OWASP - User contributions [en]

Mumbai

2012-02-10T09:23:16Z

== Mumbai to Host India’s First e-Crime Forum ==

[[Image:Ecrime-593x200-1.jpg|center]]

 On the'''23rd and 24th February''', a leading cyber crime security event, e-Crime India, will be staged in Mumbai for the first time. With the support of '''OWASP India''', '''Data Security CounciI of India (DSCI)''' and '''The Institution of Electronics and Telecommunication Engineers (IETE)''', the forum will be hosted at '''Hotel Novotel''', Juhu Beach, '''Mumbai'''.

India’s foremost cyber crime experts and IT security professionals will convene to address the key challenges faced by the people whose job it is to tackle e-crime in India and issues connected with electronic risk. Internationally renowned Cyberlaw expert, Mr. Paven Duggal, will deliver a special address to the forum. Chief information security officers from leading banks, including Bank of India, ICICI, State Bank of India, Standard Chartered and HSBC, and global corporations such as Vodafone, Walt Disney, and Reliance Life, will join him on the podium. The forum will also hear presentations from leading academics and high-ranking law enforcement officials, including the senior inspector of police at Mumbai’s cyber police station.

Over 250 senior decision makers from business, government, and law enforcement are expected to attend the event, which is being sponsored by organisations including HDFC Bank and Websense.

As one of the most rapidly developing countries in the world, India has seen an enormous increase in internet users in recent years and accordingly e-crime in India has grown at an increasingly alarming rate, costing the Indian economy an estimated $50 billion annually.

e-Crime India is a major initiative and is the newest member of the e-Crime Congress family of events following e-Crime Middle East, which was hosted in Abu Dhabi, December 2009. The e-Crime Congress, hosted annually in London attracting over 550 professionals from over 40 countries, recognises the need for international cooperation. Peter Brady, Business Development Manager of AKJ Associates, who organise the forum, says: ‘we are very happy to be coming to India, because cyber crime is a truly worldwide problem that is of concern to everyone. The e-Crime Congress has established a global reputation over the past eight years for its cutting edge agendas that deliver key information on the latest e-crime threats and practical guidance for overcoming them. We take pride in bringing together the right people to share information and combat cyber crime around the world collectively.’ Manoj Saha, Managing Editor of Dickenson Intellinetics, who are partnering AKJ Associates for e-Crime India, added: ‘as an organisation deeply involved with events related to financial markets, private equity and investment banking, e-crime India is a natural value adder to professionals in the Indian banking, corporate and financial markets - we are delighted to partner with AKJ Associates in making e-crime India the destination event that no security professional should miss.”

[http://www.vcindia.com/conf_ecrime_feb10.asp Click Here For Complete Details On The Event]

 

----

[[Category:India]]

Mumbai

2010-01-15T04:50:28Z

Dharmeshmm:

2009-02-07T12:45:18Z

Dharmeshmm:

File:Sun.gif

2009-02-07T12:41:49Z

Dharmeshmm: SUN Startup Logo

SUN Startup Logo

Mumbai

2008-10-31T17:02:53Z

Dharmeshmm:

Mumbai

2008-10-30T04:16:45Z

Dharmeshmm:

{{Chapter Template|chaptername=Mumbai|extra=The chapter leader is [mailto:dharmeshmm@mastek.com Dharmesh M Mehta] (+91 9730002132) of Mastek Ltd.
Join us at our [http://lists.owasp.org/mailman/listinfo/owasp-mumbai mailing list] |mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-mumbai|emailarchives=http://lists.owasp.org/pipermail/owasp-mumbai}}

<paypal>Mumbai</paypal>

The Chapter Mailing Address is: 
Dharmesh Mehta 
Mastek Ltd, Unit 183, SDF 6, 
SEEPZ, Andheri (E), Mumbai 400 096. 
+91 9730002132 

== Summary of OWASP Mumbai Chapter Meetings Held To-Date ==

'''Topics presented till date:'''

1. Secure coding fundamentals - '''Richard Lewis''', Tech Mahindra

2. Threat Analysis and Modeling - '''Dharmesh Mehta''', Mastek

3. 5 ways to lose your user's password - '''Shalini Gupta''', '''Runa Dwibedi''' - Paladion Networks

4. Significance of Random Numbers in Application Security - '''Richard Lewis''', Tech Mahindra

5. Defeating Java Decompilation - '''Girish Kulkarni''', Tech Mahindra

6. /GS Security Check in Visual Studio - '''Chanda Dutta''' et al, Tech Mahindra

7. Black Vector of Web Exploitation - '''Aditya Sood''', Sec Niche
[[https://www.owasp.org/images/4/48/Owasp_Live0_Conf_Talk_Aditya_K_Sood_Sec_Niche.pdf Download Presentation]]

8. End User Privacy Breaches : '''Rishi Narang''', ThirdBrigade
[[https://www.owasp.org/images/4/4c/OWASP_Day_Rishi_Narang.pdf Download Presentation]]

9. Privacy on the Web - The road ahead in the 21st century : '''Yogesh Badwe''', Orange Business Services
[[https://www.owasp.org/images/f/fe/Privacy_0n_the_Web_-_The_Road_Ahead_in_the_21st_Century.pdf Download Presentation]]

10. Testing Large Number of Applications - '''Madhumita Iyer''', Paladion Networks
[[https://www.owasp.org/images/0/04/Owasp_Mumbai_9_22_08_MadhumitaIyer.pdf Download Presentation]]

11. Wireless Security - '''Sheetal Joseph''', Tech Mahindra
[[https://www.owasp.org/images/e/e5/OWASP_Mumbai_2008.pdf Download Presentation]]

[http://owasp.mumbai.googlepages.com/ Download Rest Presentations here >>]

== Roster of OWASP Speakers with Profiles ==

1. '''Anuradha Srinivasan''', Technical Analyst with Mastek, is working with the Application Security Assurance Team for the last 1.5 year. She has 2.5 years of experience in Java development. She is currently involved in conducting Security Assessments and trainings for projects across Mastek.

2. '''Richard Lewis''', Senior Security Consultant with Tech Mahindra, has 8 years of information security experience. Before joining Tech Mahindra, he worked for Tata Consultancy Services (TCS). Richard works in the e-security group of Tech Mahindra and is building a security fabric for secure software development. Richard has a programming background in C, C++, device drivers and MFC. Richard has led the development of two nation-level PKI deployments (India, UK). He has also led the development of a desktop encryptor, authentication SDK and cryptographic SDK. Richard is married, lives with his wife and daughter in busy Mumbai and loves to read the Bible and engage in church outreach work. Richard maintains a blog on application security at [http://SecureApps.Blogspot.com http://SecureApps.Blogspot.com]

3. '''Dharmesh M Mehta''', Technical Analyst with Mastek, has been with the Application Security Assurance Team for more than 3 years. He is involved in conducting security assessments, threat modeling and conducting security workshops for the developer community. He is also a Certified | Ethical Hacker. Dharmesh is the Chapter Leader for OWASP, Mumbai Chapter. You can read Dharmesh's Blog on Smart Security at [http://SmartSecurity.Blogspot.com http://smartsecurity.blogspot.com]

4. '''Shalini Gupta''', Associate Security Consultant at Paladion. She completed her MPIT (Network Specialization) from SCIT in 2005. With Paladion she has an experience of more than 1.5 years in the application security field. Among her other contributions in the area of Application Security is a 2-part series on SSL that Shalini wrote for Palisade, the application security journal for developers.

5. '''Runa Dwibedi''', Associate Consultant at Paladion. She is a certified BS7799 Lead Auditor. She completed her MCA from Bangalore University and also holds an MBA degree from SCDL, Pune. She has an experience of 1.5 years in development of security tools and an experience of 1 year in application security field. She is also actively involved in writing and publishing articles for Palisade.

6. '''Girish Kulkarni''' has 2.5 years of information security experience. Before joining Tech Mahindra, he was employed with Tata Consultancy Services (TCS). Girish currently works in the Enterprise DRM group as Technical Associate and is part of DRM product development team. Girish has a programming background in JAVA and is also proficient in JAVA swing. He has been involved in a very large PKI deployment for the Indian government.

7. '''Chanda Dutta, Divya Makhija, Sugita Kumari, Upma Sharma''' – Trainees pursuing PGDM-Software Development and Management from Symbiosis Centre for Information Technology. Upma is pursuing PGDM-Systems from the same institute. They work in the Secure Software Engineering practice at Tech Mahindra.

8. '''Aditya Sood''' – Independent Security Researcher. He is the founder of SecNiche (www.secniche.org). He has been an active speaker at CERT-IN and XFocus - XCon (China).

9. '''Rishi Narang''' – Vulnerability Research Analyst, Third Brigade. Before joining Third Brigade, he was employed with iPolicy Networks in Security Research Team responsible for IDS/IPS Signatures’ Development for NIPS. Hee has also worked with XIUS Telecom as Server Administrator for Linux and HP Unix Clusters. Currently, he works in the IDS/IPS Filter Development Team and is involved with Vulnerability Research, Zero day attacks & exploits most of the time.

10. '''Yogesh M Badwe''' – Senior Security Engineer, Orange Business Services. Yogesh works in the Web Application Vulnerability Assessment Domain for BFSI clients. Apart from being CCNP and ITIL Certified he also holds the cVa [Certified Vulnerability Assessor-DNV] certification. His previous experience was in the domain of Security Management & implementation of Security Event Management Products on Enterprise Networks. He carries out active research in the field of Security Event-Correlation and Next Generation Attack-Pattern Detection and has published a research paper at an international conference on computer security and forensics relating to privacy issues.

11. '''Madhumita Iyer''' – Associate Security Consultant, Paladion Networks Private Ltd. Expert in Application Security Testing, Network Penetration Testing and Vulnerability Assessments. She has been a project leader for large scale enterprise application pen tests and has experience in Thick client, Web based and Mobile Application penetration tests.

12. '''Sheetal Joseph''' – Security Consultant, TechMahindra. She is a subject matter expert for internal line of business clients and external suppliers for security mitigation and maintenance of their internal control environment over data center operations, system development, change management, incident management and contingency planning. She is Prince2 Registered Practitioner, CISSP, CEH, BS7799 Lead Auditor and holds many more certifications.

'''CPE Credits for CISSP's '''
ISC2 has approved 1 CPE for each hour of an OWASP local chapter meeting.

Chapter leader will have a sign up sheet with at least First Name, Last Name, and the date of the OWASP Meeting. After the meeting, the single sheet will be signed once by a chapter lead as proof of attendance, scanned into a .PDF, and emailed out to the chapter members with the meeting minutes so they have a copy for records and can claim CPE credits.
----

[[Category:India]]

Mumbai

2008-09-24T12:37:33Z

Dharmeshmm:

File:Owasp Mumbai 9 22 08 MadhumitaIyer.pdf

2008-09-24T12:31:29Z

Dharmeshmm:

2008-09-17T16:45:21Z

Dharmeshmm:

2007-10-10T13:02:26Z

Dharmeshmm: /* Mumbai Celebrates OWASP Day : OWASP Live 0 : 6th Sep 2007 */

{{Chapter Template|chaptername=Mumbai|extra=The chapter leader is [mailto:dharmeshmm@mastek.com Dharmesh M Mehta] of Mastek Ltd.
Join us at our [http://lists.owasp.org/mailman/listinfo/owasp-mumbai mailing list] |mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-mumbai|emailarchives=http://lists.owasp.org/pipermail/owasp-mumbai}}

== Mumbai Celebrates OWASP Day : OWASP Live 0 : 6th Sep 2007==
''' Event Agenda '''

'''2:30 PM - 3:00 PM''' Welcome Keynote : Dharmesh Mehta, Mastek Ltd. [[https://www.owasp.org/images/a/ab/Keynote.pdf Download Presentation]]

'''3:00 PM - 4:00 PM''' Black Vector of Web Exploitation : Aditya Sood, Sec Niche
[[https://www.owasp.org/images/4/48/Owasp_Live0_Conf_Talk_Aditya_K_Sood_Sec_Niche.pdf Download Presentation]]

'''4:00 PM - 4:45 PM''' End User Privacy Breaches : Rishi Narang, ThirdBrigade [[https://www.owasp.org/images/4/4c/OWASP_Day_Rishi_Narang.pdf Download Presentation]]

'''4:45 PM - 5:30 PM''' Privacy on the Web - The road ahead in the 21st century : Yogesh Badwe, Orange Business Services [[https://www.owasp.org/images/f/fe/Privacy_0n_the_Web_-_The_Road_Ahead_in_the_21st_Century.pdf Download Presentation]]

'''5:30 PM - 6:00 PM''' Snacks & Networking

''' Sponsor Details '''

'''[http://www.mastek.com MASTEK LIMITED]'''

'''[http://www.owasp.org/images/5/50/OWASP_DAY.JPG SNAPS]'''

== Summary of OWASP Mumbai Chapter Meetings Held To-Date ==

'''Topics presented till date:'''

1. Secure coding fundamentals - '''Richard Lewis''', Tech Mahindra

2. Threat Analysis and Modeling - '''Dharmesh Mehta''', Mastek

3. 5 ways to lose your user's password - '''Shalini Gupta''', '''Runa Dwibedi''' - Paladion Networks

4. Significance of Random Numbers in Application Security - '''Richard Lewis''', Tech Mahindra

5. Defeating Java Decompilation - '''Girish Kulkarni''', Tech Mahindra

6. /GS Security Check in Visual Studio - '''Chanda Dutta''' et al, Tech Mahindra

[http://owasp.mumbai.googlepages.com/ Download Presentations here >>]

== Roster of OWASP Speakers with Profiles ==

1. '''Anuradha Srinivasan''', Technical Analyst with Mastek, is working with the Application Security Assurance Team for the last 1.5 year. She has 2.5 years of experience in Java development. She is currently involved in conducting Security Assessments and trainings for projects across Mastek.

2. '''Richard Lewis''', Senior Security Consultant with Tech Mahindra, has 8 years of information security experience. Before joining Tech Mahindra, he worked for Tata Consultancy Services (TCS). Richard works in the e-security group of Tech Mahindra and is building a security fabric for secure software development. Richard has a programming background in C, C++, device drivers and MFC. Richard has led the development of two nation-level PKI deployments (India, UK). He has also led the development of a desktop encryptor, authentication SDK and cryptographic SDK. Richard is married, lives with his wife and daughter in busy Mumbai and loves to read the Bible and engage in church outreach work. Richard maintains a blog on application security at [http://SecureApps.Blogspot.com http://SecureApps.Blogspot.com]

3. '''Dharmesh M Mehta''', Technical Analyst with Mastek, has been with the Application Security Assurance Team for more than 3 years. He is involved in conducting security assessments, threat modeling and conducting security workshops for the developer community. He is also a Certified | Ethical Hacker. Dharmesh is the Chapter Leader for OWASP, Mumbai Chapter. You can read Dharmesh's Blog on Smart Security at [http://SmartSecurity.Blogspot.com http://smartsecurity.blogspot.com]

4. '''Shalini Gupta''', Associate Security Consultant at Paladion. She completed her MPIT (Network Specialization) from SCIT in 2005. With Paladion she has an experience of more than 1.5 years in the application security field. Among her other contributions in the area of Application Security is a 2-part series on SSL that Shalini wrote for Palisade, the application security journal for developers.

5. '''Runa Dwibedi''', Associate Consultant at Paladion. She is a certified BS7799 Lead Auditor. She completed her MCA from Bangalore University and also holds an MBA degree from SCDL, Pune. She has an experience of 1.5 years in development of security tools and an experience of 1 year in application security field. She is also actively involved in writing and publishing articles for Palisade.

6. '''Girish Kulkarni''' has 2.5 years of information security experience. Before joining Tech Mahindra, he was employed with Tata Consultancy Services (TCS). Girish currently works in the Enterprise DRM group as Technical Associate and is part of DRM product development team. Girish has a programming background in JAVA and is also proficient in JAVA swing. He has been involved in a very large PKI deployment for the Indian government.

7. '''Chanda Dutta, Divya Makhija, Sugita Kumari, Upma Sharma''' – Trainees pursuing PGDM-Software Development and Management from Symbiosis Centre for Information Technology. Upma is pursuing PGDM-Systems from the same institute. They work in the Secure Software Engineering practice at Tech Mahindra.

'''Minutes of Meeting - Monday July 31st 2006 [03:00 PM - 5:00 PM] '''

The second OWASP Mumbai Chapter Meet was held at TechMahindra premises in Chandivali. Mr. Richard on behalf of TechMahindra gave a warm welcome to all the delegates to the OWASP Mumbai Local Chapter –II. Accompanying him, Mr. Dharmesh of Mastek Ltd – Mumbai Chapter Head gave a brief description about the goals of OWASP Mumbai Chapter and the road ahead.

Presentations:

1. ''Significance of Random Numbers in Application Security'': '''Richard Lewis''', e-Security Consultant with Tech Mahindra, started with the practical usage of random numbers. He explained how good random number generation prevents applications from malfunctioning, increases strength of cryptographic operations which in turn increases entropy associated with the key. He went on to explain how random numbers automate otherwise manual tasks and how it increases the security of application. He explained the concepts of entropy and to which level it should be reached in an application. In the end he talked about the various sources of random numbers. He showed developers the simple mathematics required to calculate minimum password lengths, given the security requirements.

[http://www.owasp.org/images/1/13/RichardLewis_RandomNumberSignificance.ppt Download Presentation]

2. ''Java Decompilation'': '''Girish Kulkarni''', e-Security Consultant with Tech Mahindra went through Java Decompilation utility and techniques to defeat decompilation. Use of obfuscators, byte code encryptor/decryptor and generating executable from source were some of the techniques that he explained.

[http://www.owasp.org/images/3/3e/Girish_LockingDownJavaByteCode.ppt Download Presentation]

3. ''/GS Security Check in Visual Studio'': '''Chanda Dutta''', '''Divya Makhija''', '''Sugita Kumari''', '''Upma Sharma''' from Tech Mahindra, presented the usage of /GS security check in Visual Studio. Chanda started the presentation by giving an introduction to /GS Security Check feature of Visual Studio. She explained what is /GS Buffer Security Check, the need of /GS and what it can prevent. Sugita further explained how /GS works and what is canary with process of how to using a canary can prevent buffer overrun. Upma then demonstrated a simulation explaining normal working of buffer overflow and how can it be prevented. Divya explained the various limitations of /GS as how the features of /GS can be exploited and summarized the /GS Buffer Security Check features and functionalities.

[http://www.owasp.org/images/a/ad/GS_Switch_in_Visual_Studio.ppt Download Presentation]

The attendees will be receiving the pdf document of attendance noted at the meeting.

'''Next Meeting - Monday July 31st 2006 [03:00 PM - 5:00 PM] '''

Registrations for the event are free. If you are willing to attend, just send a mail to dharmeshmm@owasp.org as a confirmation.

If you would like to speak at the event or sponsor, contact me ASAP.

Theme of Meeting: Securing Web Services

The meeting is scheduled on Monday, 31st July 2006 from 3:00 to 5:00 PM.

'''Venue and Sponsor Details:'''

[http://www.techmahindra.com Tech Mahindra Ltd.].

Tech Mahindra Limited.
Wing 1, Oberoi Estate Gardens,
Chandivali, Andheri (E),
Mumbai 400 072, Maharashtra, India.

If you would like to speak, please drop in a mail at dharmeshmm@owasp.org

'''CPE Credits for CISSP's '''
ISC2 has approved 1 CPE for each hour of an OWASP local chapter meeting.

Chapter leader will have a sign up sheet with at least First Name, Last Name, and the date of the OWASP Meeting. After the meeting, the single sheet will be signed once by a chapter lead as proof of attendance, scanned into a .PDF, and emailed out to the chapter members with the meeting minutes so they have a copy for records and can claim CPE credits.

'''Minutes of Meeting - First Meeting - Saturday June 24th 2006 [09:30 - 12:00] '''

With the welcome address by Anuradha, the first meeting of Mumbai Chapter embarked. Right from giving a brief introduction about OWASP and its aim, Anuradha explained the focus of OWASP as a voluntary organization aiming at contributing to the knowledge as a part of sharing it. Apart from it, Anuradha briefed about OWASP Top 10 Project and OWASP Guide to building Secure Application.

Richard presented on Secure Coding Fundamentals and elucidated the Cost factor inculcated due to insecure code resulting in Network Cost, Productivity Cost and so on. Further explaining the basic reasons of threat to code, he explained how the mistakes done by the Programmers, I/O, API Abuse, Environment & Configuration and Time & State were responsible for Security flaws in an application. Moving ahead, Richard laid down a few principles to be followed as Secure Coding – General Guidelines for all the languages and specific Secure Coding Guidelines for C & C++, Java and .NET

Richard's Presentation
[http://www.owasp.org/images/2/28/RichardLewis_SecureCodingFundamentals.ppt Download]

With Threat Analysis & Modeling Process, Dharmesh explained the steps followed as Threat Modeling Process starting from Defining Application Requirement, Application Architecture, and Modeling Threats looking at CIA feature of Security Basics. The aim covered to look towards gathering the information needed from application development teams in order to mock out the potential threats that are inherit in the software application they build starting from the very inception of the software birth.
Giving the demonstration of Threat Analysis and Modeling Tool v2.0 with the basic example of its functionality, Dharmesh presented the Threat Modeling in real scenario.

Dharmesh's Presentation
[http://www.owasp.org/images/6/6c/Dharmesh_Threat_Modeling.ppt Download]

Shalini and Runa explained how password can be lost or manipulated in a real life scenario and it dealt with the countermeasures to be taken to avoid it. The topics covered under it included Stealing Password using different methods as – Browser’s Refresh, Browser’s Memory, Remember feature, Forget Password feature and last but not the least SQL Injection. The role of Browser’s Viewing Tool available showed a clear picture of how password could be easily cracked.

Shalini and Runa's Presentation
[http://www.owasp.org/images/2/21/5_ways_to_lose_your_user%27s_password.ppt Download]
----

'''Mumbai Chapter - First Meeting - Saturday June 24th 2006 [09:30 - 12:00] '''

Everyone is welcome to join us at our regular chapter meetings.

'''Time:''' 9:30 AM - 12:00 PM

If you have any items you want added to the agenda, post your ideas to our [https://lists.sourceforge.net/lists/listinfo/owasp-mumbai/ mailing list.]

If you would like to speak at the event or sponsor, contact [mailto:dharmeshmm@gmail.com Dharmesh M Mehta] before 20th June.

'''Agenda'''
----
'''''1. 09:30 - 09:45 Introduction : Anuradha Srinivasan, Mastek'''

'''''2. 09:45 - 10:30 Secure Coding Fundamentals : Richard Lewis, Tech Mahindra'''''

10:30 - 11:00 Food and Beverages

'''''3. 11:00 - 11:30 Threat Modeling : Dharmesh M Mehta, Mastek '''''

'''''4. 11:30 - 12:00 5 ways to lose your user's password : Shalini Gupta and Runa Dwibedi, Paladion Networks '''''

----

'''Venue and Sponsor Details:'''

[http://www.mastek.com Mastek Ltd].

Mastek Millennium Center,
A-7 Sec-I Millennium Business Park,

Mahape, Navi Mumbai - 400 710.

''Please contact [mailto:dharmeshmm@gmail.com Dharmesh M Mehta] before 23th June if you are attending the meeting.''

'''OWASP Moves to MediaWiki Portal - 11:23, 20 May 2006 (EDT)'''

OWASP is pleased to announce the arrival of OWASP 2.0!

OWASP 2.0 utilizes the MediaWiki portal to manage and provide
the latest OWASP related information. Enjoy!

File:OWASP DAY.JPG

2007-10-10T13:00:22Z

Dharmeshmm: OWASP MUMBAI - 2007 OWASP DAY CELEBRATION SNAPS

OWASP MUMBAI - 2007 OWASP DAY CELEBRATION SNAPS