOT org)] |mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-bangalore|emailarchives=http://lists.owasp.org/pipermail/owasp-bangalore}}

= '''Stay Updated''' =
=== Join our low traffic mailing list for event information ===
[[File:Mail-50%25smaller.jpeg]]
[https://lists.owasp.org/mailman/listinfo/owasp-bangalore Subscribe to OWASP Bangalore Mailing list]

=== Follow @owaspbangalore for event updates on Twitter ===
[[File:Twitter-bird-cropped-onwhite-40%25smaller.png]]
'''[https://twitter.com/owaspbangalore OWASP Bangalore Twitter Account]'''

=== Short Links for sharing and easy to remember ===
* Wiki Page - '''[https://bit.ly/owaspblr https://bit.ly/owaspblr]'''
* Next OWASP Bangalore Meet '''[https://bit.ly/owaspblr-meet https://bit.ly/owaspblr-meet]'''
* OWASP Bangalore Mailing List '''[https://bit.ly/owaspblr-mailinglist http://bit.ly/owaspblr-mailinglist]'''
* OWASP Global Google Calendar '''[https://bit.ly/owaspblr-googlecal http://bit.ly/owaspblr-googlecal]'''

= '''Chapter News''' =

=== 20th Dec 2015 ===
* Details of the OWASP Bangalore Christmas special meeting has been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information

=== 05th Dec 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 11th Nov 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 25th Sep 2015 ===
* September month meet is moved by a day to Sunday 27th Sept at the same venue due to the Bangalore strike.

=== 18th Sep 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 15th Aug 2015 ===
* Venue and links updated. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 14th July 2015 ===
* Venue and links updated. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 2nd July 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 12th June 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 02nd June 2015 ===
* Details of the next OWASP Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 25th May 2015 ===
* Details of the next OWASP Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 20th May 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 24th March 2015 ===
* Details of the next OWASP Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 12th March 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 01st February 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 02nd January 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 5th December 2014 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 29th November 2014 ===
* We have added @abhinav_sejpal to tweet from @owaspbangalore. Looking forward to a more vibrant twitter account!

=== 26th November 2014 ===
* Many thanks to [https://twitter.com/shruthi76 @shruthi76] for creating a logo for OWASP Bangalore

=== 17th November 2014 ===
* Details of the OWASP Banglore Workshop on XWH2014 by Riyaz Walikar have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 16th November 2014 ===
* Details of the next Combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 4th November 2014 ===
* Our special meeting details have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link]

=== 14th October 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 17th September 2014 ===
* The OWASP Testing Guide v4 was released today. Our very own [https://www.owasp.org/index.php/User:Anant_Shrivastava Anant Shrivastava] from the Bangalore chapter has contributed a chapter on Fingerprinting Web Servers. Please follow the [https://www.owasp.org/index.php/Fingerprint_Web_Server_(OTG-INFO-002) link] to read the specific section.

=== 13th September 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 28th August 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.
* Riyaz Walikar updated his profile.

=== 11th July 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 6th Jun 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 5th Jun 2014 ===
* Very excited to have [mailto:riyaz.walikar@owasp.org Riyaz Walikar] joining us the third OWASP Bangalore Chapter Lead

=== Older News ===
* null/OWASP combined meet up on 24th May 2014
* We have a new twitter account [https://twitter.com/owaspbangalore @owaspbangalore]

= '''Next Meeting''' =
== OWASP Christmas Special Bangalore meet - 25th December 09:45 AM - 02:00 PM ==
Please note that although this is a free session, registration is mandatory. You will be allowed to attend after your name is confirmed in the registration list.

'''Registrations will close on Thursday 24th December 02:00 PM'''
=== '''Registration''' ===

[['''Dears - The event has been cancelled due to due to unavoidable circumstance''']]

Please register using the following link: 
[https://docs.google.com/forms/d/1oLjqmUtXAUI2bQad9_1QKbDMDgHP3TiWXoPDM1ieCK4/viewform Click here to register]

'''Add to Google Calendar'''
[https://calendar.google.com/calendar/hosted/owasp.org/event?action=TEMPLATE&tmeid=Z21mMjE1dGxnMGVob3RoMzNzOWljYmRrNDAgaGw2Y2pnczZlcDFoN29uaXFndWV1MmJoYm9AZw&tmsrc=hl6cjgs6ep1h7oniqgueu2bhbo%40group.calendar.google.com Google Calendar Link]

=== '''Sessions''' ===
* 09:45 AM - 10:00 AM: Introductions
* 10:00 AM - 11:45 AM: Xtreme Web Hacking c0c0n2015 CTF Style by Akash Mahajan & Riyaz Walikar
* 11:45 AM - 12:00 PM: Break
* 12:00 PM - 01:15 PM: Xtreme Web Hacking c0c0n2015 CTF Style contd.
* 01:15 PM - 01:20 PM: Break
* 01:20 PM - 01:50 PM: Questions & Answers in Application Security & Pentesting by Akash Mahajan & Riyaz Walikar
* 01:50 PM - 02:00 PM: Feedback & Closing

=== '''Venue''' ===
TBD

= '''Previous Meeting Venue and Dates''' =

{| class="wikitable"
|-
! No
! Date
! Venue
! Time
|-
| 52
| 12th Dec 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 51
| 21st Nov 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 50
| 17th Oct 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 49
| 27th Sept 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 48
| 29th Aug 2015
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 47
| 25th July 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 46
| 20th June 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 45
| 6th June 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 44
| 30th May 2015
| Microsoft Technology Center (http://goo.gl/69VZrL)
| 09:30 AM
|-
|-
| 43
| 16th May 2015
| Philips Innovation Campus (https://goo.gl/fAVWl9)
| 09:30 AM
|-
|-
| 42
| 25th April 2015
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 41
| 21st March 2015
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 40
| 21st February 2015
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 39
| 17th January 2015
| Sapient Consulting (http://goo.gl/hZmwyV)
| 09:30 AM
|-
|-
| 38
| 13th December 2014
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:00 AM
|-
|-
| 37
| 29th November 2014
| Triad Square Infosec (https://bit.ly/owaspmeet-xwh2014)
| 10:00 AM
|-
|-
| 36
| 22nd November 2014
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 35
| 15th November 2014
| PayPal Office (http://goo.gl/quBKaG)
| 10:00 AM
|-
|-
| 34
| 18th October 2014
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 33
| 20th September 2014
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 32
| 30th August 2014
| EMC Corporation (http://goo.gl/19Ueet)
| 09:30 AM
|-
|-
| 31
| 19th July 2014
| ThoughtWorks Office (http://goo.gl/bokSL)
| 09:30 AM
|-
|-
| 30
| 14th June 2014
| ThoughtWorks Office (http://goo.gl/bokSL)
| 09:30 AM
|-
|-
| 29
| 24th May 2014
| ThoughtWorks Office (http://goo.gl/bokSL)
| 10:00 AM
|-
|-
| 28
| 8th February 2014
| Paypal Office
| 10:00 AM
|-
| 27
| 18th January 2014
| ThoughtWorks Office (http://goo.gl/bokSL)
| 9:30 AM
|-
|-
| 26
| 14th December 2013
| ThoughtWorks Office (http://goo.gl/bokSL)
| 9:30 AM
|-
| 25
| 1st November 2012
| KPMG Office
| 7 PM
|-

|-
| 24
| 16th May 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 23
| 19th May 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 22
| 21th April 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 21
| 10th March 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 20
| 04th February 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 19
| 07th January 2012
| Kieon
| 10 AM
|-

|-
| 18
| 3rd October 2009
| Praxeva India
| 10 AM
|-
| 17
| 19th September 2009
| Praxeva India
| 10 AM
|-
| 16
| 5th September 2009
| Praxeva India
| 10 AM
|-
| 15
| 12 July 2009
| Cubbon Park
| 10.30 AM
|-
| 14
| 07 June 2009
| ICH, Church Street
| 09.00 AM
|-
| 13
| 11 April 2009
| ThoughtWorks Bangalore, ([http://www.devcamp.in/wiki/Main_Page DevCamp2])
| 10.00 AM
|-
| 12
| 07 March 2009
| Yahoo, Embassy Golf Links Business Park
| 11.00 AM
|-
| 11
| 02 February 2009
| India Coffee House, MG Road
| 9.00 AM
|-
| 10
| 11 January 2009
| India Coffee House, MG Road
| 9.00 AM
|-
| 9
| 14 December 2008
| India Coffee House, MG Road
| 9.00 AM
|-
| 8
| 16 November 2008
| India Coffee House, MG Road
| 9.00 AM
|-
| 7
| 13 September 2008
| IIM Bangalore (Part of BarCamp Bangalore-7)
| 
|-
| 6
| 09 August 2008
| Microland Office
| 3.00 PM
|-
| 5
| 12 July 2008
| RSA Office (Part of Secure Camp)
| 9.30 AM
|-
| 4
| 29 June 2008
| India Coffee House, MG Road
| 9.30AM
|-
| 3
| 28 June 2007
| (Part of Barcamp Bangalore-4)
| 
|-
| 2
| 2006
| 
| 
|-
| 1
| 2006
| 
| 
|}

= '''Meeting Summaries''' =
[[Bangalore/Archives|Summaries from Past Meetings]]

= '''Chapter Leaders'''=
== Current Chapter Leaders ==

=== KV Prashanth (2012 - Present) ===
=== Akash Mahajan (2012 - Present) ===

I am ''The Web Application Security Guy''. Apart from running a company offering application security consulting, I spend majority of my time doing volunteer work for OWASP as the Bangalore chapter leader and null - The Open Security Community as a Community Manager. I tweet about security quite regularly on twitter account [https://twitter.com/makash @makash]. Feel free to get in touch.

Twitter: [https://twitter.com/makash @makash]

=== Riyaz Walikar (2014 - Present) ===

For food and shelter, I work as a pentester/web security tester+evangelist at a Big4. I have been active in the security community for the better part of the last 7 years by working closely with the Bangalore OWASP chapter and null - The Open Security community.

My technical interests lie with programming, bug bounty, malware analysis, breaking web applications, playing CTFs, researching devices that fall under the Internet of Things category and penetration testing networks exposed to the Internet. When not writing/breaking code, you can find me sleeping, playing football, reading or fishing.

Blog: http://www.riyazwalikar.com

Twitter: [https://www.twitter.com/riyazwalikar @riyazwalikar]

== Current Chapter volunteers ==

=== Abhinav Sejpal (2015 - Present) ===

Fell in love with the power of software at age 17, and he is still in love. He is a security researcher working at Accenture Digital. He has reported security vulnerabilities 50+ Unique product giants all over the world including Apple, Adobe , Twitter, Linkedin, Yahoo , Pinterest, VK etc. He enjoys finding and exploiting software vulnerabilities via reverse engineering, source code auditing, fuzzing. He researches primarily focused Android , iOS Mobile App and open source project like ASVS, OWASP Mobile Top 10, Mobile Security Framework etc.

Speaker @ OWASP, Null , Weekend Testing Bangalore Chapter

Blog: http://bugwrangler.in

Twitter: [https://www.twitter.com/Abhinav_Sejpal @Abhinav_Sejpal]

Github: [https://github.com/bugwrangler bugwrangler]

=== Satish Govindappa (2015 - Present) ===

14+ years of significant, progressive expertise in security architecture practices, secure coding practices, secure code review, web application pen-testing,security testing tools and secure software development training.
Build and facilitate company-wide security architecture practice and secure software development programs

== Previous Chapter Leaders ==

=== Harinath (2002 - 2012) ===

<headertabs />

[[Category:India]]

Bangalore

2015-12-05T15:20:41Z

Abhinav: /* Chapter News */

__NOTOC__

[[File:Owasp-bangalore-logo.png|OWASP Bangalore Chapter]]
{{Chapter Template|chaptername=Bangalore|extra=The chapter leaders are [mailto:kvprashant@owasp.org Prashant Kv], [mailto:riyaz.walikar@owasp.org Riyaz Walikar] and [[User:Makash | Akash Mahajan]] [mailto:akash.mahajan@owasp.org (akash.mahajan AT OWASP DOT org)] |mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-bangalore|emailarchives=http://lists.owasp.org/pipermail/owasp-bangalore}}

= '''Stay Updated''' =
=== Join our low traffic mailing list for event information ===
[[File:Mail-50%25smaller.jpeg]]
[https://lists.owasp.org/mailman/listinfo/owasp-bangalore Subscribe to OWASP Bangalore Mailing list]

=== Follow @owaspbangalore for event updates on Twitter ===
[[File:Twitter-bird-cropped-onwhite-40%25smaller.png]]
'''[https://twitter.com/owaspbangalore OWASP Bangalore Twitter Account]'''

=== Short Links for sharing and easy to remember ===
* Wiki Page - '''[https://bit.ly/owaspblr https://bit.ly/owaspblr]'''
* Next OWASP Bangalore Meet '''[https://bit.ly/owaspblr-meet https://bit.ly/owaspblr-meet]'''
* OWASP Bangalore Mailing List '''[https://bit.ly/owaspblr-mailinglist http://bit.ly/owaspblr-mailinglist]'''
* OWASP Global Google Calendar '''[https://bit.ly/owaspblr-googlecal http://bit.ly/owaspblr-googlecal]'''

= '''Chapter News''' =

=== 05th Dec 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 11th Nov 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 25th Sep 2015 ===
* September month meet is moved by a day to Sunday 27th Sept at the same venue due to the Bangalore strike.

=== 18th Sep 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 15th Aug 2015 ===
* Venue and links updated. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 14th July 2015 ===
* Venue and links updated. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 2nd July 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 12th June 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 02nd June 2015 ===
* Details of the next OWASP Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 25th May 2015 ===
* Details of the next OWASP Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 20th May 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 24th March 2015 ===
* Details of the next OWASP Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 12th March 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 01st February 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 02nd January 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 5th December 2014 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 29th November 2014 ===
* We have added @abhinav_sejpal to tweet from @owaspbangalore. Looking forward to a more vibrant twitter account!

=== 26th November 2014 ===
* Many thanks to [https://twitter.com/shruthi76 @shruthi76] for creating a logo for OWASP Bangalore

=== 17th November 2014 ===
* Details of the OWASP Banglore Workshop on XWH2014 by Riyaz Walikar have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 16th November 2014 ===
* Details of the next Combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 4th November 2014 ===
* Our special meeting details have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link]

=== 14th October 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 17th September 2014 ===
* The OWASP Testing Guide v4 was released today. Our very own [https://www.owasp.org/index.php/User:Anant_Shrivastava Anant Shrivastava] from the Bangalore chapter has contributed a chapter on Fingerprinting Web Servers. Please follow the [https://www.owasp.org/index.php/Fingerprint_Web_Server_(OTG-INFO-002) link] to read the specific section.

=== 13th September 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 28th August 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.
* Riyaz Walikar updated his profile.

=== 11th July 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 6th Jun 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 5th Jun 2014 ===
* Very excited to have [mailto:riyaz.walikar@owasp.org Riyaz Walikar] joining us the third OWASP Bangalore Chapter Lead

=== Older News ===
* null/OWASP combined meet up on 24th May 2014
* We have a new twitter account [https://twitter.com/owaspbangalore @owaspbangalore]

= '''Next Meeting''' =
== OWASP Bangalore Meet - 12th December 09:30 AM - 02:00 PM ==

'''Add to Google Calendar'''
[https://calendar.google.com/calendar/hosted/owasp.org/event?action=TEMPLATE&tmeid=NmlyMWR1c3NoY2xldmlvaDljcWY0OGs5MzAgaGw2Y2pnczZlcDFoN29uaXFndWV1MmJoYm9AZw&tmsrc=hl6cjgs6ep1h7oniqgueu2bhbo%40group.calendar.google.com Google Calendar Link]

=== '''Sessions''' ===
*[http://null.co.in/event_sessions/609-zap-proxy ZAP Proxy by TAS ]
*[http://null.co.in/event_sessions/611-intro-to-xposed-framework Xposted Framework by Abhinav Chourasia]
*[http://null.co.in/event_sessions/615-security-analytics Security Analytics by Prakash naw]
*[http://null.co.in/event_sessions/614-owasp-bengaluru-session OWASP Bangalore session by Akash Mahajan]
*[http://null.co.in/event_sessions/613-radare2-demo Radare 2 Demo by Amol Naik]

=== '''Venue''' ===
TBD

=== '''Instructions''' ===
1. Please bring a Government issued ID card (Pan, Driving license, etc) for entry into the compound. 
2. If required, laptops have to be declared with serial numbers at the building security. 

= '''Previous Meeting Venue and Dates''' =

{| class="wikitable"
|-
! No
! Date
! Venue
! Time
|-
| 51
| 21st Nov 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 50
| 17th Oct 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 49
| 27th Sept 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 48
| 29th Aug 2015
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 47
| 25th July 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 46
| 20th June 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 45
| 6th June 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 44
| 30th May 2015
| Microsoft Technology Center (http://goo.gl/69VZrL)
| 09:30 AM
|-
|-
| 43
| 16th May 2015
| Philips Innovation Campus (https://goo.gl/fAVWl9)
| 09:30 AM
|-
|-
| 42
| 25th April 2015
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 41
| 21st March 2015
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 40
| 21st February 2015
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 39
| 17th January 2015
| Sapient Consulting (http://goo.gl/hZmwyV)
| 09:30 AM
|-
|-
| 38
| 13th December 2014
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:00 AM
|-
|-
| 37
| 29th November 2014
| Triad Square Infosec (https://bit.ly/owaspmeet-xwh2014)
| 10:00 AM
|-
|-
| 36
| 22nd November 2014
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 35
| 15th November 2014
| PayPal Office (http://goo.gl/quBKaG)
| 10:00 AM
|-
|-
| 34
| 18th October 2014
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 33
| 20th September 2014
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 32
| 30th August 2014
| EMC Corporation (http://goo.gl/19Ueet)
| 09:30 AM
|-
|-
| 31
| 19th July 2014
| ThoughtWorks Office (http://goo.gl/bokSL)
| 09:30 AM
|-
|-
| 30
| 14th June 2014
| ThoughtWorks Office (http://goo.gl/bokSL)
| 09:30 AM
|-
|-
| 29
| 24th May 2014
| ThoughtWorks Office (http://goo.gl/bokSL)
| 10:00 AM
|-
|-
| 28
| 8th February 2014
| Paypal Office
| 10:00 AM
|-
| 27
| 18th January 2014
| ThoughtWorks Office (http://goo.gl/bokSL)
| 9:30 AM
|-
|-
| 26
| 14th December 2013
| ThoughtWorks Office (http://goo.gl/bokSL)
| 9:30 AM
|-
| 25
| 1st November 2012
| KPMG Office
| 7 PM
|-

|-
| 24
| 16th May 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 23
| 19th May 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 22
| 21th April 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 21
| 10th March 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 20
| 04th February 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 19
| 07th January 2012
| Kieon
| 10 AM
|-

|-
| 18
| 3rd October 2009
| Praxeva India
| 10 AM
|-
| 17
| 19th September 2009
| Praxeva India
| 10 AM
|-
| 16
| 5th September 2009
| Praxeva India
| 10 AM
|-
| 15
| 12 July 2009
| Cubbon Park
| 10.30 AM
|-
| 14
| 07 June 2009
| ICH, Church Street
| 09.00 AM
|-
| 13
| 11 April 2009
| ThoughtWorks Bangalore, ([http://www.devcamp.in/wiki/Main_Page DevCamp2])
| 10.00 AM
|-
| 12
| 07 March 2009
| Yahoo, Embassy Golf Links Business Park
| 11.00 AM
|-
| 11
| 02 February 2009
| India Coffee House, MG Road
| 9.00 AM
|-
| 10
| 11 January 2009
| India Coffee House, MG Road
| 9.00 AM
|-
| 9
| 14 December 2008
| India Coffee House, MG Road
| 9.00 AM
|-
| 8
| 16 November 2008
| India Coffee House, MG Road
| 9.00 AM
|-
| 7
| 13 September 2008
| IIM Bangalore (Part of BarCamp Bangalore-7)
| 
|-
| 6
| 09 August 2008
| Microland Office
| 3.00 PM
|-
| 5
| 12 July 2008
| RSA Office (Part of Secure Camp)
| 9.30 AM
|-
| 4
| 29 June 2008
| India Coffee House, MG Road
| 9.30AM
|-
| 3
| 28 June 2007
| (Part of Barcamp Bangalore-4)
| 
|-
| 2
| 2006
| 
| 
|-
| 1
| 2006
| 
| 
|}

= '''Meeting Summaries''' =
[[Bangalore/Archives|Summaries from Past Meetings]]

= '''Chapter Leaders'''=
== Current Chapter Leaders ==

=== KV Prashanth (2012 - Present) ===
=== Akash Mahajan (2012 - Present) ===

I am ''The Web Application Security Guy''. Apart from running a company offering application security consulting, I spend majority of my time doing volunteer work for OWASP as the Bangalore chapter leader and null - The Open Security Community as a Community Manager. I tweet about security quite regularly on twitter account [https://twitter.com/makash @makash]. Feel free to get in touch.

Twitter: [https://twitter.com/makash @makash]

=== Riyaz Walikar (2014 - Present) ===

For food and shelter, I work as a pentester/web security tester+evangelist at a Big4. I have been active in the security community for the better part of the last 7 years by working closely with the Bangalore OWASP chapter and null - The Open Security community.

My technical interests lie with programming, bug bounty, malware analysis, breaking web applications, playing CTFs, researching devices that fall under the Internet of Things category and penetration testing networks exposed to the Internet. When not writing/breaking code, you can find me sleeping, playing football, reading or fishing.

Blog: http://www.riyazwalikar.com

Twitter: [https://www.twitter.com/riyazwalikar @riyazwalikar]

== Current Chapter volunteers ==

=== Abhinav Sejpal (2015 - Present) ===

Fell in love with the power of software at age 17, and he is still in love. He is a security researcher working at Accenture Digital. He has reported security vulnerabilities 50+ Unique product giants all over the world including Apple, Adobe , Twitter, Linkedin, Yahoo , Pinterest, VK etc. He enjoys finding and exploiting software vulnerabilities via reverse engineering, source code auditing, fuzzing. He researches primarily focused Android , iOS Mobile App and open source project like ASVS, OWASP Mobile Top 10, Mobile Security Framework etc.

Speaker @ OWASP, Null , Weekend Testing Bangalore Chapter

Blog: http://bugwrangler.in

Twitter: [https://www.twitter.com/Abhinav_Sejpal @Abhinav_Sejpal]

Github: [https://github.com/bugwrangler bugwrangler]

=== Satish Govindappa (2015 - Present) ===

14+ years of significant, progressive expertise in security architecture practices, secure coding practices, secure code review, web application pen-testing,security testing tools and secure software development training.
Build and facilitate company-wide security architecture practice and secure software development programs

== Previous Chapter Leaders ==

=== Harinath (2002 - 2012) ===

<headertabs />

[[Category:India]]

Bangalore

2015-12-05T15:19:53Z

Abhinav: /* Previous Meeting Venue and Dates */

__NOTOC__

[[File:Owasp-bangalore-logo.png|OWASP Bangalore Chapter]]
{{Chapter Template|chaptername=Bangalore|extra=The chapter leaders are [mailto:kvprashant@owasp.org Prashant Kv], [mailto:riyaz.walikar@owasp.org Riyaz Walikar] and [[User:Makash | Akash Mahajan]] [mailto:akash.mahajan@owasp.org (akash.mahajan AT OWASP DOT org)] |mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-bangalore|emailarchives=http://lists.owasp.org/pipermail/owasp-bangalore}}

= '''Stay Updated''' =
=== Join our low traffic mailing list for event information ===
[[File:Mail-50%25smaller.jpeg]]
[https://lists.owasp.org/mailman/listinfo/owasp-bangalore Subscribe to OWASP Bangalore Mailing list]

=== Follow @owaspbangalore for event updates on Twitter ===
[[File:Twitter-bird-cropped-onwhite-40%25smaller.png]]
'''[https://twitter.com/owaspbangalore OWASP Bangalore Twitter Account]'''

=== Short Links for sharing and easy to remember ===
* Wiki Page - '''[https://bit.ly/owaspblr https://bit.ly/owaspblr]'''
* Next OWASP Bangalore Meet '''[https://bit.ly/owaspblr-meet https://bit.ly/owaspblr-meet]'''
* OWASP Bangalore Mailing List '''[https://bit.ly/owaspblr-mailinglist http://bit.ly/owaspblr-mailinglist]'''
* OWASP Global Google Calendar '''[https://bit.ly/owaspblr-googlecal http://bit.ly/owaspblr-googlecal]'''

= '''Chapter News''' =

=== 11th Nov 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 25th Sep 2015 ===
* September month meet is moved by a day to Sunday 27th Sept at the same venue due to the Bangalore strike.

=== 18th Sep 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 15th Aug 2015 ===
* Venue and links updated. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 14th July 2015 ===
* Venue and links updated. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 2nd July 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 12th June 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 02nd June 2015 ===
* Details of the next OWASP Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 25th May 2015 ===
* Details of the next OWASP Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 20th May 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 24th March 2015 ===
* Details of the next OWASP Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 12th March 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 01st February 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 02nd January 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 5th December 2014 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 29th November 2014 ===
* We have added @abhinav_sejpal to tweet from @owaspbangalore. Looking forward to a more vibrant twitter account!

=== 26th November 2014 ===
* Many thanks to [https://twitter.com/shruthi76 @shruthi76] for creating a logo for OWASP Bangalore

=== 17th November 2014 ===
* Details of the OWASP Banglore Workshop on XWH2014 by Riyaz Walikar have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 16th November 2014 ===
* Details of the next Combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 4th November 2014 ===
* Our special meeting details have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link]

=== 14th October 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 17th September 2014 ===
* The OWASP Testing Guide v4 was released today. Our very own [https://www.owasp.org/index.php/User:Anant_Shrivastava Anant Shrivastava] from the Bangalore chapter has contributed a chapter on Fingerprinting Web Servers. Please follow the [https://www.owasp.org/index.php/Fingerprint_Web_Server_(OTG-INFO-002) link] to read the specific section.

=== 13th September 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 28th August 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.
* Riyaz Walikar updated his profile.

=== 11th July 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 6th Jun 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 5th Jun 2014 ===
* Very excited to have [mailto:riyaz.walikar@owasp.org Riyaz Walikar] joining us the third OWASP Bangalore Chapter Lead

=== Older News ===
* null/OWASP combined meet up on 24th May 2014
* We have a new twitter account [https://twitter.com/owaspbangalore @owaspbangalore]

= '''Next Meeting''' =
== OWASP Bangalore Meet - 12th December 09:30 AM - 02:00 PM ==

'''Add to Google Calendar'''
[https://calendar.google.com/calendar/hosted/owasp.org/event?action=TEMPLATE&tmeid=NmlyMWR1c3NoY2xldmlvaDljcWY0OGs5MzAgaGw2Y2pnczZlcDFoN29uaXFndWV1MmJoYm9AZw&tmsrc=hl6cjgs6ep1h7oniqgueu2bhbo%40group.calendar.google.com Google Calendar Link]

=== '''Sessions''' ===
*[http://null.co.in/event_sessions/609-zap-proxy ZAP Proxy by TAS ]
*[http://null.co.in/event_sessions/611-intro-to-xposed-framework Xposted Framework by Abhinav Chourasia]
*[http://null.co.in/event_sessions/615-security-analytics Security Analytics by Prakash naw]
*[http://null.co.in/event_sessions/614-owasp-bengaluru-session OWASP Bangalore session by Akash Mahajan]
*[http://null.co.in/event_sessions/613-radare2-demo Radare 2 Demo by Amol Naik]

=== '''Venue''' ===
TBD

=== '''Instructions''' ===
1. Please bring a Government issued ID card (Pan, Driving license, etc) for entry into the compound. 
2. If required, laptops have to be declared with serial numbers at the building security. 

= '''Previous Meeting Venue and Dates''' =

{| class="wikitable"
|-
! No
! Date
! Venue
! Time
|-
| 51
| 21st Nov 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 50
| 17th Oct 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 49
| 27th Sept 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 48
| 29th Aug 2015
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 47
| 25th July 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 46
| 20th June 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 45
| 6th June 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 44
| 30th May 2015
| Microsoft Technology Center (http://goo.gl/69VZrL)
| 09:30 AM
|-
|-
| 43
| 16th May 2015
| Philips Innovation Campus (https://goo.gl/fAVWl9)
| 09:30 AM
|-
|-
| 42
| 25th April 2015
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 41
| 21st March 2015
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 40
| 21st February 2015
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 39
| 17th January 2015
| Sapient Consulting (http://goo.gl/hZmwyV)
| 09:30 AM
|-
|-
| 38
| 13th December 2014
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:00 AM
|-
|-
| 37
| 29th November 2014
| Triad Square Infosec (https://bit.ly/owaspmeet-xwh2014)
| 10:00 AM
|-
|-
| 36
| 22nd November 2014
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 35
| 15th November 2014
| PayPal Office (http://goo.gl/quBKaG)
| 10:00 AM
|-
|-
| 34
| 18th October 2014
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 33
| 20th September 2014
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 32
| 30th August 2014
| EMC Corporation (http://goo.gl/19Ueet)
| 09:30 AM
|-
|-
| 31
| 19th July 2014
| ThoughtWorks Office (http://goo.gl/bokSL)
| 09:30 AM
|-
|-
| 30
| 14th June 2014
| ThoughtWorks Office (http://goo.gl/bokSL)
| 09:30 AM
|-
|-
| 29
| 24th May 2014
| ThoughtWorks Office (http://goo.gl/bokSL)
| 10:00 AM
|-
|-
| 28
| 8th February 2014
| Paypal Office
| 10:00 AM
|-
| 27
| 18th January 2014
| ThoughtWorks Office (http://goo.gl/bokSL)
| 9:30 AM
|-
|-
| 26
| 14th December 2013
| ThoughtWorks Office (http://goo.gl/bokSL)
| 9:30 AM
|-
| 25
| 1st November 2012
| KPMG Office
| 7 PM
|-

|-
| 24
| 16th May 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 23
| 19th May 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 22
| 21th April 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 21
| 10th March 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 20
| 04th February 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 19
| 07th January 2012
| Kieon
| 10 AM
|-

|-
| 18
| 3rd October 2009
| Praxeva India
| 10 AM
|-
| 17
| 19th September 2009
| Praxeva India
| 10 AM
|-
| 16
| 5th September 2009
| Praxeva India
| 10 AM
|-
| 15
| 12 July 2009
| Cubbon Park
| 10.30 AM
|-
| 14
| 07 June 2009
| ICH, Church Street
| 09.00 AM
|-
| 13
| 11 April 2009
| ThoughtWorks Bangalore, ([http://www.devcamp.in/wiki/Main_Page DevCamp2])
| 10.00 AM
|-
| 12
| 07 March 2009
| Yahoo, Embassy Golf Links Business Park
| 11.00 AM
|-
| 11
| 02 February 2009
| India Coffee House, MG Road
| 9.00 AM
|-
| 10
| 11 January 2009
| India Coffee House, MG Road
| 9.00 AM
|-
| 9
| 14 December 2008
| India Coffee House, MG Road
| 9.00 AM
|-
| 8
| 16 November 2008
| India Coffee House, MG Road
| 9.00 AM
|-
| 7
| 13 September 2008
| IIM Bangalore (Part of BarCamp Bangalore-7)
| 
|-
| 6
| 09 August 2008
| Microland Office
| 3.00 PM
|-
| 5
| 12 July 2008
| RSA Office (Part of Secure Camp)
| 9.30 AM
|-
| 4
| 29 June 2008
| India Coffee House, MG Road
| 9.30AM
|-
| 3
| 28 June 2007
| (Part of Barcamp Bangalore-4)
| 
|-
| 2
| 2006
| 
| 
|-
| 1
| 2006
| 
| 
|}

= '''Meeting Summaries''' =
[[Bangalore/Archives|Summaries from Past Meetings]]

= '''Chapter Leaders'''=
== Current Chapter Leaders ==

=== KV Prashanth (2012 - Present) ===
=== Akash Mahajan (2012 - Present) ===

I am ''The Web Application Security Guy''. Apart from running a company offering application security consulting, I spend majority of my time doing volunteer work for OWASP as the Bangalore chapter leader and null - The Open Security Community as a Community Manager. I tweet about security quite regularly on twitter account [https://twitter.com/makash @makash]. Feel free to get in touch.

Twitter: [https://twitter.com/makash @makash]

=== Riyaz Walikar (2014 - Present) ===

For food and shelter, I work as a pentester/web security tester+evangelist at a Big4. I have been active in the security community for the better part of the last 7 years by working closely with the Bangalore OWASP chapter and null - The Open Security community.

My technical interests lie with programming, bug bounty, malware analysis, breaking web applications, playing CTFs, researching devices that fall under the Internet of Things category and penetration testing networks exposed to the Internet. When not writing/breaking code, you can find me sleeping, playing football, reading or fishing.

Blog: http://www.riyazwalikar.com

Twitter: [https://www.twitter.com/riyazwalikar @riyazwalikar]

== Current Chapter volunteers ==

=== Abhinav Sejpal (2015 - Present) ===

Fell in love with the power of software at age 17, and he is still in love. He is a security researcher working at Accenture Digital. He has reported security vulnerabilities 50+ Unique product giants all over the world including Apple, Adobe , Twitter, Linkedin, Yahoo , Pinterest, VK etc. He enjoys finding and exploiting software vulnerabilities via reverse engineering, source code auditing, fuzzing. He researches primarily focused Android , iOS Mobile App and open source project like ASVS, OWASP Mobile Top 10, Mobile Security Framework etc.

Speaker @ OWASP, Null , Weekend Testing Bangalore Chapter

Blog: http://bugwrangler.in

Twitter: [https://www.twitter.com/Abhinav_Sejpal @Abhinav_Sejpal]

Github: [https://github.com/bugwrangler bugwrangler]

=== Satish Govindappa (2015 - Present) ===

14+ years of significant, progressive expertise in security architecture practices, secure coding practices, secure code review, web application pen-testing,security testing tools and secure software development training.
Build and facilitate company-wide security architecture practice and secure software development programs

== Previous Chapter Leaders ==

=== Harinath (2002 - 2012) ===

<headertabs />

[[Category:India]]

Bangalore

2015-12-05T15:16:14Z

Abhinav: /* Next Meeting */

__NOTOC__

[[File:Owasp-bangalore-logo.png|OWASP Bangalore Chapter]]
{{Chapter Template|chaptername=Bangalore|extra=The chapter leaders are [mailto:kvprashant@owasp.org Prashant Kv], [mailto:riyaz.walikar@owasp.org Riyaz Walikar] and [[User:Makash | Akash Mahajan]] [mailto:akash.mahajan@owasp.org (akash.mahajan AT OWASP DOT org)] |mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-bangalore|emailarchives=http://lists.owasp.org/pipermail/owasp-bangalore}}

= '''Stay Updated''' =
=== Join our low traffic mailing list for event information ===
[[File:Mail-50%25smaller.jpeg]]
[https://lists.owasp.org/mailman/listinfo/owasp-bangalore Subscribe to OWASP Bangalore Mailing list]

=== Follow @owaspbangalore for event updates on Twitter ===
[[File:Twitter-bird-cropped-onwhite-40%25smaller.png]]
'''[https://twitter.com/owaspbangalore OWASP Bangalore Twitter Account]'''

=== Short Links for sharing and easy to remember ===
* Wiki Page - '''[https://bit.ly/owaspblr https://bit.ly/owaspblr]'''
* Next OWASP Bangalore Meet '''[https://bit.ly/owaspblr-meet https://bit.ly/owaspblr-meet]'''
* OWASP Bangalore Mailing List '''[https://bit.ly/owaspblr-mailinglist http://bit.ly/owaspblr-mailinglist]'''
* OWASP Global Google Calendar '''[https://bit.ly/owaspblr-googlecal http://bit.ly/owaspblr-googlecal]'''

= '''Chapter News''' =

=== 11th Nov 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 25th Sep 2015 ===
* September month meet is moved by a day to Sunday 27th Sept at the same venue due to the Bangalore strike.

=== 18th Sep 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 15th Aug 2015 ===
* Venue and links updated. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 14th July 2015 ===
* Venue and links updated. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 2nd July 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 12th June 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 02nd June 2015 ===
* Details of the next OWASP Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 25th May 2015 ===
* Details of the next OWASP Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 20th May 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 24th March 2015 ===
* Details of the next OWASP Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 12th March 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 01st February 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 02nd January 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 5th December 2014 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 29th November 2014 ===
* We have added @abhinav_sejpal to tweet from @owaspbangalore. Looking forward to a more vibrant twitter account!

=== 26th November 2014 ===
* Many thanks to [https://twitter.com/shruthi76 @shruthi76] for creating a logo for OWASP Bangalore

=== 17th November 2014 ===
* Details of the OWASP Banglore Workshop on XWH2014 by Riyaz Walikar have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 16th November 2014 ===
* Details of the next Combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 4th November 2014 ===
* Our special meeting details have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link]

=== 14th October 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 17th September 2014 ===
* The OWASP Testing Guide v4 was released today. Our very own [https://www.owasp.org/index.php/User:Anant_Shrivastava Anant Shrivastava] from the Bangalore chapter has contributed a chapter on Fingerprinting Web Servers. Please follow the [https://www.owasp.org/index.php/Fingerprint_Web_Server_(OTG-INFO-002) link] to read the specific section.

=== 13th September 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 28th August 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.
* Riyaz Walikar updated his profile.

=== 11th July 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 6th Jun 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 5th Jun 2014 ===
* Very excited to have [mailto:riyaz.walikar@owasp.org Riyaz Walikar] joining us the third OWASP Bangalore Chapter Lead

=== Older News ===
* null/OWASP combined meet up on 24th May 2014
* We have a new twitter account [https://twitter.com/owaspbangalore @owaspbangalore]

= '''Next Meeting''' =
== OWASP Bangalore Meet - 12th December 09:30 AM - 02:00 PM ==

'''Add to Google Calendar'''
[https://calendar.google.com/calendar/hosted/owasp.org/event?action=TEMPLATE&tmeid=NmlyMWR1c3NoY2xldmlvaDljcWY0OGs5MzAgaGw2Y2pnczZlcDFoN29uaXFndWV1MmJoYm9AZw&tmsrc=hl6cjgs6ep1h7oniqgueu2bhbo%40group.calendar.google.com Google Calendar Link]

=== '''Sessions''' ===
*[http://null.co.in/event_sessions/609-zap-proxy ZAP Proxy by TAS ]
*[http://null.co.in/event_sessions/611-intro-to-xposed-framework Xposted Framework by Abhinav Chourasia]
*[http://null.co.in/event_sessions/615-security-analytics Security Analytics by Prakash naw]
*[http://null.co.in/event_sessions/614-owasp-bengaluru-session OWASP Bangalore session by Akash Mahajan]
*[http://null.co.in/event_sessions/613-radare2-demo Radare 2 Demo by Amol Naik]

=== '''Venue''' ===
TBD

=== '''Instructions''' ===
1. Please bring a Government issued ID card (Pan, Driving license, etc) for entry into the compound. 
2. If required, laptops have to be declared with serial numbers at the building security. 

= '''Previous Meeting Venue and Dates''' =

{| class="wikitable"
|-
! No
! Date
! Venue
! Time
|-
| 50
| 17th Oct 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 49
| 27th Sept 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 48
| 29th Aug 2015
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 47
| 25th July 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 46
| 20th June 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 45
| 6th June 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 44
| 30th May 2015
| Microsoft Technology Center (http://goo.gl/69VZrL)
| 09:30 AM
|-
|-
| 43
| 16th May 2015
| Philips Innovation Campus (https://goo.gl/fAVWl9)
| 09:30 AM
|-
|-
| 42
| 25th April 2015
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 41
| 21st March 2015
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 40
| 21st February 2015
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 39
| 17th January 2015
| Sapient Consulting (http://goo.gl/hZmwyV)
| 09:30 AM
|-
|-
| 38
| 13th December 2014
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:00 AM
|-
|-
| 37
| 29th November 2014
| Triad Square Infosec (https://bit.ly/owaspmeet-xwh2014)
| 10:00 AM
|-
|-
| 36
| 22nd November 2014
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 35
| 15th November 2014
| PayPal Office (http://goo.gl/quBKaG)
| 10:00 AM
|-
|-
| 34
| 18th October 2014
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 33
| 20th September 2014
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 32
| 30th August 2014
| EMC Corporation (http://goo.gl/19Ueet)
| 09:30 AM
|-
|-
| 31
| 19th July 2014
| ThoughtWorks Office (http://goo.gl/bokSL)
| 09:30 AM
|-
|-
| 30
| 14th June 2014
| ThoughtWorks Office (http://goo.gl/bokSL)
| 09:30 AM
|-
|-
| 29
| 24th May 2014
| ThoughtWorks Office (http://goo.gl/bokSL)
| 10:00 AM
|-
|-
| 28
| 8th February 2014
| Paypal Office
| 10:00 AM
|-
| 27
| 18th January 2014
| ThoughtWorks Office (http://goo.gl/bokSL)
| 9:30 AM
|-
|-
| 26
| 14th December 2013
| ThoughtWorks Office (http://goo.gl/bokSL)
| 9:30 AM
|-
| 25
| 1st November 2012
| KPMG Office
| 7 PM
|-

|-
| 24
| 16th May 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 23
| 19th May 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 22
| 21th April 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 21
| 10th March 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 20
| 04th February 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 19
| 07th January 2012
| Kieon
| 10 AM
|-

|-
| 18
| 3rd October 2009
| Praxeva India
| 10 AM
|-
| 17
| 19th September 2009
| Praxeva India
| 10 AM
|-
| 16
| 5th September 2009
| Praxeva India
| 10 AM
|-
| 15
| 12 July 2009
| Cubbon Park
| 10.30 AM
|-
| 14
| 07 June 2009
| ICH, Church Street
| 09.00 AM
|-
| 13
| 11 April 2009
| ThoughtWorks Bangalore, ([http://www.devcamp.in/wiki/Main_Page DevCamp2])
| 10.00 AM
|-
| 12
| 07 March 2009
| Yahoo, Embassy Golf Links Business Park
| 11.00 AM
|-
| 11
| 02 February 2009
| India Coffee House, MG Road
| 9.00 AM
|-
| 10
| 11 January 2009
| India Coffee House, MG Road
| 9.00 AM
|-
| 9
| 14 December 2008
| India Coffee House, MG Road
| 9.00 AM
|-
| 8
| 16 November 2008
| India Coffee House, MG Road
| 9.00 AM
|-
| 7
| 13 September 2008
| IIM Bangalore (Part of BarCamp Bangalore-7)
| 
|-
| 6
| 09 August 2008
| Microland Office
| 3.00 PM
|-
| 5
| 12 July 2008
| RSA Office (Part of Secure Camp)
| 9.30 AM
|-
| 4
| 29 June 2008
| India Coffee House, MG Road
| 9.30AM
|-
| 3
| 28 June 2007
| (Part of Barcamp Bangalore-4)
| 
|-
| 2
| 2006
| 
| 
|-
| 1
| 2006
| 
| 
|}

= '''Meeting Summaries''' =
[[Bangalore/Archives|Summaries from Past Meetings]]

= '''Chapter Leaders'''=
== Current Chapter Leaders ==

=== KV Prashanth (2012 - Present) ===
=== Akash Mahajan (2012 - Present) ===

I am ''The Web Application Security Guy''. Apart from running a company offering application security consulting, I spend majority of my time doing volunteer work for OWASP as the Bangalore chapter leader and null - The Open Security Community as a Community Manager. I tweet about security quite regularly on twitter account [https://twitter.com/makash @makash]. Feel free to get in touch.

Twitter: [https://twitter.com/makash @makash]

=== Riyaz Walikar (2014 - Present) ===

For food and shelter, I work as a pentester/web security tester+evangelist at a Big4. I have been active in the security community for the better part of the last 7 years by working closely with the Bangalore OWASP chapter and null - The Open Security community.

My technical interests lie with programming, bug bounty, malware analysis, breaking web applications, playing CTFs, researching devices that fall under the Internet of Things category and penetration testing networks exposed to the Internet. When not writing/breaking code, you can find me sleeping, playing football, reading or fishing.

Blog: http://www.riyazwalikar.com

Twitter: [https://www.twitter.com/riyazwalikar @riyazwalikar]

== Current Chapter volunteers ==

=== Abhinav Sejpal (2015 - Present) ===

Fell in love with the power of software at age 17, and he is still in love. He is a security researcher working at Accenture Digital. He has reported security vulnerabilities 50+ Unique product giants all over the world including Apple, Adobe , Twitter, Linkedin, Yahoo , Pinterest, VK etc. He enjoys finding and exploiting software vulnerabilities via reverse engineering, source code auditing, fuzzing. He researches primarily focused Android , iOS Mobile App and open source project like ASVS, OWASP Mobile Top 10, Mobile Security Framework etc.

Speaker @ OWASP, Null , Weekend Testing Bangalore Chapter

Blog: http://bugwrangler.in

Twitter: [https://www.twitter.com/Abhinav_Sejpal @Abhinav_Sejpal]

Github: [https://github.com/bugwrangler bugwrangler]

=== Satish Govindappa (2015 - Present) ===

14+ years of significant, progressive expertise in security architecture practices, secure coding practices, secure code review, web application pen-testing,security testing tools and secure software development training.
Build and facilitate company-wide security architecture practice and secure software development programs

== Previous Chapter Leaders ==

=== Harinath (2002 - 2012) ===

<headertabs />

[[Category:India]]

Bangalore

2015-09-25T18:04:19Z

Abhinav: /* Chapter News */

__NOTOC__

[[File:Owasp-bangalore-logo.png|OWASP Bangalore Chapter]]
{{Chapter Template|chaptername=Bangalore|extra=The chapter leaders are [mailto:kvprashant@owasp.org Prashant Kv], [mailto:riyaz.walikar@owasp.org Riyaz Walikar] and [[User:Makash | Akash Mahajan]] [mailto:akash.mahajan@owasp.org (akash.mahajan AT OWASP DOT org)] |mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-bangalore|emailarchives=http://lists.owasp.org/pipermail/owasp-bangalore}}

= '''Stay Updated''' =
=== Join our low traffic mailing list for event information ===
[[File:Mail-50%25smaller.jpeg]]
[https://lists.owasp.org/mailman/listinfo/owasp-bangalore Subscribe to OWASP Bangalore Mailing list]

=== Follow @owaspbangalore for event updates on Twitter ===
[[File:Twitter-bird-cropped-onwhite-40%25smaller.png]]
'''[https://twitter.com/owaspbangalore OWASP Bangalore Twitter Account]'''

=== Short Links for sharing and easy to remember ===
* Wiki Page - '''[https://bit.ly/owaspblr https://bit.ly/owaspblr]'''
* Next OWASP Bangalore Meet '''[https://bit.ly/owaspblr-meet https://bit.ly/owaspblr-meet]'''
* OWASP Bangalore Mailing List '''[https://bit.ly/owaspblr-mailinglist http://bit.ly/owaspblr-mailinglist]'''
* OWASP Global Google Calendar '''[https://bit.ly/owaspblr-googlecal http://bit.ly/owaspblr-googlecal]'''

= '''Chapter News''' =

=== 25 Sep 2015 ===
* September month meet is moved by a day to Sunday 27th Sept at the same venue due to the Bangalore strike.

=== 18 Sep 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 15th Aug 2015 ===
* Venue and links updated. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 14th July 2015 ===
* Venue and links updated. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 2nd July 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 12th June 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 02nd June 2015 ===
* Details of the next OWASP Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 25th May 2015 ===
* Details of the next OWASP Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 20th May 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 24th March 2015 ===
* Details of the next OWASP Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 12th March 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 01st February 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 02nd January 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 5th December 2014 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 29th November 2014 ===
* We have added @abhinav_sejpal to tweet from @owaspbangalore. Looking forward to a more vibrant twitter account!

=== 26th November 2014 ===
* Many thanks to [https://twitter.com/shruthi76 @shruthi76] for creating a logo for OWASP Bangalore

=== 17th November 2014 ===
* Details of the OWASP Banglore Workshop on XWH2014 by Riyaz Walikar have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 16th November 2014 ===
* Details of the next Combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 4th November 2014 ===
* Our special meeting details have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link]

=== 14th October 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 17th September 2014 ===
* The OWASP Testing Guide v4 was released today. Our very own [https://www.owasp.org/index.php/User:Anant_Shrivastava Anant Shrivastava] from the Bangalore chapter has contributed a chapter on Fingerprinting Web Servers. Please follow the [https://www.owasp.org/index.php/Fingerprint_Web_Server_(OTG-INFO-002) link] to read the specific section.

=== 13th September 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 28th August 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.
* Riyaz Walikar updated his profile.

=== 11th July 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 6th Jun 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 5th Jun 2014 ===
* Very excited to have [mailto:riyaz.walikar@owasp.org Riyaz Walikar] joining us the third OWASP Bangalore Chapter Lead

=== Older News ===
* null/OWASP combined meet up on 24th May 2014
* We have a new twitter account [https://twitter.com/owaspbangalore @owaspbangalore]

= '''Next Meeting''' =

== OWASP Bangalore meet - 27th Sep 2015 09:30 AM - 02:00 PM ==

'''Add to Google Calendar'''
[https://www.google.com/calendar/hosted/owasp.org/event?action=TEMPLATE&tmeid=ZGw5bGNpbmZscTBiN3Vvc2c3bzVkamQxdjQgaGw2Y2pnczZlcDFoN29uaXFndWV1MmJoYm9AZw&tmsrc=hl6cjgs6ep1h7oniqgueu2bhbo%40group.calendar.google.com Google Calendar Link]

=== '''Sessions''' ===
*Owasp Mobile Top 10 - M10 : Lack of binary Protection by Shivang Desai
*Demystifying Web Application Firewall by Sarwar Jahan M
*Django - Bypassing CSRF Protection by Deepam Kanjani
*RFID hacking by Jayesh
*Network security with Artificial Intelligence by Shiva

=== '''Venue''' ===
Citrix 
No. 33, Prestige Dynasty Ulsoor Road, Sivanchetti Gardens 
Yellappa Chetty Layout, Sivanchetti Gardens 
Bengaluru, Karnataka 560042 
Maps: https://goo.gl/bm3fJT

=== '''Instructions''' ===
1. Please bring a Government issued ID card (Pan, Driving license, etc) for entry into the compound. 
2. If required, laptops have to be declared with serial numbers at the building security. 

= '''Previous Meeting Venue and Dates''' =

{| class="wikitable"
|-
! No
! Date
! Venue
! Time
|-
| 48
| 29th Aug 2015
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 47
| 25th July 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 46
| 20th June 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 45
| 6th June 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 44
| 30th May 2015
| Microsoft Technology Center (http://goo.gl/69VZrL)
| 09:30 AM
|-
|-
| 43
| 16th May 2015
| Philips Innovation Campus (https://goo.gl/fAVWl9)
| 09:30 AM
|-
|-
| 42
| 25th April 2015
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 41
| 21st March 2015
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 40
| 21st February 2015
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 39
| 17th January 2015
| Sapient Consulting (http://goo.gl/hZmwyV)
| 09:30 AM
|-
|-
| 38
| 13th December 2014
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:00 AM
|-
|-
| 37
| 29th November 2014
| Triad Square Infosec (https://bit.ly/owaspmeet-xwh2014)
| 10:00 AM
|-
|-
| 36
| 22nd November 2014
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 35
| 15th November 2014
| PayPal Office (http://goo.gl/quBKaG)
| 10:00 AM
|-
|-
| 34
| 18th October 2014
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 33
| 20th September 2014
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 32
| 30th August 2014
| EMC Corporation (http://goo.gl/19Ueet)
| 09:30 AM
|-
|-
| 31
| 19th July 2014
| ThoughtWorks Office (http://goo.gl/bokSL)
| 09:30 AM
|-
|-
| 30
| 14th June 2014
| ThoughtWorks Office (http://goo.gl/bokSL)
| 09:30 AM
|-
|-
| 29
| 24th May 2014
| ThoughtWorks Office (http://goo.gl/bokSL)
| 10:00 AM
|-
|-
| 28
| 8th February 2014
| Paypal Office
| 10:00 AM
|-
| 27
| 18th January 2014
| ThoughtWorks Office (http://goo.gl/bokSL)
| 9:30 AM
|-
|-
| 26
| 14th December 2013
| ThoughtWorks Office (http://goo.gl/bokSL)
| 9:30 AM
|-
| 25
| 1st November 2012
| KPMG Office
| 7 PM
|-

|-
| 24
| 16th May 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 23
| 19th May 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 22
| 21th April 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 21
| 10th March 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 20
| 04th February 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 19
| 07th January 2012
| Kieon
| 10 AM
|-

|-
| 18
| 3rd October 2009
| Praxeva India
| 10 AM
|-
| 17
| 19th September 2009
| Praxeva India
| 10 AM
|-
| 16
| 5th September 2009
| Praxeva India
| 10 AM
|-
| 15
| 12 July 2009
| Cubbon Park
| 10.30 AM
|-
| 14
| 07 June 2009
| ICH, Church Street
| 09.00 AM
|-
| 13
| 11 April 2009
| ThoughtWorks Bangalore, ([http://www.devcamp.in/wiki/Main_Page DevCamp2])
| 10.00 AM
|-
| 12
| 07 March 2009
| Yahoo, Embassy Golf Links Business Park
| 11.00 AM
|-
| 11
| 02 February 2009
| India Coffee House, MG Road
| 9.00 AM
|-
| 10
| 11 January 2009
| India Coffee House, MG Road
| 9.00 AM
|-
| 9
| 14 December 2008
| India Coffee House, MG Road
| 9.00 AM
|-
| 8
| 16 November 2008
| India Coffee House, MG Road
| 9.00 AM
|-
| 7
| 13 September 2008
| IIM Bangalore (Part of BarCamp Bangalore-7)
| 
|-
| 6
| 09 August 2008
| Microland Office
| 3.00 PM
|-
| 5
| 12 July 2008
| RSA Office (Part of Secure Camp)
| 9.30 AM
|-
| 4
| 29 June 2008
| India Coffee House, MG Road
| 9.30AM
|-
| 3
| 28 June 2007
| (Part of Barcamp Bangalore-4)
| 
|-
| 2
| 2006
| 
| 
|-
| 1
| 2006
| 
| 
|}

= '''Meeting Summaries''' =
[[Bangalore/Archives|Summaries from Past Meetings]]

= '''Chapter Leaders'''=
== Current Chapter Leaders ==

=== KV Prashanth (2012 - Present) ===
=== Akash Mahajan (2012 - Present) ===

I am ''The Web Application Security Guy''. Apart from running a company offering application security consulting, I spend majority of my time doing volunteer work for OWASP as the Bangalore chapter leader and null - The Open Security Community as a Community Manager. I tweet about security quite regularly on twitter account [https://twitter.com/makash @makash]. Feel free to get in touch.

Twitter: [https://twitter.com/makash @makash]

=== Riyaz Walikar (2014 - Present) ===

For food and shelter, I work as a pentester/web security tester+evangelist at a Big4. I have been active in the security community for the better part of the last 7 years by working closely with the Bangalore OWASP chapter and null - The Open Security community.

My technical interests lie with programming, bug bounty, malware analysis, breaking web applications, playing CTFs, researching devices that fall under the Internet of Things category and penetration testing networks exposed to the Internet. When not writing/breaking code, you can find me sleeping, playing football, reading or fishing.

Blog: http://www.riyazwalikar.com

Twitter: [https://www.twitter.com/riyazwalikar @riyazwalikar]

== Current Chapter volunteers ==

=== Abhinav Sejpal (2015 - Present) ===

Fell in love with the power of software at age 17, and he is still in love. He is a security researcher working at Accenture Digital. He has reported security vulnerabilities 50+ Unique product giants all over the world including Apple, Adobe , Twitter, Linkedin, Yahoo , Pinterest, VK etc. He enjoys finding and exploiting software vulnerabilities via reverse engineering, source code auditing, fuzzing. He researches primarily focused Android , iOS Mobile App and open source project like ASVS, OWASP Mobile Top 10, Mobile Security Framework etc.

Speaker @ OWASP, Null , Weekend Testing Bangalore Chapter

Blog: http://bugwrangler.in

Twitter: [https://www.twitter.com/Abhinav_Sejpal @Abhinav_Sejpal]

Github: [https://github.com/bugwrangler bugwrangler]

=== Satish Govindappa (2015 - Present) ===

14+ years of significant, progressive expertise in security architecture practices, secure coding practices, secure code review, web application pen-testing,security testing tools and secure software development training.
Build and facilitate company-wide security architecture practice and secure software development programs

== Previous Chapter Leaders ==

=== Harinath (2002 - 2012) ===

<headertabs />

[[Category:India]]

Bangalore

2015-09-25T18:02:30Z

Abhinav: /* OWASP Bangalore meet - 26th Sep 2015 09:30 AM - 02:00 PM */

__NOTOC__

[[File:Owasp-bangalore-logo.png|OWASP Bangalore Chapter]]
{{Chapter Template|chaptername=Bangalore|extra=The chapter leaders are [mailto:kvprashant@owasp.org Prashant Kv], [mailto:riyaz.walikar@owasp.org Riyaz Walikar] and [[User:Makash | Akash Mahajan]] [mailto:akash.mahajan@owasp.org (akash.mahajan AT OWASP DOT org)] |mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-bangalore|emailarchives=http://lists.owasp.org/pipermail/owasp-bangalore}}

= '''Stay Updated''' =
=== Join our low traffic mailing list for event information ===
[[File:Mail-50%25smaller.jpeg]]
[https://lists.owasp.org/mailman/listinfo/owasp-bangalore Subscribe to OWASP Bangalore Mailing list]

=== Follow @owaspbangalore for event updates on Twitter ===
[[File:Twitter-bird-cropped-onwhite-40%25smaller.png]]
'''[https://twitter.com/owaspbangalore OWASP Bangalore Twitter Account]'''

=== Short Links for sharing and easy to remember ===
* Wiki Page - '''[https://bit.ly/owaspblr https://bit.ly/owaspblr]'''
* Next OWASP Bangalore Meet '''[https://bit.ly/owaspblr-meet https://bit.ly/owaspblr-meet]'''
* OWASP Bangalore Mailing List '''[https://bit.ly/owaspblr-mailinglist http://bit.ly/owaspblr-mailinglist]'''
* OWASP Global Google Calendar '''[https://bit.ly/owaspblr-googlecal http://bit.ly/owaspblr-googlecal]'''

= '''Chapter News''' =

=== 18 Sep 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 15th Aug 2015 ===
* Venue and links updated. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 14th July 2015 ===
* Venue and links updated. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 2nd July 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 12th June 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 02nd June 2015 ===
* Details of the next OWASP Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 25th May 2015 ===
* Details of the next OWASP Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 20th May 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 24th March 2015 ===
* Details of the next OWASP Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 12th March 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 01st February 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 02nd January 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 5th December 2014 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 29th November 2014 ===
* We have added @abhinav_sejpal to tweet from @owaspbangalore. Looking forward to a more vibrant twitter account!

=== 26th November 2014 ===
* Many thanks to [https://twitter.com/shruthi76 @shruthi76] for creating a logo for OWASP Bangalore

=== 17th November 2014 ===
* Details of the OWASP Banglore Workshop on XWH2014 by Riyaz Walikar have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 16th November 2014 ===
* Details of the next Combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 4th November 2014 ===
* Our special meeting details have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link]

=== 14th October 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 17th September 2014 ===
* The OWASP Testing Guide v4 was released today. Our very own [https://www.owasp.org/index.php/User:Anant_Shrivastava Anant Shrivastava] from the Bangalore chapter has contributed a chapter on Fingerprinting Web Servers. Please follow the [https://www.owasp.org/index.php/Fingerprint_Web_Server_(OTG-INFO-002) link] to read the specific section.

=== 13th September 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 28th August 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.
* Riyaz Walikar updated his profile.

=== 11th July 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 6th Jun 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 5th Jun 2014 ===
* Very excited to have [mailto:riyaz.walikar@owasp.org Riyaz Walikar] joining us the third OWASP Bangalore Chapter Lead

=== Older News ===
* null/OWASP combined meet up on 24th May 2014
* We have a new twitter account [https://twitter.com/owaspbangalore @owaspbangalore]

= '''Next Meeting''' =

== OWASP Bangalore meet - 27th Sep 2015 09:30 AM - 02:00 PM ==

'''Add to Google Calendar'''
[https://www.google.com/calendar/hosted/owasp.org/event?action=TEMPLATE&tmeid=ZGw5bGNpbmZscTBiN3Vvc2c3bzVkamQxdjQgaGw2Y2pnczZlcDFoN29uaXFndWV1MmJoYm9AZw&tmsrc=hl6cjgs6ep1h7oniqgueu2bhbo%40group.calendar.google.com Google Calendar Link]

=== '''Sessions''' ===
*Owasp Mobile Top 10 - M10 : Lack of binary Protection by Shivang Desai
*Demystifying Web Application Firewall by Sarwar Jahan M
*Django - Bypassing CSRF Protection by Deepam Kanjani
*RFID hacking by Jayesh
*Network security with Artificial Intelligence by Shiva

=== '''Venue''' ===
Citrix 
No. 33, Prestige Dynasty Ulsoor Road, Sivanchetti Gardens 
Yellappa Chetty Layout, Sivanchetti Gardens 
Bengaluru, Karnataka 560042 
Maps: https://goo.gl/bm3fJT

=== '''Instructions''' ===
1. Please bring a Government issued ID card (Pan, Driving license, etc) for entry into the compound. 
2. If required, laptops have to be declared with serial numbers at the building security. 

= '''Previous Meeting Venue and Dates''' =

{| class="wikitable"
|-
! No
! Date
! Venue
! Time
|-
| 48
| 29th Aug 2015
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 47
| 25th July 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 46
| 20th June 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 45
| 6th June 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 44
| 30th May 2015
| Microsoft Technology Center (http://goo.gl/69VZrL)
| 09:30 AM
|-
|-
| 43
| 16th May 2015
| Philips Innovation Campus (https://goo.gl/fAVWl9)
| 09:30 AM
|-
|-
| 42
| 25th April 2015
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 41
| 21st March 2015
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 40
| 21st February 2015
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 39
| 17th January 2015
| Sapient Consulting (http://goo.gl/hZmwyV)
| 09:30 AM
|-
|-
| 38
| 13th December 2014
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:00 AM
|-
|-
| 37
| 29th November 2014
| Triad Square Infosec (https://bit.ly/owaspmeet-xwh2014)
| 10:00 AM
|-
|-
| 36
| 22nd November 2014
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 35
| 15th November 2014
| PayPal Office (http://goo.gl/quBKaG)
| 10:00 AM
|-
|-
| 34
| 18th October 2014
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 33
| 20th September 2014
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 32
| 30th August 2014
| EMC Corporation (http://goo.gl/19Ueet)
| 09:30 AM
|-
|-
| 31
| 19th July 2014
| ThoughtWorks Office (http://goo.gl/bokSL)
| 09:30 AM
|-
|-
| 30
| 14th June 2014
| ThoughtWorks Office (http://goo.gl/bokSL)
| 09:30 AM
|-
|-
| 29
| 24th May 2014
| ThoughtWorks Office (http://goo.gl/bokSL)
| 10:00 AM
|-
|-
| 28
| 8th February 2014
| Paypal Office
| 10:00 AM
|-
| 27
| 18th January 2014
| ThoughtWorks Office (http://goo.gl/bokSL)
| 9:30 AM
|-
|-
| 26
| 14th December 2013
| ThoughtWorks Office (http://goo.gl/bokSL)
| 9:30 AM
|-
| 25
| 1st November 2012
| KPMG Office
| 7 PM
|-

|-
| 24
| 16th May 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 23
| 19th May 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 22
| 21th April 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 21
| 10th March 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 20
| 04th February 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 19
| 07th January 2012
| Kieon
| 10 AM
|-

|-
| 18
| 3rd October 2009
| Praxeva India
| 10 AM
|-
| 17
| 19th September 2009
| Praxeva India
| 10 AM
|-
| 16
| 5th September 2009
| Praxeva India
| 10 AM
|-
| 15
| 12 July 2009
| Cubbon Park
| 10.30 AM
|-
| 14
| 07 June 2009
| ICH, Church Street
| 09.00 AM
|-
| 13
| 11 April 2009
| ThoughtWorks Bangalore, ([http://www.devcamp.in/wiki/Main_Page DevCamp2])
| 10.00 AM
|-
| 12
| 07 March 2009
| Yahoo, Embassy Golf Links Business Park
| 11.00 AM
|-
| 11
| 02 February 2009
| India Coffee House, MG Road
| 9.00 AM
|-
| 10
| 11 January 2009
| India Coffee House, MG Road
| 9.00 AM
|-
| 9
| 14 December 2008
| India Coffee House, MG Road
| 9.00 AM
|-
| 8
| 16 November 2008
| India Coffee House, MG Road
| 9.00 AM
|-
| 7
| 13 September 2008
| IIM Bangalore (Part of BarCamp Bangalore-7)
| 
|-
| 6
| 09 August 2008
| Microland Office
| 3.00 PM
|-
| 5
| 12 July 2008
| RSA Office (Part of Secure Camp)
| 9.30 AM
|-
| 4
| 29 June 2008
| India Coffee House, MG Road
| 9.30AM
|-
| 3
| 28 June 2007
| (Part of Barcamp Bangalore-4)
| 
|-
| 2
| 2006
| 
| 
|-
| 1
| 2006
| 
| 
|}

= '''Meeting Summaries''' =
[[Bangalore/Archives|Summaries from Past Meetings]]

= '''Chapter Leaders'''=
== Current Chapter Leaders ==

=== KV Prashanth (2012 - Present) ===
=== Akash Mahajan (2012 - Present) ===

I am ''The Web Application Security Guy''. Apart from running a company offering application security consulting, I spend majority of my time doing volunteer work for OWASP as the Bangalore chapter leader and null - The Open Security Community as a Community Manager. I tweet about security quite regularly on twitter account [https://twitter.com/makash @makash]. Feel free to get in touch.

Twitter: [https://twitter.com/makash @makash]

=== Riyaz Walikar (2014 - Present) ===

For food and shelter, I work as a pentester/web security tester+evangelist at a Big4. I have been active in the security community for the better part of the last 7 years by working closely with the Bangalore OWASP chapter and null - The Open Security community.

My technical interests lie with programming, bug bounty, malware analysis, breaking web applications, playing CTFs, researching devices that fall under the Internet of Things category and penetration testing networks exposed to the Internet. When not writing/breaking code, you can find me sleeping, playing football, reading or fishing.

Blog: http://www.riyazwalikar.com

Twitter: [https://www.twitter.com/riyazwalikar @riyazwalikar]

== Current Chapter volunteers ==

=== Abhinav Sejpal (2015 - Present) ===

Fell in love with the power of software at age 17, and he is still in love. He is a security researcher working at Accenture Digital. He has reported security vulnerabilities 50+ Unique product giants all over the world including Apple, Adobe , Twitter, Linkedin, Yahoo , Pinterest, VK etc. He enjoys finding and exploiting software vulnerabilities via reverse engineering, source code auditing, fuzzing. He researches primarily focused Android , iOS Mobile App and open source project like ASVS, OWASP Mobile Top 10, Mobile Security Framework etc.

Speaker @ OWASP, Null , Weekend Testing Bangalore Chapter

Blog: http://bugwrangler.in

Twitter: [https://www.twitter.com/Abhinav_Sejpal @Abhinav_Sejpal]

Github: [https://github.com/bugwrangler bugwrangler]

=== Satish Govindappa (2015 - Present) ===

14+ years of significant, progressive expertise in security architecture practices, secure coding practices, secure code review, web application pen-testing,security testing tools and secure software development training.
Build and facilitate company-wide security architecture practice and secure software development programs

== Previous Chapter Leaders ==

=== Harinath (2002 - 2012) ===

<headertabs />

[[Category:India]]

Bangalore

2015-09-19T15:20:58Z

Abhinav: /* Chapter News */

__NOTOC__

[[File:Owasp-bangalore-logo.png|OWASP Bangalore Chapter]]
{{Chapter Template|chaptername=Bangalore|extra=The chapter leaders are [mailto:kvprashant@owasp.org Prashant Kv], [mailto:riyaz.walikar@owasp.org Riyaz Walikar] and [[User:Makash | Akash Mahajan]] [mailto:akash.mahajan@owasp.org (akash.mahajan AT OWASP DOT org)] |mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-bangalore|emailarchives=http://lists.owasp.org/pipermail/owasp-bangalore}}

= '''Stay Updated''' =
=== Join our low traffic mailing list for event information ===
[[File:Mail-50%25smaller.jpeg]]
[https://lists.owasp.org/mailman/listinfo/owasp-bangalore Subscribe to OWASP Bangalore Mailing list]

=== Follow @owaspbangalore for event updates on Twitter ===
[[File:Twitter-bird-cropped-onwhite-40%25smaller.png]]
'''[https://twitter.com/owaspbangalore OWASP Bangalore Twitter Account]'''

=== Short Links for sharing and easy to remember ===
* Wiki Page - '''[https://bit.ly/owaspblr https://bit.ly/owaspblr]'''
* Next OWASP Bangalore Meet '''[https://bit.ly/owaspblr-meet https://bit.ly/owaspblr-meet]'''
* OWASP Bangalore Mailing List '''[https://bit.ly/owaspblr-mailinglist http://bit.ly/owaspblr-mailinglist]'''
* OWASP Global Google Calendar '''[https://bit.ly/owaspblr-googlecal http://bit.ly/owaspblr-googlecal]'''

= '''Chapter News''' =

=== 18 Sep 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 15th Aug 2015 ===
* Venue and links updated. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 14th July 2015 ===
* Venue and links updated. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 2nd July 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 12th June 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 02nd June 2015 ===
* Details of the next OWASP Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 25th May 2015 ===
* Details of the next OWASP Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 20th May 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 24th March 2015 ===
* Details of the next OWASP Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 12th March 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 01st February 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 02nd January 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 5th December 2014 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 29th November 2014 ===
* We have added @abhinav_sejpal to tweet from @owaspbangalore. Looking forward to a more vibrant twitter account!

=== 26th November 2014 ===
* Many thanks to [https://twitter.com/shruthi76 @shruthi76] for creating a logo for OWASP Bangalore

=== 17th November 2014 ===
* Details of the OWASP Banglore Workshop on XWH2014 by Riyaz Walikar have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 16th November 2014 ===
* Details of the next Combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 4th November 2014 ===
* Our special meeting details have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link]

=== 14th October 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 17th September 2014 ===
* The OWASP Testing Guide v4 was released today. Our very own [https://www.owasp.org/index.php/User:Anant_Shrivastava Anant Shrivastava] from the Bangalore chapter has contributed a chapter on Fingerprinting Web Servers. Please follow the [https://www.owasp.org/index.php/Fingerprint_Web_Server_(OTG-INFO-002) link] to read the specific section.

=== 13th September 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 28th August 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.
* Riyaz Walikar updated his profile.

=== 11th July 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 6th Jun 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 5th Jun 2014 ===
* Very excited to have [mailto:riyaz.walikar@owasp.org Riyaz Walikar] joining us the third OWASP Bangalore Chapter Lead

=== Older News ===
* null/OWASP combined meet up on 24th May 2014
* We have a new twitter account [https://twitter.com/owaspbangalore @owaspbangalore]

= '''Next Meeting''' =

== OWASP Bangalore meet - 26th Sep 2015 09:30 AM - 02:00 PM ==

'''Add to Google Calendar'''
[https://www.google.com/calendar/hosted/owasp.org/event?action=TEMPLATE&tmeid=ZGw5bGNpbmZscTBiN3Vvc2c3bzVkamQxdjQgaGw2Y2pnczZlcDFoN29uaXFndWV1MmJoYm9AZw&tmsrc=hl6cjgs6ep1h7oniqgueu2bhbo%40group.calendar.google.com Google Calendar Link]

=== '''Sessions''' ===
*Owasp Mobile Top 10 - M10 : Lack of binary Protection by Shivang Desai
*Demystifying Web Application Firewall by Sarwar Jahan M
*Django - Bypassing CSRF Protection by Deepam Kanjani
*RFID hacking by Jayesh
*Network security with Artificial Intelligence by Shiva

=== '''Venue''' ===
Citrix 
No. 33, Prestige Dynasty Ulsoor Road, Sivanchetti Gardens 
Yellappa Chetty Layout, Sivanchetti Gardens 
Bengaluru, Karnataka 560042 
Maps: https://goo.gl/bm3fJT

=== '''Instructions''' ===
1. Please bring a Government issued ID card (Pan, Driving license, etc) for entry into the compound. 
2. If required, laptops have to be declared with serial numbers at the building security. 

= '''Previous Meeting Venue and Dates''' =

{| class="wikitable"
|-
! No
! Date
! Venue
! Time
|-
| 48
| 29th Aug 2015
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 47
| 25th July 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 46
| 20th June 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 45
| 6th June 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 44
| 30th May 2015
| Microsoft Technology Center (http://goo.gl/69VZrL)
| 09:30 AM
|-
|-
| 43
| 16th May 2015
| Philips Innovation Campus (https://goo.gl/fAVWl9)
| 09:30 AM
|-
|-
| 42
| 25th April 2015
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 41
| 21st March 2015
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 40
| 21st February 2015
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 39
| 17th January 2015
| Sapient Consulting (http://goo.gl/hZmwyV)
| 09:30 AM
|-
|-
| 38
| 13th December 2014
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:00 AM
|-
|-
| 37
| 29th November 2014
| Triad Square Infosec (https://bit.ly/owaspmeet-xwh2014)
| 10:00 AM
|-
|-
| 36
| 22nd November 2014
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 35
| 15th November 2014
| PayPal Office (http://goo.gl/quBKaG)
| 10:00 AM
|-
|-
| 34
| 18th October 2014
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 33
| 20th September 2014
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 32
| 30th August 2014
| EMC Corporation (http://goo.gl/19Ueet)
| 09:30 AM
|-
|-
| 31
| 19th July 2014
| ThoughtWorks Office (http://goo.gl/bokSL)
| 09:30 AM
|-
|-
| 30
| 14th June 2014
| ThoughtWorks Office (http://goo.gl/bokSL)
| 09:30 AM
|-
|-
| 29
| 24th May 2014
| ThoughtWorks Office (http://goo.gl/bokSL)
| 10:00 AM
|-
|-
| 28
| 8th February 2014
| Paypal Office
| 10:00 AM
|-
| 27
| 18th January 2014
| ThoughtWorks Office (http://goo.gl/bokSL)
| 9:30 AM
|-
|-
| 26
| 14th December 2013
| ThoughtWorks Office (http://goo.gl/bokSL)
| 9:30 AM
|-
| 25
| 1st November 2012
| KPMG Office
| 7 PM
|-

|-
| 24
| 16th May 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 23
| 19th May 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 22
| 21th April 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 21
| 10th March 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 20
| 04th February 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 19
| 07th January 2012
| Kieon
| 10 AM
|-

|-
| 18
| 3rd October 2009
| Praxeva India
| 10 AM
|-
| 17
| 19th September 2009
| Praxeva India
| 10 AM
|-
| 16
| 5th September 2009
| Praxeva India
| 10 AM
|-
| 15
| 12 July 2009
| Cubbon Park
| 10.30 AM
|-
| 14
| 07 June 2009
| ICH, Church Street
| 09.00 AM
|-
| 13
| 11 April 2009
| ThoughtWorks Bangalore, ([http://www.devcamp.in/wiki/Main_Page DevCamp2])
| 10.00 AM
|-
| 12
| 07 March 2009
| Yahoo, Embassy Golf Links Business Park
| 11.00 AM
|-
| 11
| 02 February 2009
| India Coffee House, MG Road
| 9.00 AM
|-
| 10
| 11 January 2009
| India Coffee House, MG Road
| 9.00 AM
|-
| 9
| 14 December 2008
| India Coffee House, MG Road
| 9.00 AM
|-
| 8
| 16 November 2008
| India Coffee House, MG Road
| 9.00 AM
|-
| 7
| 13 September 2008
| IIM Bangalore (Part of BarCamp Bangalore-7)
| 
|-
| 6
| 09 August 2008
| Microland Office
| 3.00 PM
|-
| 5
| 12 July 2008
| RSA Office (Part of Secure Camp)
| 9.30 AM
|-
| 4
| 29 June 2008
| India Coffee House, MG Road
| 9.30AM
|-
| 3
| 28 June 2007
| (Part of Barcamp Bangalore-4)
| 
|-
| 2
| 2006
| 
| 
|-
| 1
| 2006
| 
| 
|}

= '''Meeting Summaries''' =
[[Bangalore/Archives|Summaries from Past Meetings]]

= '''Chapter Leaders'''=
== Current Chapter Leaders ==

=== KV Prashanth (2012 - Present) ===
=== Akash Mahajan (2012 - Present) ===

I am ''The Web Application Security Guy''. Apart from running a company offering application security consulting, I spend majority of my time doing volunteer work for OWASP as the Bangalore chapter leader and null - The Open Security Community as a Community Manager. I tweet about security quite regularly on twitter account [https://twitter.com/makash @makash]. Feel free to get in touch.

Twitter: [https://twitter.com/makash @makash]

=== Riyaz Walikar (2014 - Present) ===

For food and shelter, I work as a pentester/web security tester+evangelist at a Big4. I have been active in the security community for the better part of the last 7 years by working closely with the Bangalore OWASP chapter and null - The Open Security community.

My technical interests lie with programming, bug bounty, malware analysis, breaking web applications, playing CTFs, researching devices that fall under the Internet of Things category and penetration testing networks exposed to the Internet. When not writing/breaking code, you can find me sleeping, playing football, reading or fishing.

Blog: http://www.riyazwalikar.com

Twitter: [https://www.twitter.com/riyazwalikar @riyazwalikar]

== Current Chapter volunteers ==

=== Abhinav Sejpal (2015 - Present) ===

Fell in love with the power of software at age 17, and he is still in love. He is a security researcher working at Accenture Digital. He has reported security vulnerabilities 50+ Unique product giants all over the world including Apple, Adobe , Twitter, Linkedin, Yahoo , Pinterest, VK etc. He enjoys finding and exploiting software vulnerabilities via reverse engineering, source code auditing, fuzzing. He researches primarily focused Android , iOS Mobile App and open source project like ASVS, OWASP Mobile Top 10, Mobile Security Framework etc.

Speaker @ OWASP, Null , Weekend Testing Bangalore Chapter

Blog: http://bugwrangler.in

Twitter: [https://www.twitter.com/Abhinav_Sejpal @Abhinav_Sejpal]

Github: [https://github.com/bugwrangler bugwrangler]

=== Satish Govindappa (2015 - Present) ===

14+ years of significant, progressive expertise in security architecture practices, secure coding practices, secure code review, web application pen-testing,security testing tools and secure software development training.
Build and facilitate company-wide security architecture practice and secure software development programs

== Previous Chapter Leaders ==

=== Harinath (2002 - 2012) ===

<headertabs />

[[Category:India]]

Bangalore

2015-09-19T15:20:01Z

Abhinav: /* Previous Meeting Venue and Dates */

__NOTOC__

[[File:Owasp-bangalore-logo.png|OWASP Bangalore Chapter]]
{{Chapter Template|chaptername=Bangalore|extra=The chapter leaders are [mailto:kvprashant@owasp.org Prashant Kv], [mailto:riyaz.walikar@owasp.org Riyaz Walikar] and [[User:Makash | Akash Mahajan]] [mailto:akash.mahajan@owasp.org (akash.mahajan AT OWASP DOT org)] |mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-bangalore|emailarchives=http://lists.owasp.org/pipermail/owasp-bangalore}}

= '''Stay Updated''' =
=== Join our low traffic mailing list for event information ===
[[File:Mail-50%25smaller.jpeg]]
[https://lists.owasp.org/mailman/listinfo/owasp-bangalore Subscribe to OWASP Bangalore Mailing list]

=== Follow @owaspbangalore for event updates on Twitter ===
[[File:Twitter-bird-cropped-onwhite-40%25smaller.png]]
'''[https://twitter.com/owaspbangalore OWASP Bangalore Twitter Account]'''

=== Short Links for sharing and easy to remember ===
* Wiki Page - '''[https://bit.ly/owaspblr https://bit.ly/owaspblr]'''
* Next OWASP Bangalore Meet '''[https://bit.ly/owaspblr-meet https://bit.ly/owaspblr-meet]'''
* OWASP Bangalore Mailing List '''[https://bit.ly/owaspblr-mailinglist http://bit.ly/owaspblr-mailinglist]'''
* OWASP Global Google Calendar '''[https://bit.ly/owaspblr-googlecal http://bit.ly/owaspblr-googlecal]'''

= '''Chapter News''' =

=== 15th Aug 2015 ===
* Venue and links updated. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 14th July 2015 ===
* Venue and links updated. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 2nd July 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 12th June 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 02nd June 2015 ===
* Details of the next OWASP Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 25th May 2015 ===
* Details of the next OWASP Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 20th May 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 24th March 2015 ===
* Details of the next OWASP Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 12th March 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 01st February 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 02nd January 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 5th December 2014 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 29th November 2014 ===
* We have added @abhinav_sejpal to tweet from @owaspbangalore. Looking forward to a more vibrant twitter account!

=== 26th November 2014 ===
* Many thanks to [https://twitter.com/shruthi76 @shruthi76] for creating a logo for OWASP Bangalore

=== 17th November 2014 ===
* Details of the OWASP Banglore Workshop on XWH2014 by Riyaz Walikar have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 16th November 2014 ===
* Details of the next Combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 4th November 2014 ===
* Our special meeting details have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link]

=== 14th October 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 17th September 2014 ===
* The OWASP Testing Guide v4 was released today. Our very own [https://www.owasp.org/index.php/User:Anant_Shrivastava Anant Shrivastava] from the Bangalore chapter has contributed a chapter on Fingerprinting Web Servers. Please follow the [https://www.owasp.org/index.php/Fingerprint_Web_Server_(OTG-INFO-002) link] to read the specific section.

=== 13th September 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 28th August 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.
* Riyaz Walikar updated his profile.

=== 11th July 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 6th Jun 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 5th Jun 2014 ===
* Very excited to have [mailto:riyaz.walikar@owasp.org Riyaz Walikar] joining us the third OWASP Bangalore Chapter Lead

=== Older News ===
* null/OWASP combined meet up on 24th May 2014
* We have a new twitter account [https://twitter.com/owaspbangalore @owaspbangalore]

= '''Next Meeting''' =

== OWASP Bangalore meet - 26th Sep 2015 09:30 AM - 02:00 PM ==

'''Add to Google Calendar'''
[https://www.google.com/calendar/hosted/owasp.org/event?action=TEMPLATE&tmeid=ZGw5bGNpbmZscTBiN3Vvc2c3bzVkamQxdjQgaGw2Y2pnczZlcDFoN29uaXFndWV1MmJoYm9AZw&tmsrc=hl6cjgs6ep1h7oniqgueu2bhbo%40group.calendar.google.com Google Calendar Link]

=== '''Sessions''' ===
*Owasp Mobile Top 10 - M10 : Lack of binary Protection by Shivang Desai
*Demystifying Web Application Firewall by Sarwar Jahan M
*Django - Bypassing CSRF Protection by Deepam Kanjani
*RFID hacking by Jayesh
*Network security with Artificial Intelligence by Shiva

=== '''Venue''' ===
Citrix 
No. 33, Prestige Dynasty Ulsoor Road, Sivanchetti Gardens 
Yellappa Chetty Layout, Sivanchetti Gardens 
Bengaluru, Karnataka 560042 
Maps: https://goo.gl/bm3fJT

=== '''Instructions''' ===
1. Please bring a Government issued ID card (Pan, Driving license, etc) for entry into the compound. 
2. If required, laptops have to be declared with serial numbers at the building security. 

= '''Previous Meeting Venue and Dates''' =

{| class="wikitable"
|-
! No
! Date
! Venue
! Time
|-
| 48
| 29th Aug 2015
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 47
| 25th July 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 46
| 20th June 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 45
| 6th June 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 44
| 30th May 2015
| Microsoft Technology Center (http://goo.gl/69VZrL)
| 09:30 AM
|-
|-
| 43
| 16th May 2015
| Philips Innovation Campus (https://goo.gl/fAVWl9)
| 09:30 AM
|-
|-
| 42
| 25th April 2015
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 41
| 21st March 2015
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 40
| 21st February 2015
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 39
| 17th January 2015
| Sapient Consulting (http://goo.gl/hZmwyV)
| 09:30 AM
|-
|-
| 38
| 13th December 2014
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:00 AM
|-
|-
| 37
| 29th November 2014
| Triad Square Infosec (https://bit.ly/owaspmeet-xwh2014)
| 10:00 AM
|-
|-
| 36
| 22nd November 2014
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 35
| 15th November 2014
| PayPal Office (http://goo.gl/quBKaG)
| 10:00 AM
|-
|-
| 34
| 18th October 2014
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 33
| 20th September 2014
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 32
| 30th August 2014
| EMC Corporation (http://goo.gl/19Ueet)
| 09:30 AM
|-
|-
| 31
| 19th July 2014
| ThoughtWorks Office (http://goo.gl/bokSL)
| 09:30 AM
|-
|-
| 30
| 14th June 2014
| ThoughtWorks Office (http://goo.gl/bokSL)
| 09:30 AM
|-
|-
| 29
| 24th May 2014
| ThoughtWorks Office (http://goo.gl/bokSL)
| 10:00 AM
|-
|-
| 28
| 8th February 2014
| Paypal Office
| 10:00 AM
|-
| 27
| 18th January 2014
| ThoughtWorks Office (http://goo.gl/bokSL)
| 9:30 AM
|-
|-
| 26
| 14th December 2013
| ThoughtWorks Office (http://goo.gl/bokSL)
| 9:30 AM
|-
| 25
| 1st November 2012
| KPMG Office
| 7 PM
|-

|-
| 24
| 16th May 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 23
| 19th May 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 22
| 21th April 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 21
| 10th March 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 20
| 04th February 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 19
| 07th January 2012
| Kieon
| 10 AM
|-

|-
| 18
| 3rd October 2009
| Praxeva India
| 10 AM
|-
| 17
| 19th September 2009
| Praxeva India
| 10 AM
|-
| 16
| 5th September 2009
| Praxeva India
| 10 AM
|-
| 15
| 12 July 2009
| Cubbon Park
| 10.30 AM
|-
| 14
| 07 June 2009
| ICH, Church Street
| 09.00 AM
|-
| 13
| 11 April 2009
| ThoughtWorks Bangalore, ([http://www.devcamp.in/wiki/Main_Page DevCamp2])
| 10.00 AM
|-
| 12
| 07 March 2009
| Yahoo, Embassy Golf Links Business Park
| 11.00 AM
|-
| 11
| 02 February 2009
| India Coffee House, MG Road
| 9.00 AM
|-
| 10
| 11 January 2009
| India Coffee House, MG Road
| 9.00 AM
|-
| 9
| 14 December 2008
| India Coffee House, MG Road
| 9.00 AM
|-
| 8
| 16 November 2008
| India Coffee House, MG Road
| 9.00 AM
|-
| 7
| 13 September 2008
| IIM Bangalore (Part of BarCamp Bangalore-7)
| 
|-
| 6
| 09 August 2008
| Microland Office
| 3.00 PM
|-
| 5
| 12 July 2008
| RSA Office (Part of Secure Camp)
| 9.30 AM
|-
| 4
| 29 June 2008
| India Coffee House, MG Road
| 9.30AM
|-
| 3
| 28 June 2007
| (Part of Barcamp Bangalore-4)
| 
|-
| 2
| 2006
| 
| 
|-
| 1
| 2006
| 
| 
|}

= '''Meeting Summaries''' =
[[Bangalore/Archives|Summaries from Past Meetings]]

= '''Chapter Leaders'''=
== Current Chapter Leaders ==

=== KV Prashanth (2012 - Present) ===
=== Akash Mahajan (2012 - Present) ===

I am ''The Web Application Security Guy''. Apart from running a company offering application security consulting, I spend majority of my time doing volunteer work for OWASP as the Bangalore chapter leader and null - The Open Security Community as a Community Manager. I tweet about security quite regularly on twitter account [https://twitter.com/makash @makash]. Feel free to get in touch.

Twitter: [https://twitter.com/makash @makash]

=== Riyaz Walikar (2014 - Present) ===

For food and shelter, I work as a pentester/web security tester+evangelist at a Big4. I have been active in the security community for the better part of the last 7 years by working closely with the Bangalore OWASP chapter and null - The Open Security community.

My technical interests lie with programming, bug bounty, malware analysis, breaking web applications, playing CTFs, researching devices that fall under the Internet of Things category and penetration testing networks exposed to the Internet. When not writing/breaking code, you can find me sleeping, playing football, reading or fishing.

Blog: http://www.riyazwalikar.com

Twitter: [https://www.twitter.com/riyazwalikar @riyazwalikar]

== Current Chapter volunteers ==

=== Abhinav Sejpal (2015 - Present) ===

Fell in love with the power of software at age 17, and he is still in love. He is a security researcher working at Accenture Digital. He has reported security vulnerabilities 50+ Unique product giants all over the world including Apple, Adobe , Twitter, Linkedin, Yahoo , Pinterest, VK etc. He enjoys finding and exploiting software vulnerabilities via reverse engineering, source code auditing, fuzzing. He researches primarily focused Android , iOS Mobile App and open source project like ASVS, OWASP Mobile Top 10, Mobile Security Framework etc.

Speaker @ OWASP, Null , Weekend Testing Bangalore Chapter

Blog: http://bugwrangler.in

Twitter: [https://www.twitter.com/Abhinav_Sejpal @Abhinav_Sejpal]

Github: [https://github.com/bugwrangler bugwrangler]

=== Satish Govindappa (2015 - Present) ===

14+ years of significant, progressive expertise in security architecture practices, secure coding practices, secure code review, web application pen-testing,security testing tools and secure software development training.
Build and facilitate company-wide security architecture practice and secure software development programs

== Previous Chapter Leaders ==

=== Harinath (2002 - 2012) ===

<headertabs />

[[Category:India]]

Bangalore

2015-09-19T15:18:19Z

Abhinav: /* Next Meeting */

__NOTOC__

[[File:Owasp-bangalore-logo.png|OWASP Bangalore Chapter]]
{{Chapter Template|chaptername=Bangalore|extra=The chapter leaders are [mailto:kvprashant@owasp.org Prashant Kv], [mailto:riyaz.walikar@owasp.org Riyaz Walikar] and [[User:Makash | Akash Mahajan]] [mailto:akash.mahajan@owasp.org (akash.mahajan AT OWASP DOT org)] |mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-bangalore|emailarchives=http://lists.owasp.org/pipermail/owasp-bangalore}}

= '''Stay Updated''' =
=== Join our low traffic mailing list for event information ===
[[File:Mail-50%25smaller.jpeg]]
[https://lists.owasp.org/mailman/listinfo/owasp-bangalore Subscribe to OWASP Bangalore Mailing list]

=== Follow @owaspbangalore for event updates on Twitter ===
[[File:Twitter-bird-cropped-onwhite-40%25smaller.png]]
'''[https://twitter.com/owaspbangalore OWASP Bangalore Twitter Account]'''

=== Short Links for sharing and easy to remember ===
* Wiki Page - '''[https://bit.ly/owaspblr https://bit.ly/owaspblr]'''
* Next OWASP Bangalore Meet '''[https://bit.ly/owaspblr-meet https://bit.ly/owaspblr-meet]'''
* OWASP Bangalore Mailing List '''[https://bit.ly/owaspblr-mailinglist http://bit.ly/owaspblr-mailinglist]'''
* OWASP Global Google Calendar '''[https://bit.ly/owaspblr-googlecal http://bit.ly/owaspblr-googlecal]'''

= '''Chapter News''' =

=== 15th Aug 2015 ===
* Venue and links updated. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 14th July 2015 ===
* Venue and links updated. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 2nd July 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 12th June 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 02nd June 2015 ===
* Details of the next OWASP Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 25th May 2015 ===
* Details of the next OWASP Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 20th May 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 24th March 2015 ===
* Details of the next OWASP Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 12th March 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 01st February 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 02nd January 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 5th December 2014 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 29th November 2014 ===
* We have added @abhinav_sejpal to tweet from @owaspbangalore. Looking forward to a more vibrant twitter account!

=== 26th November 2014 ===
* Many thanks to [https://twitter.com/shruthi76 @shruthi76] for creating a logo for OWASP Bangalore

=== 17th November 2014 ===
* Details of the OWASP Banglore Workshop on XWH2014 by Riyaz Walikar have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 16th November 2014 ===
* Details of the next Combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 4th November 2014 ===
* Our special meeting details have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link]

=== 14th October 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 17th September 2014 ===
* The OWASP Testing Guide v4 was released today. Our very own [https://www.owasp.org/index.php/User:Anant_Shrivastava Anant Shrivastava] from the Bangalore chapter has contributed a chapter on Fingerprinting Web Servers. Please follow the [https://www.owasp.org/index.php/Fingerprint_Web_Server_(OTG-INFO-002) link] to read the specific section.

=== 13th September 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 28th August 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.
* Riyaz Walikar updated his profile.

=== 11th July 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 6th Jun 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 5th Jun 2014 ===
* Very excited to have [mailto:riyaz.walikar@owasp.org Riyaz Walikar] joining us the third OWASP Bangalore Chapter Lead

=== Older News ===
* null/OWASP combined meet up on 24th May 2014
* We have a new twitter account [https://twitter.com/owaspbangalore @owaspbangalore]

= '''Next Meeting''' =

== OWASP Bangalore meet - 26th Sep 2015 09:30 AM - 02:00 PM ==

'''Add to Google Calendar'''
[https://www.google.com/calendar/hosted/owasp.org/event?action=TEMPLATE&tmeid=ZGw5bGNpbmZscTBiN3Vvc2c3bzVkamQxdjQgaGw2Y2pnczZlcDFoN29uaXFndWV1MmJoYm9AZw&tmsrc=hl6cjgs6ep1h7oniqgueu2bhbo%40group.calendar.google.com Google Calendar Link]

=== '''Sessions''' ===
*Owasp Mobile Top 10 - M10 : Lack of binary Protection by Shivang Desai
*Demystifying Web Application Firewall by Sarwar Jahan M
*Django - Bypassing CSRF Protection by Deepam Kanjani
*RFID hacking by Jayesh
*Network security with Artificial Intelligence by Shiva

=== '''Venue''' ===
Citrix 
No. 33, Prestige Dynasty Ulsoor Road, Sivanchetti Gardens 
Yellappa Chetty Layout, Sivanchetti Gardens 
Bengaluru, Karnataka 560042 
Maps: https://goo.gl/bm3fJT

=== '''Instructions''' ===
1. Please bring a Government issued ID card (Pan, Driving license, etc) for entry into the compound. 
2. If required, laptops have to be declared with serial numbers at the building security. 

= '''Previous Meeting Venue and Dates''' =

{| class="wikitable"
|-
! No
! Date
! Venue
! Time
|-
| 47
| 25th July 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 46
| 20th June 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 45
| 6th June 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 44
| 30th May 2015
| Microsoft Technology Center (http://goo.gl/69VZrL)
| 09:30 AM
|-
|-
| 43
| 16th May 2015
| Philips Innovation Campus (https://goo.gl/fAVWl9)
| 09:30 AM
|-
|-
| 42
| 25th April 2015
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 41
| 21st March 2015
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 40
| 21st February 2015
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 39
| 17th January 2015
| Sapient Consulting (http://goo.gl/hZmwyV)
| 09:30 AM
|-
|-
| 38
| 13th December 2014
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:00 AM
|-
|-
| 37
| 29th November 2014
| Triad Square Infosec (https://bit.ly/owaspmeet-xwh2014)
| 10:00 AM
|-
|-
| 36
| 22nd November 2014
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 35
| 15th November 2014
| PayPal Office (http://goo.gl/quBKaG)
| 10:00 AM
|-
|-
| 34
| 18th October 2014
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 33
| 20th September 2014
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 32
| 30th August 2014
| EMC Corporation (http://goo.gl/19Ueet)
| 09:30 AM
|-
|-
| 31
| 19th July 2014
| ThoughtWorks Office (http://goo.gl/bokSL)
| 09:30 AM
|-
|-
| 30
| 14th June 2014
| ThoughtWorks Office (http://goo.gl/bokSL)
| 09:30 AM
|-
|-
| 29
| 24th May 2014
| ThoughtWorks Office (http://goo.gl/bokSL)
| 10:00 AM
|-
|-
| 28
| 8th February 2014
| Paypal Office
| 10:00 AM
|-
| 27
| 18th January 2014
| ThoughtWorks Office (http://goo.gl/bokSL)
| 9:30 AM
|-
|-
| 26
| 14th December 2013
| ThoughtWorks Office (http://goo.gl/bokSL)
| 9:30 AM
|-
| 25
| 1st November 2012
| KPMG Office
| 7 PM
|-

|-
| 24
| 16th May 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 23
| 19th May 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 22
| 21th April 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 21
| 10th March 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 20
| 04th February 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 19
| 07th January 2012
| Kieon
| 10 AM
|-

|-
| 18
| 3rd October 2009
| Praxeva India
| 10 AM
|-
| 17
| 19th September 2009
| Praxeva India
| 10 AM
|-
| 16
| 5th September 2009
| Praxeva India
| 10 AM
|-
| 15
| 12 July 2009
| Cubbon Park
| 10.30 AM
|-
| 14
| 07 June 2009
| ICH, Church Street
| 09.00 AM
|-
| 13
| 11 April 2009
| ThoughtWorks Bangalore, ([http://www.devcamp.in/wiki/Main_Page DevCamp2])
| 10.00 AM
|-
| 12
| 07 March 2009
| Yahoo, Embassy Golf Links Business Park
| 11.00 AM
|-
| 11
| 02 February 2009
| India Coffee House, MG Road
| 9.00 AM
|-
| 10
| 11 January 2009
| India Coffee House, MG Road
| 9.00 AM
|-
| 9
| 14 December 2008
| India Coffee House, MG Road
| 9.00 AM
|-
| 8
| 16 November 2008
| India Coffee House, MG Road
| 9.00 AM
|-
| 7
| 13 September 2008
| IIM Bangalore (Part of BarCamp Bangalore-7)
| 
|-
| 6
| 09 August 2008
| Microland Office
| 3.00 PM
|-
| 5
| 12 July 2008
| RSA Office (Part of Secure Camp)
| 9.30 AM
|-
| 4
| 29 June 2008
| India Coffee House, MG Road
| 9.30AM
|-
| 3
| 28 June 2007
| (Part of Barcamp Bangalore-4)
| 
|-
| 2
| 2006
| 
| 
|-
| 1
| 2006
| 
| 
|}

= '''Meeting Summaries''' =
[[Bangalore/Archives|Summaries from Past Meetings]]

= '''Chapter Leaders'''=
== Current Chapter Leaders ==

=== KV Prashanth (2012 - Present) ===
=== Akash Mahajan (2012 - Present) ===

I am ''The Web Application Security Guy''. Apart from running a company offering application security consulting, I spend majority of my time doing volunteer work for OWASP as the Bangalore chapter leader and null - The Open Security Community as a Community Manager. I tweet about security quite regularly on twitter account [https://twitter.com/makash @makash]. Feel free to get in touch.

Twitter: [https://twitter.com/makash @makash]

=== Riyaz Walikar (2014 - Present) ===

For food and shelter, I work as a pentester/web security tester+evangelist at a Big4. I have been active in the security community for the better part of the last 7 years by working closely with the Bangalore OWASP chapter and null - The Open Security community.

My technical interests lie with programming, bug bounty, malware analysis, breaking web applications, playing CTFs, researching devices that fall under the Internet of Things category and penetration testing networks exposed to the Internet. When not writing/breaking code, you can find me sleeping, playing football, reading or fishing.

Blog: http://www.riyazwalikar.com

Twitter: [https://www.twitter.com/riyazwalikar @riyazwalikar]

== Current Chapter volunteers ==

=== Abhinav Sejpal (2015 - Present) ===

Fell in love with the power of software at age 17, and he is still in love. He is a security researcher working at Accenture Digital. He has reported security vulnerabilities 50+ Unique product giants all over the world including Apple, Adobe , Twitter, Linkedin, Yahoo , Pinterest, VK etc. He enjoys finding and exploiting software vulnerabilities via reverse engineering, source code auditing, fuzzing. He researches primarily focused Android , iOS Mobile App and open source project like ASVS, OWASP Mobile Top 10, Mobile Security Framework etc.

Speaker @ OWASP, Null , Weekend Testing Bangalore Chapter

Blog: http://bugwrangler.in

Twitter: [https://www.twitter.com/Abhinav_Sejpal @Abhinav_Sejpal]

Github: [https://github.com/bugwrangler bugwrangler]

=== Satish Govindappa (2015 - Present) ===

14+ years of significant, progressive expertise in security architecture practices, secure coding practices, secure code review, web application pen-testing,security testing tools and secure software development training.
Build and facilitate company-wide security architecture practice and secure software development programs

== Previous Chapter Leaders ==

=== Harinath (2002 - 2012) ===

<headertabs />

[[Category:India]]

Bangalore

2015-09-19T15:16:46Z

Abhinav: /* Next Meeting */

__NOTOC__

[[File:Owasp-bangalore-logo.png|OWASP Bangalore Chapter]]
{{Chapter Template|chaptername=Bangalore|extra=The chapter leaders are [mailto:kvprashant@owasp.org Prashant Kv], [mailto:riyaz.walikar@owasp.org Riyaz Walikar] and [[User:Makash | Akash Mahajan]] [mailto:akash.mahajan@owasp.org (akash.mahajan AT OWASP DOT org)] |mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-bangalore|emailarchives=http://lists.owasp.org/pipermail/owasp-bangalore}}

= '''Stay Updated''' =
=== Join our low traffic mailing list for event information ===
[[File:Mail-50%25smaller.jpeg]]
[https://lists.owasp.org/mailman/listinfo/owasp-bangalore Subscribe to OWASP Bangalore Mailing list]

=== Follow @owaspbangalore for event updates on Twitter ===
[[File:Twitter-bird-cropped-onwhite-40%25smaller.png]]
'''[https://twitter.com/owaspbangalore OWASP Bangalore Twitter Account]'''

=== Short Links for sharing and easy to remember ===
* Wiki Page - '''[https://bit.ly/owaspblr https://bit.ly/owaspblr]'''
* Next OWASP Bangalore Meet '''[https://bit.ly/owaspblr-meet https://bit.ly/owaspblr-meet]'''
* OWASP Bangalore Mailing List '''[https://bit.ly/owaspblr-mailinglist http://bit.ly/owaspblr-mailinglist]'''
* OWASP Global Google Calendar '''[https://bit.ly/owaspblr-googlecal http://bit.ly/owaspblr-googlecal]'''

= '''Chapter News''' =

=== 15th Aug 2015 ===
* Venue and links updated. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 14th July 2015 ===
* Venue and links updated. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 2nd July 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 12th June 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 02nd June 2015 ===
* Details of the next OWASP Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 25th May 2015 ===
* Details of the next OWASP Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 20th May 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 24th March 2015 ===
* Details of the next OWASP Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 12th March 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 01st February 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 02nd January 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 5th December 2014 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 29th November 2014 ===
* We have added @abhinav_sejpal to tweet from @owaspbangalore. Looking forward to a more vibrant twitter account!

=== 26th November 2014 ===
* Many thanks to [https://twitter.com/shruthi76 @shruthi76] for creating a logo for OWASP Bangalore

=== 17th November 2014 ===
* Details of the OWASP Banglore Workshop on XWH2014 by Riyaz Walikar have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 16th November 2014 ===
* Details of the next Combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 4th November 2014 ===
* Our special meeting details have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link]

=== 14th October 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 17th September 2014 ===
* The OWASP Testing Guide v4 was released today. Our very own [https://www.owasp.org/index.php/User:Anant_Shrivastava Anant Shrivastava] from the Bangalore chapter has contributed a chapter on Fingerprinting Web Servers. Please follow the [https://www.owasp.org/index.php/Fingerprint_Web_Server_(OTG-INFO-002) link] to read the specific section.

=== 13th September 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 28th August 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.
* Riyaz Walikar updated his profile.

=== 11th July 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 6th Jun 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 5th Jun 2014 ===
* Very excited to have [mailto:riyaz.walikar@owasp.org Riyaz Walikar] joining us the third OWASP Bangalore Chapter Lead

=== Older News ===
* null/OWASP combined meet up on 24th May 2014
* We have a new twitter account [https://twitter.com/owaspbangalore @owaspbangalore]

= '''Next Meeting''' =

== OWASP Bangalore meet - 26th Sep 2015 09:30 AM - 02:00 PM ==

'''Add to Google Calendar'''
[https://www.google.com/calendar/hosted/owasp.org/event?action=TEMPLATE&tmeid=ZGw5bGNpbmZscTBiN3Vvc2c3bzVkamQxdjQgaGw2Y2pnczZlcDFoN29uaXFndWV1MmJoYm9AZw&tmsrc=hl6cjgs6ep1h7oniqgueu2bhbo%40group.calendar.google.com Google Calendar Link]

=== '''Sessions''' ===
*Owasp Mobile Top 10 - M10 : Lack of binary Protection by Shivang Desai
*Demystifying Web Application Firewall by Sarwar Jahan M
*Django - Bypassing CSRF Protection by Deepam Kanjani
*RFID hacking by Jayesh
*Network security with Artificial Intelligence by Shiva

=== '''Venue''' ===
Citrix 
No. 33, Prestige Dynasty Ulsoor Road, Sivanchetti Gardens 
Yellappa Chetty Layout, Sivanchetti Gardens 
Bengaluru, Karnataka 560042 
Maps: https://maps.google.com/?cid=12920202068831693947&hl=en&gl=us&ie=UTF8&hq=&hnear=&ll=12.935178,77.694553&spn=0.006295,0.006295&t=m&iwloc=A&source=embed

=== '''Instructions''' ===
1. Please bring a Government issued ID card (Pan, Driving license, etc) for entry into the compound. 
2. If required, laptops have to be declared with serial numbers at the building security. 

= '''Previous Meeting Venue and Dates''' =

{| class="wikitable"
|-
! No
! Date
! Venue
! Time
|-
| 47
| 25th July 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 46
| 20th June 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 45
| 6th June 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 44
| 30th May 2015
| Microsoft Technology Center (http://goo.gl/69VZrL)
| 09:30 AM
|-
|-
| 43
| 16th May 2015
| Philips Innovation Campus (https://goo.gl/fAVWl9)
| 09:30 AM
|-
|-
| 42
| 25th April 2015
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 41
| 21st March 2015
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 40
| 21st February 2015
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 39
| 17th January 2015
| Sapient Consulting (http://goo.gl/hZmwyV)
| 09:30 AM
|-
|-
| 38
| 13th December 2014
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:00 AM
|-
|-
| 37
| 29th November 2014
| Triad Square Infosec (https://bit.ly/owaspmeet-xwh2014)
| 10:00 AM
|-
|-
| 36
| 22nd November 2014
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 35
| 15th November 2014
| PayPal Office (http://goo.gl/quBKaG)
| 10:00 AM
|-
|-
| 34
| 18th October 2014
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 33
| 20th September 2014
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 32
| 30th August 2014
| EMC Corporation (http://goo.gl/19Ueet)
| 09:30 AM
|-
|-
| 31
| 19th July 2014
| ThoughtWorks Office (http://goo.gl/bokSL)
| 09:30 AM
|-
|-
| 30
| 14th June 2014
| ThoughtWorks Office (http://goo.gl/bokSL)
| 09:30 AM
|-
|-
| 29
| 24th May 2014
| ThoughtWorks Office (http://goo.gl/bokSL)
| 10:00 AM
|-
|-
| 28
| 8th February 2014
| Paypal Office
| 10:00 AM
|-
| 27
| 18th January 2014
| ThoughtWorks Office (http://goo.gl/bokSL)
| 9:30 AM
|-
|-
| 26
| 14th December 2013
| ThoughtWorks Office (http://goo.gl/bokSL)
| 9:30 AM
|-
| 25
| 1st November 2012
| KPMG Office
| 7 PM
|-

|-
| 24
| 16th May 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 23
| 19th May 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 22
| 21th April 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 21
| 10th March 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 20
| 04th February 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 19
| 07th January 2012
| Kieon
| 10 AM
|-

|-
| 18
| 3rd October 2009
| Praxeva India
| 10 AM
|-
| 17
| 19th September 2009
| Praxeva India
| 10 AM
|-
| 16
| 5th September 2009
| Praxeva India
| 10 AM
|-
| 15
| 12 July 2009
| Cubbon Park
| 10.30 AM
|-
| 14
| 07 June 2009
| ICH, Church Street
| 09.00 AM
|-
| 13
| 11 April 2009
| ThoughtWorks Bangalore, ([http://www.devcamp.in/wiki/Main_Page DevCamp2])
| 10.00 AM
|-
| 12
| 07 March 2009
| Yahoo, Embassy Golf Links Business Park
| 11.00 AM
|-
| 11
| 02 February 2009
| India Coffee House, MG Road
| 9.00 AM
|-
| 10
| 11 January 2009
| India Coffee House, MG Road
| 9.00 AM
|-
| 9
| 14 December 2008
| India Coffee House, MG Road
| 9.00 AM
|-
| 8
| 16 November 2008
| India Coffee House, MG Road
| 9.00 AM
|-
| 7
| 13 September 2008
| IIM Bangalore (Part of BarCamp Bangalore-7)
| 
|-
| 6
| 09 August 2008
| Microland Office
| 3.00 PM
|-
| 5
| 12 July 2008
| RSA Office (Part of Secure Camp)
| 9.30 AM
|-
| 4
| 29 June 2008
| India Coffee House, MG Road
| 9.30AM
|-
| 3
| 28 June 2007
| (Part of Barcamp Bangalore-4)
| 
|-
| 2
| 2006
| 
| 
|-
| 1
| 2006
| 
| 
|}

= '''Meeting Summaries''' =
[[Bangalore/Archives|Summaries from Past Meetings]]

= '''Chapter Leaders'''=
== Current Chapter Leaders ==

=== KV Prashanth (2012 - Present) ===
=== Akash Mahajan (2012 - Present) ===

I am ''The Web Application Security Guy''. Apart from running a company offering application security consulting, I spend majority of my time doing volunteer work for OWASP as the Bangalore chapter leader and null - The Open Security Community as a Community Manager. I tweet about security quite regularly on twitter account [https://twitter.com/makash @makash]. Feel free to get in touch.

Twitter: [https://twitter.com/makash @makash]

=== Riyaz Walikar (2014 - Present) ===

For food and shelter, I work as a pentester/web security tester+evangelist at a Big4. I have been active in the security community for the better part of the last 7 years by working closely with the Bangalore OWASP chapter and null - The Open Security community.

My technical interests lie with programming, bug bounty, malware analysis, breaking web applications, playing CTFs, researching devices that fall under the Internet of Things category and penetration testing networks exposed to the Internet. When not writing/breaking code, you can find me sleeping, playing football, reading or fishing.

Blog: http://www.riyazwalikar.com

Twitter: [https://www.twitter.com/riyazwalikar @riyazwalikar]

== Current Chapter volunteers ==

=== Abhinav Sejpal (2015 - Present) ===

Fell in love with the power of software at age 17, and he is still in love. He is a security researcher working at Accenture Digital. He has reported security vulnerabilities 50+ Unique product giants all over the world including Apple, Adobe , Twitter, Linkedin, Yahoo , Pinterest, VK etc. He enjoys finding and exploiting software vulnerabilities via reverse engineering, source code auditing, fuzzing. He researches primarily focused Android , iOS Mobile App and open source project like ASVS, OWASP Mobile Top 10, Mobile Security Framework etc.

Speaker @ OWASP, Null , Weekend Testing Bangalore Chapter

Blog: http://bugwrangler.in

Twitter: [https://www.twitter.com/Abhinav_Sejpal @Abhinav_Sejpal]

Github: [https://github.com/bugwrangler bugwrangler]

=== Satish Govindappa (2015 - Present) ===

14+ years of significant, progressive expertise in security architecture practices, secure coding practices, secure code review, web application pen-testing,security testing tools and secure software development training.
Build and facilitate company-wide security architecture practice and secure software development programs

== Previous Chapter Leaders ==

=== Harinath (2002 - 2012) ===

<headertabs />

[[Category:India]]

Bangalore

2015-09-19T15:15:53Z

Abhinav: /* Next Meeting */

__NOTOC__

[[File:Owasp-bangalore-logo.png|OWASP Bangalore Chapter]]
{{Chapter Template|chaptername=Bangalore|extra=The chapter leaders are [mailto:kvprashant@owasp.org Prashant Kv], [mailto:riyaz.walikar@owasp.org Riyaz Walikar] and [[User:Makash | Akash Mahajan]] [mailto:akash.mahajan@owasp.org (akash.mahajan AT OWASP DOT org)] |mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-bangalore|emailarchives=http://lists.owasp.org/pipermail/owasp-bangalore}}

= '''Stay Updated''' =
=== Join our low traffic mailing list for event information ===
[[File:Mail-50%25smaller.jpeg]]
[https://lists.owasp.org/mailman/listinfo/owasp-bangalore Subscribe to OWASP Bangalore Mailing list]

=== Follow @owaspbangalore for event updates on Twitter ===
[[File:Twitter-bird-cropped-onwhite-40%25smaller.png]]
'''[https://twitter.com/owaspbangalore OWASP Bangalore Twitter Account]'''

=== Short Links for sharing and easy to remember ===
* Wiki Page - '''[https://bit.ly/owaspblr https://bit.ly/owaspblr]'''
* Next OWASP Bangalore Meet '''[https://bit.ly/owaspblr-meet https://bit.ly/owaspblr-meet]'''
* OWASP Bangalore Mailing List '''[https://bit.ly/owaspblr-mailinglist http://bit.ly/owaspblr-mailinglist]'''
* OWASP Global Google Calendar '''[https://bit.ly/owaspblr-googlecal http://bit.ly/owaspblr-googlecal]'''

= '''Chapter News''' =

=== 15th Aug 2015 ===
* Venue and links updated. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 14th July 2015 ===
* Venue and links updated. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 2nd July 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 12th June 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 02nd June 2015 ===
* Details of the next OWASP Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 25th May 2015 ===
* Details of the next OWASP Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 20th May 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 24th March 2015 ===
* Details of the next OWASP Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 12th March 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 01st February 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 02nd January 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 5th December 2014 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 29th November 2014 ===
* We have added @abhinav_sejpal to tweet from @owaspbangalore. Looking forward to a more vibrant twitter account!

=== 26th November 2014 ===
* Many thanks to [https://twitter.com/shruthi76 @shruthi76] for creating a logo for OWASP Bangalore

=== 17th November 2014 ===
* Details of the OWASP Banglore Workshop on XWH2014 by Riyaz Walikar have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 16th November 2014 ===
* Details of the next Combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 4th November 2014 ===
* Our special meeting details have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link]

=== 14th October 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 17th September 2014 ===
* The OWASP Testing Guide v4 was released today. Our very own [https://www.owasp.org/index.php/User:Anant_Shrivastava Anant Shrivastava] from the Bangalore chapter has contributed a chapter on Fingerprinting Web Servers. Please follow the [https://www.owasp.org/index.php/Fingerprint_Web_Server_(OTG-INFO-002) link] to read the specific section.

=== 13th September 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 28th August 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.
* Riyaz Walikar updated his profile.

=== 11th July 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 6th Jun 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 5th Jun 2014 ===
* Very excited to have [mailto:riyaz.walikar@owasp.org Riyaz Walikar] joining us the third OWASP Bangalore Chapter Lead

=== Older News ===
* null/OWASP combined meet up on 24th May 2014
* We have a new twitter account [https://twitter.com/owaspbangalore @owaspbangalore]

= '''Next Meeting''' =

== OWASP Bangalore meet - 26th Sep 2015 09:30 AM - 02:00 PM ==

'''Add to Google Calendar'''
[https://www.google.com/calendar/hosted/owasp.org/event?action=TEMPLATE&tmeid=ZGw5bGNpbmZscTBiN3Vvc2c3bzVkamQxdjQgaGw2Y2pnczZlcDFoN29uaXFndWV1MmJoYm9AZw&tmsrc=hl6cjgs6ep1h7oniqgueu2bhbo%40group.calendar.google.com Google Calendar Link]

=== '''Sessions''' ===
*Owasp Mobile Top 10 - M10 : Lack of binary Protection by Shivang Desai
*Demystifying Web Application Firewall by Sarwar Jahan M
*Django - Bypassing CSRF Protection by Deepam Kanjani
*RFID hacking by Jayesh
*Network security with Artificial Intelligence by Shiva

=== '''Venue''' ===
Citrix 
No. 33, Prestige Dynasty Ulsoor Road, Sivanchetti Gardens 
Yellappa Chetty Layout, Sivanchetti Gardens 
Bengaluru, Karnataka 560042 
Maps: https://goo.gl/VaaEwb

=== '''Instructions''' ===
1. Please bring a Government issued ID card (Pan, Driving license, etc) for entry into the compound. 
2. If required, laptops have to be declared with serial numbers at the building security. 

= '''Previous Meeting Venue and Dates''' =

{| class="wikitable"
|-
! No
! Date
! Venue
! Time
|-
| 47
| 25th July 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 46
| 20th June 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 45
| 6th June 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 44
| 30th May 2015
| Microsoft Technology Center (http://goo.gl/69VZrL)
| 09:30 AM
|-
|-
| 43
| 16th May 2015
| Philips Innovation Campus (https://goo.gl/fAVWl9)
| 09:30 AM
|-
|-
| 42
| 25th April 2015
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 41
| 21st March 2015
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 40
| 21st February 2015
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 39
| 17th January 2015
| Sapient Consulting (http://goo.gl/hZmwyV)
| 09:30 AM
|-
|-
| 38
| 13th December 2014
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:00 AM
|-
|-
| 37
| 29th November 2014
| Triad Square Infosec (https://bit.ly/owaspmeet-xwh2014)
| 10:00 AM
|-
|-
| 36
| 22nd November 2014
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 35
| 15th November 2014
| PayPal Office (http://goo.gl/quBKaG)
| 10:00 AM
|-
|-
| 34
| 18th October 2014
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 33
| 20th September 2014
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 32
| 30th August 2014
| EMC Corporation (http://goo.gl/19Ueet)
| 09:30 AM
|-
|-
| 31
| 19th July 2014
| ThoughtWorks Office (http://goo.gl/bokSL)
| 09:30 AM
|-
|-
| 30
| 14th June 2014
| ThoughtWorks Office (http://goo.gl/bokSL)
| 09:30 AM
|-
|-
| 29
| 24th May 2014
| ThoughtWorks Office (http://goo.gl/bokSL)
| 10:00 AM
|-
|-
| 28
| 8th February 2014
| Paypal Office
| 10:00 AM
|-
| 27
| 18th January 2014
| ThoughtWorks Office (http://goo.gl/bokSL)
| 9:30 AM
|-
|-
| 26
| 14th December 2013
| ThoughtWorks Office (http://goo.gl/bokSL)
| 9:30 AM
|-
| 25
| 1st November 2012
| KPMG Office
| 7 PM
|-

|-
| 24
| 16th May 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 23
| 19th May 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 22
| 21th April 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 21
| 10th March 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 20
| 04th February 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 19
| 07th January 2012
| Kieon
| 10 AM
|-

|-
| 18
| 3rd October 2009
| Praxeva India
| 10 AM
|-
| 17
| 19th September 2009
| Praxeva India
| 10 AM
|-
| 16
| 5th September 2009
| Praxeva India
| 10 AM
|-
| 15
| 12 July 2009
| Cubbon Park
| 10.30 AM
|-
| 14
| 07 June 2009
| ICH, Church Street
| 09.00 AM
|-
| 13
| 11 April 2009
| ThoughtWorks Bangalore, ([http://www.devcamp.in/wiki/Main_Page DevCamp2])
| 10.00 AM
|-
| 12
| 07 March 2009
| Yahoo, Embassy Golf Links Business Park
| 11.00 AM
|-
| 11
| 02 February 2009
| India Coffee House, MG Road
| 9.00 AM
|-
| 10
| 11 January 2009
| India Coffee House, MG Road
| 9.00 AM
|-
| 9
| 14 December 2008
| India Coffee House, MG Road
| 9.00 AM
|-
| 8
| 16 November 2008
| India Coffee House, MG Road
| 9.00 AM
|-
| 7
| 13 September 2008
| IIM Bangalore (Part of BarCamp Bangalore-7)
| 
|-
| 6
| 09 August 2008
| Microland Office
| 3.00 PM
|-
| 5
| 12 July 2008
| RSA Office (Part of Secure Camp)
| 9.30 AM
|-
| 4
| 29 June 2008
| India Coffee House, MG Road
| 9.30AM
|-
| 3
| 28 June 2007
| (Part of Barcamp Bangalore-4)
| 
|-
| 2
| 2006
| 
| 
|-
| 1
| 2006
| 
| 
|}

= '''Meeting Summaries''' =
[[Bangalore/Archives|Summaries from Past Meetings]]

= '''Chapter Leaders'''=
== Current Chapter Leaders ==

=== KV Prashanth (2012 - Present) ===
=== Akash Mahajan (2012 - Present) ===

I am ''The Web Application Security Guy''. Apart from running a company offering application security consulting, I spend majority of my time doing volunteer work for OWASP as the Bangalore chapter leader and null - The Open Security Community as a Community Manager. I tweet about security quite regularly on twitter account [https://twitter.com/makash @makash]. Feel free to get in touch.

Twitter: [https://twitter.com/makash @makash]

=== Riyaz Walikar (2014 - Present) ===

For food and shelter, I work as a pentester/web security tester+evangelist at a Big4. I have been active in the security community for the better part of the last 7 years by working closely with the Bangalore OWASP chapter and null - The Open Security community.

My technical interests lie with programming, bug bounty, malware analysis, breaking web applications, playing CTFs, researching devices that fall under the Internet of Things category and penetration testing networks exposed to the Internet. When not writing/breaking code, you can find me sleeping, playing football, reading or fishing.

Blog: http://www.riyazwalikar.com

Twitter: [https://www.twitter.com/riyazwalikar @riyazwalikar]

== Current Chapter volunteers ==

=== Abhinav Sejpal (2015 - Present) ===

Fell in love with the power of software at age 17, and he is still in love. He is a security researcher working at Accenture Digital. He has reported security vulnerabilities 50+ Unique product giants all over the world including Apple, Adobe , Twitter, Linkedin, Yahoo , Pinterest, VK etc. He enjoys finding and exploiting software vulnerabilities via reverse engineering, source code auditing, fuzzing. He researches primarily focused Android , iOS Mobile App and open source project like ASVS, OWASP Mobile Top 10, Mobile Security Framework etc.

Speaker @ OWASP, Null , Weekend Testing Bangalore Chapter

Blog: http://bugwrangler.in

Twitter: [https://www.twitter.com/Abhinav_Sejpal @Abhinav_Sejpal]

Github: [https://github.com/bugwrangler bugwrangler]

=== Satish Govindappa (2015 - Present) ===

14+ years of significant, progressive expertise in security architecture practices, secure coding practices, secure code review, web application pen-testing,security testing tools and secure software development training.
Build and facilitate company-wide security architecture practice and secure software development programs

== Previous Chapter Leaders ==

=== Harinath (2002 - 2012) ===

<headertabs />

[[Category:India]]

Bangalore

2015-08-15T17:38:54Z

Abhinav: /* Chapter News */

__NOTOC__

[[File:Owasp-bangalore-logo.png|OWASP Bangalore Chapter]]
{{Chapter Template|chaptername=Bangalore|extra=The chapter leaders are [mailto:kvprashant@owasp.org Prashant Kv], [mailto:riyaz.walikar@owasp.org Riyaz Walikar] and [[User:Makash | Akash Mahajan]] [mailto:akash.mahajan@owasp.org (akash.mahajan AT OWASP DOT org)] |mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-bangalore|emailarchives=http://lists.owasp.org/pipermail/owasp-bangalore}}

= '''Stay Updated''' =
=== Join our low traffic mailing list for event information ===
[[File:Mail-50%25smaller.jpeg]]
[https://lists.owasp.org/mailman/listinfo/owasp-bangalore Subscribe to OWASP Bangalore Mailing list]

=== Follow @owaspbangalore for event updates on Twitter ===
[[File:Twitter-bird-cropped-onwhite-40%25smaller.png]]
'''[https://twitter.com/owaspbangalore OWASP Bangalore Twitter Account]'''

=== Short Links for sharing and easy to remember ===
* Wiki Page - '''[https://bit.ly/owaspblr https://bit.ly/owaspblr]'''
* Next OWASP Bangalore Meet '''[https://bit.ly/owaspblr-meet https://bit.ly/owaspblr-meet]'''
* OWASP Bangalore Mailing List '''[https://bit.ly/owaspblr-mailinglist http://bit.ly/owaspblr-mailinglist]'''
* OWASP Global Google Calendar '''[https://bit.ly/owaspblr-googlecal http://bit.ly/owaspblr-googlecal]'''

= '''Chapter News''' =

=== 15th Aug 2015 ===
* Venue and links updated. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 14th July 2015 ===
* Venue and links updated. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 2nd July 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 12th June 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 02nd June 2015 ===
* Details of the next OWASP Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 25th May 2015 ===
* Details of the next OWASP Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 20th May 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 24th March 2015 ===
* Details of the next OWASP Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 12th March 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 01st February 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 02nd January 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 5th December 2014 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 29th November 2014 ===
* We have added @abhinav_sejpal to tweet from @owaspbangalore. Looking forward to a more vibrant twitter account!

=== 26th November 2014 ===
* Many thanks to [https://twitter.com/shruthi76 @shruthi76] for creating a logo for OWASP Bangalore

=== 17th November 2014 ===
* Details of the OWASP Banglore Workshop on XWH2014 by Riyaz Walikar have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 16th November 2014 ===
* Details of the next Combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 4th November 2014 ===
* Our special meeting details have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link]

=== 14th October 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 17th September 2014 ===
* The OWASP Testing Guide v4 was released today. Our very own [https://www.owasp.org/index.php/User:Anant_Shrivastava Anant Shrivastava] from the Bangalore chapter has contributed a chapter on Fingerprinting Web Servers. Please follow the [https://www.owasp.org/index.php/Fingerprint_Web_Server_(OTG-INFO-002) link] to read the specific section.

=== 13th September 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 28th August 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.
* Riyaz Walikar updated his profile.

=== 11th July 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 6th Jun 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 5th Jun 2014 ===
* Very excited to have [mailto:riyaz.walikar@owasp.org Riyaz Walikar] joining us the third OWASP Bangalore Chapter Lead

=== Older News ===
* null/OWASP combined meet up on 24th May 2014
* We have a new twitter account [https://twitter.com/owaspbangalore @owaspbangalore]

= '''Next Meeting''' =

== OWASP Bangalore meet - 29th Aug 2015 09:30 AM - 02:00 PM ==

'''Add to Google Calendar'''
[https://www.google.com/calendar/hosted/owasp.org/event?action=TEMPLATE&tmeid=ZGw5bGNpbmZscTBiN3Vvc2c3bzVkamQxdjQgaGw2Y2pnczZlcDFoN29uaXFndWV1MmJoYm9AZw&tmsrc=hl6cjgs6ep1h7oniqgueu2bhbo%40group.calendar.google.com Google Calendar Link]

=== '''Sessions''' ===
* Proposed sessions for this event:
* Owasp Mobile Top 10 - M9: Improper Session Handling by Apoorva
* Exploiting Version Control Systems by Anant Shrivastava
* Cross Origin Resource Sharing by Ishan
* Android rooting Internals by Anto joseph
* Kerberos Golden Ticket by Ashish

=== '''Venue''' ===
InMobi 
8th Floor, Cafeteria 
Delta Block 
Embassy Tech Square 
Marathahalli-Sarjapur Outer Ring Rd 
Bengaluru, Karnataka 560103, India
 
 
Maps: https://goo.gl/VaaEwb

=== '''Instructions''' ===
1. Please bring a Government issued ID card (Pan, Driving license, etc) for entry into the compound. 
2. If required, laptops have to be declared with serial numbers at the building security. 

= '''Previous Meeting Venue and Dates''' =

{| class="wikitable"
|-
! No
! Date
! Venue
! Time
|-
| 47
| 25th July 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 46
| 20th June 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 45
| 6th June 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 44
| 30th May 2015
| Microsoft Technology Center (http://goo.gl/69VZrL)
| 09:30 AM
|-
|-
| 43
| 16th May 2015
| Philips Innovation Campus (https://goo.gl/fAVWl9)
| 09:30 AM
|-
|-
| 42
| 25th April 2015
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 41
| 21st March 2015
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 40
| 21st February 2015
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 39
| 17th January 2015
| Sapient Consulting (http://goo.gl/hZmwyV)
| 09:30 AM
|-
|-
| 38
| 13th December 2014
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:00 AM
|-
|-
| 37
| 29th November 2014
| Triad Square Infosec (https://bit.ly/owaspmeet-xwh2014)
| 10:00 AM
|-
|-
| 36
| 22nd November 2014
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 35
| 15th November 2014
| PayPal Office (http://goo.gl/quBKaG)
| 10:00 AM
|-
|-
| 34
| 18th October 2014
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 33
| 20th September 2014
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 32
| 30th August 2014
| EMC Corporation (http://goo.gl/19Ueet)
| 09:30 AM
|-
|-
| 31
| 19th July 2014
| ThoughtWorks Office (http://goo.gl/bokSL)
| 09:30 AM
|-
|-
| 30
| 14th June 2014
| ThoughtWorks Office (http://goo.gl/bokSL)
| 09:30 AM
|-
|-
| 29
| 24th May 2014
| ThoughtWorks Office (http://goo.gl/bokSL)
| 10:00 AM
|-
|-
| 28
| 8th February 2014
| Paypal Office
| 10:00 AM
|-
| 27
| 18th January 2014
| ThoughtWorks Office (http://goo.gl/bokSL)
| 9:30 AM
|-
|-
| 26
| 14th December 2013
| ThoughtWorks Office (http://goo.gl/bokSL)
| 9:30 AM
|-
| 25
| 1st November 2012
| KPMG Office
| 7 PM
|-

|-
| 24
| 16th May 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 23
| 19th May 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 22
| 21th April 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 21
| 10th March 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 20
| 04th February 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 19
| 07th January 2012
| Kieon
| 10 AM
|-

|-
| 18
| 3rd October 2009
| Praxeva India
| 10 AM
|-
| 17
| 19th September 2009
| Praxeva India
| 10 AM
|-
| 16
| 5th September 2009
| Praxeva India
| 10 AM
|-
| 15
| 12 July 2009
| Cubbon Park
| 10.30 AM
|-
| 14
| 07 June 2009
| ICH, Church Street
| 09.00 AM
|-
| 13
| 11 April 2009
| ThoughtWorks Bangalore, ([http://www.devcamp.in/wiki/Main_Page DevCamp2])
| 10.00 AM
|-
| 12
| 07 March 2009
| Yahoo, Embassy Golf Links Business Park
| 11.00 AM
|-
| 11
| 02 February 2009
| India Coffee House, MG Road
| 9.00 AM
|-
| 10
| 11 January 2009
| India Coffee House, MG Road
| 9.00 AM
|-
| 9
| 14 December 2008
| India Coffee House, MG Road
| 9.00 AM
|-
| 8
| 16 November 2008
| India Coffee House, MG Road
| 9.00 AM
|-
| 7
| 13 September 2008
| IIM Bangalore (Part of BarCamp Bangalore-7)
| 
|-
| 6
| 09 August 2008
| Microland Office
| 3.00 PM
|-
| 5
| 12 July 2008
| RSA Office (Part of Secure Camp)
| 9.30 AM
|-
| 4
| 29 June 2008
| India Coffee House, MG Road
| 9.30AM
|-
| 3
| 28 June 2007
| (Part of Barcamp Bangalore-4)
| 
|-
| 2
| 2006
| 
| 
|-
| 1
| 2006
| 
| 
|}

= '''Meeting Summaries''' =
[[Bangalore/Archives|Summaries from Past Meetings]]

= '''Chapter Leaders'''=
== Current Chapter Leaders ==

=== KV Prashanth (2012 - Present) ===
=== Akash Mahajan (2012 - Present) ===

I am ''The Web Application Security Guy''. Apart from running a company offering application security consulting, I spend majority of my time doing volunteer work for OWASP as the Bangalore chapter leader and null - The Open Security Community as a Community Manager. I tweet about security quite regularly on twitter account [https://twitter.com/makash @makash]. Feel free to get in touch.

Twitter: [https://twitter.com/makash @makash]

=== Riyaz Walikar (2014 - Present) ===

For food and shelter, I work as a pentester/web security tester+evangelist at a Big4. I have been active in the security community for the better part of the last 7 years by working closely with the Bangalore OWASP chapter and null - The Open Security community.

My technical interests lie with programming, bug bounty, malware analysis, breaking web applications, playing CTFs, researching devices that fall under the Internet of Things category and penetration testing networks exposed to the Internet. When not writing/breaking code, you can find me sleeping, playing football, reading or fishing.

Blog: http://www.riyazwalikar.com

Twitter: [https://www.twitter.com/riyazwalikar @riyazwalikar]

== Current Chapter volunteers ==

=== Abhinav Sejpal (2015 - Present) ===

Fell in love with the power of software at age 17, and he is still in love. He is a security researcher working at Accenture Digital. He has reported security vulnerabilities 50+ Unique product giants all over the world including Apple, Adobe , Twitter, Linkedin, Yahoo , Pinterest, VK etc. He enjoys finding and exploiting software vulnerabilities via reverse engineering, source code auditing, fuzzing. He researches primarily focused Android , iOS Mobile App and open source project like ASVS, OWASP Mobile Top 10, Mobile Security Framework etc.

Speaker @ OWASP, Null , Weekend Testing Bangalore Chapter

Blog: http://bugwrangler.in

Twitter: [https://www.twitter.com/Abhinav_Sejpal @Abhinav_Sejpal]

Github: [https://github.com/bugwrangler bugwrangler]

=== Satish Govindappa (2015 - Present) ===

14+ years of significant, progressive expertise in security architecture practices, secure coding practices, secure code review, web application pen-testing,security testing tools and secure software development training.
Build and facilitate company-wide security architecture practice and secure software development programs

== Previous Chapter Leaders ==

=== Harinath (2002 - 2012) ===

<headertabs />

[[Category:India]]

Bangalore

2015-08-15T17:37:58Z

Abhinav: /* Next Meeting */

__NOTOC__

[[File:Owasp-bangalore-logo.png|OWASP Bangalore Chapter]]
{{Chapter Template|chaptername=Bangalore|extra=The chapter leaders are [mailto:kvprashant@owasp.org Prashant Kv], [mailto:riyaz.walikar@owasp.org Riyaz Walikar] and [[User:Makash | Akash Mahajan]] [mailto:akash.mahajan@owasp.org (akash.mahajan AT OWASP DOT org)] |mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-bangalore|emailarchives=http://lists.owasp.org/pipermail/owasp-bangalore}}

= '''Stay Updated''' =
=== Join our low traffic mailing list for event information ===
[[File:Mail-50%25smaller.jpeg]]
[https://lists.owasp.org/mailman/listinfo/owasp-bangalore Subscribe to OWASP Bangalore Mailing list]

=== Follow @owaspbangalore for event updates on Twitter ===
[[File:Twitter-bird-cropped-onwhite-40%25smaller.png]]
'''[https://twitter.com/owaspbangalore OWASP Bangalore Twitter Account]'''

=== Short Links for sharing and easy to remember ===
* Wiki Page - '''[https://bit.ly/owaspblr https://bit.ly/owaspblr]'''
* Next OWASP Bangalore Meet '''[https://bit.ly/owaspblr-meet https://bit.ly/owaspblr-meet]'''
* OWASP Bangalore Mailing List '''[https://bit.ly/owaspblr-mailinglist http://bit.ly/owaspblr-mailinglist]'''
* OWASP Global Google Calendar '''[https://bit.ly/owaspblr-googlecal http://bit.ly/owaspblr-googlecal]'''

= '''Chapter News''' =

=== 14th July 2015 ===
* Venue and links updated. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 2nd July 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 12th June 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 02nd June 2015 ===
* Details of the next OWASP Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 25th May 2015 ===
* Details of the next OWASP Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 20th May 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 24th March 2015 ===
* Details of the next OWASP Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 12th March 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 01st February 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 02nd January 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 5th December 2014 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 29th November 2014 ===
* We have added @abhinav_sejpal to tweet from @owaspbangalore. Looking forward to a more vibrant twitter account!

=== 26th November 2014 ===
* Many thanks to [https://twitter.com/shruthi76 @shruthi76] for creating a logo for OWASP Bangalore

=== 17th November 2014 ===
* Details of the OWASP Banglore Workshop on XWH2014 by Riyaz Walikar have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 16th November 2014 ===
* Details of the next Combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 4th November 2014 ===
* Our special meeting details have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link]

=== 14th October 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 17th September 2014 ===
* The OWASP Testing Guide v4 was released today. Our very own [https://www.owasp.org/index.php/User:Anant_Shrivastava Anant Shrivastava] from the Bangalore chapter has contributed a chapter on Fingerprinting Web Servers. Please follow the [https://www.owasp.org/index.php/Fingerprint_Web_Server_(OTG-INFO-002) link] to read the specific section.

=== 13th September 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 28th August 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.
* Riyaz Walikar updated his profile.

=== 11th July 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 6th Jun 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 5th Jun 2014 ===
* Very excited to have [mailto:riyaz.walikar@owasp.org Riyaz Walikar] joining us the third OWASP Bangalore Chapter Lead

=== Older News ===
* null/OWASP combined meet up on 24th May 2014
* We have a new twitter account [https://twitter.com/owaspbangalore @owaspbangalore]

= '''Next Meeting''' =

== OWASP Bangalore meet - 29th Aug 2015 09:30 AM - 02:00 PM ==

'''Add to Google Calendar'''
[https://www.google.com/calendar/hosted/owasp.org/event?action=TEMPLATE&tmeid=ZGw5bGNpbmZscTBiN3Vvc2c3bzVkamQxdjQgaGw2Y2pnczZlcDFoN29uaXFndWV1MmJoYm9AZw&tmsrc=hl6cjgs6ep1h7oniqgueu2bhbo%40group.calendar.google.com Google Calendar Link]

=== '''Sessions''' ===
* Proposed sessions for this event:
* Owasp Mobile Top 10 - M9: Improper Session Handling by Apoorva
* Exploiting Version Control Systems by Anant Shrivastava
* Cross Origin Resource Sharing by Ishan
* Android rooting Internals by Anto joseph
* Kerberos Golden Ticket by Ashish

=== '''Venue''' ===
InMobi 
8th Floor, Cafeteria 
Delta Block 
Embassy Tech Square 
Marathahalli-Sarjapur Outer Ring Rd 
Bengaluru, Karnataka 560103, India
 
 
Maps: https://goo.gl/VaaEwb

=== '''Instructions''' ===
1. Please bring a Government issued ID card (Pan, Driving license, etc) for entry into the compound. 
2. If required, laptops have to be declared with serial numbers at the building security. 

= '''Previous Meeting Venue and Dates''' =

{| class="wikitable"
|-
! No
! Date
! Venue
! Time
|-
| 47
| 25th July 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 46
| 20th June 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 45
| 6th June 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 44
| 30th May 2015
| Microsoft Technology Center (http://goo.gl/69VZrL)
| 09:30 AM
|-
|-
| 43
| 16th May 2015
| Philips Innovation Campus (https://goo.gl/fAVWl9)
| 09:30 AM
|-
|-
| 42
| 25th April 2015
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 41
| 21st March 2015
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 40
| 21st February 2015
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 39
| 17th January 2015
| Sapient Consulting (http://goo.gl/hZmwyV)
| 09:30 AM
|-
|-
| 38
| 13th December 2014
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:00 AM
|-
|-
| 37
| 29th November 2014
| Triad Square Infosec (https://bit.ly/owaspmeet-xwh2014)
| 10:00 AM
|-
|-
| 36
| 22nd November 2014
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 35
| 15th November 2014
| PayPal Office (http://goo.gl/quBKaG)
| 10:00 AM
|-
|-
| 34
| 18th October 2014
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 33
| 20th September 2014
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 32
| 30th August 2014
| EMC Corporation (http://goo.gl/19Ueet)
| 09:30 AM
|-
|-
| 31
| 19th July 2014
| ThoughtWorks Office (http://goo.gl/bokSL)
| 09:30 AM
|-
|-
| 30
| 14th June 2014
| ThoughtWorks Office (http://goo.gl/bokSL)
| 09:30 AM
|-
|-
| 29
| 24th May 2014
| ThoughtWorks Office (http://goo.gl/bokSL)
| 10:00 AM
|-
|-
| 28
| 8th February 2014
| Paypal Office
| 10:00 AM
|-
| 27
| 18th January 2014
| ThoughtWorks Office (http://goo.gl/bokSL)
| 9:30 AM
|-
|-
| 26
| 14th December 2013
| ThoughtWorks Office (http://goo.gl/bokSL)
| 9:30 AM
|-
| 25
| 1st November 2012
| KPMG Office
| 7 PM
|-

|-
| 24
| 16th May 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 23
| 19th May 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 22
| 21th April 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 21
| 10th March 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 20
| 04th February 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 19
| 07th January 2012
| Kieon
| 10 AM
|-

|-
| 18
| 3rd October 2009
| Praxeva India
| 10 AM
|-
| 17
| 19th September 2009
| Praxeva India
| 10 AM
|-
| 16
| 5th September 2009
| Praxeva India
| 10 AM
|-
| 15
| 12 July 2009
| Cubbon Park
| 10.30 AM
|-
| 14
| 07 June 2009
| ICH, Church Street
| 09.00 AM
|-
| 13
| 11 April 2009
| ThoughtWorks Bangalore, ([http://www.devcamp.in/wiki/Main_Page DevCamp2])
| 10.00 AM
|-
| 12
| 07 March 2009
| Yahoo, Embassy Golf Links Business Park
| 11.00 AM
|-
| 11
| 02 February 2009
| India Coffee House, MG Road
| 9.00 AM
|-
| 10
| 11 January 2009
| India Coffee House, MG Road
| 9.00 AM
|-
| 9
| 14 December 2008
| India Coffee House, MG Road
| 9.00 AM
|-
| 8
| 16 November 2008
| India Coffee House, MG Road
| 9.00 AM
|-
| 7
| 13 September 2008
| IIM Bangalore (Part of BarCamp Bangalore-7)
| 
|-
| 6
| 09 August 2008
| Microland Office
| 3.00 PM
|-
| 5
| 12 July 2008
| RSA Office (Part of Secure Camp)
| 9.30 AM
|-
| 4
| 29 June 2008
| India Coffee House, MG Road
| 9.30AM
|-
| 3
| 28 June 2007
| (Part of Barcamp Bangalore-4)
| 
|-
| 2
| 2006
| 
| 
|-
| 1
| 2006
| 
| 
|}

= '''Meeting Summaries''' =
[[Bangalore/Archives|Summaries from Past Meetings]]

= '''Chapter Leaders'''=
== Current Chapter Leaders ==

=== KV Prashanth (2012 - Present) ===
=== Akash Mahajan (2012 - Present) ===

I am ''The Web Application Security Guy''. Apart from running a company offering application security consulting, I spend majority of my time doing volunteer work for OWASP as the Bangalore chapter leader and null - The Open Security Community as a Community Manager. I tweet about security quite regularly on twitter account [https://twitter.com/makash @makash]. Feel free to get in touch.

Twitter: [https://twitter.com/makash @makash]

=== Riyaz Walikar (2014 - Present) ===

For food and shelter, I work as a pentester/web security tester+evangelist at a Big4. I have been active in the security community for the better part of the last 7 years by working closely with the Bangalore OWASP chapter and null - The Open Security community.

My technical interests lie with programming, bug bounty, malware analysis, breaking web applications, playing CTFs, researching devices that fall under the Internet of Things category and penetration testing networks exposed to the Internet. When not writing/breaking code, you can find me sleeping, playing football, reading or fishing.

Blog: http://www.riyazwalikar.com

Twitter: [https://www.twitter.com/riyazwalikar @riyazwalikar]

== Current Chapter volunteers ==

=== Abhinav Sejpal (2015 - Present) ===

Fell in love with the power of software at age 17, and he is still in love. He is a security researcher working at Accenture Digital. He has reported security vulnerabilities 50+ Unique product giants all over the world including Apple, Adobe , Twitter, Linkedin, Yahoo , Pinterest, VK etc. He enjoys finding and exploiting software vulnerabilities via reverse engineering, source code auditing, fuzzing. He researches primarily focused Android , iOS Mobile App and open source project like ASVS, OWASP Mobile Top 10, Mobile Security Framework etc.

Speaker @ OWASP, Null , Weekend Testing Bangalore Chapter

Blog: http://bugwrangler.in

Twitter: [https://www.twitter.com/Abhinav_Sejpal @Abhinav_Sejpal]

Github: [https://github.com/bugwrangler bugwrangler]

=== Satish Govindappa (2015 - Present) ===

14+ years of significant, progressive expertise in security architecture practices, secure coding practices, secure code review, web application pen-testing,security testing tools and secure software development training.
Build and facilitate company-wide security architecture practice and secure software development programs

== Previous Chapter Leaders ==

=== Harinath (2002 - 2012) ===

<headertabs />

[[Category:India]]

Bangalore

2015-08-15T17:34:00Z

Abhinav: /* Previous Meeting Venue and Dates */

__NOTOC__

[[File:Owasp-bangalore-logo.png|OWASP Bangalore Chapter]]
{{Chapter Template|chaptername=Bangalore|extra=The chapter leaders are [mailto:kvprashant@owasp.org Prashant Kv], [mailto:riyaz.walikar@owasp.org Riyaz Walikar] and [[User:Makash | Akash Mahajan]] [mailto:akash.mahajan@owasp.org (akash.mahajan AT OWASP DOT org)] |mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-bangalore|emailarchives=http://lists.owasp.org/pipermail/owasp-bangalore}}

= '''Stay Updated''' =
=== Join our low traffic mailing list for event information ===
[[File:Mail-50%25smaller.jpeg]]
[https://lists.owasp.org/mailman/listinfo/owasp-bangalore Subscribe to OWASP Bangalore Mailing list]

=== Follow @owaspbangalore for event updates on Twitter ===
[[File:Twitter-bird-cropped-onwhite-40%25smaller.png]]
'''[https://twitter.com/owaspbangalore OWASP Bangalore Twitter Account]'''

=== Short Links for sharing and easy to remember ===
* Wiki Page - '''[https://bit.ly/owaspblr https://bit.ly/owaspblr]'''
* Next OWASP Bangalore Meet '''[https://bit.ly/owaspblr-meet https://bit.ly/owaspblr-meet]'''
* OWASP Bangalore Mailing List '''[https://bit.ly/owaspblr-mailinglist http://bit.ly/owaspblr-mailinglist]'''
* OWASP Global Google Calendar '''[https://bit.ly/owaspblr-googlecal http://bit.ly/owaspblr-googlecal]'''

= '''Chapter News''' =

=== 14th July 2015 ===
* Venue and links updated. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 2nd July 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 12th June 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 02nd June 2015 ===
* Details of the next OWASP Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 25th May 2015 ===
* Details of the next OWASP Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 20th May 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 24th March 2015 ===
* Details of the next OWASP Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 12th March 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 01st February 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 02nd January 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 5th December 2014 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 29th November 2014 ===
* We have added @abhinav_sejpal to tweet from @owaspbangalore. Looking forward to a more vibrant twitter account!

=== 26th November 2014 ===
* Many thanks to [https://twitter.com/shruthi76 @shruthi76] for creating a logo for OWASP Bangalore

=== 17th November 2014 ===
* Details of the OWASP Banglore Workshop on XWH2014 by Riyaz Walikar have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 16th November 2014 ===
* Details of the next Combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 4th November 2014 ===
* Our special meeting details have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link]

=== 14th October 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 17th September 2014 ===
* The OWASP Testing Guide v4 was released today. Our very own [https://www.owasp.org/index.php/User:Anant_Shrivastava Anant Shrivastava] from the Bangalore chapter has contributed a chapter on Fingerprinting Web Servers. Please follow the [https://www.owasp.org/index.php/Fingerprint_Web_Server_(OTG-INFO-002) link] to read the specific section.

=== 13th September 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 28th August 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.
* Riyaz Walikar updated his profile.

=== 11th July 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 6th Jun 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 5th Jun 2014 ===
* Very excited to have [mailto:riyaz.walikar@owasp.org Riyaz Walikar] joining us the third OWASP Bangalore Chapter Lead

=== Older News ===
* null/OWASP combined meet up on 24th May 2014
* We have a new twitter account [https://twitter.com/owaspbangalore @owaspbangalore]

= '''Next Meeting''' =

== OWASP Bangalore meet - 25th July 2015 09:30 AM - 02:00 PM ==

'''Add to Google Calendar'''
[https://www.google.com/calendar/hosted/owasp.org/event?action=TEMPLATE&tmeid=ZGw5bGNpbmZscTBiN3Vvc2c3bzVkamQxdjQgaGw2Y2pnczZlcDFoN29uaXFndWV1MmJoYm9AZw&tmsrc=hl6cjgs6ep1h7oniqgueu2bhbo%40group.calendar.google.com Google Calendar Link]

=== '''Sessions''' ===
* OWASP Mobile Top Ten - M8 - Shivang Desai
* PHP Remote Code Execution bugs - Rahul Sasi
* Quantum Cryptography - Sidhant
* Grinder Tool demo - Amol Naik
* Content Security Policy - Riyaz Walikar

[[File:July_Month_Meet-up.png]]

=== '''Venue''' ===
Citrix Systems, 
No. 33, Prestige Dynasty 
Ulsoor Road, Sivanchetti Gardens, 
Behind Taj Vivanta (MG Road) 
Bengaluru, 560042
 
 
Maps: https://goo.gl/VaaEwb

=== '''Instructions''' ===
1. Please bring a Government issued ID card (Pan, Driving license, etc) for entry into the compound. 
2. If required, laptops have to be declared with serial numbers at the building security. 

= '''Previous Meeting Venue and Dates''' =

{| class="wikitable"
|-
! No
! Date
! Venue
! Time
|-
| 47
| 25th July 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 46
| 20th June 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 45
| 6th June 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 44
| 30th May 2015
| Microsoft Technology Center (http://goo.gl/69VZrL)
| 09:30 AM
|-
|-
| 43
| 16th May 2015
| Philips Innovation Campus (https://goo.gl/fAVWl9)
| 09:30 AM
|-
|-
| 42
| 25th April 2015
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 41
| 21st March 2015
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 40
| 21st February 2015
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 39
| 17th January 2015
| Sapient Consulting (http://goo.gl/hZmwyV)
| 09:30 AM
|-
|-
| 38
| 13th December 2014
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:00 AM
|-
|-
| 37
| 29th November 2014
| Triad Square Infosec (https://bit.ly/owaspmeet-xwh2014)
| 10:00 AM
|-
|-
| 36
| 22nd November 2014
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 35
| 15th November 2014
| PayPal Office (http://goo.gl/quBKaG)
| 10:00 AM
|-
|-
| 34
| 18th October 2014
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 33
| 20th September 2014
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 32
| 30th August 2014
| EMC Corporation (http://goo.gl/19Ueet)
| 09:30 AM
|-
|-
| 31
| 19th July 2014
| ThoughtWorks Office (http://goo.gl/bokSL)
| 09:30 AM
|-
|-
| 30
| 14th June 2014
| ThoughtWorks Office (http://goo.gl/bokSL)
| 09:30 AM
|-
|-
| 29
| 24th May 2014
| ThoughtWorks Office (http://goo.gl/bokSL)
| 10:00 AM
|-
|-
| 28
| 8th February 2014
| Paypal Office
| 10:00 AM
|-
| 27
| 18th January 2014
| ThoughtWorks Office (http://goo.gl/bokSL)
| 9:30 AM
|-
|-
| 26
| 14th December 2013
| ThoughtWorks Office (http://goo.gl/bokSL)
| 9:30 AM
|-
| 25
| 1st November 2012
| KPMG Office
| 7 PM
|-

|-
| 24
| 16th May 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 23
| 19th May 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 22
| 21th April 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 21
| 10th March 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 20
| 04th February 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 19
| 07th January 2012
| Kieon
| 10 AM
|-

|-
| 18
| 3rd October 2009
| Praxeva India
| 10 AM
|-
| 17
| 19th September 2009
| Praxeva India
| 10 AM
|-
| 16
| 5th September 2009
| Praxeva India
| 10 AM
|-
| 15
| 12 July 2009
| Cubbon Park
| 10.30 AM
|-
| 14
| 07 June 2009
| ICH, Church Street
| 09.00 AM
|-
| 13
| 11 April 2009
| ThoughtWorks Bangalore, ([http://www.devcamp.in/wiki/Main_Page DevCamp2])
| 10.00 AM
|-
| 12
| 07 March 2009
| Yahoo, Embassy Golf Links Business Park
| 11.00 AM
|-
| 11
| 02 February 2009
| India Coffee House, MG Road
| 9.00 AM
|-
| 10
| 11 January 2009
| India Coffee House, MG Road
| 9.00 AM
|-
| 9
| 14 December 2008
| India Coffee House, MG Road
| 9.00 AM
|-
| 8
| 16 November 2008
| India Coffee House, MG Road
| 9.00 AM
|-
| 7
| 13 September 2008
| IIM Bangalore (Part of BarCamp Bangalore-7)
| 
|-
| 6
| 09 August 2008
| Microland Office
| 3.00 PM
|-
| 5
| 12 July 2008
| RSA Office (Part of Secure Camp)
| 9.30 AM
|-
| 4
| 29 June 2008
| India Coffee House, MG Road
| 9.30AM
|-
| 3
| 28 June 2007
| (Part of Barcamp Bangalore-4)
| 
|-
| 2
| 2006
| 
| 
|-
| 1
| 2006
| 
| 
|}

= '''Meeting Summaries''' =
[[Bangalore/Archives|Summaries from Past Meetings]]

= '''Chapter Leaders'''=
== Current Chapter Leaders ==

=== KV Prashanth (2012 - Present) ===
=== Akash Mahajan (2012 - Present) ===

I am ''The Web Application Security Guy''. Apart from running a company offering application security consulting, I spend majority of my time doing volunteer work for OWASP as the Bangalore chapter leader and null - The Open Security Community as a Community Manager. I tweet about security quite regularly on twitter account [https://twitter.com/makash @makash]. Feel free to get in touch.

Twitter: [https://twitter.com/makash @makash]

=== Riyaz Walikar (2014 - Present) ===

For food and shelter, I work as a pentester/web security tester+evangelist at a Big4. I have been active in the security community for the better part of the last 7 years by working closely with the Bangalore OWASP chapter and null - The Open Security community.

My technical interests lie with programming, bug bounty, malware analysis, breaking web applications, playing CTFs, researching devices that fall under the Internet of Things category and penetration testing networks exposed to the Internet. When not writing/breaking code, you can find me sleeping, playing football, reading or fishing.

Blog: http://www.riyazwalikar.com

Twitter: [https://www.twitter.com/riyazwalikar @riyazwalikar]

== Current Chapter volunteers ==

=== Abhinav Sejpal (2015 - Present) ===

Fell in love with the power of software at age 17, and he is still in love. He is a security researcher working at Accenture Digital. He has reported security vulnerabilities 50+ Unique product giants all over the world including Apple, Adobe , Twitter, Linkedin, Yahoo , Pinterest, VK etc. He enjoys finding and exploiting software vulnerabilities via reverse engineering, source code auditing, fuzzing. He researches primarily focused Android , iOS Mobile App and open source project like ASVS, OWASP Mobile Top 10, Mobile Security Framework etc.

Speaker @ OWASP, Null , Weekend Testing Bangalore Chapter

Blog: http://bugwrangler.in

Twitter: [https://www.twitter.com/Abhinav_Sejpal @Abhinav_Sejpal]

Github: [https://github.com/bugwrangler bugwrangler]

=== Satish Govindappa (2015 - Present) ===

14+ years of significant, progressive expertise in security architecture practices, secure coding practices, secure code review, web application pen-testing,security testing tools and secure software development training.
Build and facilitate company-wide security architecture practice and secure software development programs

== Previous Chapter Leaders ==

=== Harinath (2002 - 2012) ===

<headertabs />

[[Category:India]]

Bangalore

2015-07-12T12:19:26Z

Abhinav: /* Sessions */

__NOTOC__

[[File:Owasp-bangalore-logo.png|OWASP Bangalore Chapter]]
{{Chapter Template|chaptername=Bangalore|extra=The chapter leaders are [mailto:kvprashant@owasp.org Prashant Kv], [mailto:riyaz.walikar@owasp.org Riyaz Walikar] and [[User:Makash | Akash Mahajan]] [mailto:akash.mahajan@owasp.org (akash.mahajan AT OWASP DOT org)] |mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-bangalore|emailarchives=http://lists.owasp.org/pipermail/owasp-bangalore}}

= '''Stay Updated''' =
=== Join our low traffic mailing list for event information ===
[[File:Mail-50%25smaller.jpeg]]
[https://lists.owasp.org/mailman/listinfo/owasp-bangalore Subscribe to OWASP Bangalore Mailing list]

=== Follow @owaspbangalore for event updates on Twitter ===
[[File:Twitter-bird-cropped-onwhite-40%25smaller.png]]
'''[https://twitter.com/owaspbangalore OWASP Bangalore Twitter Account]'''

=== Short Links for sharing and easy to remember ===
* Wiki Page - '''[https://bit.ly/owaspblr https://bit.ly/owaspblr]'''
* Next OWASP Bangalore Meet '''[https://bit.ly/owaspblr-meet https://bit.ly/owaspblr-meet]'''
* OWASP Bangalore Mailing List '''[https://bit.ly/owaspblr-mailinglist http://bit.ly/owaspblr-mailinglist]'''
* OWASP Global Google Calendar '''[https://bit.ly/owaspblr-googlecal http://bit.ly/owaspblr-googlecal]'''

= '''Chapter News''' =

=== 2nd July 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 12th June 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 02nd June 2015 ===
* Details of the next OWASP Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 25th May 2015 ===
* Details of the next OWASP Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 20th May 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 24th March 2015 ===
* Details of the next OWASP Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 12th March 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 01st February 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 02nd January 2015 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 5th December 2014 ===
* Details of the next combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 29th November 2014 ===
* We have added @abhinav_sejpal to tweet from @owaspbangalore. Looking forward to a more vibrant twitter account!

=== 26th November 2014 ===
* Many thanks to [https://twitter.com/shruthi76 @shruthi76] for creating a logo for OWASP Bangalore

=== 17th November 2014 ===
* Details of the OWASP Banglore Workshop on XWH2014 by Riyaz Walikar have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 16th November 2014 ===
* Details of the next Combined null/OWASP/G4H Bangalore meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 4th November 2014 ===
* Our special meeting details have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link]

=== 14th October 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 17th September 2014 ===
* The OWASP Testing Guide v4 was released today. Our very own [https://www.owasp.org/index.php/User:Anant_Shrivastava Anant Shrivastava] from the Bangalore chapter has contributed a chapter on Fingerprinting Web Servers. Please follow the [https://www.owasp.org/index.php/Fingerprint_Web_Server_(OTG-INFO-002) link] to read the specific section.

=== 13th September 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 28th August 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.
* Riyaz Walikar updated his profile.

=== 11th July 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 6th Jun 2014 ===
* Details of the next meeting have been posted. Please follow the [https://www.owasp.org/index.php/Bangalore#tab=Next_Meeting link] for more information.

=== 5th Jun 2014 ===
* Very excited to have [mailto:riyaz.walikar@owasp.org Riyaz Walikar] joining us the third OWASP Bangalore Chapter Lead

=== Older News ===
* null/OWASP combined meet up on 24th May 2014
* We have a new twitter account [https://twitter.com/owaspbangalore @owaspbangalore]

= '''Next Meeting''' =

== OWASP Bangalore meet - 25th July 2015 09:30 AM - 02:00 PM ==

'''Add to Google Calendar'''
[https://www.google.com/calendar/hosted/owasp.org/event?action=TEMPLATE&tmeid=ZGw5bGNpbmZscTBiN3Vvc2c3bzVkamQxdjQgaGw2Y2pnczZlcDFoN29uaXFndWV1MmJoYm9AZw&tmsrc=hl6cjgs6ep1h7oniqgueu2bhbo%40group.calendar.google.com Google Calendar Link]

=== '''Sessions''' ===
* OWASP Mobile Top Ten - M8 - Shivang Desai
* PHP Remote Code Execution bugs - Rahul Sasi
* Quantum Cryptography - Sidhant
* Grinder Tool demo - Amol Naik
* Content Security Policy - Riyaz Walikar

[[File:July_Month_Meet-up.png]]

=== '''Venue''' ===
Will update soon

=== '''Instructions''' ===
Will update soon

= '''Previous Meeting Venue and Dates''' =

{| class="wikitable"
|-
! No
! Date
! Venue
! Time
|-
| 46
| 20th June 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 45
| 6th June 2015
| Citrix R&D (https://goo.gl/VaaEwb)
| 09:30 AM
|-
|-
| 44
| 30th May 2015
| Microsoft Technology Center (http://goo.gl/69VZrL)
| 09:30 AM
|-
|-
| 43
| 16th May 2015
| Philips Innovation Campus (https://goo.gl/fAVWl9)
| 09:30 AM
|-
|-
| 42
| 25th April 2015
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 41
| 21st March 2015
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 40
| 21st February 2015
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 39
| 17th January 2015
| Sapient Consulting (http://goo.gl/hZmwyV)
| 09:30 AM
|-
|-
| 38
| 13th December 2014
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:00 AM
|-
|-
| 37
| 29th November 2014
| Triad Square Infosec (https://bit.ly/owaspmeet-xwh2014)
| 10:00 AM
|-
|-
| 36
| 22nd November 2014
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 35
| 15th November 2014
| PayPal Office (http://goo.gl/quBKaG)
| 10:00 AM
|-
|-
| 34
| 18th October 2014
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 33
| 20th September 2014
| InMobi Technologies (http://goo.gl/v6WsoT)
| 09:30 AM
|-
|-
| 32
| 30th August 2014
| EMC Corporation (http://goo.gl/19Ueet)
| 09:30 AM
|-
|-
| 31
| 19th July 2014
| ThoughtWorks Office (http://goo.gl/bokSL)
| 09:30 AM
|-
|-
| 30
| 14th June 2014
| ThoughtWorks Office (http://goo.gl/bokSL)
| 09:30 AM
|-
|-
| 29
| 24th May 2014
| ThoughtWorks Office (http://goo.gl/bokSL)
| 10:00 AM
|-
|-
| 28
| 8th February 2014
| Paypal Office
| 10:00 AM
|-
| 27
| 18th January 2014
| ThoughtWorks Office (http://goo.gl/bokSL)
| 9:30 AM
|-
|-
| 26
| 14th December 2013
| ThoughtWorks Office (http://goo.gl/bokSL)
| 9:30 AM
|-
| 25
| 1st November 2012
| KPMG Office
| 7 PM
|-

|-
| 24
| 16th May 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 23
| 19th May 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 22
| 21th April 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 21
| 10th March 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 20
| 04th February 2012
| Kieon (http://g.co/maps/dahhv)
| 10 AM
|-

|-
| 19
| 07th January 2012
| Kieon
| 10 AM
|-

|-
| 18
| 3rd October 2009
| Praxeva India
| 10 AM
|-
| 17
| 19th September 2009
| Praxeva India
| 10 AM
|-
| 16
| 5th September 2009
| Praxeva India
| 10 AM
|-
| 15
| 12 July 2009
| Cubbon Park
| 10.30 AM
|-
| 14
| 07 June 2009
| ICH, Church Street
| 09.00 AM
|-
| 13
| 11 April 2009
| ThoughtWorks Bangalore, ([http://www.devcamp.in/wiki/Main_Page DevCamp2])
| 10.00 AM
|-
| 12
| 07 March 2009
| Yahoo, Embassy Golf Links Business Park
| 11.00 AM
|-
| 11
| 02 February 2009
| India Coffee House, MG Road
| 9.00 AM
|-
| 10
| 11 January 2009
| India Coffee House, MG Road
| 9.00 AM
|-
| 9
| 14 December 2008
| India Coffee House, MG Road
| 9.00 AM
|-
| 8
| 16 November 2008
| India Coffee House, MG Road
| 9.00 AM
|-
| 7
| 13 September 2008
| IIM Bangalore (Part of BarCamp Bangalore-7)
| 
|-
| 6
| 09 August 2008
| Microland Office
| 3.00 PM
|-
| 5
| 12 July 2008
| RSA Office (Part of Secure Camp)
| 9.30 AM
|-
| 4
| 29 June 2008
| India Coffee House, MG Road
| 9.30AM
|-
| 3
| 28 June 2007
| (Part of Barcamp Bangalore-4)
| 
|-
| 2
| 2006
| 
| 
|-
| 1
| 2006
| 
| 
|}

= '''Meeting Summaries''' =
[[Bangalore/Archives|Summaries from Past Meetings]]

= '''Chapter Leaders'''=
== Current Chapter Leaders ==

=== KV Prashanth (2012 - Present) ===
=== Akash Mahajan (2012 - Present) ===

I am ''The Web Application Security Guy''. Apart from running a company offering application security consulting, I spend majority of my time doing volunteer work for OWASP as the Bangalore chapter leader and null - The Open Security Community as a Community Manager. I tweet about security quite regularly on twitter account [https://twitter.com/makash @makash]. Feel free to get in touch.

Twitter: [https://twitter.com/makash @makash]

=== Riyaz Walikar (2014 - Present) ===

For food and shelter, I work as a pentester/web security tester+evangelist at a Big4. I have been active in the security community for the better part of the last 7 years by working closely with the Bangalore OWASP chapter and null - The Open Security community.

My technical interests lie with programming, bug bounty, malware analysis, breaking web applications, playing CTFs, researching devices that fall under the Internet of Things category and penetration testing networks exposed to the Internet. When not writing/breaking code, you can find me sleeping, playing football, reading or fishing.

Blog: http://www.riyazwalikar.com

Twitter: [https://www.twitter.com/riyazwalikar @riyazwalikar]

== Current Chapter volunteers ==

=== Abhinav Sejpal (2015 - Present) ===

Fell in love with the power of software at age 17, and he is still in love. He is a security researcher working at Accenture Digital. He has reported security vulnerabilities 50+ Unique product giants all over the world including Apple, Adobe , Twitter, Linkedin, Yahoo , Pinterest, VK etc. He enjoys finding and exploiting software vulnerabilities via reverse engineering, source code auditing, fuzzing. He researches primarily focused Android , iOS Mobile App and open source project like ASVS, OWASP Mobile Top 10, Mobile Security Framework etc.

Speaker @ OWASP, Null , Weekend Testing Bangalore Chapter

Blog: http://bugwrangler.in

Twitter: [https://www.twitter.com/Abhinav_Sejpal @Abhinav_Sejpal]

Github: [https://github.com/bugwrangler bugwrangler]

=== Satish Govindappa (2015 - Present) ===

14+ years of significant, progressive expertise in security architecture practices, secure coding practices, secure code review, web application pen-testing,security testing tools and secure software development training.
Build and facilitate company-wide security architecture practice and secure software development programs

== Previous Chapter Leaders ==

=== Harinath (2002 - 2012) ===

<headertabs />

[[Category:India]]

File:July Month Meet-up.png

2015-07-12T12:18:31Z

Abhinav: Bangalore meet up schedule

Bangalore meet up schedule

OWASP Mobile Security Project

2015-06-27T21:10:08Z

Abhinav: /* About this list */

= Home =
<div style="width:100%;height:90px;border:0,margin:0;overflow: hidden;">[[File: lab_big.jpg|link=OWASP_Project_Stages#tab.3DLab_Projects]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

== OWASP Mobile Security Project ==

The OWASP Mobile Security Project is a centralized resource intended to give developers and security teams the resources they need to build and maintain secure mobile applications. Through the project, our goal is to classify mobile security risks and provide developmental controls to reduce their impact or likelihood of exploitation.

Our primary focus is at the application layer. While we take into consideration the underlying mobile platform and carrier inherent risks when threat modeling and building controls, we are targeting the areas that the average developer can make a difference. Additionally, we focus not only on the mobile applications deployed to end user devices, but also on the broader server-side infrastructure which the mobile apps communicate with. We focus heavily on the integration between the mobile application, remote authentication services, and cloud platform-specific features.

 

'''We have a Google Doc where anyone who wants to be involved with the project can add their thoughts, suggestions, and take ownership of initiatives - [https://docs.google.com/document/d/1bScrvrLJLOHcSbztjBxYoN-jN3kR8bViy9tF8Nx0c08/edit Click here]. There are various tasks that people have started over the past 6 months with varying levels of quality and completeness.'''

This project is still a work in progress. We are small group doing this work and could use more help! If you are interested, please contact one of the project leads or feel free to visit [https://groups.google.com/a/owasp.org/forum/#!forum/owasp-mobile-top-10-risks the mailing list] as well!

| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== Email List ==

[[Image:Asvs-bulb.jpg]] [https://groups.google.com/a/owasp.org/forum/#!forum/owasp-mobile-top-10-risks Project Email List]

== Project Leaders ==
{{Template:Contact | name = Mike Zusman
| email = mike.zusman@owasp.org
| username = schmoilito }} 
{{Template:Contact
| name = Tony DeLaGrange
| email = mobisec@secureideas.net
| username = Tony DeLaGrange
}} 
{{Template:Contact
| name = Sarath Geethakumar
| email = sarath.geethakumar@owasp.org
| username = Sarath Geethakumar
}} 
{{Template:Contact
| name = Tom Eston
| email = teston@securestate.com
}} 
{{Template:Contact
| name = Don Williams
}} 
{{Template:Contact
| name = Jason Haddix
| email = jason.haddix@hp.com
| username = Jason Haddix
}} 

== Contributors ==
{{Template:Contact
| name = Zach Lanier
| email = zach.lanier@n0where.org
| username = Zach_Lanier
}} 
{{Template:Contact
| name = Jim Manico
| email = jim.manico@owasp.org
| username = jmanico
}} 
{{Template:Contact
| name = Ludovic Petit
| email = ludovic.petit@owasp.org
| username = Ludovic Petit
}} 
{{Template:Contact
| name = Swapnil Deshmukh
| email = sd.swapz@gmail.com
| username = Swapnil Deshmukh
}} 
{{Template:Contact
| name = Beau Woods
| email = owasp@beauwoods.com
| username = Beau Woods
}} 
{{Template:Contact
| name = Jonathan Carter
| email = jonathan.carter@owasp.org
| username = Jonathan Carter
}} 
{{Template:Contact
| name = David Martin Aaron
| email = davidmartinaaron@gmail.com
| username = David Martin Aaron
}} 
{{Template:Contact
| name = Luca De Fulgentis
| email = luca@securenetwork.it
| username = Daath
}} 
{{Template:Contact
| name = Milan Singh Thakur
| email = milanthakur2010@gmail.com
| username = Milan Singh Thakur
}} 
{{Template:Contact
| name = Andrew Pannell
| email = andrew.pannell@owasp.org
| username = Andipannell
}}
|}

= Top 10 Mobile Risks =

Please visit the [https://www.owasp.org/index.php/Projects/OWASP_Mobile_Security_Project_-_Top_Ten_Mobile_Risks project page] for current information.

== About this list ==
In 2013, we polled the industry for new vulnerability statistics in the field of mobile applications. What you see here is a result of that data and a representation of the mobile application threat landscape.

[[File:Mobile_Top_10_2014.png|right|640px]]
Our goals for the 2014 list included the following:

* Updates to the wiki content; including cross-linking to testing guides, more visual exercises, etc;
* Generation of more data; and
* A PDF release.

This list has been finalized after a 90-day feedback period from the community. Based on feedback, we intend on releasing a Mobile Top Ten 2015 list following a similar approach of collecting data, grouping the data in logical and consistent ways.

Feel free to visit [https://groups.google.com/a/owasp.org/forum/#!forum/owasp-mobile-top-10-risks the mailing list] as well!

== Call to Action for 2015 ==
We are currently looking for vendors, consultants, or other industry experts within the appsec community that are willing to participate in the OWASP Mobile Top Ten 2015. Participation could include any of the following: gathering data, promoting awareness, etc.

We have published a [https://docs.google.com/viewer?a=v&pid=forums&srcid=MTM2MzA3NTkyMzA4NjgxNjcwNjQBMTU5NDg1NTE3NTg0NTgyOTMzOTgBUmEtcUZEUFNUVzRKATAuMQFvd2FzcC5vcmcBdjI Call for Data document] and have also (in the name of transparency) [https://docs.google.com/spreadsheets/d/16bW_VhEIlFU4cfN8BOOk40-XN93FM0f0Sxcx67NwPcg/edit?usp=sharing published a document] which lists which entities/vendors/individuals/etc that we have reached out to. These requests were made because we know these entities to be thought leaders in the mobile application space. If we missed you, and you have data or feedback to contribute, we apologize. Please email one of us!

== Top 10 Mobile Risks - Final List 2014 ==
[[File:2014-01-26 20-23-29.png|right|550px]]
*[[Mobile_Top_10_2014-M1|M1: Weak Server Side Controls ]]
*[[Mobile_Top_10_2014-M2|M2: Insecure Data Storage ]]
*[[Mobile_Top_10_2014-M3|M3: Insufficient Transport Layer Protection ]]
*[[Mobile_Top_10_2014-M4|M4: Unintended Data Leakage ]]
*[[Mobile_Top_10_2014-M5|M5: Poor Authorization and Authentication ]]
*[[Mobile_Top_10_2014-M6|M6: Broken Cryptography ]]
*[[Mobile_Top_10_2014-M7|M7: Client Side Injection ]]
*[[Mobile_Top_10_2014-M8|M8: Security Decisions Via Untrusted Inputs ]]
*[[Mobile_Top_10_2014-M9|M9: Improper Session Handling ]]
*[[Mobile_Top_10_2014-M10|M10: Lack of Binary Protections ]]

== Project Leads, Credit, and Contributions ==

* ''' [[Mobile_Top_Contributions|Mobile Top Ten Contributions Page ]] '''

== Project Methodology ==

* '''We adhered loosely to the [https://www.owasp.org/index.php/Top_10_2013/ProjectMethodology OWASP Web Top Ten Project methodology]. '''

== Archive ==
* The list below is the OLD release candidate v1.0 of the OWASP Top 10 Mobile Risks.  This list was initially released on September 23, 2011 at Appsec USA.  
** The original presentation can be found here: [http://www.slideshare.net/JackMannino/owasp-top-10-mobile-risks SLIDES] 
** The corresponding video can be found here: [http://www.youtube.com/watch?v=GRvegLOrgs0 VIDEO]
** [[Mobile_Top_10_2012|2011-12 Mobile Top Ten for archive purposes]]

= Mobile Tools =

[[File:Reverse_Engineering_Arsenals.png]]

[[File:IOS_Arsenal.png]]

== iMAS ==

iMAS is a collaborative research project from the MITRE Corporation focused on open source iOS security controls. Today, iOS meets the enterprise security needs of customers, however many security experts cite critical vulnerabilities and have demonstrated exploits, which pushes enterprises to augment iOS deployments with commercial solutions. The iMAS intent is to protect iOS applications and data beyond the Apple provided security model and reduce the adversary’s ability and efficiency to perform recon, exploitation, control and execution on iOS mobile applications. iMAS will transform the effectiveness of the existing iOS security model across major vulnerability areas including the System Passcode, jailbreak, debugger / run-time, flash storage, and the system keychain. Research outcomes include an open source secure application framework, including an application container, developer and validation tools/techniques.

[https://www.owasp.org/index.php/OWASP_iMAS_iOS_Mobile_Application_Security_Project iMas Project Page]

The source code for iMAS is available on GitHub: [https://github.com/project-imas/about iMAS Source Code]

== GoatDroid ==

OWASP GoatDroid is a fully functional and self-contained training environment for educating developers and testers on Android security. GoatDroid requires minimal dependencies and is ideal for both Android beginners as well as more advanced users. The project currently includes two applications: FourGoats, a location-based social network, and Herd Financial, a mobile banking application. There are also several features that greatly simplify usage within a training environment or for absolute beginners who want a good introduction to working with the Android platform.

As the Android SDK introduces new features, the GoatDroid contributors will strive to implement up-to-date lessons that can educate developers and security testers on new security issues. The project currently provides coverage for most of the OWASP Top 10 Mobile Risks and also includes a bunch of other problems as well.

You can find GoatDroid on GitHub: [https://github.com/jackMannino/OWASP-GoatDroid-Project GoatDroid Source Code]

[https://www.owasp.org/index.php/Projects/OWASP_GoatDroid_Project GoatDroid Project Page]

== iGoat ==

iGoat is a learning tool for iOS developers (iPhone, iPad, etc.). It was inspired by the WebGoat project, and has a similar conceptual flow to it.

As such, iGoat is a safe environment where iOS developers can learn about the major security pitfalls they face as well as how to avoid them. It is made up of a series of lessons that each teach a single (but vital) security lesson.

The lessons are laid out in the following steps:

# Brief introduction to the problem.
# Verify the problem by exploiting it.
# Brief description of available remediations to the problem.
# Fix the problem by correcting and rebuilding the iGoat program.

Step 4 is optional, but highly recommended for all iOS developers. Assistance is available within iGoat if you don't know how to fix a specific problem.

iGoat is free software, released under the GPLv3 license.

[https://www.owasp.org/index.php/OWASP_iGoat_Project iGoat Project Page]

The iGoat source code is available on Google Code [http://code.google.com/p/owasp-igoat/ iGoat Source Code]

== Damn Vulnerable iOS Application ==

Damn Vulnerable iOS application is a project started by Prateek Gianchandani which gives mobile testers and developers an iOS application to practice attacking/defending skill sets. Each challenge area corresponds to an in-depth article designed to teach the fundamentals of mobile security on the iOS platform. Some challenge categories include multiple challenge types.

The current challenge categories:

* Insecure Data Storage (4 exercises)
* Jailbreak Detection (2 exercises)
* Runtime Manipulation (3 exercises)
* Transport Layer Security (1 exercise)
* Client Side Injection (1 exercise)
* Broken Cryptography (1 exercise)
* Binary Patching (4 exercises)

[http://damnvulnerableiosapp.com DVIA Home Page]

[https://www.owasp.org/index.php/OWASP_DVIA DVIA OWASP Project Page]

[https://github.com/prateek147/DVIA DVIA Github Source]

[http://damnvulnerableiosapp.com/#learn DVIA Learning Resources]

== MobiSec ==

The MobiSec Live Environment Mobile Testing Framework project is a live environment for testing mobile environments, including devices, applications, and supporting infrastructure. The purpose is to provide attackers and defenders the ability to test their mobile environments to identify design weaknesses and vulnerabilities. The MobiSec Live Environment provides a single environment for testers to leverage the best of all available open source mobile testing tools, as well as the ability to install additional tools and platforms, that will aid the penetration tester through the testing process as the environment is structured and organized based on an industry‐proven testing framework. Using a live environment provides penetration testers the ability to boot the MobiSec Live Environment on any Intel-based system from a DVD or USB flash drive, or run the test environment within a virtual machine.

[https://www.owasp.org/index.php/Projects/OWASP_Mobile_Security_Project_-_MobiSec Project Page]

MobiSec can be downloaded from Sourceforge: [http://sourceforge.net/p/mobisec/wiki/Home/ MobiSec Download Repository]

== Androick ==

Androick is a collaborative research project from PHONESEC Ltd. With our tool, you can evaluate some risks on Android mobile applications.
Androick is a tool that allows any user to analyze an Android application. It can get the apk file, all the datas and the databases in sqlite3 and csv format.
Only for Pentesters or Researchers.

[https://www.owasp.org/index.php/Projects/OWASP_Androick_Project Androick Project Page]

== NowSecure App Testing Community Edition ==

The NowSecure App Testing Community Edition is the freely downloadable version of the powerful App Testing suite. Users are offered a number of features such as network capture, automation, import / export, and reporting to test and secure mobile apps.

It provides the opportunity to complete mobile app security tests on any application on Android or iOS mobile devices (or installed in an emulator).

The suite is provided as a preconfigured virtual machine (VM). After downloading the VM and licensing your version of the suite you will have everything you need to test the security of mobile apps.

Built in emulator - Don’t have a device? No worries. The suite includes a built in Emulator that may be used to test the security of your mobile applications.

[https://www.nowsecure.com/apptesting/community/ NowSecure App Testing Suite]

== OWASP Seraphimdroid ==
OWASP SeraphimDroid is educational, privacy and device protection application for android devices that helps users learn about risks and threats coming from other android applications. SeraphimDroid is also an application firewall for android devices not allowing malicious SMS or MMS to be sent, USSD codes to be executed or calls to be called without user permission and knowledge.

[https://www.owasp.org/index.php/OWASP_SeraphimDroid_Project OWASP Seraphimdroid project page]

[https://github.com/nikolamilosevic86/owasp-seraphimdroid OWASP Seraphimdroid code]

[https://play.google.com/store/apps/details?id=org.owasp.seraphimdroid OWASP Seraphimdroid on Google Play]

== OWASP Summer of Code 2008 ==

The OWASP Foundation sponsored the OWASP Application Security Verification Standard Project during the OWASP Summer of Code 2008.

= Mobile Security Testing =

== Introduction ==

A major priority of the OWASP Mobile Security Project is to help standardize and disseminate mobile application testing methodologies. While specific techniques exist for individual platforms, a general mobile threat model can be used to assist test teams in creating a mobile security testing methodology for any platform. The outline which follows describes a general mobile application testing methodology which can be tailored to meet the security tester’s needs. It is high level in some places, and over time will be customized on a per-platform basis.

This guide is targeted towards application developers and security testers. Developers can leverage this guide to ensure that they are not introducing the security flaws described within the guide. Security testers can use it as a reference guide to ensure that they are adequately assessing the mobile application attack surface. The ideal mobile assessment combines dynamic analysis, static analysis, and forensic analysis to ensure that the majority of the mobile application attack surface is covered.

On some platforms, it may be necessary to have root user or elevated privileges in order to perform all of the the required analysis on devices during testing. Many applications write information to areas that cannot be accessed without a higher level of access than the standard shell or application user generally has. For steps that generally require elevated privileges, it will be stated that this is the case.

This guide is broken up into three sections:
*'''Information Gathering-''' describes the steps and things to consider when you are in the early stage reconnaissance and mapping phases of testing as well as determining the application’s magnitude of effort and scoping.
*'''Static Analysis'''- Analyzing raw mobile source code, decompiled or disassembled code.
*'''Dynamic Analysis''' - executing an application either on the device itself or within a simulator/emulator and interacting with the remote services with which the application communicates. This includes assessing the application’s local interprocess communication surface, forensic analysis of the local filesystem, and assessing remote service dependencies.

=== How To Use This Resource ===

As this guide is not platform specific, you will need to know the appropriate techniques & tools for your target platform. The OWASP Mobile Security Project has also developed a number of other supporting resources which may be able to be leveraged for your needs.

'''In this current draft release, the guide is a work in progress. We need additional contributors to help fill in the blanks. If you think something is missing (there certainly is), add it.'''

As this guide is not platform specific, you will need to know the appropriate techniques & tools for your target platform. The OWASP Mobile Security Project has also developed a number of other supporting resources which may be able to be leveraged for your needs,

The steps required to properly test an Android application are very different than those of testing an iOS application. Likewise, Windows Phone is very different from the other platforms. Mobile security testing requires a diverse skillset over many differing operating systems and a critical ability to analyze various types of source code.

In many cases, a mobile application assessment will require coverage in all three areas identified within this testing reference. A dynamic assessment will benefit from an initial thorough attempt at Information Gathering, some level of static analysis against the application’s binary, and a forensic review of the data created and modified by the application’s runtime behavior.

Please use this guide in an iterative fashion, where work in one area may require revisiting previous testing steps. As an example, after completing a transaction you may likely need to perform additional forensic analysis on the device to ensure that sensitive data is removed as expected and not cached in an undesired fashion. As you learn more about the application at runtime, you may wish to examine additional parts of the code to determine the best way to evade a specific control. Likewise, during static analysis it may be helpful to populate the application with certain data in order to prove or refute the existence of a security flaw.

In the future, contributors to the testing guide should consider adding entries under each section relevant to a specific platform. Over time, OWASP contributors will write platform specific guides and expand upon this body of knowledge.

If a specific area of interest is not covered in this guide, please feel free to either:

*write the material yourself by registering for a wiki account and contributing content: [https://www.owasp.org/index.php/Special:RequestAccount Wiki Registration]
*bring this up as a topic on the Mobile Project’s mailing list: [https://lists.owasp.org/mailman/listinfo/owasp-mobile-security-project Mobile Mailing List]

Collaboration on building the guide is being performed within Google Docs. You can find the latest and greatest material here: [https://docs.google.com/document/m/?id=1N7zMXlFHtWfc00xa6lRHnVB60U4BZO4SbUrWYMbojVM&pli=1&login=1 Testing Guide Google Doc]

== Information Gathering ==

As a result of this initial information gathering exercise, the tester will be better prepared for the future testing phases. Testers, Developers and Security people often fail to take the time to learn the target application and supporting infrastructure, opting to dive in blind, possibly losing valuable time and missing possible attack vectors. Without a solid understanding of how the application “should” work as well as the technologies in use, the tester will not be able to identify when the application behaves in a manner that it “shouldn’t”.

Prerequisites of this phase may require specific operating systems, platform specific software development kits (SDK’s), rooted or jailbroken devices, the ability to man-in-the-middle secure communications (i.e. HTTPS) and bypass invalid certificate checks.

*Manually navigate through the running application to understand the basic functionality and workflow of the application. This can be performed on a real device or within a simulator/emulator. For deeper understanding of application functionality tester can proxy and sniff all network traffic from either a physical mobile device or an emulator/simulator recording and logging traffic (if your proxy tool permits logging, which most should).

*Identify the networking interfaces used by the application, for instance:
**Mobile Communication (GSM, GPRS, EDGE, LTE)
**Wireless (Wi-Fi (802.11 standards), Bluetooth, NFC)
**Virtual Interfaces (i.e. VPN)

*Determine what the application supports for access 3G, 4G, wifi and or others

*What networking protocols are in use?
**Are secure protocols used where needed?
**Can they be switched with insecure protocols?

*Does the application perform commerce transactions?
**Credit card transactions and/or stored payment information (certain industry regulations may be required (i.e. PCI DSS)).
**In-app purchasing of goods or features
**Make note for future phases to determine does the application store payment information? How is payment information secured?

*Monitor and identify the hardware components that the application may potentially interact with
**NFC
**Bluetooth
**GPS
**Camera
**Microphone
**Sensors
**USB

*Perform open source intelligence gathering (search engines, source code repositories, developer forums, etc.) to identify source code or configuration information that may be exposed (i.e. 3rd party components integrated within the application)

*What frameworks are in use?

*Identify if the application appears to interact with any other applications, services, or data such as:
**Telephony (SMS, phone)
**Contacts
**Auto correct / dictionary services
**Receiving data from apps and other on-device services
**Google Wallet
**iCloud
**Social networks (i.e. Facebook, Twitter, LinkedIn, Google+)
**Dropbox
**Evernote
**Email
**Etc.

*Can you determine anything about the server side application environment?
**Hosting provider (AWS, App Engine, Heroku, Rackspace, Azure, etc.)
**Development environment (Rails, Java, Django, ASP.NET, etc.)
**Does the application leverage Single Sign On or Authentication APIs (Google Apps, Facebook, iTunes, OAuth, etc.)
**Any other APIs in use
***Payment gateways
***SMS messaging
***Social networks
***Cloud file storage
***Ad networks

*Perform a thorough crawl of exposed web resources and sift through the requests and responses to identify potentially interesting data or behavior
**Leaking sensitive information (i.e. credentials) in the response
**Resources not exposed through the UI
**Error messages
**Cacheable information

== Static Analysis ==

There are two primary ways static analysis will generally be performed on a mobile application:
#Analyzing source code obtained from development team (prefered)
#Using a compiled binary.

Some level of static analysis should be performed for both dynamic and forensic analysis, as the application’s code will almost always provide valuable information to the tester (i.e. logic, backend targets, APIs, etc).

In scenarios where the primary goal is to identify programmatic examples of security flaws, your best bet is to review pure source code as opposed to reverse engineering compiled software. For source code reviews, it is highly beneficial to have access to either a development or production instance of any web services. This includes both source code and a working test environment to perform the assessment within in order to expedite understanding of the code.

=== Getting Started ===
*If the source is not directly available, decompile or disassemble the application’s binary
**extract the application from the device
**follow the appropriate steps for your platform’s application reverse engineering
**some applications may also require decryption prior to reverse engineering (note: decryption and code obfuscation are not the same thing)

*Review the permissions the application requests as well as the resources that it is authorized to access (i.e. AndroidManifest.xml, iOS Entitlements or Windows Phone's WMAppManifest.xml)

*Are there any easy to identify misconfigurations within the application found within the configuration files? Debugging flags set, world readable/writable permissions, etc.

*What frameworks are in use? Is the application built using a cross-platform framework?

*Identify the libraries in use including both platform provided as well as third party. Perform a quick review on the web to determine if these libraries:
**are up to date
**are free of vulnerabilities
**expose functionality that requires elevated privileges (access to location or contact data)
**native code

*Does the application check for rooted/jailbroken devices? How is this done? How can this be circumvented? Is it as easy as changing the case of a file name or name of executable or path?

*Determine what types of objects are implemented to create the various views within the application. This may significantly alter your test cases, as some views implement web browser functionality while others are native UI controls only.

*Is all code expected to run within the platform’s standard runtime environment, or are some files/libraries dynamically loaded or called outside of that environment at runtime?

*Attempt to match up every permission that the application requests with an actual concrete implementation of it within the application. Often, developers request more permission than they actually need. Identify if the same functionality could be enabled with lesser privileges.

*Locate hard coded secrets within the application such as API keys, credentials, or proprietary business logic.

*Identify every entry point for untrusted data entry and determine how it enforces access controls, validates and sanitizes inbound data, and passes the data off to other interpreters
**From web service calls
**Receiving data from other apps and on-device services
**Inbound SMS messages
**Reading information from the filesystem

=== Authentication ===

*Locate the code which handles user authentication through the UI. Assess the possible methods of user impersonation via vectors such as parameter tampering, replay attacks, and brute force attacks.

*Check if authentication is done online/offline. Sometimes authentication is done offline, so here you can try SQLi to bypass authentication.

*Determine if the application utilizes information beyond username/password such as
**contextual information (i.e.- device identifiers, location)
**certificates
**tokens

*Does the application utilize visual swipe or touch passwords vs. conventional usernames and passwords?
**Assess the method of mapping the visual objects to an authentication string to determine if adequate entropy exists

*Does the application implement functionality that permits inbound connections from other devices? (i.e.- Wi-Fi Direct, Android Beam, network services)
**Does the application properly authenticate the remote user or peer prior to granting access to device resources?
**How does the application handle excessive failed attempts at authentication?
**are failed attempts logged?
**what mechanisms exist to inform the user of a potential attack?

*Is there account lockout implemented for limited invalid login attempts?
**How many invalid attempts are allowed?
**Does application handles DOS performed using account lockout feature?
**How does it unlock the user account?

*Single Sign On, e.g.
**OAuth
**Facebook
**Google Apps

*SMS
**How is the sender authenticated?
***password
***header information
***Other mechanism?
**Are one time passwords (OTP) used or is other sensitive account data transmitted via SMS?
***Can other applications access this data?
**What if attacker tampers OTP using gprs modem?
**Can application validate the tampered OTP?

*USSD
**Does application use USSD/Flash messages to authenticate use?
***USSD based authentication is more reliable than SMS

*Push Notifications
**If the application consumes information via push notifications, how does the application verify the identity of the sender?

=== Authorization ===
*Review file permissions for files created at runtime

*Determine if it is possible to access functionality not intended for your role

**Identify if the application has role specific functionality within the mobile application

**Locate any potential flags or values that may be set on the client from any untrusted source that can be a point of privilege elevation such as
***databases
***flat files
***HTTP responses

**Find places within an application that were not anticipated being directly accessed without following the application’s intended workflow

*Licensing
**Can licensing checks be defeated locally to obtain access to paid-for data resources? (i.e.- patching a binary, modifying it at runtime, or by modifying a local configuration file)
**Does the code suggest that licensed content is served with a non-licensed app but restricted by UI controls only?
**Are licensing checks performed properly by the server or platform licensing services?
**How does the application detect and respond to tampering?
***Are alerts sent to and expected by the developer?
***Does the application fail open or fail closed?
***Does the application wipe its data?

=== Session Management ===

*Ensure that sessions timeout locally as well as server side.
**Make sure Session Timeout is set to minimal value.

*Is sensitive information utilized within the application flushed from memory upon session expiration?

*No Session IDs should be passed in URL, ensure usage of POST method or hidden fields.

*Detect Session Fixation/Tampering on Server Side.

*Ensure Session tokens are randomized and are not guessable or in sequence.

=== Data Storage ===

*Encryption
**Are the algorithms used “best of breed” or do they contain known issues?
**How are keys derived from i.e. a password?
**Based on the algorithms and approaches used to encrypt data, do implementation issues exist that degrade the effectiveness of encryption?
**How are keys managed and stored on the device? Can this reduce the complexity in breaking the encryption?

*Identify if the application utilizes storage areas external to the “sandboxed” locations to store unencrypted data such as:
**Places with limited access control granularity (SD card, tmp directories, etc.)
**Directories that may end up in backups or other undesired locations (iTunes backup, external storage, etc.)
**Cloud storage services such as Dropbox, Google Drive, or S3

*Does the application write sensitive information to the file system at any point, such as:
**Credentials
***Username and/or password
***API keys
***Authentication tokens
**Payment information
**Patient data
**Signature files

*Is sensitive information written to data stores via platform exposed APIs such as contacts?

=== Information Disclosure ===

*Logs
**Does the application log data? Is sensitive information accessible?
**How are the logs accessed, if so, and by which mechanism/functionality? Is log access protected?
**Can any of the logged information be considered a privacy violation?
**Is the device identifier sent that could be used to identify the user? (i.e.UDID in Apple devices)
**Does the application upload any log file to the server?
***Is the log file extension validated before upload?
***Is the content of the log file validated before upload? What if malicious code is embedded in log file?

*Caches
**Predictive text
**Location information
**Copy and paste
**Application snapshot
**Browser cache
**Non-standard cache locations (i.e the various SQLite databases that apps can create if they use HTML UI components)
**Are HTTPS responses being cached?

*Exceptions
**Does sensitive data leak in crash logs?
**How does application handle data/logs outside its container?

*Third Party Libraries and APIs
**What permissions do they require?
**Do they access or transmit sensitive information?
Review licensing requirements for any potential violations.
**Can their runtime behavior expose users to privacy issues and unauthorized tracking?

=== Web Application Issues ===

*XSS and HTML Injection
**Identify places where the application passes untrusted data into a web view or browser
**Determine if the application properly output encodes or sanitizes the data within the appropriate context
*OS Command Injection (if the application utilizes a shell)
**Where the application permits usage of the shell, identify the entry points to manipulate or alter the commands via user input or external untrusted data
**Determine if an attacker can inject arbitrary commands or manipulate the intended command in any way
*CSRF
*SQL Injection
*Cookies
*HTML5
*XML Injection
*Check Cross Domain Policy

=== Networking ===

*Are insecure protocols used to send or receive sensitive information? Examples- FTP, SNMP v1, SSH v1

*Are there any known issues with the specific libraries you are using to implement the protocol?

=== Transport Layer Protection ===
*Does the application properly implement Certificate Pinning?

*Are certificates validated to determine if:
**The certificate has not expired
**The certificate was issued by a valid certificate authority
**The remote destination information matches the information within the certificate?

*Are certificates validated only by the operating system or also by the application that relies on it?

*Identify if code exist to alter the behavior for traffic transiting different interfaces (i.e.- 3G/4G comms vs. Wi-Fi)? If so, is encryption applied universally across each of them

=== Helpful Search Strings and Regular Expressions ===

*DEBUG
*printStackTrace
*username/userID/password/passwd/pwd/
*key/encrypt/decrypt/MD5/MD4
*timeout/session.invalidate
*root/jailbreak
*test/demo/
*sqlconnection/sqlevents/sqldemo/sqlconn/sqltest
*account/URL/hostname/ipaddress
*proxy

== Dynamic Analysis ==

Armed with data collected during the Information Gathering and Static Analysis phases, the tester can begin an informed vulnerability assessment of the mobile application client, server and associated services.

Dynamic analysis is conducted against the backend services and APIs and the type of tests varies depending on mobile application type.

=== Application Types ===

*Native Mobile Application: Native mobile applications can be installed on to the device. This type of applications generally store most of their code on the device. Any information required can be requested to the server using the HTTP/s protocol

*Web services for Mobile Application: Native mobile application that uses SOAP or REST based web services to communicate between client and Server

*Mobile Browser Based Application: Web browser based applications can be accessed using device’s browsers such as Safari or Chrome. Most of the commercial applications are nowadays specifically designed and optimized for mobile browsers. These applications are no different than traditional web application and all the web application vulnerabilities apply to these apps and these should be tested as traditional web apps.

*Mobile Hybrid Applications:Applications can leverage web browser functionality within native applications, blending the risks from both classes of applications.

In this phase, the mobile client, backend services, and host platform is analyzed/scanned in attempt to uncover potential risks, vulnerabilities and threats. The use of an intercepting proxy tool as well as automated vulnerability scanners are core to this phase. In many cases, you will also need some type of shell access to the device.

The following outline can be used as a “Dynamic Analysis” guide in planning a mobile assessment.

=== Establishing a Baseline ===

*Generate File System Baseline Fingerprint (before app installation)
**Application interactions with the host file system must be reviewed and analyzed at various stages of testing; starting with baseline capture. This may require a shell or GUI depending on platform and/or preference.

*Install, Configure and Use the Application
**Manually inspect the file system to determine what files/databases were created, what and how data is stored. Did the application store sensitive data unencrypted or trivially protected (i.e. encoded)?
**Generally, pay attention to credentials, payment information, or other highly sensitive information being saved to the device. Also take a look at databases, log files, predictive text caches, and crash logs.

=== Debugging ===

*Attach a debugger to an application to step through code execution and setting breakpoints at interesting code within the application

*Monitor logged messages and notifications generated at runtime

*Observe interprocess communications between the target application and other applications and services running on the mobile device.

=== Active Testing ===

==== Local Testing ====

*Exposed IPC interfaces
**Sniff
**Fuzz
**Bypass authorization checks

===== Cryptography =====

*Brute force attacks against keys, pins, and hashes
*Attempt to reconstruct encrypted data through recovery of keys, hardcoded secrets, and any other information exposed by the application

===== Web Applications =====

*XSS and HTML Injection
**Is it possible to inject client side code (i.e. JavaScript) or HTML into the application to either modify the inner working of the application or it's user interface?

*Command Injection (if the application utilizes a shell)

*CSRF

*SQL Injection

*Cookies
**Are cookies issued by a server secured by using the HTTP-only and Secure flag?
**Is there any sensitive information stored in the cookies?

*HTML5 Storage

===== Authentication =====

*Assess the methods an application uses to authenticate peers
**NFC
**SMS
**Push notifications
**Across IPC channels (identify the calling application’s privileges and identity)

===== Authorization =====
*Instrument, patch, or interact with application at runtime to bypass methods intended to prevent usage of privileged or premium features

*Determine if configuration or locally stored data can be manipulated in order to elevate a user’s privileges

*Check the filesystem permissions for any files created at runtime

===== File System Analysis =====

*Assess the application’s behavior throughout it’s lifecycle to determine if special functionality is triggered to persist an application’s state when it enters different stages:
**Placed into the foreground
**Sent into the background
**Upon exiting the application

*Data storage in Cache

*Looking for artifacts left on device

*Unencrypted data storage on the device

*Encryption of data in backups

*Username/password, or app-specific unique device id stored on the device

*Application Permissions , Privileges and Access controls on the device

*Generally, pay attention to credentials, payment information, or other highly sensitive information being saved to the device. Also take a look at log files, predictive text caches, and crash logs.

*Is sensitive information cached within the application’s UI back stack?

*Utilize forensic tools to determine if deleted data can be recovered from the filesystem as well as within databases

===== Memory Analysis =====

*Determine if sensitive information persists within memory after performing the following actions:
**Logging out of the application
**Transition between UI components

*Is it possible to obtain encryption keys, credentials, payment information and other sensitive information by dumping device or application memory?

==== Remote Application/Service Testing ====

===== Authentication =====

*What methods are available (3G, 4G, Wifi, etc)?

*What happens if the remote authentication service becomes unavailable?

*Assess strength of password requirements

*Test how account lockouts are implemented

*Analyze (monitor traffic) how each method performs authentication. Note target wifi as this is a common area where authentication can be weak. Ensure authentication is robust and not based on trivial attributes (i.e. MDN, ESN, etc).

*Verify that authentication tokens are terminated after a user initiates a password reset

*Single Sign On (SSO)

*SMS Based
**One Time Passwords (OTP)
**Two Factor Authentication

*Push Notifications

*Licensing

===== Authorization =====

*What happens if the remote authorization handling service becomes unavailable?

*Test if direct access to backend resources is possible

*Access controls to server side resources not enforced

*Vertical and horizontal privilege escalation

===== Session Management =====

*Entropy analysis
*Device identifier related?
*Are session tokens refreshed between logouts?
*Lifetime and expiration
*Handling the session token on the device (stored, in memory, etc.)
*Privilege Escalation
*Ineffective Session Termination
*Session Fixation
*Pre-login/Login/Post-login Session checks
*Unique Session Generation

===== Transport Layer Testing =====
*Man-in-the-middle attacks
*Eavesdropping
*SSL checks (cypher strengths/weakness etc.)
*SSL Striping

===== Server Side Attacks =====

*Triggering unhandled exceptions
*Cross-Site Scripting
*SQL Injection
*XML Bombs
*Buffer overflow
*Unrestricted File Upload
*Open Redirect
*Cross Origin Resource Sharing

===== Server, Network & Application Scanning =====

*Based on prior phases you should have 1 or more target servers (i.e. URLs) as candidates for automated vulnerability scanning. Mobile applications often leverage existing web services/applications (i.e. hybrid applications) which must be tested for security vulnerabilities.

===== Conclusion =====

Mobile applications are continuing to mature and evolve thus to be effective, security testers must strive to advance their knowledge and skills. Please check back periodically for updates and share your feedback with us.

= Mobile Cheat Sheet =
== Mobile Cheat Sheet Series ==

Cheat sheets provide the information most relevant to a developer or security engineer with minimal "fluff". The goal of the project is to build a collection of cheat sheets that provide actionable, useful, and straight to the point guidance for a plethora of mobile security issues.

== Platform Agnostic ==

[https://www.owasp.org/index.php/Mobile_Jailbreaking_Cheat_Sheet Mobile Jailbreaking Cheat Sheet]

== Android ==

== iOS ==
<ul>
<li>[https://www.owasp.org/index.php/IOS_Developer_Cheat_Sheet iOS Developer Cheat Sheet]</li>
<li>[https://www.owasp.org/index.php/IOS_Application_Security_Testing_Cheat_Sheet iOS Application Security Testing Cheat Sheet]</li>
</ul>

== Windows Phone (Developer Unlock) ==

Developer Unlock:
You need to have machine with Windows 8 64-bit OS in it.
Connect your phone to Win8 machine using USB cable and start Visual Studio 2013 (with Windows Mobile package installed).
Go to Tool Windows Phone 8.1  Developer Unlock.

XAP file deployment and Local Storage Check on Windows Mobile with OS 8+
1. You need to have machine with Windows 8 64-bit OS running in it.
2. Install Windows 8 power tools (WP8).
Download WP8 here: http://wptools.codeplex.com/
3. Connect your Windows Phone to Win8 machine using USB cable and WP8 will detect your device.
4. You can now: install XAP files, update XAP files, check local storage (isolated storage), and get various attributes.

== RIM ==

= Secure Mobile Development =
'''Secure Mobile Development Guidelines Objective'''

The OWASP Secure Development Guidelines provides developers with the knowledge they need to build secure mobile applications. An extendable framework will be provided that includes the core security flaws found across nearly all mobile platforms. It will be a living reference where contributors can plug in newly exposed APIs for various platforms and provide good/bad code examples along with remediation guidance for those issues.

== Mobile Application Coding Guidelines ==
The purpose of this section is to provide application developers guidelines on how to build secure mobile applications, given the differences in security threat between applications running on a typical desktop as compared to those running on a mobile device (such as tablets or cell phones).

Using the guidance provided here, developers should code their applications to mitigate these malicious attacks. While more general coding guidelines should still be followed as applicable, this page lists additional considerations and/or modifications to common guidelines and is written using the best knowledge available at this time.

=== Authentication and Password Management ===
This is a set of controls used to verify the identity of a user, or other entity, interacting with the software, and also to ensure that applications handle the management of passwords in a secure fashion.
<ol type="a">
<li> Instances where the mobile application requires a user to create a password or PIN (say for offline access), the application should never use a PIN but enforce a password which follows a strong password policy.
<li> Mobile devices may offer the possibility of using password patterns which are never to be utilized in place of passwords as sufficient entropy cannot be ensured and they are easily vulnerable to smudge-attacks.
<li> Mobile devices may also offer the possibility of using biometric input to perform authentication which should never be used due to issues with false positives/negatives, among others.
<li> Wipe/clear memory locations holding passwords directly after their hashes are calculated.
<li> Based on risk assessment of the mobile application, consider utilizing two-factor authentication.
<li> For device authentication, avoid solely using any device-provided identifier (like UID or MAC address) to identify the device, but rather leverage identifiers specific to the application as well as the device (which ideally would not be reversible). For instance, create an app-unique “device-factor” during the application install or registration (such as a hashed value which is based off of a combination of the length of the application package file itself, as well as the current date/time, the version of the OS which is in use, and a randomly generated number). In this manner the device could be identified (as no two devices should ever generate the same “device-factor” based on these inputs) without revealing anything sensitive. This app-unique device-factor can be used with user authentication to create a session or used as part of an encryption key.
<li> In scenarios where offline access to data is needed, add an intentional X second delay to the password entry process after each unsuccessful entry attempt (2 is reasonable, also consider a value which doubles after each incorrect attempt).
<li> In scenarios where offline access to data is needed, perform an account/application lockout and/or application data wipe after X number of invalid password attempts (10 for example).
<li> When utilizing a hashing algorithm, use only a NIST approved standard such as SHA-2 or an algorithm/library.
<li> Salt passwords on the server-side, whenever possible. The length of the salt should at least be equal to, if not bigger than the length of the message digest value that the hashing algorithm will generate.
<li> Salts should be sufficiently random (usually requiring them to be stored) or may be generated by pulling constant and unique values off of the system (by using the MAC address of the host for example or a device-factor; see 3.1.2.g.). Highly randomized salts should be obtained via the use of a Cryptographically Secure Pseudorandom Number Generator (CSPRNG). When generating seed values for salt generation on mobile devices, ensure the use of fairly unpredictable values (for example, by using the x,y,z magnetometer and/or temperature values) and store the salt within space available to the application.
<li> Provide feedback to users on the strength of passwords during their creation.
<li> Based on a risk evaluation, consider adding context information (such as IP location, etc…) during authentication processes in order to perform Login Anomaly Detection.
<li> Instead of passwords, use industry standard authorization tokens (which expire as frequently as practicable) which can be securely stored on the device (as per the OAuth model) and which are time bounded to the specific service, as well as revocable (if possible server side).
<li> Integrate a CAPTCHA solution whenever doing so would improve functionality/security without inconveniencing the user experience too greatly (such as during new user registrations, posting of user comments, online polls, “contact us” email submission pages, etc…).
<li> Ensure that separate users utilize different salts.
</ol>

=== Code Obfuscation ===
This is a set of controls used to prevent reverse engineering of the code, increasing the skill level and the time required to attack the application.

<ol type="a">
<li>Abstract sensitive software within static C libraries.
<li> Obfuscate all sensitive application code where feasible by running an automated code obfuscation program using either 3rd party commercial software or open source solutions.
<li> For applications containing sensitive data, implement anti-debugging techniques (e.g. prevent a debugger from attaching to the process; android:debuggable=”false”).
<li> Ensure logging is disabled as logs may be interrogated other applications with readlogs permissions (e.g. on Android system logs are readable by any other application prior to being rebooted).
<li> So long as the architecture(s) that the application is being developed for supports it (iOS 4.3 and above, Android 4.0 and above), Address Space Layout Randomization (ASLR) should be taken advantage of to hide executable code which could be used to remotely exploit the application and hinder the dumping of application’s memory.
</ol>

=== Communication Security ===
This is a set of controls to help ensure the software handles the sending and receiving of information in a secure manner.

<ol type="a">
<li>Assume the provider network layer is insecure. Modern network layer attacks can decrypt provider network encryption, and there is no guarantee a Wi-Fi network (if in-use by the mobile device) will be appropriately encrypted.
<li> Ensure the application actually and properly validates (by checking the expiration date, issuer, subject, etc…) the server’s SSL certificate (instead of checking to see if a certificate is simply present and/or just checking if the hash of the certificate matches). To note, there are third party libraries to assist in this; search on “certificate pinning”.
<li> The application should only communicate with and accept data from authorized domain names/systems. It is permissible to allow application updates which will modify the list of authorized systems and/or for authorized systems to obtain a token from an authentication server, present a token to the client which the client will accept.
<li> To protect against attacks which utilize software such as SSLStrip, implement controls to detect if the connection is not HTTPS with every request when it is known that the connection should be HTTPS (e.g. use JavaScript, Strict Transport Security HTTP Header, disable all HTTP traffic).
<li> The UI should make it as easy as possible for the user to find out if a certificate is valid (so the user is not totally reliant upon the application properly validating any certificates).
<li> When using SSL/TLS, use certificates signed by trusted Certificate Authority (CA) providers.
</ol>

=== Data Storage and Protection ===
This is a set of controls to help ensure the software handles the storing and handling of information in a secure manner. Given that mobile devices are mobile, they have a higher likelihood of being lost or stolen which should be taken into consideration here.

<ol type="a">
<li>Only collect and disclose data which is required for business use of the application. Identify in the design phase what data is needed, its sensitivity and whether it is appropriate to collect, store and use each data type.
<li> Classify data storage according to sensitivity and apply controls accordingly (e.g. passwords, personal data, location, error logs, etc.). Process, store and use data according to its classification
<li> Store sensitive data on the server instead of the client-end device, whenever possible. Assume any data written to device can be recovered.
<li> Beyond the time required by the application, don’t store sensitive information on the device (e.g. GPS/tracking).
<li> Do not store temp/cached data in a world readable directory. Assume shared storage is untrusted.
<li> Encrypt sensitive data when storing or caching it to non-volatile memory (using a NIST approved encryption standard such as AES-256, 3DES, or Skipjack).
<li> Use the PBKDF2 function to generate strong keys for encryption algorithms while ensuring high entropy as much as possible. The number of iterations should be set as high as may be tolerated for the environment (with a minimum of 1000 iterations) while maintaining acceptable performance.
<li> Sensitive data (such as encryption keys, passwords, credit card #’s, etc…) should stay in RAM for as little time as possible.
<li> Encryption keys should not remain in RAM during the instance lifecycle of the app. Instead, keys should be generated real time for encryption/decryption as needed and discarded each time.
<li> So long as the architecture(s) that the application is being developed for supports it (iOS 4.3 and above, Android 4.0 and above), Address Space Layout Randomization (ASLR) should be taken advantage of to limit the impact of attacks such as buffer overflows.
<li> Do not store sensitive data in the keychain of iOS devices due to vulnerabilities in their cryptographic mechanisms.
<li> Ensure that sensitive data (e.g. passwords, keys etc.) are not visible in cache or logs.
<li> Never store any passwords in clear text within the native application itself nor on the browser (e.g. save password feature on the browser).
<li> When displaying sensitive information (such as full account numbers), ensure that the sensitive information is cleared from memory (such as from the webView) when no longer needed/displayed.
<li> Do not store sensitive information in the form of typical strings. Instead use character arrays or NSMutableString (iOS specific) and clear their contents after they are no longer needed. This is because strings are typically immutable on mobile devices and reside within memory even when assigned (pointed to) a new value.
<li> Do not store sensitive data on external storage like SD cards if it can be avoided.
<li> Consider restricting access to sensitive data based on contextual information such as location (e.g. wallet app not usable if GPS data shows phone is outside Europe, car key not usable unless within 100m of car etc...).
<li> Use non-persistent identifiers which are not shared with other apps wherever possible - e.g. do not use the device ID number as an identifier, use a randomly generated number instead.
<li> Make use of remote wipe and kill switch APIs to remove sensitive information from the device in the event of theft or loss.
<li> Use a time based (expiry) type of control which will wipe sensitive data from the mobile device once the application has not communicated with its servers for a given period of time.
<li> Automatic application shutdown and/or lockout after X minutes of inactivity (e.g. 5 mins of inactivity).
<li> Avoid cached application snapshots in iOS: iOS can capture and store screen captures and store them as images when an application suspends. To avoid any sensitive data getting captured, use one or both of the following options: 1. Use the ‘willEnterBackground’ callback, to hide all the sensitive data. 2. Configure the application in the info.plist file to terminate the app when pushed to background (only use if multitasking is disabled).
<li> Prevent applications from being moved and/or run from external storage such as via SD cards.
<li> When handling sensitive data which does not need to be presented to users (e.g. account numbers), instead of using the actual value itself, use a token which maps to the actual value on the server-side. This will prevent exposure of sensitive information.
</ol>

=== Paywall Controls ===
This is a set of practices to ensure the application properly enforces access controls related to resources which require payment in order to access (such as access to premium content, access to additional functionality, access to improved support, etc…).

<ol type="a">
<li> Maintain logs of access to paid-for resources in a non-repudiable format (e.g. a signed receipt sent to a trusted server backend – with user consent) and make them securely available to the end-user for monitoring.
<li> Warn users and obtain consent for any cost implications for application behavior.
<li> Secure account/pricing/billing/item information as it relates to users. If client has made any purchases via the application for instance, we should ensure that what they bought, the size of purchase, the quantity of the purchase, etc… should all be treated as sensitive information.
<li> Use a white-list model by default for paid-for resource addressing.
<li> Check for anomalous usage patterns in paid-for resource usage and trigger re- authentication. E.g. significant change in location occurs, user-language changes, etc...
</ol>

=== Server Controls ===
This is a set of practices to ensure the server side program which interfaces with the mobile application is properly safeguarded. These controls would also apply in cases where the mobile application may be integrating with vended solutions hosted outside of the typical network.

<ol type="a">
<li> Ensure that the backend system(s) are running with a hardened configuration with the latest security patches applied to the OS, Web Server and other application components.
<li> Ensure adequate logs are retained on the backend in order to detect and respond to incidents and perform forensics (within the limits of data protection law).
<li> Employ rate limiting and throttling on a per-user/IP basis (if user identification is available) to reduce the risk from DoS type of attacks.
<li> Carry out a specific check of your code for any sensitive data unintentionally transferred between the mobile application and the back-end servers, and other external interfaces (e.g. is location or other information included transmissions?).
<li> Ensure the server rejects all unencrypted requests which it knows should always arrive encrypted.
</ol>

=== Session Management ===
This is a set of controls to help ensure mobile applications handle sessions in a secure manner.

<ol type="a">
<li> Perform a check at the start of each activity/screen to see if the user is in a logged in state and if not, switch to the login state.
<li> When an application’s session is timed out, the application should discard and clear all memory associated with the user data, and any master keys used to decrypt the data.
<li> Session tokens should be revocable (particularly on the server side).
<li> Use lower timeout values to invalidate expired sessions (in contrast to the typical timeout values on traditional (non-mobile) applications).
</ol>

=== Use of 3rd Party Libraries/Code ===
This is a set of practices to ensure the application integrates securely with code produced from outside parties.

<ol type="a">
<li>Vet the security/authenticity of any third party code/libraries used in your mobile application (e.g. making sure they come from a reliable source, will continue to be supported, contain no backdoors) and ensure that adequate internal approval is obtained to use the code/library.
<li> Track all third party frameworks/API’s used in the mobile application for security patches and perform upgrades as they are released.
<li> Pay particular attention to validating all data received from and sent to non-trusted third party apps (e.g. ad network software) before incorporating their use into an application.
</ol>

== Mobile Application Provisioning/Distribution/Testing ==
This is a set of controls to ensure that software is tested and released relatively free of vulnerabilities, that there are mechanisms to report new security issues if they are found, and also that the software has been designed to accept patches in order to address potential security issues.

<ol type="a">
<li> Design & distribute applications to allow updates for security patches.
<li> Provide & advertise feedback channels for users to report security problems with applications (such as a MobileAppSecurity@ntrs.com email address).
<li> Ensure that older versions of applications which contain security issues and are no longer supported are removed from app-stores/app-repositories.
<li> Periodically test all backend services (Web Services/REST) which interact with a mobile application as well as the application itself for vulnerabilities using enterprise approved automatic or manual testing tools (including internal code reviews).
<li> Based on risk assessment of the application, have the application go through Security Assessment for a review of security vulnerabilities following the Team’s internal security testing of the application.
<li> Utilize the Enterprise provisioning process (e.g. IDM) to request and approve access for users on the mobile application.
<li> Ensure the application is sufficiently obfuscated prior to release by conducting tests which attempt to reverse engineer the obfuscated application.
<li> Distribute applications via an app-store type of interface (when appropriate) as many app-stores monitor applications for insecure code which we may benefit from.
<li> Digitally sign applications using a code signing certificate obtained via a trusted Certificate Authority (CA).
</ol>

= Top 10 Mobile Controls =
==OWASP/ENISA Collaboration==

OWASP and the European Network and Information Security Agency (ENISA) collaborated to build a joint set of controls. ENISA has published the results of the collaborative effort as the "Smartphone Secure Development Guideline": http://www.enisa.europa.eu/activities/application-security/smartphone-security-1/smartphone-secure-development-guidelines

[[File:OWASP_Mobile_Top_10_Controls.jpg|center|800px]]

==Contributors==

This document has been jointly produced with ENISA as well as the following individuals:
*Vinay Bansal, Cisco Systems
*Nader Henein, Research in Motion
*Giles Hogben, ENISA
*Karsten Nohl, Srlabs
*Jack Mannino, nVisium Security
*Christian Papathanasiou, Royal Bank of Scotland
*Stefan Rueping, Infineon
*Beau Woods, Stratigos Security

== Top 10 mobile controls and design principles==

'''[[#section control_1|1. Identify and protect sensitive data on the mobile device]]'''

'''Risks:''' Unsafe sensitive data storage, attacks on decommissioned phones unintentional disclosure: Mobile devices (being mobile) have a higher risk of loss or theft. Adequate protection should be built in to minimize the loss of sensitive data on the device.

*1.1 In the design phase, classify data storage according to sensitivity and apply controls accordingly (e.g. passwords, personal data, location, error logs, etc.). Process, store and use data according to its classification. Validate the security of API calls applied to sensitive data.
*1.2 Store sensitive data on the server instead of the client-end device. This is based on the assumption that secure network connectivity is sufficiently available and that protection mechanisms available to server side storage are superior. The relative security of client vs server-side security also needs to be assessed on a case-by-case basis (see ENISA cloud risk assessment (3) or the OWASP Cloud top 10 (4) for decision support).
*1.3 When storing data on the device, use a file encryption API provided by the OS or other trusted source. Some platforms provide file encryption APIs which use a secret key protected by the device unlock code and deleteable on remote kill. If this is available, it should be used as it increases the security of the encryption without creating extra burden on the end-user. It also makes stored data safer in the case of loss or theft. However, it should be born in mind that even when protected by the device unlock key, if data is stored on the device, its security is dependent on the security of the device unlock code if remote deletion of the key is for any reason not possible.
*1.4 Do not store/cache sensitive data (including keys) unless they are encrypted and if possible stored in a tamper-proof area (see control 2).
*1.5 Consider restricting access to sensitive data based on contextual information such as location (e.g. wallet app not usable if GPS data shows phone is outside Europe, car key not usable unless within 100m of car etc...).
*1.6 Do not store historical GPS/tracking or other sensitive information on the device beyond the period required by the application (see controls 1.7, 1.8).
*1.7 Assume that shared storage is untrusted - information may easily leak in unexpected ways through any shared storage. In particular:
**Be aware of caches and temporary storage as a possible leakage channel, when shared with other apps.
**Be aware of public shared storage such as address book, media gallery and audio files as a possible leakage channel. For example storing images with location metadata in the media-gallery allows that information to be shared in unintended ways.
**Do not store temp/cached data in a world readable directory.
*1.8 For sensitive personal data, deletion should be scheduled according to a maximum retention period, (to prevent e.g. data remaining in caches indefinitely).
*1.9 There is currently no standard secure deletion procedure for flash memory (unless wiping the entire medium/card). Therefore data encryption and secure key management are especially important.
*1.10 Consider the security of the whole data lifecycle in writing your application (collection over the wire, temporary storage, caching, backup, deletion etc)
*1.11 Apply the principle of minimal disclosure - only collect and disclose data which is required for business use of the application. Identify in the design phase what data is needed, its sensitivity and whether it is appropriate to collect, store and use each data type.
*1.12 Use non-persistent identifiers which are not shared with other apps wherever possible - e.g. do not use the device ID number as an identifier unless there is a good reason to do so (use a randomly generated number – see 4.3). Apply the same data minimization principles to app sessions as to http sessions/cookies etc.
*1.13 Applications on managed devices should make use of remote wipe and kill switch APIs to remove sensitive information from the device in the event of theft or loss. (A kill-switch is the term used for an OS-level or purpose-built means of remotely removing applications and/or data).
*1.14 Application developers may want to incorporate an application-specific "data kill switch" into their products, to allow the per-app deletion of their application's sensitive data when needed (strong authentication is required to protect misuse of such a feature).

'''2. Handle password credentials securely on the device'''

'''Risks:''' Spyware, surveillance, financial malware. A user's credentials, if stolen, not only provide unauthorized access to the mobile backend service, they also potentially compromise many other services and accounts used by the user. The risk is increased by the widespread of reuse of passwords across different services.

*2.1 Instead of passwords consider using longer term authorization tokens that can be securely stored on the device (as per the OAuth model). Encrypt the tokens in transit (using SSL/TLS). Tokens can be issued by the backend service after verifying
Smartphones secure development guidelines for app developers the user credentials initially. The tokens should be time bounded to the specific service as well as revocable (if possible server side), thereby minimizing the damage in loss scenarios. Use the latest versions of the authorization standards (such as OAuth 2.0). Make sure that these tokens expire as frequently as practicable.
*2.2 In case passwords need to be stored on the device, leverage the encryption and key-store mechanisms provided by the mobile OS to securely store passwords, password equivalents and authorization tokens. Never store passwords in clear text. Do not store passwords or long term session IDs without appropriate hashing or encryption.
*2.3 Some devices and add-ons allow developers to use a Secure Element e.g. (5) (6) – sometimes via an SD card module - the number of devices offering this functionality is likely to increase. Developers should make use of such capabilities to store keys, credentials and other sensitive data. The use of such secure elements gives a higher level of assurance with the standard encrypted SD card certified at FIPS 140-2 Level 3. Using the SD cards as a second factor of authentication though possible, isn't recommended, however, as it becomes a pseudo-inseparable part of the device once inserted and secured.
*2.4 Provide the ability for the mobile user to change passwords on the device.
*2.5 Passwords and credentials should only be included as part of regular backups in encrypted or hashed form.
*2.6 Smartphones offer the possibility of using visual passwords which allow users to memorize passwords with higher entropy. These should only be used however, if sufficient entropy can be ensured. (7)
*2.7 Swipe-based visual passwords are vulnerable to smudge-attacks (using grease deposits on the touch screen to guess the password). Measures such as allowing repeated patterns should be introduced to foil smudge-attacks. (8)
*2.8 Check the entropy of all passwords, including visual ones (see 4.1 below).
*2.9 Ensure passwords and keys are not visible in cache or logs.
*2.10 Do not store any passwords or secrets in the application binary. Do not use a generic shared secret for integration with the backend (like password embedded in code). Mobile application binaries can be easily downloaded and reverse engineered.

'''3. Ensure sensitive data is protected in transit'''

'''Risks:''' Network spoofing attacks, surveillance. The majority of smartphones are capable of using multiple network mechanisms including Wi-Fi, provider network (3G, GSM, CDMA and others), Bluetooth etc. Sensitive data passing through insecure channels could be intercepted. (9) (10)

*3.1 Assume that the provider network layer is not secure. Modern network layer attacks can decrypt provider network encryption, and there is no guarantee that the Wi-Fi network will be appropriately encrypted.
*3.2 Applications should enforce the use of an end-to-end secure channel (such as SSL/TLS) when sending sensitive information over the wire/air (e.g. using Strict Transport Security - STS (11)).This includes passing user credentials, or other authentication equivalents. This provides confidentiality and integrity protection.
*3.3 Use strong and well-known encryption algorithms (e.g. AES) and appropriate key lengths (check current recommendations for the algorithm you use e.g. (12) page 53).
*3.4 Use certificates signed by trusted CA providers. Be very cautious in allowing self- signed certificates. Do not disable or ignore SSL chain validation.
*3.5 For sensitive data, to reduce the risk of man-in-middle attacks (like SSL proxy, SSL strip), a secure connection should only be established after verifying the identity of the remote end-point (server). This can be achieved by ensuring that SSL is only established with end-points having the trusted certificates in the key chain.
*3.6 The user interface should make it as easy as possible for the user to find out if a certificate is valid.
*3.7 SMS, MMS or notifications should not be used to send sensitive data to or from mobile end-points.

'''Reference:''' Google vulnerability of Client Login account credentials on unprotected wifi - [http://www.google.com/url?q=http%3A%2F%2Fwww.uni-ulm.de%2Fin%2Fmi%2Fmitarbeiter%2Fkoenings%2Fcatching-authtokens.html&sa=D&sntz=1&usg=AFQjCNGO-Yp1KHqO8USuL0zxL1Lpwq1Usw]

'''4. Implement user authentication,authorization and session management correctly'''

'''Risks:''' Unauthorized individuals may obtain access to sensitive data or systems by circumventing authentication systems (logins) or by reusing valid tokens or cookies. (13)

*4.1 Require appropriate strength user authentication to the application. It may be useful to provide feedback on the strength of the password when it is being entered for the first time. The strength of the authentication mechanism used depends on the sensitivity of the data being processed by the application and its access to valuable resources (e.g. costing money).
*4.2 It is important to ensure that the session management is handled correctly after the initial authentication, using appropriate secure protocols. For example, require authentication credentials or tokens to be passed with any subsequent request (especially those granting privileged access or modification).
*4.3 Use unpredictable session identifiers with high entropy. Note that random number generators generally produce random but predictable output for a given seed (i.e. the same sequence of random numbers is produced for each seed). Therefore it is important to provide an unpredictable seed for the random number generator. The standard method of using the date and time is not secure. It can be improved, for example using a combination of the date and time, the phone temperature sensor and the current x,y and z magnetic fields. In using and combining these values, well-tested algorithms which maximise entropy should be chosen (e.g. repeated application of SHA1 may be used to combine random variables while maintaining maximum entropy – assuming a constant maximum seed length).
*4.4 Use context to add security to authentication - e.g. IP location, etc...
*4.5 Where possible, consider using additional authentication factors for applications giving access to sensitive data or interfaces where possible - e.g. voice, fingerprint (if available), who-you-know, behavioural etc.
*4.6 Use authentication that ties back to the end user identity (rather than the device identity).

'''5. Keep the backend APIs (services) and the platform (server) secure'''

'''Risks:''' Attacks on backend systems and loss of data via cloud storage. The majority of mobile applications interact with the backend APIs using REST/Web Services or proprietary protocols. Insecure implementation of backend APIs or services, and not keeping the back-end platform hardened/patched will allow attackers to compromise data on the mobile device when transferred to the backend, or to attack the backend through the mobile application. (14)

*5.1 Carry out a specific check of your code for sensitive data unintentionally transferred, any data transferred between the mobile device and web-server back- ends and other external interfaces - (e.g. is location or other information included within file metadata).
*5.2 All backend services (Web Services/REST) for mobile apps should be tested for vulnerabilities periodically, e.g. using static code analyser tools and fuzzing tools for testing and finding security flaws.
*5.3 Ensure that the backend platform (server) is running with a hardened configuration with the latest security patches applied to the OS, Web Server and other application components.
*5.4 Ensure adequate logs are retained on the backend in order to detect and respond to incidents and perform forensics (within the limits of data protection law).
*5.5 Employ rate limiting and throttling on a per-user/IP basis (if user identification is available) to reduce the risk from DDoS attack.
*5.6 Test for DoS vulnerabilities where the server may become overwhelmed by certain resource intensive application calls.
*5.7 Web Services, REST and APIs can have similar vulnerabilities to web applications:
**Perform abuse case testing, in addition to use case testing
**Perform testing of the backend Web Service, REST or API to determine vulnerabilities.

'''6. Secure data integration with third party services and applications'''

'''Risks:''' Data leakage. Users may install applications that may be malicious and can transmit personal data (or other sensitive stored data) for malicious purposes.

*6.1 Vet the security/authenticity of any third party code/libraries used in your mobile application (e.g. making sure they come from a reliable source, with maintenance supported, no backend Trojans)
*6.2 Track all third party frameworks/APIs used in the mobile application for security patches. A corresponding security update must be done for the mobile applications using these third party APIs/frameworks.
*6.3 Pay particular attention to validating all data received from and sent to non-trusted third party apps (e.g. ad network software) before processing within the application.

'''7. Pay specific attention to the collection and storage of consent for the collection and use of the user’s data'''

'''Risks:''' Unintentional disclosure of personal or private information, illegal data processing. In the European Union, it is mandatory to obtain user consent for the collection of personally identifiable information (PII). (15) (16)

*7.1 Create a privacy policy covering the usage of personal data and make it available to the user especially when making consent choices.
*7.2 Consent may be collected in three main ways:
**At install time
**At run-time when data is sent
**Via “opt-out” mechanisms where a default setting is implemented and the user has to turn it off.
*7.3 Check whether your application is collecting PII - it may not always be obvious - for example do you use persistent unique identifiers linked to central data stores containing personal information?
*7.4 Audit communication mechanisms to check for unintended leaks (e.g. image metadata).
*7.5 Keep a record of consent to the transfer of PII. This record should be available to the user (consider also the value of keeping server-side records attached to any user data stored). Such records themselves should minimise the amount of personal data they store (e.g. using hashing).
*7.6 Check whether your consent collection mechanism overlaps or conflicts (e.g. in the data handling practices stated) with any other consent collection within the same stack (e.g. APP-native + webkit HTML) and resolve any conflicts.

'''8. Implement controls to prevent unauthorized access to paid-for resources (wallet, SMS, phone calls etc.)'''
'''Risks:''' Smartphone apps give programmatic (automatic) access to premium rate phone calls, SMS, roaming data, NFC payments, etc. Apps with privileged access to such API’s should take particular care to prevent abuse, considering the financial impact of vulnerabilities that giveattackers access to the user’s financial resources.

*8.1 Maintain logs of access to paid-for resources in a non-repudiable format (e.g. a signed receipt sent to a trusted server backend – with user consent) and make them available to the end-user for monitoring. Logs should be protected from unauthorised access.
*8.2 Check for anomalous usage patterns in paid-for resource usage and trigger re- authentication. E.g. when significant change in location occurs, user-language changes etc.
*8.3 Consider using a white-list model by default for paid-for resource addressing - e.g. address book only unless specifically authorised for phone calls.
*8.4 Authenticate all API calls to paid-for resources (e.g. using an app developer certificate).
*8.5 Ensure that wallet API callbacks do not pass cleartext account/pricing/ billing/item information.
*8.6 Warn user and obtain consent for any cost implications for app behaviour.
*8.7 Implement best practices such as fast dormancy (a 3GPP specification), caching, etc. to minimize signalling load on base stations.

'''9. Ensure secure distribution/provisioning of mobile applications'''

'''Risks:''' Use of secure distribution practices is important in mitigating all risks described in the OWASP Mobile Top 10 Risks and ENISA top 10 risks.
*9.1 Applications must be designed and provisioned to allow updates for security patches, taking into account the requirements for approval by app-stores and the extra delay this may imply.
*9.2 Most app-stores monitor apps for insecure code and are able to remotely remove apps at short notice in case of an incident. Distributing apps through official app- stores therefore provides a safety-net in case of serious vulnerabilities in your app.
*9.3Provide feedback channels for users to report security problems with apps – e.g. a security@ email address.

'''10. Carefully check any runtime interpretation of code for errors '''

'''Risks:''' Runtime interpretation of code may give an opportunity for untrusted parties to provide unverified input which is interpreted as code. For example, extra levels in a game, scripts, interpreted SMS headers. This gives an opportunity for malware to circumvent walled garden controls provided by app-stores. It can lead to injection attacks leading to Data leakage, surveillance, spyware, and diallerware.

Note that it is not always obvious that your code contains an interpreter. Look for any capabilities accessible via user-input data and use of third party API’s which may interpret user-input - e.g. JavaScript interpreters.

*10.1 Minimize runtime interpretation and capabilities offered to runtime interpreters: run interpreters at minimal privilege levels.
*10.2 Define comprehensive escape syntax as appropriate.
*10.3 Fuzz test interpreters.
*10.4 Sandbox interpreters.

''Appendix A- Relevant General Coding Best Practices'''

Some general coding best practices are particularly relevant to mobile coding. We have listed some of the most important tips here:
**Perform abuse case testing, in addition to use case testing.
**Validate all input.
**Minimise lines and complexity of code. A useful metric is cyclomatic complexity (17).
**Use safe languages (e.g. from buffer-overflow).
**Implement a security report handling point (address) security@example.com
**Use static and binary code analysers and fuzz-testers to find security flaws.
**Use safe string functions, avoid buffer and integer overflow.
**Run apps with the minimum privilege required for the application on the operating
system. Be aware of privileges granted by default by APIs and disable them.
**Don't authorize code/app to execute with root/system administrator privilege
**Always perform testing as a standard as well as a privileged user
**Avoid opening application-specific server sockets (listener ports) on the client device.
Use the communication mechanisms provided by the OS.
**Remove all test code before releasing the application
**Ensure logging is done appropriately but do not record excessive logs, especially those
including sensitive user information.

''Appendix B- Enterprise Guidelines''
**If a business-sensitive application needs to be provisioned on a device, applications should enforce of a higher security posture on the device (such as PIN, remote management/wipe, app monitoring)
**Device certificates can be used for stronger device authentication.'

''References"
*1.ENISA. Top Ten Smartphone Risks . [Online] http://www.enisa.europa.eu/act/application-security/smartphone-security-1/top-ten-risks.
*2. OWASP. Top 10 mobile risks. [Online] https://www.owasp.org/index.php/OWASP_Mobile_Security_Project#tab=Top_Ten_Mobile_Risks.
*3. Cloud Computing: Benefits, Risks and Recommendations for information security. [Online] 2009. http://www.enisa.europa.eu/act/rm/files/deliverables/cloud-computing-risk-assessment.
*4. OWASP Cloud Top 10. [Online] https://www.owasp.org/index.php/Category:OWASP_Cloud_%E2%80%90_10_Project.
*5. Blackberry developers documents. [Online] http://www.blackberry.com/developers/docs/7.0.0api/net/rim/device/api/io/nfc/se/SecureElement.h tml,.
*6. Google Seek For Android. [Online] http://code.google.com/p/seek-for-android/.
*7. Visualizing Keyboard Pattern Passwords. [Online] cs.wheatoncollege.edu/~mgousie/comp401/amos.pdf.
*8. Smudge Attacks on Smartphone Touch Screens. Adam J. Aviv, Katherine Gibson, Evan Mossop, Matt Blaze, and Jonathan M. Smith. s.l. : Department of Computer and Information Science – University of Pennsylvania.
*9. Google vulnerability of Client Login account credentials on unprotected . [Online] http://www.uni- ulm.de/in/mi/mitarbeiter/koenings/catching-authtokens.html.
*10. SSLSNIFF. [Online] http://blog.thoughtcrime.org/sslsniff-anniversary-edition. 11. [Online] http://tools.ietf.org/html/draft-ietf-websec-strict-transport-sec-02.
Smartphones secure development guidelines for app developers
*11. [Online] http://tools.ietf.org/html/draft-ietf-websec-strict-transport-sec-02.
*12. NIST Computer Security. [Online] http://csrc.nist.gov/publications/nistpubs/800-57/sp800- 57_PART3_key-management_Dec2009.pdf.
*13. Google's ClientLogin implementation . [Online] http://www.uni- ulm.de/in/mi/mitarbeiter/koenings/catching-authtokens.html.
*14. [Online] https://www.owasp.org/index.php/Web_Services.
*15. EU Data Protection Directive 95/46/EC. [Online] http://eur- lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:31995L0046:en:HTML.
*16. [Online] http://democrats.energycommerce.house.gov/sites/default/files/image_uploads/Testimony_05.04.11 _Spafford.pdf.
*17. [Online] http://www.aivosto.com/project/help/pm-complexity.html.
*18. [Online] http://code.google.com/apis/accounts/docs/AuthForInstalledApps.html.
**19. Google Wallet Security. [Online] http://www.google.com/wallet/how-it-works-security.htm.

= OWASP Mobile Threat Model Project =
==Mobile Application Threat Model - Beta Release==

This is the first release (February 2013) of the Mobile Application Threat Model developed by the initial project team (listed at the end of this release). Development began mid-2011 and is being released in beta form for public comment and input. It is by no means complete and some sections will need more contributions, details and also real world case studies. It's the hope of the project team that others in the community can help contribute to this project to further enhance and improve this threat model.

===Mobile Threat Model Introduction Statement===
Threat modeling is a systematic process that begins with a clear understanding of the system. It is necessary to define the following areas to understand possible threats to the application:
* '''Mobile Application Architecture''' - This area describes how the application is designed from device specific features used by the application, wireless transmission protocols, data transmission mediums, interaction with hardware components and other applications.
* '''Mobile Data''' - What data does the application store and process? What is the business purpose of this data and what are the data workflows?
* '''Threat Agent Identification''' - What are the threats to the mobile application and who are the threat agents. This area also outlines the process for defining what threats apply to the mobile application.
* '''Methods of Attack''' - What are the most common attacks utilized by threat agents. This area defines these attacks so that controls can be developed to mitigate attacks.
* '''Controls''' - What are the controls to prevent attacks. This is the last area to be defined only after previous areas have been completed by the development team.

===Target Audience for the Mobile Threat Model===
This model is to be used by mobile application developers and software architects as part of the “threat modeling” phase of a typical SDLC process. The model can also be used by Information Security Professionals that need to determine what typical mobile application threats are and provide a methodology for conducting basic threat modeling.

===How to Use the Mobile Threat Model===
This threat model is designed as an outline or checklist of items that need to be documented, reviewed and discussed when developing a mobile application. Every organization that develops mobile applications will have different requirements as well as threats. This model was designed to be as organizational and industry agnostic as possible so that any mobile application development team can use this as a guide for conducting threat modeling for their specific application. Real world case studies as examples will be integrated to this threat model in the near future.

==Mobile Application Architecture==

The mobile application architecture should, at the very least, describe device specific features used by the application, wireless transmission protocols, data transmission medium, interaction with hardware components and other applications. Applications can be mapped to this architecture as a preliminary attack surface assessment.

===Architecture Considerations===

Although mobile applications vary in function, they can be described using a generalized model as follows:

Wireless interfaces

Transmission Type

Hardware Interaction

Interaction with on device applications/services

Interaction with off device applications/services

Encryption Protocols

* What is the design of the architecture (network infrastructure, web services, trust boundaries, third-party APIs, etc)
** Carrier
*** Data
*** SMS
*** Voice
** Endpoints
*** Web Services
**** RESTful or SOAP based
**** Third Party (Example: Amazon)
*** Websites
**** Does the app utilize or integrate the “mobile web” version of an existing web site?
*** App Stores
**** Google Play
**** Apple App Store
**** Windows Mobile
**** BlackBerry App Store
*** Cloud Storage
**** Amazon/Azure
*** Corporate Networks (via VPN, ssh, etc.)
** Wireless interfaces
*** 802.11
*** NFC
*** Bluetooth
*** RFID
** Device
*** App Layer
*** Runtime Environment (VM, framework dependencies, etc)
*** OS Platform
** Apple iOS
** Android
** Windows Mobile
** BlackBerry
*** Baseband
* Common hardware components
** GPS
** Sensors (accelerometer)
** Cellular Radios (GSM/CDMA/LTE)
** Flash Memory
** Removable Storage (i.e.- SD)
** USB ports
** Wireless Interfaces
*** 802.11
*** Bluetooth
*** NFC
*** RFID
** Touch Screen
** Hardware Keyboard
** Microphone
** Camera
* Authentication
** Method
*** Knowledge based
*** Token based
*** Biometrics
** Input Type
*** Keyboard
*** Touch screen
*** Hardware peripheral
** Decision Process
*** Local (on device)
*** Remote (off device)
* Define app architecture relative to OS stack + security model
** What should or shouldn't the app do?

==Mobile Data==
This section defines what purpose does the app serve from a business perspective and what data the app store, transmit and receive. It’s also important to review data flow diagrams to determine exactly how data is handled and managed by the application.

* What is the business function of the app?
* What data does the application store/process (provide data flow diagram)
** This diagram should outline network, device file system and application data flows
** How is data transmitted between third party API’s and app(s)
** Are there different data handling requirements between different mobile platforms? (iOS/Android/Blackberry/Windows/J2ME)
** Does the app use cloud storage APIs (Dropbox, Google Drive, iCloud, Lookout) for device data backups
** Does personal data intermingle with corporate data?
** Is there specific business logic built into the app to process data?
* What does the data give you (or an attacker) access to
** Data at Rest
** Example: Do stored credentials provide authentication?
** Data in Transit
** Example: Do stored keys allow you to break crypto functions (data integrity)?
* Third party data, is it being stored/transmitted?
** What is the privacy requirements of user data
** Example: UDID or Geolocation on iOS transmitted to 3rd party
** Are there regulatory requirements to meet specific to user privacy?
* How does other data on the device affect the app (sandboxing restrictions enforced?)
** Example: Authentication credentials shared between apps
* What is the impact of Jailbroken/Rooted vs Non Jailbroken/Rooted device and how this affects app data (can also relate to threat agent identification)

==Threat Agent Identification==
What are the threats to the mobile application and who are the threat agents. This area also outlines the process for defining what threats apply to the mobile application.

===Identifying Threat Agents===

The process of identifying a threat agent is very simple and have been mentioned in the below steps:

'''S1''': Take the list of all sensitive data (or information to protect) listed down from Section 2 – Mobile Data

'''S2:''' Make a list of all the ways to access this data

'''S3:''' The medium used to access the same listed in S3 is the Threat Agent to be identified

===Threat Agent Identification Example===

Let us understand it in a better way using an example of a Financial Application (specifically a Banking Application). Following the process as mentioned above:

'''S1:''' Sensitive data present in the application has been listed as: Beneficiary Details stored in some form in the Phone Application Memory and User Credentials used for authentication transmitted to the server.
'''S2:''' List the various ways of accessing information:

# Beneficiary Details:
## A device user aiming to browse through the memory card / phone memory
## An adversary using a jail broken phone; starts reading the content through putty/WinSCP via SSH
## An adversary while sniffing the WiFi, traffic sniffs the content travelling through the network
## Another malicious application while reading the phone memory contents, stumbles upon this data as the device is Jailbroken
## Another application which is sending data through SMS sends this data.
## A Web Application executing a script on the browser tries to get steal the phone memory and send it to its server.

'''S3:''' From the above points, we list down the medium used:

# Any user who has the device (Stolen device/ friend / etc)
## Any malicious application (installed / Web based script)
## An adversary sniffing the Wifi.
## etc.

From the above example you should have a clear picture on how to identify Threat Agents. Below is list of threat agents, which were identified while analyzing various commonly used applications.

===Listing of Threat Agents - By Category===

====Human Interaction====

* '''Stolen Device User:''' A user who obtained unauthorized access to the device aiming to get hold of the memory related sensitive information belonging to the owner of the device.

* '''Owner of the Device:''' A user who unwillingly has installed a malicious application on his phone which gains access to the device application memory.

* '''Common WiFi Network User:''' This agent is aimed at any adversary intentionally or unintentionally sniffing the WiFi network used by a victim. This agent stumbles upon all the data transmitted by the victim device and may re-use it to launch further attacks.

* '''Malicious Developer:''' A human user who has the intent of writing an application which not only provides a commonly known function like gaming / calculator / utility in the foreground but steal as much information from your device as possible in real-time and transmits it to the malicious user. This agent can also be looked at an angle from which he codes an app to perform DOS by using up all the device resources.

* '''Organization Internal Employees:''' Any user who is part of the organization (may be a programmer / admin / user / etc). Anyone who has privileges to perform an action on the application.

* '''App Store Approvers/Reviewers:''' Any app store which fails to review potentially dangerous code or malicious application which executes on a user’s device and performs suspicious/ malicious activities

====Automated Programs====

* '''Malware on the device''': Any program / mobile application which performs suspicious activity. It can be an application, which is copying real time data from the user’s device and transmitting it to any server. This type of program executes parallel to all the processes running in the background and stays alive performing malicious activity all the time. E.g. Olympics App which stole text messages and browsing history:[http://venturebeat.com/2012/08/06/olympics-android-app/ ][http://venturebeat.com/2012/08/06/olympics-android-app/ http://venturebeat.com/2012/08/06/olympics-android-app/]

* '''Scripts executing at the browser with HTML5''': Any script code written in a language similar to JavaScript having capability of accessing the device level content falls under this type of agent section. A script executing at the browser reading and transmitting browser memory data / complete device level data.

* '''Malicious SMS''': An incoming SMS redirected to trigger any kind of suspicious activity on the mobile device. There are multiple services which keep running in the background. Each of these services have listeners which might be active to listen for the content of an incoming SMS. An SMS message may be a sort of trigger for the service to perform some suspicious activity.

* '''Malicious App:''' Failure to detect malicious or vulnerable code and the likelihood of a compromise or attack against the app store itself, potentially turning legitimate code into hostile things including updates and new downloaded apps.

Below is a diagram illustrated to understand the Threat Agents and Threats in a visual manner:

[[image:Mobile-app-threat-agents.png|582x527px]]

'''Figure 1 : Pictorial Representation of Threats and Agents'''

==Methods of Attack==
In this section, we will observe different methods an attacker can use to reach the data. This data can be sensitive information to the device or something sensitive to the app itself.

===Attack’s Flowchart===

Destruction of the asset is normally classified as attack. Attack can be further categorized as a planned attack or an unplanned one. Unintended attacks are normally caused due to some form of accidental actions.

[[image:Mobile-app-attack-workflow.png]]

'''Figure 2: Attack Workflow'''

===Attack Scenario===

'''“Method aimed to read the local application memory”'''

The above mentioned attack methodology is the one in which the data which is targeted is application specific memory and the method used is memory based analysis. The attacker steals any sensitive data like passwords, userid, user account information which is stored in the application memory by reading the device memory.

We have listed down other methods below which can be mapped with the second section in a similar fashion:

The classification of attacks based on the way data is handled:

* Carrier Based Methods

# Man in the middle (MiTM) attacks which can steal data packets including SMS or voice packets
# Hijack wireless transmission.

* Endpoints based methods

# Inject code to tamper with web application or web services
# Many of the OWASP Mobile Top 10/OWASP Web Application Top 10
# Publishing Malwares in the app store
# Stealing user sensitive phone contents using Malwares
# Cloud storage
# Targeting malicious corporate network. (e.g. VPN Keys, etc)

* Wireless interfaces based methods

# Stealing data when its in-transit using wireless channel like 802.11, NFC based data exchange or Bluetooth based data exchange. Application Level Attacks

* OS and application level methods

# Exploit the Input validation on client-side by by-passing the checks
# An adversary steals sensitive data by reading SD Card based stored content
# Exploiting vulnerabilities within an app or runtime environment. (VM, framework dependencies, etc)
# An adversary exploits OS level functionalities steal data from device or server
# Rooting or Jailbreaking the phone to access sensitive data from memory

* Miscellaneous Methods

# Method used to exploit and steal GPS based signals which falls in users personal information
# Method used to exploit the flash memory
# Method used to perform “tap jacking” based attacks.
# Method used to steal keyboard cache or logs.
# Method used to steal microphone recordings of a user
# Method used to exploit and misuse the camera functionality.

==Controls==
What are the controls to prevent attacks. This is the last area to be defined only after previous areas have been completed by the development team.

* What are the controls to prevent an attack?
** Defined by platform
*** Apple iOS
*** Android
*** Windows Mobile
*** BlackBerry
* What are the controls to detect an attack?
** Defined by platform
*** Apple iOS
*** Android
*** Windows Mobile
*** BlackBerry
* What are the controls to mitigate/minimize impact of an attack?
** Defined by platform
*** Apple iOS
*** Android
*** Windows Mobile
*** BlackBerry
* What are the controls to protect users private information (privacy controls)
** Example: prompts for access to address book/geolocation
* Create a mapping of controls to each specific method of attack (defined in Section 4 – Methods of Attack)
** Create level of assurance framework based on controls implemented. This would be subjective to a certain point, but it would be useful in guiding organizations who want to achieve a certain level of risk management based on the threats and vulnerabilities
* Case studies, control examples

==Project Contributors==
Special thanks to the following team members who contributed to the initial release of the threat model:

Tom Eston (Project Lead)

Jack Mannino

Sreenarayan Ashokkumar

Swapnil Deshmukh

Brandon Knight

Steve Jensen

Shimon Modi

Rodrigo Marcos

Brandon Clark

Yvesmarie Quemener

Yashraj Paralikar

Ritesh Taank

= Mobile Device Management(MDM) =
==What is MDM Technology?==
MDM is a way to ensure employees stay productive and do not breach corporate policies. Many organizations control activities of their employees using MDM products/services.
MDM primarily deals with corporate data segregation, securing emails, securing corporate documents on device, enforcing corporate policies, integrating and managing mobile devices including laptops and handhelds of various categories.
There are two major types of MDM implementations:
1. On-premise Solution
2. Cloud-based Solution
For the organizations where security is highest concern, it preferred to have On-premise solution. This is always suggested for mission critical secure applications.
Cloud-based solution provides ease of access for the administrator.

==How does it provide Security?==
All MDM products are built with an idea of Containerization. The MDM Container is secured using latest crypto techniques (AES-256 or more preferred). All the corporate data like email, documents, enterprise application are encrypted and processed inside the container. This ensures that corporate data is separated from user’s personal data on the device.
Additionally, encryption for entire device and/or SD Card can also be enforced depending on MDM product capability.

'''Secure Email:'''
MDM products allow organization to integrate their existing email setup to be easily integrated with MDM environment. Almost all MDM products support easy integration with Exchange Server (2003/2007/2010), Office365, Lotus Notes, Blackberry Enterprise Server (BES) and others. This provided flexibility of configuring Email-over-air.

'''Secure Docs:'''
It is frequently seen that, employees copy attachments downloaded from corporate email to their personal devices and then misuse it. MDM can easily restrict/disable clipboard usage in/out of Secure Container; forwarding attachments to external domains can be restricted, downloading/saving attachments on SD Card. This ensures corporate data is not left insecure.

'''Secure Browser:'''
Using secure browser can avoid many potential security risks. Every MDM solution comes with built-in custom browser. Administrator can disable native browsers to force user to use Secure Browser, which is also inside the MDM container. URL filtering can be enforced to add additional productivity measure.

'''Secure App Catalogue:'''
Organization can distribute, manage, and upgrade applications on employee’s device using App Catalogue. It allows applications to be pushed on user device directly from the App Store or push an enterprise developed private application through the App Catalogue. This provides an option for the organization to deploy devices in Kiosk Mode or Lock-Down Mode.

==Additional MDM Features:==
There are plenty of other features depending on which MDM product being chosen. Below is the list for it:

• '''Policy Enforcing''': There are multiple types of policies which can be enforced on MDM users.
1. Persona Policy: According to corporate environment, highly customizable
2. Device Platform specific: policies for advanced management of Android, IOS, Windows and Blackberry devices.
3. Compliance Policies/Rules
• VPN configuration
• Application Catalogue

• Pre-defined Wi-Fi and Hotspot settings

• Jail-break/Root detection

• Remote Wipe of corporate data

• Remote Wipe of entire device

• Device remote locking

• Remote messaging/buzz

• Disabling native apps on device

==More light on MDM-MAM-MEM:==
'''Mobile Device Management (MDM)''' is like adding an extra layer of security and ensuring a way to monitor device related activities. MDM provides device platform specific features like device encryption, platform specific policies, SD Card encryption. Geo-location tracking, connectivity profiles (VPN, Wi-Fi, Bluetooth) and plenty other features are part of MDM Suite.

'''Mobile Application Management (MAM)''' is done by application wrapping i.e. injection arbitrary encryption code in the mobile application source. This is necessary for commercial applications or applications being developed in-house for Enterprise use. Additionally, white-listing/black-listing of application can be done. Features like Application Catalogue allow admin to push applications remotely to the devices for instant install, push remote updates and also remote removal of apps.

'''Mobile Email Management (MEM)''' ensures your corporate emails are containerized using advanced proprietary/free encryption algorithms. MEM ensures all emails remain inside the secure container, so that attackers get encrypted data even if they try to compromise the device data using USB cable on a system. Heavy restrictions on clipboard, attachments and trusted domains can be enforced. Nothing can move in-out of the secure container as clipboard is disabled. Even the attachments are downloaded and saved inside the secure container. To view the attachments there is secure document reader as well as secure document editor available in MDM solutions. Adding trusted domains will ensure that data from corporate email is not leaked to malicious/suspicious domains.

'''Top MDM Vendors in Market:'''

• AirWatch by VMware

• Amtel MDM

• BlackBerry BES10

• CA Technologies MDM

• Citrix XenMobile

• Dell EMM

• Good Technology MDM

• IBM MaaS360 MDM

• McAfee EMM

• Microsoft Enterprise Mobility Suite (EMS)

• MobileIron EMM

• SAP Afaria MDM

• SOTI MobiControl MDM

• Symantec Mobile Management

==For More Technical Details and Queries==

'''Author: Milan Singh Thakur'''

Contact: ''milanthakur2010@gmail.com''

Linkedin: Connect Professionally[https://in.linkedin.com/in/milansinghthakur]

__NOTOC__ <headertabs />

Projects/OWASP Mobile Security Project - Top Ten Mobile Risks

2015-06-27T21:04:17Z

Abhinav: /* About this list */

<center> 
{| align="center" style="width:45%; background-color:#FFFFFF; border:1px solid #a7d7f9; -moz-border-radius: 9px;-webkit-border-radius: 9px; border-radius: 9px; padding:1px;" id="social_bookmarks" class="noprint"
|-
|
<div class="plainlinks" align="center">
'''Share this:''' 
[[File:social-email.png|E-mail this story|link=mailto:?subject={{FULLPAGENAMEE}}&body={{FULLPAGENAMEE}}:%0A{{fullurle:{{FULLPAGENAME}}}}]]
[[File:social-facebook.png|Bookmark with Facebook|link=http://www.facebook.com/sharer.php?u={{fullurle:{{FULLPAGENAME}}}}&t={{urlencode:{{FULLPAGENAME}}}}]]
[[File:social-digg.png|Share on Digg.com|link=http://digg.com/submit?url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}} }}]]
[[File:social-delicious.png|16px|Share on delicious|link=http://delicious.com/post?url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}}}}]]
[[File:social-reddit.png|Share on reddit.com|link=http://reddit.com/submit?url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}}}}]]
[[File:social-stumbleupon.png|16px|Share on stumbleupon.com|link=http://stumbleupon.com/submit?url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}}}}]]
[[File:social-linkedin.png|16px|Share on LinkedIn.com|link=http://www.linkedin.com/shareArticle?mini=true&url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}}}}]]
[[File:social-twitter.png|alt=Share on twitter.com|link=http://twitter.com/?status={{fullurle:{{FULLPAGENAME}}}}|Share on twitter.com]]
[[File:social-newsvine.png|16px|Seed on Newsvine|link=http://www.newsvine.com/_wine/save?popoff=1&u={{fullurle:{{FULLPAGENAME}}}}]]
</div>
|}
</center>
== About this list ==
In 2013, we polled the industry for new vulnerability statistics in the field of mobile applications. What you see here is a result of that data and a representation of the mobile application threat landscape.

[[File:Mobile_Top_10_2014.png|right|630px]]
Our goals for the 2014 list included the following:
* Updates to the wiki content; including cross-linking to testing guides, more visual exercises, etc;
* Generation of more data; and
* A PDF release.

This list has been finalized after a 90-day feedback period from the community. Based on feedback, we intend on releasing a Mobile Top Ten 2015 list following a similar approach of collecting data, grouping the data in logical and consistent ways.

Feel free to visit [https://groups.google.com/a/owasp.org/forum/#!forum/owasp-mobile-top-10-risks the mailing list] as well!

== 2015 Mobile Top Ten Analysis Results ==
Are you interested in what the data collection for the 2015 list looks like? Check out the final synthesis... [[Media:2015 Data Synthesis Results.pptx]]

Here is the original raw data: [[https://www.dropbox.com/sh/d143o6tbkdx4w4l/AAAQlpmnCpHCgiBqZkgXPSTKa?dl=0 Dropbox Data]]

== Top 10 Mobile Risks - Final List 2014 ==
*[[Mobile_Top_10_2014-M1|M1: Weak Server Side Controls ]]
*[[Mobile_Top_10_2014-M2|M2: Insecure Data Storage ]]
*[[Mobile_Top_10_2014-M3|M3: Insufficient Transport Layer Protection ]]
*[[Mobile_Top_10_2014-M4|M4: Unintended Data Leakage ]]
*[[Mobile_Top_10_2014-M5|M5: Poor Authorization and Authentication ]]
*[[Mobile_Top_10_2014-M6|M6: Broken Cryptography ]]
*[[Mobile_Top_10_2014-M7|M7: Client Side Injection ]]
*[[Mobile_Top_10_2014-M8|M8: Security Decisions Via Untrusted Inputs ]]
*[[Mobile_Top_10_2014-M9|M9: Improper Session Handling ]]
*[[Mobile_Top_10_2014-M10|M10: Lack of Binary Protections ]]

== Project Leads, Credit, and Contributions ==

* ''' [[Mobile_Top_Contributions|Mobile Top Ten Contributions Page ]] '''

== Project Methodology ==

* '''We adhered loosely to the [https://www.owasp.org/index.php/Top_10_2013/ProjectMethodology OWASP Web Top Ten Project methodology]. '''

== Archive ==
* The list below is the OLD release candidate v1.0 of the OWASP Top 10 Mobile Risks.  This list was initially released on September 23, 2011 at Appsec USA.  
** The original presentation can be found here: [http://www.slideshare.net/JackMannino/owasp-top-10-mobile-risks SLIDES] 
** The corresponding video can be found here: [http://www.youtube.com/watch?v=GRvegLOrgs0 VIDEO]
** [[Mobile_Top_10_2012|2011-12 Mobile Top Ten for archive purposes]]
__NOTOC__

File:Mobile Top 10 2014.png

2015-06-27T21:03:21Z

Abhinav: Abhinav uploaded a new version of "File:Mobile Top 10 2014.png"

Mindmap Mobile top ten

File:Mobile Top 10 2014.png

2015-06-27T20:50:37Z

Abhinav: Mindmap Mobile top ten

Mindmap Mobile top ten

OWASP Internet of Things Top Ten Project

2015-06-27T20:42:53Z

Abhinav: /* Manufacturer IoT Security Guidance */

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

==OWASP Internet of Things Top 10==

Oxford defines the Internet of Things as: “A proposed development of the Internet in which everyday objects have network connectivity, allowing them to send and receive data.”

''The OWASP Internet of Things (IoT) Top 10 is a project designed to help manufacturers, developers, and consumers better understand the security issues associated with the Internet of Things, and to enable users in any context to make better security decisions when building, deploying, or assessing IoT technologies''.

The project defines the top ten security surface areas presented by IoT systems, and provides information on threat agents, attack vectors, vulnerabilities, and impacts associated with each. In addition, the project aims to provide practical security recommendations for builders, breakers, and users of IoT systems.

==Licensing==
The OWASP Internet of Things Top 10 is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

== ==
{{Social Media Links}}

| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== What is the OWASP Internet of Things Top 10? ==

The OWASP Internet of Things Top 10 provides:

* A list of the 10 Most Significant IoT Security Surface Areas
* A list of basic recommendations for manufacturers, developers, and consumers

For each attack surface areas, the following sections are included:

* A description of the attack surface
* Threat agents
* Attack vectors
* Security weaknesses
* Technical impacts
* Business impacts
* Example vulnerabilities
* Example attacks
* Guidance on how to avoid the issue
* References to OWASP and other related resources

For each role in Manufacturers, Developers, and Consumer, the following recommendations are included:

* For each I''N'' category, list the top few considerations that should be observed in that context

== Project Leaders ==

* Daniel Miessler
* Craig Smith
* Jason Haddix

== Related Projects ==

* [https://www.owasp.org/index.php/OWASP_Mobile_Security_Project The OWASP Mobile Top 10 Project]
* [https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project The OWASP Web Top 10 Project]

| valign="top" style="padding-left:25px;width:200px;" |

== Email List ==
[https://lists.owasp.org/mailman/listinfo/owasp_internet_of_things_top_ten_project Subcribe here]

== Quick Download ==
[https://drive.google.com/file/d/0B52IUvO0LP6ON2VzZVFkNGF6aVE/view?usp=sharing OWASP Internet of Things Top Ten 2014 PDF]

[https://drive.google.com/file/d/0B52IUvO0LP6OYVoweHNBeVFDdGs/view?usp=sharing OWASP Internet of Things Top Ten 2014 Infographic]

[https://drive.google.com/file/d/0B52IUvO0LP6OUGVWeGZGdnhleFU/view?usp=sharing OWASP Internet of Things Top Ten 2014 PPT]

[https://drive.google.com/file/d/0B52IUvO0LP6OdW1HMjRpM3VVUVE/view?usp=sharing OWASP IoT Top Ten RSA 2015 Presentation]

== News and Events ==
* [April 2015] Added the IoT Top 10 talk from RSA
* [April 2015] Added an IoT Top 10 Infographic
* IoT day is April 9th!
* [February 2015] Added a PDF containing a walk through of the project and the Top Ten.

==Classifications==

{| width="200" cellpadding="2"
|-
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]
|-
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
|-
| colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]]
|}

|}

= OWASP Internet of Things Top 10 for 2014 =

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

The OWASP Internet of Things Top 10 - 2014 is as follows:

* [[Top_10_2014-I1 Insecure Web Interface | I1 Insecure Web Interface]]
* [[Top_10_2014-I2 Insufficient Authentication/Authorization | I2 Insufficient Authentication/Authorization]]
* [[Top_10_2014-I3 Insecure Network Services | I3 Insecure Network Services]]
* [[Top_10_2014-I4 Lack of Transport Encryption | I4 Lack of Transport Encryption]]
* [[Top_10_2014-I5 Privacy Concerns | I5 Privacy Concerns]]
* [[Top_10_2014-I6 Insecure Cloud Interface | I6 Insecure Cloud Interface]]
* [[Top_10_2014-I7 Insecure Mobile Interface | I7 Insecure Mobile Interface]]
* [[Top_10_2014-I8 Insufficient Security Configurability | I8 Insufficient Security Configurability]]
* [[Top_10_2014-I9 Insecure Software/Firmware | I9 Insecure Software/Firmware]]
* [[Top_10_2014-I10 Poor Physical Security | I10 Poor Physical Security]]

== Introduction ==

Oxford defines the Internet of Things as “a proposed development of the Internet in which everyday objects have network connectivity, allowing them to send and receive data.”

The OWASP Internet of Things (IoT) Top 10 is a project designed to help vendors who are interested in making common appliances and gadgets network/Internet accessible. The project walks through the top ten security problems that are seen with IoT devices, and how to prevent them.

Examples of IoT Devices: Cars, lighting systems, refrigerators, telephones, SCADA systems, traffic control systems, home security systems, TVs, DVRs, etc…

== Feedback ==

Please let us know how your organization is using the Internet of Things Top 10. Include your name, organization's name, and brief description of how you use the list. Thanks for supporting OWASP!

We hope you find the information in the OWASP Internet of Things Top Ten useful. Please contribute back to the project by sending your comments, questions, and suggestions to Daniel.Miessler@owasp.org, Craig.Smith@owasp.org, or Jason.Haddix@owasp.org, Thanks!

== Project Sponsors ==

* [http://www8.hp.com/us/en/software-solutions/fortify-on-demand-application-security/ HP Fortify on Demand]
* Contribute and add your name here!



= Talks =

RSA Conference San Francisco 
[https://drive.google.com/file/d/0B52IUvO0LP6OdW1HMjRpM3VVUVE/view?usp=sharing Securing the Internet of Things: Mapping IoT Attack Surface Areas with the OWASP IoT Top 10 Project] 
Daniel Miessler, Practice Principal 
April 21, 2015 
--- 
Defcon 2015 
IoT Security 
Daniel Miessler 
August 6-9, 2015

= In the News =

* [http://thehackernews.com/2015/05/Brillo-os-internet-of-things.html "Google Brillo OS - New Android-based OS for Internet of Things"] ''The Hacker News.'' The Hacker News 22 May 2015
* [http://www.businesswire.com/news/home/20150505005199/en/IEEE-Standards-Association-IEEE-SA-Releases-Internet-IoT#.VXB2h0bIBJK "IEEE Standards Association (IEEE-SA) Releases Internet of Things (IoT) Ecosystem Study in Advance of Key IoT Industry Events"] ''Business Wire.'' Business Wire 05 May 2015
* [http://www.techradar.com/us/news/computing-components/processors/internet-of-things-gets-massive-boost-with-intel-altera-deal-1295481?src=rss&attr=all "Internet of things gets massive boost with Intel-Altera deal"] ''Techradar.'' Techradar 01 June 2015
* [http://techcrunch.com/2015/05/12/samsung-artik/?ncid=rss "Samsung Launches ARTIK, Its New Platform For Connected Devices"] ''Techcrunch.'' Techcrunch 12 May 2015

= IoT Conferences - June 2015=

* [http://icc2015.ieee-icc.org/ IEEE International Conference on Communications (ICC) 2015] London, UK June 8-12
* [http://www.iotx.ae/about-dwtc/ IoT Expo - Dubai 2015] Dubai, United Arab Emirates June 9-10
* [http://iottelecomsummit.com/ M2M and IoT Strategies Summit] Barcelona, Spain June 9-11
* [http://iot-week.eu/ IoT Week Lisbon] Lisbon, Portugal June 15-18
* [http://iot-nexus.com/usa/#About IoT Nexus: Interoperability] San Francisco, US June 17-18
* [http://www.truste.com/events/iot/ IoT Privacy Summit 2015] Mountain View, US June 18
* [http://connectedcarsworld.com/ Connected Cars 15] Amsterdam, Netherlands June 24-25

= Community =

[https://www.iamthecavalry.org/ I Am The Cavalry]

A global grassroots organization that is focused on issues where computer security intersects public safety and human life.

Their areas of focus include:
* Medical devices
* Automobiles
* Home Electronics
* Public Infrastructure
== ==
[https://ifttt.com/ If This Then That (IFTTT)]

A service that lets you create powerful connections with one simple statement.

Channels are the basic building blocks of IFTTT. Channels include:
* Triggers - The ''this'' part of a Recipe
* Actions - The ''that'' part of a Recipe
== ==
[http://builditsecure.ly BuildItSecure.ly]

A project focused on helping small business connect with security researchers to aid in securing their IoT-based products before going market.

Their goals include:
* Focus effort towards small business
* Build partnerships
* Coordinate efforts
* Curate informational resources
* Present research

= Manufacturers =

== Manufacturer IoT Security Guidance ==

(DRAFT)

[[File:Internet_of_Things_Top_10_2014.png]]

The goal of this page is help manufacturers build more secure products in the Internet of Things space. The guidance below is at a basic level, giving builders of products a basic set of guidelines to consider from their perspective. This is not a comprehensive list of considerations, and should not be treated as such, but ensuring that these fundamentals are covered will greatly improve the security of any IoT product.

{| border="1" class="wikitable" style="text-align: left"
! Category
! IoT Security Consideration
|-
| '''I1: Insecure Web Interface'''
|
* Ensure that any web interface in the product disallows weak passwords
* Ensure that any web interface in the product has an account lockout mechanism
* Ensure that any web interface in the product has been tested for XSS, SQLi and CSRF vulnerabilities
* Ensure that any web interface has the ability to use HTTPS to protect transmitted information
* Include web application firewalls to protect any web interfaces
* Ensure that any web interface allows the owner to change the default username and password
|-
| '''I2: Insufficient Authentication/Authorization'''
|
* Ensure that any access requiring authentication requires strong passwords
* Ensure that user roles can be properly segregated in multi-user environments
* Implement two-factor authentication where possible
* Ensure password recovery mechanisms are secure
* Ensure that users have the option to require strong passwords
* Ensure that users have the option to force password expiration after a specific period
* Ensure that users have the option to change the default username and password
|-
| '''I3: Insecure Network Services'''
|
* Ensure all devices operate with a minimal number of network ports active
* Ensure all devices do not make network ports and/or services available to the internet via UPnP for example
* Review all required network services for vulnerabilities such as buffer overflows or denial of service
|-
| '''I4: Lack of Transport Encryption'''
|
* Ensure all communication between system components is encrypted as well as encrypting traffic between the system or device and the internet
* Use recommended and accepted encryption practices and avoid proprietary protocols
* Ensure SSL/TLS implementations are up to date and properly configured
* Consider making a firewall option available for the product
|-
| '''I5: Privacy Concerns'''
|
* Ensure only the minimal amount of personal information is collected from consumers
* Ensure all collected personal data is properly protected using encryption at rest and in transit
* Ensure only authorized individuals have access to collected personal information
* Ensure only less sensitive data is collected
* Ensuring data is de-identified or anonymized
* Ensuring a data retention policy is in place
* Ensuring end-users are given a choice for data collected beyond what is needed for proper operation of the device
|-
| '''I6: Insecure Cloud Interface'''
|
* Ensure all cloud interfaces are reviewed for security vulnerabilities (e.g. API interfaces and cloud-based web interfaces)
* Ensure that any cloud-based web interface disallows weak passwords
* Ensure that any cloud-based web interface has an account lockout mechanism
* Implement two-factor authentication for cloud-based web interfaces
* Ensure that all cloud interfaces use transport encryption
* Ensure that any cloud-based web interface has been tested for XSS, SQLi and CSRF vulnerabilities
* Ensure that users have the option to require strong passwords
* Ensure that users have the option to force password expiration after a specific period
* Ensure that users have the option to change the default username and password
|-
| '''I7: Insecure Mobile Interface'''
|
* Ensure that any mobile application disallows weak passwords
* Ensure that any mobile application has an account lockout mechanism
* Implement two-factor authentication for mobile applications (e.g Apple's Touch ID)
* Ensure that any mobile application uses transport encryption
* Ensure that users have the option to require strong passwords
* Ensure that users have the option to force password expiration after a specific period
* Ensure that users have the option to change the default username and password
|-
| '''I8: Insufficient Security Configurability'''
|
* Ensure password security options are made available (e.g. Enabling 20 character passwords or enabling two-factor authentication)
* Ensure encryption options are made available (e.g. Enabling AES-256 where AES-128 is the default setting)
* Ensure secure logging is available for security events
* Ensure alerts and notifications are available to the user for security events
|-
| '''I9: Insecure Software/Firmware'''
|
* Ensure all system devices have update capability and can be updated quickly when vulnerabilities are discovered
* Ensure update files are encrypted and that the files are also transmitted using encryption
* Ensure that update files are signed and then validated by the device before installing
* Ensure update servers are secure
* Ensure the product has the ability to implement scheduled updates
|-
| '''I10: Poor Physical Security'''
|
* Ensure the device is produced with a minimal number of physical external ports (e.g. USB ports)
* Ensure the firmware of Operating System can not be accessed via unintended methods such as through an unnecessary USB port
* Ensure the product is tamper resistant
* Ensure the product has the ability to limit administrative capabilities in some fashion, possibly by only connecting locally for admin functions
* Ensure the product has the ability to disable external ports such as USB
|}

===General Recommendations===

Consider the following recommendation for all Internet of Things products:
* Avoid the potential for persistent vulnerabilities in devices that have no update capability by ensuring that all devices and systems are built with the ability to be updated when vulnerabilities are discovered
* Rebranded devices used as part of a system should be properly configured so that unnecessary or unintended services do not remain active after the rebranding

[ NOTE: Given the fact that each deployment and every environment is different, it is important to weigh the pros and cons of implementing the advice above before taking each step. ]

= Developers =

== Developer IoT Security Guidance ==

(DRAFT)

The goal of this page is help developers build more secure applications in the Internet of Things space. The guidance below is at a basic level, giving developers of applications a basic set of guidelines to consider from their perspective. This is not a comprehensive list of considerations, and should not be treated as such, but ensuring that these fundamentals are covered will greatly improve the security of any IoT product.

{| border="1" class="wikitable" style="text-align: left"
! Category
! IoT Security Consideration
|-
| '''I1: Insecure Web Interface'''
|
* Ensure that any web interface coding is written to prevent the use of weak passwords
* Ensure that any web interface coding is written to include an account lockout mechanism
* Ensure that any web interface coding has been tested for XSS, SQLi and CSRF vulnerabilities
* Ensure that any web interface has the ability to use HTTPS to protect transmitted information
* Ensure that any web interface coding is written to allow the owner to change the username and password
* Consider the use of web application firewalls to protect any web interfaces
|-
| '''I2: Insufficient Authentication/Authorization'''
|
* Ensure that applications are written to require strong passwords where authentication is needed
* Ensure the application takes into account multi-user environments and includes functionality for role separation
* Implement two-factor authentication where possible
* Ensure password recovery mechanisms are written to function in a secure manner
* Ensure that applications are written to include the option to require strong passwords
* Ensure that applications are written to include the option to force password expiration after a specific period
* Ensure that applications are written to include the option to change the default username and password
|-
| '''I3: Insecure Network Services'''
|
* Ensure applications that use network services don't respond poorly to buffer overflow, fuzzing or denial of service attacks
* Ensure applications test ports are taken out of service before going to production
|-
| '''I4: Lack of Transport Encryption'''
|
* Ensure all applications are written to make use of encrypted communication between devices and between devices and the internet
* Use recommended and accepted encryption practices and avoid proprietary protocols
* Consider making a firewall option available for the application
|-
| '''I5: Privacy Concerns'''
|
* Ensure only the minimal amount of personal information is collected from consumers
* Ensure all collected personal data is properly protected using encryption at rest and in transit
* Ensuring data is de-identified or anonymized
* Ensuring end-users are given a choice for data collected beyond what is needed for proper operation of the device
|-
| '''I6: Insecure Cloud Interface'''
|
* Ensure all cloud interfaces are reviewed for security vulnerabilities (e.g. API interfaces and cloud-based web interfaces)
* Ensure that any cloud-based web interface coding is written to disallows weak passwords
* Ensure that any cloud-based web interface coding is written to include an account lockout mechanism
* Implement two-factor authentication for cloud-based web interfaces
* Ensure that any cloud interface coding has been tested for XSS, SQLi and CSRF vulnerabilities
* Ensure that all cloud interfaces use transport encryption
* Ensure that cloud interfaces are written to include the option to require strong passwords
* Ensure that cloud interfaces are written to include the option to force password expiration after a specific period
* Ensure that cloud interfaces are written to include the option to change the default username and password
|-
| '''I7: Insecure Mobile Interface'''
|
* Ensure that any mobile application coding is written to disallows weak passwords
* Ensure that any mobile application coding is written to include an account lockout mechanism
* Implement two-factor authentication for mobile applications (e.g Apple's Touch ID)
* Ensure that any mobile application uses transport encryption
* Ensure that mobile interfaces are written to include the option to require strong passwords
* Ensure that mobile interfaces are written to include the option to force password expiration after a specific period
* Ensure that mobile interfaces are written to include the option to change the default username and password
* Ensure that mobile interfaces only collect the minimum amount of personal information needed
|-
| '''I8: Insufficient Security Configurability'''
|
* Ensure applications are written to include password security options (e.g. Enabling 20 character passwords or enabling two-factor authentication)
* Ensure applications are written to include encryption options (e.g. Enabling AES-256 where AES-128 is the default setting)
* Ensure all applications are written to produce logs for security events
* Ensure all applications are written to produce alerts and notifications to the user for security events
|-
| '''I9: Insecure Software/Firmware'''
|
* Ensure all applications are written to include update capability and can be updated quickly when vulnerabilities are discovered
* Ensure all applications are written to process encrypted update files and that the files are transmitted using encryption
* Ensure all applications are written to process signed files and then validate that file before installation

|-
| '''I10: Poor Physical Security'''
|
* Ensure applications are written to utilize a minimal number of physical external ports (e.g. USB ports) on the device
* Ensure all applications can not be accessed via unintended methods such as through an unnecessary USB port
* Ensure all applications are written to allow for disabling of unused physical ports such as USB
* Consider writing applications to limit administrative capabilities to a local interface only
|}

===General Recommendations===

Consider the following recommendations for all user interfaces (local device, cloud-based and mobile):
* Avoid potential Account Harvesting issues by:
** Ensuring valid user accounts can't be identified by interface error messages
** Ensuring strong passwords are required by users
** Implementing account lockout after 3 - 5 failed login attempts

[ NOTE: Given the fact that each deployment and every environment is different, it is important to weigh the pros and cons of implementing the advice above before taking each step. ]

= Testers =

== Tester IoT Security Guidance ==

(DRAFT)

The goal of this page is to help testers assess IoT devices and applications in the Internet of Things space. The guidance below is at a basic level, giving testers of devices and applications a basic set of guidelines to consider from their perspective. This is not a comprehensive list of considerations, and should not be treated as such, but ensuring that these fundamentals are covered will greatly improve the security of any IoT product.

{| border="1" class="wikitable" style="text-align: left"
! Category
! IoT Security Consideration
|-
| '''I1: Insecure Web Interface'''
|
* Assess any web interface to determine if weak passwords are allowed
* Assess the account lockout mechanism
* Assess the web interface for XSS, SQLi and CSRF vulnerabilities and other web application vulnerabilities
* Assess the use of HTTPS to protect transmitted information
* Assess the ability to change the username and password
* Determine if web application firewalls are used to protect web interfaces
|-
| '''I2: Insufficient Authentication/Authorization'''
|
* Assess the solution for the use of strong passwords where authentication is needed
* Assess the solution for multi-user environments and ensure it includes functionality for role separation
* Assess the solution for Implementation two-factor authentication where possible
* Assess password recovery mechanisms
* Assess the solution for the option to require strong passwords
* Assess the solution for the option to force password expiration after a specific period
* Assess the solution for the option to change the default username and password
|-
| '''I3: Insecure Network Services'''
|
* Assess the solution to ensure network services don't respond poorly to buffer overflow, fuzzing or denial of service attacks
* Assess the solution to ensure test ports are are not present
|-
| '''I4: Lack of Transport Encryption'''
|
* Assess the solution to determine the use of encrypted communication between devices and between devices and the internet
* Assess the solution to determine if accepted encryption practices are used and if proprietary protocols are avoided
* Assess the solution to determine if a firewall option available is available
|-
| '''I5: Privacy Concerns'''
|
* Assess the solution to determine the amount of personal information collected
* Assess the solution to determine if collected personal data is properly protected using encryption at rest and in transit
* Assess the solution to determine if Ensuring data is de-identified or anonymized
* Assess the solution to ensure end-users are given a choice for data collected beyond what is needed for proper operation of the device
|-
| '''I6: Insecure Cloud Interface'''
|
* Assess the cloud interfaces for security vulnerabilities (e.g. API interfaces and cloud-based web interfaces)
* Assess the cloud-based web interface to ensure it disallows weak passwords
* Assess the cloud-based web interface to ensure it includes an account lockout mechanism
* Assess the cloud-based web interface to determine if two-factor authentication is used
* Assess any cloud interfaces for XSS, SQLi and CSRF vulnerabilities and other vulnerabilities
* Assess all cloud interfaces to ensure transport encryption is used
* Assess the cloud interfaces to determine if the option to require strong passwords is available
* Assess the cloud interfaces to determine if the option to force password expiration after a specific period is available
* Assess the cloud interfaces to determine if the option to change the default username and password is available
|-
| '''I7: Insecure Mobile Interface'''
|
* Assess the mobile interface to ensure it disallows weak passwords
* Assess the mobile interface to ensure it includes an account lockout mechanism
* Assess the mobile interface to determine if it Implements two-factor authentication (e.g Apple's Touch ID)
* Assess the mobile interface to determine if it uses transport encryption
* Assess the mobile interface to determine if the option to require strong passwords is available
* Assess the mobile interface to determine if the option to force password expiration after a specific period is available
* Assess the mobile interface to determine if the option to change the default username and password is available
* Assess the mobile interface to determine the amount of personal information collected
|-
| '''I8: Insufficient Security Configurability'''
|
* Assess the solution to determine if password security options (e.g. Enabling 20 character passwords or enabling two-factor authentication) are available
* Assess the solution to determine if encryption options (e.g. Enabling AES-256 where AES-128 is the default setting) are available
* Assess the solution to determine if logging for security events is available
* Assess the solution to determine if alerts and notifications to the user for security events are available
|-
| '''I9: Insecure Software/Firmware'''
|
* Assess the device to ensure it includes update capability and can be updated quickly when vulnerabilities are discovered
* Assess the device to ensure it uses encrypted update files and that the files are transmitted using encryption
* Assess the device to ensure is uses signed files and then validates that file before installation

|-
| '''I10: Poor Physical Security'''
|
* Assess the device to ensure it utilizes a minimal number of physical external ports (e.g. USB ports) on the device
* Assess the device to determine if it can be accessed via unintended methods such as through an unnecessary USB port
* Assess the device to determine if it allows for disabling of unused physical ports such as USB
* Assess the device to determine if it includes the ability to limit administrative capabilities to a local interface only
|}

===General Recommendations===

Consider the following recommendations for all user interfaces (local device, cloud-based and mobile):
* Avoid potential Account Harvesting issues by:
** Ensuring valid user accounts can't be identified by interface error messages
** Ensuring strong passwords are required by users
** Implementing account lockout after 3 - 5 failed login attempts

= Consumers =

== Consumer IoT Security Guidance ==

(DRAFT)

The goal of this page is help consumers purchase secure products in the Internet of Things space. The guidance below is at a basic level, giving consumers a basic set of guidelines to consider from their perspective. This is not a comprehensive list of considerations, and should not be treated as such, but ensuring that these fundamentals are covered will greatly aid the consumer in purchasing a secure IoT product.

{| border="1" class="wikitable" style="text-align: left"
! Category
! IoT Security Consideration
|-
| '''I1: Insecure Web Interface'''
|
* If your system has the option to use HTTPS, ensure it is enabled
* If your system has a two factor authentication option, ensure that it is enabled
* If your system has web application firewall option, ensure that it is enabled
* If your system has a local or cloud-based web application, ensure that you change the default password to a strong one and if possible change the default username as well
* If the system has account lockout functionality, ensure that it is enabled
* Consider employing network segmentation technologies such as firewalls to isolate IoT systems from critical IT systems
|-
| '''I2: Insufficient Authentication/Authorization'''
|
* If your system has a local or cloud-based web application, ensure that you change the default password to a strong one and if possible change the default username as well
* If the system has account lockout functionality, ensure that it is enabled
* If the system has the option to require strong passwords, ensure that is enabled
* If the system has the option to require new passwords after 90 days for example, ensure that is enabled
* If your system has a two factor authentication option, ensure that it is enabled
* If your system has the option to set user privileges, consider setting user privileges to the minimal needed for operation
* Consider employing network segmentation technologies such as firewalls to isolate IoT systems from critical IT systems
|-
| '''I3: Insecure Network Services'''
|
* If your system has a firewall option available, enable it and ensure that it can only be accessed from your client systems
* Consider employing network segmentation technologies such as firewalls to isolate IoT systems from critical IT systems
|-
| '''I4: Lack of Transport Encryption'''
|
* If your system has the option to use HTTPS, ensure it is enabled
|-
| '''I5: Privacy Concerns'''
|
* Do not enter sensitive information into the system that is not absolutely required, e.g. address, DOB, CC, etc.
* Deny data collection if it appears to be beyond what is needed for proper operation of the device (If provided the choice)
|-
| '''I6: Insecure Cloud Interface'''
|
* If your system has the option to use HTTPS, ensure it is enabled
* If your system has a two factor authentication option, ensure that it is enabled
* If your system has web application firewall option, ensure that it is enabled
* If your system has a local or cloud-based web application, ensure that you change the default password to a strong one and if possible change the default username as well
* If the system has account lockout functionality, ensure that it is enabled
* If the system has the option to require strong passwords, ensure that is enabled
* If the system has the option to require new passwords after 90 days for example, ensure that is enabled
|-
| '''I7: Insecure Mobile Interface'''
|
* If the mobile application has the option to require a PIN or password, consider using it for extra security (on client and server)
* If the mobile application has the option to use two factory authentication such as Apple's Touch ID, ensure it is enabled
* If the system has account lockout functionality, ensure that it is enabled
* If the system has the option to require strong passwords, ensure that is enabled
* If the system has the option to require new passwords after 90 days for example, ensure that is enabled
* Do not enter sensitive information into the mobile application that is not absolutely required, e.g. address, DOB, CC, etc.
|-
| '''I8: Insufficient Security Configurability'''
|
* If your system has the option, enable any logging functionality for security-related events
* If your system has the option, enable any alert and notification functionality for security-related events
* If your system has security options for passwords, ensure they are enabled for strong passwords
* If your system has security options for encryption, ensure they are set for an accepted standard such as AES-256
|-
| '''I9: Insecure Software/Firmware'''
|
* If your system has the option to verify updates, ensure it is enabled
* If your system has the option to download updates securely, ensure it is enabled
* If your system has the ability to schedule updates on a regular cadence, consider enabling it
|-
| '''I10: Poor Physical Security'''
|
* If your system has the ability to limit administrative capabilities possible by connecting locally, consider enabling that feature
* Disable any unused physical ports through the administrative interface
|}

===General Recommendations===

If you are looking to purchase a device or system, consider the following recommendations:
* Include security in feature considerations when evaluating a product
* Place Internet of Things devices on a separate network if possible using a firewall

[ NOTE: Given the fact that each deployment and every environment is different, it is important to weigh the pros and cons of implementing the advice above before taking each step. ]

= Project Details =

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{{:Projects/OWASP_Internet_of_Things_Top_Ten_Project}}

__NOTOC__ <headertabs />

[[Category:OWASP_Project]] [[Category:OWASP_Document]] [[Category:OWASP_Download]] [[Category:OWASP_Release_Quality_Document]]

OWASP Internet of Things Top Ten Project

2015-06-27T20:42:31Z

Abhinav: /* Manufacturer IoT Security Guidance */

File:Internet of Things Top 10 2014.png

2015-06-27T20:41:38Z

Abhinav: IOT

IOT

Projects/OWASP Mobile Security Project - Dangers of Jailbreaking and Rooting Mobile Devices

2015-06-27T20:29:36Z

Abhinav: /* What are the common tools used? */

__TOC__{{TOC hidden}}

==What is "jailbreaking", "rooting" and "unlocking"?==

Jailbreaking, rooting and unlocking are the processes of gaining unauthorized access or elevated privileges on a system. The terms are different between operating systems, and the differences in terminology reflect the differences in security models used by the operating systems vendors.

For iOS, '''Jailbreaking''' is the process of modifying iOS system kernels to allow file system read and write access. Most jailbreaking tools (and exploits) remove the limitations and security features built by the manufacturer Apple (the "jail") through the use of custom kernels, which make unauthorized modifications to the operating system. Almost all jailbreaking tools allow users to run code not approved and signed by Apple. This allows users to install additional applications, extensions and patches outside the control of Apple’s App Store.

On Android, '''Rooting''' is the process of gaining administrative or privileged access for the Android OS. As the Android OS is based on the Linux Kernel, rooting a device is analogous to gaining access to administrative, root user-equivalent, permissions on Linux. Unlike iOS, rooting is (usually) not required to run applications outside from the Google Play. Some carriers control this through operating system settings or device firmware. Rooting also enables the user to completely remove and replace the device's operating system.

On Windows Phone OS, '''Unlocking''' is the process of editing specific keys of the Windows Phone OS registry or modifying the underlying platform to allow the execution of applications that are not certified by Microsoft or that use reserved capabilities. Different levels of unlocking exist depending on the OS and device version:

*'''Developer-unlock''': Microsoft allows Independent Software Vendors (ISV) to unlock their systems to sideload and test homebrew apps onto physical devices, before their submission to the Store. Developer-unlock only allows to sideload applications that are not signed by the Windows Phone Store approval process and it is often a pre-condition to achieve a higher level of unlock (e.g., interop-unlock). A developer-unlocked device does not allow an app to escape its sandbox or tweak the system via registry editing. Windows Phone devices can be officially developer-unlocked for free using utilities provided by Microsoft;

*'''Interop-unlock''': with the release of Windows Phone 7.5 Mango (7.10.7720.68), Microsoft introduced a new platform security feature, called Interop Lock, which restricted the access to drivers only to apps with the Interop Services capability ('''ID_CAP_INTEROPSERVICES'''). Moreover, Mango denies the sideloading of unsigned apps with that capability, thus limiting drivers’ access to Windows Phone Store ''certified'' apps only. Heathcliff74, the mind behind the WP7 Root Tools suite, researched the topic and found that by manipulating the value of the '''MaxUnsignedApp''' registry key ('''HKLM\Software\Microsoft\DeviceReg\Install\MaxUnsignedApp''') it is possible to control the unlocking level of a Windows Phone device. A value between 1 and 299 means that the device is developer-unlocked, while a value equal or greater than 300 removes the restriction to sideload apps with the ID_CAP_INTEROPSERVICES capability, allowing apps to access restricted file system areas and registry editing, thanks to the use of high-privileged app capabilities. It has been hypothesized that the "magic number" involved in the MaxUnsignedApp register key is a feature introduced by Microsoft for OEMs and so at times referred to as '''OEM developer-unlock'''. It should be noted that typically the interop-unlock by itself does not enable all of the system’s available capabilities – condition that is also knows as '''Capabilities-unlock''';

*'''Full-unlock''': full-unlock aims at disabling a subset or all of the security mechanisms implemented by the OS to allow full access and the customization of the system (e.g., file system and registry unlimited access). Full-unlocking is usually achieved with custom ROMs flashing, where the OS bnaries are patched to disable the OS security features, such as policy-checks. In a full-unlocked environment, apps are likely to be able to escape their sandbox because they can be run with elevated privileges.

==Why do they occur?==
'''iOS''': many users are lured into jailbreaking to take advantage of apps made available through third party app sources, such as Cydia, which are otherwise banned or not approved by Apple. There is an inherent risk in installing such applications as they are not quality controlled nor have they gone through the Apple approval and application approval process. Hence, they may contain vulnerable or malicious code that could allow the device to be compromised. Alternately, jailbreaking can allow users to enhance some built in functions on their device. For example, a jailbroken phone can be used with a different carrier than the one it was configured with, FaceTime can be used over a 3G connection, or the phone can be unlocked to be used internationally. More technically savvy users also perform jailbreaking to enable user interface customizations, preferences and features not available through the normal software interface. Typically, these functionalities are achieved by patching specific binaries in the operating system. A debated purpose for jailbreaking in the iOS community is for installing pirated iOS applications. Jailbreaking proponents discourage this use, such as Cydia warning users of pirated software when they add a pirated software repository. However, repositories such as Hackulous promote pirated applications and the tools to pirate and distribute applications.

'''Android''': rooting Android devices allows users to gain access to additional hardware rights, backup utilities and direct hardware access. Additionally, rooting allows users to remove the pre-installed "bloatware", additional features that many carriers or manufacturers put onto devices, which can use considerable amounts of disk space and memory. Most users root their device to leverage a custom Read Only Memory (ROM) developed by the Android Community, which brings distinctive capabilities that are not available through the official ROMs installed by the carriers. Custom ROMs also provide users an option to 'upgrade' the operating system and optimize the phone experience by giving users access to features, such as tethering, that are normally blocked or limited by carriers.

'''Windows Phone OS''': Windows Phone users generally unlock their devices to tweak their systems and to be able to sideload homebrew apps. Depending on the level of unlocking, the OS can be customized in term of store OEM settings, native code execution, themes, ringtones or the ability to sideload apps that are not signed or that use capabilities normally reserved to Microsoft or OEMs. Developers unlock their devices to test their products on real systems, before the submission to the Store. An interop-unlocked device allows users to access file system areas where Store apps are installed, thus allowing DLL extraction, reverse engineering and app cracking.

==What are the common tools used?==

'''iOS''': Jailbreaking software can be categorized into two main groups:
#'''Tethered''': requires the device to be connected to a system to bypass the iBoot signature check for iOS devices. The iOS device needs to be connected or tethered to a computer system every time it has to reboot in order to access the jailbreak application, such as redsn0w, and boot correctly;
#'''Un-tethered''': requires connection for the initial jailbreak process and then all the software, such as sn0wbreeze, is on the device for future un-tethered reboots, without losing the jailbreak or the functionality of the phone.

Some common, but not all of the iOS jailbreaking tools are listed below:
*Absinthe
*blackra1n
*Corona
*greenpois0n
*JailbreakMe
*limera1n
*PwnageTool
*redsn0w
*evasi0n
*sn0wbreeze
*Spirit
*Pangu

A more comprehensive list of jailbreaking tools for iOS, exploits and kernel patches can be found on the ''[http://theiphonewiki.com/wiki/Main_Page iPhoneWiki] website.

How to Jailbreak iOS Latest firmware using TaiG 2.1.0, Guide is available - ''[http://bugwrangler.in/2015/06/jail-break-your-ios-8-3-gadget/ Here].

'''Android''': there are various rooting software available for Android. Tools and processes vary depending on the user’s device. The process is usually to:
#Unlock the boot loader;
#Install a rooting application and / or flash a custom ROM through the recovery mode.

Not all of the above tasks are necessary and different toolkits are available for device specific rooting process. Custom ROMs are based on the hardware being used; examples of some are as follows:

*'''CyanogenMod ROMs''' are one of the most popular aftermarket replacement firmware in the Android world. More comprehensive device specific firmwares, flashing guides, rooting tools and patch details can be referenced from the homepage;
*'''ClockWorkMod''' is a custom recovery option for Android phones and tablets that allows you to perform several advanced recovery, restoration, installation and maintenance operations etc. Please refer to XDA-developers for more details.

'''Windows Phone OS''': several tools and techniques exist to unlock Windows Phone devices, depending on the OS version, the specific device vendor and the desired unlocking level:

*'''Microsoft Official Developer Unlock''': the Windows Phone SDK includes the "Windows Phone Developer Registration" utility that is used to freely developer-unlock any Windows Phone OS device. In the past, free developer unlocking was limited to recognized students from the DreamSpark program;
*'''The ChevronWP7 Unlocker and Tokens''': in the early days of Windows Phone hacking, ChevronWP7 Labs released an unlocker utility (ChevronWP7.exe) that was used to unofficially developer-unlock Windows Phone 7 devices. The unlocker changed the local PC hosts file in order to reroute all the “developerservices.windowsphone.com” traffic to a local web server served with the HTTPS protocol. A crafted digital certificate (ChevronWP7.cer) was also required to be imported on the target Windows Phone device: the so configured environment allowed the unlocker to perform a Man-in-The-Middle (MiTM) attack against the USB attached device, simulating of a legitimate uncloking process. Basically, the utility exploited a certificate validation issue that affected the early version of Windows Phone platform. Lately, ChevronWP7 Labs established a collaboration with Microsoft, allowing users to officially developer-unlock their devices by acquiring special low-price unlocking tokens;
*'''Heathcliff74’s Interop-unlock Exploit''': Heathcliff74 from XDA-developers developed a method to load and run custom provisioning XML files (provxml) to interop-unlocked Windows Phone 7 devices. The idea behind the method was to craft a XAP file (which is a simple compressed archive) containing a directory named "'''../../../../provxml'''", and then extract the content of the folder (a custom provxml file) within the \'''provxml'''\ system folder: abusing vulnerable OEM apps (e.g., Samsung Diagnosis app) the provxml file could then have been run, thus allowing changing registry settings (e.g., the MaxUnsingedApp key) and achieving the desired unlock. The method requires the target device to be developer-unlocked in order to sideload the unsigned XAP-exploit;
*'''The WindowsBreak Project''': Jonathan Warner (Jaxbot) from windowsphonehacker.com developed a method to achieve both the developer and the interop unlock, while using the technique ideated by Heathcliff74, but without the need to sideload any unsigned apps. The exploit consisted of a ZIP file containing a custom provxml file within a folder named "'''../../../../provxml'''": the extraction of the custom provxml file in the \provxml\ system folder was possible thanks to the use of the ZipView application. The original online exploit is no longer available because the vulnerability exploited by WindowsBreak has been patched by Samsung;
*'''WP7 Root Tools''': the WP7 Root Tools is a collection of utilities developed by Heathcliff74 to obtain root access within a interop-unlocked or full-unlocked platform. The suite provides a series of tools including the Policy Editor, which is used to select trusted apps that are allowed to get root access and escape their sandbox. The suite targets Windows Phone 7 devices only;
*'''Custom ROMs''': custom ROMs are usually flashed to achieve interop or full unlock conditions. A numbers of custom ROMs are available for the Windows Phone 7 platforms (e.g., RainbowMod ROM, DeepShining, Nextgen+, DFT’s MAGLDR, etc.). The first custom ROM targeting Samsung Ativ S devices was developed by -W_O_L_F- from XDA-developers, providing interop-unlock and relock-prevention features among other system tweaks;
*'''OEMs App and Driver Exploits''': unlocked access is often achieved exploiting security flaws in the implementation or abusing hidden functionalities of OEM drivers and apps, which are shipped with the OS. Notable examples are the Samsung Diagnosis app – abused in the Samsung Ativ S hack - that included a hidden registry editor, and the LG MFG app: both have been used to achieve the interop-unlock by modifying the value of the MaxUnsignedApp registry value.

==Why can it be dangerous?==

The tools above can be broadly categorized in the following categories:

*'''Userland Exploits''': jailbroken access is only obtained within the user layer. For instance, a user may have root access, but is not able to change the boot process. These exploits can be patched with a firmware update;
*'''iBoot Exploit''': jailbroken access to user level and boot process. iBoot exploits can be patched with a firmware update;
*'''Bootrom Exploits''': jailbroken access to user level and boot process. Bootrom exploits cannot be patched with a firmware update. Hardware update of bootrom required to patch in such cases;

Some high level risks for jailbreaking, rooting or unlocking devices are as follows.

===Technical Risks===
*'''General Mobile'''
#Some jailbreaking methods leave SSH enabled with a well-known default password (e.g., alpine) that attackers can use for Command & Control;
#The entire file system of a jailbroken device is vulnerable to a malicious user inserting or extracting files. This vulnerability is exploited by many malware programs, including Droid Kung Fu, Droid Dream and Ikee. These attacks may also affect unlocked Windows Phone devices, depending on the achieved unlocking level;
#Credentials to sensitive applications, such as banking or corporate applications, can be stolen using key logging, sniffing or other malicious software and then transmitted via the internet connection.
*'''iOS'''
#Applications on a jailbroken device run as root outside of the iOS sandbox. This can allow applications to access sensitive data contained in other apps or install malicious software negating sandboxing functionality;
#Jailbroken devices can allow a user to install and run self-signed applications. Since the apps do not go through the App Store, Apple does not review them. These apps may contain vulnerable or malicious code that can be used to exploit a device.
*'''Android'''
#Android users that change the permissions on their device to grant root access to applications increase security exposure to malicious applications and potential application flaws;
#3rd party Android application markets have been identified as hosting malicious applications with remote administrative (RAT) capabilities.
*'''Windows Phone OS'''
#Similarly to what is happening with other mobile platforms, an unlocked Windows Phone system allows the installation of apps that are not certified by Microsoft and that are more likely to contain vulnerabilities or malicious codes;
#Unlocked devices generally expose a wider attack surface, because users can sideload apps that not only could be unsigned, but that could also abuse capabilities usually not allowed to certified Windows Phone Store applications;
#Application sandbox escaping is normally not allowed, even in case of a higher level of unlocking (e.g., interop-unlock), but it is possible in full-unlocked systems.

===Non-technical Risks===
*According to the Unted States Librarian of Congress (who issues Digital Millennium Copyright Act (DMCA) excemptions), jailbreaking or rooting of a smartphone is '''not''' deemed illegal in the US for persons who engage in noninfringing uses. The approval can provide some users with a false sense safety and jailbreaking or rooting as being harmless. Its noteworthy the Librarian does not apporve jailbreaking of tablets, however. Please see ''[http://www.theinquirer.net/inquirer/news/2220251/us-rules-jailbreaking-tablets-is-illegal US rules jailbreaking tablets is illegal]'' for a layman's analysis.

*Software updates cannot be immediately applied because doing so would remove the jailbreak. This leaves the device vulnerable to known, unpatched software vulnerabilities;
*Users can be tricked into downloading malicious software. For example, malware commonly uses the following tactics to trick users into downloading software;
#Apps will often advertise that they provide additional functionality or remove ads from popular apps but also contain malicious code;
#Some apps will not have any malicious code as part of the initial version of the app but subsequent "Updates" will insert malicious code.
*Manufacturers have determined that jailbreaking, rooting or unlocking are breach of the terms of use for the device and therefore voids the warranty. This can be an issue for the user if the device needs hardware repair or technical support (Note: a device can be restored and therefore it is not a major issue, unless hardware damage otherwise covered by the warranty prevents restoration).

What controls can be used to protect against it? Before an organization chooses to implement a mobile solution in their environment, they should conduct a thorough risk assessment. This risk assessment should include an evaluation of the dangers posed by jailbroken devices, which are inherently more vulnerable to malicious applications or vulnerabilities such as those listed in the OWASP Mobile Security Top Ten Risks. Once this assessment has been completed, management can determine which risks to accept and which risks will require additional controls to mitigate.

Below are a few examples of both technical and non-technical controls that an organization may use.

===Technical Controls===

Some of the detective controls to monitor for jailbroken devices include:
*Identify 3rd party app stores (e.g., Cydia);
*Attempt to identify modified kernels by comparing certain system files that the application would have access to on a non-jailbroken device to known good file hashes. This technique can serve as a good starting point for detection;
*Attempt to write a file outside of the application’s root directory. The attempt should fail for non-jailbroken devices;
*Generalizing, attempt to identify anomalies in the underlying system or verify the ability to execute privileged functions or methods.

Despite being popular solutions, technical controls that aims to identify the existence of a jailbroken system must relay and draw conclusions based on information that are provided by the underlying platform and that could be faked by a compromised environment, thus nullifying the effectiveness of the mechanisms themselves. Moreover, most of these technical controls can be easily bypassed introducing simple modifications to the application binaries; even in the best circumstances, they can just delay, but not block, apps installation onto a jailbroken device.

Most Mobile Device Management (MDM) solutions can perform these checks but require a specific application to be installed on the device.

In the Windows Phone universe, anti-jailbreaking mechanisms would require the use of privileged APIs that normally are not granted to Independent Software Vendors (ISV). OEM apps could instead be allowed to use higher privileged capabilities, and so they can theoretically implement these kind of security checks.

===Non-Technical Controls===

Organizations must understand the following key points when thinking about mobile security:

*Perform a risk assessment to determine risks associated with mobile device use are appropriately identified, prioritized and mitigated to reduce or manage risk at levels acceptable to management;
*Review application inventory listing on frequent basis to identify applications posing significant risk to the mobility environment;
*Technology solutions such as Mobile Device Management (MDM) or Mobile Application Management (MAM) should be only one part of the overall security strategy. High level considerations include:
#Policies and procedures;
#User awareness and user buy-in;
#Technical controls and platforms;
#Auditing, logging, and monitoring.
*While many organizations choose a Bring Your Own Device (BYOD) strategy, the risks and benefits need to be considered and addressed before such a strategy is put in place. For example, the organization may consider developing a support plan for the various devices and operating systems that could be introduced to the environment. Many organizations struggle with this since there are such a wide variety of devices, particularly Android devices;
*There is not a ‘one size fits all’ solution to mobile security. Different levels of security controls should be employed based on the sensitivity of data that is collected, stored, or processed on a mobile device or through a mobile application;
*User awareness and user buy-in are key. For consumers or customers, this could be a focus on privacy and how Personally Identifiable Information (PII) is handled. For employees, this could be a focus on Acceptable Use Agreements (AUA) as well as privacy for personal devices.

==Conclusion==

Jailbreaking and rooting and unlocking tools, resources and processes are constantly updated and have made the process easier than ever for end-users. Many users are lured to jailbreak their device in order to gain more control over the device, upgrade their operating systems or install packages normally unavailable through standard channels. While having these options may allow the user to utilize the device more effectively, many users do not understand that jailbreaking can potentially allow malware to bypass many of the device's built in security features. The balance of user experience versus corporate security needs to be carefully considered, since all mobile platforms have seen an increase in malware attacks over the past year. Mobile devices now hold more personal and corporate data than ever before, and have become a very appealing target for attackers. Overall, the best defense for an enterprise is to build an overarching mobile strategy that accounts for technical controls, non-technical controls and the people in the environment. Considerations need to not only focus on solutions such as MDM, but also policies and procedures around common issues of BYOD and user security awareness.

= Authors and Primary Editors =

Suktika Mukhopadhyay 
Brandon Clark 
Talha Tariq 
'''[https://www.owasp.org/index.php/User:Daath Luca De Fulgentis]'''

Category:OWASP Top Ten Project

2015-06-24T11:51:08Z

Abhinav: /* OWASP Top 10 for 2013 */

=Main=
<div style="width:100%;height:90px;border:0,margin:0;overflow: hidden;">[[File: flagship_big.jpg|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Flagship_Projects]]</div>
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

==OWASP Top 10==

The OWASP Top Ten is a powerful awareness document for web application security. The OWASP Top Ten represents a broad consensus about what the most critical web application security flaws are. Project members include a variety of security experts from around the world who have shared their expertise to produce this list.

We urge all companies to adopt this awareness document within their organization and start the process of ensuring that their web applications do not contain these flaws. Adopting the OWASP Top Ten is perhaps the most effective first step towards changing the software development culture within your organization into one that produces secure code.

==Translation Efforts==

The OWASP Top 10 has been translated to many different languages by numerous volunteers. These translations are available as follows:

* [[Top10#OWASP_Top_10_for_2013 | All versions of the OWASP Top 10 - 2013]]
* [[Top10#OWASP_Top_10_for_2010 | All versions of the OWASP Top 10 - 2010]]
* [[Top10#Translation_Efforts | Information about the various translation teams]]

==Licensing==
The OWASP Top 10 is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

{{Social Media Links}}
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== What is the OWASP Top 10? ==

The OWASP Top 10 provides:

* A list of the 10 Most Critical Web Application Security Risks

And for each Risk it provides:
* A description
* Example vulnerabilities
* Example attacks
* Guidance on how to avoid
* References to OWASP and other related resources

== Project Leader ==

* [[User:Wichers | Dave Wichers]]

== Related Projects ==

* [[OWASP_Mobile_Security_Project#Top_Ten_Mobile_Risks | OWASP Mobile Top 10 Risks]]

* [[OWASP_Top_Ten_Cheat_Sheet | OWASP Top 10 Cheat Sheet]]

* [[OWASP_Proactive_Controls | Top 10 Proactive Controls]]

* [[OWASP_Top_10/Mapping_to_WHID | OWASP Top 10 Mapped to the Web Hacking Incident Database]]

== Ohloh ==

*https://www.ohloh.net/p/OWASP-Top-10

| valign="top" style="padding-left:25px;width:200px;" |

== Quick Download ==

*[http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202013.pdf OWASP Top 10 2013 - PDF]
*[[Top_10_2013 | OWASP Top 10 2013 - wiki]]
* [http://owasptop10.googlecode.com/files/OWASP_Top-10_2013%20-%20Presentation.pptx OWASP Top 10 2013 Presentation - Covering Each Item in the Top 10 (PPTX)].

== Email List ==

[https://lists.owasp.org/mailman/listinfo/Owasp-topten Project Email List]
== News and Events ==
* [12 Jun 2013] OWASP Top 10 - 2013 Final Released
* [Feb 2013] Draft OWASP Top 10 - 2013 - Released for Public Comment

==Classifications==

{| width="200" cellpadding="2"
|-
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-flagship-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Flagship_Projects]]
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]
|-
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
|-
| colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]]
|}

|}

= OWASP Top 10 for 2013 =

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

On June 12, 2013 the OWASP Top 10 for 2013 was officially released. This version was updated based on numerous comments received during the comment period after the release candidate was released in Feb. 2013.

* [http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202013.pdf OWASP Top 10 2013 document (PDF)].
* [[Top_10_2013 | OWASP Top 10 2013 - Wiki.]]
* [https://www.owasp.org/images/6/6a/OWASP_TOP_10_2013_Arabic.pdf OWASP Top 10 2013 - Arabic (PDF)].
* [https://www.owasp.org/images/5/51/OWASP_Top_10_2013-Chinese-V1.2.pdf OWASP Top 10 2013 - Chinese (PDF)].
* [https://www.owasp.org/images/f/f3/OWASP_Top_10_-_2013_Final_-_Czech_V1.1.pdf OWASP Top 10 2013 - Czech (PDF)].
* [http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202013%20-%20French.pdf OWASP Top 10 2013 - French (PDF)].
* [[media:OWASP_Top_10_2013_DE_Version_1_0.pdf | OWASP Top 10 2013 - German (PDF)]]
* [[OWASP_Top10_Hebrew|OWASP Top 10 2013 - Hebrew]] [https://www.owasp.org/images/1/1b/OWASP_Top_10_2013-Hebrew.pdf (PDF)]
* [https://www.owasp.org/images/c/c9/OWASP_Top_10_-_2013_-_Italiano.pdf OWASP Top 10 2013 - Italian (PDF)]
* [https://www.owasp.org/images/7/79/OWASP_Top_10_2013_JPN.pdf OWASP Top 10 2013 - Japanese (PDF)].
* [https://www.owasp.org/images/2/2c/OWASP_Top_10_-_2013_Final_-_Korean.pdf OWASP Top 10 2013 - Korea (PDF)].
* [http://owasptop10.googlecode.com/files/OWASP_Top_10_-_2013_Brazilian_Portuguese.pdf OWASP Top 10 2013 - Brazilian Portuguese (PDF)].
* [https://www.owasp.org/images/5/5f/OWASP_Top_10_-_2013_Final_-_Espa%C3%B1ol.pdf OWASP Top 10 2013 - Spanish (PDF)]
* [https://www.owasp.org/images/e/e3/OWASP_Top_10_-_2013_Final_Ukrainian.pdf OWASP Top 10 2013 - Ukrainian (PDF)]
* [http://owasptop10.googlecode.com/files/OWASP_Top-10_2013%20-%20Changes-from-2010.pptx OWASP Top 10 2013 Presentation - Focusing on What Changed Since 2010 (PPTX)]
* [http://owasptop10.googlecode.com/files/OWASP_Top-10_2013%20-%20Presentation.pptx OWASP Top 10 2013 Presentation - Presenting Each Item in the Top 10 (PPTX)].

The OWASP Top 10 - 2013 is as follows:

* [[Top_10_2013-A1-Injection | A1 Injection]]
* [[Top_10_2013-A2-Broken_Authentication_and_Session_Management | A2 Broken Authentication and Session Management]]
* [[Top_10_2013-A3-Cross-Site_Scripting_(XSS) | A3 Cross-Site Scripting (XSS)]]
* [[Top_10_2013-A4-Insecure_Direct_Object_References | A4 Insecure Direct Object References]]
* [[Top_10_2013-A5-Security_Misconfiguration | A5 Security Misconfiguration]]
* [[Top_10_2013-A6-Sensitive_Data_Exposure | A6 Sensitive Data Exposure]]
* [[Top_10_2013-A7-Missing_Function_Level_Access_Control | A7 Missing Function Level Access Control]]
* [[Top_10_2013-A8-Cross-Site_Request_Forgery_(CSRF) | A8 Cross-Site Request Forgery (CSRF)]]
* [[Top_10_2013-A9-Using_Components_with_Known_Vulnerabilities | A9 Using Components with Known Vulnerabilities]]
* [[Top_10_2013-A10-Unvalidated_Redirects_and_Forwards | A10 Unvalidated Redirects and Forwards]]

If you are interested, the methodology for how the Top 10 is produced is now documented here: [[Top_10_2013/ProjectMethodology | OWASP Top 10 Development Methodology]]

Please help us make sure every developer in the ENTIRE WORLD knows about the OWASP Top 10 by helping to spread the word!!!

As you help us spread the word, please emphasize:

*OWASP is reaching out to developers, not just the application security community
*The Top 10 is about managing risk, not just avoiding vulnerabilities
*To manage these risks, organizations need an application risk management program, not just awareness training, app testing, and remediation

We need to encourage organizations to get off the penetrate and patch mentality. As Jeff Williams said in his 2009 OWASP AppSec DC Keynote: “we’ll never hack our way secure – it’s going to take a culture change” for organizations to properly address application security.

== Introduction ==

The OWASP Top Ten provides a powerful awareness document for web application security. The OWASP Top Ten represents a broad consensus about what the most critical web application security flaws are. Project members include a variety of security experts from around the world who have shared their expertise to produce this list. Versions of the 2007 and 2010 version were translated into English, French, Spanish, Japanese, Korean and Turkish and other languages. Translation efforts for the 2013 version are underway and they will be posted as they become available.

We urge all companies to adopt this awareness document within their organization and start the process of ensuring that their web applications do not contain these flaws. Adopting the OWASP Top Ten is perhaps the most effective first step towards changing the software development culture within your organization into one that produces secure code.

== Changes between 2010 and 2013 Editions ==

The OWASP Top 10 - 2013 includes the following changes as compared to the 2010 edition:

* A1 Injection
* A2 Broken Authentication and Session Management (was formerly 2010-A3)
* A3 Cross-Site Scripting (XSS) (was formerly 2010-A2)
* A4 Insecure Direct Object References
* A5 Security Misconfiguration (was formerly 2010-A6)
* A6 Sensitive Data Exposure (2010-A7 Insecure Cryptographic Storage and 2010-A9 Insufficient Transport Layer Protection were merged to form 2013-A6)
* A7 Missing Function Level Access Control (renamed/broadened from 2010-A8 Failure to Restrict URL Access)
* A8 Cross-Site Request Forgery (CSRF) (was formerly 2010-A5)
* A9 Using Components with Known Vulnerabilities (new but was part of 2010-A6 – Security Misconfiguration)
* A10 Unvalidated Redirects and Forwards

== 2013 Versions ==

2013 Edition:

*[http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202013.pdf OWASP Top 10 2013 - PDF]
*[[Top_10_2013 | OWASP Top 10 2013 - wiki]]
*[https://www.owasp.org/images/6/6a/OWASP_TOP_10_2013_Arabic.pdf OWASP Top 10 2013 - Arabic (PDF)].
*[https://www.owasp.org/images/5/51/OWASP_Top_10_2013-Chinese-V1.2.pdf OWASP Top 10 2013 - Chinese (PDF)].
*[https://www.owasp.org/images/f/f3/OWASP_Top_10_-_2013_Final_-_Czech_V1.1.pdf OWASP Top 10 2013 - Czech (PDF)].
*[http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202013%20-%20French.pdf OWASP Top 10 2013 - French (PDF)].
*[[media:OWASP_Top_10_2013_DE_Version_1_0.pdf | OWASP Top 10 2013 - German (PDF)]]
*[[OWASP_Top10_Hebrew|OWASP Top 10 2013 - Hebrew]] [https://www.owasp.org/images/1/1b/OWASP_Top_10_2013-Hebrew.pdf (PDF direct download)]
*[https://www.owasp.org/images/c/c9/OWASP_Top_10_-_2013_-_Italiano.pdf OWASP Top 10 2013 - Italian (PDF)]
*[https://www.owasp.org/images/7/79/OWASP_Top_10_2013_JPN.pdf OWASP Top 10 2013 - Japanese (PDF)].
*[https://www.owasp.org/images/2/2c/OWASP_Top_10_-_2013_Final_-_Korean.pdf OWASP Top 10 2013 - Korea (PDF)].
*[http://owasptop10.googlecode.com/files/OWASP_Top_10_-_2013_Brazilian_Portuguese.pdf OWASP Top 10 2013 - Brazilian Portuguese (PDF)].
*[https://www.owasp.org/images/5/5f/OWASP_Top_10_-_2013_Final_-_Espa%C3%B1ol.pdf OWASP Top 10 2013 - Spanish (PDF)].
*[https://www.owasp.org/images/e/e3/OWASP_Top_10_-_2013_Final_Ukrainian.pdf OWASP Top 10 2013 - Ukrainian (PDF)]
*[http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202013%20-%20RC1.pdf OWASP Top 10 - 2013 - Release Candidate]
*[https://www.owasp.org/images/3/3d/OWASP_Top_10_-_2013_Final_Release_-_Change_Log.docx OWASP Top 10 - 2013 - Final Release - Change Log (docx)]

== Feedback ==

[[File:OWASP_Web_Top_10_for_2013.png]]

Please let us know how your organization is using the Top Ten. Include your name, organization's name, and brief description of how you use the list. Thanks for supporting OWASP!

We hope you find the information in the OWASP Top Ten useful. Please contribute back to the project by sending your comments, questions, and suggestions to topten@lists.owasp.org Thanks!

To join the OWASP Top Ten mailing list or view the archives, please visit the [http://lists.owasp.org/mailman/listinfo/owasp-topten subscription page.]

== Project Sponsors ==

The OWASP Top Ten project is sponsored by {{MemberLinks|link=http://www.aspectsecurity.com|logo=Aspect_logo_owasp.jpg}}



= OWASP Top 10 for 2010 =

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

On April 19, 2010 the final version of the OWASP Top 10 for 2010 was released, and here is the associated [[OWASPTop10-2010-PressRelease|press release]]. This version was updated based on numerous comments received during the comment period after the release candidate was released in Nov. 2009.

*[http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202010.pdf OWASP Top 10 - 2010 Document]
*[[Top 10 2010|OWASP Top 10 - 2010 - wiki]]
*[http://owasptop10.googlecode.com/files/OWASP_Top_10_-_2010%20Presentation.pptx OWASP Top 10 - 2010 Presentation]
*[http://blip.tv/owasp-appsec-conference-in-europe/day2_track1_1430-1505-3936900 OWASP Top 10 Video of the Presentation above - this focused alot on the Top 10 for 2010 approach, rather than the details. (From OWASP AppSec EU 2010)]
*[http://www.vimeo.com/9006276 OWASP Top 10 Video of this Presentation when the Top 10 for 2010 was 1st released for comment - this goes through each item in the Top 10. (From OWASP AppSec DC 2009)]

The OWASP Top 10 Web Application Security Risks for 2010 are:

*[[Top_10_2010-A1|A1: Injection]]
*[[Top_10_2010-A2|A2: Cross-Site Scripting (XSS)]]
*[[Top_10_2010-A3|A3: Broken Authentication and Session Management]]
*[[Top_10_2010-A4|A4: Insecure Direct Object References]]
*[[Top_10_2010-A5|A5: Cross-Site Request Forgery (CSRF)]]
*[[Top_10_2010-A6|A6: Security Misconfiguration]]
*[[Top_10_2010-A7|A7: Insecure Cryptographic Storage]]
*[[Top_10_2010-A8|A8: Failure to Restrict URL Access]]
*[[Top_10_2010-A9|A9: Insufficient Transport Layer Protection]]
*[[Top_10_2010-A10|A10: Unvalidated Redirects and Forwards]]

== Introduction ==

The OWASP Top Ten provides a powerful awareness document for web application security. The OWASP Top Ten represents a broad consensus about what the most critical web application security flaws are. Project members include a variety of security experts from around the world who have shared their expertise to produce this list. Versions of the 2007 were translated into English, French, Spanish, Japanese, Korean and Turkish and other languages and the 2010 version was translated into even more languages. See below for all the translated versions.

== 2010 Versions ==

2010 Edition:

*[http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202010.pdf OWASP Top 10 2010 - PDF]
*[[Top 10 2010|OWASP Top 10 2010 - wiki]]

2010 Translations:

*[http://www.owasp.org/images/a/a9/OWASP_Top_10_2010_Chinese_V1.0_Released.pdf OWASP Top 10 2010 - Chinese PDF / 这里下载PDF格式文档]
*[http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202010%20French.pdf OWASP Top 10 2010 - French PDF]
*[[media:OWASPTop10_2010_DE_Version_1_0.pdf | OWASP Top 10 2010 - German PDF]]
*[https://www.owasp.org/images/c/cd/OWASP_Top_10_Heb.pdf OWASP Top 10 2010 - Hebrew PDF]
*[http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202010%20Indonesian.pdf OWASP Top 10 2010 - Indonesian PDF]
*[http://www.owasp.org/images/f/f9/OWASP_Top_10_-_2010_ITA.pdf OWASP Top 10 2010 - Italian PDF]
*[http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202010%20Japanese-A4.pdf OWASP Top 10 2010 - Japanese PDF]
*[http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202010%20Korean.pdf OWASP Top 10 2010 - Korean PDF]
*[http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202010%20Spanish.pdf OWASP Top 10 2010 - Spanish PDF]
*[http://www.owasp.org/images/8/86/OWASP_Top_10_-_2010_FINAL_%28spanish%29.pptx OWASP Top 10 2010 - Spanish PPT]
*[http://owasptop10.googlecode.com/files/OWASPTop%2010%20-%202010%20Vietnamese.pdf OWASP Top 10 2010 - Vietnamese PDF]

2010 Release Candidate:

*[http://www.owasp.org/index.php/File:OWASP_T10_-_2010_rc1.pdf OWASP Top 10 2010 Release Candidate]
*[http://www.owasp.org/images/e/e1/OWASP_Top_10_RC-Public_Comments.docx OWASP Top 10 2010 Release Candidate Comments], except for one set of scanned comments [http://www.owasp.org/images/2/2e/OWASP_T10_-_2010_rc1_cmts_Kai_Jendrian.pdf which are here].

Previous versions:

*[http://www.owasp.org/images/e/e8/OWASP_Top_10_2007.pdf OWASP Top 10 2007 - PDF]
*[[Top 10 2007|OWASP Top 10 2007 - wiki]]
*[http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project#tab=Project_Details OWASP Top 10 2007 - PDF Translations are here]
*[[Top 10 2004|OWASP Top 10 2004 - wiki]]

== Project Sponsors ==

The OWASP Top Ten project is sponsored by {{MemberLinks|link=http://www.aspectsecurity.com|logo=Aspect_logo_owasp.jpg}}

= Translation Efforts =

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

Efforts are underway in numerous languages to translate the OWASP Top 10 for 2013. If you are interested in helping, please contact the other members of the team for the language you are interested in contributing to, or if you don't see your language listed, please let me know you want to help and we'll form a volunteer group for your language too!!

Here is the original source document for the [https://www.owasp.org/images/4/4d/OWASP_Top_10_-_2013_Final_-_English.pptx OWASP Top 10 - 2013 which is in PowerPoint]. Please use this document as the basis for your translation efforts.

2013 Completed Translations:

* Arabic: [https://www.owasp.org/images/6/6a/OWASP_TOP_10_2013_Arabic.pdf OWASP Top 10 2013 - Arabic PDF] Translated by: Mohannad Shahat: Mohannad.Shahat@owasp.org, Fahad: @SecurityArk, Abdulellah Alsaheel: cs.saheel@gmail.com, Khalifa Alshamsi: Khs1618@gmail.com and Sabri(KING SABRI): king.sabri@gmail.com, Mohammed Aldossary: mohammed.aldossary@owasp.org
* Chinese 2013：中文版2013 [https://www.owasp.org/images/5/51/OWASP_Top_10_2013-Chinese-V1.2.pdf OWASP Top 10 2013 - Chinese (PDF)]. 项目组长： Rip 王颉，参与人员：陈亮、顾庆林、胡晓斌、李建蒙、王文君、杨天识、张在峰
* Czech 2013: [https://www.owasp.org/images/f/f3/OWASP_Top_10_-_2013_Final_-_Czech_V1.1.pdf OWASP Top 10 2013 - Czech (PDF)] [https://www.owasp.org/images/0/02/OWASP_Top_10_-_2013_Final_-_Czech_V1.1.pptx OWASP Top 10 2013 - Czech (PPTX)] CSIRT.CZ - CZ.NIC, z.s.p.o. (.cz domain registry): Petr Zavodsky: petr.zavodsky@owasp.org, Vaclav Klimes, Zuzana Duracinska, Michal Prokop, Edvard Rejthar, Pavel Basta
*French 2013: [http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202013%20-%20French.pdf OWASP Top 10 2013 - French PDF] Ludovic Petit: Ludovic.Petit@owasp.org, Sébastien Gioria: Sebastien.Gioria@owasp.org, Erwan Abgrall: g4l4drim@gmail.com, Benjamin Avet: benjamin.avet@gmail.com, Jocelyn Aubert: jocelyn.aubert@owasp.org, Damien Azambour: damien.azambourg@owasp.org, Aline Barthelemy: aline.barthelemy@fr.abb.com, Moulay Abdsamad Belghiti: abdsamad.belghiti@gmail.com, Gregory Blanc: gregory.blanc@gmail.com, Clément Capel: clement.capel@sfr.com, Etienne Capgras: Etienne.capgras@solucom.fr, Julien Cayssol: julien@aqwz.com, Antonio Fontes: antonio.fontes@owasp.org, Ely de Travieso: Ely.detravieso@owasp.org, Nicolas Grégoire: nicolas.gregoire@agarri.fr, Valérie Lasserre: valerie.lasserre@gmx.fr, Antoine Laureau: antoine.laureau@owasp.org, Guillaume Lopes: lopes.guillaume@free.fr, Gilles Morain: gilles.morain@gmail.com, Christophe Pekar: christophe.pekar@owasp.org, Olivier Perret: perrets@free.fr, Michel Prunet: michel.prunet@owasp.org, Olivier Revollat: revollat@gmail.com, Aymeric Tabourin: aymeric.tabourin@orange.com
* German 2013: [[media:OWASP_Top_10_2013_DE_Version_1_0.pdf | OWASP Top 10 2013 - German PDF]] top10@owasp.de which is Frank Dölitzscher, Torsten Gigler, Tobias Glemser, Dr. Ingo Hanke, Thomas Herzog, [[User:Kai_Jendrian|Kai Jendrian]], [[User:Ralf_Reinhardt|Ralf Reinhardt]], Michael Schäfer
* Hebrew 2013: [[OWASP_Top10_Hebrew|OWASP Top 10 2013 - Hebrew]] [https://www.owasp.org/images/1/1b/OWASP_Top_10_2013-Hebrew.pdf PDF] Translated by: Or Katz, Eyal Estrin, Oran Yitzhak, Dan Peled, Shay Sivan.
* Italian 2013: [https://www.owasp.org/images/c/c9/OWASP_Top_10_-_2013_-_Italiano.pdf OWASP Top 10 2013 - Italian PDF] Translated by: Michele Saporito: m.saporito7@gmail.com, Paolo Perego: thesp0nge@owasp.org, Matteo Meucci: matteo.meucci@owasp.org, Sara Gallo: sara.gallo@gmail.com, Alessandro Guido: alex@securityaddicted.com, Mirko Guido Spezie: mirko@dayu.it, Giuseppe Di Cesare: giuseppe.dicesare@alice.it, Paco Schiaffella: schiaffella@gmail.com, Gianluca Grasso: giandou@gmail.com, Alessio D'Ospina: alessiodos@gmail.com, Loredana Mancini: loredana.mancini@business-e.it, Alessio Petracca: alessio.petracca@gmail.com, Giuseppe Trotta: giutrotta@gmail.com, Simone Onofri: simone.onofri@gmail.com, Francesco Cossu: hambucker@gmail.com, Marco Lancini: marco.lancini.ml@gmail.com, Stefano Zanero: zanero@elet.polimi.it, Giovanni Schmid: giovanni.schmid@na.icar.cnr.it, Igor Falcomata': koba@sikurezza.org
*Japanese 2013: [https://www.owasp.org/images/7/79/OWASP_Top_10_2013_JPN.pdf OWASP Top 10 2013 - Japanese PDF] Translated by: Chia-Lung Hsieh: ryusuke.tw(at)gmail.com, Reviewed by: Hiroshi Tokumaru, Takanori Nakanowatari
* Korean 2013: [https://www.owasp.org/images/2/2c/OWASP_Top_10_-_2013_Final_-_Korean.pdf OWASP Top 10 2013 - Korean PDF] (이름가나다순) 김병효:byounghyo.kim@owasp.org, 김지원:jiwon.kim@owasp.or.kr, 김효근:katuri@katuri.kr, 박정훈:xelion@gmail.com, 성영모:youngmo.seong@owasp.or.kr, 성윤기:yune.sung@owasp.org, 송보영:boyoung.song@owasp.or.kr, 송창기:factor7@naver.com, 유정호:griphis77@gmail.com, 장상민:sangmin.jang@owasp.or.kr, 전영재:youngjae.jeon@owasp.org, 정가람:tgcarrot@gmail.com, 정홍순:jhs728@gmail.com, 조민재:johnny.cho@owasp.org,허성무:issimplenet@gmail.com
*Brazilian Portuguese 2013: [http://owasptop10.googlecode.com/files/OWASP_Top_10_-_2013_Brazilian_Portuguese.pdf OWASP Top 10 2013 - Brazilian Portuguese PDF] Translated by: Carlos Serrão, Marcio Machry, Ícaro Evangelista de Torres, Carlo Marcelo Revoredo da Silva, Luiz Vieira, Suely Ramalho de Mello, Jorge Olímpia, Daniel Quintão, Mauro Risonho de Paula Assumpção, Marcelo Lopes, Caio Dias, Rodrigo Gularte
*Spanish 2013: [https://www.owasp.org/images/5/5f/OWASP_Top_10_-_2013_Final_-_Espa%C3%B1ol.pdf OWASP Top 10 2013 - Spanish PDF] Gerardo Canedo: gerardo.canedo@owasp.org, Jorge Correa: jacorream@gmail.com, Fabien Spychiger: fabien.spychiger@dreamlab.net, Alberto Hill: alberto.daniel.hill@gmail.com, Johnatan Stanley: johnatanst@gmail.com, Maximiliano Alonzo: malonzo@tib.com.uy, Mateo Martinez: mateo.martinez@owasp.org, David Montero: david.montero@owasp.org, Rodrigo Martinez: rodmart@fing.edu.uy, Guillermo Skrilec: guillermo.skrilec@owasp.org, Felipe Zipitria: felipe.zipitria@owasp.org, Fabien Spychiger: fabien.spychiger@dreamlab.net, Rafael Gil: rafael.gillarios@owasp.org, Christian Lopez: christian.lopez.martin@owasp.org, jonathan fernandez jonathan.fernandez04@gmail.com, Paola Rodriguez: Paola_R1@verifone.com, Hector Aguirre: hector.antonio.aguirre@owasp.org, Roger Carhuatocto: rcarhuatocto@intix.info, Juan Carlos Calderon: johnccr@yahoo.com, Marc Rivero López: mriverolopez@gmail.com, Carlos Allendes: carlos.allendes@owasp.org, daniel@carrero.cl: daniel@carrero.cl, Manuel Ramírez: manuel.ramirez.s@gmail.com, Marco Miranda: marco.miranda@owasp.org, Mauricio D. Papaleo Mayada: mpapaleo@gmail.com, Felipe Sanchez: felipe.sanchez@peritajesinformaticos.cl, Juan Manuel Bahamonde: juanmanuel.bahamonde@gmail.com, Adrià Massanet: adriamassanet@gmail.com, Jorge Correa: jacorream@gmail.com, Ramiro Pulgar: ramiro.pulgar@owasp.org, German Alonso Suárez Guerrero: german.suarez@owasp.org, Jose A. Guasch: jaguasch@gmail.com, Edgar Salazar: edgar.salazar@owasp.org
*Ukrainian 2013: [https://www.owasp.org/images/e/e3/OWASP_Top_10_-_2013_Final_Ukrainian.pdf OWASP Top 10 2013 - Ukrainian PDF] Kateryna Ovechenko, Yuriy Fedko, Gleb Paharenko, Yevgeniya Maskayeva, Sergiy Shabashkevich, Bohdan Serednytsky

2010 Completed Translations:

*Korean 2010: [http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202010%20Korean.pdf OWASP Top 10 2010 - Korean PDF] Hyungkeun Park, (mirrk1@gmail.com)
*Spanish 2010: [http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202010%20Spanish.pdf OWASP Top 10 2010 - Spanish PDF] *Daniel Cabezas Molina , Edgar Sanchez, Juan Carlos Calderon, Jose Antonio Guasch, Paulo Coronado, Rodrigo Marcos, Vicente Aguilera
*French 2010: [http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202010%20French.pdf OWASP Top 10 2010 - French PDF] ludovic.petit@owasp.org, sebastien.gioria@owasp.org, antonio.fontes@owasp.org, benoit.guerette@owasp.org, Jocelyn.aubert@owasp.org, Eric.Garreau@gemalto.com, Guillaume.Huysmans@gemalto.com
*German: [[media:OWASPTop10_2010_DE_Version_1_0.pdf | OWASP Top 10 2010 - German PDF]] top10@owasp.de which is Frank Dölitzscher, Tobias Glemser, Dr. Ingo Hanke, [[User:Kai_Jendrian|Kai Jendrian]], [[User:Ralf_Reinhardt|Ralf Reinhardt]], Michael Schäfer
*Indonesian: [http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202010%20Indonesian.pdf OWASP Top 10 2010 - Indonesian PDF] Tedi Heriyanto (coordinator), Lathifah Arief, Tri A Sundara, Zaki Akhmad
*Italian: [http://www.owasp.org/images/f/f9/OWASP_Top_10_-_2010_ITA.pdf OWASP Top 10 2010 - Italian PDF] Simone Onofri, Paolo Perego, Massimo Biagiotti, Edoardo Viscosi, Salvatore Fiorillo, Roberto Battistoni, Loredana Mancini, Michele Nesta, Paco Schiaffella, Lucilla Mancini, Gerardo Di Giacomo, Valentino Squilloni
*Japanese: [http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202010%20Japanese-A4.pdf OWASP Top 10 2010 - Japanese PDF] cecil.su@owasp.org, Dr. Masayuki Hisada, Yoshimasa Kawamoto, Ryusuke Sakamoto, Keisuke Seki, Shin Umemoto, Takashi Arima
*Chinese: [http://www.owasp.org/images/a/a9/OWASP_Top_10_2010_Chinese_V1.0_Released.pdf OWASP Top 10 2010 - Chinese PDF] 感谢以下为中文版本做出贡献的翻译人员和审核人员: Rip Torn, 钟卫林, 高雯, 王颉, 于振东
*Vietnamese: [http://owasptop10.googlecode.com/files/OWASPTop%2010%20-%202010%20Vietnamese.pdf OWASP Top 10 2010 - Vietnamese PDF] Translation lead by Cecil Su - Translation Team: Dang Hoang Vu, Nguyen Ba Tien, Nguyen Tang Hung, Luong Dieu Phuong, Huynh Thien Tam
*Hebrew: [[OWASP_Top10_Hebrew|OWASP Top 10 Hebrew Project]] -- [https://www.owasp.org/images/c/cd/OWASP_Top_10_Heb.pdf OWASP Top 10 2010 - Hebrew PDF]. Lead by Or Katz, see translation page for list of contributors.

Volunteer Translation Efforts Underway:

*Portuguese: carlos.j.serrao@gmail.com; taquiles@gmail.com; wagner.elias@owasp.org; victoreufrasio@gmail.com; leo.cavallari@owasp.org; victoreufrasio@gmail.com;
*Greek: Konstantinos Papapanagiotou (conpap@di.uoa.gr)
*Turkish: bora@abi.com.tr
*Malay: cecil.su@owasp.org
*Dutch: marinus@kuivenhoven.com
*Swedish: ake.bengtsson@owasp.org
*Hungarian: tibor.fekete@owasp.org
*Persian (Farsi): Shahab Namazikhah (namazikhah@hotmail.com)

= Project Details =

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{{:GPC_Project_Details/OWASP_Top10 | OWASP Project Identification Tab}}

= Some Commercial & OWASP Uses of the Top 10 =

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

'''Warning''': these articles have not been rated for accuracy by OWASP. Product companies should be extremely careful about claiming to "cover" or "ensure compliance" with the OWASP Top 10. The current state-of-the-art for automated detection (scanners and static analysis) and prevention (WAF) is nowhere near sufficient to claim adequate coverage of the issues in the Top 10. Nevertheless, using the Top 10 as a simple way to communicate security to end users is effective.

;[http://blogs.msdn.com/b/sdl/archive/2008/05/01/sdl-and-the-owasp-top-ten.aspx Microsoft]
:as a way to measure the coverage of their SDL and improve security

;[http://www.nsa.gov/applications/search/index.cfm?q=owasp NSA]
:in their developer guidance on web application security

;[https://www.pcisecuritystandards.org/index.shtml PCI Council]
:as part of the Payment Card Industry Data Security Standard (PCI DSS)

;[http://msdn.microsoft.com/en-us/library/dd129898.aspx Microsoft]
:to show how "T10 threats are handled by the security design and test procedures of Microsoft"

;[[OWASP_Top_10/Mapping_to_WHID | OWASP]]
:OWASP Top 10 Mapped to the Web Hacking Incident Database

;[[OWASP_Mobile_Security_Project#tab=Top_Ten_Mobile_Risks | OWASP]]
:OWASP Mobile Top 10 Risks

;[[OWASP_Top_Ten_Cheat_Sheet | OWASP]]
:OWASP Top 10 Cheat Sheet

__NOTOC__ <headertabs />

[[Category:OWASP_Project]] [[Category:OWASP_Document]] [[Category:OWASP_Download]] [[Category:OWASP_Release_Quality_Document]][[Category:Popular]][[Category:SAMM-EG-1]]

File:OWASP Web Top 10 for 2013.png

2015-06-24T11:48:45Z

Abhinav: Mindmap OWASP Web top 10 2013

Mindmap OWASP Web top 10 2013

File:Application Security Verification Standard .png

2015-06-22T09:57:05Z

Abhinav: Abhinav uploaded a new version of "File:Application Security Verification Standard .png"

ASVS Image

Category:OWASP Application Security Verification Standard Project

2015-06-22T09:56:00Z

Abhinav: /* Downloads */

= Home =
<div style="width:100%;height:90px;border:0,margin:0;overflow: hidden;">[[File: flagship_big.jpg|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Flagship_Projects]]</div>
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

== What is ASVS? ==

The OWASP Application Security Verification Standard (ASVS) Project provides a basis for testing web application technical security controls.

The primary aim of the '''OWASP Application Security Verification Standard (ASVS) Project''' is to normalize the range in the coverage and level of rigor available in the market when it comes to performing Web application security verification using a commercially-workable open standard. The standard provides a basis for testing application technical security controls, as well as any technical security controls in the environment, that are relied on to protect against vulnerabilities such as Cross-Site Scripting (XSS) and SQL injection. This standard can be used to establish a level of confidence in the security of Web applications. The requirements were developed with the following objectives in mind:

*'''Use as a metric''' - Provide application developers and application owners with a yardstick with which to assess the degree of trust that can be placed in their Web applications,
*'''Use as guidance''' - Provide guidance to security control developers as to what to build into security controls in order to satisfy application security requirements, and
*'''Use during procurement''' - Provide a basis for specifying application security verification requirements in contracts.

<paypal>ASVS</paypal>

| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== Email List ==

[[Image:Asvs-bulb.jpg]] [https://lists.owasp.org/mailman/listinfo/owasp-application-security-verification-standard Project Email List]

== Project Leader ==

Daniel Cuthbert [mailto:Daniel.Cuthbert@owasp.org @] 
Andrew van der Stock [mailto:vanderaj@owasp.org @]

== Related Projects ==

[[Image:Asvs-satellite.jpg]]'''OWASP Resources'''

*[http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project OWASP Top Ten]
*[http://www.owasp.org/index.php/Category:OWASP_Guide_Project OWASP Development Guide]

| valign="top" style="padding-left:25px;width:200px;" |

== Quick Download ==

[https://www.owasp.org/images/5/58/OWASP_ASVS_Version_2.pdf Download] ASVS 2.0 in English. 
[https://github.com/OWASP/ASVS/blob/master/OWASP%20Application%20Security%20Verification%20Standard%203.0.docx?raw=true Download] ASVS 3.0 early preview release in English. 

== News and Events ==
* [20 May 2015] "First Cut" Version 3.0 released!
* [11 Aug 2014] Version 2.0 released!
* [28 Mar 2014] List of contributors added
* [27 Mar 2014] New wiki template!

==Classifications==

{| width="200" cellpadding="2"
|-
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-flagship-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Flagship_Projects]]
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]
|-
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
|-
| colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]]
|}

|}

= Downloads =

'''Application Security Verification Standard 2.0 (final)'''

* ASVS 2.0 in English ([[Media:OWASP_ASVS_Version_2.pdf|download PDF - 1.6 MB]])
* ASVS 2.0 in English ([[Media:OWASP_ASVS_Version_2.docx|download Word - 1.0MB]])

We are looking for translators for this version. If you can help us, please contact the project mail list!

'''Contributed'''
* Simple English Excel Reporting ([[Media:Asvs_v2_items.xlsx|download Excel - 50KB]])
* Simple French Excel Reporting ([[Media:Asvs_v2_items_fr.xlsx|download Excel - 35KB]])

[[File:Application_Security_Verification_Standard_.png]]

= Acknowledgements =

== Volunteers ==

=== Version 2 (2014) ===

Project leaders
*Sahba Kazerooni
*Daniel Cuthbert

Lead authors
*Andrew van der Stock
*Sahba Kazerooni
*Daniel Cuthbert
*Krishna Raja

Other reviewers and contributors
*Jerome Athias
*Boy Baukema
*Archangel Cuison
*Sebastien.Deleersnyder
*Antonio Fontes
*Evan Gaustad
*Safuat Hamdy
*Ari Kesäniemi
*Scott Luc
*Jim Manico
*Mait Peekma
*Pekka Sillanpää
*Jeff Sergeant
*Etienne Stalmans
*Colin Watson
*Dr. Emin İslam Tatlı

=== Version 2009 ===

Project leader
*Mike Boberski

Lead authors
*Mike Boberski
*Jeff Williams
*Dave Wichers

Other reviewers and contributors

Pierre Parrend (OWASP Summer of Code), Andrew van der Stock, Nam Nguyen, John Martin, Gaurang Shah, Theodore Winograd, Stan Wisseman, Barry Boyd, Steve Coyle, Paul Douthit, Ken Huang, Dave Hausladen, Mandeep Khera Scott Matsumoto, John Steven, Stephen de Vries, Dan Cornell, Shouvik Bardhan, Dr. Sarbari Gupta, Eoin Keary, Richard Campbell, Matt Presson, Jeff LoSapio, Liz Fong, George Lawless, Dave van Stein, Terrie Diaz, Ketan Dilipkumar Vyas, Bedirhan Urgun, Dr. Thomas Braun, Colin Watson, Jeremiah Grossman.

== OWASP Summer of Code 2008 ==

The OWASP Foundation sponsored the OWASP Application Security Verification Standard Project during the OWASP Summer of Code 2008.

= Glossary =

[[Image:Asvs-letters.jpg]]'''ASVS Terminology'''

*'''Access Control''' – A means of restricting access to files, referenced functions, URLs, and data based on the identity of users and/or groups to which they belong.
*'''Application Component''' – An individual or group of source files, libraries, and/or executables, as defined by the verifier for a particular application.
*'''Application Security''' – Application-level security focuses on the analysis of components that comprise the application layer of the Open Systems Interconnection Reference Model (OSI Model), rather than focusing on for example the underlying operating system or connected networks.
*'''Application Security Verification''' – The technical assessment of an application against the OWASP ASVS.
*'''Application Security Verification Report''' – A report that documents the overall results and supporting analysis produced by the verifier for a particular application.
*'''Application Security Verification Standard (ASVS)''' – An OWASP standard that defines four levels of application security verification for applications.
*'''Authentication''' – The verification of the claimed identity of an application user.
*'''Automated Verification''' – The use of automated tools (either dynamic analysis tools, static analysis tools, or both) that use vulnerability signatures to find problems.
*'''Back Doors''' – A type of malicious code that allows unauthorized access to an application.
*'''Blacklist''' – A list of data or operations that are not permitted, for example a list of characters that are not allowed as input.
*'''Common Criteria (CC)''' – A multipart standard that can be used as the basis for the verification of the design and implementation of security controls in IT products.
*'''Communication Security''' – The protection of application data when it is transmitted between application components, between clients and servers, and between external systems and the application.
*'''Design Verification''' – The technical assessment of the security architecture of an application.
*'''Internal Verification''' – The technical assessment of specific aspects of the security architecture of an application as defined in the OWASP ASVS.
*'''Cryptographic module''' – Hardware, software, and/or firmware that implements cryptographic algorithms and/or generates cryptographic keys.
*'''Denial of Service (DOS) Attacks''' – The flooding of an application with more requests than it can handle.
*'''Dynamic Verification''' – The use of automated tools that use vulnerability signatures to find problems during the execution of an application.
*'''Easter Eggs''' – A type of malicious code that does not run until a specific user input event occurs.
*'''External Systems''' – A server-side application or service that is not part of the application.
*'''FIPS 140-2''' – A standard that can be used as the basis for the verification of the design and implementation of cryptographic modules
*'''Input Validation''' – The canonicalization and validation of untrusted user input.
*'''Malicious Code''' – Code introduced into an application during its development unbeknownst to the application owner which circumvents the application’s intended security policy. Not the same as malware such as a virus or worm!
*'''Malware''' – Executable code that is introduced into an application during runtime without the knowledge of the application user or administrator.
*'''Open Web Application Security Project (OWASP)''' – The Open Web Application Security Project (OWASP) is a worldwide free and open community focused on improving the security of application software. Our mission is to make application security "visible," so that people and organizations can make informed decisions about application security risks. See: http://www.owasp.org/
*'''Output Validation''' – The canonicalization and validation of application output to Web browsers and to external systems.
*'''OWASP Enterprise Security API (ESAPI)''' – A free and open collection of all the security methods that developers need to build secure Web applications. See: http://www.owasp.org/index.php/ESAPI
*'''OWASP Risk Rating Methodology''' – A risk rating methodology that has been customized for application security. See: http://www.owasp.org/index.php/How_to_value_the_real_risk
*'''OWASP Testing Guide''' – A document designed to help organizations understand what comprises a testing program, and to help them identify the steps needed to build and operate that testing program. See: http://www.owasp.org/index.php/Category:OWASP_Testing_Project
*'''OWASP Top Ten''' – A document that represents a broad consensus about what the most critical Web application security flaws are. See: http://www.owasp.org/index.php/Top10
*'''Positive''' – See whitelist.
*'''Salami Attack''' – A type of malicious code that is used to redirect small amounts of money without detection in financial transactions.
*'''Security Architecture''' – An abstraction of an application’s design that identifies and describes where and how security controls are used, and also identifies and describes the location and sensitivity of both user and application data.
*'''Security Control''' – A function or component that performs a security check (e.g. an access control check) or when called results in a security effect (e.g. generating an audit record).
*'''Security Configuration''' – The runtime configuration of an application that affects how security controls are used.
*'''Static Verification''' – The use of automated tools that use vulnerability signatures to find problems in application source code.
*'''Target of Verification (TOV)''' – If you are performing an application security verification according to the OWASP ASVS requirements, the verification will be of a particular application. This application is called the "Target of Verification" or simply the TOV.
*'''Threat Modeling''' - A technique consisting of developing increasingly refined security architectures to identify threat agents, security zones, security controls, and important technical and business assets.
*'''Time Bomb''' – A type of malicious code that does not run until a preconfigured time or date elapses.
*'''Verifier''' - The person or team that is reviewing an application against the OWASP ASVS requirements.
*'''Whitelist''' – A list of permitted data or operations, for example a list of characters that are allowed to perform input validation.

= ASVS Users =
[[Image:Asvs-handshake.JPG]]

A broad range of companies and agencies around the globe have added ASVS to their software assurance tool boxes, including [http://www.aspectsecurity.com Aspect Security], [http://www.astyran.com Astyran], [http://www.boozallen.com Booz Allen Hamilton], [http://casabasecurity.com Casaba Security], [http://www.cgi.com/web/en/industries/governments/us_federal/services_solutions.htm CGI Federal], [http://denimgroup.com Denim Group], [http://etebaran.com Etebaran Informatics], [http://www.mindedsecurity.com Minded Security], [http://www.nixu.com Nixu], [http://www.pstestware.com/ ps_testware], [http://www.proactiverisk.com Proactive Risk], [http://quince.co.uk Quince Associates Limited (SeeMyData)], [http://www.serpro.gov.br/ Serviço Federal de Processamento de Dados (SERPRO)], [http://www.udistrital.edu.co/ Universidad Distrital Francisco José de Caldas] Organizations listed are not accredited by OWASP. Neither their products or services have been endorsed by OWASP. Use of ASVS may include for example providing verification services using the standard. Use of ASVS may also include for example performing internal evaluation of products with the OWASP ASVS in mind, and NOT making any claims of meeting any given level in the standard. Please let us know how your organization is using OWASP ASVS. Include your name, organization's name, and brief description of how you use the standard. The project lead can be reached [mailto:sahba@securitycompass.com here].

= Precedents-Interpretations =

'''PI-0001: Are there levels between the levels?'''

*Issue: Are there levels between the levels for the cases where "The specification for an application may require OWASP ASVS Level N, but it could also include other additional detailed requirements such as from a higher ASVS level"?
*Resolution: No. Use of alternate level definitions or notations such as "ASVS Level 1B+" is discouraged.
*References: ASVS section "Application Security Verification Levels"

'''PI-0002: Is use of a master key simply another level of indirection?'''

*Issue: If a master key is stored as plaintext, isn't using a master key simply another level of indirection?
*Resolution: No. There is a strong rationale for having a "master key" stored in a secure location that is used to encrypt all other secrets. In many applications, there are lots of secrets stored in many different locations. This greatly increases the likelihood that one of them will be compromised. Having a single master key makes managing the protection considerably simpler and is not simply a level of indirection.
*References: ASVS verification requirement V2.14

'''PI-0003: What is a "TOV" or "Target of Verification"?'''

*Issue: New terminology
*Resolution: If you are performing an application security verification according to ASVS, the verification will be of a particular application. This application is called the "Target of Verification" or simply the TOV. The TOV should be identified in verification documentation as follows:
**TOV Identification – <name and version of the application> or <Application name>, <application version>, dynamic testing was performed in a staging environment, not the production environment
**TOV Developer – <insert name of the developer or verification customer>
*References: ASVS section "Approach"

= Internationalization =

[[Image:Asvs-writing.JPG]]

The ASVS project is always on the lookout for volunteers who are interested in translating ASVS into another language.

[http://owasp-project-management.googlecode.com/svn/trunk/documentation/asvs-translating.pdf Translation Onboarding Instructions]

= Archive - Previous Version =

'''*Please note that ASVS is currently on version 2.0. The information on this page is for archival purposes only.*'''

[[Image:Asvs-step1.jpg]]'1. About ASVS 1.0'

*Video presentation in English [https://www.youtube.com/watch?v=Ba6ncpIfaJA (YouTube)]
*ASVS vs. WASC et al [http://www.owasp.org/index.php/ASVS_vs_WASC_Et_Al (Wiki)]

[[Image:Asvs-step2.jpg]]'2. Get ASVS 1.0'

*ASVS in Bahasa Indonesia (Indonesian language) ([http://owasp-asvs.googlecode.com/files/asvs-webapp-release-2009-id.pdf PDF])
*ASVS in Bahasa Malaysia (Malay) (Currently under development!)
*ASVS in Chinese(Currently under development!)
*ASVS in English ([http://www.owasp.org/images/4/4e/OWASP_ASVS_2009_Web_App_Std_Release.pdf PDF], [http://www.owasp.org/images/3/35/OWASP_ASVS_2009_Web_App_Std_Release.doc Word], [http://code.google.com/p/owasp-asvs/wiki/ASVS '''Online'''], [http://owasp-asvs.googlecode.com/svn/trunk/documentation/asvs-xml.zip XML])
*ASVS in French ([http://owasp-asvs.googlecode.com/svn/trunk/documentation/asvs-webapp-release-2009-fr.pdf PDF], [http://owasp-asvs.googlecode.com/svn/trunk/documentation/asvs-webapp-release-2009-fr.odt OpenOffice])
*ASVS in German ([http://owasp-asvs.googlecode.com/svn/trunk/documentation/asvs-webapp-release-2009-de.pdf PDF], [http://owasp-asvs.googlecode.com/svn/trunk/documentation/asvs-webapp-release-2009-de.doc Word])
*ASVS in Hungarian (Currently under development!)
*ASVS in Japanese ([http://owasp-asvs.googlecode.com/svn/trunk/documentation/asvs-webapp-release-2009-jp.pdf PDF], [http://owasp-asvs.googlecode.com/svn/trunk/documentation/asvs-webapp-release-2009-jp.doc Word])
*ASVS in Persian (Farsi) ([http://abiusx.com/archive/document/OWASP-ASVS-fa-20111115.pdf PDF]) beta 0.7
*ASVS in Polish ([http://owasp-asvs.googlecode.com/files/asvs-webapp-release-2009-pl.pdf PDF])
*ASVS in Portuguese-Brazil ([http://owasp-asvs.googlecode.com/files/asvs-webapp-release-2009-pt-br.pdf PDF])
*ASVS in Spanish (Currently under development!)
*ASVS in Thai (Currently under development!)

[[Image:Asvs-step3.jpg]]'3. Learn ASVS 1.0'

*ASVS Article: Getting Started Using ASVS ([http://www.owasp.org/images/f/f8/OWASP_ASVS_Article_-_Getting_Started_Using_ASVS.pdf PDF])
*ASVS Article: Code Reviews and Other Verification Activities: USELESS Unless Acted Upon IMMEDIATELY [http://www.owasp.org/index.php/Code_Reviews_and_Other_Verification_Activities:_USELESS_Unless_Acted_Upon_IMMEDIATELY (Wiki)]
*ASVS Article: Agile Software Development: Don't Forget EVIL User Stories ([http://www.owasp.org/index.php/Agile_Software_Development:_Don%27t_Forget_EVIL_User_Stories Wiki])
*ASVS Article: Man vs. Code ([http://www.owasp.org/index.php/Man_vs._Code Wiki])
*ASVS Article: Getting started designing for a level of assurance ([http://www.owasp.org/images/0/01/Getting_started_designing_for_a_level_of_assurance.pdf PDF])
*ASVS Template: Sample verification fee schedule template ([http://www.owasp.org/index.php/Image:Sample_ASVS_Fee_Schedule_Template.xls Excel])
*ASVS Template: Sample verification report template ([http://www.owasp.org/index.php/Image:Sample_ASVS_Report_Template.doc Word])
*ASVS Training: An ASVS training presentation ([http://www.owasp.org/index.php/Image:OWASP_AU_Secure_Architecture_and_Coding.ppt PowerPoint])
*ASVS Presentation: Executive-Level Presentation ([http://www.owasp.org/images/9/99/About_OWASP_ASVS_Executive_Presentation.ppt PowerPoint])
*ASVS Presentation: Presentation Abstract ([http://www.owasp.org/images/1/10/OWASP_ASVS_Presentation_Abstract.doc Word])
*Articles [http://www.owasp.org/index.php/Category:OWASP_Application_Security_Verification_Standard_Project#Articles_Below_-_More_About_ASVS_and_Using_It (More About ASVS and Using It)]

__NOTOC__ <headertabs />

[[Category:OWASP_Project|Application Security Verification Standard Project]]
[[Category:OWASP_Document]]
[[Category:OWASP_Download]]
[[Category:OWASP_Release_Quality_Document|OWASP Stable Quality Document]]
[[Category:SAMM-CR-1]]
[[Category:SAMM-DR-2]]
[[Category:SAMM-ST-3]]

File:Application Security Verification Standard .png

2015-06-22T09:54:14Z

Abhinav: ASVS Image

ASVS Image