OWASP - User contributions [en]

Hyderabad

2019-11-14T17:43:20Z

Raj Shalem: /* Nov - 2019 - OWASP Day Workshop */

Welcome to the OWASP Hyderabad chapter homepage.

== OWASP - Hyderabad Chapter Board Members ==
Scope of the board is to discuss and approve local activities, meetings and plans.The board meetings will be announced at a later date. 

'''The board currently includes the following members :'''
* '''OWASP Hyderabad chapter: 'Core Team'''' (Members since 2017) [mailto:gshalemraj@gmail.com Shalem Raj - Cognizant Technology Solutions] : Chapter Leader [mailto:rajesh.gopal@owasp.org Rajesh Gopal - Fortune 500 Organisation] [mailto:bhaskar.puppala@owasp.org Bhaskar Puppala - Fortune 500 Organisation] [mailto:sathya.achanta@owasp.org Achanta Sathya Phani Bapi Raju - CSC] [mailto:saikrishna.gobburi@owasp.org Saikrishna Gobburi - Pramati Technologies Pvt Ltd] 
* '''OWASP Hyderabad chapter: 'Advisory Group'''' (Members since Mar-2019)
# Vasudeva Aremanda - Genpact
# Riyaz Shaik - FX Labs
# Krishna Chaitanya Suraparaju - Cycops (Founder)
Information about future meets can be seen in the '''''Upcoming Meetings''''' section below.

== '''Location Details''' ==

Hyderabad is the capital of southern India's Telangana state. A major center for the technology industry, it's home to many upscale restaurants and shops. Its historic sites include Golconda Fort, a former diamond-trading center that was once the Qutb Shahi dynastic capital. The Charminar, a 16th-century mosque whose 4 arches support towering minarets, is an old city landmark near the long-standing Laad Bazaar.

[[File:Hydskyline.jpg|Panorama of Hyderabad, as seen from the Hussain Sagar lake. Source: https://en.wikipedia.org/wiki/Hyderabad#/media/File:Hydskyline.jpg|center|1150x1150px]]

More details about Hyderabad location available @https://en.wikipedia.org/wiki/Hyderabad<nowiki/>{{Chapter Template|chaptername=Hyderabad|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-hyderabad|emailarchives=http://lists.owasp.org/pipermail/owasp-hyderabad}}
== Participants ==

OWASP Local Chapter meetings are free and open. Our chapter's meetings are informal and encourage open discussion of all aspects of application security. Anyone in our area interested in web application security is welcome to attend. We encourage attendees to give short presentations about specific topics.

 Stay Updated

'''[https://lists.owasp.org/mailman/listinfo/owasp-hyderabad Click here to join the local chapter mailing list]'''

'''Follow''' OWASP Hyderabad on your favorite social media sites:

[[Image:Twitter mini.png|link=http://twitter.com/OWASPHyderabad]] [[Image:Facebook mini.png|link=https://www.facebook.com/pages/Owasp-Hyderabad/181569591897591]]

'''Share''' OWASP Hyderabad on your favorite social media sites:

Presentations are invited from speakers, Please contacts us at our Telegram Group @https://goo.gl/EHqdLM

(Don't share personal details like contact numbers here, because its an open group, your privacy is our concern)

Presenters are encouraged to use OWASP presentation template for slides preparation.

Follow us at our Telegram, Twitter and Facebook handles to get latest information !

== Presentations and Training[edit | edit source] ==
OWASP Track

[https://www.owasp.org/index.php/Speaker_Agreement Speaker Agreement]

[https://www.owasp.org/images/b/b3/OWASP_Presentation_Template_v2.zip Presentation Template]

[https://www.owasp.org/index.php/Image:CFP_template.doc Call For Papers Template]

[https://www.owasp.org/images/8/85/OWASP_CFT_Template-1-.doc Call For Training proposal template].

[http://www.owasp.org/images/4/4b/SAMPLE_Training_Instructor_Agreement.doc Training Instructor Agreement]

== '''Upcoming Meetings & Events''' ==
''Stay tuned for 2019 updates - Exciting activities are under plan !''

== [[Meeting]] Details: ==

== Nov - 2019 - OWASP Day Workshop ==
'''Organized''' '''by''' : Salesforce India Private Limited

'''Date :''' '''23/Nov/2019'''

'''Event :''' 10.00 AM to 06.00 PM IST

'''Venue :''' '''Salesforce India Private Limited''' Block 5, DivyaSree Orion IT/ITES SEZ Survey 66/1 Panmakhta, Raidurg Village Serilingampally Mandal, Ranga Reddy District Hyderabad (Telangana) 500 032 India

'''Registration Link:''' https://www.meraevents.com/previewevent?view=preview&eventId=218015
[[File:Nov-2019_Details.jpg|right|frameless]]
{| class="wikitable"
|'''Session Details: OWASP Day workshop By "Dr. Phillippe De Ryck"'''
|-
|'''Founder of Pragmatic Web Security, Google Developer Expert'''
|-
|'''Social media profiles of Speaker :'''

'''Twitter:''' https://twitter.com/PhilippeDeRyck

'''LinkedIn:''' https://www.linkedin.com/in/PhilippeDeRyck/

'''Github:''' https://github.com/philippederyck/
|-
|
|}
'''Agenda :'''

Welcome and Overview by OWASP Core Team

Welcome note by Salesforce Information Security team
* The security model of the web
* Security fundamentals for HTTP applications
* Lab sessions
* Server-side Injection vulnerabilities
* Lunch Break
* Understanding XSS attacks and defenses
* Lab sessions
* Q&A and conclusion
* Vote of Thanks
* Closing: Network Business / Announce Next Meeting – By OWASP Team
* Meeting Concludes: Network Social

'''Directions to Venue:''' [https://www.google.com/maps/dir//Salesforce,+Block+5,+DivyaSree+Orion+IT%2FITES+SEZ,+Survey+66%2F1+Panmakhta,+Raidurg+Village,+Serilingampally+Mandal,+Ranga+Reddy+District,+Hyderabad,+Telangana+500032/@17.4225721,78.3081909,12z/data=!3m1!4b1!4m8!4m7!1m0!1 Google Map Link]

== Aug - 2019 - One-Day Conference ==
'''Organized''' '''by''' : Broadridge Financial Solutions (India) Private Limited

'''Date :''' '''31/Aug/2019'''

'''Timings :''' 9.00 AM Registration starts

'''Event :''' 10.00 AM to 06.00 PM IST

'''Venue :''' '''Broadridge Financial Solutions (India) Private Limited''', Adjacent to Cyber Towers, Hi-Tec City, Madhapur | Hyderabad 500081 Telangana

'''Registration Link:''' https://www.meraevents.com/event/owasp-hyderabad-august-meet-2019
{| class="wikitable"
|'''Registration & Networking'''
|-
|Welcome and Overview by OWASP Core Team : Welcome note by Broadridge Team
|-
|'''Azure Secure Devops Kit (AzSK)''' – By Sartaj Shaik : Sartaj is pen-tester and Security adviser with 6 + years of experience in Bug bounty and Security adviser associated with HCL and Aveva. A motivational speaker and MCU enthusiast (Inspired by Iron Man)
|-
|Refreshments / Tea Break
|-
|'''IOT (Internet of Things) Security (WiFi and Bluetooth hooks)''' – By Satish Rao : Satish Rao is an IoT Enthusiast , He have M.Tech in Computer Science and working in Oracle India Pvt Ltd in the role of Security Program Manager , having 14 years of Software Industry Experience. Linkendin : <nowiki>https://www.linkedin.com/in/satishraop/</nowiki>
|-
|'''Secure Code Review''' – By Raghav : Raghav has over 11 years of experience in Development and Application Security. In his current role at Broadridge he has been involved in vulnerability assessments, secure code reviews, design reviews, providing remediation support and mentoring. He also conducted several security awareness sessions to the development community.
|-
|'''Networking Lunch'''
|-
|'''AndroGoat in Kotlin (A damn vulnerable mobile App)''' – By Satish Patnayak : 9 years of broad industry experience , Information Security Consultant , researcher , Bug bounty hunter and blogger. AndroGoat is developed by Satish and dedicated the app to OWASP. Twitter : @satish_patnayak
|-
|'''Refreshments / Tea Break'''
|-
|'''Third Party Libraries - Impact and Analysis''' By Niranjan T, Sarwar J
Speakers Profile:
a) Niranjan T, is working as a Technology Lead at Broadridge, with 7 years of experience in multiple security domains such as Application Security, Infrastructure Security, Mobile Security etc.
b) Sarwar J, is working as a Senior Product Security Analyst at Broadridge, who is passionate about learning and sharing knowledge with the AppSec community.
|-
|'''Vote of Thanks'''

Closing: Network Business / Announce Next Meeting – By OWASP Team
|-
|Meeting Concludes: ''Network Social''
|}

== Mar - 2019 - One-Day Conference ==
'''Organized''' '''by''' : S&P Global

'''Date :''' '''09/Mar/2019'''

'''Timings :''' 9.00 AM Registration starts

'''Event :''' 10.00 AM to 06.00 PM IST

'''Venue :''' @Ness Software Engineering Services India ,LLP, '''4th Floor, Block 5, East Tower,''' '''North wing Divyasree NSL Infrastructure Pvt''', ,Sy No.66/1, Raidurgam Village, Serlingampally Mandal, RR Dist, Hyderabad-500032, Telangana, India

'''Registration Link:''' https://www.meraevents.com/event/owasp-hyderabad-chapter-march-2019-oneday-meet-by-sandp-global
{| class="wikitable"
|'''Registration & Networking'''
|-
|Welcome and Overview by OWASP Core Team:

''Felicitation to Guest of Honor: '''G Janaki Sharmila''' - Dy. Commissioner of Police - Crime''

http://www.cyberabadpolice.gov.in/crime-wing/dcp-crimes.html

''Welcome note by S&P Global Team''
|-
|'''Authentication in API, Microservices Architecture''' '''and Cloud Security''' – By ''Varun Kumar Srivastava'':

Varun is principal Engineer with 9 + years of experience in developing and securing web applications and expertise in Application Security, Identity and Access management, He is a computer science graduate from IIT
|-
|Refreshments / Tea Break
|-
|'''''Panel Discussion''''' ''(Cybersecurity Readiness – Maturity and Capability)''

Dr. Bheemarjuna Reddy Tamma - Associate Professor, IIT Hyderabad - https://www.iith.ac.in/~tbr/

Dr. V. Radha, Associate Professor, Institute for Development and Research in Banking Technology (IDRBT) - http://idrbt.ac.in/vradha.html

Mr. Veeraindhra Dinker, Director Information Security at GSS Infotech Hyderabad - https://www.linkedin.com/in/vdinker

Mr. Venu Rao , Founder and CEO - We Secure App - https://www.linkedin.com/in/venu-rao-wsa
|-
|'''Networking Lunch -'''

'''Registrations for Onsite Hackathon by Secure Code Warrior'''
|-
|'''Executive Briefing: Secure Software Development''' – By Satish Kumar Vadlakonda: Satish is Associate Director with 12 + years of broad industry experience in to software design, architecture and development. Specialized in Web and Windows applications development with a strong acquaintance to the best practices of Agile, UX, UI and Information security
|-
|'''An Introduction to IOT firmware analysis and Security''' – By ''Vivek Rengarajan:''

Vivek is a cybersecurity team leader in a multinational bank with almost 18 years of experience. He has held varied roles in his career and has been a cyber security enthusiast for a long time. His areas of interest include mobile and ioT security, Malware analysis and reverse engineering and exploit development. He tweets at @vivek_310
|-
|Refreshments / Tea Break
|-
|'''''Onsite Hackathon (CTF) by''''' '''''Secure Code Warrior''': '''(3 Hours)'''''[[File:SCW LOGO.png|thumb]]

''Secure Code Warrior is a global security company that makes software development better and more secure: Gamified competitive Developer Quality Assurance platform''

https://securecodewarrior.com , https://insights.securecodewarrior.com

'''Announcement of the winners and Prize distribution:'''

'''The participants can form a group up to 3 members each or can participate individually'''

Watch as you climb to the top of the leaderboard and be crowned the ‘Secure Code Warrior.’ We are giving away prizes:

The following are prizes :

· 1st - 3x t-shirt, Rs. 3001 Amazon voucher each from '''SCW''' and 9000 Amazon gift card from '''S&P Global'''

· 2nd - 3x t-shirt from '''SCW''' – 5000 Amazon gift card from '''S&P Global'''

· 3rd - 3x t-shirt from '''SCW''' – 3000 Amazon gift card from '''S&P Global'''
|-
|'''Vote of Thanks'''

Closing: Network Business / Announce Next Meeting – By OWASP Team
|-
|Meeting Concludes: ''Network Social''
|}

== Dec - 2018 ==
[[File:Session Photo.jpg|thumb]]
[[File:Group Photo.jpg|thumb]]
'''Organized''' '''by''' : ThoughtWorks Technologies Private Limited

'''Date :''' 15/Dec/2018

'''Timings :''' 10.00 AM to 1.00 PM IST

'''Venue :''' ThoughtWorks Technologies Private Limited, Hyderabad, Telangana, India

'''Registration Link:''' https://www.eventbrite.com/e/owasp-hyderabad-december-2018-chapter-meet-tickets-53371662078#

'''Agenda:'''

'''1) All about Java Deserialization Vulnerability'''

Java Deserialization of untrusted data has been a security buzzword for the past couple of years with almost every application using native Java serialization framework being vulnerable to Java deserialization attacks. Since it's inception, there have been many scattered attempts to come up with a solution to best address this flaw. In this talk we will focus on Java deserialization vulnerability and mitigation framework provided by Oracle in its latest JDK.

'''About Speakers:''' Venkata Suresh Sanga is a Principle Security Engineer in Oracle having more than 13+ years of experience in Application Development and Security. Currently working on SAST Tools to remediate or mitigate the Application Vulnerabilities. He has Masters in Computer Science (M.Tech) from Andhra University. Linkedin : <nowiki>https://in.linkedin.com/in/svsuresh-appse</nowiki>

'''Our Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Our Twitter URL:''' https://twitter.com/owasphyderabad

'''Our Telegram URL:''' https://goo.gl/EHqdLM

== Sept-2018 - One-Day Conference ==
'''Organized''' '''by''' : S&P Global and Ness

'''Date :''' 01/Sept/2018

'''Timings :''' 10.00 AM to 05.30 PM IST

'''Venue :''' @Ness Software Engineering Services India ,LLP, 4th Floor, Block 5, East Tower, '''North wing Divyasree NSL Infrastructure Pvt''', ,Sy No.66/1, Raidurgam Village, Serlingampally Mandal, RR Dist, Hyderabad-500032, Telangana, India

'''Registration Link:'''

https://www.meraevents.com/event/owasp-hyderabad-september-2018-chapter-meet?ucode=organizer

'''Agenda:'''
{| class="wikitable"
|'''Registration & Networking'''
|-
|Welcome and Overview by OWASP Core Team

Welcome note by S&P Global Team

Welcome & Overview of Meeting by OWASP Network Representative
|-
|'''Running Frida on jailed devices by using Frida and to bypass root/jailbreak detection – By Satish Kumar Patnayak'''

About Speaker : Information Security Consultant with 7+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. His areas of interest are android security, ios security
|-
|Refreshments / Tea Break
|-
|'''SSRF Exploit Development – By Aayush Deo'''

About Speaker : Good industry experience in information security and completed my BE from PUNE University. Have worked with shopclues.com, an eCommerce company in the past and have couple of Hall of Fame’s on ZETA, Paytm etc.
|-
|Networking Lunch
|-
|'''Mobile Vulnerabilities worth Millions - Pentesting and Securing iOS Apps using OWASP iGoat – By Swaroop Deepak Yermalkar'''

About Speaker : works as Sr Security Engineer with a diverse skill set focused on Mobile App Pentest, Web, API and AWS Pentesting. In addition he has authored the popular book “Learning iOS Pentesting” (<nowiki>https://goo.gl/T8jvjJ</nowiki>) and lead an open source project - OWASP iGoat (<nowiki>https://github.com/OWASP/iGoat-Swift</nowiki>) which is developed for mobile security. He is one of the top bug bounty researchers worldwide, working with Cobalt.io (<nowiki>https://app.cobalt.io/swaroopsy</nowiki>), Synack.inc.

He has given talks and workshops at many security conferences including AppSec USA 2017, BruCON, SEC-T, EuropeanSec, Hacks in Taiwan (HITCON), GroundZero, c0c0n, 0x90, GNUnify
|-
|'''OS Command Injection - Observation, Attack & Analysis (A1 - OWASP Top 10 2017) - By Bhaskar Puppala and Saikrishna Gobburi'''

About Speaker: Bhaskar Puppala is an Information Security Professional, working as a consultant for a fortune 500 company and has 8.5 years of experience. He is more interested in application security area and love to share his knowledge when possible. He also has some experience in bug bounty programs and listed on couple of Security Hall of Fames.

For more details please visit : <nowiki>https://in.linkedin.com/in/bhaskar-puppala-3bb11316</nowiki>

About Speaker: Saikrishna Gobburi has around 8.5 years of work experience on QA automation, performance and security testing .Currently he is working as Principal engineer with Pramati technologies. He is also associated as core member with OWASP-Hyderabad.

For more details please visit: <nowiki>https://www.linkedin.com/in/saikrishna-gobburi-b0088118/</nowiki>
|-
|Refreshments / Tea Break
|-
|Panel Discussion – Corporate attack methodology vs Attacks in the wild (Resource pool: Demand vs Supply)
Panel to be announced
|-
|Closing - Network Business / Announce Next Meeting – By OWASP Team
|-
|''Network Social''
|}
'''Sponsor :'''
{| class="wikitable"
![[File:Session_Photos.jpg|thumb|S and P]]
![[File:Session_Photos1.jpg|thumb|S and P]]
![[File:Session_Photos2.jpg|thumb|S and P]]
|} [[File:SP.png|frameless|168x168px]]
== July - 2018[edit | edit source] ==
'''Time & Venue:'''
[[File:July 2018 Core Team meet.jpg|thumb|July 2018 Core Team Meet]]
@28/July/2018

CCD, Banjara Hills, Hyderabad, Telangana.

'''Agenda:'''

1. Planning for Sep 2018 OWASP meet - '''Done'''

2. Telegraph Group Mentoring - '''Done'''

3. Speakers Finalizing - '''Done'''

'''Attendees : Hyderabad OWASP Core Team'''

[[File:CoMakeIT - June 2018 Meet Pic 2.jpg|thumb|CoMakeIT - June 2018 Meet]]

== June - 2018 ==
[[File:CoMakeIT - June 2018 Meet.jpg|alt=CoMakeIT - June 2018 Meet|thumb|CoMakeIT - June 2018 Meet]]
'''Venue: coMakeIT Software Pvt Ltd'''

Address: 7th Floor, Block-I, My Home Hub, Hitech City, Madhapur, Hyderabad, INDIA

'''Event Start Time:''' Saturday, 23rd June, 2018 at 10:00 AM (IST)

'''Event Registration URL''': https://tinyurl.com/yc9cb6hg

'''Agenda:'''

'''1) Adapting to DevSecOps in Agile World'''

In this talk, speaker will try talk about basics of DevSecOps and its benefits when we integrate it in Agile SDLC space.

'''2) Understanding the internals of 'Server-Side Request Forgery' (SSRF)'''

Here speaker will try to touch the basics about how application communicates with end devices and using the same he will try to explain SSRF issue and criticality of it, if exploited.

'''About Speakers:'''

'''1) Saikrishna Gobburi''' has around 8.5 years of work experience on QA automation, performance and security testing .Currently he is working as Principle engineer with Pramati technologies. He is also associated as core member with OWASP-Hyderabad. For more details please visit: <nowiki>https://www.linkedin.com/in/saikrishna-gobburi-b0088118/</nowiki>

'''2) Bhaskar Puppala''' is an Information Security Professional, working as a consultant for a fortune 500 company and has 8.5 years of experience. He is more interested in application security area and love to share his knowledge when possible. He also has some experience in bug bounty programs and listed on couple of Security Hall of Fames. For more details please visit : <nowiki>https://in.linkedin.com/in/bhaskar-puppala-3bb11316</nowiki>

'''Our Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Our Twitter URL:''' https://twitter.com/owasphyderabad

'''Our Telegram URL:''' https://goo.gl/EHqdLM

== Mar - 2018 ==
[[File:Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet.jpg|alt=Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet|thumb|Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet]]
'''Venue: Daspalla Hotel'''
[[File:Daspalla_Hotel_-_Meet.jpg|thumb|Daspalla Hotel Meet - Mar 2018]]

Address: Rd Number 37, CBI Colony, Jubilee Hills, Hyderabad, Telangana 500033, Phone: 040 6654 5678

'''Event Start Time:''' Saturday, 10th Mar, 2018 at 10:00 AM (IST)

'''Agenda:'''

'''1) Does your Pentesting cover all the basis of IT Security ?'''

This talk focuses on how to align the security validation of a web application with the three basic elements of security namely,Confidentiality,Integrity, and Availability (CIA). The test effectiveness can be achieved by analyzing the requirements of each element and identifying the potential breaches that can compromise each element. The efficiency should be built by relating these breaches with the known OWASP Top 10 and other vulnerabilities and, leveraging that knowledge to identify the testing approach - static and dynamic throughout the SDLC.

'''About Speakers:'''

'''Bhushan Gupta''' has over 30 years of experience in software engineering, 23 of which have been in the software industry. Although recognized for his contributions in the areas of software engineering such as agile processes and quality methods and metrics, Bhushan has taken a vigorous interest in web application security and is keen on applying pragmatic software development practices that yield a secure product. He is one of the leaders of the OWASP Portland Chapter. Bhushan has been a speaker, a panelist, and a reviewer for software quality and security organizations. As a change agent, Bhushan volunteers his time and energy for organizations that promote software security and quality. He has a MS degree in Computer Science from New Mexico Institute of Mining and Technology, Socorro, New Mexico, 1985.

'''Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Twitter URL:''' https://twitter.com/owasphyderabad

'''Telegram URL:''' https://goo.gl/EHqdLM

'''Registration URL:''' https://goo.gl/tEXnec

== Feb-2018 ==

=== '''Venue: coMakeIT''' ===
7th Floor, Block-I, My Home Hub, Hitech City, Madhapur, Hyderabad, INDIA

'''Time:''' Saturday, 03rd Feb, 2018 at 10:30 AM (IST)

'''Agenda:'''

1) Mobile Application Pentest & Mobile Application Ransomware

2) Using Static Analyser tools while coding

'''About Speakers:'''

1) '''Spv Reddy''' is an Application Security Analyst at '''IMImobile Pvt Ltd''', member of '''National Technical Committee Member''' at National Cyber Safety and Security Standards

Also a '''Steering Committee Lead''' Member in National Information Security Summit.

2) '''Dathu Rachapudi''' is having 9 years of experience with 6+ years into Application Security only. He is currently working with '''ValueLabs''' as a “Technical Lead-Security”

He likes to teach and a happy a bug hunter during his leisure time.

== Dec-2017 ==
[[File:WhatsApp Image 2017-12-15 at 11.09.39 PM.jpg|thumb]]
'''Time & Venue:'''

@15/Dec/2017

KFC location, Shilparamam, Hi-Tech city, Hyderabad

'''Agenda:'''

1. Planning for Jan 20th 2018 general OWASP meet - '''Done'''

2. Need to clear OWASP mail account - '''Done'''

'''Attendees : Hyderabad OWASP Core Team'''

== Sec-2017 ==
[[File:WhatsApp Image 2017-12-15 at 10.13.27 PM.jpg|thumb]]
'''Time & Venue:'''

@03/Sep/2017

Cafe Coffee day, Road Number 10, Banjara Hills, Hyderabad

'''Below decisions were made after careful discussions'''

1. Uploading of OWASP presentation template, speakers should make use of this template to prepare their presentation

2. Recording the technical demo is mandate for presenters

'''Attendees : Hyderabad OWASP Core Team'''

== July 2017 ==
'''Time & Venue:'''

OpenText Technologies, Building No-14, 3rd Floor, Raheja Mindspace, HITEH City, Hyderabad

Saturday, July 15th, 2017 at 10:30 AM (IST)

'''Agenda:'''

1. Introduction to DevOps and its Tools - Krishna Reddy Pedala

2. API Security Auditing using RESTED Plug-in - Vikas Kumar Pal

'''About the speaker:'''

'''Krishna Reddy Pedala''' is currently working as an Sr.Information Security consultant in financial sector. His previous endeavour was with Microsoft and has 9+ years of experience in Information security domain with expertise in service industry and banking domains.

'''Vikas Kumar Pal''' is an information security professional working with Ceredox Technologies Pvt Ltd, Hyderabad with an interest in research and development in the areas of Application Security, Penetration Testing and Web Application Development.

== Feb 2017 ==

'''Time & Venue:'''

Starbucks, Opp: Cybergateway, HiTech City, Hyderbad

Monday, February 20th, 2017 at 7.30 PM (IST)

'''Agenda:'''

Topic: New Core Team Meeting

Road map for year 2017

Changes in core team members responsibilities

Getting OWASP accounts for core members

Administration of all social accounts of OWASP Hyderabad Chapter

== April 2016 ==
'''Time & Venue:'''

OpenText Technologies, Building No-14, 3rd Floor, Raheja Mindspace, HITEH City, Hyderabad

Saturday, April 2nd, 2016 at 10:30 AM (IST)

'''Agenda:'''

Topic: Mobile application security and testing by Satish Kumar Patnaik

About the speaker - Satish Kumar Patnayak : he is currently working as an Senior Information Security Consultant financial sector and has 5+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. His areas of interest are android security, ios security.

==February 2016==

'''Time & Venue:'''

Saturday, February 27th, 2016 at 10:30 AM (IST)

Location: Pramati Technologies Private Limited, Mid Town 6-3-348 Road No. 1, Banjara Hills, Hyderabad, Telangana, India

'''Agenda:'''

Microsoft Threat Modeling Tool 2016 by Krishna Reddy Padala

Creating DFD STRIDE Model Identifying STRIDE Threats by DFD, Mitigation Techniques and Technologies

'''About the speaker:''' Krishna Reddy Padala, he is currently working as an Senior Information Security Consultant financial sectore and worked with Microsoft and has 8+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. QUALYS GUARD Certified Vulnerability Management Specialist.Certified Ethical Hacker from EC Council.Worked extensively on Web Application Security, Secure Code Reviews in Banking & Financial, Healthcare, Retail, Logistics domains.

== '''Previous Meets:''' ==

==May 11, 2013==

'''Venue:'''

CA Technologies, 115, IT Park Area, Nanakramguda, Gachibowli - (Phone - 040 6687 8000), Hyderabad

'''Agenda:''' Exploiting Java 0-day by Ravindra and Raghuveer, CA Technologies Compliance and Governance by Shalem Raj, Cognizant.

==February 9, 2013==

'''Date & Time: Saturday, February 9, 2013 from 10:00 AM to 1:00 PM '''

'''Venue:'''
CA Technologies 
115, IT Park Area 
Nanakramguda, Gachibowli - (Phone - 040 6687 8000) 
Hyderabad

'''Agenda:'''
IBM Appscan - An automated approach to web app security by Rohit Tamma 
Insecure Storage in iPhone applications by Satish Bommisetty

''' Speakers: '''

'''Rohit Tamma'''
Rohit Tamma has been working in the field of Application Security since 3.5 years. He has experience in Vulnerability Assessments and Penetration Testing of web applications. He is passionate about Mobile security with special interest in Android security. He is currently working with ADP.

'''Satish Bommisetty'''
Satish is an Information Security Professional with 6.5 years of experience in penetration testing of web applications and mobile applications. He is currently working with ADP as a security analyst. He is a Facebook whitehat. He also reported vulnerabilities in Bing, Linkedin and Paypal.

== October 27, 2012 ==

'''Date & Time: Saturday, October 27, 2012 at 11:00 AM (IST) '''.

'''Venue:'''

Invesco private Limited 
15th Floor , North Block, Beside Raidurg Police Station 
DivyaSree Orion SEZ 
Hyderabad, Andhra Pradesh 500032 

'''Agenda:'''

A bird'd eye view of securing Web Applications by Imran Mohammed

SSDLC BSIMM by M S Sripathi

''' Speakers '''

'''Imran Mohammed'''

Mohammed Imran works as Researcher at TCS, Innovation Labs. He also leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Imran is a CEH and his interests include application security assessment, penetration testing and secure code review. When not at work he practices horse riding and marksmanship.

'''Sreepati M S '''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him .

'''Sponsor'''

Invesco Pvt Ltd

== August 11, 2012 ==

'''Date & Time: Saturday, Aug 11, 2012 at 10:30 AM '''.

'''Venue:'''

ADP pvt ltd 
Kothaguda 
Ground floor, Block C Laxmi cyber city Opposite TCS e-park 
Hyderabad, Andhra Pradesh 500081 

'''Agenda:'''

HTML5 Security Part II by Krishna Chaitanya

''' Speakers '''

'''Krishna Chaitanya T'''

Krishna Chaitanya T is a web geek working at Security & Privacy Research Lab, Infosys Labs. He is very much passionate about the web with special interest on Web security and areas such as HTML5, JavaScript, Web browsers, social networking platforms etc. He is a regular blogger and speaker at technical events. For his contributions to technical communities, he has been awarded Microsoft MVP award for 3 consecutive years-ASP.NET MVP(2010) and Internet Explorer MVP (2011, 2012). He is also pursuing M.S by Research at IIIT-Hyd with focus on security aspects of the modern web. When not at work he practices Yoga and plays Chess.

'''Sponsor'''

https://www.owasp.org/images/9/91/Adp.jpg

== May 19, 2012 ==

'''Date & Time: Saturday, May 19, 2012 at 10:30 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

HTML5 Security by Krishna Chaitanya

''' Speakers '''

'''Krishna Chaitanya T'''

Krishna Chaitanya T is a web geek working at Security & Privacy Research Lab, Infosys Labs. He is very much passionate about the web with special interest on Web security and areas such as HTML5, JavaScript, Web browsers, social networking platforms etc. He is a regular blogger and speaker at technical events. For his contributions to technical communities, he has been awarded Microsoft MVP award for 3 consecutive years-ASP.NET MVP(2010) and Internet Explorer MVP (2011, 2012). He is also pursuing M.S by Research at IIIT-Hyd with focus on security aspects of the modern web. When not at work he practices Yoga and plays Chess.

== February 25, 2012 ==

'''Date & Time: Saturday, February 25, 2012 at 11:00 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

How to find zero days in web applications by Imran & Raghunath

''' Speakers '''

'''Mohammed Imran'''

Imran works as Application Security Researcher at Tata consultancy services,leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Apart from his day job he contributes to matriux and Fedora open source projects. Imran is a CEH and his interests include application security assessment, penetration testing and code review.

'''Raghunath'''

Raghunath works as a senior security engineer at entersoft information systems private limited. His interests include web application penetration testing.

== December 17, 2011 ==

'''Date & Time: Saturday, at 10:30 AM '''.

'''Venue: '''

Hotel Sitara Grand 
Road No.12, Road No.12, Banjara Hills 
Hyderabad, Andhra Pradesh 500034, India 

'''Agenda:'''

Cloud Security by Arshad Noor

''' Speakers '''

'''Arshad Noor'''
Chief Technology Officer
StrongAuth, Inc., Sunnyvale, California

Started his great profession as a senior systems designer way back in 1986 at Port Authority of Newyork and New Jersey,- Newyork and worked in Citibank - newyork as Vice President apart from Newyork Life Insurance, BASF Corporation, Sun IT ,Sun Microsystems, INC to name.
Architected and built several Public Key Infrastructure (PKI) assignments for several defense, communication, medical, Banking, e-commerce, life sciences and other industries.

== November 12, 2011==

'''Date & Time: Saturday, at 10:30 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

HP WebInspect by Rohit Tamma

Pentesting Iphone Applications By B Satish

''' Speakers '''

'''Rohit Tamma'''

Rohit Tamma (CEH) has been working as a Application security Analyst in TCS from past 2 years. His job responsibilities include Vulnerability Assessment and Penetration Testing which enabled him to acquire extensive knowledge on HP WebInspect,IBM Rational Appscan Source Edition and HP Assessment Management Platform. Recently he also gave a presentation in Null Hyderabad meet on HP WebInspect.

'''Satish B'''

Satish has been working as a web application penetration tester since 5 years. Pentested over 200 web applications during this period. Recently he got involved in reverse engineering of binaries, WLAN security and mobile application hacking. He also Performed a couple of network assessments and source code reviews. Developed a compiler in the early stage of the career. He has a Bachelor’s Degree in Computer Science from JNTU, Hyderabad.Passionate about hacking and sharing knowledge.

== 20th August 2011 ==

'''Date & Time: Saturady, at 11 AM '''

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

Oracle Padding Attack by B. Satish

Open SAM part II by Sripati MS

''' Speakers '''

'''B Satish'''

I have been working as a web application penetration tester since 5 years. Pentested over 200 web applications during this period. Recently got involved in reverse engineering of binaries, WLAN security and mobile application hacking. Performed a couple of network assessments and source code reviews. Developed a compiler in the early stage of the career. I have a Bachelor’s Degree in Computer Science from JNTU, Hyderabad. Passionate about hacking and sharing knowledge

'''Sreepati M S'''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him

== July 2011 ==

'''Date: 23/07/2011 saturady of at 12:00 Noon '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

Presentation on Burp Suite by Omair Seminar on Open SAM by Sreepati

''' Speakers '''

'''Sreepati M S '''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him

 

'''Omair '''

Omair works as penetration tester in NII consulting, has over 5 years of experience in Penetration testing. His interests include Network Penetration testing, Exploit generation and Reverse engineering

 ''' Facility Sponsor & Refreshment sponsor'''

3i Infotech

[[Image:3i Infotech.png]]

 

== june 2011 ==

'''Meet on:''' 11/06/2011 saturday

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Facility Sponsor & Refreshment sponsor''' 

Cognizant Technology Solutions

 

[[Image:Cognizant.png|273x86px|Cognizant.png]]

 

== May 2011 ==

'''Meet on:''' 07/05/2011 saturday

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

XSS Autopsy and w3af by Imran

''' Speakers '''

'''Mohammed Imran'''

Imran works as Application Security Researcher at Tata consultancy services,leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Apart from his day job he contributes to matriux and Fedora open source projects. Imran is a CEH and his interests include application security assessment, penetration testing and code review.

'''Sponsor''' 

Cognizant Technology Solutions

 

==== Audio/Video/Slides Archive ====

<paypal>Hyderabad</paypal>

__NOTOC__ <headertabs></headertabs>

[[Category:OWASP_Chapter]]
[[Category:Asia/Pacific/Middle East]]
[[Category:India]]
[[Category:Hyderabad]]

Hyderabad

2019-11-14T17:41:19Z

Raj Shalem: /* Nov - 2019 - OWASP Day Workshop */

Welcome to the OWASP Hyderabad chapter homepage.

== OWASP - Hyderabad Chapter Board Members ==
Scope of the board is to discuss and approve local activities, meetings and plans.The board meetings will be announced at a later date. 

'''The board currently includes the following members :'''
* '''OWASP Hyderabad chapter: 'Core Team'''' (Members since 2017) [mailto:gshalemraj@gmail.com Shalem Raj - Cognizant Technology Solutions] : Chapter Leader [mailto:rajesh.gopal@owasp.org Rajesh Gopal - Fortune 500 Organisation] [mailto:bhaskar.puppala@owasp.org Bhaskar Puppala - Fortune 500 Organisation] [mailto:sathya.achanta@owasp.org Achanta Sathya Phani Bapi Raju - CSC] [mailto:saikrishna.gobburi@owasp.org Saikrishna Gobburi - Pramati Technologies Pvt Ltd] 
* '''OWASP Hyderabad chapter: 'Advisory Group'''' (Members since Mar-2019)
# Vasudeva Aremanda - Genpact
# Riyaz Shaik - FX Labs
# Krishna Chaitanya Suraparaju - Cycops (Founder)
Information about future meets can be seen in the '''''Upcoming Meetings''''' section below.

== '''Location Details''' ==

Hyderabad is the capital of southern India's Telangana state. A major center for the technology industry, it's home to many upscale restaurants and shops. Its historic sites include Golconda Fort, a former diamond-trading center that was once the Qutb Shahi dynastic capital. The Charminar, a 16th-century mosque whose 4 arches support towering minarets, is an old city landmark near the long-standing Laad Bazaar.

[[File:Hydskyline.jpg|Panorama of Hyderabad, as seen from the Hussain Sagar lake. Source: https://en.wikipedia.org/wiki/Hyderabad#/media/File:Hydskyline.jpg|center|1150x1150px]]

More details about Hyderabad location available @https://en.wikipedia.org/wiki/Hyderabad<nowiki/>{{Chapter Template|chaptername=Hyderabad|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-hyderabad|emailarchives=http://lists.owasp.org/pipermail/owasp-hyderabad}}
== Participants ==

OWASP Local Chapter meetings are free and open. Our chapter's meetings are informal and encourage open discussion of all aspects of application security. Anyone in our area interested in web application security is welcome to attend. We encourage attendees to give short presentations about specific topics.

 Stay Updated

'''[https://lists.owasp.org/mailman/listinfo/owasp-hyderabad Click here to join the local chapter mailing list]'''

'''Follow''' OWASP Hyderabad on your favorite social media sites:

[[Image:Twitter mini.png|link=http://twitter.com/OWASPHyderabad]] [[Image:Facebook mini.png|link=https://www.facebook.com/pages/Owasp-Hyderabad/181569591897591]]

'''Share''' OWASP Hyderabad on your favorite social media sites:

Presentations are invited from speakers, Please contacts us at our Telegram Group @https://goo.gl/EHqdLM

(Don't share personal details like contact numbers here, because its an open group, your privacy is our concern)

Presenters are encouraged to use OWASP presentation template for slides preparation.

Follow us at our Telegram, Twitter and Facebook handles to get latest information !

== Presentations and Training[edit | edit source] ==
OWASP Track

[https://www.owasp.org/index.php/Speaker_Agreement Speaker Agreement]

[https://www.owasp.org/images/b/b3/OWASP_Presentation_Template_v2.zip Presentation Template]

[https://www.owasp.org/index.php/Image:CFP_template.doc Call For Papers Template]

[https://www.owasp.org/images/8/85/OWASP_CFT_Template-1-.doc Call For Training proposal template].

[http://www.owasp.org/images/4/4b/SAMPLE_Training_Instructor_Agreement.doc Training Instructor Agreement]

== '''Upcoming Meetings & Events''' ==
''Stay tuned for 2019 updates - Exciting activities are under plan !''

== [[Meeting]] Details: ==

== Nov - 2019 - OWASP Day Workshop ==
'''Organized''' '''by''' : Salesforce India Private Limited

'''Date :''' '''23/Nov/2019'''

'''Event :''' 10.00 AM to 06.00 PM IST

'''Venue :''' '''Salesforce India Private Limited''' Block 5, DivyaSree Orion IT/ITES SEZ Survey 66/1 Panmakhta, Raidurg Village Serilingampally Mandal, Ranga Reddy District Hyderabad (Telangana) 500 032 India

'''Registration Link:''' https://www.meraevents.com/previewevent?view=preview&eventId=218015
[[File:Nov-2019_Details.jpg|right|frameless]]
{| class="wikitable"
|'''Session Details: OWASP Day workshop By "Dr. Phillippe De Ryck"'''
|-
|'''Founder of Pragmatic Web Security, Google Developer Expert'''
|-
|'''Social media profiles of Speaker :'''

'''Twitter:''' https://twitter.com/PhilippeDeRyck

'''LinkedIn:''' https://www.linkedin.com/in/PhilippeDeRyck/

'''Github:''' https://github.com/philippederyck/
|-
|
|}
'''Agenda :'''

Welcome and Overview by OWASP Core Team

Welcome note by Salesforce Information Security team
* The security model of the web
* Security fundamentals for HTTP applications
* Lab sessions
* Server-side Injection vulnerabilities
* Lunch Break
* Understanding XSS attacks and defenses
* Lab sessions
* Q&A and conclusion
* Vote of Thanks
* Closing: Network Business / Announce Next Meeting – By OWASP Team
* Meeting Concludes: Network Social

'''Directions to Venue:''' <nowiki>https://www.google.com/maps/dir//Salesforce,+Block+5,+DivyaSree+Orion+IT%2FITES+SEZ,+Survey+66%2F1+Panmakhta,+Raidurg+Village,+Serilingampally+Mandal,+Ranga+Reddy+District,+Hyderabad,+Telangana+500032/@17.4225721,78.3081909,12z/data=!3m1!4b1!4m8!4m7!1m0!1m5!1m1!1s0x3bcb93dd89703335:0x24e910c91683c283!2m2!1d78.3782314!2d17.4225843</nowiki>

== Aug - 2019 - One-Day Conference ==
'''Organized''' '''by''' : Broadridge Financial Solutions (India) Private Limited

'''Date :''' '''31/Aug/2019'''

'''Timings :''' 9.00 AM Registration starts

'''Event :''' 10.00 AM to 06.00 PM IST

'''Venue :''' '''Broadridge Financial Solutions (India) Private Limited''', Adjacent to Cyber Towers, Hi-Tec City, Madhapur | Hyderabad 500081 Telangana

'''Registration Link:''' https://www.meraevents.com/event/owasp-hyderabad-august-meet-2019
{| class="wikitable"
|'''Registration & Networking'''
|-
|Welcome and Overview by OWASP Core Team : Welcome note by Broadridge Team
|-
|'''Azure Secure Devops Kit (AzSK)''' – By Sartaj Shaik : Sartaj is pen-tester and Security adviser with 6 + years of experience in Bug bounty and Security adviser associated with HCL and Aveva. A motivational speaker and MCU enthusiast (Inspired by Iron Man)
|-
|Refreshments / Tea Break
|-
|'''IOT (Internet of Things) Security (WiFi and Bluetooth hooks)''' – By Satish Rao : Satish Rao is an IoT Enthusiast , He have M.Tech in Computer Science and working in Oracle India Pvt Ltd in the role of Security Program Manager , having 14 years of Software Industry Experience. Linkendin : <nowiki>https://www.linkedin.com/in/satishraop/</nowiki>
|-
|'''Secure Code Review''' – By Raghav : Raghav has over 11 years of experience in Development and Application Security. In his current role at Broadridge he has been involved in vulnerability assessments, secure code reviews, design reviews, providing remediation support and mentoring. He also conducted several security awareness sessions to the development community.
|-
|'''Networking Lunch'''
|-
|'''AndroGoat in Kotlin (A damn vulnerable mobile App)''' – By Satish Patnayak : 9 years of broad industry experience , Information Security Consultant , researcher , Bug bounty hunter and blogger. AndroGoat is developed by Satish and dedicated the app to OWASP. Twitter : @satish_patnayak
|-
|'''Refreshments / Tea Break'''
|-
|'''Third Party Libraries - Impact and Analysis''' By Niranjan T, Sarwar J
Speakers Profile:
a) Niranjan T, is working as a Technology Lead at Broadridge, with 7 years of experience in multiple security domains such as Application Security, Infrastructure Security, Mobile Security etc.
b) Sarwar J, is working as a Senior Product Security Analyst at Broadridge, who is passionate about learning and sharing knowledge with the AppSec community.
|-
|'''Vote of Thanks'''

Closing: Network Business / Announce Next Meeting – By OWASP Team
|-
|Meeting Concludes: ''Network Social''
|}

== Mar - 2019 - One-Day Conference ==
'''Organized''' '''by''' : S&P Global

'''Date :''' '''09/Mar/2019'''

'''Timings :''' 9.00 AM Registration starts

'''Event :''' 10.00 AM to 06.00 PM IST

'''Venue :''' @Ness Software Engineering Services India ,LLP, '''4th Floor, Block 5, East Tower,''' '''North wing Divyasree NSL Infrastructure Pvt''', ,Sy No.66/1, Raidurgam Village, Serlingampally Mandal, RR Dist, Hyderabad-500032, Telangana, India

'''Registration Link:''' https://www.meraevents.com/event/owasp-hyderabad-chapter-march-2019-oneday-meet-by-sandp-global
{| class="wikitable"
|'''Registration & Networking'''
|-
|Welcome and Overview by OWASP Core Team:

''Felicitation to Guest of Honor: '''G Janaki Sharmila''' - Dy. Commissioner of Police - Crime''

http://www.cyberabadpolice.gov.in/crime-wing/dcp-crimes.html

''Welcome note by S&P Global Team''
|-
|'''Authentication in API, Microservices Architecture''' '''and Cloud Security''' – By ''Varun Kumar Srivastava'':

Varun is principal Engineer with 9 + years of experience in developing and securing web applications and expertise in Application Security, Identity and Access management, He is a computer science graduate from IIT
|-
|Refreshments / Tea Break
|-
|'''''Panel Discussion''''' ''(Cybersecurity Readiness – Maturity and Capability)''

Dr. Bheemarjuna Reddy Tamma - Associate Professor, IIT Hyderabad - https://www.iith.ac.in/~tbr/

Dr. V. Radha, Associate Professor, Institute for Development and Research in Banking Technology (IDRBT) - http://idrbt.ac.in/vradha.html

Mr. Veeraindhra Dinker, Director Information Security at GSS Infotech Hyderabad - https://www.linkedin.com/in/vdinker

Mr. Venu Rao , Founder and CEO - We Secure App - https://www.linkedin.com/in/venu-rao-wsa
|-
|'''Networking Lunch -'''

'''Registrations for Onsite Hackathon by Secure Code Warrior'''
|-
|'''Executive Briefing: Secure Software Development''' – By Satish Kumar Vadlakonda: Satish is Associate Director with 12 + years of broad industry experience in to software design, architecture and development. Specialized in Web and Windows applications development with a strong acquaintance to the best practices of Agile, UX, UI and Information security
|-
|'''An Introduction to IOT firmware analysis and Security''' – By ''Vivek Rengarajan:''

Vivek is a cybersecurity team leader in a multinational bank with almost 18 years of experience. He has held varied roles in his career and has been a cyber security enthusiast for a long time. His areas of interest include mobile and ioT security, Malware analysis and reverse engineering and exploit development. He tweets at @vivek_310
|-
|Refreshments / Tea Break
|-
|'''''Onsite Hackathon (CTF) by''''' '''''Secure Code Warrior''': '''(3 Hours)'''''[[File:SCW LOGO.png|thumb]]

''Secure Code Warrior is a global security company that makes software development better and more secure: Gamified competitive Developer Quality Assurance platform''

https://securecodewarrior.com , https://insights.securecodewarrior.com

'''Announcement of the winners and Prize distribution:'''

'''The participants can form a group up to 3 members each or can participate individually'''

Watch as you climb to the top of the leaderboard and be crowned the ‘Secure Code Warrior.’ We are giving away prizes:

The following are prizes :

· 1st - 3x t-shirt, Rs. 3001 Amazon voucher each from '''SCW''' and 9000 Amazon gift card from '''S&P Global'''

· 2nd - 3x t-shirt from '''SCW''' – 5000 Amazon gift card from '''S&P Global'''

· 3rd - 3x t-shirt from '''SCW''' – 3000 Amazon gift card from '''S&P Global'''
|-
|'''Vote of Thanks'''

Closing: Network Business / Announce Next Meeting – By OWASP Team
|-
|Meeting Concludes: ''Network Social''
|}

== Dec - 2018 ==
[[File:Session Photo.jpg|thumb]]
[[File:Group Photo.jpg|thumb]]
'''Organized''' '''by''' : ThoughtWorks Technologies Private Limited

'''Date :''' 15/Dec/2018

'''Timings :''' 10.00 AM to 1.00 PM IST

'''Venue :''' ThoughtWorks Technologies Private Limited, Hyderabad, Telangana, India

'''Registration Link:''' https://www.eventbrite.com/e/owasp-hyderabad-december-2018-chapter-meet-tickets-53371662078#

'''Agenda:'''

'''1) All about Java Deserialization Vulnerability'''

Java Deserialization of untrusted data has been a security buzzword for the past couple of years with almost every application using native Java serialization framework being vulnerable to Java deserialization attacks. Since it's inception, there have been many scattered attempts to come up with a solution to best address this flaw. In this talk we will focus on Java deserialization vulnerability and mitigation framework provided by Oracle in its latest JDK.

'''About Speakers:''' Venkata Suresh Sanga is a Principle Security Engineer in Oracle having more than 13+ years of experience in Application Development and Security. Currently working on SAST Tools to remediate or mitigate the Application Vulnerabilities. He has Masters in Computer Science (M.Tech) from Andhra University. Linkedin : <nowiki>https://in.linkedin.com/in/svsuresh-appse</nowiki>

'''Our Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Our Twitter URL:''' https://twitter.com/owasphyderabad

'''Our Telegram URL:''' https://goo.gl/EHqdLM

== Sept-2018 - One-Day Conference ==
'''Organized''' '''by''' : S&P Global and Ness

'''Date :''' 01/Sept/2018

'''Timings :''' 10.00 AM to 05.30 PM IST

'''Venue :''' @Ness Software Engineering Services India ,LLP, 4th Floor, Block 5, East Tower, '''North wing Divyasree NSL Infrastructure Pvt''', ,Sy No.66/1, Raidurgam Village, Serlingampally Mandal, RR Dist, Hyderabad-500032, Telangana, India

'''Registration Link:'''

https://www.meraevents.com/event/owasp-hyderabad-september-2018-chapter-meet?ucode=organizer

'''Agenda:'''
{| class="wikitable"
|'''Registration & Networking'''
|-
|Welcome and Overview by OWASP Core Team

Welcome note by S&P Global Team

Welcome & Overview of Meeting by OWASP Network Representative
|-
|'''Running Frida on jailed devices by using Frida and to bypass root/jailbreak detection – By Satish Kumar Patnayak'''

About Speaker : Information Security Consultant with 7+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. His areas of interest are android security, ios security
|-
|Refreshments / Tea Break
|-
|'''SSRF Exploit Development – By Aayush Deo'''

About Speaker : Good industry experience in information security and completed my BE from PUNE University. Have worked with shopclues.com, an eCommerce company in the past and have couple of Hall of Fame’s on ZETA, Paytm etc.
|-
|Networking Lunch
|-
|'''Mobile Vulnerabilities worth Millions - Pentesting and Securing iOS Apps using OWASP iGoat – By Swaroop Deepak Yermalkar'''

About Speaker : works as Sr Security Engineer with a diverse skill set focused on Mobile App Pentest, Web, API and AWS Pentesting. In addition he has authored the popular book “Learning iOS Pentesting” (<nowiki>https://goo.gl/T8jvjJ</nowiki>) and lead an open source project - OWASP iGoat (<nowiki>https://github.com/OWASP/iGoat-Swift</nowiki>) which is developed for mobile security. He is one of the top bug bounty researchers worldwide, working with Cobalt.io (<nowiki>https://app.cobalt.io/swaroopsy</nowiki>), Synack.inc.

He has given talks and workshops at many security conferences including AppSec USA 2017, BruCON, SEC-T, EuropeanSec, Hacks in Taiwan (HITCON), GroundZero, c0c0n, 0x90, GNUnify
|-
|'''OS Command Injection - Observation, Attack & Analysis (A1 - OWASP Top 10 2017) - By Bhaskar Puppala and Saikrishna Gobburi'''

About Speaker: Bhaskar Puppala is an Information Security Professional, working as a consultant for a fortune 500 company and has 8.5 years of experience. He is more interested in application security area and love to share his knowledge when possible. He also has some experience in bug bounty programs and listed on couple of Security Hall of Fames.

For more details please visit : <nowiki>https://in.linkedin.com/in/bhaskar-puppala-3bb11316</nowiki>

About Speaker: Saikrishna Gobburi has around 8.5 years of work experience on QA automation, performance and security testing .Currently he is working as Principal engineer with Pramati technologies. He is also associated as core member with OWASP-Hyderabad.

For more details please visit: <nowiki>https://www.linkedin.com/in/saikrishna-gobburi-b0088118/</nowiki>
|-
|Refreshments / Tea Break
|-
|Panel Discussion – Corporate attack methodology vs Attacks in the wild (Resource pool: Demand vs Supply)
Panel to be announced
|-
|Closing - Network Business / Announce Next Meeting – By OWASP Team
|-
|''Network Social''
|}
'''Sponsor :'''
{| class="wikitable"
![[File:Session_Photos.jpg|thumb|S and P]]
![[File:Session_Photos1.jpg|thumb|S and P]]
![[File:Session_Photos2.jpg|thumb|S and P]]
|} [[File:SP.png|frameless|168x168px]]
== July - 2018[edit | edit source] ==
'''Time & Venue:'''
[[File:July 2018 Core Team meet.jpg|thumb|July 2018 Core Team Meet]]
@28/July/2018

CCD, Banjara Hills, Hyderabad, Telangana.

'''Agenda:'''

1. Planning for Sep 2018 OWASP meet - '''Done'''

2. Telegraph Group Mentoring - '''Done'''

3. Speakers Finalizing - '''Done'''

'''Attendees : Hyderabad OWASP Core Team'''

[[File:CoMakeIT - June 2018 Meet Pic 2.jpg|thumb|CoMakeIT - June 2018 Meet]]

== June - 2018 ==
[[File:CoMakeIT - June 2018 Meet.jpg|alt=CoMakeIT - June 2018 Meet|thumb|CoMakeIT - June 2018 Meet]]
'''Venue: coMakeIT Software Pvt Ltd'''

Address: 7th Floor, Block-I, My Home Hub, Hitech City, Madhapur, Hyderabad, INDIA

'''Event Start Time:''' Saturday, 23rd June, 2018 at 10:00 AM (IST)

'''Event Registration URL''': https://tinyurl.com/yc9cb6hg

'''Agenda:'''

'''1) Adapting to DevSecOps in Agile World'''

In this talk, speaker will try talk about basics of DevSecOps and its benefits when we integrate it in Agile SDLC space.

'''2) Understanding the internals of 'Server-Side Request Forgery' (SSRF)'''

Here speaker will try to touch the basics about how application communicates with end devices and using the same he will try to explain SSRF issue and criticality of it, if exploited.

'''About Speakers:'''

'''1) Saikrishna Gobburi''' has around 8.5 years of work experience on QA automation, performance and security testing .Currently he is working as Principle engineer with Pramati technologies. He is also associated as core member with OWASP-Hyderabad. For more details please visit: <nowiki>https://www.linkedin.com/in/saikrishna-gobburi-b0088118/</nowiki>

'''2) Bhaskar Puppala''' is an Information Security Professional, working as a consultant for a fortune 500 company and has 8.5 years of experience. He is more interested in application security area and love to share his knowledge when possible. He also has some experience in bug bounty programs and listed on couple of Security Hall of Fames. For more details please visit : <nowiki>https://in.linkedin.com/in/bhaskar-puppala-3bb11316</nowiki>

'''Our Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Our Twitter URL:''' https://twitter.com/owasphyderabad

'''Our Telegram URL:''' https://goo.gl/EHqdLM

== Mar - 2018 ==
[[File:Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet.jpg|alt=Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet|thumb|Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet]]
'''Venue: Daspalla Hotel'''
[[File:Daspalla_Hotel_-_Meet.jpg|thumb|Daspalla Hotel Meet - Mar 2018]]

Address: Rd Number 37, CBI Colony, Jubilee Hills, Hyderabad, Telangana 500033, Phone: 040 6654 5678

'''Event Start Time:''' Saturday, 10th Mar, 2018 at 10:00 AM (IST)

'''Agenda:'''

'''1) Does your Pentesting cover all the basis of IT Security ?'''

This talk focuses on how to align the security validation of a web application with the three basic elements of security namely,Confidentiality,Integrity, and Availability (CIA). The test effectiveness can be achieved by analyzing the requirements of each element and identifying the potential breaches that can compromise each element. The efficiency should be built by relating these breaches with the known OWASP Top 10 and other vulnerabilities and, leveraging that knowledge to identify the testing approach - static and dynamic throughout the SDLC.

'''About Speakers:'''

'''Bhushan Gupta''' has over 30 years of experience in software engineering, 23 of which have been in the software industry. Although recognized for his contributions in the areas of software engineering such as agile processes and quality methods and metrics, Bhushan has taken a vigorous interest in web application security and is keen on applying pragmatic software development practices that yield a secure product. He is one of the leaders of the OWASP Portland Chapter. Bhushan has been a speaker, a panelist, and a reviewer for software quality and security organizations. As a change agent, Bhushan volunteers his time and energy for organizations that promote software security and quality. He has a MS degree in Computer Science from New Mexico Institute of Mining and Technology, Socorro, New Mexico, 1985.

'''Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Twitter URL:''' https://twitter.com/owasphyderabad

'''Telegram URL:''' https://goo.gl/EHqdLM

'''Registration URL:''' https://goo.gl/tEXnec

== Feb-2018 ==

=== '''Venue: coMakeIT''' ===
7th Floor, Block-I, My Home Hub, Hitech City, Madhapur, Hyderabad, INDIA

'''Time:''' Saturday, 03rd Feb, 2018 at 10:30 AM (IST)

'''Agenda:'''

1) Mobile Application Pentest & Mobile Application Ransomware

2) Using Static Analyser tools while coding

'''About Speakers:'''

1) '''Spv Reddy''' is an Application Security Analyst at '''IMImobile Pvt Ltd''', member of '''National Technical Committee Member''' at National Cyber Safety and Security Standards

Also a '''Steering Committee Lead''' Member in National Information Security Summit.

2) '''Dathu Rachapudi''' is having 9 years of experience with 6+ years into Application Security only. He is currently working with '''ValueLabs''' as a “Technical Lead-Security”

He likes to teach and a happy a bug hunter during his leisure time.

== Dec-2017 ==
[[File:WhatsApp Image 2017-12-15 at 11.09.39 PM.jpg|thumb]]
'''Time & Venue:'''

@15/Dec/2017

KFC location, Shilparamam, Hi-Tech city, Hyderabad

'''Agenda:'''

1. Planning for Jan 20th 2018 general OWASP meet - '''Done'''

2. Need to clear OWASP mail account - '''Done'''

'''Attendees : Hyderabad OWASP Core Team'''

== Sec-2017 ==
[[File:WhatsApp Image 2017-12-15 at 10.13.27 PM.jpg|thumb]]
'''Time & Venue:'''

@03/Sep/2017

Cafe Coffee day, Road Number 10, Banjara Hills, Hyderabad

'''Below decisions were made after careful discussions'''

1. Uploading of OWASP presentation template, speakers should make use of this template to prepare their presentation

2. Recording the technical demo is mandate for presenters

'''Attendees : Hyderabad OWASP Core Team'''

== July 2017 ==
'''Time & Venue:'''

OpenText Technologies, Building No-14, 3rd Floor, Raheja Mindspace, HITEH City, Hyderabad

Saturday, July 15th, 2017 at 10:30 AM (IST)

'''Agenda:'''

1. Introduction to DevOps and its Tools - Krishna Reddy Pedala

2. API Security Auditing using RESTED Plug-in - Vikas Kumar Pal

'''About the speaker:'''

'''Krishna Reddy Pedala''' is currently working as an Sr.Information Security consultant in financial sector. His previous endeavour was with Microsoft and has 9+ years of experience in Information security domain with expertise in service industry and banking domains.

'''Vikas Kumar Pal''' is an information security professional working with Ceredox Technologies Pvt Ltd, Hyderabad with an interest in research and development in the areas of Application Security, Penetration Testing and Web Application Development.

== Feb 2017 ==

'''Time & Venue:'''

Starbucks, Opp: Cybergateway, HiTech City, Hyderbad

Monday, February 20th, 2017 at 7.30 PM (IST)

'''Agenda:'''

Topic: New Core Team Meeting

Road map for year 2017

Changes in core team members responsibilities

Getting OWASP accounts for core members

Administration of all social accounts of OWASP Hyderabad Chapter

== April 2016 ==
'''Time & Venue:'''

OpenText Technologies, Building No-14, 3rd Floor, Raheja Mindspace, HITEH City, Hyderabad

Saturday, April 2nd, 2016 at 10:30 AM (IST)

'''Agenda:'''

Topic: Mobile application security and testing by Satish Kumar Patnaik

About the speaker - Satish Kumar Patnayak : he is currently working as an Senior Information Security Consultant financial sector and has 5+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. His areas of interest are android security, ios security.

==February 2016==

'''Time & Venue:'''

Saturday, February 27th, 2016 at 10:30 AM (IST)

Location: Pramati Technologies Private Limited, Mid Town 6-3-348 Road No. 1, Banjara Hills, Hyderabad, Telangana, India

'''Agenda:'''

Microsoft Threat Modeling Tool 2016 by Krishna Reddy Padala

Creating DFD STRIDE Model Identifying STRIDE Threats by DFD, Mitigation Techniques and Technologies

'''About the speaker:''' Krishna Reddy Padala, he is currently working as an Senior Information Security Consultant financial sectore and worked with Microsoft and has 8+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. QUALYS GUARD Certified Vulnerability Management Specialist.Certified Ethical Hacker from EC Council.Worked extensively on Web Application Security, Secure Code Reviews in Banking & Financial, Healthcare, Retail, Logistics domains.

== '''Previous Meets:''' ==

==May 11, 2013==

'''Venue:'''

CA Technologies, 115, IT Park Area, Nanakramguda, Gachibowli - (Phone - 040 6687 8000), Hyderabad

'''Agenda:''' Exploiting Java 0-day by Ravindra and Raghuveer, CA Technologies Compliance and Governance by Shalem Raj, Cognizant.

==February 9, 2013==

'''Date & Time: Saturday, February 9, 2013 from 10:00 AM to 1:00 PM '''

'''Venue:'''
CA Technologies 
115, IT Park Area 
Nanakramguda, Gachibowli - (Phone - 040 6687 8000) 
Hyderabad

'''Agenda:'''
IBM Appscan - An automated approach to web app security by Rohit Tamma 
Insecure Storage in iPhone applications by Satish Bommisetty

''' Speakers: '''

'''Rohit Tamma'''
Rohit Tamma has been working in the field of Application Security since 3.5 years. He has experience in Vulnerability Assessments and Penetration Testing of web applications. He is passionate about Mobile security with special interest in Android security. He is currently working with ADP.

'''Satish Bommisetty'''
Satish is an Information Security Professional with 6.5 years of experience in penetration testing of web applications and mobile applications. He is currently working with ADP as a security analyst. He is a Facebook whitehat. He also reported vulnerabilities in Bing, Linkedin and Paypal.

== October 27, 2012 ==

'''Date & Time: Saturday, October 27, 2012 at 11:00 AM (IST) '''.

'''Venue:'''

Invesco private Limited 
15th Floor , North Block, Beside Raidurg Police Station 
DivyaSree Orion SEZ 
Hyderabad, Andhra Pradesh 500032 

'''Agenda:'''

A bird'd eye view of securing Web Applications by Imran Mohammed

SSDLC BSIMM by M S Sripathi

''' Speakers '''

'''Imran Mohammed'''

Mohammed Imran works as Researcher at TCS, Innovation Labs. He also leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Imran is a CEH and his interests include application security assessment, penetration testing and secure code review. When not at work he practices horse riding and marksmanship.

'''Sreepati M S '''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him .

'''Sponsor'''

Invesco Pvt Ltd

== August 11, 2012 ==

'''Date & Time: Saturday, Aug 11, 2012 at 10:30 AM '''.

'''Venue:'''

ADP pvt ltd 
Kothaguda 
Ground floor, Block C Laxmi cyber city Opposite TCS e-park 
Hyderabad, Andhra Pradesh 500081 

'''Agenda:'''

HTML5 Security Part II by Krishna Chaitanya

''' Speakers '''

'''Krishna Chaitanya T'''

Krishna Chaitanya T is a web geek working at Security & Privacy Research Lab, Infosys Labs. He is very much passionate about the web with special interest on Web security and areas such as HTML5, JavaScript, Web browsers, social networking platforms etc. He is a regular blogger and speaker at technical events. For his contributions to technical communities, he has been awarded Microsoft MVP award for 3 consecutive years-ASP.NET MVP(2010) and Internet Explorer MVP (2011, 2012). He is also pursuing M.S by Research at IIIT-Hyd with focus on security aspects of the modern web. When not at work he practices Yoga and plays Chess.

'''Sponsor'''

https://www.owasp.org/images/9/91/Adp.jpg

== May 19, 2012 ==

'''Date & Time: Saturday, May 19, 2012 at 10:30 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

HTML5 Security by Krishna Chaitanya

''' Speakers '''

'''Krishna Chaitanya T'''

Krishna Chaitanya T is a web geek working at Security & Privacy Research Lab, Infosys Labs. He is very much passionate about the web with special interest on Web security and areas such as HTML5, JavaScript, Web browsers, social networking platforms etc. He is a regular blogger and speaker at technical events. For his contributions to technical communities, he has been awarded Microsoft MVP award for 3 consecutive years-ASP.NET MVP(2010) and Internet Explorer MVP (2011, 2012). He is also pursuing M.S by Research at IIIT-Hyd with focus on security aspects of the modern web. When not at work he practices Yoga and plays Chess.

== February 25, 2012 ==

'''Date & Time: Saturday, February 25, 2012 at 11:00 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

How to find zero days in web applications by Imran & Raghunath

''' Speakers '''

'''Mohammed Imran'''

Imran works as Application Security Researcher at Tata consultancy services,leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Apart from his day job he contributes to matriux and Fedora open source projects. Imran is a CEH and his interests include application security assessment, penetration testing and code review.

'''Raghunath'''

Raghunath works as a senior security engineer at entersoft information systems private limited. His interests include web application penetration testing.

== December 17, 2011 ==

'''Date & Time: Saturday, at 10:30 AM '''.

'''Venue: '''

Hotel Sitara Grand 
Road No.12, Road No.12, Banjara Hills 
Hyderabad, Andhra Pradesh 500034, India 

'''Agenda:'''

Cloud Security by Arshad Noor

''' Speakers '''

'''Arshad Noor'''
Chief Technology Officer
StrongAuth, Inc., Sunnyvale, California

Started his great profession as a senior systems designer way back in 1986 at Port Authority of Newyork and New Jersey,- Newyork and worked in Citibank - newyork as Vice President apart from Newyork Life Insurance, BASF Corporation, Sun IT ,Sun Microsystems, INC to name.
Architected and built several Public Key Infrastructure (PKI) assignments for several defense, communication, medical, Banking, e-commerce, life sciences and other industries.

== November 12, 2011==

'''Date & Time: Saturday, at 10:30 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

HP WebInspect by Rohit Tamma

Pentesting Iphone Applications By B Satish

''' Speakers '''

'''Rohit Tamma'''

Rohit Tamma (CEH) has been working as a Application security Analyst in TCS from past 2 years. His job responsibilities include Vulnerability Assessment and Penetration Testing which enabled him to acquire extensive knowledge on HP WebInspect,IBM Rational Appscan Source Edition and HP Assessment Management Platform. Recently he also gave a presentation in Null Hyderabad meet on HP WebInspect.

'''Satish B'''

Satish has been working as a web application penetration tester since 5 years. Pentested over 200 web applications during this period. Recently he got involved in reverse engineering of binaries, WLAN security and mobile application hacking. He also Performed a couple of network assessments and source code reviews. Developed a compiler in the early stage of the career. He has a Bachelor’s Degree in Computer Science from JNTU, Hyderabad.Passionate about hacking and sharing knowledge.

== 20th August 2011 ==

'''Date & Time: Saturady, at 11 AM '''

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

Oracle Padding Attack by B. Satish

Open SAM part II by Sripati MS

''' Speakers '''

'''B Satish'''

I have been working as a web application penetration tester since 5 years. Pentested over 200 web applications during this period. Recently got involved in reverse engineering of binaries, WLAN security and mobile application hacking. Performed a couple of network assessments and source code reviews. Developed a compiler in the early stage of the career. I have a Bachelor’s Degree in Computer Science from JNTU, Hyderabad. Passionate about hacking and sharing knowledge

'''Sreepati M S'''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him

== July 2011 ==

'''Date: 23/07/2011 saturady of at 12:00 Noon '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

Presentation on Burp Suite by Omair Seminar on Open SAM by Sreepati

''' Speakers '''

'''Sreepati M S '''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him

 

'''Omair '''

Omair works as penetration tester in NII consulting, has over 5 years of experience in Penetration testing. His interests include Network Penetration testing, Exploit generation and Reverse engineering

 ''' Facility Sponsor & Refreshment sponsor'''

3i Infotech

[[Image:3i Infotech.png]]

 

== june 2011 ==

'''Meet on:''' 11/06/2011 saturday

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Facility Sponsor & Refreshment sponsor''' 

Cognizant Technology Solutions

 

[[Image:Cognizant.png|273x86px|Cognizant.png]]

 

== May 2011 ==

'''Meet on:''' 07/05/2011 saturday

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

XSS Autopsy and w3af by Imran

''' Speakers '''

'''Mohammed Imran'''

Imran works as Application Security Researcher at Tata consultancy services,leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Apart from his day job he contributes to matriux and Fedora open source projects. Imran is a CEH and his interests include application security assessment, penetration testing and code review.

'''Sponsor''' 

Cognizant Technology Solutions

 

==== Audio/Video/Slides Archive ====

<paypal>Hyderabad</paypal>

__NOTOC__ <headertabs></headertabs>

[[Category:OWASP_Chapter]]
[[Category:Asia/Pacific/Middle East]]
[[Category:India]]
[[Category:Hyderabad]]

Hyderabad

2019-11-14T17:34:47Z

Raj Shalem: /* Nov - 2019 - OWASP Day Workshop */

Welcome to the OWASP Hyderabad chapter homepage.

== OWASP - Hyderabad Chapter Board Members ==
Scope of the board is to discuss and approve local activities, meetings and plans.The board meetings will be announced at a later date. 

'''The board currently includes the following members :'''
* '''OWASP Hyderabad chapter: 'Core Team'''' (Members since 2017) [mailto:gshalemraj@gmail.com Shalem Raj - Cognizant Technology Solutions] : Chapter Leader [mailto:rajesh.gopal@owasp.org Rajesh Gopal - Fortune 500 Organisation] [mailto:bhaskar.puppala@owasp.org Bhaskar Puppala - Fortune 500 Organisation] [mailto:sathya.achanta@owasp.org Achanta Sathya Phani Bapi Raju - CSC] [mailto:saikrishna.gobburi@owasp.org Saikrishna Gobburi - Pramati Technologies Pvt Ltd] 
* '''OWASP Hyderabad chapter: 'Advisory Group'''' (Members since Mar-2019)
# Vasudeva Aremanda - Genpact
# Riyaz Shaik - FX Labs
# Krishna Chaitanya Suraparaju - Cycops (Founder)
Information about future meets can be seen in the '''''Upcoming Meetings''''' section below.

== '''Location Details''' ==

Hyderabad is the capital of southern India's Telangana state. A major center for the technology industry, it's home to many upscale restaurants and shops. Its historic sites include Golconda Fort, a former diamond-trading center that was once the Qutb Shahi dynastic capital. The Charminar, a 16th-century mosque whose 4 arches support towering minarets, is an old city landmark near the long-standing Laad Bazaar.

[[File:Hydskyline.jpg|Panorama of Hyderabad, as seen from the Hussain Sagar lake. Source: https://en.wikipedia.org/wiki/Hyderabad#/media/File:Hydskyline.jpg|center|1150x1150px]]

More details about Hyderabad location available @https://en.wikipedia.org/wiki/Hyderabad<nowiki/>{{Chapter Template|chaptername=Hyderabad|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-hyderabad|emailarchives=http://lists.owasp.org/pipermail/owasp-hyderabad}}
== Participants ==

OWASP Local Chapter meetings are free and open. Our chapter's meetings are informal and encourage open discussion of all aspects of application security. Anyone in our area interested in web application security is welcome to attend. We encourage attendees to give short presentations about specific topics.

 Stay Updated

'''[https://lists.owasp.org/mailman/listinfo/owasp-hyderabad Click here to join the local chapter mailing list]'''

'''Follow''' OWASP Hyderabad on your favorite social media sites:

[[Image:Twitter mini.png|link=http://twitter.com/OWASPHyderabad]] [[Image:Facebook mini.png|link=https://www.facebook.com/pages/Owasp-Hyderabad/181569591897591]]

'''Share''' OWASP Hyderabad on your favorite social media sites:

Presentations are invited from speakers, Please contacts us at our Telegram Group @https://goo.gl/EHqdLM

(Don't share personal details like contact numbers here, because its an open group, your privacy is our concern)

Presenters are encouraged to use OWASP presentation template for slides preparation.

Follow us at our Telegram, Twitter and Facebook handles to get latest information !

== Presentations and Training[edit | edit source] ==
OWASP Track

[https://www.owasp.org/index.php/Speaker_Agreement Speaker Agreement]

[https://www.owasp.org/images/b/b3/OWASP_Presentation_Template_v2.zip Presentation Template]

[https://www.owasp.org/index.php/Image:CFP_template.doc Call For Papers Template]

[https://www.owasp.org/images/8/85/OWASP_CFT_Template-1-.doc Call For Training proposal template].

[http://www.owasp.org/images/4/4b/SAMPLE_Training_Instructor_Agreement.doc Training Instructor Agreement]

== '''Upcoming Meetings & Events''' ==
''Stay tuned for 2019 updates - Exciting activities are under plan !''

== [[Meeting]] Details: ==

== Nov - 2019 - OWASP Day Workshop ==
'''Organized''' '''by''' : Broadridge Financial Solutions (India) Private Limited

'''Date :''' '''23/Nov/2019'''

'''Event :''' 10.00 AM to 06.00 PM IST

'''Venue :''' '''Salesforce India Private Limited''' Block 5, DivyaSree Orion IT/ITES SEZ Survey 66/1 Panmakhta, Raidurg Village Serilingampally Mandal, Ranga Reddy District Hyderabad (Telangana) 500 032 India

'''Registration Link:''' https://www.meraevents.com/previewevent?view=preview&eventId=218015
[[File:Nov-2019_Details.jpg|right|frameless]]
{| class="wikitable sortable"
!'''Session Details:''' '''OWASP Day workshop''' '''By "Dr. Phillippe De Ryck"'''
|-
!Founder of Pragmatic Web Security, Google Developer Expert
|-
!Social media profiles of Speaker :
Twitter: https://twitter.com/PhilippeDeRyck

LinkedIn: https://www.linkedin.com/in/PhilippeDeRyck/

Github: https://github.com/philippederyck/
|-
!
|}
'''Agenda :'''

Welcome and Overview by OWASP Core Team

Welcome note by Salesforce Information Security team
* The security model of the web
* Security fundamentals for HTTP applications
* Lab sessions
* Server-side Injection vulnerabilities
* Lunch Break
* Understanding XSS attacks and defenses
* Lab sessions
* Q&A and conclusion
* Vote of Thanks
* Closing: Network Business / Announce Next Meeting – By OWASP Team
* Meeting Concludes: Network Social

'''Directions to Venue:''' <nowiki>https://www.google.com/maps/dir//Salesforce,+Block+5,+DivyaSree+Orion+IT%2FITES+SEZ,+Survey+66%2F1+Panmakhta,+Raidurg+Village,+Serilingampally+Mandal,+Ranga+Reddy+District,+Hyderabad,+Telangana+500032/@17.4225721,78.3081909,12z/data=!3m1!4b1!4m8!4m7!1m0!1m5!1m1!1s0x3bcb93dd89703335:0x24e910c91683c283!2m2!1d78.3782314!2d17.4225843</nowiki>

== Aug - 2019 - One-Day Conference ==
'''Organized''' '''by''' : Broadridge Financial Solutions (India) Private Limited

'''Date :''' '''31/Aug/2019'''

'''Timings :''' 9.00 AM Registration starts

'''Event :''' 10.00 AM to 06.00 PM IST

'''Venue :''' '''Broadridge Financial Solutions (India) Private Limited''', Adjacent to Cyber Towers, Hi-Tec City, Madhapur | Hyderabad 500081 Telangana

'''Registration Link:''' https://www.meraevents.com/event/owasp-hyderabad-august-meet-2019
{| class="wikitable"
|'''Registration & Networking'''
|-
|Welcome and Overview by OWASP Core Team : Welcome note by Broadridge Team
|-
|'''Azure Secure Devops Kit (AzSK)''' – By Sartaj Shaik : Sartaj is pen-tester and Security adviser with 6 + years of experience in Bug bounty and Security adviser associated with HCL and Aveva. A motivational speaker and MCU enthusiast (Inspired by Iron Man)
|-
|Refreshments / Tea Break
|-
|'''IOT (Internet of Things) Security (WiFi and Bluetooth hooks)''' – By Satish Rao : Satish Rao is an IoT Enthusiast , He have M.Tech in Computer Science and working in Oracle India Pvt Ltd in the role of Security Program Manager , having 14 years of Software Industry Experience. Linkendin : <nowiki>https://www.linkedin.com/in/satishraop/</nowiki>
|-
|'''Secure Code Review''' – By Raghav : Raghav has over 11 years of experience in Development and Application Security. In his current role at Broadridge he has been involved in vulnerability assessments, secure code reviews, design reviews, providing remediation support and mentoring. He also conducted several security awareness sessions to the development community.
|-
|'''Networking Lunch'''
|-
|'''AndroGoat in Kotlin (A damn vulnerable mobile App)''' – By Satish Patnayak : 9 years of broad industry experience , Information Security Consultant , researcher , Bug bounty hunter and blogger. AndroGoat is developed by Satish and dedicated the app to OWASP. Twitter : @satish_patnayak
|-
|'''Refreshments / Tea Break'''
|-
|'''Third Party Libraries - Impact and Analysis''' By Niranjan T, Sarwar J
Speakers Profile:
a) Niranjan T, is working as a Technology Lead at Broadridge, with 7 years of experience in multiple security domains such as Application Security, Infrastructure Security, Mobile Security etc.
b) Sarwar J, is working as a Senior Product Security Analyst at Broadridge, who is passionate about learning and sharing knowledge with the AppSec community.
|-
|'''Vote of Thanks'''

Closing: Network Business / Announce Next Meeting – By OWASP Team
|-
|Meeting Concludes: ''Network Social''
|}

== Mar - 2019 - One-Day Conference ==
'''Organized''' '''by''' : S&P Global

'''Date :''' '''09/Mar/2019'''

'''Timings :''' 9.00 AM Registration starts

'''Event :''' 10.00 AM to 06.00 PM IST

'''Venue :''' @Ness Software Engineering Services India ,LLP, '''4th Floor, Block 5, East Tower,''' '''North wing Divyasree NSL Infrastructure Pvt''', ,Sy No.66/1, Raidurgam Village, Serlingampally Mandal, RR Dist, Hyderabad-500032, Telangana, India

'''Registration Link:''' https://www.meraevents.com/event/owasp-hyderabad-chapter-march-2019-oneday-meet-by-sandp-global
{| class="wikitable"
|'''Registration & Networking'''
|-
|Welcome and Overview by OWASP Core Team:

''Felicitation to Guest of Honor: '''G Janaki Sharmila''' - Dy. Commissioner of Police - Crime''

http://www.cyberabadpolice.gov.in/crime-wing/dcp-crimes.html

''Welcome note by S&P Global Team''
|-
|'''Authentication in API, Microservices Architecture''' '''and Cloud Security''' – By ''Varun Kumar Srivastava'':

Varun is principal Engineer with 9 + years of experience in developing and securing web applications and expertise in Application Security, Identity and Access management, He is a computer science graduate from IIT
|-
|Refreshments / Tea Break
|-
|'''''Panel Discussion''''' ''(Cybersecurity Readiness – Maturity and Capability)''

Dr. Bheemarjuna Reddy Tamma - Associate Professor, IIT Hyderabad - https://www.iith.ac.in/~tbr/

Dr. V. Radha, Associate Professor, Institute for Development and Research in Banking Technology (IDRBT) - http://idrbt.ac.in/vradha.html

Mr. Veeraindhra Dinker, Director Information Security at GSS Infotech Hyderabad - https://www.linkedin.com/in/vdinker

Mr. Venu Rao , Founder and CEO - We Secure App - https://www.linkedin.com/in/venu-rao-wsa
|-
|'''Networking Lunch -'''

'''Registrations for Onsite Hackathon by Secure Code Warrior'''
|-
|'''Executive Briefing: Secure Software Development''' – By Satish Kumar Vadlakonda: Satish is Associate Director with 12 + years of broad industry experience in to software design, architecture and development. Specialized in Web and Windows applications development with a strong acquaintance to the best practices of Agile, UX, UI and Information security
|-
|'''An Introduction to IOT firmware analysis and Security''' – By ''Vivek Rengarajan:''

Vivek is a cybersecurity team leader in a multinational bank with almost 18 years of experience. He has held varied roles in his career and has been a cyber security enthusiast for a long time. His areas of interest include mobile and ioT security, Malware analysis and reverse engineering and exploit development. He tweets at @vivek_310
|-
|Refreshments / Tea Break
|-
|'''''Onsite Hackathon (CTF) by''''' '''''Secure Code Warrior''': '''(3 Hours)'''''[[File:SCW LOGO.png|thumb]]

''Secure Code Warrior is a global security company that makes software development better and more secure: Gamified competitive Developer Quality Assurance platform''

https://securecodewarrior.com , https://insights.securecodewarrior.com

'''Announcement of the winners and Prize distribution:'''

'''The participants can form a group up to 3 members each or can participate individually'''

Watch as you climb to the top of the leaderboard and be crowned the ‘Secure Code Warrior.’ We are giving away prizes:

The following are prizes :

· 1st - 3x t-shirt, Rs. 3001 Amazon voucher each from '''SCW''' and 9000 Amazon gift card from '''S&P Global'''

· 2nd - 3x t-shirt from '''SCW''' – 5000 Amazon gift card from '''S&P Global'''

· 3rd - 3x t-shirt from '''SCW''' – 3000 Amazon gift card from '''S&P Global'''
|-
|'''Vote of Thanks'''

Closing: Network Business / Announce Next Meeting – By OWASP Team
|-
|Meeting Concludes: ''Network Social''
|}

== Dec - 2018 ==
[[File:Session Photo.jpg|thumb]]
[[File:Group Photo.jpg|thumb]]
'''Organized''' '''by''' : ThoughtWorks Technologies Private Limited

'''Date :''' 15/Dec/2018

'''Timings :''' 10.00 AM to 1.00 PM IST

'''Venue :''' ThoughtWorks Technologies Private Limited, Hyderabad, Telangana, India

'''Registration Link:''' https://www.eventbrite.com/e/owasp-hyderabad-december-2018-chapter-meet-tickets-53371662078#

'''Agenda:'''

'''1) All about Java Deserialization Vulnerability'''

Java Deserialization of untrusted data has been a security buzzword for the past couple of years with almost every application using native Java serialization framework being vulnerable to Java deserialization attacks. Since it's inception, there have been many scattered attempts to come up with a solution to best address this flaw. In this talk we will focus on Java deserialization vulnerability and mitigation framework provided by Oracle in its latest JDK.

'''About Speakers:''' Venkata Suresh Sanga is a Principle Security Engineer in Oracle having more than 13+ years of experience in Application Development and Security. Currently working on SAST Tools to remediate or mitigate the Application Vulnerabilities. He has Masters in Computer Science (M.Tech) from Andhra University. Linkedin : <nowiki>https://in.linkedin.com/in/svsuresh-appse</nowiki>

'''Our Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Our Twitter URL:''' https://twitter.com/owasphyderabad

'''Our Telegram URL:''' https://goo.gl/EHqdLM

== Sept-2018 - One-Day Conference ==
'''Organized''' '''by''' : S&P Global and Ness

'''Date :''' 01/Sept/2018

'''Timings :''' 10.00 AM to 05.30 PM IST

'''Venue :''' @Ness Software Engineering Services India ,LLP, 4th Floor, Block 5, East Tower, '''North wing Divyasree NSL Infrastructure Pvt''', ,Sy No.66/1, Raidurgam Village, Serlingampally Mandal, RR Dist, Hyderabad-500032, Telangana, India

'''Registration Link:'''

https://www.meraevents.com/event/owasp-hyderabad-september-2018-chapter-meet?ucode=organizer

'''Agenda:'''
{| class="wikitable"
|'''Registration & Networking'''
|-
|Welcome and Overview by OWASP Core Team

Welcome note by S&P Global Team

Welcome & Overview of Meeting by OWASP Network Representative
|-
|'''Running Frida on jailed devices by using Frida and to bypass root/jailbreak detection – By Satish Kumar Patnayak'''

About Speaker : Information Security Consultant with 7+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. His areas of interest are android security, ios security
|-
|Refreshments / Tea Break
|-
|'''SSRF Exploit Development – By Aayush Deo'''

About Speaker : Good industry experience in information security and completed my BE from PUNE University. Have worked with shopclues.com, an eCommerce company in the past and have couple of Hall of Fame’s on ZETA, Paytm etc.
|-
|Networking Lunch
|-
|'''Mobile Vulnerabilities worth Millions - Pentesting and Securing iOS Apps using OWASP iGoat – By Swaroop Deepak Yermalkar'''

About Speaker : works as Sr Security Engineer with a diverse skill set focused on Mobile App Pentest, Web, API and AWS Pentesting. In addition he has authored the popular book “Learning iOS Pentesting” (<nowiki>https://goo.gl/T8jvjJ</nowiki>) and lead an open source project - OWASP iGoat (<nowiki>https://github.com/OWASP/iGoat-Swift</nowiki>) which is developed for mobile security. He is one of the top bug bounty researchers worldwide, working with Cobalt.io (<nowiki>https://app.cobalt.io/swaroopsy</nowiki>), Synack.inc.

He has given talks and workshops at many security conferences including AppSec USA 2017, BruCON, SEC-T, EuropeanSec, Hacks in Taiwan (HITCON), GroundZero, c0c0n, 0x90, GNUnify
|-
|'''OS Command Injection - Observation, Attack & Analysis (A1 - OWASP Top 10 2017) - By Bhaskar Puppala and Saikrishna Gobburi'''

About Speaker: Bhaskar Puppala is an Information Security Professional, working as a consultant for a fortune 500 company and has 8.5 years of experience. He is more interested in application security area and love to share his knowledge when possible. He also has some experience in bug bounty programs and listed on couple of Security Hall of Fames.

For more details please visit : <nowiki>https://in.linkedin.com/in/bhaskar-puppala-3bb11316</nowiki>

About Speaker: Saikrishna Gobburi has around 8.5 years of work experience on QA automation, performance and security testing .Currently he is working as Principal engineer with Pramati technologies. He is also associated as core member with OWASP-Hyderabad.

For more details please visit: <nowiki>https://www.linkedin.com/in/saikrishna-gobburi-b0088118/</nowiki>
|-
|Refreshments / Tea Break
|-
|Panel Discussion – Corporate attack methodology vs Attacks in the wild (Resource pool: Demand vs Supply)
Panel to be announced
|-
|Closing - Network Business / Announce Next Meeting – By OWASP Team
|-
|''Network Social''
|}
'''Sponsor :'''
{| class="wikitable"
![[File:Session_Photos.jpg|thumb|S and P]]
![[File:Session_Photos1.jpg|thumb|S and P]]
![[File:Session_Photos2.jpg|thumb|S and P]]
|} [[File:SP.png|frameless|168x168px]]
== July - 2018[edit | edit source] ==
'''Time & Venue:'''
[[File:July 2018 Core Team meet.jpg|thumb|July 2018 Core Team Meet]]
@28/July/2018

CCD, Banjara Hills, Hyderabad, Telangana.

'''Agenda:'''

1. Planning for Sep 2018 OWASP meet - '''Done'''

2. Telegraph Group Mentoring - '''Done'''

3. Speakers Finalizing - '''Done'''

'''Attendees : Hyderabad OWASP Core Team'''

[[File:CoMakeIT - June 2018 Meet Pic 2.jpg|thumb|CoMakeIT - June 2018 Meet]]

== June - 2018 ==
[[File:CoMakeIT - June 2018 Meet.jpg|alt=CoMakeIT - June 2018 Meet|thumb|CoMakeIT - June 2018 Meet]]
'''Venue: coMakeIT Software Pvt Ltd'''

Address: 7th Floor, Block-I, My Home Hub, Hitech City, Madhapur, Hyderabad, INDIA

'''Event Start Time:''' Saturday, 23rd June, 2018 at 10:00 AM (IST)

'''Event Registration URL''': https://tinyurl.com/yc9cb6hg

'''Agenda:'''

'''1) Adapting to DevSecOps in Agile World'''

In this talk, speaker will try talk about basics of DevSecOps and its benefits when we integrate it in Agile SDLC space.

'''2) Understanding the internals of 'Server-Side Request Forgery' (SSRF)'''

Here speaker will try to touch the basics about how application communicates with end devices and using the same he will try to explain SSRF issue and criticality of it, if exploited.

'''About Speakers:'''

'''1) Saikrishna Gobburi''' has around 8.5 years of work experience on QA automation, performance and security testing .Currently he is working as Principle engineer with Pramati technologies. He is also associated as core member with OWASP-Hyderabad. For more details please visit: <nowiki>https://www.linkedin.com/in/saikrishna-gobburi-b0088118/</nowiki>

'''2) Bhaskar Puppala''' is an Information Security Professional, working as a consultant for a fortune 500 company and has 8.5 years of experience. He is more interested in application security area and love to share his knowledge when possible. He also has some experience in bug bounty programs and listed on couple of Security Hall of Fames. For more details please visit : <nowiki>https://in.linkedin.com/in/bhaskar-puppala-3bb11316</nowiki>

'''Our Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Our Twitter URL:''' https://twitter.com/owasphyderabad

'''Our Telegram URL:''' https://goo.gl/EHqdLM

== Mar - 2018 ==
[[File:Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet.jpg|alt=Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet|thumb|Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet]]
'''Venue: Daspalla Hotel'''
[[File:Daspalla_Hotel_-_Meet.jpg|thumb|Daspalla Hotel Meet - Mar 2018]]

Address: Rd Number 37, CBI Colony, Jubilee Hills, Hyderabad, Telangana 500033, Phone: 040 6654 5678

'''Event Start Time:''' Saturday, 10th Mar, 2018 at 10:00 AM (IST)

'''Agenda:'''

'''1) Does your Pentesting cover all the basis of IT Security ?'''

This talk focuses on how to align the security validation of a web application with the three basic elements of security namely,Confidentiality,Integrity, and Availability (CIA). The test effectiveness can be achieved by analyzing the requirements of each element and identifying the potential breaches that can compromise each element. The efficiency should be built by relating these breaches with the known OWASP Top 10 and other vulnerabilities and, leveraging that knowledge to identify the testing approach - static and dynamic throughout the SDLC.

'''About Speakers:'''

'''Bhushan Gupta''' has over 30 years of experience in software engineering, 23 of which have been in the software industry. Although recognized for his contributions in the areas of software engineering such as agile processes and quality methods and metrics, Bhushan has taken a vigorous interest in web application security and is keen on applying pragmatic software development practices that yield a secure product. He is one of the leaders of the OWASP Portland Chapter. Bhushan has been a speaker, a panelist, and a reviewer for software quality and security organizations. As a change agent, Bhushan volunteers his time and energy for organizations that promote software security and quality. He has a MS degree in Computer Science from New Mexico Institute of Mining and Technology, Socorro, New Mexico, 1985.

'''Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Twitter URL:''' https://twitter.com/owasphyderabad

'''Telegram URL:''' https://goo.gl/EHqdLM

'''Registration URL:''' https://goo.gl/tEXnec

== Feb-2018 ==

=== '''Venue: coMakeIT''' ===
7th Floor, Block-I, My Home Hub, Hitech City, Madhapur, Hyderabad, INDIA

'''Time:''' Saturday, 03rd Feb, 2018 at 10:30 AM (IST)

'''Agenda:'''

1) Mobile Application Pentest & Mobile Application Ransomware

2) Using Static Analyser tools while coding

'''About Speakers:'''

1) '''Spv Reddy''' is an Application Security Analyst at '''IMImobile Pvt Ltd''', member of '''National Technical Committee Member''' at National Cyber Safety and Security Standards

Also a '''Steering Committee Lead''' Member in National Information Security Summit.

2) '''Dathu Rachapudi''' is having 9 years of experience with 6+ years into Application Security only. He is currently working with '''ValueLabs''' as a “Technical Lead-Security”

He likes to teach and a happy a bug hunter during his leisure time.

== Dec-2017 ==
[[File:WhatsApp Image 2017-12-15 at 11.09.39 PM.jpg|thumb]]
'''Time & Venue:'''

@15/Dec/2017

KFC location, Shilparamam, Hi-Tech city, Hyderabad

'''Agenda:'''

1. Planning for Jan 20th 2018 general OWASP meet - '''Done'''

2. Need to clear OWASP mail account - '''Done'''

'''Attendees : Hyderabad OWASP Core Team'''

== Sec-2017 ==
[[File:WhatsApp Image 2017-12-15 at 10.13.27 PM.jpg|thumb]]
'''Time & Venue:'''

@03/Sep/2017

Cafe Coffee day, Road Number 10, Banjara Hills, Hyderabad

'''Below decisions were made after careful discussions'''

1. Uploading of OWASP presentation template, speakers should make use of this template to prepare their presentation

2. Recording the technical demo is mandate for presenters

'''Attendees : Hyderabad OWASP Core Team'''

== July 2017 ==
'''Time & Venue:'''

OpenText Technologies, Building No-14, 3rd Floor, Raheja Mindspace, HITEH City, Hyderabad

Saturday, July 15th, 2017 at 10:30 AM (IST)

'''Agenda:'''

1. Introduction to DevOps and its Tools - Krishna Reddy Pedala

2. API Security Auditing using RESTED Plug-in - Vikas Kumar Pal

'''About the speaker:'''

'''Krishna Reddy Pedala''' is currently working as an Sr.Information Security consultant in financial sector. His previous endeavour was with Microsoft and has 9+ years of experience in Information security domain with expertise in service industry and banking domains.

'''Vikas Kumar Pal''' is an information security professional working with Ceredox Technologies Pvt Ltd, Hyderabad with an interest in research and development in the areas of Application Security, Penetration Testing and Web Application Development.

== Feb 2017 ==

'''Time & Venue:'''

Starbucks, Opp: Cybergateway, HiTech City, Hyderbad

Monday, February 20th, 2017 at 7.30 PM (IST)

'''Agenda:'''

Topic: New Core Team Meeting

Road map for year 2017

Changes in core team members responsibilities

Getting OWASP accounts for core members

Administration of all social accounts of OWASP Hyderabad Chapter

== April 2016 ==
'''Time & Venue:'''

OpenText Technologies, Building No-14, 3rd Floor, Raheja Mindspace, HITEH City, Hyderabad

Saturday, April 2nd, 2016 at 10:30 AM (IST)

'''Agenda:'''

Topic: Mobile application security and testing by Satish Kumar Patnaik

About the speaker - Satish Kumar Patnayak : he is currently working as an Senior Information Security Consultant financial sector and has 5+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. His areas of interest are android security, ios security.

==February 2016==

'''Time & Venue:'''

Saturday, February 27th, 2016 at 10:30 AM (IST)

Location: Pramati Technologies Private Limited, Mid Town 6-3-348 Road No. 1, Banjara Hills, Hyderabad, Telangana, India

'''Agenda:'''

Microsoft Threat Modeling Tool 2016 by Krishna Reddy Padala

Creating DFD STRIDE Model Identifying STRIDE Threats by DFD, Mitigation Techniques and Technologies

'''About the speaker:''' Krishna Reddy Padala, he is currently working as an Senior Information Security Consultant financial sectore and worked with Microsoft and has 8+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. QUALYS GUARD Certified Vulnerability Management Specialist.Certified Ethical Hacker from EC Council.Worked extensively on Web Application Security, Secure Code Reviews in Banking & Financial, Healthcare, Retail, Logistics domains.

== '''Previous Meets:''' ==

==May 11, 2013==

'''Venue:'''

CA Technologies, 115, IT Park Area, Nanakramguda, Gachibowli - (Phone - 040 6687 8000), Hyderabad

'''Agenda:''' Exploiting Java 0-day by Ravindra and Raghuveer, CA Technologies Compliance and Governance by Shalem Raj, Cognizant.

==February 9, 2013==

'''Date & Time: Saturday, February 9, 2013 from 10:00 AM to 1:00 PM '''

'''Venue:'''
CA Technologies 
115, IT Park Area 
Nanakramguda, Gachibowli - (Phone - 040 6687 8000) 
Hyderabad

'''Agenda:'''
IBM Appscan - An automated approach to web app security by Rohit Tamma 
Insecure Storage in iPhone applications by Satish Bommisetty

''' Speakers: '''

'''Rohit Tamma'''
Rohit Tamma has been working in the field of Application Security since 3.5 years. He has experience in Vulnerability Assessments and Penetration Testing of web applications. He is passionate about Mobile security with special interest in Android security. He is currently working with ADP.

'''Satish Bommisetty'''
Satish is an Information Security Professional with 6.5 years of experience in penetration testing of web applications and mobile applications. He is currently working with ADP as a security analyst. He is a Facebook whitehat. He also reported vulnerabilities in Bing, Linkedin and Paypal.

== October 27, 2012 ==

'''Date & Time: Saturday, October 27, 2012 at 11:00 AM (IST) '''.

'''Venue:'''

Invesco private Limited 
15th Floor , North Block, Beside Raidurg Police Station 
DivyaSree Orion SEZ 
Hyderabad, Andhra Pradesh 500032 

'''Agenda:'''

A bird'd eye view of securing Web Applications by Imran Mohammed

SSDLC BSIMM by M S Sripathi

''' Speakers '''

'''Imran Mohammed'''

Mohammed Imran works as Researcher at TCS, Innovation Labs. He also leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Imran is a CEH and his interests include application security assessment, penetration testing and secure code review. When not at work he practices horse riding and marksmanship.

'''Sreepati M S '''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him .

'''Sponsor'''

Invesco Pvt Ltd

== August 11, 2012 ==

'''Date & Time: Saturday, Aug 11, 2012 at 10:30 AM '''.

'''Venue:'''

ADP pvt ltd 
Kothaguda 
Ground floor, Block C Laxmi cyber city Opposite TCS e-park 
Hyderabad, Andhra Pradesh 500081 

'''Agenda:'''

HTML5 Security Part II by Krishna Chaitanya

''' Speakers '''

'''Krishna Chaitanya T'''

Krishna Chaitanya T is a web geek working at Security & Privacy Research Lab, Infosys Labs. He is very much passionate about the web with special interest on Web security and areas such as HTML5, JavaScript, Web browsers, social networking platforms etc. He is a regular blogger and speaker at technical events. For his contributions to technical communities, he has been awarded Microsoft MVP award for 3 consecutive years-ASP.NET MVP(2010) and Internet Explorer MVP (2011, 2012). He is also pursuing M.S by Research at IIIT-Hyd with focus on security aspects of the modern web. When not at work he practices Yoga and plays Chess.

'''Sponsor'''

https://www.owasp.org/images/9/91/Adp.jpg

== May 19, 2012 ==

'''Date & Time: Saturday, May 19, 2012 at 10:30 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

HTML5 Security by Krishna Chaitanya

''' Speakers '''

'''Krishna Chaitanya T'''

Krishna Chaitanya T is a web geek working at Security & Privacy Research Lab, Infosys Labs. He is very much passionate about the web with special interest on Web security and areas such as HTML5, JavaScript, Web browsers, social networking platforms etc. He is a regular blogger and speaker at technical events. For his contributions to technical communities, he has been awarded Microsoft MVP award for 3 consecutive years-ASP.NET MVP(2010) and Internet Explorer MVP (2011, 2012). He is also pursuing M.S by Research at IIIT-Hyd with focus on security aspects of the modern web. When not at work he practices Yoga and plays Chess.

== February 25, 2012 ==

'''Date & Time: Saturday, February 25, 2012 at 11:00 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

How to find zero days in web applications by Imran & Raghunath

''' Speakers '''

'''Mohammed Imran'''

Imran works as Application Security Researcher at Tata consultancy services,leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Apart from his day job he contributes to matriux and Fedora open source projects. Imran is a CEH and his interests include application security assessment, penetration testing and code review.

'''Raghunath'''

Raghunath works as a senior security engineer at entersoft information systems private limited. His interests include web application penetration testing.

== December 17, 2011 ==

'''Date & Time: Saturday, at 10:30 AM '''.

'''Venue: '''

Hotel Sitara Grand 
Road No.12, Road No.12, Banjara Hills 
Hyderabad, Andhra Pradesh 500034, India 

'''Agenda:'''

Cloud Security by Arshad Noor

''' Speakers '''

'''Arshad Noor'''
Chief Technology Officer
StrongAuth, Inc., Sunnyvale, California

Started his great profession as a senior systems designer way back in 1986 at Port Authority of Newyork and New Jersey,- Newyork and worked in Citibank - newyork as Vice President apart from Newyork Life Insurance, BASF Corporation, Sun IT ,Sun Microsystems, INC to name.
Architected and built several Public Key Infrastructure (PKI) assignments for several defense, communication, medical, Banking, e-commerce, life sciences and other industries.

== November 12, 2011==

'''Date & Time: Saturday, at 10:30 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

HP WebInspect by Rohit Tamma

Pentesting Iphone Applications By B Satish

''' Speakers '''

'''Rohit Tamma'''

Rohit Tamma (CEH) has been working as a Application security Analyst in TCS from past 2 years. His job responsibilities include Vulnerability Assessment and Penetration Testing which enabled him to acquire extensive knowledge on HP WebInspect,IBM Rational Appscan Source Edition and HP Assessment Management Platform. Recently he also gave a presentation in Null Hyderabad meet on HP WebInspect.

'''Satish B'''

Satish has been working as a web application penetration tester since 5 years. Pentested over 200 web applications during this period. Recently he got involved in reverse engineering of binaries, WLAN security and mobile application hacking. He also Performed a couple of network assessments and source code reviews. Developed a compiler in the early stage of the career. He has a Bachelor’s Degree in Computer Science from JNTU, Hyderabad.Passionate about hacking and sharing knowledge.

== 20th August 2011 ==

'''Date & Time: Saturady, at 11 AM '''

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

Oracle Padding Attack by B. Satish

Open SAM part II by Sripati MS

''' Speakers '''

'''B Satish'''

I have been working as a web application penetration tester since 5 years. Pentested over 200 web applications during this period. Recently got involved in reverse engineering of binaries, WLAN security and mobile application hacking. Performed a couple of network assessments and source code reviews. Developed a compiler in the early stage of the career. I have a Bachelor’s Degree in Computer Science from JNTU, Hyderabad. Passionate about hacking and sharing knowledge

'''Sreepati M S'''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him

== July 2011 ==

'''Date: 23/07/2011 saturady of at 12:00 Noon '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

Presentation on Burp Suite by Omair Seminar on Open SAM by Sreepati

''' Speakers '''

'''Sreepati M S '''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him

 

'''Omair '''

Omair works as penetration tester in NII consulting, has over 5 years of experience in Penetration testing. His interests include Network Penetration testing, Exploit generation and Reverse engineering

 ''' Facility Sponsor & Refreshment sponsor'''

3i Infotech

[[Image:3i Infotech.png]]

 

== june 2011 ==

'''Meet on:''' 11/06/2011 saturday

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Facility Sponsor & Refreshment sponsor''' 

Cognizant Technology Solutions

 

[[Image:Cognizant.png|273x86px|Cognizant.png]]

 

== May 2011 ==

'''Meet on:''' 07/05/2011 saturday

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

XSS Autopsy and w3af by Imran

''' Speakers '''

'''Mohammed Imran'''

Imran works as Application Security Researcher at Tata consultancy services,leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Apart from his day job he contributes to matriux and Fedora open source projects. Imran is a CEH and his interests include application security assessment, penetration testing and code review.

'''Sponsor''' 

Cognizant Technology Solutions

 

==== Audio/Video/Slides Archive ====

<paypal>Hyderabad</paypal>

__NOTOC__ <headertabs></headertabs>

[[Category:OWASP_Chapter]]
[[Category:Asia/Pacific/Middle East]]
[[Category:India]]
[[Category:Hyderabad]]

Hyderabad

2019-11-14T17:30:13Z

Raj Shalem: /* Nov - 2019 - One-Day Conference */

Welcome to the OWASP Hyderabad chapter homepage.

== OWASP - Hyderabad Chapter Board Members ==
Scope of the board is to discuss and approve local activities, meetings and plans.The board meetings will be announced at a later date. 

'''The board currently includes the following members :'''
* '''OWASP Hyderabad chapter: 'Core Team'''' (Members since 2017) [mailto:gshalemraj@gmail.com Shalem Raj - Cognizant Technology Solutions] : Chapter Leader [mailto:rajesh.gopal@owasp.org Rajesh Gopal - Fortune 500 Organisation] [mailto:bhaskar.puppala@owasp.org Bhaskar Puppala - Fortune 500 Organisation] [mailto:sathya.achanta@owasp.org Achanta Sathya Phani Bapi Raju - CSC] [mailto:saikrishna.gobburi@owasp.org Saikrishna Gobburi - Pramati Technologies Pvt Ltd] 
* '''OWASP Hyderabad chapter: 'Advisory Group'''' (Members since Mar-2019)
# Vasudeva Aremanda - Genpact
# Riyaz Shaik - FX Labs
# Krishna Chaitanya Suraparaju - Cycops (Founder)
Information about future meets can be seen in the '''''Upcoming Meetings''''' section below.

== '''Location Details''' ==

Hyderabad is the capital of southern India's Telangana state. A major center for the technology industry, it's home to many upscale restaurants and shops. Its historic sites include Golconda Fort, a former diamond-trading center that was once the Qutb Shahi dynastic capital. The Charminar, a 16th-century mosque whose 4 arches support towering minarets, is an old city landmark near the long-standing Laad Bazaar.

[[File:Hydskyline.jpg|Panorama of Hyderabad, as seen from the Hussain Sagar lake. Source: https://en.wikipedia.org/wiki/Hyderabad#/media/File:Hydskyline.jpg|center|1150x1150px]]

More details about Hyderabad location available @https://en.wikipedia.org/wiki/Hyderabad<nowiki/>{{Chapter Template|chaptername=Hyderabad|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-hyderabad|emailarchives=http://lists.owasp.org/pipermail/owasp-hyderabad}}
== Participants ==

OWASP Local Chapter meetings are free and open. Our chapter's meetings are informal and encourage open discussion of all aspects of application security. Anyone in our area interested in web application security is welcome to attend. We encourage attendees to give short presentations about specific topics.

 Stay Updated

'''[https://lists.owasp.org/mailman/listinfo/owasp-hyderabad Click here to join the local chapter mailing list]'''

'''Follow''' OWASP Hyderabad on your favorite social media sites:

[[Image:Twitter mini.png|link=http://twitter.com/OWASPHyderabad]] [[Image:Facebook mini.png|link=https://www.facebook.com/pages/Owasp-Hyderabad/181569591897591]]

'''Share''' OWASP Hyderabad on your favorite social media sites:

Presentations are invited from speakers, Please contacts us at our Telegram Group @https://goo.gl/EHqdLM

(Don't share personal details like contact numbers here, because its an open group, your privacy is our concern)

Presenters are encouraged to use OWASP presentation template for slides preparation.

Follow us at our Telegram, Twitter and Facebook handles to get latest information !

== Presentations and Training[edit | edit source] ==
OWASP Track

[https://www.owasp.org/index.php/Speaker_Agreement Speaker Agreement]

[https://www.owasp.org/images/b/b3/OWASP_Presentation_Template_v2.zip Presentation Template]

[https://www.owasp.org/index.php/Image:CFP_template.doc Call For Papers Template]

[https://www.owasp.org/images/8/85/OWASP_CFT_Template-1-.doc Call For Training proposal template].

[http://www.owasp.org/images/4/4b/SAMPLE_Training_Instructor_Agreement.doc Training Instructor Agreement]

== '''Upcoming Meetings & Events''' ==
''Stay tuned for 2019 updates - Exciting activities are under plan !''

== [[Meeting]] Details: ==

== Nov - 2019 - OWASP Day Workshop ==
'''Organized''' '''by''' : Broadridge Financial Solutions (India) Private Limited

'''Date :''' '''23/Nov/2019'''

'''Event :''' 10.00 AM to 06.00 PM IST

'''Venue :''' '''Salesforce India Private Limited''' Block 5, DivyaSree Orion IT/ITES SEZ Survey 66/1 Panmakhta, Raidurg Village Serilingampally Mandal, Ranga Reddy District Hyderabad (Telangana) 500 032 India

'''Registration Link:''' https://www.meraevents.com/previewevent?view=preview&eventId=218015

[[File:Nov-2019_Details.jpg|frameless]]
{| class="wikitable sortable"
|+
!'''Session Details:''' '''OWASP Day workshop''' '''By Dr. Phillippe De Ryck'''
|-
!Founder of Pragmatic Web Security, Google Developer Expert
|-
!Social media profiles of Speaker :
Twitter: <nowiki>https://twitter.com/PhilippeDeRyck</nowiki>

LinkedIn: <nowiki>https://www.linkedin.com/in/PhilippeDeRyck/</nowiki>

Github: <nowiki>https://github.com/philippederyck/</nowiki>
|-
!
|}
'''Agenda :'''

Welcome and Overview by OWASP Core Team

Welcome note by Salesforce Information Security team
* The security model of the web
* Security fundamentals for HTTP applications
* Lab sessions
* Server-side Injection vulnerabilities
* Lunch Break
* Understanding XSS attacks and defenses
* Lab sessions
* Q&A and conclusion
* Vote of Thanks
* Closing: Network Business / Announce Next Meeting – By OWASP Team
* Meeting Concludes: Network Social

'''Directions to Venue:''' <nowiki>https://www.google.com/maps/dir//Salesforce,+Block+5,+DivyaSree+Orion+IT%2FITES+SEZ,+Survey+66%2F1+Panmakhta,+Raidurg+Village,+Serilingampally+Mandal,+Ranga+Reddy+District,+Hyderabad,+Telangana+500032/@17.4225721,78.3081909,12z/data=!3m1!4b1!4m8!4m7!1m0!1m5!1m1!1s0x3bcb93dd89703335:0x24e910c91683c283!2m2!1d78.3782314!2d17.4225843</nowiki>

== Aug - 2019 - One-Day Conference ==
'''Organized''' '''by''' : Broadridge Financial Solutions (India) Private Limited

'''Date :''' '''31/Aug/2019'''

'''Timings :''' 9.00 AM Registration starts

'''Event :''' 10.00 AM to 06.00 PM IST

'''Venue :''' '''Broadridge Financial Solutions (India) Private Limited''', Adjacent to Cyber Towers, Hi-Tec City, Madhapur | Hyderabad 500081 Telangana

'''Registration Link:''' https://www.meraevents.com/event/owasp-hyderabad-august-meet-2019
{| class="wikitable"
|'''Registration & Networking'''
|-
|Welcome and Overview by OWASP Core Team : Welcome note by Broadridge Team
|-
|'''Azure Secure Devops Kit (AzSK)''' – By Sartaj Shaik : Sartaj is pen-tester and Security adviser with 6 + years of experience in Bug bounty and Security adviser associated with HCL and Aveva. A motivational speaker and MCU enthusiast (Inspired by Iron Man)
|-
|Refreshments / Tea Break
|-
|'''IOT (Internet of Things) Security (WiFi and Bluetooth hooks)''' – By Satish Rao : Satish Rao is an IoT Enthusiast , He have M.Tech in Computer Science and working in Oracle India Pvt Ltd in the role of Security Program Manager , having 14 years of Software Industry Experience. Linkendin : <nowiki>https://www.linkedin.com/in/satishraop/</nowiki>
|-
|'''Secure Code Review''' – By Raghav : Raghav has over 11 years of experience in Development and Application Security. In his current role at Broadridge he has been involved in vulnerability assessments, secure code reviews, design reviews, providing remediation support and mentoring. He also conducted several security awareness sessions to the development community.
|-
|'''Networking Lunch'''
|-
|'''AndroGoat in Kotlin (A damn vulnerable mobile App)''' – By Satish Patnayak : 9 years of broad industry experience , Information Security Consultant , researcher , Bug bounty hunter and blogger. AndroGoat is developed by Satish and dedicated the app to OWASP. Twitter : @satish_patnayak
|-
|'''Refreshments / Tea Break'''
|-
|'''Third Party Libraries - Impact and Analysis''' By Niranjan T, Sarwar J
Speakers Profile:
a) Niranjan T, is working as a Technology Lead at Broadridge, with 7 years of experience in multiple security domains such as Application Security, Infrastructure Security, Mobile Security etc.
b) Sarwar J, is working as a Senior Product Security Analyst at Broadridge, who is passionate about learning and sharing knowledge with the AppSec community.
|-
|'''Vote of Thanks'''

Closing: Network Business / Announce Next Meeting – By OWASP Team
|-
|Meeting Concludes: ''Network Social''
|}

== Mar - 2019 - One-Day Conference ==
'''Organized''' '''by''' : S&P Global

'''Date :''' '''09/Mar/2019'''

'''Timings :''' 9.00 AM Registration starts

'''Event :''' 10.00 AM to 06.00 PM IST

'''Venue :''' @Ness Software Engineering Services India ,LLP, '''4th Floor, Block 5, East Tower,''' '''North wing Divyasree NSL Infrastructure Pvt''', ,Sy No.66/1, Raidurgam Village, Serlingampally Mandal, RR Dist, Hyderabad-500032, Telangana, India

'''Registration Link:''' https://www.meraevents.com/event/owasp-hyderabad-chapter-march-2019-oneday-meet-by-sandp-global
{| class="wikitable"
|'''Registration & Networking'''
|-
|Welcome and Overview by OWASP Core Team:

''Felicitation to Guest of Honor: '''G Janaki Sharmila''' - Dy. Commissioner of Police - Crime''

http://www.cyberabadpolice.gov.in/crime-wing/dcp-crimes.html

''Welcome note by S&P Global Team''
|-
|'''Authentication in API, Microservices Architecture''' '''and Cloud Security''' – By ''Varun Kumar Srivastava'':

Varun is principal Engineer with 9 + years of experience in developing and securing web applications and expertise in Application Security, Identity and Access management, He is a computer science graduate from IIT
|-
|Refreshments / Tea Break
|-
|'''''Panel Discussion''''' ''(Cybersecurity Readiness – Maturity and Capability)''

Dr. Bheemarjuna Reddy Tamma - Associate Professor, IIT Hyderabad - https://www.iith.ac.in/~tbr/

Dr. V. Radha, Associate Professor, Institute for Development and Research in Banking Technology (IDRBT) - http://idrbt.ac.in/vradha.html

Mr. Veeraindhra Dinker, Director Information Security at GSS Infotech Hyderabad - https://www.linkedin.com/in/vdinker

Mr. Venu Rao , Founder and CEO - We Secure App - https://www.linkedin.com/in/venu-rao-wsa
|-
|'''Networking Lunch -'''

'''Registrations for Onsite Hackathon by Secure Code Warrior'''
|-
|'''Executive Briefing: Secure Software Development''' – By Satish Kumar Vadlakonda: Satish is Associate Director with 12 + years of broad industry experience in to software design, architecture and development. Specialized in Web and Windows applications development with a strong acquaintance to the best practices of Agile, UX, UI and Information security
|-
|'''An Introduction to IOT firmware analysis and Security''' – By ''Vivek Rengarajan:''

Vivek is a cybersecurity team leader in a multinational bank with almost 18 years of experience. He has held varied roles in his career and has been a cyber security enthusiast for a long time. His areas of interest include mobile and ioT security, Malware analysis and reverse engineering and exploit development. He tweets at @vivek_310
|-
|Refreshments / Tea Break
|-
|'''''Onsite Hackathon (CTF) by''''' '''''Secure Code Warrior''': '''(3 Hours)'''''[[File:SCW LOGO.png|thumb]]

''Secure Code Warrior is a global security company that makes software development better and more secure: Gamified competitive Developer Quality Assurance platform''

https://securecodewarrior.com , https://insights.securecodewarrior.com

'''Announcement of the winners and Prize distribution:'''

'''The participants can form a group up to 3 members each or can participate individually'''

Watch as you climb to the top of the leaderboard and be crowned the ‘Secure Code Warrior.’ We are giving away prizes:

The following are prizes :

· 1st - 3x t-shirt, Rs. 3001 Amazon voucher each from '''SCW''' and 9000 Amazon gift card from '''S&P Global'''

· 2nd - 3x t-shirt from '''SCW''' – 5000 Amazon gift card from '''S&P Global'''

· 3rd - 3x t-shirt from '''SCW''' – 3000 Amazon gift card from '''S&P Global'''
|-
|'''Vote of Thanks'''

Closing: Network Business / Announce Next Meeting – By OWASP Team
|-
|Meeting Concludes: ''Network Social''
|}

== Dec - 2018 ==
[[File:Session Photo.jpg|thumb]]
[[File:Group Photo.jpg|thumb]]
'''Organized''' '''by''' : ThoughtWorks Technologies Private Limited

'''Date :''' 15/Dec/2018

'''Timings :''' 10.00 AM to 1.00 PM IST

'''Venue :''' ThoughtWorks Technologies Private Limited, Hyderabad, Telangana, India

'''Registration Link:''' https://www.eventbrite.com/e/owasp-hyderabad-december-2018-chapter-meet-tickets-53371662078#

'''Agenda:'''

'''1) All about Java Deserialization Vulnerability'''

Java Deserialization of untrusted data has been a security buzzword for the past couple of years with almost every application using native Java serialization framework being vulnerable to Java deserialization attacks. Since it's inception, there have been many scattered attempts to come up with a solution to best address this flaw. In this talk we will focus on Java deserialization vulnerability and mitigation framework provided by Oracle in its latest JDK.

'''About Speakers:''' Venkata Suresh Sanga is a Principle Security Engineer in Oracle having more than 13+ years of experience in Application Development and Security. Currently working on SAST Tools to remediate or mitigate the Application Vulnerabilities. He has Masters in Computer Science (M.Tech) from Andhra University. Linkedin : <nowiki>https://in.linkedin.com/in/svsuresh-appse</nowiki>

'''Our Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Our Twitter URL:''' https://twitter.com/owasphyderabad

'''Our Telegram URL:''' https://goo.gl/EHqdLM

== Sept-2018 - One-Day Conference ==
'''Organized''' '''by''' : S&P Global and Ness

'''Date :''' 01/Sept/2018

'''Timings :''' 10.00 AM to 05.30 PM IST

'''Venue :''' @Ness Software Engineering Services India ,LLP, 4th Floor, Block 5, East Tower, '''North wing Divyasree NSL Infrastructure Pvt''', ,Sy No.66/1, Raidurgam Village, Serlingampally Mandal, RR Dist, Hyderabad-500032, Telangana, India

'''Registration Link:'''

https://www.meraevents.com/event/owasp-hyderabad-september-2018-chapter-meet?ucode=organizer

'''Agenda:'''
{| class="wikitable"
|'''Registration & Networking'''
|-
|Welcome and Overview by OWASP Core Team

Welcome note by S&P Global Team

Welcome & Overview of Meeting by OWASP Network Representative
|-
|'''Running Frida on jailed devices by using Frida and to bypass root/jailbreak detection – By Satish Kumar Patnayak'''

About Speaker : Information Security Consultant with 7+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. His areas of interest are android security, ios security
|-
|Refreshments / Tea Break
|-
|'''SSRF Exploit Development – By Aayush Deo'''

About Speaker : Good industry experience in information security and completed my BE from PUNE University. Have worked with shopclues.com, an eCommerce company in the past and have couple of Hall of Fame’s on ZETA, Paytm etc.
|-
|Networking Lunch
|-
|'''Mobile Vulnerabilities worth Millions - Pentesting and Securing iOS Apps using OWASP iGoat – By Swaroop Deepak Yermalkar'''

About Speaker : works as Sr Security Engineer with a diverse skill set focused on Mobile App Pentest, Web, API and AWS Pentesting. In addition he has authored the popular book “Learning iOS Pentesting” (<nowiki>https://goo.gl/T8jvjJ</nowiki>) and lead an open source project - OWASP iGoat (<nowiki>https://github.com/OWASP/iGoat-Swift</nowiki>) which is developed for mobile security. He is one of the top bug bounty researchers worldwide, working with Cobalt.io (<nowiki>https://app.cobalt.io/swaroopsy</nowiki>), Synack.inc.

He has given talks and workshops at many security conferences including AppSec USA 2017, BruCON, SEC-T, EuropeanSec, Hacks in Taiwan (HITCON), GroundZero, c0c0n, 0x90, GNUnify
|-
|'''OS Command Injection - Observation, Attack & Analysis (A1 - OWASP Top 10 2017) - By Bhaskar Puppala and Saikrishna Gobburi'''

About Speaker: Bhaskar Puppala is an Information Security Professional, working as a consultant for a fortune 500 company and has 8.5 years of experience. He is more interested in application security area and love to share his knowledge when possible. He also has some experience in bug bounty programs and listed on couple of Security Hall of Fames.

For more details please visit : <nowiki>https://in.linkedin.com/in/bhaskar-puppala-3bb11316</nowiki>

About Speaker: Saikrishna Gobburi has around 8.5 years of work experience on QA automation, performance and security testing .Currently he is working as Principal engineer with Pramati technologies. He is also associated as core member with OWASP-Hyderabad.

For more details please visit: <nowiki>https://www.linkedin.com/in/saikrishna-gobburi-b0088118/</nowiki>
|-
|Refreshments / Tea Break
|-
|Panel Discussion – Corporate attack methodology vs Attacks in the wild (Resource pool: Demand vs Supply)
Panel to be announced
|-
|Closing - Network Business / Announce Next Meeting – By OWASP Team
|-
|''Network Social''
|}
'''Sponsor :'''
{| class="wikitable"
![[File:Session_Photos.jpg|thumb|S and P]]
![[File:Session_Photos1.jpg|thumb|S and P]]
![[File:Session_Photos2.jpg|thumb|S and P]]
|} [[File:SP.png|frameless|168x168px]]
== July - 2018[edit | edit source] ==
'''Time & Venue:'''
[[File:July 2018 Core Team meet.jpg|thumb|July 2018 Core Team Meet]]
@28/July/2018

CCD, Banjara Hills, Hyderabad, Telangana.

'''Agenda:'''

1. Planning for Sep 2018 OWASP meet - '''Done'''

2. Telegraph Group Mentoring - '''Done'''

3. Speakers Finalizing - '''Done'''

'''Attendees : Hyderabad OWASP Core Team'''

[[File:CoMakeIT - June 2018 Meet Pic 2.jpg|thumb|CoMakeIT - June 2018 Meet]]

== June - 2018 ==
[[File:CoMakeIT - June 2018 Meet.jpg|alt=CoMakeIT - June 2018 Meet|thumb|CoMakeIT - June 2018 Meet]]
'''Venue: coMakeIT Software Pvt Ltd'''

Address: 7th Floor, Block-I, My Home Hub, Hitech City, Madhapur, Hyderabad, INDIA

'''Event Start Time:''' Saturday, 23rd June, 2018 at 10:00 AM (IST)

'''Event Registration URL''': https://tinyurl.com/yc9cb6hg

'''Agenda:'''

'''1) Adapting to DevSecOps in Agile World'''

In this talk, speaker will try talk about basics of DevSecOps and its benefits when we integrate it in Agile SDLC space.

'''2) Understanding the internals of 'Server-Side Request Forgery' (SSRF)'''

Here speaker will try to touch the basics about how application communicates with end devices and using the same he will try to explain SSRF issue and criticality of it, if exploited.

'''About Speakers:'''

'''1) Saikrishna Gobburi''' has around 8.5 years of work experience on QA automation, performance and security testing .Currently he is working as Principle engineer with Pramati technologies. He is also associated as core member with OWASP-Hyderabad. For more details please visit: <nowiki>https://www.linkedin.com/in/saikrishna-gobburi-b0088118/</nowiki>

'''2) Bhaskar Puppala''' is an Information Security Professional, working as a consultant for a fortune 500 company and has 8.5 years of experience. He is more interested in application security area and love to share his knowledge when possible. He also has some experience in bug bounty programs and listed on couple of Security Hall of Fames. For more details please visit : <nowiki>https://in.linkedin.com/in/bhaskar-puppala-3bb11316</nowiki>

'''Our Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Our Twitter URL:''' https://twitter.com/owasphyderabad

'''Our Telegram URL:''' https://goo.gl/EHqdLM

== Mar - 2018 ==
[[File:Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet.jpg|alt=Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet|thumb|Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet]]
'''Venue: Daspalla Hotel'''
[[File:Daspalla_Hotel_-_Meet.jpg|thumb|Daspalla Hotel Meet - Mar 2018]]

Address: Rd Number 37, CBI Colony, Jubilee Hills, Hyderabad, Telangana 500033, Phone: 040 6654 5678

'''Event Start Time:''' Saturday, 10th Mar, 2018 at 10:00 AM (IST)

'''Agenda:'''

'''1) Does your Pentesting cover all the basis of IT Security ?'''

This talk focuses on how to align the security validation of a web application with the three basic elements of security namely,Confidentiality,Integrity, and Availability (CIA). The test effectiveness can be achieved by analyzing the requirements of each element and identifying the potential breaches that can compromise each element. The efficiency should be built by relating these breaches with the known OWASP Top 10 and other vulnerabilities and, leveraging that knowledge to identify the testing approach - static and dynamic throughout the SDLC.

'''About Speakers:'''

'''Bhushan Gupta''' has over 30 years of experience in software engineering, 23 of which have been in the software industry. Although recognized for his contributions in the areas of software engineering such as agile processes and quality methods and metrics, Bhushan has taken a vigorous interest in web application security and is keen on applying pragmatic software development practices that yield a secure product. He is one of the leaders of the OWASP Portland Chapter. Bhushan has been a speaker, a panelist, and a reviewer for software quality and security organizations. As a change agent, Bhushan volunteers his time and energy for organizations that promote software security and quality. He has a MS degree in Computer Science from New Mexico Institute of Mining and Technology, Socorro, New Mexico, 1985.

'''Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Twitter URL:''' https://twitter.com/owasphyderabad

'''Telegram URL:''' https://goo.gl/EHqdLM

'''Registration URL:''' https://goo.gl/tEXnec

== Feb-2018 ==

=== '''Venue: coMakeIT''' ===
7th Floor, Block-I, My Home Hub, Hitech City, Madhapur, Hyderabad, INDIA

'''Time:''' Saturday, 03rd Feb, 2018 at 10:30 AM (IST)

'''Agenda:'''

1) Mobile Application Pentest & Mobile Application Ransomware

2) Using Static Analyser tools while coding

'''About Speakers:'''

1) '''Spv Reddy''' is an Application Security Analyst at '''IMImobile Pvt Ltd''', member of '''National Technical Committee Member''' at National Cyber Safety and Security Standards

Also a '''Steering Committee Lead''' Member in National Information Security Summit.

2) '''Dathu Rachapudi''' is having 9 years of experience with 6+ years into Application Security only. He is currently working with '''ValueLabs''' as a “Technical Lead-Security”

He likes to teach and a happy a bug hunter during his leisure time.

== Dec-2017 ==
[[File:WhatsApp Image 2017-12-15 at 11.09.39 PM.jpg|thumb]]
'''Time & Venue:'''

@15/Dec/2017

KFC location, Shilparamam, Hi-Tech city, Hyderabad

'''Agenda:'''

1. Planning for Jan 20th 2018 general OWASP meet - '''Done'''

2. Need to clear OWASP mail account - '''Done'''

'''Attendees : Hyderabad OWASP Core Team'''

== Sec-2017 ==
[[File:WhatsApp Image 2017-12-15 at 10.13.27 PM.jpg|thumb]]
'''Time & Venue:'''

@03/Sep/2017

Cafe Coffee day, Road Number 10, Banjara Hills, Hyderabad

'''Below decisions were made after careful discussions'''

1. Uploading of OWASP presentation template, speakers should make use of this template to prepare their presentation

2. Recording the technical demo is mandate for presenters

'''Attendees : Hyderabad OWASP Core Team'''

== July 2017 ==
'''Time & Venue:'''

OpenText Technologies, Building No-14, 3rd Floor, Raheja Mindspace, HITEH City, Hyderabad

Saturday, July 15th, 2017 at 10:30 AM (IST)

'''Agenda:'''

1. Introduction to DevOps and its Tools - Krishna Reddy Pedala

2. API Security Auditing using RESTED Plug-in - Vikas Kumar Pal

'''About the speaker:'''

'''Krishna Reddy Pedala''' is currently working as an Sr.Information Security consultant in financial sector. His previous endeavour was with Microsoft and has 9+ years of experience in Information security domain with expertise in service industry and banking domains.

'''Vikas Kumar Pal''' is an information security professional working with Ceredox Technologies Pvt Ltd, Hyderabad with an interest in research and development in the areas of Application Security, Penetration Testing and Web Application Development.

== Feb 2017 ==

'''Time & Venue:'''

Starbucks, Opp: Cybergateway, HiTech City, Hyderbad

Monday, February 20th, 2017 at 7.30 PM (IST)

'''Agenda:'''

Topic: New Core Team Meeting

Road map for year 2017

Changes in core team members responsibilities

Getting OWASP accounts for core members

Administration of all social accounts of OWASP Hyderabad Chapter

== April 2016 ==
'''Time & Venue:'''

OpenText Technologies, Building No-14, 3rd Floor, Raheja Mindspace, HITEH City, Hyderabad

Saturday, April 2nd, 2016 at 10:30 AM (IST)

'''Agenda:'''

Topic: Mobile application security and testing by Satish Kumar Patnaik

About the speaker - Satish Kumar Patnayak : he is currently working as an Senior Information Security Consultant financial sector and has 5+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. His areas of interest are android security, ios security.

==February 2016==

'''Time & Venue:'''

Saturday, February 27th, 2016 at 10:30 AM (IST)

Location: Pramati Technologies Private Limited, Mid Town 6-3-348 Road No. 1, Banjara Hills, Hyderabad, Telangana, India

'''Agenda:'''

Microsoft Threat Modeling Tool 2016 by Krishna Reddy Padala

Creating DFD STRIDE Model Identifying STRIDE Threats by DFD, Mitigation Techniques and Technologies

'''About the speaker:''' Krishna Reddy Padala, he is currently working as an Senior Information Security Consultant financial sectore and worked with Microsoft and has 8+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. QUALYS GUARD Certified Vulnerability Management Specialist.Certified Ethical Hacker from EC Council.Worked extensively on Web Application Security, Secure Code Reviews in Banking & Financial, Healthcare, Retail, Logistics domains.

== '''Previous Meets:''' ==

==May 11, 2013==

'''Venue:'''

CA Technologies, 115, IT Park Area, Nanakramguda, Gachibowli - (Phone - 040 6687 8000), Hyderabad

'''Agenda:''' Exploiting Java 0-day by Ravindra and Raghuveer, CA Technologies Compliance and Governance by Shalem Raj, Cognizant.

==February 9, 2013==

'''Date & Time: Saturday, February 9, 2013 from 10:00 AM to 1:00 PM '''

'''Venue:'''
CA Technologies 
115, IT Park Area 
Nanakramguda, Gachibowli - (Phone - 040 6687 8000) 
Hyderabad

'''Agenda:'''
IBM Appscan - An automated approach to web app security by Rohit Tamma 
Insecure Storage in iPhone applications by Satish Bommisetty

''' Speakers: '''

'''Rohit Tamma'''
Rohit Tamma has been working in the field of Application Security since 3.5 years. He has experience in Vulnerability Assessments and Penetration Testing of web applications. He is passionate about Mobile security with special interest in Android security. He is currently working with ADP.

'''Satish Bommisetty'''
Satish is an Information Security Professional with 6.5 years of experience in penetration testing of web applications and mobile applications. He is currently working with ADP as a security analyst. He is a Facebook whitehat. He also reported vulnerabilities in Bing, Linkedin and Paypal.

== October 27, 2012 ==

'''Date & Time: Saturday, October 27, 2012 at 11:00 AM (IST) '''.

'''Venue:'''

Invesco private Limited 
15th Floor , North Block, Beside Raidurg Police Station 
DivyaSree Orion SEZ 
Hyderabad, Andhra Pradesh 500032 

'''Agenda:'''

A bird'd eye view of securing Web Applications by Imran Mohammed

SSDLC BSIMM by M S Sripathi

''' Speakers '''

'''Imran Mohammed'''

Mohammed Imran works as Researcher at TCS, Innovation Labs. He also leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Imran is a CEH and his interests include application security assessment, penetration testing and secure code review. When not at work he practices horse riding and marksmanship.

'''Sreepati M S '''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him .

'''Sponsor'''

Invesco Pvt Ltd

== August 11, 2012 ==

'''Date & Time: Saturday, Aug 11, 2012 at 10:30 AM '''.

'''Venue:'''

ADP pvt ltd 
Kothaguda 
Ground floor, Block C Laxmi cyber city Opposite TCS e-park 
Hyderabad, Andhra Pradesh 500081 

'''Agenda:'''

HTML5 Security Part II by Krishna Chaitanya

''' Speakers '''

'''Krishna Chaitanya T'''

Krishna Chaitanya T is a web geek working at Security & Privacy Research Lab, Infosys Labs. He is very much passionate about the web with special interest on Web security and areas such as HTML5, JavaScript, Web browsers, social networking platforms etc. He is a regular blogger and speaker at technical events. For his contributions to technical communities, he has been awarded Microsoft MVP award for 3 consecutive years-ASP.NET MVP(2010) and Internet Explorer MVP (2011, 2012). He is also pursuing M.S by Research at IIIT-Hyd with focus on security aspects of the modern web. When not at work he practices Yoga and plays Chess.

'''Sponsor'''

https://www.owasp.org/images/9/91/Adp.jpg

== May 19, 2012 ==

'''Date & Time: Saturday, May 19, 2012 at 10:30 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

HTML5 Security by Krishna Chaitanya

''' Speakers '''

'''Krishna Chaitanya T'''

Krishna Chaitanya T is a web geek working at Security & Privacy Research Lab, Infosys Labs. He is very much passionate about the web with special interest on Web security and areas such as HTML5, JavaScript, Web browsers, social networking platforms etc. He is a regular blogger and speaker at technical events. For his contributions to technical communities, he has been awarded Microsoft MVP award for 3 consecutive years-ASP.NET MVP(2010) and Internet Explorer MVP (2011, 2012). He is also pursuing M.S by Research at IIIT-Hyd with focus on security aspects of the modern web. When not at work he practices Yoga and plays Chess.

== February 25, 2012 ==

'''Date & Time: Saturday, February 25, 2012 at 11:00 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

How to find zero days in web applications by Imran & Raghunath

''' Speakers '''

'''Mohammed Imran'''

Imran works as Application Security Researcher at Tata consultancy services,leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Apart from his day job he contributes to matriux and Fedora open source projects. Imran is a CEH and his interests include application security assessment, penetration testing and code review.

'''Raghunath'''

Raghunath works as a senior security engineer at entersoft information systems private limited. His interests include web application penetration testing.

== December 17, 2011 ==

'''Date & Time: Saturday, at 10:30 AM '''.

'''Venue: '''

Hotel Sitara Grand 
Road No.12, Road No.12, Banjara Hills 
Hyderabad, Andhra Pradesh 500034, India 

'''Agenda:'''

Cloud Security by Arshad Noor

''' Speakers '''

'''Arshad Noor'''
Chief Technology Officer
StrongAuth, Inc., Sunnyvale, California

Started his great profession as a senior systems designer way back in 1986 at Port Authority of Newyork and New Jersey,- Newyork and worked in Citibank - newyork as Vice President apart from Newyork Life Insurance, BASF Corporation, Sun IT ,Sun Microsystems, INC to name.
Architected and built several Public Key Infrastructure (PKI) assignments for several defense, communication, medical, Banking, e-commerce, life sciences and other industries.

== November 12, 2011==

'''Date & Time: Saturday, at 10:30 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

HP WebInspect by Rohit Tamma

Pentesting Iphone Applications By B Satish

''' Speakers '''

'''Rohit Tamma'''

Rohit Tamma (CEH) has been working as a Application security Analyst in TCS from past 2 years. His job responsibilities include Vulnerability Assessment and Penetration Testing which enabled him to acquire extensive knowledge on HP WebInspect,IBM Rational Appscan Source Edition and HP Assessment Management Platform. Recently he also gave a presentation in Null Hyderabad meet on HP WebInspect.

'''Satish B'''

Satish has been working as a web application penetration tester since 5 years. Pentested over 200 web applications during this period. Recently he got involved in reverse engineering of binaries, WLAN security and mobile application hacking. He also Performed a couple of network assessments and source code reviews. Developed a compiler in the early stage of the career. He has a Bachelor’s Degree in Computer Science from JNTU, Hyderabad.Passionate about hacking and sharing knowledge.

== 20th August 2011 ==

'''Date & Time: Saturady, at 11 AM '''

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

Oracle Padding Attack by B. Satish

Open SAM part II by Sripati MS

''' Speakers '''

'''B Satish'''

I have been working as a web application penetration tester since 5 years. Pentested over 200 web applications during this period. Recently got involved in reverse engineering of binaries, WLAN security and mobile application hacking. Performed a couple of network assessments and source code reviews. Developed a compiler in the early stage of the career. I have a Bachelor’s Degree in Computer Science from JNTU, Hyderabad. Passionate about hacking and sharing knowledge

'''Sreepati M S'''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him

== July 2011 ==

'''Date: 23/07/2011 saturady of at 12:00 Noon '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

Presentation on Burp Suite by Omair Seminar on Open SAM by Sreepati

''' Speakers '''

'''Sreepati M S '''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him

 

'''Omair '''

Omair works as penetration tester in NII consulting, has over 5 years of experience in Penetration testing. His interests include Network Penetration testing, Exploit generation and Reverse engineering

 ''' Facility Sponsor & Refreshment sponsor'''

3i Infotech

[[Image:3i Infotech.png]]

 

== june 2011 ==

'''Meet on:''' 11/06/2011 saturday

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Facility Sponsor & Refreshment sponsor''' 

Cognizant Technology Solutions

 

[[Image:Cognizant.png|273x86px|Cognizant.png]]

 

== May 2011 ==

'''Meet on:''' 07/05/2011 saturday

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

XSS Autopsy and w3af by Imran

''' Speakers '''

'''Mohammed Imran'''

Imran works as Application Security Researcher at Tata consultancy services,leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Apart from his day job he contributes to matriux and Fedora open source projects. Imran is a CEH and his interests include application security assessment, penetration testing and code review.

'''Sponsor''' 

Cognizant Technology Solutions

 

==== Audio/Video/Slides Archive ====

<paypal>Hyderabad</paypal>

__NOTOC__ <headertabs></headertabs>

[[Category:OWASP_Chapter]]
[[Category:Asia/Pacific/Middle East]]
[[Category:India]]
[[Category:Hyderabad]]

Hyderabad

2019-11-14T17:15:45Z

Raj Shalem: /* Nov - 2019 - One-Day Conference */

Welcome to the OWASP Hyderabad chapter homepage.

== OWASP - Hyderabad Chapter Board Members ==
Scope of the board is to discuss and approve local activities, meetings and plans.The board meetings will be announced at a later date. 

'''The board currently includes the following members :'''
* '''OWASP Hyderabad chapter: 'Core Team'''' (Members since 2017) [mailto:gshalemraj@gmail.com Shalem Raj - Cognizant Technology Solutions] : Chapter Leader [mailto:rajesh.gopal@owasp.org Rajesh Gopal - Fortune 500 Organisation] [mailto:bhaskar.puppala@owasp.org Bhaskar Puppala - Fortune 500 Organisation] [mailto:sathya.achanta@owasp.org Achanta Sathya Phani Bapi Raju - CSC] [mailto:saikrishna.gobburi@owasp.org Saikrishna Gobburi - Pramati Technologies Pvt Ltd] 
* '''OWASP Hyderabad chapter: 'Advisory Group'''' (Members since Mar-2019)
# Vasudeva Aremanda - Genpact
# Riyaz Shaik - FX Labs
# Krishna Chaitanya Suraparaju - Cycops (Founder)
Information about future meets can be seen in the '''''Upcoming Meetings''''' section below.

== '''Location Details''' ==

Hyderabad is the capital of southern India's Telangana state. A major center for the technology industry, it's home to many upscale restaurants and shops. Its historic sites include Golconda Fort, a former diamond-trading center that was once the Qutb Shahi dynastic capital. The Charminar, a 16th-century mosque whose 4 arches support towering minarets, is an old city landmark near the long-standing Laad Bazaar.

[[File:Hydskyline.jpg|Panorama of Hyderabad, as seen from the Hussain Sagar lake. Source: https://en.wikipedia.org/wiki/Hyderabad#/media/File:Hydskyline.jpg|center|1150x1150px]]

More details about Hyderabad location available @https://en.wikipedia.org/wiki/Hyderabad<nowiki/>{{Chapter Template|chaptername=Hyderabad|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-hyderabad|emailarchives=http://lists.owasp.org/pipermail/owasp-hyderabad}}
== Participants ==

OWASP Local Chapter meetings are free and open. Our chapter's meetings are informal and encourage open discussion of all aspects of application security. Anyone in our area interested in web application security is welcome to attend. We encourage attendees to give short presentations about specific topics.

 Stay Updated

'''[https://lists.owasp.org/mailman/listinfo/owasp-hyderabad Click here to join the local chapter mailing list]'''

'''Follow''' OWASP Hyderabad on your favorite social media sites:

[[Image:Twitter mini.png|link=http://twitter.com/OWASPHyderabad]] [[Image:Facebook mini.png|link=https://www.facebook.com/pages/Owasp-Hyderabad/181569591897591]]

'''Share''' OWASP Hyderabad on your favorite social media sites:

Presentations are invited from speakers, Please contacts us at our Telegram Group @https://goo.gl/EHqdLM

(Don't share personal details like contact numbers here, because its an open group, your privacy is our concern)

Presenters are encouraged to use OWASP presentation template for slides preparation.

Follow us at our Telegram, Twitter and Facebook handles to get latest information !

== Presentations and Training[edit | edit source] ==
OWASP Track

[https://www.owasp.org/index.php/Speaker_Agreement Speaker Agreement]

[https://www.owasp.org/images/b/b3/OWASP_Presentation_Template_v2.zip Presentation Template]

[https://www.owasp.org/index.php/Image:CFP_template.doc Call For Papers Template]

[https://www.owasp.org/images/8/85/OWASP_CFT_Template-1-.doc Call For Training proposal template].

[http://www.owasp.org/images/4/4b/SAMPLE_Training_Instructor_Agreement.doc Training Instructor Agreement]

== '''Upcoming Meetings & Events''' ==
''Stay tuned for 2019 updates - Exciting activities are under plan !''

== [[Meeting]] Details: ==

== Nov - 2019 - One-Day Conference ==
'''Organized''' '''by''' : Broadridge Financial Solutions (India) Private Limited

Registration link: https://www.meraevents.com/previewevent?view=preview&eventId=218015

[[File:Nov-2019_Details.jpg|frameless]] '''Session Details:''' The session is for whole day By Dr. Phillippe De Ryck; Speaker Bio: https://www.linkedin.com/in/PhilippeDeRyck/

'''Agenda :'''

Tentative schedule

10:00 - 09:45 - The security model of the web

10:45 - 11:45 - Security fundamentals for HTTP applications

11:45 - 12:30 - Lab sessions

12:30 - 01:30 - Server-side Injection vulnerabilities

01:30 - 02:15 - Lunch

02:15 - 15:15 - Understanding XSS attacks and defenses

15:15 - 16:00 - Lab sessions

16:00 - 16:30 - Q&A and conclusion

Location / Venue :

'''Salesforce India Private Limited''' Block 5, DivyaSree Orion IT/ITES SEZ Survey 66/1 Panmakhta, Raidurg Village Serilingampally Mandal, Ranga Reddy District Hyderabad (Telangana) 500 032 India

'''Directions:''' <nowiki>https://www.google.com/maps/dir//Salesforce,+Block+5,+DivyaSree+Orion+IT%2FITES+SEZ,+Survey+66%2F1+Panmakhta,+Raidurg+Village,+Serilingampally+Mandal,+Ranga+Reddy+District,+Hyderabad,+Telangana+500032/@17.4225721,78.3081909,12z/data=!3m1!4b1!4m8!4m7!1m0!1m5!1m1!1s0x3bcb93dd89703335:0x24e910c91683c283!2m2!1d78.3782314!2d17.4225843</nowiki>

== Aug - 2019 - One-Day Conference ==
'''Organized''' '''by''' : Broadridge Financial Solutions (India) Private Limited

'''Date :''' '''31/Aug/2019'''

'''Timings :''' 9.00 AM Registration starts

'''Event :''' 10.00 AM to 06.00 PM IST

'''Venue :''' '''Broadridge Financial Solutions (India) Private Limited''', Adjacent to Cyber Towers, Hi-Tec City, Madhapur | Hyderabad 500081 Telangana

'''Registration Link:''' https://www.meraevents.com/event/owasp-hyderabad-august-meet-2019
{| class="wikitable"
|'''Registration & Networking'''
|-
|Welcome and Overview by OWASP Core Team : Welcome note by Broadridge Team
|-
|'''Azure Secure Devops Kit (AzSK)''' – By Sartaj Shaik : Sartaj is pen-tester and Security adviser with 6 + years of experience in Bug bounty and Security adviser associated with HCL and Aveva. A motivational speaker and MCU enthusiast (Inspired by Iron Man)
|-
|Refreshments / Tea Break
|-
|'''IOT (Internet of Things) Security (WiFi and Bluetooth hooks)''' – By Satish Rao : Satish Rao is an IoT Enthusiast , He have M.Tech in Computer Science and working in Oracle India Pvt Ltd in the role of Security Program Manager , having 14 years of Software Industry Experience. Linkendin : <nowiki>https://www.linkedin.com/in/satishraop/</nowiki>
|-
|'''Secure Code Review''' – By Raghav : Raghav has over 11 years of experience in Development and Application Security. In his current role at Broadridge he has been involved in vulnerability assessments, secure code reviews, design reviews, providing remediation support and mentoring. He also conducted several security awareness sessions to the development community.
|-
|'''Networking Lunch'''
|-
|'''AndroGoat in Kotlin (A damn vulnerable mobile App)''' – By Satish Patnayak : 9 years of broad industry experience , Information Security Consultant , researcher , Bug bounty hunter and blogger. AndroGoat is developed by Satish and dedicated the app to OWASP. Twitter : @satish_patnayak
|-
|'''Refreshments / Tea Break'''
|-
|'''Third Party Libraries - Impact and Analysis''' By Niranjan T, Sarwar J
Speakers Profile:
a) Niranjan T, is working as a Technology Lead at Broadridge, with 7 years of experience in multiple security domains such as Application Security, Infrastructure Security, Mobile Security etc.
b) Sarwar J, is working as a Senior Product Security Analyst at Broadridge, who is passionate about learning and sharing knowledge with the AppSec community.
|-
|'''Vote of Thanks'''

Closing: Network Business / Announce Next Meeting – By OWASP Team
|-
|Meeting Concludes: ''Network Social''
|}

== Mar - 2019 - One-Day Conference ==
'''Organized''' '''by''' : S&P Global

'''Date :''' '''09/Mar/2019'''

'''Timings :''' 9.00 AM Registration starts

'''Event :''' 10.00 AM to 06.00 PM IST

'''Venue :''' @Ness Software Engineering Services India ,LLP, '''4th Floor, Block 5, East Tower,''' '''North wing Divyasree NSL Infrastructure Pvt''', ,Sy No.66/1, Raidurgam Village, Serlingampally Mandal, RR Dist, Hyderabad-500032, Telangana, India

'''Registration Link:''' https://www.meraevents.com/event/owasp-hyderabad-chapter-march-2019-oneday-meet-by-sandp-global
{| class="wikitable"
|'''Registration & Networking'''
|-
|Welcome and Overview by OWASP Core Team:

''Felicitation to Guest of Honor: '''G Janaki Sharmila''' - Dy. Commissioner of Police - Crime''

http://www.cyberabadpolice.gov.in/crime-wing/dcp-crimes.html

''Welcome note by S&P Global Team''
|-
|'''Authentication in API, Microservices Architecture''' '''and Cloud Security''' – By ''Varun Kumar Srivastava'':

Varun is principal Engineer with 9 + years of experience in developing and securing web applications and expertise in Application Security, Identity and Access management, He is a computer science graduate from IIT
|-
|Refreshments / Tea Break
|-
|'''''Panel Discussion''''' ''(Cybersecurity Readiness – Maturity and Capability)''

Dr. Bheemarjuna Reddy Tamma - Associate Professor, IIT Hyderabad - https://www.iith.ac.in/~tbr/

Dr. V. Radha, Associate Professor, Institute for Development and Research in Banking Technology (IDRBT) - http://idrbt.ac.in/vradha.html

Mr. Veeraindhra Dinker, Director Information Security at GSS Infotech Hyderabad - https://www.linkedin.com/in/vdinker

Mr. Venu Rao , Founder and CEO - We Secure App - https://www.linkedin.com/in/venu-rao-wsa
|-
|'''Networking Lunch -'''

'''Registrations for Onsite Hackathon by Secure Code Warrior'''
|-
|'''Executive Briefing: Secure Software Development''' – By Satish Kumar Vadlakonda: Satish is Associate Director with 12 + years of broad industry experience in to software design, architecture and development. Specialized in Web and Windows applications development with a strong acquaintance to the best practices of Agile, UX, UI and Information security
|-
|'''An Introduction to IOT firmware analysis and Security''' – By ''Vivek Rengarajan:''

Vivek is a cybersecurity team leader in a multinational bank with almost 18 years of experience. He has held varied roles in his career and has been a cyber security enthusiast for a long time. His areas of interest include mobile and ioT security, Malware analysis and reverse engineering and exploit development. He tweets at @vivek_310
|-
|Refreshments / Tea Break
|-
|'''''Onsite Hackathon (CTF) by''''' '''''Secure Code Warrior''': '''(3 Hours)'''''[[File:SCW LOGO.png|thumb]]

''Secure Code Warrior is a global security company that makes software development better and more secure: Gamified competitive Developer Quality Assurance platform''

https://securecodewarrior.com , https://insights.securecodewarrior.com

'''Announcement of the winners and Prize distribution:'''

'''The participants can form a group up to 3 members each or can participate individually'''

Watch as you climb to the top of the leaderboard and be crowned the ‘Secure Code Warrior.’ We are giving away prizes:

The following are prizes :

· 1st - 3x t-shirt, Rs. 3001 Amazon voucher each from '''SCW''' and 9000 Amazon gift card from '''S&P Global'''

· 2nd - 3x t-shirt from '''SCW''' – 5000 Amazon gift card from '''S&P Global'''

· 3rd - 3x t-shirt from '''SCW''' – 3000 Amazon gift card from '''S&P Global'''
|-
|'''Vote of Thanks'''

Closing: Network Business / Announce Next Meeting – By OWASP Team
|-
|Meeting Concludes: ''Network Social''
|}

== Dec - 2018 ==
[[File:Session Photo.jpg|thumb]]
[[File:Group Photo.jpg|thumb]]
'''Organized''' '''by''' : ThoughtWorks Technologies Private Limited

'''Date :''' 15/Dec/2018

'''Timings :''' 10.00 AM to 1.00 PM IST

'''Venue :''' ThoughtWorks Technologies Private Limited, Hyderabad, Telangana, India

'''Registration Link:''' https://www.eventbrite.com/e/owasp-hyderabad-december-2018-chapter-meet-tickets-53371662078#

'''Agenda:'''

'''1) All about Java Deserialization Vulnerability'''

Java Deserialization of untrusted data has been a security buzzword for the past couple of years with almost every application using native Java serialization framework being vulnerable to Java deserialization attacks. Since it's inception, there have been many scattered attempts to come up with a solution to best address this flaw. In this talk we will focus on Java deserialization vulnerability and mitigation framework provided by Oracle in its latest JDK.

'''About Speakers:''' Venkata Suresh Sanga is a Principle Security Engineer in Oracle having more than 13+ years of experience in Application Development and Security. Currently working on SAST Tools to remediate or mitigate the Application Vulnerabilities. He has Masters in Computer Science (M.Tech) from Andhra University. Linkedin : <nowiki>https://in.linkedin.com/in/svsuresh-appse</nowiki>

'''Our Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Our Twitter URL:''' https://twitter.com/owasphyderabad

'''Our Telegram URL:''' https://goo.gl/EHqdLM

== Sept-2018 - One-Day Conference ==
'''Organized''' '''by''' : S&P Global and Ness

'''Date :''' 01/Sept/2018

'''Timings :''' 10.00 AM to 05.30 PM IST

'''Venue :''' @Ness Software Engineering Services India ,LLP, 4th Floor, Block 5, East Tower, '''North wing Divyasree NSL Infrastructure Pvt''', ,Sy No.66/1, Raidurgam Village, Serlingampally Mandal, RR Dist, Hyderabad-500032, Telangana, India

'''Registration Link:'''

https://www.meraevents.com/event/owasp-hyderabad-september-2018-chapter-meet?ucode=organizer

'''Agenda:'''
{| class="wikitable"
|'''Registration & Networking'''
|-
|Welcome and Overview by OWASP Core Team

Welcome note by S&P Global Team

Welcome & Overview of Meeting by OWASP Network Representative
|-
|'''Running Frida on jailed devices by using Frida and to bypass root/jailbreak detection – By Satish Kumar Patnayak'''

About Speaker : Information Security Consultant with 7+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. His areas of interest are android security, ios security
|-
|Refreshments / Tea Break
|-
|'''SSRF Exploit Development – By Aayush Deo'''

About Speaker : Good industry experience in information security and completed my BE from PUNE University. Have worked with shopclues.com, an eCommerce company in the past and have couple of Hall of Fame’s on ZETA, Paytm etc.
|-
|Networking Lunch
|-
|'''Mobile Vulnerabilities worth Millions - Pentesting and Securing iOS Apps using OWASP iGoat – By Swaroop Deepak Yermalkar'''

About Speaker : works as Sr Security Engineer with a diverse skill set focused on Mobile App Pentest, Web, API and AWS Pentesting. In addition he has authored the popular book “Learning iOS Pentesting” (<nowiki>https://goo.gl/T8jvjJ</nowiki>) and lead an open source project - OWASP iGoat (<nowiki>https://github.com/OWASP/iGoat-Swift</nowiki>) which is developed for mobile security. He is one of the top bug bounty researchers worldwide, working with Cobalt.io (<nowiki>https://app.cobalt.io/swaroopsy</nowiki>), Synack.inc.

He has given talks and workshops at many security conferences including AppSec USA 2017, BruCON, SEC-T, EuropeanSec, Hacks in Taiwan (HITCON), GroundZero, c0c0n, 0x90, GNUnify
|-
|'''OS Command Injection - Observation, Attack & Analysis (A1 - OWASP Top 10 2017) - By Bhaskar Puppala and Saikrishna Gobburi'''

About Speaker: Bhaskar Puppala is an Information Security Professional, working as a consultant for a fortune 500 company and has 8.5 years of experience. He is more interested in application security area and love to share his knowledge when possible. He also has some experience in bug bounty programs and listed on couple of Security Hall of Fames.

For more details please visit : <nowiki>https://in.linkedin.com/in/bhaskar-puppala-3bb11316</nowiki>

About Speaker: Saikrishna Gobburi has around 8.5 years of work experience on QA automation, performance and security testing .Currently he is working as Principal engineer with Pramati technologies. He is also associated as core member with OWASP-Hyderabad.

For more details please visit: <nowiki>https://www.linkedin.com/in/saikrishna-gobburi-b0088118/</nowiki>
|-
|Refreshments / Tea Break
|-
|Panel Discussion – Corporate attack methodology vs Attacks in the wild (Resource pool: Demand vs Supply)
Panel to be announced
|-
|Closing - Network Business / Announce Next Meeting – By OWASP Team
|-
|''Network Social''
|}
'''Sponsor :'''
{| class="wikitable"
![[File:Session_Photos.jpg|thumb|S and P]]
![[File:Session_Photos1.jpg|thumb|S and P]]
![[File:Session_Photos2.jpg|thumb|S and P]]
|} [[File:SP.png|frameless|168x168px]]
== July - 2018[edit | edit source] ==
'''Time & Venue:'''
[[File:July 2018 Core Team meet.jpg|thumb|July 2018 Core Team Meet]]
@28/July/2018

CCD, Banjara Hills, Hyderabad, Telangana.

'''Agenda:'''

1. Planning for Sep 2018 OWASP meet - '''Done'''

2. Telegraph Group Mentoring - '''Done'''

3. Speakers Finalizing - '''Done'''

'''Attendees : Hyderabad OWASP Core Team'''

[[File:CoMakeIT - June 2018 Meet Pic 2.jpg|thumb|CoMakeIT - June 2018 Meet]]

== June - 2018 ==
[[File:CoMakeIT - June 2018 Meet.jpg|alt=CoMakeIT - June 2018 Meet|thumb|CoMakeIT - June 2018 Meet]]
'''Venue: coMakeIT Software Pvt Ltd'''

Address: 7th Floor, Block-I, My Home Hub, Hitech City, Madhapur, Hyderabad, INDIA

'''Event Start Time:''' Saturday, 23rd June, 2018 at 10:00 AM (IST)

'''Event Registration URL''': https://tinyurl.com/yc9cb6hg

'''Agenda:'''

'''1) Adapting to DevSecOps in Agile World'''

In this talk, speaker will try talk about basics of DevSecOps and its benefits when we integrate it in Agile SDLC space.

'''2) Understanding the internals of 'Server-Side Request Forgery' (SSRF)'''

Here speaker will try to touch the basics about how application communicates with end devices and using the same he will try to explain SSRF issue and criticality of it, if exploited.

'''About Speakers:'''

'''1) Saikrishna Gobburi''' has around 8.5 years of work experience on QA automation, performance and security testing .Currently he is working as Principle engineer with Pramati technologies. He is also associated as core member with OWASP-Hyderabad. For more details please visit: <nowiki>https://www.linkedin.com/in/saikrishna-gobburi-b0088118/</nowiki>

'''2) Bhaskar Puppala''' is an Information Security Professional, working as a consultant for a fortune 500 company and has 8.5 years of experience. He is more interested in application security area and love to share his knowledge when possible. He also has some experience in bug bounty programs and listed on couple of Security Hall of Fames. For more details please visit : <nowiki>https://in.linkedin.com/in/bhaskar-puppala-3bb11316</nowiki>

'''Our Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Our Twitter URL:''' https://twitter.com/owasphyderabad

'''Our Telegram URL:''' https://goo.gl/EHqdLM

== Mar - 2018 ==
[[File:Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet.jpg|alt=Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet|thumb|Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet]]
'''Venue: Daspalla Hotel'''
[[File:Daspalla_Hotel_-_Meet.jpg|thumb|Daspalla Hotel Meet - Mar 2018]]

Address: Rd Number 37, CBI Colony, Jubilee Hills, Hyderabad, Telangana 500033, Phone: 040 6654 5678

'''Event Start Time:''' Saturday, 10th Mar, 2018 at 10:00 AM (IST)

'''Agenda:'''

'''1) Does your Pentesting cover all the basis of IT Security ?'''

This talk focuses on how to align the security validation of a web application with the three basic elements of security namely,Confidentiality,Integrity, and Availability (CIA). The test effectiveness can be achieved by analyzing the requirements of each element and identifying the potential breaches that can compromise each element. The efficiency should be built by relating these breaches with the known OWASP Top 10 and other vulnerabilities and, leveraging that knowledge to identify the testing approach - static and dynamic throughout the SDLC.

'''About Speakers:'''

'''Bhushan Gupta''' has over 30 years of experience in software engineering, 23 of which have been in the software industry. Although recognized for his contributions in the areas of software engineering such as agile processes and quality methods and metrics, Bhushan has taken a vigorous interest in web application security and is keen on applying pragmatic software development practices that yield a secure product. He is one of the leaders of the OWASP Portland Chapter. Bhushan has been a speaker, a panelist, and a reviewer for software quality and security organizations. As a change agent, Bhushan volunteers his time and energy for organizations that promote software security and quality. He has a MS degree in Computer Science from New Mexico Institute of Mining and Technology, Socorro, New Mexico, 1985.

'''Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Twitter URL:''' https://twitter.com/owasphyderabad

'''Telegram URL:''' https://goo.gl/EHqdLM

'''Registration URL:''' https://goo.gl/tEXnec

== Feb-2018 ==

=== '''Venue: coMakeIT''' ===
7th Floor, Block-I, My Home Hub, Hitech City, Madhapur, Hyderabad, INDIA

'''Time:''' Saturday, 03rd Feb, 2018 at 10:30 AM (IST)

'''Agenda:'''

1) Mobile Application Pentest & Mobile Application Ransomware

2) Using Static Analyser tools while coding

'''About Speakers:'''

1) '''Spv Reddy''' is an Application Security Analyst at '''IMImobile Pvt Ltd''', member of '''National Technical Committee Member''' at National Cyber Safety and Security Standards

Also a '''Steering Committee Lead''' Member in National Information Security Summit.

2) '''Dathu Rachapudi''' is having 9 years of experience with 6+ years into Application Security only. He is currently working with '''ValueLabs''' as a “Technical Lead-Security”

He likes to teach and a happy a bug hunter during his leisure time.

== Dec-2017 ==
[[File:WhatsApp Image 2017-12-15 at 11.09.39 PM.jpg|thumb]]
'''Time & Venue:'''

@15/Dec/2017

KFC location, Shilparamam, Hi-Tech city, Hyderabad

'''Agenda:'''

1. Planning for Jan 20th 2018 general OWASP meet - '''Done'''

2. Need to clear OWASP mail account - '''Done'''

'''Attendees : Hyderabad OWASP Core Team'''

== Sec-2017 ==
[[File:WhatsApp Image 2017-12-15 at 10.13.27 PM.jpg|thumb]]
'''Time & Venue:'''

@03/Sep/2017

Cafe Coffee day, Road Number 10, Banjara Hills, Hyderabad

'''Below decisions were made after careful discussions'''

1. Uploading of OWASP presentation template, speakers should make use of this template to prepare their presentation

2. Recording the technical demo is mandate for presenters

'''Attendees : Hyderabad OWASP Core Team'''

== July 2017 ==
'''Time & Venue:'''

OpenText Technologies, Building No-14, 3rd Floor, Raheja Mindspace, HITEH City, Hyderabad

Saturday, July 15th, 2017 at 10:30 AM (IST)

'''Agenda:'''

1. Introduction to DevOps and its Tools - Krishna Reddy Pedala

2. API Security Auditing using RESTED Plug-in - Vikas Kumar Pal

'''About the speaker:'''

'''Krishna Reddy Pedala''' is currently working as an Sr.Information Security consultant in financial sector. His previous endeavour was with Microsoft and has 9+ years of experience in Information security domain with expertise in service industry and banking domains.

'''Vikas Kumar Pal''' is an information security professional working with Ceredox Technologies Pvt Ltd, Hyderabad with an interest in research and development in the areas of Application Security, Penetration Testing and Web Application Development.

== Feb 2017 ==

'''Time & Venue:'''

Starbucks, Opp: Cybergateway, HiTech City, Hyderbad

Monday, February 20th, 2017 at 7.30 PM (IST)

'''Agenda:'''

Topic: New Core Team Meeting

Road map for year 2017

Changes in core team members responsibilities

Getting OWASP accounts for core members

Administration of all social accounts of OWASP Hyderabad Chapter

== April 2016 ==
'''Time & Venue:'''

OpenText Technologies, Building No-14, 3rd Floor, Raheja Mindspace, HITEH City, Hyderabad

Saturday, April 2nd, 2016 at 10:30 AM (IST)

'''Agenda:'''

Topic: Mobile application security and testing by Satish Kumar Patnaik

About the speaker - Satish Kumar Patnayak : he is currently working as an Senior Information Security Consultant financial sector and has 5+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. His areas of interest are android security, ios security.

==February 2016==

'''Time & Venue:'''

Saturday, February 27th, 2016 at 10:30 AM (IST)

Location: Pramati Technologies Private Limited, Mid Town 6-3-348 Road No. 1, Banjara Hills, Hyderabad, Telangana, India

'''Agenda:'''

Microsoft Threat Modeling Tool 2016 by Krishna Reddy Padala

Creating DFD STRIDE Model Identifying STRIDE Threats by DFD, Mitigation Techniques and Technologies

'''About the speaker:''' Krishna Reddy Padala, he is currently working as an Senior Information Security Consultant financial sectore and worked with Microsoft and has 8+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. QUALYS GUARD Certified Vulnerability Management Specialist.Certified Ethical Hacker from EC Council.Worked extensively on Web Application Security, Secure Code Reviews in Banking & Financial, Healthcare, Retail, Logistics domains.

== '''Previous Meets:''' ==

==May 11, 2013==

'''Venue:'''

CA Technologies, 115, IT Park Area, Nanakramguda, Gachibowli - (Phone - 040 6687 8000), Hyderabad

'''Agenda:''' Exploiting Java 0-day by Ravindra and Raghuveer, CA Technologies Compliance and Governance by Shalem Raj, Cognizant.

==February 9, 2013==

'''Date & Time: Saturday, February 9, 2013 from 10:00 AM to 1:00 PM '''

'''Venue:'''
CA Technologies 
115, IT Park Area 
Nanakramguda, Gachibowli - (Phone - 040 6687 8000) 
Hyderabad

'''Agenda:'''
IBM Appscan - An automated approach to web app security by Rohit Tamma 
Insecure Storage in iPhone applications by Satish Bommisetty

''' Speakers: '''

'''Rohit Tamma'''
Rohit Tamma has been working in the field of Application Security since 3.5 years. He has experience in Vulnerability Assessments and Penetration Testing of web applications. He is passionate about Mobile security with special interest in Android security. He is currently working with ADP.

'''Satish Bommisetty'''
Satish is an Information Security Professional with 6.5 years of experience in penetration testing of web applications and mobile applications. He is currently working with ADP as a security analyst. He is a Facebook whitehat. He also reported vulnerabilities in Bing, Linkedin and Paypal.

== October 27, 2012 ==

'''Date & Time: Saturday, October 27, 2012 at 11:00 AM (IST) '''.

'''Venue:'''

Invesco private Limited 
15th Floor , North Block, Beside Raidurg Police Station 
DivyaSree Orion SEZ 
Hyderabad, Andhra Pradesh 500032 

'''Agenda:'''

A bird'd eye view of securing Web Applications by Imran Mohammed

SSDLC BSIMM by M S Sripathi

''' Speakers '''

'''Imran Mohammed'''

Mohammed Imran works as Researcher at TCS, Innovation Labs. He also leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Imran is a CEH and his interests include application security assessment, penetration testing and secure code review. When not at work he practices horse riding and marksmanship.

'''Sreepati M S '''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him .

'''Sponsor'''

Invesco Pvt Ltd

== August 11, 2012 ==

'''Date & Time: Saturday, Aug 11, 2012 at 10:30 AM '''.

'''Venue:'''

ADP pvt ltd 
Kothaguda 
Ground floor, Block C Laxmi cyber city Opposite TCS e-park 
Hyderabad, Andhra Pradesh 500081 

'''Agenda:'''

HTML5 Security Part II by Krishna Chaitanya

''' Speakers '''

'''Krishna Chaitanya T'''

Krishna Chaitanya T is a web geek working at Security & Privacy Research Lab, Infosys Labs. He is very much passionate about the web with special interest on Web security and areas such as HTML5, JavaScript, Web browsers, social networking platforms etc. He is a regular blogger and speaker at technical events. For his contributions to technical communities, he has been awarded Microsoft MVP award for 3 consecutive years-ASP.NET MVP(2010) and Internet Explorer MVP (2011, 2012). He is also pursuing M.S by Research at IIIT-Hyd with focus on security aspects of the modern web. When not at work he practices Yoga and plays Chess.

'''Sponsor'''

https://www.owasp.org/images/9/91/Adp.jpg

== May 19, 2012 ==

'''Date & Time: Saturday, May 19, 2012 at 10:30 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

HTML5 Security by Krishna Chaitanya

''' Speakers '''

'''Krishna Chaitanya T'''

Krishna Chaitanya T is a web geek working at Security & Privacy Research Lab, Infosys Labs. He is very much passionate about the web with special interest on Web security and areas such as HTML5, JavaScript, Web browsers, social networking platforms etc. He is a regular blogger and speaker at technical events. For his contributions to technical communities, he has been awarded Microsoft MVP award for 3 consecutive years-ASP.NET MVP(2010) and Internet Explorer MVP (2011, 2012). He is also pursuing M.S by Research at IIIT-Hyd with focus on security aspects of the modern web. When not at work he practices Yoga and plays Chess.

== February 25, 2012 ==

'''Date & Time: Saturday, February 25, 2012 at 11:00 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

How to find zero days in web applications by Imran & Raghunath

''' Speakers '''

'''Mohammed Imran'''

Imran works as Application Security Researcher at Tata consultancy services,leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Apart from his day job he contributes to matriux and Fedora open source projects. Imran is a CEH and his interests include application security assessment, penetration testing and code review.

'''Raghunath'''

Raghunath works as a senior security engineer at entersoft information systems private limited. His interests include web application penetration testing.

== December 17, 2011 ==

'''Date & Time: Saturday, at 10:30 AM '''.

'''Venue: '''

Hotel Sitara Grand 
Road No.12, Road No.12, Banjara Hills 
Hyderabad, Andhra Pradesh 500034, India 

'''Agenda:'''

Cloud Security by Arshad Noor

''' Speakers '''

'''Arshad Noor'''
Chief Technology Officer
StrongAuth, Inc., Sunnyvale, California

Started his great profession as a senior systems designer way back in 1986 at Port Authority of Newyork and New Jersey,- Newyork and worked in Citibank - newyork as Vice President apart from Newyork Life Insurance, BASF Corporation, Sun IT ,Sun Microsystems, INC to name.
Architected and built several Public Key Infrastructure (PKI) assignments for several defense, communication, medical, Banking, e-commerce, life sciences and other industries.

== November 12, 2011==

'''Date & Time: Saturday, at 10:30 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

HP WebInspect by Rohit Tamma

Pentesting Iphone Applications By B Satish

''' Speakers '''

'''Rohit Tamma'''

Rohit Tamma (CEH) has been working as a Application security Analyst in TCS from past 2 years. His job responsibilities include Vulnerability Assessment and Penetration Testing which enabled him to acquire extensive knowledge on HP WebInspect,IBM Rational Appscan Source Edition and HP Assessment Management Platform. Recently he also gave a presentation in Null Hyderabad meet on HP WebInspect.

'''Satish B'''

Satish has been working as a web application penetration tester since 5 years. Pentested over 200 web applications during this period. Recently he got involved in reverse engineering of binaries, WLAN security and mobile application hacking. He also Performed a couple of network assessments and source code reviews. Developed a compiler in the early stage of the career. He has a Bachelor’s Degree in Computer Science from JNTU, Hyderabad.Passionate about hacking and sharing knowledge.

== 20th August 2011 ==

'''Date & Time: Saturady, at 11 AM '''

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

Oracle Padding Attack by B. Satish

Open SAM part II by Sripati MS

''' Speakers '''

'''B Satish'''

I have been working as a web application penetration tester since 5 years. Pentested over 200 web applications during this period. Recently got involved in reverse engineering of binaries, WLAN security and mobile application hacking. Performed a couple of network assessments and source code reviews. Developed a compiler in the early stage of the career. I have a Bachelor’s Degree in Computer Science from JNTU, Hyderabad. Passionate about hacking and sharing knowledge

'''Sreepati M S'''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him

== July 2011 ==

'''Date: 23/07/2011 saturady of at 12:00 Noon '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

Presentation on Burp Suite by Omair Seminar on Open SAM by Sreepati

''' Speakers '''

'''Sreepati M S '''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him

 

'''Omair '''

Omair works as penetration tester in NII consulting, has over 5 years of experience in Penetration testing. His interests include Network Penetration testing, Exploit generation and Reverse engineering

 ''' Facility Sponsor & Refreshment sponsor'''

3i Infotech

[[Image:3i Infotech.png]]

 

== june 2011 ==

'''Meet on:''' 11/06/2011 saturday

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Facility Sponsor & Refreshment sponsor''' 

Cognizant Technology Solutions

 

[[Image:Cognizant.png|273x86px|Cognizant.png]]

 

== May 2011 ==

'''Meet on:''' 07/05/2011 saturday

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

XSS Autopsy and w3af by Imran

''' Speakers '''

'''Mohammed Imran'''

Imran works as Application Security Researcher at Tata consultancy services,leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Apart from his day job he contributes to matriux and Fedora open source projects. Imran is a CEH and his interests include application security assessment, penetration testing and code review.

'''Sponsor''' 

Cognizant Technology Solutions

 

==== Audio/Video/Slides Archive ====

<paypal>Hyderabad</paypal>

__NOTOC__ <headertabs></headertabs>

[[Category:OWASP_Chapter]]
[[Category:Asia/Pacific/Middle East]]
[[Category:India]]
[[Category:Hyderabad]]

Hyderabad

2019-11-14T05:58:03Z

Raj Shalem: /* Aug - 2019 - One-Day Conference */

Welcome to the OWASP Hyderabad chapter homepage.

== OWASP - Hyderabad Chapter Board Members ==
Scope of the board is to discuss and approve local activities, meetings and plans.The board meetings will be announced at a later date. 

'''The board currently includes the following members :'''
* '''OWASP Hyderabad chapter: 'Core Team'''' (Members since 2017) [mailto:gshalemraj@gmail.com Shalem Raj - Cognizant Technology Solutions] : Chapter Leader [mailto:rajesh.gopal@owasp.org Rajesh Gopal - Fortune 500 Organisation] [mailto:bhaskar.puppala@owasp.org Bhaskar Puppala - Fortune 500 Organisation] [mailto:sathya.achanta@owasp.org Achanta Sathya Phani Bapi Raju - CSC] [mailto:saikrishna.gobburi@owasp.org Saikrishna Gobburi - Pramati Technologies Pvt Ltd] 
* '''OWASP Hyderabad chapter: 'Advisory Group'''' (Members since Mar-2019)
# Vasudeva Aremanda - Genpact
# Riyaz Shaik - FX Labs
# Krishna Chaitanya Suraparaju - Cycops (Founder)
Information about future meets can be seen in the '''''Upcoming Meetings''''' section below.

== '''Location Details''' ==

Hyderabad is the capital of southern India's Telangana state. A major center for the technology industry, it's home to many upscale restaurants and shops. Its historic sites include Golconda Fort, a former diamond-trading center that was once the Qutb Shahi dynastic capital. The Charminar, a 16th-century mosque whose 4 arches support towering minarets, is an old city landmark near the long-standing Laad Bazaar.

[[File:Hydskyline.jpg|Panorama of Hyderabad, as seen from the Hussain Sagar lake. Source: https://en.wikipedia.org/wiki/Hyderabad#/media/File:Hydskyline.jpg|center|1150x1150px]]

More details about Hyderabad location available @https://en.wikipedia.org/wiki/Hyderabad<nowiki/>{{Chapter Template|chaptername=Hyderabad|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-hyderabad|emailarchives=http://lists.owasp.org/pipermail/owasp-hyderabad}}
== Participants ==

OWASP Local Chapter meetings are free and open. Our chapter's meetings are informal and encourage open discussion of all aspects of application security. Anyone in our area interested in web application security is welcome to attend. We encourage attendees to give short presentations about specific topics.

 Stay Updated

'''[https://lists.owasp.org/mailman/listinfo/owasp-hyderabad Click here to join the local chapter mailing list]'''

'''Follow''' OWASP Hyderabad on your favorite social media sites:

[[Image:Twitter mini.png|link=http://twitter.com/OWASPHyderabad]] [[Image:Facebook mini.png|link=https://www.facebook.com/pages/Owasp-Hyderabad/181569591897591]]

'''Share''' OWASP Hyderabad on your favorite social media sites:

Presentations are invited from speakers, Please contacts us at our Telegram Group @https://goo.gl/EHqdLM

(Don't share personal details like contact numbers here, because its an open group, your privacy is our concern)

Presenters are encouraged to use OWASP presentation template for slides preparation.

Follow us at our Telegram, Twitter and Facebook handles to get latest information !

== Presentations and Training[edit | edit source] ==
OWASP Track

[https://www.owasp.org/index.php/Speaker_Agreement Speaker Agreement]

[https://www.owasp.org/images/b/b3/OWASP_Presentation_Template_v2.zip Presentation Template]

[https://www.owasp.org/index.php/Image:CFP_template.doc Call For Papers Template]

[https://www.owasp.org/images/8/85/OWASP_CFT_Template-1-.doc Call For Training proposal template].

[http://www.owasp.org/images/4/4b/SAMPLE_Training_Instructor_Agreement.doc Training Instructor Agreement]

== '''Upcoming Meetings & Events''' ==
''Stay tuned for 2019 updates - Exciting activities are under plan !''

== [[Meeting]] Details: ==

== Nov - 2019 - One-Day Conference ==
'''Organized''' '''by''' : Broadridge Financial Solutions (India) Private Limited

Registration link: https://www.meraevents.com/previewevent?view=preview&eventId=218015
[[File:Nov-2019 Details.jpg|alt=Nov-2019 Conference Details|Nov-2019 Conference Details|center|1280x1280px]]

== Aug - 2019 - One-Day Conference ==
'''Organized''' '''by''' : Broadridge Financial Solutions (India) Private Limited

'''Date :''' '''31/Aug/2019'''

'''Timings :''' 9.00 AM Registration starts

'''Event :''' 10.00 AM to 06.00 PM IST

'''Venue :''' '''Broadridge Financial Solutions (India) Private Limited''', Adjacent to Cyber Towers, Hi-Tec City, Madhapur | Hyderabad 500081 Telangana

'''Registration Link:''' https://www.meraevents.com/event/owasp-hyderabad-august-meet-2019
{| class="wikitable"
|'''Registration & Networking'''
|-
|Welcome and Overview by OWASP Core Team : Welcome note by Broadridge Team
|-
|'''Azure Secure Devops Kit (AzSK)''' – By Sartaj Shaik : Sartaj is pen-tester and Security adviser with 6 + years of experience in Bug bounty and Security adviser associated with HCL and Aveva. A motivational speaker and MCU enthusiast (Inspired by Iron Man)
|-
|Refreshments / Tea Break
|-
|'''IOT (Internet of Things) Security (WiFi and Bluetooth hooks)''' – By Satish Rao : Satish Rao is an IoT Enthusiast , He have M.Tech in Computer Science and working in Oracle India Pvt Ltd in the role of Security Program Manager , having 14 years of Software Industry Experience. Linkendin : <nowiki>https://www.linkedin.com/in/satishraop/</nowiki>
|-
|'''Secure Code Review''' – By Raghav : Raghav has over 11 years of experience in Development and Application Security. In his current role at Broadridge he has been involved in vulnerability assessments, secure code reviews, design reviews, providing remediation support and mentoring. He also conducted several security awareness sessions to the development community.
|-
|'''Networking Lunch'''
|-
|'''AndroGoat in Kotlin (A damn vulnerable mobile App)''' – By Satish Patnayak : 9 years of broad industry experience , Information Security Consultant , researcher , Bug bounty hunter and blogger. AndroGoat is developed by Satish and dedicated the app to OWASP. Twitter : @satish_patnayak
|-
|'''Refreshments / Tea Break'''
|-
|'''Third Party Libraries - Impact and Analysis''' By Niranjan T, Sarwar J
Speakers Profile:
a) Niranjan T, is working as a Technology Lead at Broadridge, with 7 years of experience in multiple security domains such as Application Security, Infrastructure Security, Mobile Security etc.
b) Sarwar J, is working as a Senior Product Security Analyst at Broadridge, who is passionate about learning and sharing knowledge with the AppSec community.
|-
|'''Vote of Thanks'''

Closing: Network Business / Announce Next Meeting – By OWASP Team
|-
|Meeting Concludes: ''Network Social''
|}

== Mar - 2019 - One-Day Conference ==
'''Organized''' '''by''' : S&P Global

'''Date :''' '''09/Mar/2019'''

'''Timings :''' 9.00 AM Registration starts

'''Event :''' 10.00 AM to 06.00 PM IST

'''Venue :''' @Ness Software Engineering Services India ,LLP, '''4th Floor, Block 5, East Tower,''' '''North wing Divyasree NSL Infrastructure Pvt''', ,Sy No.66/1, Raidurgam Village, Serlingampally Mandal, RR Dist, Hyderabad-500032, Telangana, India

'''Registration Link:''' https://www.meraevents.com/event/owasp-hyderabad-chapter-march-2019-oneday-meet-by-sandp-global
{| class="wikitable"
|'''Registration & Networking'''
|-
|Welcome and Overview by OWASP Core Team:

''Felicitation to Guest of Honor: '''G Janaki Sharmila''' - Dy. Commissioner of Police - Crime''

http://www.cyberabadpolice.gov.in/crime-wing/dcp-crimes.html

''Welcome note by S&P Global Team''
|-
|'''Authentication in API, Microservices Architecture''' '''and Cloud Security''' – By ''Varun Kumar Srivastava'':

Varun is principal Engineer with 9 + years of experience in developing and securing web applications and expertise in Application Security, Identity and Access management, He is a computer science graduate from IIT
|-
|Refreshments / Tea Break
|-
|'''''Panel Discussion''''' ''(Cybersecurity Readiness – Maturity and Capability)''

Dr. Bheemarjuna Reddy Tamma - Associate Professor, IIT Hyderabad - https://www.iith.ac.in/~tbr/

Dr. V. Radha, Associate Professor, Institute for Development and Research in Banking Technology (IDRBT) - http://idrbt.ac.in/vradha.html

Mr. Veeraindhra Dinker, Director Information Security at GSS Infotech Hyderabad - https://www.linkedin.com/in/vdinker

Mr. Venu Rao , Founder and CEO - We Secure App - https://www.linkedin.com/in/venu-rao-wsa
|-
|'''Networking Lunch -'''

'''Registrations for Onsite Hackathon by Secure Code Warrior'''
|-
|'''Executive Briefing: Secure Software Development''' – By Satish Kumar Vadlakonda: Satish is Associate Director with 12 + years of broad industry experience in to software design, architecture and development. Specialized in Web and Windows applications development with a strong acquaintance to the best practices of Agile, UX, UI and Information security
|-
|'''An Introduction to IOT firmware analysis and Security''' – By ''Vivek Rengarajan:''

Vivek is a cybersecurity team leader in a multinational bank with almost 18 years of experience. He has held varied roles in his career and has been a cyber security enthusiast for a long time. His areas of interest include mobile and ioT security, Malware analysis and reverse engineering and exploit development. He tweets at @vivek_310
|-
|Refreshments / Tea Break
|-
|'''''Onsite Hackathon (CTF) by''''' '''''Secure Code Warrior''': '''(3 Hours)'''''[[File:SCW LOGO.png|thumb]]

''Secure Code Warrior is a global security company that makes software development better and more secure: Gamified competitive Developer Quality Assurance platform''

https://securecodewarrior.com , https://insights.securecodewarrior.com

'''Announcement of the winners and Prize distribution:'''

'''The participants can form a group up to 3 members each or can participate individually'''

Watch as you climb to the top of the leaderboard and be crowned the ‘Secure Code Warrior.’ We are giving away prizes:

The following are prizes :

· 1st - 3x t-shirt, Rs. 3001 Amazon voucher each from '''SCW''' and 9000 Amazon gift card from '''S&P Global'''

· 2nd - 3x t-shirt from '''SCW''' – 5000 Amazon gift card from '''S&P Global'''

· 3rd - 3x t-shirt from '''SCW''' – 3000 Amazon gift card from '''S&P Global'''
|-
|'''Vote of Thanks'''

Closing: Network Business / Announce Next Meeting – By OWASP Team
|-
|Meeting Concludes: ''Network Social''
|}

== Dec - 2018 ==
[[File:Session Photo.jpg|thumb]]
[[File:Group Photo.jpg|thumb]]
'''Organized''' '''by''' : ThoughtWorks Technologies Private Limited

'''Date :''' 15/Dec/2018

'''Timings :''' 10.00 AM to 1.00 PM IST

'''Venue :''' ThoughtWorks Technologies Private Limited, Hyderabad, Telangana, India

'''Registration Link:''' https://www.eventbrite.com/e/owasp-hyderabad-december-2018-chapter-meet-tickets-53371662078#

'''Agenda:'''

'''1) All about Java Deserialization Vulnerability'''

Java Deserialization of untrusted data has been a security buzzword for the past couple of years with almost every application using native Java serialization framework being vulnerable to Java deserialization attacks. Since it's inception, there have been many scattered attempts to come up with a solution to best address this flaw. In this talk we will focus on Java deserialization vulnerability and mitigation framework provided by Oracle in its latest JDK.

'''About Speakers:''' Venkata Suresh Sanga is a Principle Security Engineer in Oracle having more than 13+ years of experience in Application Development and Security. Currently working on SAST Tools to remediate or mitigate the Application Vulnerabilities. He has Masters in Computer Science (M.Tech) from Andhra University. Linkedin : <nowiki>https://in.linkedin.com/in/svsuresh-appse</nowiki>

'''Our Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Our Twitter URL:''' https://twitter.com/owasphyderabad

'''Our Telegram URL:''' https://goo.gl/EHqdLM

== Sept-2018 - One-Day Conference ==
'''Organized''' '''by''' : S&P Global and Ness

'''Date :''' 01/Sept/2018

'''Timings :''' 10.00 AM to 05.30 PM IST

'''Venue :''' @Ness Software Engineering Services India ,LLP, 4th Floor, Block 5, East Tower, '''North wing Divyasree NSL Infrastructure Pvt''', ,Sy No.66/1, Raidurgam Village, Serlingampally Mandal, RR Dist, Hyderabad-500032, Telangana, India

'''Registration Link:'''

https://www.meraevents.com/event/owasp-hyderabad-september-2018-chapter-meet?ucode=organizer

'''Agenda:'''
{| class="wikitable"
|'''Registration & Networking'''
|-
|Welcome and Overview by OWASP Core Team

Welcome note by S&P Global Team

Welcome & Overview of Meeting by OWASP Network Representative
|-
|'''Running Frida on jailed devices by using Frida and to bypass root/jailbreak detection – By Satish Kumar Patnayak'''

About Speaker : Information Security Consultant with 7+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. His areas of interest are android security, ios security
|-
|Refreshments / Tea Break
|-
|'''SSRF Exploit Development – By Aayush Deo'''

About Speaker : Good industry experience in information security and completed my BE from PUNE University. Have worked with shopclues.com, an eCommerce company in the past and have couple of Hall of Fame’s on ZETA, Paytm etc.
|-
|Networking Lunch
|-
|'''Mobile Vulnerabilities worth Millions - Pentesting and Securing iOS Apps using OWASP iGoat – By Swaroop Deepak Yermalkar'''

About Speaker : works as Sr Security Engineer with a diverse skill set focused on Mobile App Pentest, Web, API and AWS Pentesting. In addition he has authored the popular book “Learning iOS Pentesting” (<nowiki>https://goo.gl/T8jvjJ</nowiki>) and lead an open source project - OWASP iGoat (<nowiki>https://github.com/OWASP/iGoat-Swift</nowiki>) which is developed for mobile security. He is one of the top bug bounty researchers worldwide, working with Cobalt.io (<nowiki>https://app.cobalt.io/swaroopsy</nowiki>), Synack.inc.

He has given talks and workshops at many security conferences including AppSec USA 2017, BruCON, SEC-T, EuropeanSec, Hacks in Taiwan (HITCON), GroundZero, c0c0n, 0x90, GNUnify
|-
|'''OS Command Injection - Observation, Attack & Analysis (A1 - OWASP Top 10 2017) - By Bhaskar Puppala and Saikrishna Gobburi'''

About Speaker: Bhaskar Puppala is an Information Security Professional, working as a consultant for a fortune 500 company and has 8.5 years of experience. He is more interested in application security area and love to share his knowledge when possible. He also has some experience in bug bounty programs and listed on couple of Security Hall of Fames.

For more details please visit : <nowiki>https://in.linkedin.com/in/bhaskar-puppala-3bb11316</nowiki>

About Speaker: Saikrishna Gobburi has around 8.5 years of work experience on QA automation, performance and security testing .Currently he is working as Principal engineer with Pramati technologies. He is also associated as core member with OWASP-Hyderabad.

For more details please visit: <nowiki>https://www.linkedin.com/in/saikrishna-gobburi-b0088118/</nowiki>
|-
|Refreshments / Tea Break
|-
|Panel Discussion – Corporate attack methodology vs Attacks in the wild (Resource pool: Demand vs Supply)
Panel to be announced
|-
|Closing - Network Business / Announce Next Meeting – By OWASP Team
|-
|''Network Social''
|}
'''Sponsor :'''
{| class="wikitable"
![[File:Session_Photos.jpg|thumb|S and P]]
![[File:Session_Photos1.jpg|thumb|S and P]]
![[File:Session_Photos2.jpg|thumb|S and P]]
|} [[File:SP.png|frameless|168x168px]]
== July - 2018[edit | edit source] ==
'''Time & Venue:'''
[[File:July 2018 Core Team meet.jpg|thumb|July 2018 Core Team Meet]]
@28/July/2018

CCD, Banjara Hills, Hyderabad, Telangana.

'''Agenda:'''

1. Planning for Sep 2018 OWASP meet - '''Done'''

2. Telegraph Group Mentoring - '''Done'''

3. Speakers Finalizing - '''Done'''

'''Attendees : Hyderabad OWASP Core Team'''

[[File:CoMakeIT - June 2018 Meet Pic 2.jpg|thumb|CoMakeIT - June 2018 Meet]]

== June - 2018 ==
[[File:CoMakeIT - June 2018 Meet.jpg|alt=CoMakeIT - June 2018 Meet|thumb|CoMakeIT - June 2018 Meet]]
'''Venue: coMakeIT Software Pvt Ltd'''

Address: 7th Floor, Block-I, My Home Hub, Hitech City, Madhapur, Hyderabad, INDIA

'''Event Start Time:''' Saturday, 23rd June, 2018 at 10:00 AM (IST)

'''Event Registration URL''': https://tinyurl.com/yc9cb6hg

'''Agenda:'''

'''1) Adapting to DevSecOps in Agile World'''

In this talk, speaker will try talk about basics of DevSecOps and its benefits when we integrate it in Agile SDLC space.

'''2) Understanding the internals of 'Server-Side Request Forgery' (SSRF)'''

Here speaker will try to touch the basics about how application communicates with end devices and using the same he will try to explain SSRF issue and criticality of it, if exploited.

'''About Speakers:'''

'''1) Saikrishna Gobburi''' has around 8.5 years of work experience on QA automation, performance and security testing .Currently he is working as Principle engineer with Pramati technologies. He is also associated as core member with OWASP-Hyderabad. For more details please visit: <nowiki>https://www.linkedin.com/in/saikrishna-gobburi-b0088118/</nowiki>

'''2) Bhaskar Puppala''' is an Information Security Professional, working as a consultant for a fortune 500 company and has 8.5 years of experience. He is more interested in application security area and love to share his knowledge when possible. He also has some experience in bug bounty programs and listed on couple of Security Hall of Fames. For more details please visit : <nowiki>https://in.linkedin.com/in/bhaskar-puppala-3bb11316</nowiki>

'''Our Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Our Twitter URL:''' https://twitter.com/owasphyderabad

'''Our Telegram URL:''' https://goo.gl/EHqdLM

== Mar - 2018 ==
[[File:Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet.jpg|alt=Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet|thumb|Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet]]
'''Venue: Daspalla Hotel'''
[[File:Daspalla_Hotel_-_Meet.jpg|thumb|Daspalla Hotel Meet - Mar 2018]]

Address: Rd Number 37, CBI Colony, Jubilee Hills, Hyderabad, Telangana 500033, Phone: 040 6654 5678

'''Event Start Time:''' Saturday, 10th Mar, 2018 at 10:00 AM (IST)

'''Agenda:'''

'''1) Does your Pentesting cover all the basis of IT Security ?'''

This talk focuses on how to align the security validation of a web application with the three basic elements of security namely,Confidentiality,Integrity, and Availability (CIA). The test effectiveness can be achieved by analyzing the requirements of each element and identifying the potential breaches that can compromise each element. The efficiency should be built by relating these breaches with the known OWASP Top 10 and other vulnerabilities and, leveraging that knowledge to identify the testing approach - static and dynamic throughout the SDLC.

'''About Speakers:'''

'''Bhushan Gupta''' has over 30 years of experience in software engineering, 23 of which have been in the software industry. Although recognized for his contributions in the areas of software engineering such as agile processes and quality methods and metrics, Bhushan has taken a vigorous interest in web application security and is keen on applying pragmatic software development practices that yield a secure product. He is one of the leaders of the OWASP Portland Chapter. Bhushan has been a speaker, a panelist, and a reviewer for software quality and security organizations. As a change agent, Bhushan volunteers his time and energy for organizations that promote software security and quality. He has a MS degree in Computer Science from New Mexico Institute of Mining and Technology, Socorro, New Mexico, 1985.

'''Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Twitter URL:''' https://twitter.com/owasphyderabad

'''Telegram URL:''' https://goo.gl/EHqdLM

'''Registration URL:''' https://goo.gl/tEXnec

== Feb-2018 ==

=== '''Venue: coMakeIT''' ===
7th Floor, Block-I, My Home Hub, Hitech City, Madhapur, Hyderabad, INDIA

'''Time:''' Saturday, 03rd Feb, 2018 at 10:30 AM (IST)

'''Agenda:'''

1) Mobile Application Pentest & Mobile Application Ransomware

2) Using Static Analyser tools while coding

'''About Speakers:'''

1) '''Spv Reddy''' is an Application Security Analyst at '''IMImobile Pvt Ltd''', member of '''National Technical Committee Member''' at National Cyber Safety and Security Standards

Also a '''Steering Committee Lead''' Member in National Information Security Summit.

2) '''Dathu Rachapudi''' is having 9 years of experience with 6+ years into Application Security only. He is currently working with '''ValueLabs''' as a “Technical Lead-Security”

He likes to teach and a happy a bug hunter during his leisure time.

== Dec-2017 ==
[[File:WhatsApp Image 2017-12-15 at 11.09.39 PM.jpg|thumb]]
'''Time & Venue:'''

@15/Dec/2017

KFC location, Shilparamam, Hi-Tech city, Hyderabad

'''Agenda:'''

1. Planning for Jan 20th 2018 general OWASP meet - '''Done'''

2. Need to clear OWASP mail account - '''Done'''

'''Attendees : Hyderabad OWASP Core Team'''

== Sec-2017 ==
[[File:WhatsApp Image 2017-12-15 at 10.13.27 PM.jpg|thumb]]
'''Time & Venue:'''

@03/Sep/2017

Cafe Coffee day, Road Number 10, Banjara Hills, Hyderabad

'''Below decisions were made after careful discussions'''

1. Uploading of OWASP presentation template, speakers should make use of this template to prepare their presentation

2. Recording the technical demo is mandate for presenters

'''Attendees : Hyderabad OWASP Core Team'''

== July 2017 ==
'''Time & Venue:'''

OpenText Technologies, Building No-14, 3rd Floor, Raheja Mindspace, HITEH City, Hyderabad

Saturday, July 15th, 2017 at 10:30 AM (IST)

'''Agenda:'''

1. Introduction to DevOps and its Tools - Krishna Reddy Pedala

2. API Security Auditing using RESTED Plug-in - Vikas Kumar Pal

'''About the speaker:'''

'''Krishna Reddy Pedala''' is currently working as an Sr.Information Security consultant in financial sector. His previous endeavour was with Microsoft and has 9+ years of experience in Information security domain with expertise in service industry and banking domains.

'''Vikas Kumar Pal''' is an information security professional working with Ceredox Technologies Pvt Ltd, Hyderabad with an interest in research and development in the areas of Application Security, Penetration Testing and Web Application Development.

== Feb 2017 ==

'''Time & Venue:'''

Starbucks, Opp: Cybergateway, HiTech City, Hyderbad

Monday, February 20th, 2017 at 7.30 PM (IST)

'''Agenda:'''

Topic: New Core Team Meeting

Road map for year 2017

Changes in core team members responsibilities

Getting OWASP accounts for core members

Administration of all social accounts of OWASP Hyderabad Chapter

== April 2016 ==
'''Time & Venue:'''

OpenText Technologies, Building No-14, 3rd Floor, Raheja Mindspace, HITEH City, Hyderabad

Saturday, April 2nd, 2016 at 10:30 AM (IST)

'''Agenda:'''

Topic: Mobile application security and testing by Satish Kumar Patnaik

About the speaker - Satish Kumar Patnayak : he is currently working as an Senior Information Security Consultant financial sector and has 5+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. His areas of interest are android security, ios security.

==February 2016==

'''Time & Venue:'''

Saturday, February 27th, 2016 at 10:30 AM (IST)

Location: Pramati Technologies Private Limited, Mid Town 6-3-348 Road No. 1, Banjara Hills, Hyderabad, Telangana, India

'''Agenda:'''

Microsoft Threat Modeling Tool 2016 by Krishna Reddy Padala

Creating DFD STRIDE Model Identifying STRIDE Threats by DFD, Mitigation Techniques and Technologies

'''About the speaker:''' Krishna Reddy Padala, he is currently working as an Senior Information Security Consultant financial sectore and worked with Microsoft and has 8+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. QUALYS GUARD Certified Vulnerability Management Specialist.Certified Ethical Hacker from EC Council.Worked extensively on Web Application Security, Secure Code Reviews in Banking & Financial, Healthcare, Retail, Logistics domains.

== '''Previous Meets:''' ==

==May 11, 2013==

'''Venue:'''

CA Technologies, 115, IT Park Area, Nanakramguda, Gachibowli - (Phone - 040 6687 8000), Hyderabad

'''Agenda:''' Exploiting Java 0-day by Ravindra and Raghuveer, CA Technologies Compliance and Governance by Shalem Raj, Cognizant.

==February 9, 2013==

'''Date & Time: Saturday, February 9, 2013 from 10:00 AM to 1:00 PM '''

'''Venue:'''
CA Technologies 
115, IT Park Area 
Nanakramguda, Gachibowli - (Phone - 040 6687 8000) 
Hyderabad

'''Agenda:'''
IBM Appscan - An automated approach to web app security by Rohit Tamma 
Insecure Storage in iPhone applications by Satish Bommisetty

''' Speakers: '''

'''Rohit Tamma'''
Rohit Tamma has been working in the field of Application Security since 3.5 years. He has experience in Vulnerability Assessments and Penetration Testing of web applications. He is passionate about Mobile security with special interest in Android security. He is currently working with ADP.

'''Satish Bommisetty'''
Satish is an Information Security Professional with 6.5 years of experience in penetration testing of web applications and mobile applications. He is currently working with ADP as a security analyst. He is a Facebook whitehat. He also reported vulnerabilities in Bing, Linkedin and Paypal.

== October 27, 2012 ==

'''Date & Time: Saturday, October 27, 2012 at 11:00 AM (IST) '''.

'''Venue:'''

Invesco private Limited 
15th Floor , North Block, Beside Raidurg Police Station 
DivyaSree Orion SEZ 
Hyderabad, Andhra Pradesh 500032 

'''Agenda:'''

A bird'd eye view of securing Web Applications by Imran Mohammed

SSDLC BSIMM by M S Sripathi

''' Speakers '''

'''Imran Mohammed'''

Mohammed Imran works as Researcher at TCS, Innovation Labs. He also leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Imran is a CEH and his interests include application security assessment, penetration testing and secure code review. When not at work he practices horse riding and marksmanship.

'''Sreepati M S '''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him .

'''Sponsor'''

Invesco Pvt Ltd

== August 11, 2012 ==

'''Date & Time: Saturday, Aug 11, 2012 at 10:30 AM '''.

'''Venue:'''

ADP pvt ltd 
Kothaguda 
Ground floor, Block C Laxmi cyber city Opposite TCS e-park 
Hyderabad, Andhra Pradesh 500081 

'''Agenda:'''

HTML5 Security Part II by Krishna Chaitanya

''' Speakers '''

'''Krishna Chaitanya T'''

Krishna Chaitanya T is a web geek working at Security & Privacy Research Lab, Infosys Labs. He is very much passionate about the web with special interest on Web security and areas such as HTML5, JavaScript, Web browsers, social networking platforms etc. He is a regular blogger and speaker at technical events. For his contributions to technical communities, he has been awarded Microsoft MVP award for 3 consecutive years-ASP.NET MVP(2010) and Internet Explorer MVP (2011, 2012). He is also pursuing M.S by Research at IIIT-Hyd with focus on security aspects of the modern web. When not at work he practices Yoga and plays Chess.

'''Sponsor'''

https://www.owasp.org/images/9/91/Adp.jpg

== May 19, 2012 ==

'''Date & Time: Saturday, May 19, 2012 at 10:30 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

HTML5 Security by Krishna Chaitanya

''' Speakers '''

'''Krishna Chaitanya T'''

Krishna Chaitanya T is a web geek working at Security & Privacy Research Lab, Infosys Labs. He is very much passionate about the web with special interest on Web security and areas such as HTML5, JavaScript, Web browsers, social networking platforms etc. He is a regular blogger and speaker at technical events. For his contributions to technical communities, he has been awarded Microsoft MVP award for 3 consecutive years-ASP.NET MVP(2010) and Internet Explorer MVP (2011, 2012). He is also pursuing M.S by Research at IIIT-Hyd with focus on security aspects of the modern web. When not at work he practices Yoga and plays Chess.

== February 25, 2012 ==

'''Date & Time: Saturday, February 25, 2012 at 11:00 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

How to find zero days in web applications by Imran & Raghunath

''' Speakers '''

'''Mohammed Imran'''

Imran works as Application Security Researcher at Tata consultancy services,leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Apart from his day job he contributes to matriux and Fedora open source projects. Imran is a CEH and his interests include application security assessment, penetration testing and code review.

'''Raghunath'''

Raghunath works as a senior security engineer at entersoft information systems private limited. His interests include web application penetration testing.

== December 17, 2011 ==

'''Date & Time: Saturday, at 10:30 AM '''.

'''Venue: '''

Hotel Sitara Grand 
Road No.12, Road No.12, Banjara Hills 
Hyderabad, Andhra Pradesh 500034, India 

'''Agenda:'''

Cloud Security by Arshad Noor

''' Speakers '''

'''Arshad Noor'''
Chief Technology Officer
StrongAuth, Inc., Sunnyvale, California

Started his great profession as a senior systems designer way back in 1986 at Port Authority of Newyork and New Jersey,- Newyork and worked in Citibank - newyork as Vice President apart from Newyork Life Insurance, BASF Corporation, Sun IT ,Sun Microsystems, INC to name.
Architected and built several Public Key Infrastructure (PKI) assignments for several defense, communication, medical, Banking, e-commerce, life sciences and other industries.

== November 12, 2011==

'''Date & Time: Saturday, at 10:30 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

HP WebInspect by Rohit Tamma

Pentesting Iphone Applications By B Satish

''' Speakers '''

'''Rohit Tamma'''

Rohit Tamma (CEH) has been working as a Application security Analyst in TCS from past 2 years. His job responsibilities include Vulnerability Assessment and Penetration Testing which enabled him to acquire extensive knowledge on HP WebInspect,IBM Rational Appscan Source Edition and HP Assessment Management Platform. Recently he also gave a presentation in Null Hyderabad meet on HP WebInspect.

'''Satish B'''

Satish has been working as a web application penetration tester since 5 years. Pentested over 200 web applications during this period. Recently he got involved in reverse engineering of binaries, WLAN security and mobile application hacking. He also Performed a couple of network assessments and source code reviews. Developed a compiler in the early stage of the career. He has a Bachelor’s Degree in Computer Science from JNTU, Hyderabad.Passionate about hacking and sharing knowledge.

== 20th August 2011 ==

'''Date & Time: Saturady, at 11 AM '''

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

Oracle Padding Attack by B. Satish

Open SAM part II by Sripati MS

''' Speakers '''

'''B Satish'''

I have been working as a web application penetration tester since 5 years. Pentested over 200 web applications during this period. Recently got involved in reverse engineering of binaries, WLAN security and mobile application hacking. Performed a couple of network assessments and source code reviews. Developed a compiler in the early stage of the career. I have a Bachelor’s Degree in Computer Science from JNTU, Hyderabad. Passionate about hacking and sharing knowledge

'''Sreepati M S'''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him

== July 2011 ==

'''Date: 23/07/2011 saturady of at 12:00 Noon '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

Presentation on Burp Suite by Omair Seminar on Open SAM by Sreepati

''' Speakers '''

'''Sreepati M S '''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him

 

'''Omair '''

Omair works as penetration tester in NII consulting, has over 5 years of experience in Penetration testing. His interests include Network Penetration testing, Exploit generation and Reverse engineering

 ''' Facility Sponsor & Refreshment sponsor'''

3i Infotech

[[Image:3i Infotech.png]]

 

== june 2011 ==

'''Meet on:''' 11/06/2011 saturday

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Facility Sponsor & Refreshment sponsor''' 

Cognizant Technology Solutions

 

[[Image:Cognizant.png|273x86px|Cognizant.png]]

 

== May 2011 ==

'''Meet on:''' 07/05/2011 saturday

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

XSS Autopsy and w3af by Imran

''' Speakers '''

'''Mohammed Imran'''

Imran works as Application Security Researcher at Tata consultancy services,leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Apart from his day job he contributes to matriux and Fedora open source projects. Imran is a CEH and his interests include application security assessment, penetration testing and code review.

'''Sponsor''' 

Cognizant Technology Solutions

 

==== Audio/Video/Slides Archive ====

<paypal>Hyderabad</paypal>

__NOTOC__ <headertabs></headertabs>

[[Category:OWASP_Chapter]]
[[Category:Asia/Pacific/Middle East]]
[[Category:India]]
[[Category:Hyderabad]]

Hyderabad

2019-11-14T05:46:00Z

Raj Shalem: /* Meeting Details: Nov2019*/

Welcome to the OWASP Hyderabad chapter homepage.

== OWASP - Hyderabad Chapter Board Members ==
Scope of the board is to discuss and approve local activities, meetings and plans.The board meetings will be announced at a later date. 

'''The board currently includes the following members :'''
* '''OWASP Hyderabad chapter: 'Core Team'''' (Members since 2017) [mailto:gshalemraj@gmail.com Shalem Raj - Cognizant Technology Solutions] : Chapter Leader [mailto:rajesh.gopal@owasp.org Rajesh Gopal - Fortune 500 Organisation] [mailto:bhaskar.puppala@owasp.org Bhaskar Puppala - Fortune 500 Organisation] [mailto:sathya.achanta@owasp.org Achanta Sathya Phani Bapi Raju - CSC] [mailto:saikrishna.gobburi@owasp.org Saikrishna Gobburi - Pramati Technologies Pvt Ltd] 
* '''OWASP Hyderabad chapter: 'Advisory Group'''' (Members since Mar-2019)
# Vasudeva Aremanda - Genpact
# Riyaz Shaik - FX Labs
# Krishna Chaitanya Suraparaju - Cycops (Founder)
Information about future meets can be seen in the '''''Upcoming Meetings''''' section below.

== '''Location Details''' ==

Hyderabad is the capital of southern India's Telangana state. A major center for the technology industry, it's home to many upscale restaurants and shops. Its historic sites include Golconda Fort, a former diamond-trading center that was once the Qutb Shahi dynastic capital. The Charminar, a 16th-century mosque whose 4 arches support towering minarets, is an old city landmark near the long-standing Laad Bazaar.

[[File:Hydskyline.jpg|Panorama of Hyderabad, as seen from the Hussain Sagar lake. Source: https://en.wikipedia.org/wiki/Hyderabad#/media/File:Hydskyline.jpg|center|1150x1150px]]

More details about Hyderabad location available @https://en.wikipedia.org/wiki/Hyderabad<nowiki/>{{Chapter Template|chaptername=Hyderabad|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-hyderabad|emailarchives=http://lists.owasp.org/pipermail/owasp-hyderabad}}
== Participants ==

OWASP Local Chapter meetings are free and open. Our chapter's meetings are informal and encourage open discussion of all aspects of application security. Anyone in our area interested in web application security is welcome to attend. We encourage attendees to give short presentations about specific topics.

 Stay Updated

'''[https://lists.owasp.org/mailman/listinfo/owasp-hyderabad Click here to join the local chapter mailing list]'''

'''Follow''' OWASP Hyderabad on your favorite social media sites:

[[Image:Twitter mini.png|link=http://twitter.com/OWASPHyderabad]] [[Image:Facebook mini.png|link=https://www.facebook.com/pages/Owasp-Hyderabad/181569591897591]]

'''Share''' OWASP Hyderabad on your favorite social media sites:

Presentations are invited from speakers, Please contacts us at our Telegram Group @https://goo.gl/EHqdLM

(Don't share personal details like contact numbers here, because its an open group, your privacy is our concern)

Presenters are encouraged to use OWASP presentation template for slides preparation.

Follow us at our Telegram, Twitter and Facebook handles to get latest information !

== Presentations and Training[edit | edit source] ==
OWASP Track

[https://www.owasp.org/index.php/Speaker_Agreement Speaker Agreement]

[https://www.owasp.org/images/b/b3/OWASP_Presentation_Template_v2.zip Presentation Template]

[https://www.owasp.org/index.php/Image:CFP_template.doc Call For Papers Template]

[https://www.owasp.org/images/8/85/OWASP_CFT_Template-1-.doc Call For Training proposal template].

[http://www.owasp.org/images/4/4b/SAMPLE_Training_Instructor_Agreement.doc Training Instructor Agreement]

== '''Upcoming Meetings & Events''' ==
''Stay tuned for 2019 updates - Exciting activities are under plan !''

== [[Meeting]] Details: ==

== Aug - 2019 - One-Day Conference ==
'''Organized''' '''by''' : Broadridge Financial Solutions (India) Private Limited

Registration link: https://www.meraevents.com/previewevent?view=preview&eventId=218015
[[File:Nov-2019 Details.jpg|alt=Nov-2019 Conference Details|left|frame|Nov-2019 Conference Details]]

== Aug - 2019 - One-Day Conference ==
'''Organized''' '''by''' : Broadridge Financial Solutions (India) Private Limited

'''Date :''' '''31/Aug/2019'''

'''Timings :''' 9.00 AM Registration starts

'''Event :''' 10.00 AM to 06.00 PM IST

'''Venue :''' '''Broadridge Financial Solutions (India) Private Limited''', Adjacent to Cyber Towers, Hi-Tec City, Madhapur | Hyderabad 500081 Telangana

'''Registration Link:''' https://www.meraevents.com/event/owasp-hyderabad-august-meet-2019
{| class="wikitable"
|'''Registration & Networking'''
|-
|Welcome and Overview by OWASP Core Team : Welcome note by Broadridge Team
|-
|'''Azure Secure Devops Kit (AzSK)''' – By Sartaj Shaik : Sartaj is pen-tester and Security adviser with 6 + years of experience in Bug bounty and Security adviser associated with HCL and Aveva. A motivational speaker and MCU enthusiast (Inspired by Iron Man)
|-
|Refreshments / Tea Break
|-
|'''IOT (Internet of Things) Security (WiFi and Bluetooth hooks)''' – By Satish Rao : Satish Rao is an IoT Enthusiast , He have M.Tech in Computer Science and working in Oracle India Pvt Ltd in the role of Security Program Manager , having 14 years of Software Industry Experience. Linkendin : <nowiki>https://www.linkedin.com/in/satishraop/</nowiki>
|-
|'''Secure Code Review''' – By Raghav : Raghav has over 11 years of experience in Development and Application Security. In his current role at Broadridge he has been involved in vulnerability assessments, secure code reviews, design reviews, providing remediation support and mentoring. He also conducted several security awareness sessions to the development community.
|-
|'''Networking Lunch'''
|-
|'''AndroGoat in Kotlin (A damn vulnerable mobile App)''' – By Satish Patnayak : 9 years of broad industry experience , Information Security Consultant , researcher , Bug bounty hunter and blogger. AndroGoat is developed by Satish and dedicated the app to OWASP. Twitter : @satish_patnayak
|-
|'''Refreshments / Tea Break'''
|-
|'''Third Party Libraries - Impact and Analysis''' By Niranjan T, Sarwar J
Speakers Profile:
a) Niranjan T, is working as a Technology Lead at Broadridge, with 7 years of experience in multiple security domains such as Application Security, Infrastructure Security, Mobile Security etc.
b) Sarwar J, is working as a Senior Product Security Analyst at Broadridge, who is passionate about learning and sharing knowledge with the AppSec community.
|-
|'''Vote of Thanks'''

Closing: Network Business / Announce Next Meeting – By OWASP Team
|-
|Meeting Concludes: ''Network Social''
|}

== Mar - 2019 - One-Day Conference ==
'''Organized''' '''by''' : S&P Global

'''Date :''' '''09/Mar/2019'''

'''Timings :''' 9.00 AM Registration starts

'''Event :''' 10.00 AM to 06.00 PM IST

'''Venue :''' @Ness Software Engineering Services India ,LLP, '''4th Floor, Block 5, East Tower,''' '''North wing Divyasree NSL Infrastructure Pvt''', ,Sy No.66/1, Raidurgam Village, Serlingampally Mandal, RR Dist, Hyderabad-500032, Telangana, India

'''Registration Link:''' https://www.meraevents.com/event/owasp-hyderabad-chapter-march-2019-oneday-meet-by-sandp-global
{| class="wikitable"
|'''Registration & Networking'''
|-
|Welcome and Overview by OWASP Core Team:

''Felicitation to Guest of Honor: '''G Janaki Sharmila''' - Dy. Commissioner of Police - Crime''

http://www.cyberabadpolice.gov.in/crime-wing/dcp-crimes.html

''Welcome note by S&P Global Team''
|-
|'''Authentication in API, Microservices Architecture''' '''and Cloud Security''' – By ''Varun Kumar Srivastava'':

Varun is principal Engineer with 9 + years of experience in developing and securing web applications and expertise in Application Security, Identity and Access management, He is a computer science graduate from IIT
|-
|Refreshments / Tea Break
|-
|'''''Panel Discussion''''' ''(Cybersecurity Readiness – Maturity and Capability)''

Dr. Bheemarjuna Reddy Tamma - Associate Professor, IIT Hyderabad - https://www.iith.ac.in/~tbr/

Dr. V. Radha, Associate Professor, Institute for Development and Research in Banking Technology (IDRBT) - http://idrbt.ac.in/vradha.html

Mr. Veeraindhra Dinker, Director Information Security at GSS Infotech Hyderabad - https://www.linkedin.com/in/vdinker

Mr. Venu Rao , Founder and CEO - We Secure App - https://www.linkedin.com/in/venu-rao-wsa
|-
|'''Networking Lunch -'''

'''Registrations for Onsite Hackathon by Secure Code Warrior'''
|-
|'''Executive Briefing: Secure Software Development''' – By Satish Kumar Vadlakonda: Satish is Associate Director with 12 + years of broad industry experience in to software design, architecture and development. Specialized in Web and Windows applications development with a strong acquaintance to the best practices of Agile, UX, UI and Information security
|-
|'''An Introduction to IOT firmware analysis and Security''' – By ''Vivek Rengarajan:''

Vivek is a cybersecurity team leader in a multinational bank with almost 18 years of experience. He has held varied roles in his career and has been a cyber security enthusiast for a long time. His areas of interest include mobile and ioT security, Malware analysis and reverse engineering and exploit development. He tweets at @vivek_310
|-
|Refreshments / Tea Break
|-
|'''''Onsite Hackathon (CTF) by''''' '''''Secure Code Warrior''': '''(3 Hours)'''''[[File:SCW LOGO.png|thumb]]

''Secure Code Warrior is a global security company that makes software development better and more secure: Gamified competitive Developer Quality Assurance platform''

https://securecodewarrior.com , https://insights.securecodewarrior.com

'''Announcement of the winners and Prize distribution:'''

'''The participants can form a group up to 3 members each or can participate individually'''

Watch as you climb to the top of the leaderboard and be crowned the ‘Secure Code Warrior.’ We are giving away prizes:

The following are prizes :

· 1st - 3x t-shirt, Rs. 3001 Amazon voucher each from '''SCW''' and 9000 Amazon gift card from '''S&P Global'''

· 2nd - 3x t-shirt from '''SCW''' – 5000 Amazon gift card from '''S&P Global'''

· 3rd - 3x t-shirt from '''SCW''' – 3000 Amazon gift card from '''S&P Global'''
|-
|'''Vote of Thanks'''

Closing: Network Business / Announce Next Meeting – By OWASP Team
|-
|Meeting Concludes: ''Network Social''
|}

== Dec - 2018 ==
[[File:Session Photo.jpg|thumb]]
[[File:Group Photo.jpg|thumb]]
'''Organized''' '''by''' : ThoughtWorks Technologies Private Limited

'''Date :''' 15/Dec/2018

'''Timings :''' 10.00 AM to 1.00 PM IST

'''Venue :''' ThoughtWorks Technologies Private Limited, Hyderabad, Telangana, India

'''Registration Link:''' https://www.eventbrite.com/e/owasp-hyderabad-december-2018-chapter-meet-tickets-53371662078#

'''Agenda:'''

'''1) All about Java Deserialization Vulnerability'''

Java Deserialization of untrusted data has been a security buzzword for the past couple of years with almost every application using native Java serialization framework being vulnerable to Java deserialization attacks. Since it's inception, there have been many scattered attempts to come up with a solution to best address this flaw. In this talk we will focus on Java deserialization vulnerability and mitigation framework provided by Oracle in its latest JDK.

'''About Speakers:''' Venkata Suresh Sanga is a Principle Security Engineer in Oracle having more than 13+ years of experience in Application Development and Security. Currently working on SAST Tools to remediate or mitigate the Application Vulnerabilities. He has Masters in Computer Science (M.Tech) from Andhra University. Linkedin : <nowiki>https://in.linkedin.com/in/svsuresh-appse</nowiki>

'''Our Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Our Twitter URL:''' https://twitter.com/owasphyderabad

'''Our Telegram URL:''' https://goo.gl/EHqdLM

== Sept-2018 - One-Day Conference ==
'''Organized''' '''by''' : S&P Global and Ness

'''Date :''' 01/Sept/2018

'''Timings :''' 10.00 AM to 05.30 PM IST

'''Venue :''' @Ness Software Engineering Services India ,LLP, 4th Floor, Block 5, East Tower, '''North wing Divyasree NSL Infrastructure Pvt''', ,Sy No.66/1, Raidurgam Village, Serlingampally Mandal, RR Dist, Hyderabad-500032, Telangana, India

'''Registration Link:'''

https://www.meraevents.com/event/owasp-hyderabad-september-2018-chapter-meet?ucode=organizer

'''Agenda:'''
{| class="wikitable"
|'''Registration & Networking'''
|-
|Welcome and Overview by OWASP Core Team

Welcome note by S&P Global Team

Welcome & Overview of Meeting by OWASP Network Representative
|-
|'''Running Frida on jailed devices by using Frida and to bypass root/jailbreak detection – By Satish Kumar Patnayak'''

About Speaker : Information Security Consultant with 7+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. His areas of interest are android security, ios security
|-
|Refreshments / Tea Break
|-
|'''SSRF Exploit Development – By Aayush Deo'''

About Speaker : Good industry experience in information security and completed my BE from PUNE University. Have worked with shopclues.com, an eCommerce company in the past and have couple of Hall of Fame’s on ZETA, Paytm etc.
|-
|Networking Lunch
|-
|'''Mobile Vulnerabilities worth Millions - Pentesting and Securing iOS Apps using OWASP iGoat – By Swaroop Deepak Yermalkar'''

About Speaker : works as Sr Security Engineer with a diverse skill set focused on Mobile App Pentest, Web, API and AWS Pentesting. In addition he has authored the popular book “Learning iOS Pentesting” (<nowiki>https://goo.gl/T8jvjJ</nowiki>) and lead an open source project - OWASP iGoat (<nowiki>https://github.com/OWASP/iGoat-Swift</nowiki>) which is developed for mobile security. He is one of the top bug bounty researchers worldwide, working with Cobalt.io (<nowiki>https://app.cobalt.io/swaroopsy</nowiki>), Synack.inc.

He has given talks and workshops at many security conferences including AppSec USA 2017, BruCON, SEC-T, EuropeanSec, Hacks in Taiwan (HITCON), GroundZero, c0c0n, 0x90, GNUnify
|-
|'''OS Command Injection - Observation, Attack & Analysis (A1 - OWASP Top 10 2017) - By Bhaskar Puppala and Saikrishna Gobburi'''

About Speaker: Bhaskar Puppala is an Information Security Professional, working as a consultant for a fortune 500 company and has 8.5 years of experience. He is more interested in application security area and love to share his knowledge when possible. He also has some experience in bug bounty programs and listed on couple of Security Hall of Fames.

For more details please visit : <nowiki>https://in.linkedin.com/in/bhaskar-puppala-3bb11316</nowiki>

About Speaker: Saikrishna Gobburi has around 8.5 years of work experience on QA automation, performance and security testing .Currently he is working as Principal engineer with Pramati technologies. He is also associated as core member with OWASP-Hyderabad.

For more details please visit: <nowiki>https://www.linkedin.com/in/saikrishna-gobburi-b0088118/</nowiki>
|-
|Refreshments / Tea Break
|-
|Panel Discussion – Corporate attack methodology vs Attacks in the wild (Resource pool: Demand vs Supply)
Panel to be announced
|-
|Closing - Network Business / Announce Next Meeting – By OWASP Team
|-
|''Network Social''
|}
'''Sponsor :'''
{| class="wikitable"
![[File:Session_Photos.jpg|thumb|S and P]]
![[File:Session_Photos1.jpg|thumb|S and P]]
![[File:Session_Photos2.jpg|thumb|S and P]]
|} [[File:SP.png|frameless|168x168px]]
== July - 2018[edit | edit source] ==
'''Time & Venue:'''
[[File:July 2018 Core Team meet.jpg|thumb|July 2018 Core Team Meet]]
@28/July/2018

CCD, Banjara Hills, Hyderabad, Telangana.

'''Agenda:'''

1. Planning for Sep 2018 OWASP meet - '''Done'''

2. Telegraph Group Mentoring - '''Done'''

3. Speakers Finalizing - '''Done'''

'''Attendees : Hyderabad OWASP Core Team'''

[[File:CoMakeIT - June 2018 Meet Pic 2.jpg|thumb|CoMakeIT - June 2018 Meet]]

== June - 2018 ==
[[File:CoMakeIT - June 2018 Meet.jpg|alt=CoMakeIT - June 2018 Meet|thumb|CoMakeIT - June 2018 Meet]]
'''Venue: coMakeIT Software Pvt Ltd'''

Address: 7th Floor, Block-I, My Home Hub, Hitech City, Madhapur, Hyderabad, INDIA

'''Event Start Time:''' Saturday, 23rd June, 2018 at 10:00 AM (IST)

'''Event Registration URL''': https://tinyurl.com/yc9cb6hg

'''Agenda:'''

'''1) Adapting to DevSecOps in Agile World'''

In this talk, speaker will try talk about basics of DevSecOps and its benefits when we integrate it in Agile SDLC space.

'''2) Understanding the internals of 'Server-Side Request Forgery' (SSRF)'''

Here speaker will try to touch the basics about how application communicates with end devices and using the same he will try to explain SSRF issue and criticality of it, if exploited.

'''About Speakers:'''

'''1) Saikrishna Gobburi''' has around 8.5 years of work experience on QA automation, performance and security testing .Currently he is working as Principle engineer with Pramati technologies. He is also associated as core member with OWASP-Hyderabad. For more details please visit: <nowiki>https://www.linkedin.com/in/saikrishna-gobburi-b0088118/</nowiki>

'''2) Bhaskar Puppala''' is an Information Security Professional, working as a consultant for a fortune 500 company and has 8.5 years of experience. He is more interested in application security area and love to share his knowledge when possible. He also has some experience in bug bounty programs and listed on couple of Security Hall of Fames. For more details please visit : <nowiki>https://in.linkedin.com/in/bhaskar-puppala-3bb11316</nowiki>

'''Our Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Our Twitter URL:''' https://twitter.com/owasphyderabad

'''Our Telegram URL:''' https://goo.gl/EHqdLM

== Mar - 2018 ==
[[File:Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet.jpg|alt=Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet|thumb|Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet]]
'''Venue: Daspalla Hotel'''
[[File:Daspalla_Hotel_-_Meet.jpg|thumb|Daspalla Hotel Meet - Mar 2018]]

Address: Rd Number 37, CBI Colony, Jubilee Hills, Hyderabad, Telangana 500033, Phone: 040 6654 5678

'''Event Start Time:''' Saturday, 10th Mar, 2018 at 10:00 AM (IST)

'''Agenda:'''

'''1) Does your Pentesting cover all the basis of IT Security ?'''

This talk focuses on how to align the security validation of a web application with the three basic elements of security namely,Confidentiality,Integrity, and Availability (CIA). The test effectiveness can be achieved by analyzing the requirements of each element and identifying the potential breaches that can compromise each element. The efficiency should be built by relating these breaches with the known OWASP Top 10 and other vulnerabilities and, leveraging that knowledge to identify the testing approach - static and dynamic throughout the SDLC.

'''About Speakers:'''

'''Bhushan Gupta''' has over 30 years of experience in software engineering, 23 of which have been in the software industry. Although recognized for his contributions in the areas of software engineering such as agile processes and quality methods and metrics, Bhushan has taken a vigorous interest in web application security and is keen on applying pragmatic software development practices that yield a secure product. He is one of the leaders of the OWASP Portland Chapter. Bhushan has been a speaker, a panelist, and a reviewer for software quality and security organizations. As a change agent, Bhushan volunteers his time and energy for organizations that promote software security and quality. He has a MS degree in Computer Science from New Mexico Institute of Mining and Technology, Socorro, New Mexico, 1985.

'''Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Twitter URL:''' https://twitter.com/owasphyderabad

'''Telegram URL:''' https://goo.gl/EHqdLM

'''Registration URL:''' https://goo.gl/tEXnec

== Feb-2018 ==

=== '''Venue: coMakeIT''' ===
7th Floor, Block-I, My Home Hub, Hitech City, Madhapur, Hyderabad, INDIA

'''Time:''' Saturday, 03rd Feb, 2018 at 10:30 AM (IST)

'''Agenda:'''

1) Mobile Application Pentest & Mobile Application Ransomware

2) Using Static Analyser tools while coding

'''About Speakers:'''

1) '''Spv Reddy''' is an Application Security Analyst at '''IMImobile Pvt Ltd''', member of '''National Technical Committee Member''' at National Cyber Safety and Security Standards

Also a '''Steering Committee Lead''' Member in National Information Security Summit.

2) '''Dathu Rachapudi''' is having 9 years of experience with 6+ years into Application Security only. He is currently working with '''ValueLabs''' as a “Technical Lead-Security”

He likes to teach and a happy a bug hunter during his leisure time.

== Dec-2017 ==
[[File:WhatsApp Image 2017-12-15 at 11.09.39 PM.jpg|thumb]]
'''Time & Venue:'''

@15/Dec/2017

KFC location, Shilparamam, Hi-Tech city, Hyderabad

'''Agenda:'''

1. Planning for Jan 20th 2018 general OWASP meet - '''Done'''

2. Need to clear OWASP mail account - '''Done'''

'''Attendees : Hyderabad OWASP Core Team'''

== Sec-2017 ==
[[File:WhatsApp Image 2017-12-15 at 10.13.27 PM.jpg|thumb]]
'''Time & Venue:'''

@03/Sep/2017

Cafe Coffee day, Road Number 10, Banjara Hills, Hyderabad

'''Below decisions were made after careful discussions'''

1. Uploading of OWASP presentation template, speakers should make use of this template to prepare their presentation

2. Recording the technical demo is mandate for presenters

'''Attendees : Hyderabad OWASP Core Team'''

== July 2017 ==
'''Time & Venue:'''

OpenText Technologies, Building No-14, 3rd Floor, Raheja Mindspace, HITEH City, Hyderabad

Saturday, July 15th, 2017 at 10:30 AM (IST)

'''Agenda:'''

1. Introduction to DevOps and its Tools - Krishna Reddy Pedala

2. API Security Auditing using RESTED Plug-in - Vikas Kumar Pal

'''About the speaker:'''

'''Krishna Reddy Pedala''' is currently working as an Sr.Information Security consultant in financial sector. His previous endeavour was with Microsoft and has 9+ years of experience in Information security domain with expertise in service industry and banking domains.

'''Vikas Kumar Pal''' is an information security professional working with Ceredox Technologies Pvt Ltd, Hyderabad with an interest in research and development in the areas of Application Security, Penetration Testing and Web Application Development.

== Feb 2017 ==

'''Time & Venue:'''

Starbucks, Opp: Cybergateway, HiTech City, Hyderbad

Monday, February 20th, 2017 at 7.30 PM (IST)

'''Agenda:'''

Topic: New Core Team Meeting

Road map for year 2017

Changes in core team members responsibilities

Getting OWASP accounts for core members

Administration of all social accounts of OWASP Hyderabad Chapter

== April 2016 ==
'''Time & Venue:'''

OpenText Technologies, Building No-14, 3rd Floor, Raheja Mindspace, HITEH City, Hyderabad

Saturday, April 2nd, 2016 at 10:30 AM (IST)

'''Agenda:'''

Topic: Mobile application security and testing by Satish Kumar Patnaik

About the speaker - Satish Kumar Patnayak : he is currently working as an Senior Information Security Consultant financial sector and has 5+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. His areas of interest are android security, ios security.

==February 2016==

'''Time & Venue:'''

Saturday, February 27th, 2016 at 10:30 AM (IST)

Location: Pramati Technologies Private Limited, Mid Town 6-3-348 Road No. 1, Banjara Hills, Hyderabad, Telangana, India

'''Agenda:'''

Microsoft Threat Modeling Tool 2016 by Krishna Reddy Padala

Creating DFD STRIDE Model Identifying STRIDE Threats by DFD, Mitigation Techniques and Technologies

'''About the speaker:''' Krishna Reddy Padala, he is currently working as an Senior Information Security Consultant financial sectore and worked with Microsoft and has 8+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. QUALYS GUARD Certified Vulnerability Management Specialist.Certified Ethical Hacker from EC Council.Worked extensively on Web Application Security, Secure Code Reviews in Banking & Financial, Healthcare, Retail, Logistics domains.

== '''Previous Meets:''' ==

==May 11, 2013==

'''Venue:'''

CA Technologies, 115, IT Park Area, Nanakramguda, Gachibowli - (Phone - 040 6687 8000), Hyderabad

'''Agenda:''' Exploiting Java 0-day by Ravindra and Raghuveer, CA Technologies Compliance and Governance by Shalem Raj, Cognizant.

==February 9, 2013==

'''Date & Time: Saturday, February 9, 2013 from 10:00 AM to 1:00 PM '''

'''Venue:'''
CA Technologies 
115, IT Park Area 
Nanakramguda, Gachibowli - (Phone - 040 6687 8000) 
Hyderabad

'''Agenda:'''
IBM Appscan - An automated approach to web app security by Rohit Tamma 
Insecure Storage in iPhone applications by Satish Bommisetty

''' Speakers: '''

'''Rohit Tamma'''
Rohit Tamma has been working in the field of Application Security since 3.5 years. He has experience in Vulnerability Assessments and Penetration Testing of web applications. He is passionate about Mobile security with special interest in Android security. He is currently working with ADP.

'''Satish Bommisetty'''
Satish is an Information Security Professional with 6.5 years of experience in penetration testing of web applications and mobile applications. He is currently working with ADP as a security analyst. He is a Facebook whitehat. He also reported vulnerabilities in Bing, Linkedin and Paypal.

== October 27, 2012 ==

'''Date & Time: Saturday, October 27, 2012 at 11:00 AM (IST) '''.

'''Venue:'''

Invesco private Limited 
15th Floor , North Block, Beside Raidurg Police Station 
DivyaSree Orion SEZ 
Hyderabad, Andhra Pradesh 500032 

'''Agenda:'''

A bird'd eye view of securing Web Applications by Imran Mohammed

SSDLC BSIMM by M S Sripathi

''' Speakers '''

'''Imran Mohammed'''

Mohammed Imran works as Researcher at TCS, Innovation Labs. He also leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Imran is a CEH and his interests include application security assessment, penetration testing and secure code review. When not at work he practices horse riding and marksmanship.

'''Sreepati M S '''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him .

'''Sponsor'''

Invesco Pvt Ltd

== August 11, 2012 ==

'''Date & Time: Saturday, Aug 11, 2012 at 10:30 AM '''.

'''Venue:'''

ADP pvt ltd 
Kothaguda 
Ground floor, Block C Laxmi cyber city Opposite TCS e-park 
Hyderabad, Andhra Pradesh 500081 

'''Agenda:'''

HTML5 Security Part II by Krishna Chaitanya

''' Speakers '''

'''Krishna Chaitanya T'''

Krishna Chaitanya T is a web geek working at Security & Privacy Research Lab, Infosys Labs. He is very much passionate about the web with special interest on Web security and areas such as HTML5, JavaScript, Web browsers, social networking platforms etc. He is a regular blogger and speaker at technical events. For his contributions to technical communities, he has been awarded Microsoft MVP award for 3 consecutive years-ASP.NET MVP(2010) and Internet Explorer MVP (2011, 2012). He is also pursuing M.S by Research at IIIT-Hyd with focus on security aspects of the modern web. When not at work he practices Yoga and plays Chess.

'''Sponsor'''

https://www.owasp.org/images/9/91/Adp.jpg

== May 19, 2012 ==

'''Date & Time: Saturday, May 19, 2012 at 10:30 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

HTML5 Security by Krishna Chaitanya

''' Speakers '''

'''Krishna Chaitanya T'''

Krishna Chaitanya T is a web geek working at Security & Privacy Research Lab, Infosys Labs. He is very much passionate about the web with special interest on Web security and areas such as HTML5, JavaScript, Web browsers, social networking platforms etc. He is a regular blogger and speaker at technical events. For his contributions to technical communities, he has been awarded Microsoft MVP award for 3 consecutive years-ASP.NET MVP(2010) and Internet Explorer MVP (2011, 2012). He is also pursuing M.S by Research at IIIT-Hyd with focus on security aspects of the modern web. When not at work he practices Yoga and plays Chess.

== February 25, 2012 ==

'''Date & Time: Saturday, February 25, 2012 at 11:00 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

How to find zero days in web applications by Imran & Raghunath

''' Speakers '''

'''Mohammed Imran'''

Imran works as Application Security Researcher at Tata consultancy services,leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Apart from his day job he contributes to matriux and Fedora open source projects. Imran is a CEH and his interests include application security assessment, penetration testing and code review.

'''Raghunath'''

Raghunath works as a senior security engineer at entersoft information systems private limited. His interests include web application penetration testing.

== December 17, 2011 ==

'''Date & Time: Saturday, at 10:30 AM '''.

'''Venue: '''

Hotel Sitara Grand 
Road No.12, Road No.12, Banjara Hills 
Hyderabad, Andhra Pradesh 500034, India 

'''Agenda:'''

Cloud Security by Arshad Noor

''' Speakers '''

'''Arshad Noor'''
Chief Technology Officer
StrongAuth, Inc., Sunnyvale, California

Started his great profession as a senior systems designer way back in 1986 at Port Authority of Newyork and New Jersey,- Newyork and worked in Citibank - newyork as Vice President apart from Newyork Life Insurance, BASF Corporation, Sun IT ,Sun Microsystems, INC to name.
Architected and built several Public Key Infrastructure (PKI) assignments for several defense, communication, medical, Banking, e-commerce, life sciences and other industries.

== November 12, 2011==

'''Date & Time: Saturday, at 10:30 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

HP WebInspect by Rohit Tamma

Pentesting Iphone Applications By B Satish

''' Speakers '''

'''Rohit Tamma'''

Rohit Tamma (CEH) has been working as a Application security Analyst in TCS from past 2 years. His job responsibilities include Vulnerability Assessment and Penetration Testing which enabled him to acquire extensive knowledge on HP WebInspect,IBM Rational Appscan Source Edition and HP Assessment Management Platform. Recently he also gave a presentation in Null Hyderabad meet on HP WebInspect.

'''Satish B'''

Satish has been working as a web application penetration tester since 5 years. Pentested over 200 web applications during this period. Recently he got involved in reverse engineering of binaries, WLAN security and mobile application hacking. He also Performed a couple of network assessments and source code reviews. Developed a compiler in the early stage of the career. He has a Bachelor’s Degree in Computer Science from JNTU, Hyderabad.Passionate about hacking and sharing knowledge.

== 20th August 2011 ==

'''Date & Time: Saturady, at 11 AM '''

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

Oracle Padding Attack by B. Satish

Open SAM part II by Sripati MS

''' Speakers '''

'''B Satish'''

I have been working as a web application penetration tester since 5 years. Pentested over 200 web applications during this period. Recently got involved in reverse engineering of binaries, WLAN security and mobile application hacking. Performed a couple of network assessments and source code reviews. Developed a compiler in the early stage of the career. I have a Bachelor’s Degree in Computer Science from JNTU, Hyderabad. Passionate about hacking and sharing knowledge

'''Sreepati M S'''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him

== July 2011 ==

'''Date: 23/07/2011 saturady of at 12:00 Noon '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

Presentation on Burp Suite by Omair Seminar on Open SAM by Sreepati

''' Speakers '''

'''Sreepati M S '''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him

 

'''Omair '''

Omair works as penetration tester in NII consulting, has over 5 years of experience in Penetration testing. His interests include Network Penetration testing, Exploit generation and Reverse engineering

 ''' Facility Sponsor & Refreshment sponsor'''

3i Infotech

[[Image:3i Infotech.png]]

 

== june 2011 ==

'''Meet on:''' 11/06/2011 saturday

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Facility Sponsor & Refreshment sponsor''' 

Cognizant Technology Solutions

 

[[Image:Cognizant.png|273x86px|Cognizant.png]]

 

== May 2011 ==

'''Meet on:''' 07/05/2011 saturday

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

XSS Autopsy and w3af by Imran

''' Speakers '''

'''Mohammed Imran'''

Imran works as Application Security Researcher at Tata consultancy services,leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Apart from his day job he contributes to matriux and Fedora open source projects. Imran is a CEH and his interests include application security assessment, penetration testing and code review.

'''Sponsor''' 

Cognizant Technology Solutions

 

==== Audio/Video/Slides Archive ====

<paypal>Hyderabad</paypal>

__NOTOC__ <headertabs></headertabs>

[[Category:OWASP_Chapter]]
[[Category:Asia/Pacific/Middle East]]
[[Category:India]]
[[Category:Hyderabad]]

File:Nov-2019 Details.jpg

2019-11-14T05:41:40Z

Raj Shalem:

Nov-2019 Conference Details

Hyderabad

2019-09-06T06:55:12Z

Raj Shalem: /* Aug - 2019 - One-Day Conference */

Welcome to the OWASP Hyderabad chapter homepage.

== OWASP - Hyderabad Chapter Board Members ==
Scope of the board is to discuss and approve local activities, meetings and plans.The board meetings will be announced at a later date. 

'''The board currently includes the following members :'''
* '''OWASP Hyderabad chapter: 'Core Team'''' (Members since 2017) [mailto:gshalemraj@gmail.com Shalem Raj - Cognizant Technology Solutions] : Chapter Leader [mailto:rajesh.gopal@owasp.org Rajesh Gopal - Fortune 500 Organisation] [mailto:bhaskar.puppala@owasp.org Bhaskar Puppala - Fortune 500 Organisation] [mailto:sathya.achanta@owasp.org Achanta Sathya Phani Bapi Raju - CSC] [mailto:saikrishna.gobburi@owasp.org Saikrishna Gobburi - Pramati Technologies Pvt Ltd] 
* '''OWASP Hyderabad chapter: 'Advisory Group'''' (Members since Mar-2019)
# Vasudeva Aremanda - Genpact
# Riyaz Shaik - FX Labs
# Krishna Chaitanya Suraparaju - Cycops (Founder)
Information about future meets can be seen in the '''''Upcoming Meetings''''' section below.

== '''Location Details''' ==

Hyderabad is the capital of southern India's Telangana state. A major center for the technology industry, it's home to many upscale restaurants and shops. Its historic sites include Golconda Fort, a former diamond-trading center that was once the Qutb Shahi dynastic capital. The Charminar, a 16th-century mosque whose 4 arches support towering minarets, is an old city landmark near the long-standing Laad Bazaar.

[[File:Hydskyline.jpg|Panorama of Hyderabad, as seen from the Hussain Sagar lake. Source: https://en.wikipedia.org/wiki/Hyderabad#/media/File:Hydskyline.jpg|center|1150x1150px]]

More details about Hyderabad location available @https://en.wikipedia.org/wiki/Hyderabad<nowiki/>{{Chapter Template|chaptername=Hyderabad|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-hyderabad|emailarchives=http://lists.owasp.org/pipermail/owasp-hyderabad}}
== Participants ==

OWASP Local Chapter meetings are free and open. Our chapter's meetings are informal and encourage open discussion of all aspects of application security. Anyone in our area interested in web application security is welcome to attend. We encourage attendees to give short presentations about specific topics.

 Stay Updated

'''[https://lists.owasp.org/mailman/listinfo/owasp-hyderabad Click here to join the local chapter mailing list]'''

'''Follow''' OWASP Hyderabad on your favorite social media sites:

[[Image:Twitter mini.png|link=http://twitter.com/OWASPHyderabad]] [[Image:Facebook mini.png|link=https://www.facebook.com/pages/Owasp-Hyderabad/181569591897591]]

'''Share''' OWASP Hyderabad on your favorite social media sites:

Presentations are invited from speakers, Please contacts us at our Telegram Group @https://goo.gl/EHqdLM

(Don't share personal details like contact numbers here, because its an open group, your privacy is our concern)

Presenters are encouraged to use OWASP presentation template for slides preparation.

Follow us at our Telegram, Twitter and Facebook handles to get latest information !

== Presentations and Training[edit | edit source] ==
OWASP Track

[https://www.owasp.org/index.php/Speaker_Agreement Speaker Agreement]

[https://www.owasp.org/images/b/b3/OWASP_Presentation_Template_v2.zip Presentation Template]

[https://www.owasp.org/index.php/Image:CFP_template.doc Call For Papers Template]

[https://www.owasp.org/images/8/85/OWASP_CFT_Template-1-.doc Call For Training proposal template].

[http://www.owasp.org/images/4/4b/SAMPLE_Training_Instructor_Agreement.doc Training Instructor Agreement]

== '''Upcoming Meetings & Events''' ==
''Stay tuned for 2019 updates - Exciting activities are under plan !''

== [[Meeting]] Details: ==

== Aug - 2019 - One-Day Conference ==
'''Organized''' '''by''' : Broadridge Financial Solutions (India) Private Limited

'''Date :''' '''31/Aug/2019'''

'''Timings :''' 9.00 AM Registration starts

'''Event :''' 10.00 AM to 06.00 PM IST

'''Venue :''' '''Broadridge Financial Solutions (India) Private Limited''', Adjacent to Cyber Towers, Hi-Tec City, Madhapur | Hyderabad 500081 Telangana

'''Registration Link:''' https://www.meraevents.com/event/owasp-hyderabad-august-meet-2019
{| class="wikitable"
|'''Registration & Networking'''
|-
|Welcome and Overview by OWASP Core Team : Welcome note by Broadridge Team
|-
|'''Azure Secure Devops Kit (AzSK)''' – By Sartaj Shaik : Sartaj is pen-tester and Security adviser with 6 + years of experience in Bug bounty and Security adviser associated with HCL and Aveva. A motivational speaker and MCU enthusiast (Inspired by Iron Man)
|-
|Refreshments / Tea Break
|-
|'''IOT (Internet of Things) Security (WiFi and Bluetooth hooks)''' – By Satish Rao : Satish Rao is an IoT Enthusiast , He have M.Tech in Computer Science and working in Oracle India Pvt Ltd in the role of Security Program Manager , having 14 years of Software Industry Experience. Linkendin : <nowiki>https://www.linkedin.com/in/satishraop/</nowiki>
|-
|'''Secure Code Review''' – By Raghav : Raghav has over 11 years of experience in Development and Application Security. In his current role at Broadridge he has been involved in vulnerability assessments, secure code reviews, design reviews, providing remediation support and mentoring. He also conducted several security awareness sessions to the development community.
|-
|'''Networking Lunch'''
|-
|'''AndroGoat in Kotlin (A damn vulnerable mobile App)''' – By Satish Patnayak : 9 years of broad industry experience , Information Security Consultant , researcher , Bug bounty hunter and blogger. AndroGoat is developed by Satish and dedicated the app to OWASP. Twitter : @satish_patnayak
|-
|'''Refreshments / Tea Break'''
|-
|'''Third Party Libraries - Impact and Analysis''' By Niranjan T, Sarwar J
Speakers Profile:
a) Niranjan T, is working as a Technology Lead at Broadridge, with 7 years of experience in multiple security domains such as Application Security, Infrastructure Security, Mobile Security etc.
b) Sarwar J, is working as a Senior Product Security Analyst at Broadridge, who is passionate about learning and sharing knowledge with the AppSec community.
|-
|'''Vote of Thanks'''

Closing: Network Business / Announce Next Meeting – By OWASP Team
|-
|Meeting Concludes: ''Network Social''
|}

== Mar - 2019 - One-Day Conference ==
'''Organized''' '''by''' : S&P Global

'''Date :''' '''09/Mar/2019'''

'''Timings :''' 9.00 AM Registration starts

'''Event :''' 10.00 AM to 06.00 PM IST

'''Venue :''' @Ness Software Engineering Services India ,LLP, '''4th Floor, Block 5, East Tower,''' '''North wing Divyasree NSL Infrastructure Pvt''', ,Sy No.66/1, Raidurgam Village, Serlingampally Mandal, RR Dist, Hyderabad-500032, Telangana, India

'''Registration Link:''' https://www.meraevents.com/event/owasp-hyderabad-chapter-march-2019-oneday-meet-by-sandp-global
{| class="wikitable"
|'''Registration & Networking'''
|-
|Welcome and Overview by OWASP Core Team:

''Felicitation to Guest of Honor: '''G Janaki Sharmila''' - Dy. Commissioner of Police - Crime''

http://www.cyberabadpolice.gov.in/crime-wing/dcp-crimes.html

''Welcome note by S&P Global Team''
|-
|'''Authentication in API, Microservices Architecture''' '''and Cloud Security''' – By ''Varun Kumar Srivastava'':

Varun is principal Engineer with 9 + years of experience in developing and securing web applications and expertise in Application Security, Identity and Access management, He is a computer science graduate from IIT
|-
|Refreshments / Tea Break
|-
|'''''Panel Discussion''''' ''(Cybersecurity Readiness – Maturity and Capability)''

Dr. Bheemarjuna Reddy Tamma - Associate Professor, IIT Hyderabad - https://www.iith.ac.in/~tbr/

Dr. V. Radha, Associate Professor, Institute for Development and Research in Banking Technology (IDRBT) - http://idrbt.ac.in/vradha.html

Mr. Veeraindhra Dinker, Director Information Security at GSS Infotech Hyderabad - https://www.linkedin.com/in/vdinker

Mr. Venu Rao , Founder and CEO - We Secure App - https://www.linkedin.com/in/venu-rao-wsa
|-
|'''Networking Lunch -'''

'''Registrations for Onsite Hackathon by Secure Code Warrior'''
|-
|'''Executive Briefing: Secure Software Development''' – By Satish Kumar Vadlakonda: Satish is Associate Director with 12 + years of broad industry experience in to software design, architecture and development. Specialized in Web and Windows applications development with a strong acquaintance to the best practices of Agile, UX, UI and Information security
|-
|'''An Introduction to IOT firmware analysis and Security''' – By ''Vivek Rengarajan:''

Vivek is a cybersecurity team leader in a multinational bank with almost 18 years of experience. He has held varied roles in his career and has been a cyber security enthusiast for a long time. His areas of interest include mobile and ioT security, Malware analysis and reverse engineering and exploit development. He tweets at @vivek_310
|-
|Refreshments / Tea Break
|-
|'''''Onsite Hackathon (CTF) by''''' '''''Secure Code Warrior''': '''(3 Hours)'''''[[File:SCW LOGO.png|thumb]]

''Secure Code Warrior is a global security company that makes software development better and more secure: Gamified competitive Developer Quality Assurance platform''

https://securecodewarrior.com , https://insights.securecodewarrior.com

'''Announcement of the winners and Prize distribution:'''

'''The participants can form a group up to 3 members each or can participate individually'''

Watch as you climb to the top of the leaderboard and be crowned the ‘Secure Code Warrior.’ We are giving away prizes:

The following are prizes :

· 1st - 3x t-shirt, Rs. 3001 Amazon voucher each from '''SCW''' and 9000 Amazon gift card from '''S&P Global'''

· 2nd - 3x t-shirt from '''SCW''' – 5000 Amazon gift card from '''S&P Global'''

· 3rd - 3x t-shirt from '''SCW''' – 3000 Amazon gift card from '''S&P Global'''
|-
|'''Vote of Thanks'''

Closing: Network Business / Announce Next Meeting – By OWASP Team
|-
|Meeting Concludes: ''Network Social''
|}

== Dec - 2018 ==
[[File:Session Photo.jpg|thumb]]
[[File:Group Photo.jpg|thumb]]
'''Organized''' '''by''' : ThoughtWorks Technologies Private Limited

'''Date :''' 15/Dec/2018

'''Timings :''' 10.00 AM to 1.00 PM IST

'''Venue :''' ThoughtWorks Technologies Private Limited, Hyderabad, Telangana, India

'''Registration Link:''' https://www.eventbrite.com/e/owasp-hyderabad-december-2018-chapter-meet-tickets-53371662078#

'''Agenda:'''

'''1) All about Java Deserialization Vulnerability'''

Java Deserialization of untrusted data has been a security buzzword for the past couple of years with almost every application using native Java serialization framework being vulnerable to Java deserialization attacks. Since it's inception, there have been many scattered attempts to come up with a solution to best address this flaw. In this talk we will focus on Java deserialization vulnerability and mitigation framework provided by Oracle in its latest JDK.

'''About Speakers:''' Venkata Suresh Sanga is a Principle Security Engineer in Oracle having more than 13+ years of experience in Application Development and Security. Currently working on SAST Tools to remediate or mitigate the Application Vulnerabilities. He has Masters in Computer Science (M.Tech) from Andhra University. Linkedin : <nowiki>https://in.linkedin.com/in/svsuresh-appse</nowiki>

'''Our Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Our Twitter URL:''' https://twitter.com/owasphyderabad

'''Our Telegram URL:''' https://goo.gl/EHqdLM

== Sept-2018 - One-Day Conference ==
'''Organized''' '''by''' : S&P Global and Ness

'''Date :''' 01/Sept/2018

'''Timings :''' 10.00 AM to 05.30 PM IST

'''Venue :''' @Ness Software Engineering Services India ,LLP, 4th Floor, Block 5, East Tower, '''North wing Divyasree NSL Infrastructure Pvt''', ,Sy No.66/1, Raidurgam Village, Serlingampally Mandal, RR Dist, Hyderabad-500032, Telangana, India

'''Registration Link:'''

https://www.meraevents.com/event/owasp-hyderabad-september-2018-chapter-meet?ucode=organizer

'''Agenda:'''
{| class="wikitable"
|'''Registration & Networking'''
|-
|Welcome and Overview by OWASP Core Team

Welcome note by S&P Global Team

Welcome & Overview of Meeting by OWASP Network Representative
|-
|'''Running Frida on jailed devices by using Frida and to bypass root/jailbreak detection – By Satish Kumar Patnayak'''

About Speaker : Information Security Consultant with 7+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. His areas of interest are android security, ios security
|-
|Refreshments / Tea Break
|-
|'''SSRF Exploit Development – By Aayush Deo'''

About Speaker : Good industry experience in information security and completed my BE from PUNE University. Have worked with shopclues.com, an eCommerce company in the past and have couple of Hall of Fame’s on ZETA, Paytm etc.
|-
|Networking Lunch
|-
|'''Mobile Vulnerabilities worth Millions - Pentesting and Securing iOS Apps using OWASP iGoat – By Swaroop Deepak Yermalkar'''

About Speaker : works as Sr Security Engineer with a diverse skill set focused on Mobile App Pentest, Web, API and AWS Pentesting. In addition he has authored the popular book “Learning iOS Pentesting” (<nowiki>https://goo.gl/T8jvjJ</nowiki>) and lead an open source project - OWASP iGoat (<nowiki>https://github.com/OWASP/iGoat-Swift</nowiki>) which is developed for mobile security. He is one of the top bug bounty researchers worldwide, working with Cobalt.io (<nowiki>https://app.cobalt.io/swaroopsy</nowiki>), Synack.inc.

He has given talks and workshops at many security conferences including AppSec USA 2017, BruCON, SEC-T, EuropeanSec, Hacks in Taiwan (HITCON), GroundZero, c0c0n, 0x90, GNUnify
|-
|'''OS Command Injection - Observation, Attack & Analysis (A1 - OWASP Top 10 2017) - By Bhaskar Puppala and Saikrishna Gobburi'''

About Speaker: Bhaskar Puppala is an Information Security Professional, working as a consultant for a fortune 500 company and has 8.5 years of experience. He is more interested in application security area and love to share his knowledge when possible. He also has some experience in bug bounty programs and listed on couple of Security Hall of Fames.

For more details please visit : <nowiki>https://in.linkedin.com/in/bhaskar-puppala-3bb11316</nowiki>

About Speaker: Saikrishna Gobburi has around 8.5 years of work experience on QA automation, performance and security testing .Currently he is working as Principal engineer with Pramati technologies. He is also associated as core member with OWASP-Hyderabad.

For more details please visit: <nowiki>https://www.linkedin.com/in/saikrishna-gobburi-b0088118/</nowiki>
|-
|Refreshments / Tea Break
|-
|Panel Discussion – Corporate attack methodology vs Attacks in the wild (Resource pool: Demand vs Supply)
Panel to be announced
|-
|Closing - Network Business / Announce Next Meeting – By OWASP Team
|-
|''Network Social''
|}
'''Sponsor :'''
{| class="wikitable"
![[File:Session_Photos.jpg|thumb|S and P]]
![[File:Session_Photos1.jpg|thumb|S and P]]
![[File:Session_Photos2.jpg|thumb|S and P]]
|} [[File:SP.png|frameless|168x168px]]
== July - 2018[edit | edit source] ==
'''Time & Venue:'''
[[File:July 2018 Core Team meet.jpg|thumb|July 2018 Core Team Meet]]
@28/July/2018

CCD, Banjara Hills, Hyderabad, Telangana.

'''Agenda:'''

1. Planning for Sep 2018 OWASP meet - '''Done'''

2. Telegraph Group Mentoring - '''Done'''

3. Speakers Finalizing - '''Done'''

'''Attendees : Hyderabad OWASP Core Team'''

[[File:CoMakeIT - June 2018 Meet Pic 2.jpg|thumb|CoMakeIT - June 2018 Meet]]

== June - 2018 ==
[[File:CoMakeIT - June 2018 Meet.jpg|alt=CoMakeIT - June 2018 Meet|thumb|CoMakeIT - June 2018 Meet]]
'''Venue: coMakeIT Software Pvt Ltd'''

Address: 7th Floor, Block-I, My Home Hub, Hitech City, Madhapur, Hyderabad, INDIA

'''Event Start Time:''' Saturday, 23rd June, 2018 at 10:00 AM (IST)

'''Event Registration URL''': https://tinyurl.com/yc9cb6hg

'''Agenda:'''

'''1) Adapting to DevSecOps in Agile World'''

In this talk, speaker will try talk about basics of DevSecOps and its benefits when we integrate it in Agile SDLC space.

'''2) Understanding the internals of 'Server-Side Request Forgery' (SSRF)'''

Here speaker will try to touch the basics about how application communicates with end devices and using the same he will try to explain SSRF issue and criticality of it, if exploited.

'''About Speakers:'''

'''1) Saikrishna Gobburi''' has around 8.5 years of work experience on QA automation, performance and security testing .Currently he is working as Principle engineer with Pramati technologies. He is also associated as core member with OWASP-Hyderabad. For more details please visit: <nowiki>https://www.linkedin.com/in/saikrishna-gobburi-b0088118/</nowiki>

'''2) Bhaskar Puppala''' is an Information Security Professional, working as a consultant for a fortune 500 company and has 8.5 years of experience. He is more interested in application security area and love to share his knowledge when possible. He also has some experience in bug bounty programs and listed on couple of Security Hall of Fames. For more details please visit : <nowiki>https://in.linkedin.com/in/bhaskar-puppala-3bb11316</nowiki>

'''Our Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Our Twitter URL:''' https://twitter.com/owasphyderabad

'''Our Telegram URL:''' https://goo.gl/EHqdLM

== Mar - 2018 ==
[[File:Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet.jpg|alt=Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet|thumb|Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet]]
'''Venue: Daspalla Hotel'''
[[File:Daspalla_Hotel_-_Meet.jpg|thumb|Daspalla Hotel Meet - Mar 2018]]

Address: Rd Number 37, CBI Colony, Jubilee Hills, Hyderabad, Telangana 500033, Phone: 040 6654 5678

'''Event Start Time:''' Saturday, 10th Mar, 2018 at 10:00 AM (IST)

'''Agenda:'''

'''1) Does your Pentesting cover all the basis of IT Security ?'''

This talk focuses on how to align the security validation of a web application with the three basic elements of security namely,Confidentiality,Integrity, and Availability (CIA). The test effectiveness can be achieved by analyzing the requirements of each element and identifying the potential breaches that can compromise each element. The efficiency should be built by relating these breaches with the known OWASP Top 10 and other vulnerabilities and, leveraging that knowledge to identify the testing approach - static and dynamic throughout the SDLC.

'''About Speakers:'''

'''Bhushan Gupta''' has over 30 years of experience in software engineering, 23 of which have been in the software industry. Although recognized for his contributions in the areas of software engineering such as agile processes and quality methods and metrics, Bhushan has taken a vigorous interest in web application security and is keen on applying pragmatic software development practices that yield a secure product. He is one of the leaders of the OWASP Portland Chapter. Bhushan has been a speaker, a panelist, and a reviewer for software quality and security organizations. As a change agent, Bhushan volunteers his time and energy for organizations that promote software security and quality. He has a MS degree in Computer Science from New Mexico Institute of Mining and Technology, Socorro, New Mexico, 1985.

'''Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Twitter URL:''' https://twitter.com/owasphyderabad

'''Telegram URL:''' https://goo.gl/EHqdLM

'''Registration URL:''' https://goo.gl/tEXnec

== Feb-2018 ==

=== '''Venue: coMakeIT''' ===
7th Floor, Block-I, My Home Hub, Hitech City, Madhapur, Hyderabad, INDIA

'''Time:''' Saturday, 03rd Feb, 2018 at 10:30 AM (IST)

'''Agenda:'''

1) Mobile Application Pentest & Mobile Application Ransomware

2) Using Static Analyser tools while coding

'''About Speakers:'''

1) '''Spv Reddy''' is an Application Security Analyst at '''IMImobile Pvt Ltd''', member of '''National Technical Committee Member''' at National Cyber Safety and Security Standards

Also a '''Steering Committee Lead''' Member in National Information Security Summit.

2) '''Dathu Rachapudi''' is having 9 years of experience with 6+ years into Application Security only. He is currently working with '''ValueLabs''' as a “Technical Lead-Security”

He likes to teach and a happy a bug hunter during his leisure time.

== Dec-2017 ==
[[File:WhatsApp Image 2017-12-15 at 11.09.39 PM.jpg|thumb]]
'''Time & Venue:'''

@15/Dec/2017

KFC location, Shilparamam, Hi-Tech city, Hyderabad

'''Agenda:'''

1. Planning for Jan 20th 2018 general OWASP meet - '''Done'''

2. Need to clear OWASP mail account - '''Done'''

'''Attendees : Hyderabad OWASP Core Team'''

== Sec-2017 ==
[[File:WhatsApp Image 2017-12-15 at 10.13.27 PM.jpg|thumb]]
'''Time & Venue:'''

@03/Sep/2017

Cafe Coffee day, Road Number 10, Banjara Hills, Hyderabad

'''Below decisions were made after careful discussions'''

1. Uploading of OWASP presentation template, speakers should make use of this template to prepare their presentation

2. Recording the technical demo is mandate for presenters

'''Attendees : Hyderabad OWASP Core Team'''

== July 2017 ==
'''Time & Venue:'''

OpenText Technologies, Building No-14, 3rd Floor, Raheja Mindspace, HITEH City, Hyderabad

Saturday, July 15th, 2017 at 10:30 AM (IST)

'''Agenda:'''

1. Introduction to DevOps and its Tools - Krishna Reddy Pedala

2. API Security Auditing using RESTED Plug-in - Vikas Kumar Pal

'''About the speaker:'''

'''Krishna Reddy Pedala''' is currently working as an Sr.Information Security consultant in financial sector. His previous endeavour was with Microsoft and has 9+ years of experience in Information security domain with expertise in service industry and banking domains.

'''Vikas Kumar Pal''' is an information security professional working with Ceredox Technologies Pvt Ltd, Hyderabad with an interest in research and development in the areas of Application Security, Penetration Testing and Web Application Development.

== Feb 2017 ==

'''Time & Venue:'''

Starbucks, Opp: Cybergateway, HiTech City, Hyderbad

Monday, February 20th, 2017 at 7.30 PM (IST)

'''Agenda:'''

Topic: New Core Team Meeting

Road map for year 2017

Changes in core team members responsibilities

Getting OWASP accounts for core members

Administration of all social accounts of OWASP Hyderabad Chapter

== April 2016 ==
'''Time & Venue:'''

OpenText Technologies, Building No-14, 3rd Floor, Raheja Mindspace, HITEH City, Hyderabad

Saturday, April 2nd, 2016 at 10:30 AM (IST)

'''Agenda:'''

Topic: Mobile application security and testing by Satish Kumar Patnaik

About the speaker - Satish Kumar Patnayak : he is currently working as an Senior Information Security Consultant financial sector and has 5+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. His areas of interest are android security, ios security.

==February 2016==

'''Time & Venue:'''

Saturday, February 27th, 2016 at 10:30 AM (IST)

Location: Pramati Technologies Private Limited, Mid Town 6-3-348 Road No. 1, Banjara Hills, Hyderabad, Telangana, India

'''Agenda:'''

Microsoft Threat Modeling Tool 2016 by Krishna Reddy Padala

Creating DFD STRIDE Model Identifying STRIDE Threats by DFD, Mitigation Techniques and Technologies

'''About the speaker:''' Krishna Reddy Padala, he is currently working as an Senior Information Security Consultant financial sectore and worked with Microsoft and has 8+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. QUALYS GUARD Certified Vulnerability Management Specialist.Certified Ethical Hacker from EC Council.Worked extensively on Web Application Security, Secure Code Reviews in Banking & Financial, Healthcare, Retail, Logistics domains.

== '''Previous Meets:''' ==

==May 11, 2013==

'''Venue:'''

CA Technologies, 115, IT Park Area, Nanakramguda, Gachibowli - (Phone - 040 6687 8000), Hyderabad

'''Agenda:''' Exploiting Java 0-day by Ravindra and Raghuveer, CA Technologies Compliance and Governance by Shalem Raj, Cognizant.

==February 9, 2013==

'''Date & Time: Saturday, February 9, 2013 from 10:00 AM to 1:00 PM '''

'''Venue:'''
CA Technologies 
115, IT Park Area 
Nanakramguda, Gachibowli - (Phone - 040 6687 8000) 
Hyderabad

'''Agenda:'''
IBM Appscan - An automated approach to web app security by Rohit Tamma 
Insecure Storage in iPhone applications by Satish Bommisetty

''' Speakers: '''

'''Rohit Tamma'''
Rohit Tamma has been working in the field of Application Security since 3.5 years. He has experience in Vulnerability Assessments and Penetration Testing of web applications. He is passionate about Mobile security with special interest in Android security. He is currently working with ADP.

'''Satish Bommisetty'''
Satish is an Information Security Professional with 6.5 years of experience in penetration testing of web applications and mobile applications. He is currently working with ADP as a security analyst. He is a Facebook whitehat. He also reported vulnerabilities in Bing, Linkedin and Paypal.

== October 27, 2012 ==

'''Date & Time: Saturday, October 27, 2012 at 11:00 AM (IST) '''.

'''Venue:'''

Invesco private Limited 
15th Floor , North Block, Beside Raidurg Police Station 
DivyaSree Orion SEZ 
Hyderabad, Andhra Pradesh 500032 

'''Agenda:'''

A bird'd eye view of securing Web Applications by Imran Mohammed

SSDLC BSIMM by M S Sripathi

''' Speakers '''

'''Imran Mohammed'''

Mohammed Imran works as Researcher at TCS, Innovation Labs. He also leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Imran is a CEH and his interests include application security assessment, penetration testing and secure code review. When not at work he practices horse riding and marksmanship.

'''Sreepati M S '''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him .

'''Sponsor'''

Invesco Pvt Ltd

== August 11, 2012 ==

'''Date & Time: Saturday, Aug 11, 2012 at 10:30 AM '''.

'''Venue:'''

ADP pvt ltd 
Kothaguda 
Ground floor, Block C Laxmi cyber city Opposite TCS e-park 
Hyderabad, Andhra Pradesh 500081 

'''Agenda:'''

HTML5 Security Part II by Krishna Chaitanya

''' Speakers '''

'''Krishna Chaitanya T'''

Krishna Chaitanya T is a web geek working at Security & Privacy Research Lab, Infosys Labs. He is very much passionate about the web with special interest on Web security and areas such as HTML5, JavaScript, Web browsers, social networking platforms etc. He is a regular blogger and speaker at technical events. For his contributions to technical communities, he has been awarded Microsoft MVP award for 3 consecutive years-ASP.NET MVP(2010) and Internet Explorer MVP (2011, 2012). He is also pursuing M.S by Research at IIIT-Hyd with focus on security aspects of the modern web. When not at work he practices Yoga and plays Chess.

'''Sponsor'''

https://www.owasp.org/images/9/91/Adp.jpg

== May 19, 2012 ==

'''Date & Time: Saturday, May 19, 2012 at 10:30 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

HTML5 Security by Krishna Chaitanya

''' Speakers '''

'''Krishna Chaitanya T'''

Krishna Chaitanya T is a web geek working at Security & Privacy Research Lab, Infosys Labs. He is very much passionate about the web with special interest on Web security and areas such as HTML5, JavaScript, Web browsers, social networking platforms etc. He is a regular blogger and speaker at technical events. For his contributions to technical communities, he has been awarded Microsoft MVP award for 3 consecutive years-ASP.NET MVP(2010) and Internet Explorer MVP (2011, 2012). He is also pursuing M.S by Research at IIIT-Hyd with focus on security aspects of the modern web. When not at work he practices Yoga and plays Chess.

== February 25, 2012 ==

'''Date & Time: Saturday, February 25, 2012 at 11:00 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

How to find zero days in web applications by Imran & Raghunath

''' Speakers '''

'''Mohammed Imran'''

Imran works as Application Security Researcher at Tata consultancy services,leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Apart from his day job he contributes to matriux and Fedora open source projects. Imran is a CEH and his interests include application security assessment, penetration testing and code review.

'''Raghunath'''

Raghunath works as a senior security engineer at entersoft information systems private limited. His interests include web application penetration testing.

== December 17, 2011 ==

'''Date & Time: Saturday, at 10:30 AM '''.

'''Venue: '''

Hotel Sitara Grand 
Road No.12, Road No.12, Banjara Hills 
Hyderabad, Andhra Pradesh 500034, India 

'''Agenda:'''

Cloud Security by Arshad Noor

''' Speakers '''

'''Arshad Noor'''
Chief Technology Officer
StrongAuth, Inc., Sunnyvale, California

Started his great profession as a senior systems designer way back in 1986 at Port Authority of Newyork and New Jersey,- Newyork and worked in Citibank - newyork as Vice President apart from Newyork Life Insurance, BASF Corporation, Sun IT ,Sun Microsystems, INC to name.
Architected and built several Public Key Infrastructure (PKI) assignments for several defense, communication, medical, Banking, e-commerce, life sciences and other industries.

== November 12, 2011==

'''Date & Time: Saturday, at 10:30 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

HP WebInspect by Rohit Tamma

Pentesting Iphone Applications By B Satish

''' Speakers '''

'''Rohit Tamma'''

Rohit Tamma (CEH) has been working as a Application security Analyst in TCS from past 2 years. His job responsibilities include Vulnerability Assessment and Penetration Testing which enabled him to acquire extensive knowledge on HP WebInspect,IBM Rational Appscan Source Edition and HP Assessment Management Platform. Recently he also gave a presentation in Null Hyderabad meet on HP WebInspect.

'''Satish B'''

Satish has been working as a web application penetration tester since 5 years. Pentested over 200 web applications during this period. Recently he got involved in reverse engineering of binaries, WLAN security and mobile application hacking. He also Performed a couple of network assessments and source code reviews. Developed a compiler in the early stage of the career. He has a Bachelor’s Degree in Computer Science from JNTU, Hyderabad.Passionate about hacking and sharing knowledge.

== 20th August 2011 ==

'''Date & Time: Saturady, at 11 AM '''

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

Oracle Padding Attack by B. Satish

Open SAM part II by Sripati MS

''' Speakers '''

'''B Satish'''

I have been working as a web application penetration tester since 5 years. Pentested over 200 web applications during this period. Recently got involved in reverse engineering of binaries, WLAN security and mobile application hacking. Performed a couple of network assessments and source code reviews. Developed a compiler in the early stage of the career. I have a Bachelor’s Degree in Computer Science from JNTU, Hyderabad. Passionate about hacking and sharing knowledge

'''Sreepati M S'''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him

== July 2011 ==

'''Date: 23/07/2011 saturady of at 12:00 Noon '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

Presentation on Burp Suite by Omair Seminar on Open SAM by Sreepati

''' Speakers '''

'''Sreepati M S '''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him

 

'''Omair '''

Omair works as penetration tester in NII consulting, has over 5 years of experience in Penetration testing. His interests include Network Penetration testing, Exploit generation and Reverse engineering

 ''' Facility Sponsor & Refreshment sponsor'''

3i Infotech

[[Image:3i Infotech.png]]

 

== june 2011 ==

'''Meet on:''' 11/06/2011 saturday

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Facility Sponsor & Refreshment sponsor''' 

Cognizant Technology Solutions

 

[[Image:Cognizant.png|273x86px|Cognizant.png]]

 

== May 2011 ==

'''Meet on:''' 07/05/2011 saturday

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

XSS Autopsy and w3af by Imran

''' Speakers '''

'''Mohammed Imran'''

Imran works as Application Security Researcher at Tata consultancy services,leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Apart from his day job he contributes to matriux and Fedora open source projects. Imran is a CEH and his interests include application security assessment, penetration testing and code review.

'''Sponsor''' 

Cognizant Technology Solutions

 

==== Audio/Video/Slides Archive ====

<paypal>Hyderabad</paypal>

__NOTOC__ <headertabs></headertabs>

[[Category:OWASP_Chapter]]
[[Category:Asia/Pacific/Middle East]]
[[Category:India]]
[[Category:Hyderabad]]

Hyderabad

2019-08-17T04:46:08Z

Raj Shalem: /* Aug - 2019 - One-Day Conference */

Welcome to the OWASP Hyderabad chapter homepage.

== OWASP - Hyderabad Chapter Board Members ==
Scope of the board is to discuss and approve local activities, meetings and plans.The board meetings will be announced at a later date. 

'''The board currently includes the following members :'''
* '''OWASP Hyderabad chapter: 'Core Team'''' (Members since 2017) [mailto:gshalemraj@gmail.com Shalem Raj - Cognizant Technology Solutions] : Chapter Leader [mailto:rajesh.gopal@owasp.org Rajesh Gopal - Fortune 500 Organisation] [mailto:bhaskar.puppala@owasp.org Bhaskar Puppala - Fortune 500 Organisation] [mailto:sathya.achanta@owasp.org Achanta Sathya Phani Bapi Raju - CSC] [mailto:saikrishna.gobburi@owasp.org Saikrishna Gobburi - Pramati Technologies Pvt Ltd] 
* '''OWASP Hyderabad chapter: 'Advisory Group'''' (Members since Mar-2019)
# Vasudeva Aremanda - Genpact
# Riyaz Shaik - FX Labs
# Krishna Chaitanya Suraparaju - Cycops (Founder)
Information about future meets can be seen in the '''''Upcoming Meetings''''' section below.

== '''Location Details''' ==

Hyderabad is the capital of southern India's Telangana state. A major center for the technology industry, it's home to many upscale restaurants and shops. Its historic sites include Golconda Fort, a former diamond-trading center that was once the Qutb Shahi dynastic capital. The Charminar, a 16th-century mosque whose 4 arches support towering minarets, is an old city landmark near the long-standing Laad Bazaar.

[[File:Hydskyline.jpg|Panorama of Hyderabad, as seen from the Hussain Sagar lake. Source: https://en.wikipedia.org/wiki/Hyderabad#/media/File:Hydskyline.jpg|center|1150x1150px]]

More details about Hyderabad location available @https://en.wikipedia.org/wiki/Hyderabad<nowiki/>{{Chapter Template|chaptername=Hyderabad|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-hyderabad|emailarchives=http://lists.owasp.org/pipermail/owasp-hyderabad}}
== Participants ==

OWASP Local Chapter meetings are free and open. Our chapter's meetings are informal and encourage open discussion of all aspects of application security. Anyone in our area interested in web application security is welcome to attend. We encourage attendees to give short presentations about specific topics.

 Stay Updated

'''[https://lists.owasp.org/mailman/listinfo/owasp-hyderabad Click here to join the local chapter mailing list]'''

'''Follow''' OWASP Hyderabad on your favorite social media sites:

[[Image:Twitter mini.png|link=http://twitter.com/OWASPHyderabad]] [[Image:Facebook mini.png|link=https://www.facebook.com/pages/Owasp-Hyderabad/181569591897591]]

'''Share''' OWASP Hyderabad on your favorite social media sites:

Presentations are invited from speakers, Please contacts us at our Telegram Group @https://goo.gl/EHqdLM

(Don't share personal details like contact numbers here, because its an open group, your privacy is our concern)

Presenters are encouraged to use OWASP presentation template for slides preparation.

Follow us at our Telegram, Twitter and Facebook handles to get latest information !

== Presentations and Training[edit | edit source] ==
OWASP Track

[https://www.owasp.org/index.php/Speaker_Agreement Speaker Agreement]

[https://www.owasp.org/images/b/b3/OWASP_Presentation_Template_v2.zip Presentation Template]

[https://www.owasp.org/index.php/Image:CFP_template.doc Call For Papers Template]

[https://www.owasp.org/images/8/85/OWASP_CFT_Template-1-.doc Call For Training proposal template].

[http://www.owasp.org/images/4/4b/SAMPLE_Training_Instructor_Agreement.doc Training Instructor Agreement]

== '''Upcoming Meetings & Events''' ==
''Stay tuned for 2019 updates - Exciting activities are under plan !''

== [[Meeting]] Details: ==

== Aug - 2019 - One-Day Conference ==
'''Organized''' '''by''' : Broadridge Financial Solutions (India) Private Limited

'''Date :''' '''31/Aug/2019'''

'''Timings :''' 9.00 AM Registration starts

'''Event :''' 10.00 AM to 06.00 PM IST

'''Venue :''' '''Broadridge Financial Solutions (India) Private Limited''', Adjacent to Cyber Towers, Hi-Tec City, Madhapur | Hyderabad 500081 Telangana

'''Registration Link:''' https://www.meraevents.com/event/owasp-hyderabad-august-meet-2019
{| class="wikitable"
|'''Registration & Networking'''
|-
|Welcome and Overview by OWASP Core Team : Welcome note by Broadridge Team
|-
|'''Azure Secure Devops Kit (AzSK)''' – By Sartaj Shaik : Sartaj is pen-tester and Security adviser with 6 + years of experience in Bug bounty and Security adviser associated with HCL and Aveva. A motivational speaker and MCU enthusiast (Inspired by Iron Man)
|-
|Refreshments / Tea Break
|-
|'''IOT (Internet of Things) Security (WiFi and Bluetooth hooks)''' – By Satish Rao : Satish Rao is an IoT Enthusiast , He have M.Tech in Computer Science and working in Oracle India Pvt Ltd in the role of Security Program Manager , having 14 years of Software Industry Experience. Linkendin : <nowiki>https://www.linkedin.com/in/satishraop/</nowiki>
|-
|'''Secure Code Review''' – By Raghav : Raghav has over 11 years of experience in Development and Application Security. In his current role at Broadridge he has been involved in vulnerability assessments, secure code reviews, design reviews, providing remediation support and mentoring. He also conducted several security awareness sessions to the development community.
|-
|'''Networking Lunch'''
|-
|'''AndroGoat in Kotlin (A damn vulnerable mobile App)''' – By Satish Patnayak : 9 years of broad industry experience , Information Security Consultant , researcher , Bug bounty hunter and blogger. AndroGoat is developed by Satish and dedicated the app to OWASP. Twitter : @satish_patnayak
|-
|'''Refreshments / Tea Break'''
|-
|'''Panel Discussion:'''
(APIs, Microservices, Containers, Cloud : Traditional, conventional and Latest Trends )

Gopal - Manager : Product Security team , Broadridge

Riyaz Shaik – FX Labs : Chief Architect ,Technocrat

TBD

TBD
|-
|'''Vote of Thanks'''

Closing: Network Business / Announce Next Meeting – By OWASP Team
|-
|Meeting Concludes: ''Network Social''
|}

== Mar - 2019 - One-Day Conference ==
'''Organized''' '''by''' : S&P Global

'''Date :''' '''09/Mar/2019'''

'''Timings :''' 9.00 AM Registration starts

'''Event :''' 10.00 AM to 06.00 PM IST

'''Venue :''' @Ness Software Engineering Services India ,LLP, '''4th Floor, Block 5, East Tower,''' '''North wing Divyasree NSL Infrastructure Pvt''', ,Sy No.66/1, Raidurgam Village, Serlingampally Mandal, RR Dist, Hyderabad-500032, Telangana, India

'''Registration Link:''' https://www.meraevents.com/event/owasp-hyderabad-chapter-march-2019-oneday-meet-by-sandp-global
{| class="wikitable"
|'''Registration & Networking'''
|-
|Welcome and Overview by OWASP Core Team:

''Felicitation to Guest of Honor: '''G Janaki Sharmila''' - Dy. Commissioner of Police - Crime''

http://www.cyberabadpolice.gov.in/crime-wing/dcp-crimes.html

''Welcome note by S&P Global Team''
|-
|'''Authentication in API, Microservices Architecture''' '''and Cloud Security''' – By ''Varun Kumar Srivastava'':

Varun is principal Engineer with 9 + years of experience in developing and securing web applications and expertise in Application Security, Identity and Access management, He is a computer science graduate from IIT
|-
|Refreshments / Tea Break
|-
|'''''Panel Discussion''''' ''(Cybersecurity Readiness – Maturity and Capability)''

Dr. Bheemarjuna Reddy Tamma - Associate Professor, IIT Hyderabad - https://www.iith.ac.in/~tbr/

Dr. V. Radha, Associate Professor, Institute for Development and Research in Banking Technology (IDRBT) - http://idrbt.ac.in/vradha.html

Mr. Veeraindhra Dinker, Director Information Security at GSS Infotech Hyderabad - https://www.linkedin.com/in/vdinker

Mr. Venu Rao , Founder and CEO - We Secure App - https://www.linkedin.com/in/venu-rao-wsa
|-
|'''Networking Lunch -'''

'''Registrations for Onsite Hackathon by Secure Code Warrior'''
|-
|'''Executive Briefing: Secure Software Development''' – By Satish Kumar Vadlakonda: Satish is Associate Director with 12 + years of broad industry experience in to software design, architecture and development. Specialized in Web and Windows applications development with a strong acquaintance to the best practices of Agile, UX, UI and Information security
|-
|'''An Introduction to IOT firmware analysis and Security''' – By ''Vivek Rengarajan:''

Vivek is a cybersecurity team leader in a multinational bank with almost 18 years of experience. He has held varied roles in his career and has been a cyber security enthusiast for a long time. His areas of interest include mobile and ioT security, Malware analysis and reverse engineering and exploit development. He tweets at @vivek_310
|-
|Refreshments / Tea Break
|-
|'''''Onsite Hackathon (CTF) by''''' '''''Secure Code Warrior''': '''(3 Hours)'''''[[File:SCW LOGO.png|thumb]]

''Secure Code Warrior is a global security company that makes software development better and more secure: Gamified competitive Developer Quality Assurance platform''

https://securecodewarrior.com , https://insights.securecodewarrior.com

'''Announcement of the winners and Prize distribution:'''

'''The participants can form a group up to 3 members each or can participate individually'''

Watch as you climb to the top of the leaderboard and be crowned the ‘Secure Code Warrior.’ We are giving away prizes:

The following are prizes :

· 1st - 3x t-shirt, Rs. 3001 Amazon voucher each from '''SCW''' and 9000 Amazon gift card from '''S&P Global'''

· 2nd - 3x t-shirt from '''SCW''' – 5000 Amazon gift card from '''S&P Global'''

· 3rd - 3x t-shirt from '''SCW''' – 3000 Amazon gift card from '''S&P Global'''
|-
|'''Vote of Thanks'''

Closing: Network Business / Announce Next Meeting – By OWASP Team
|-
|Meeting Concludes: ''Network Social''
|}

== Dec - 2018 ==
[[File:Session Photo.jpg|thumb]]
[[File:Group Photo.jpg|thumb]]
'''Organized''' '''by''' : ThoughtWorks Technologies Private Limited

'''Date :''' 15/Dec/2018

'''Timings :''' 10.00 AM to 1.00 PM IST

'''Venue :''' ThoughtWorks Technologies Private Limited, Hyderabad, Telangana, India

'''Registration Link:''' https://www.eventbrite.com/e/owasp-hyderabad-december-2018-chapter-meet-tickets-53371662078#

'''Agenda:'''

'''1) All about Java Deserialization Vulnerability'''

Java Deserialization of untrusted data has been a security buzzword for the past couple of years with almost every application using native Java serialization framework being vulnerable to Java deserialization attacks. Since it's inception, there have been many scattered attempts to come up with a solution to best address this flaw. In this talk we will focus on Java deserialization vulnerability and mitigation framework provided by Oracle in its latest JDK.

'''About Speakers:''' Venkata Suresh Sanga is a Principle Security Engineer in Oracle having more than 13+ years of experience in Application Development and Security. Currently working on SAST Tools to remediate or mitigate the Application Vulnerabilities. He has Masters in Computer Science (M.Tech) from Andhra University. Linkedin : <nowiki>https://in.linkedin.com/in/svsuresh-appse</nowiki>

'''Our Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Our Twitter URL:''' https://twitter.com/owasphyderabad

'''Our Telegram URL:''' https://goo.gl/EHqdLM

== Sept-2018 - One-Day Conference ==
'''Organized''' '''by''' : S&P Global and Ness

'''Date :''' 01/Sept/2018

'''Timings :''' 10.00 AM to 05.30 PM IST

'''Venue :''' @Ness Software Engineering Services India ,LLP, 4th Floor, Block 5, East Tower, '''North wing Divyasree NSL Infrastructure Pvt''', ,Sy No.66/1, Raidurgam Village, Serlingampally Mandal, RR Dist, Hyderabad-500032, Telangana, India

'''Registration Link:'''

https://www.meraevents.com/event/owasp-hyderabad-september-2018-chapter-meet?ucode=organizer

'''Agenda:'''
{| class="wikitable"
|'''Registration & Networking'''
|-
|Welcome and Overview by OWASP Core Team

Welcome note by S&P Global Team

Welcome & Overview of Meeting by OWASP Network Representative
|-
|'''Running Frida on jailed devices by using Frida and to bypass root/jailbreak detection – By Satish Kumar Patnayak'''

About Speaker : Information Security Consultant with 7+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. His areas of interest are android security, ios security
|-
|Refreshments / Tea Break
|-
|'''SSRF Exploit Development – By Aayush Deo'''

About Speaker : Good industry experience in information security and completed my BE from PUNE University. Have worked with shopclues.com, an eCommerce company in the past and have couple of Hall of Fame’s on ZETA, Paytm etc.
|-
|Networking Lunch
|-
|'''Mobile Vulnerabilities worth Millions - Pentesting and Securing iOS Apps using OWASP iGoat – By Swaroop Deepak Yermalkar'''

About Speaker : works as Sr Security Engineer with a diverse skill set focused on Mobile App Pentest, Web, API and AWS Pentesting. In addition he has authored the popular book “Learning iOS Pentesting” (<nowiki>https://goo.gl/T8jvjJ</nowiki>) and lead an open source project - OWASP iGoat (<nowiki>https://github.com/OWASP/iGoat-Swift</nowiki>) which is developed for mobile security. He is one of the top bug bounty researchers worldwide, working with Cobalt.io (<nowiki>https://app.cobalt.io/swaroopsy</nowiki>), Synack.inc.

He has given talks and workshops at many security conferences including AppSec USA 2017, BruCON, SEC-T, EuropeanSec, Hacks in Taiwan (HITCON), GroundZero, c0c0n, 0x90, GNUnify
|-
|'''OS Command Injection - Observation, Attack & Analysis (A1 - OWASP Top 10 2017) - By Bhaskar Puppala and Saikrishna Gobburi'''

About Speaker: Bhaskar Puppala is an Information Security Professional, working as a consultant for a fortune 500 company and has 8.5 years of experience. He is more interested in application security area and love to share his knowledge when possible. He also has some experience in bug bounty programs and listed on couple of Security Hall of Fames.

For more details please visit : <nowiki>https://in.linkedin.com/in/bhaskar-puppala-3bb11316</nowiki>

About Speaker: Saikrishna Gobburi has around 8.5 years of work experience on QA automation, performance and security testing .Currently he is working as Principal engineer with Pramati technologies. He is also associated as core member with OWASP-Hyderabad.

For more details please visit: <nowiki>https://www.linkedin.com/in/saikrishna-gobburi-b0088118/</nowiki>
|-
|Refreshments / Tea Break
|-
|Panel Discussion – Corporate attack methodology vs Attacks in the wild (Resource pool: Demand vs Supply)
Panel to be announced
|-
|Closing - Network Business / Announce Next Meeting – By OWASP Team
|-
|''Network Social''
|}
'''Sponsor :'''
{| class="wikitable"
![[File:Session_Photos.jpg|thumb|S and P]]
![[File:Session_Photos1.jpg|thumb|S and P]]
![[File:Session_Photos2.jpg|thumb|S and P]]
|} [[File:SP.png|frameless|168x168px]]
== July - 2018[edit | edit source] ==
'''Time & Venue:'''
[[File:July 2018 Core Team meet.jpg|thumb|July 2018 Core Team Meet]]
@28/July/2018

CCD, Banjara Hills, Hyderabad, Telangana.

'''Agenda:'''

1. Planning for Sep 2018 OWASP meet - '''Done'''

2. Telegraph Group Mentoring - '''Done'''

3. Speakers Finalizing - '''Done'''

'''Attendees : Hyderabad OWASP Core Team'''

[[File:CoMakeIT - June 2018 Meet Pic 2.jpg|thumb|CoMakeIT - June 2018 Meet]]

== June - 2018 ==
[[File:CoMakeIT - June 2018 Meet.jpg|alt=CoMakeIT - June 2018 Meet|thumb|CoMakeIT - June 2018 Meet]]
'''Venue: coMakeIT Software Pvt Ltd'''

Address: 7th Floor, Block-I, My Home Hub, Hitech City, Madhapur, Hyderabad, INDIA

'''Event Start Time:''' Saturday, 23rd June, 2018 at 10:00 AM (IST)

'''Event Registration URL''': https://tinyurl.com/yc9cb6hg

'''Agenda:'''

'''1) Adapting to DevSecOps in Agile World'''

In this talk, speaker will try talk about basics of DevSecOps and its benefits when we integrate it in Agile SDLC space.

'''2) Understanding the internals of 'Server-Side Request Forgery' (SSRF)'''

Here speaker will try to touch the basics about how application communicates with end devices and using the same he will try to explain SSRF issue and criticality of it, if exploited.

'''About Speakers:'''

'''1) Saikrishna Gobburi''' has around 8.5 years of work experience on QA automation, performance and security testing .Currently he is working as Principle engineer with Pramati technologies. He is also associated as core member with OWASP-Hyderabad. For more details please visit: <nowiki>https://www.linkedin.com/in/saikrishna-gobburi-b0088118/</nowiki>

'''2) Bhaskar Puppala''' is an Information Security Professional, working as a consultant for a fortune 500 company and has 8.5 years of experience. He is more interested in application security area and love to share his knowledge when possible. He also has some experience in bug bounty programs and listed on couple of Security Hall of Fames. For more details please visit : <nowiki>https://in.linkedin.com/in/bhaskar-puppala-3bb11316</nowiki>

'''Our Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Our Twitter URL:''' https://twitter.com/owasphyderabad

'''Our Telegram URL:''' https://goo.gl/EHqdLM

== Mar - 2018 ==
[[File:Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet.jpg|alt=Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet|thumb|Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet]]
'''Venue: Daspalla Hotel'''
[[File:Daspalla_Hotel_-_Meet.jpg|thumb|Daspalla Hotel Meet - Mar 2018]]

Address: Rd Number 37, CBI Colony, Jubilee Hills, Hyderabad, Telangana 500033, Phone: 040 6654 5678

'''Event Start Time:''' Saturday, 10th Mar, 2018 at 10:00 AM (IST)

'''Agenda:'''

'''1) Does your Pentesting cover all the basis of IT Security ?'''

This talk focuses on how to align the security validation of a web application with the three basic elements of security namely,Confidentiality,Integrity, and Availability (CIA). The test effectiveness can be achieved by analyzing the requirements of each element and identifying the potential breaches that can compromise each element. The efficiency should be built by relating these breaches with the known OWASP Top 10 and other vulnerabilities and, leveraging that knowledge to identify the testing approach - static and dynamic throughout the SDLC.

'''About Speakers:'''

'''Bhushan Gupta''' has over 30 years of experience in software engineering, 23 of which have been in the software industry. Although recognized for his contributions in the areas of software engineering such as agile processes and quality methods and metrics, Bhushan has taken a vigorous interest in web application security and is keen on applying pragmatic software development practices that yield a secure product. He is one of the leaders of the OWASP Portland Chapter. Bhushan has been a speaker, a panelist, and a reviewer for software quality and security organizations. As a change agent, Bhushan volunteers his time and energy for organizations that promote software security and quality. He has a MS degree in Computer Science from New Mexico Institute of Mining and Technology, Socorro, New Mexico, 1985.

'''Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Twitter URL:''' https://twitter.com/owasphyderabad

'''Telegram URL:''' https://goo.gl/EHqdLM

'''Registration URL:''' https://goo.gl/tEXnec

== Feb-2018 ==

=== '''Venue: coMakeIT''' ===
7th Floor, Block-I, My Home Hub, Hitech City, Madhapur, Hyderabad, INDIA

'''Time:''' Saturday, 03rd Feb, 2018 at 10:30 AM (IST)

'''Agenda:'''

1) Mobile Application Pentest & Mobile Application Ransomware

2) Using Static Analyser tools while coding

'''About Speakers:'''

1) '''Spv Reddy''' is an Application Security Analyst at '''IMImobile Pvt Ltd''', member of '''National Technical Committee Member''' at National Cyber Safety and Security Standards

Also a '''Steering Committee Lead''' Member in National Information Security Summit.

2) '''Dathu Rachapudi''' is having 9 years of experience with 6+ years into Application Security only. He is currently working with '''ValueLabs''' as a “Technical Lead-Security”

He likes to teach and a happy a bug hunter during his leisure time.

== Dec-2017 ==
[[File:WhatsApp Image 2017-12-15 at 11.09.39 PM.jpg|thumb]]
'''Time & Venue:'''

@15/Dec/2017

KFC location, Shilparamam, Hi-Tech city, Hyderabad

'''Agenda:'''

1. Planning for Jan 20th 2018 general OWASP meet - '''Done'''

2. Need to clear OWASP mail account - '''Done'''

'''Attendees : Hyderabad OWASP Core Team'''

== Sec-2017 ==
[[File:WhatsApp Image 2017-12-15 at 10.13.27 PM.jpg|thumb]]
'''Time & Venue:'''

@03/Sep/2017

Cafe Coffee day, Road Number 10, Banjara Hills, Hyderabad

'''Below decisions were made after careful discussions'''

1. Uploading of OWASP presentation template, speakers should make use of this template to prepare their presentation

2. Recording the technical demo is mandate for presenters

'''Attendees : Hyderabad OWASP Core Team'''

== July 2017 ==
'''Time & Venue:'''

OpenText Technologies, Building No-14, 3rd Floor, Raheja Mindspace, HITEH City, Hyderabad

Saturday, July 15th, 2017 at 10:30 AM (IST)

'''Agenda:'''

1. Introduction to DevOps and its Tools - Krishna Reddy Pedala

2. API Security Auditing using RESTED Plug-in - Vikas Kumar Pal

'''About the speaker:'''

'''Krishna Reddy Pedala''' is currently working as an Sr.Information Security consultant in financial sector. His previous endeavour was with Microsoft and has 9+ years of experience in Information security domain with expertise in service industry and banking domains.

'''Vikas Kumar Pal''' is an information security professional working with Ceredox Technologies Pvt Ltd, Hyderabad with an interest in research and development in the areas of Application Security, Penetration Testing and Web Application Development.

== Feb 2017 ==

'''Time & Venue:'''

Starbucks, Opp: Cybergateway, HiTech City, Hyderbad

Monday, February 20th, 2017 at 7.30 PM (IST)

'''Agenda:'''

Topic: New Core Team Meeting

Road map for year 2017

Changes in core team members responsibilities

Getting OWASP accounts for core members

Administration of all social accounts of OWASP Hyderabad Chapter

== April 2016 ==
'''Time & Venue:'''

OpenText Technologies, Building No-14, 3rd Floor, Raheja Mindspace, HITEH City, Hyderabad

Saturday, April 2nd, 2016 at 10:30 AM (IST)

'''Agenda:'''

Topic: Mobile application security and testing by Satish Kumar Patnaik

About the speaker - Satish Kumar Patnayak : he is currently working as an Senior Information Security Consultant financial sector and has 5+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. His areas of interest are android security, ios security.

==February 2016==

'''Time & Venue:'''

Saturday, February 27th, 2016 at 10:30 AM (IST)

Location: Pramati Technologies Private Limited, Mid Town 6-3-348 Road No. 1, Banjara Hills, Hyderabad, Telangana, India

'''Agenda:'''

Microsoft Threat Modeling Tool 2016 by Krishna Reddy Padala

Creating DFD STRIDE Model Identifying STRIDE Threats by DFD, Mitigation Techniques and Technologies

'''About the speaker:''' Krishna Reddy Padala, he is currently working as an Senior Information Security Consultant financial sectore and worked with Microsoft and has 8+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. QUALYS GUARD Certified Vulnerability Management Specialist.Certified Ethical Hacker from EC Council.Worked extensively on Web Application Security, Secure Code Reviews in Banking & Financial, Healthcare, Retail, Logistics domains.

== '''Previous Meets:''' ==

==May 11, 2013==

'''Venue:'''

CA Technologies, 115, IT Park Area, Nanakramguda, Gachibowli - (Phone - 040 6687 8000), Hyderabad

'''Agenda:''' Exploiting Java 0-day by Ravindra and Raghuveer, CA Technologies Compliance and Governance by Shalem Raj, Cognizant.

==February 9, 2013==

'''Date & Time: Saturday, February 9, 2013 from 10:00 AM to 1:00 PM '''

'''Venue:'''
CA Technologies 
115, IT Park Area 
Nanakramguda, Gachibowli - (Phone - 040 6687 8000) 
Hyderabad

'''Agenda:'''
IBM Appscan - An automated approach to web app security by Rohit Tamma 
Insecure Storage in iPhone applications by Satish Bommisetty

''' Speakers: '''

'''Rohit Tamma'''
Rohit Tamma has been working in the field of Application Security since 3.5 years. He has experience in Vulnerability Assessments and Penetration Testing of web applications. He is passionate about Mobile security with special interest in Android security. He is currently working with ADP.

'''Satish Bommisetty'''
Satish is an Information Security Professional with 6.5 years of experience in penetration testing of web applications and mobile applications. He is currently working with ADP as a security analyst. He is a Facebook whitehat. He also reported vulnerabilities in Bing, Linkedin and Paypal.

== October 27, 2012 ==

'''Date & Time: Saturday, October 27, 2012 at 11:00 AM (IST) '''.

'''Venue:'''

Invesco private Limited 
15th Floor , North Block, Beside Raidurg Police Station 
DivyaSree Orion SEZ 
Hyderabad, Andhra Pradesh 500032 

'''Agenda:'''

A bird'd eye view of securing Web Applications by Imran Mohammed

SSDLC BSIMM by M S Sripathi

''' Speakers '''

'''Imran Mohammed'''

Mohammed Imran works as Researcher at TCS, Innovation Labs. He also leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Imran is a CEH and his interests include application security assessment, penetration testing and secure code review. When not at work he practices horse riding and marksmanship.

'''Sreepati M S '''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him .

'''Sponsor'''

Invesco Pvt Ltd

== August 11, 2012 ==

'''Date & Time: Saturday, Aug 11, 2012 at 10:30 AM '''.

'''Venue:'''

ADP pvt ltd 
Kothaguda 
Ground floor, Block C Laxmi cyber city Opposite TCS e-park 
Hyderabad, Andhra Pradesh 500081 

'''Agenda:'''

HTML5 Security Part II by Krishna Chaitanya

''' Speakers '''

'''Krishna Chaitanya T'''

Krishna Chaitanya T is a web geek working at Security & Privacy Research Lab, Infosys Labs. He is very much passionate about the web with special interest on Web security and areas such as HTML5, JavaScript, Web browsers, social networking platforms etc. He is a regular blogger and speaker at technical events. For his contributions to technical communities, he has been awarded Microsoft MVP award for 3 consecutive years-ASP.NET MVP(2010) and Internet Explorer MVP (2011, 2012). He is also pursuing M.S by Research at IIIT-Hyd with focus on security aspects of the modern web. When not at work he practices Yoga and plays Chess.

'''Sponsor'''

https://www.owasp.org/images/9/91/Adp.jpg

== May 19, 2012 ==

'''Date & Time: Saturday, May 19, 2012 at 10:30 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

HTML5 Security by Krishna Chaitanya

''' Speakers '''

'''Krishna Chaitanya T'''

Krishna Chaitanya T is a web geek working at Security & Privacy Research Lab, Infosys Labs. He is very much passionate about the web with special interest on Web security and areas such as HTML5, JavaScript, Web browsers, social networking platforms etc. He is a regular blogger and speaker at technical events. For his contributions to technical communities, he has been awarded Microsoft MVP award for 3 consecutive years-ASP.NET MVP(2010) and Internet Explorer MVP (2011, 2012). He is also pursuing M.S by Research at IIIT-Hyd with focus on security aspects of the modern web. When not at work he practices Yoga and plays Chess.

== February 25, 2012 ==

'''Date & Time: Saturday, February 25, 2012 at 11:00 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

How to find zero days in web applications by Imran & Raghunath

''' Speakers '''

'''Mohammed Imran'''

Imran works as Application Security Researcher at Tata consultancy services,leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Apart from his day job he contributes to matriux and Fedora open source projects. Imran is a CEH and his interests include application security assessment, penetration testing and code review.

'''Raghunath'''

Raghunath works as a senior security engineer at entersoft information systems private limited. His interests include web application penetration testing.

== December 17, 2011 ==

'''Date & Time: Saturday, at 10:30 AM '''.

'''Venue: '''

Hotel Sitara Grand 
Road No.12, Road No.12, Banjara Hills 
Hyderabad, Andhra Pradesh 500034, India 

'''Agenda:'''

Cloud Security by Arshad Noor

''' Speakers '''

'''Arshad Noor'''
Chief Technology Officer
StrongAuth, Inc., Sunnyvale, California

Started his great profession as a senior systems designer way back in 1986 at Port Authority of Newyork and New Jersey,- Newyork and worked in Citibank - newyork as Vice President apart from Newyork Life Insurance, BASF Corporation, Sun IT ,Sun Microsystems, INC to name.
Architected and built several Public Key Infrastructure (PKI) assignments for several defense, communication, medical, Banking, e-commerce, life sciences and other industries.

== November 12, 2011==

'''Date & Time: Saturday, at 10:30 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

HP WebInspect by Rohit Tamma

Pentesting Iphone Applications By B Satish

''' Speakers '''

'''Rohit Tamma'''

Rohit Tamma (CEH) has been working as a Application security Analyst in TCS from past 2 years. His job responsibilities include Vulnerability Assessment and Penetration Testing which enabled him to acquire extensive knowledge on HP WebInspect,IBM Rational Appscan Source Edition and HP Assessment Management Platform. Recently he also gave a presentation in Null Hyderabad meet on HP WebInspect.

'''Satish B'''

Satish has been working as a web application penetration tester since 5 years. Pentested over 200 web applications during this period. Recently he got involved in reverse engineering of binaries, WLAN security and mobile application hacking. He also Performed a couple of network assessments and source code reviews. Developed a compiler in the early stage of the career. He has a Bachelor’s Degree in Computer Science from JNTU, Hyderabad.Passionate about hacking and sharing knowledge.

== 20th August 2011 ==

'''Date & Time: Saturady, at 11 AM '''

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

Oracle Padding Attack by B. Satish

Open SAM part II by Sripati MS

''' Speakers '''

'''B Satish'''

I have been working as a web application penetration tester since 5 years. Pentested over 200 web applications during this period. Recently got involved in reverse engineering of binaries, WLAN security and mobile application hacking. Performed a couple of network assessments and source code reviews. Developed a compiler in the early stage of the career. I have a Bachelor’s Degree in Computer Science from JNTU, Hyderabad. Passionate about hacking and sharing knowledge

'''Sreepati M S'''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him

== July 2011 ==

'''Date: 23/07/2011 saturady of at 12:00 Noon '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

Presentation on Burp Suite by Omair Seminar on Open SAM by Sreepati

''' Speakers '''

'''Sreepati M S '''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him

 

'''Omair '''

Omair works as penetration tester in NII consulting, has over 5 years of experience in Penetration testing. His interests include Network Penetration testing, Exploit generation and Reverse engineering

 ''' Facility Sponsor & Refreshment sponsor'''

3i Infotech

[[Image:3i Infotech.png]]

 

== june 2011 ==

'''Meet on:''' 11/06/2011 saturday

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Facility Sponsor & Refreshment sponsor''' 

Cognizant Technology Solutions

 

[[Image:Cognizant.png|273x86px|Cognizant.png]]

 

== May 2011 ==

'''Meet on:''' 07/05/2011 saturday

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

XSS Autopsy and w3af by Imran

''' Speakers '''

'''Mohammed Imran'''

Imran works as Application Security Researcher at Tata consultancy services,leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Apart from his day job he contributes to matriux and Fedora open source projects. Imran is a CEH and his interests include application security assessment, penetration testing and code review.

'''Sponsor''' 

Cognizant Technology Solutions

 

==== Audio/Video/Slides Archive ====

<paypal>Hyderabad</paypal>

__NOTOC__ <headertabs></headertabs>

[[Category:OWASP_Chapter]]
[[Category:Asia/Pacific/Middle East]]
[[Category:India]]
[[Category:Hyderabad]]

Hyderabad

2019-08-17T04:41:20Z

Raj Shalem: /* Aug - 2019 - One-Day Conference */

Welcome to the OWASP Hyderabad chapter homepage.

== OWASP - Hyderabad Chapter Board Members ==
Scope of the board is to discuss and approve local activities, meetings and plans.The board meetings will be announced at a later date. 

'''The board currently includes the following members :'''
* '''OWASP Hyderabad chapter: 'Core Team'''' (Members since 2017) [mailto:gshalemraj@gmail.com Shalem Raj - Cognizant Technology Solutions] : Chapter Leader [mailto:rajesh.gopal@owasp.org Rajesh Gopal - Fortune 500 Organisation] [mailto:bhaskar.puppala@owasp.org Bhaskar Puppala - Fortune 500 Organisation] [mailto:sathya.achanta@owasp.org Achanta Sathya Phani Bapi Raju - CSC] [mailto:saikrishna.gobburi@owasp.org Saikrishna Gobburi - Pramati Technologies Pvt Ltd] 
* '''OWASP Hyderabad chapter: 'Advisory Group'''' (Members since Mar-2019)
# Vasudeva Aremanda - Genpact
# Riyaz Shaik - FX Labs
# Krishna Chaitanya Suraparaju - Cycops (Founder)
Information about future meets can be seen in the '''''Upcoming Meetings''''' section below.

== '''Location Details''' ==

Hyderabad is the capital of southern India's Telangana state. A major center for the technology industry, it's home to many upscale restaurants and shops. Its historic sites include Golconda Fort, a former diamond-trading center that was once the Qutb Shahi dynastic capital. The Charminar, a 16th-century mosque whose 4 arches support towering minarets, is an old city landmark near the long-standing Laad Bazaar.

[[File:Hydskyline.jpg|Panorama of Hyderabad, as seen from the Hussain Sagar lake. Source: https://en.wikipedia.org/wiki/Hyderabad#/media/File:Hydskyline.jpg|center|1150x1150px]]

More details about Hyderabad location available @https://en.wikipedia.org/wiki/Hyderabad<nowiki/>{{Chapter Template|chaptername=Hyderabad|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-hyderabad|emailarchives=http://lists.owasp.org/pipermail/owasp-hyderabad}}
== Participants ==

OWASP Local Chapter meetings are free and open. Our chapter's meetings are informal and encourage open discussion of all aspects of application security. Anyone in our area interested in web application security is welcome to attend. We encourage attendees to give short presentations about specific topics.

 Stay Updated

'''[https://lists.owasp.org/mailman/listinfo/owasp-hyderabad Click here to join the local chapter mailing list]'''

'''Follow''' OWASP Hyderabad on your favorite social media sites:

[[Image:Twitter mini.png|link=http://twitter.com/OWASPHyderabad]] [[Image:Facebook mini.png|link=https://www.facebook.com/pages/Owasp-Hyderabad/181569591897591]]

'''Share''' OWASP Hyderabad on your favorite social media sites:

Presentations are invited from speakers, Please contacts us at our Telegram Group @https://goo.gl/EHqdLM

(Don't share personal details like contact numbers here, because its an open group, your privacy is our concern)

Presenters are encouraged to use OWASP presentation template for slides preparation.

Follow us at our Telegram, Twitter and Facebook handles to get latest information !

== Presentations and Training[edit | edit source] ==
OWASP Track

[https://www.owasp.org/index.php/Speaker_Agreement Speaker Agreement]

[https://www.owasp.org/images/b/b3/OWASP_Presentation_Template_v2.zip Presentation Template]

[https://www.owasp.org/index.php/Image:CFP_template.doc Call For Papers Template]

[https://www.owasp.org/images/8/85/OWASP_CFT_Template-1-.doc Call For Training proposal template].

[http://www.owasp.org/images/4/4b/SAMPLE_Training_Instructor_Agreement.doc Training Instructor Agreement]

== '''Upcoming Meetings & Events''' ==
''Stay tuned for 2019 updates - Exciting activities are under plan !''

== [[Meeting]] Details: ==

== Aug - 2019 - One-Day Conference ==
'''Organized''' '''by''' : Broadridge Financial Solutions (India) Private Limited

'''Date :''' '''31/Aug/2019'''

'''Timings :''' 9.00 AM Registration starts

'''Event :''' 10.00 AM to 06.00 PM IST

'''Venue :''' '''Broadridge Financial Solutions (India) Private Limited''', Adjacent to Cyber Towers, Hi-Tec City, Madhapur | Hyderabad 500081 Telangana

'''Registration Link:''' https://www.meraevents.com/event/owasp-hyderabad-august-meet-2019
{| class="wikitable"
|'''Registration & Networking'''
|-
|Welcome and Overview by OWASP Core Team : Welcome note by Broadridge Team
|-
|'''Azure Secure Devops Kit (AzSK)''' – By Sartaj Shaik : Sartaj is pen-tester and Security adviser with 6 + years of experience in Bug bounty and Security adviser associated with HCL and Aveva. A motivational speaker and MCU enthusiast (Inspired by Iron Man)
|-
|Refreshments / Tea Break
|-
|'''IOT (Internet of Things) Security (WiFi and Bluetooth hooks)''' – By Satish Rao : Satish Rao is an IoT Enthusiast , He have M.Tech in Computer Science and working in Oracle India Pvt Ltd in the role of Security Program Manager , having 14 years of Software Industry Experience. Linkendin : <nowiki>https://www.linkedin.com/in/satishraop/</nowiki>
|-
|'''Secure Code Review''' – By Raghav : Raghav has over 11 years of experience in Development and Application Security. In his current role at Broadridge he has been involved in vulnerability assessments, secure code reviews, design reviews, providing remediation support and mentoring. He also conducted several security awareness sessions to the development community.
|-
|'''Networking Lunch'''
|-
|'''AndroGoat in Kotlin (A damn vulnerable mobile App)''' – By Satish Patnayak : 9 years of broad industry experience , Information Security Consultant , researcher , Bug bounty hunter and blogger. AndroGoat is developed by Satish and dedicated the app to OWASP. Twitter : @satish_patnayak
|-
|'''Refreshments / Tea Break'''
|-
|'''Panel Discussion:'''
(APIs, Microservices, Containers, Cloud : Traditional, conventional and Latest Trends ) Gopal - Manager : Product Security team , Broadridge Riyaz Shaik – FX Labs : Chief Architect ,Technocrat TBD TBD
|-
|'''Vote of Thanks'''

Closing: Network Business / Announce Next Meeting – By OWASP Team
|-
|Meeting Concludes: ''Network Social''
|}

== Mar - 2019 - One-Day Conference ==
'''Organized''' '''by''' : S&P Global

'''Date :''' '''09/Mar/2019'''

'''Timings :''' 9.00 AM Registration starts

'''Event :''' 10.00 AM to 06.00 PM IST

'''Venue :''' @Ness Software Engineering Services India ,LLP, '''4th Floor, Block 5, East Tower,''' '''North wing Divyasree NSL Infrastructure Pvt''', ,Sy No.66/1, Raidurgam Village, Serlingampally Mandal, RR Dist, Hyderabad-500032, Telangana, India

'''Registration Link:''' https://www.meraevents.com/event/owasp-hyderabad-chapter-march-2019-oneday-meet-by-sandp-global
{| class="wikitable"
|'''Registration & Networking'''
|-
|Welcome and Overview by OWASP Core Team:

''Felicitation to Guest of Honor: '''G Janaki Sharmila''' - Dy. Commissioner of Police - Crime''

http://www.cyberabadpolice.gov.in/crime-wing/dcp-crimes.html

''Welcome note by S&P Global Team''
|-
|'''Authentication in API, Microservices Architecture''' '''and Cloud Security''' – By ''Varun Kumar Srivastava'':

Varun is principal Engineer with 9 + years of experience in developing and securing web applications and expertise in Application Security, Identity and Access management, He is a computer science graduate from IIT
|-
|Refreshments / Tea Break
|-
|'''''Panel Discussion''''' ''(Cybersecurity Readiness – Maturity and Capability)''

Dr. Bheemarjuna Reddy Tamma - Associate Professor, IIT Hyderabad - https://www.iith.ac.in/~tbr/

Dr. V. Radha, Associate Professor, Institute for Development and Research in Banking Technology (IDRBT) - http://idrbt.ac.in/vradha.html

Mr. Veeraindhra Dinker, Director Information Security at GSS Infotech Hyderabad - https://www.linkedin.com/in/vdinker

Mr. Venu Rao , Founder and CEO - We Secure App - https://www.linkedin.com/in/venu-rao-wsa
|-
|'''Networking Lunch -'''

'''Registrations for Onsite Hackathon by Secure Code Warrior'''
|-
|'''Executive Briefing: Secure Software Development''' – By Satish Kumar Vadlakonda: Satish is Associate Director with 12 + years of broad industry experience in to software design, architecture and development. Specialized in Web and Windows applications development with a strong acquaintance to the best practices of Agile, UX, UI and Information security
|-
|'''An Introduction to IOT firmware analysis and Security''' – By ''Vivek Rengarajan:''

Vivek is a cybersecurity team leader in a multinational bank with almost 18 years of experience. He has held varied roles in his career and has been a cyber security enthusiast for a long time. His areas of interest include mobile and ioT security, Malware analysis and reverse engineering and exploit development. He tweets at @vivek_310
|-
|Refreshments / Tea Break
|-
|'''''Onsite Hackathon (CTF) by''''' '''''Secure Code Warrior''': '''(3 Hours)'''''[[File:SCW LOGO.png|thumb]]

''Secure Code Warrior is a global security company that makes software development better and more secure: Gamified competitive Developer Quality Assurance platform''

https://securecodewarrior.com , https://insights.securecodewarrior.com

'''Announcement of the winners and Prize distribution:'''

'''The participants can form a group up to 3 members each or can participate individually'''

Watch as you climb to the top of the leaderboard and be crowned the ‘Secure Code Warrior.’ We are giving away prizes:

The following are prizes :

· 1st - 3x t-shirt, Rs. 3001 Amazon voucher each from '''SCW''' and 9000 Amazon gift card from '''S&P Global'''

· 2nd - 3x t-shirt from '''SCW''' – 5000 Amazon gift card from '''S&P Global'''

· 3rd - 3x t-shirt from '''SCW''' – 3000 Amazon gift card from '''S&P Global'''
|-
|'''Vote of Thanks'''

Closing: Network Business / Announce Next Meeting – By OWASP Team
|-
|Meeting Concludes: ''Network Social''
|}

== Dec - 2018 ==
[[File:Session Photo.jpg|thumb]]
[[File:Group Photo.jpg|thumb]]
'''Organized''' '''by''' : ThoughtWorks Technologies Private Limited

'''Date :''' 15/Dec/2018

'''Timings :''' 10.00 AM to 1.00 PM IST

'''Venue :''' ThoughtWorks Technologies Private Limited, Hyderabad, Telangana, India

'''Registration Link:''' https://www.eventbrite.com/e/owasp-hyderabad-december-2018-chapter-meet-tickets-53371662078#

'''Agenda:'''

'''1) All about Java Deserialization Vulnerability'''

Java Deserialization of untrusted data has been a security buzzword for the past couple of years with almost every application using native Java serialization framework being vulnerable to Java deserialization attacks. Since it's inception, there have been many scattered attempts to come up with a solution to best address this flaw. In this talk we will focus on Java deserialization vulnerability and mitigation framework provided by Oracle in its latest JDK.

'''About Speakers:''' Venkata Suresh Sanga is a Principle Security Engineer in Oracle having more than 13+ years of experience in Application Development and Security. Currently working on SAST Tools to remediate or mitigate the Application Vulnerabilities. He has Masters in Computer Science (M.Tech) from Andhra University. Linkedin : <nowiki>https://in.linkedin.com/in/svsuresh-appse</nowiki>

'''Our Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Our Twitter URL:''' https://twitter.com/owasphyderabad

'''Our Telegram URL:''' https://goo.gl/EHqdLM

== Sept-2018 - One-Day Conference ==
'''Organized''' '''by''' : S&P Global and Ness

'''Date :''' 01/Sept/2018

'''Timings :''' 10.00 AM to 05.30 PM IST

'''Venue :''' @Ness Software Engineering Services India ,LLP, 4th Floor, Block 5, East Tower, '''North wing Divyasree NSL Infrastructure Pvt''', ,Sy No.66/1, Raidurgam Village, Serlingampally Mandal, RR Dist, Hyderabad-500032, Telangana, India

'''Registration Link:'''

https://www.meraevents.com/event/owasp-hyderabad-september-2018-chapter-meet?ucode=organizer

'''Agenda:'''
{| class="wikitable"
|'''Registration & Networking'''
|-
|Welcome and Overview by OWASP Core Team

Welcome note by S&P Global Team

Welcome & Overview of Meeting by OWASP Network Representative
|-
|'''Running Frida on jailed devices by using Frida and to bypass root/jailbreak detection – By Satish Kumar Patnayak'''

About Speaker : Information Security Consultant with 7+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. His areas of interest are android security, ios security
|-
|Refreshments / Tea Break
|-
|'''SSRF Exploit Development – By Aayush Deo'''

About Speaker : Good industry experience in information security and completed my BE from PUNE University. Have worked with shopclues.com, an eCommerce company in the past and have couple of Hall of Fame’s on ZETA, Paytm etc.
|-
|Networking Lunch
|-
|'''Mobile Vulnerabilities worth Millions - Pentesting and Securing iOS Apps using OWASP iGoat – By Swaroop Deepak Yermalkar'''

About Speaker : works as Sr Security Engineer with a diverse skill set focused on Mobile App Pentest, Web, API and AWS Pentesting. In addition he has authored the popular book “Learning iOS Pentesting” (<nowiki>https://goo.gl/T8jvjJ</nowiki>) and lead an open source project - OWASP iGoat (<nowiki>https://github.com/OWASP/iGoat-Swift</nowiki>) which is developed for mobile security. He is one of the top bug bounty researchers worldwide, working with Cobalt.io (<nowiki>https://app.cobalt.io/swaroopsy</nowiki>), Synack.inc.

He has given talks and workshops at many security conferences including AppSec USA 2017, BruCON, SEC-T, EuropeanSec, Hacks in Taiwan (HITCON), GroundZero, c0c0n, 0x90, GNUnify
|-
|'''OS Command Injection - Observation, Attack & Analysis (A1 - OWASP Top 10 2017) - By Bhaskar Puppala and Saikrishna Gobburi'''

About Speaker: Bhaskar Puppala is an Information Security Professional, working as a consultant for a fortune 500 company and has 8.5 years of experience. He is more interested in application security area and love to share his knowledge when possible. He also has some experience in bug bounty programs and listed on couple of Security Hall of Fames.

For more details please visit : <nowiki>https://in.linkedin.com/in/bhaskar-puppala-3bb11316</nowiki>

About Speaker: Saikrishna Gobburi has around 8.5 years of work experience on QA automation, performance and security testing .Currently he is working as Principal engineer with Pramati technologies. He is also associated as core member with OWASP-Hyderabad.

For more details please visit: <nowiki>https://www.linkedin.com/in/saikrishna-gobburi-b0088118/</nowiki>
|-
|Refreshments / Tea Break
|-
|Panel Discussion – Corporate attack methodology vs Attacks in the wild (Resource pool: Demand vs Supply)
Panel to be announced
|-
|Closing - Network Business / Announce Next Meeting – By OWASP Team
|-
|''Network Social''
|}
'''Sponsor :'''
{| class="wikitable"
![[File:Session_Photos.jpg|thumb|S and P]]
![[File:Session_Photos1.jpg|thumb|S and P]]
![[File:Session_Photos2.jpg|thumb|S and P]]
|} [[File:SP.png|frameless|168x168px]]
== July - 2018[edit | edit source] ==
'''Time & Venue:'''
[[File:July 2018 Core Team meet.jpg|thumb|July 2018 Core Team Meet]]
@28/July/2018

CCD, Banjara Hills, Hyderabad, Telangana.

'''Agenda:'''

1. Planning for Sep 2018 OWASP meet - '''Done'''

2. Telegraph Group Mentoring - '''Done'''

3. Speakers Finalizing - '''Done'''

'''Attendees : Hyderabad OWASP Core Team'''

[[File:CoMakeIT - June 2018 Meet Pic 2.jpg|thumb|CoMakeIT - June 2018 Meet]]

== June - 2018 ==
[[File:CoMakeIT - June 2018 Meet.jpg|alt=CoMakeIT - June 2018 Meet|thumb|CoMakeIT - June 2018 Meet]]
'''Venue: coMakeIT Software Pvt Ltd'''

Address: 7th Floor, Block-I, My Home Hub, Hitech City, Madhapur, Hyderabad, INDIA

'''Event Start Time:''' Saturday, 23rd June, 2018 at 10:00 AM (IST)

'''Event Registration URL''': https://tinyurl.com/yc9cb6hg

'''Agenda:'''

'''1) Adapting to DevSecOps in Agile World'''

In this talk, speaker will try talk about basics of DevSecOps and its benefits when we integrate it in Agile SDLC space.

'''2) Understanding the internals of 'Server-Side Request Forgery' (SSRF)'''

Here speaker will try to touch the basics about how application communicates with end devices and using the same he will try to explain SSRF issue and criticality of it, if exploited.

'''About Speakers:'''

'''1) Saikrishna Gobburi''' has around 8.5 years of work experience on QA automation, performance and security testing .Currently he is working as Principle engineer with Pramati technologies. He is also associated as core member with OWASP-Hyderabad. For more details please visit: <nowiki>https://www.linkedin.com/in/saikrishna-gobburi-b0088118/</nowiki>

'''2) Bhaskar Puppala''' is an Information Security Professional, working as a consultant for a fortune 500 company and has 8.5 years of experience. He is more interested in application security area and love to share his knowledge when possible. He also has some experience in bug bounty programs and listed on couple of Security Hall of Fames. For more details please visit : <nowiki>https://in.linkedin.com/in/bhaskar-puppala-3bb11316</nowiki>

'''Our Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Our Twitter URL:''' https://twitter.com/owasphyderabad

'''Our Telegram URL:''' https://goo.gl/EHqdLM

== Mar - 2018 ==
[[File:Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet.jpg|alt=Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet|thumb|Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet]]
'''Venue: Daspalla Hotel'''
[[File:Daspalla_Hotel_-_Meet.jpg|thumb|Daspalla Hotel Meet - Mar 2018]]

Address: Rd Number 37, CBI Colony, Jubilee Hills, Hyderabad, Telangana 500033, Phone: 040 6654 5678

'''Event Start Time:''' Saturday, 10th Mar, 2018 at 10:00 AM (IST)

'''Agenda:'''

'''1) Does your Pentesting cover all the basis of IT Security ?'''

This talk focuses on how to align the security validation of a web application with the three basic elements of security namely,Confidentiality,Integrity, and Availability (CIA). The test effectiveness can be achieved by analyzing the requirements of each element and identifying the potential breaches that can compromise each element. The efficiency should be built by relating these breaches with the known OWASP Top 10 and other vulnerabilities and, leveraging that knowledge to identify the testing approach - static and dynamic throughout the SDLC.

'''About Speakers:'''

'''Bhushan Gupta''' has over 30 years of experience in software engineering, 23 of which have been in the software industry. Although recognized for his contributions in the areas of software engineering such as agile processes and quality methods and metrics, Bhushan has taken a vigorous interest in web application security and is keen on applying pragmatic software development practices that yield a secure product. He is one of the leaders of the OWASP Portland Chapter. Bhushan has been a speaker, a panelist, and a reviewer for software quality and security organizations. As a change agent, Bhushan volunteers his time and energy for organizations that promote software security and quality. He has a MS degree in Computer Science from New Mexico Institute of Mining and Technology, Socorro, New Mexico, 1985.

'''Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Twitter URL:''' https://twitter.com/owasphyderabad

'''Telegram URL:''' https://goo.gl/EHqdLM

'''Registration URL:''' https://goo.gl/tEXnec

== Feb-2018 ==

=== '''Venue: coMakeIT''' ===
7th Floor, Block-I, My Home Hub, Hitech City, Madhapur, Hyderabad, INDIA

'''Time:''' Saturday, 03rd Feb, 2018 at 10:30 AM (IST)

'''Agenda:'''

1) Mobile Application Pentest & Mobile Application Ransomware

2) Using Static Analyser tools while coding

'''About Speakers:'''

1) '''Spv Reddy''' is an Application Security Analyst at '''IMImobile Pvt Ltd''', member of '''National Technical Committee Member''' at National Cyber Safety and Security Standards

Also a '''Steering Committee Lead''' Member in National Information Security Summit.

2) '''Dathu Rachapudi''' is having 9 years of experience with 6+ years into Application Security only. He is currently working with '''ValueLabs''' as a “Technical Lead-Security”

He likes to teach and a happy a bug hunter during his leisure time.

== Dec-2017 ==
[[File:WhatsApp Image 2017-12-15 at 11.09.39 PM.jpg|thumb]]
'''Time & Venue:'''

@15/Dec/2017

KFC location, Shilparamam, Hi-Tech city, Hyderabad

'''Agenda:'''

1. Planning for Jan 20th 2018 general OWASP meet - '''Done'''

2. Need to clear OWASP mail account - '''Done'''

'''Attendees : Hyderabad OWASP Core Team'''

== Sec-2017 ==
[[File:WhatsApp Image 2017-12-15 at 10.13.27 PM.jpg|thumb]]
'''Time & Venue:'''

@03/Sep/2017

Cafe Coffee day, Road Number 10, Banjara Hills, Hyderabad

'''Below decisions were made after careful discussions'''

1. Uploading of OWASP presentation template, speakers should make use of this template to prepare their presentation

2. Recording the technical demo is mandate for presenters

'''Attendees : Hyderabad OWASP Core Team'''

== July 2017 ==
'''Time & Venue:'''

OpenText Technologies, Building No-14, 3rd Floor, Raheja Mindspace, HITEH City, Hyderabad

Saturday, July 15th, 2017 at 10:30 AM (IST)

'''Agenda:'''

1. Introduction to DevOps and its Tools - Krishna Reddy Pedala

2. API Security Auditing using RESTED Plug-in - Vikas Kumar Pal

'''About the speaker:'''

'''Krishna Reddy Pedala''' is currently working as an Sr.Information Security consultant in financial sector. His previous endeavour was with Microsoft and has 9+ years of experience in Information security domain with expertise in service industry and banking domains.

'''Vikas Kumar Pal''' is an information security professional working with Ceredox Technologies Pvt Ltd, Hyderabad with an interest in research and development in the areas of Application Security, Penetration Testing and Web Application Development.

== Feb 2017 ==

'''Time & Venue:'''

Starbucks, Opp: Cybergateway, HiTech City, Hyderbad

Monday, February 20th, 2017 at 7.30 PM (IST)

'''Agenda:'''

Topic: New Core Team Meeting

Road map for year 2017

Changes in core team members responsibilities

Getting OWASP accounts for core members

Administration of all social accounts of OWASP Hyderabad Chapter

== April 2016 ==
'''Time & Venue:'''

OpenText Technologies, Building No-14, 3rd Floor, Raheja Mindspace, HITEH City, Hyderabad

Saturday, April 2nd, 2016 at 10:30 AM (IST)

'''Agenda:'''

Topic: Mobile application security and testing by Satish Kumar Patnaik

About the speaker - Satish Kumar Patnayak : he is currently working as an Senior Information Security Consultant financial sector and has 5+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. His areas of interest are android security, ios security.

==February 2016==

'''Time & Venue:'''

Saturday, February 27th, 2016 at 10:30 AM (IST)

Location: Pramati Technologies Private Limited, Mid Town 6-3-348 Road No. 1, Banjara Hills, Hyderabad, Telangana, India

'''Agenda:'''

Microsoft Threat Modeling Tool 2016 by Krishna Reddy Padala

Creating DFD STRIDE Model Identifying STRIDE Threats by DFD, Mitigation Techniques and Technologies

'''About the speaker:''' Krishna Reddy Padala, he is currently working as an Senior Information Security Consultant financial sectore and worked with Microsoft and has 8+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. QUALYS GUARD Certified Vulnerability Management Specialist.Certified Ethical Hacker from EC Council.Worked extensively on Web Application Security, Secure Code Reviews in Banking & Financial, Healthcare, Retail, Logistics domains.

== '''Previous Meets:''' ==

==May 11, 2013==

'''Venue:'''

CA Technologies, 115, IT Park Area, Nanakramguda, Gachibowli - (Phone - 040 6687 8000), Hyderabad

'''Agenda:''' Exploiting Java 0-day by Ravindra and Raghuveer, CA Technologies Compliance and Governance by Shalem Raj, Cognizant.

==February 9, 2013==

'''Date & Time: Saturday, February 9, 2013 from 10:00 AM to 1:00 PM '''

'''Venue:'''
CA Technologies 
115, IT Park Area 
Nanakramguda, Gachibowli - (Phone - 040 6687 8000) 
Hyderabad

'''Agenda:'''
IBM Appscan - An automated approach to web app security by Rohit Tamma 
Insecure Storage in iPhone applications by Satish Bommisetty

''' Speakers: '''

'''Rohit Tamma'''
Rohit Tamma has been working in the field of Application Security since 3.5 years. He has experience in Vulnerability Assessments and Penetration Testing of web applications. He is passionate about Mobile security with special interest in Android security. He is currently working with ADP.

'''Satish Bommisetty'''
Satish is an Information Security Professional with 6.5 years of experience in penetration testing of web applications and mobile applications. He is currently working with ADP as a security analyst. He is a Facebook whitehat. He also reported vulnerabilities in Bing, Linkedin and Paypal.

== October 27, 2012 ==

'''Date & Time: Saturday, October 27, 2012 at 11:00 AM (IST) '''.

'''Venue:'''

Invesco private Limited 
15th Floor , North Block, Beside Raidurg Police Station 
DivyaSree Orion SEZ 
Hyderabad, Andhra Pradesh 500032 

'''Agenda:'''

A bird'd eye view of securing Web Applications by Imran Mohammed

SSDLC BSIMM by M S Sripathi

''' Speakers '''

'''Imran Mohammed'''

Mohammed Imran works as Researcher at TCS, Innovation Labs. He also leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Imran is a CEH and his interests include application security assessment, penetration testing and secure code review. When not at work he practices horse riding and marksmanship.

'''Sreepati M S '''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him .

'''Sponsor'''

Invesco Pvt Ltd

== August 11, 2012 ==

'''Date & Time: Saturday, Aug 11, 2012 at 10:30 AM '''.

'''Venue:'''

ADP pvt ltd 
Kothaguda 
Ground floor, Block C Laxmi cyber city Opposite TCS e-park 
Hyderabad, Andhra Pradesh 500081 

'''Agenda:'''

HTML5 Security Part II by Krishna Chaitanya

''' Speakers '''

'''Krishna Chaitanya T'''

Krishna Chaitanya T is a web geek working at Security & Privacy Research Lab, Infosys Labs. He is very much passionate about the web with special interest on Web security and areas such as HTML5, JavaScript, Web browsers, social networking platforms etc. He is a regular blogger and speaker at technical events. For his contributions to technical communities, he has been awarded Microsoft MVP award for 3 consecutive years-ASP.NET MVP(2010) and Internet Explorer MVP (2011, 2012). He is also pursuing M.S by Research at IIIT-Hyd with focus on security aspects of the modern web. When not at work he practices Yoga and plays Chess.

'''Sponsor'''

https://www.owasp.org/images/9/91/Adp.jpg

== May 19, 2012 ==

'''Date & Time: Saturday, May 19, 2012 at 10:30 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

HTML5 Security by Krishna Chaitanya

''' Speakers '''

'''Krishna Chaitanya T'''

Krishna Chaitanya T is a web geek working at Security & Privacy Research Lab, Infosys Labs. He is very much passionate about the web with special interest on Web security and areas such as HTML5, JavaScript, Web browsers, social networking platforms etc. He is a regular blogger and speaker at technical events. For his contributions to technical communities, he has been awarded Microsoft MVP award for 3 consecutive years-ASP.NET MVP(2010) and Internet Explorer MVP (2011, 2012). He is also pursuing M.S by Research at IIIT-Hyd with focus on security aspects of the modern web. When not at work he practices Yoga and plays Chess.

== February 25, 2012 ==

'''Date & Time: Saturday, February 25, 2012 at 11:00 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

How to find zero days in web applications by Imran & Raghunath

''' Speakers '''

'''Mohammed Imran'''

Imran works as Application Security Researcher at Tata consultancy services,leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Apart from his day job he contributes to matriux and Fedora open source projects. Imran is a CEH and his interests include application security assessment, penetration testing and code review.

'''Raghunath'''

Raghunath works as a senior security engineer at entersoft information systems private limited. His interests include web application penetration testing.

== December 17, 2011 ==

'''Date & Time: Saturday, at 10:30 AM '''.

'''Venue: '''

Hotel Sitara Grand 
Road No.12, Road No.12, Banjara Hills 
Hyderabad, Andhra Pradesh 500034, India 

'''Agenda:'''

Cloud Security by Arshad Noor

''' Speakers '''

'''Arshad Noor'''
Chief Technology Officer
StrongAuth, Inc., Sunnyvale, California

Started his great profession as a senior systems designer way back in 1986 at Port Authority of Newyork and New Jersey,- Newyork and worked in Citibank - newyork as Vice President apart from Newyork Life Insurance, BASF Corporation, Sun IT ,Sun Microsystems, INC to name.
Architected and built several Public Key Infrastructure (PKI) assignments for several defense, communication, medical, Banking, e-commerce, life sciences and other industries.

== November 12, 2011==

'''Date & Time: Saturday, at 10:30 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

HP WebInspect by Rohit Tamma

Pentesting Iphone Applications By B Satish

''' Speakers '''

'''Rohit Tamma'''

Rohit Tamma (CEH) has been working as a Application security Analyst in TCS from past 2 years. His job responsibilities include Vulnerability Assessment and Penetration Testing which enabled him to acquire extensive knowledge on HP WebInspect,IBM Rational Appscan Source Edition and HP Assessment Management Platform. Recently he also gave a presentation in Null Hyderabad meet on HP WebInspect.

'''Satish B'''

Satish has been working as a web application penetration tester since 5 years. Pentested over 200 web applications during this period. Recently he got involved in reverse engineering of binaries, WLAN security and mobile application hacking. He also Performed a couple of network assessments and source code reviews. Developed a compiler in the early stage of the career. He has a Bachelor’s Degree in Computer Science from JNTU, Hyderabad.Passionate about hacking and sharing knowledge.

== 20th August 2011 ==

'''Date & Time: Saturady, at 11 AM '''

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

Oracle Padding Attack by B. Satish

Open SAM part II by Sripati MS

''' Speakers '''

'''B Satish'''

I have been working as a web application penetration tester since 5 years. Pentested over 200 web applications during this period. Recently got involved in reverse engineering of binaries, WLAN security and mobile application hacking. Performed a couple of network assessments and source code reviews. Developed a compiler in the early stage of the career. I have a Bachelor’s Degree in Computer Science from JNTU, Hyderabad. Passionate about hacking and sharing knowledge

'''Sreepati M S'''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him

== July 2011 ==

'''Date: 23/07/2011 saturady of at 12:00 Noon '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

Presentation on Burp Suite by Omair Seminar on Open SAM by Sreepati

''' Speakers '''

'''Sreepati M S '''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him

 

'''Omair '''

Omair works as penetration tester in NII consulting, has over 5 years of experience in Penetration testing. His interests include Network Penetration testing, Exploit generation and Reverse engineering

 ''' Facility Sponsor & Refreshment sponsor'''

3i Infotech

[[Image:3i Infotech.png]]

 

== june 2011 ==

'''Meet on:''' 11/06/2011 saturday

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Facility Sponsor & Refreshment sponsor''' 

Cognizant Technology Solutions

 

[[Image:Cognizant.png|273x86px|Cognizant.png]]

 

== May 2011 ==

'''Meet on:''' 07/05/2011 saturday

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

XSS Autopsy and w3af by Imran

''' Speakers '''

'''Mohammed Imran'''

Imran works as Application Security Researcher at Tata consultancy services,leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Apart from his day job he contributes to matriux and Fedora open source projects. Imran is a CEH and his interests include application security assessment, penetration testing and code review.

'''Sponsor''' 

Cognizant Technology Solutions

 

==== Audio/Video/Slides Archive ====

<paypal>Hyderabad</paypal>

__NOTOC__ <headertabs></headertabs>

[[Category:OWASP_Chapter]]
[[Category:Asia/Pacific/Middle East]]
[[Category:India]]
[[Category:Hyderabad]]

Hyderabad

2019-08-17T04:24:11Z

Raj Shalem: /* Upcoming Meetings & Events */

Welcome to the OWASP Hyderabad chapter homepage.

== OWASP - Hyderabad Chapter Board Members ==
Scope of the board is to discuss and approve local activities, meetings and plans.The board meetings will be announced at a later date. 

'''The board currently includes the following members :'''
* '''OWASP Hyderabad chapter: 'Core Team'''' (Members since 2017) [mailto:gshalemraj@gmail.com Shalem Raj - Cognizant Technology Solutions] : Chapter Leader [mailto:rajesh.gopal@owasp.org Rajesh Gopal - Fortune 500 Organisation] [mailto:bhaskar.puppala@owasp.org Bhaskar Puppala - Fortune 500 Organisation] [mailto:sathya.achanta@owasp.org Achanta Sathya Phani Bapi Raju - CSC] [mailto:saikrishna.gobburi@owasp.org Saikrishna Gobburi - Pramati Technologies Pvt Ltd] 
* '''OWASP Hyderabad chapter: 'Advisory Group'''' (Members since Mar-2019)
# Vasudeva Aremanda - Genpact
# Riyaz Shaik - FX Labs
# Krishna Chaitanya Suraparaju - Cycops (Founder)
Information about future meets can be seen in the '''''Upcoming Meetings''''' section below.

== '''Location Details''' ==

Hyderabad is the capital of southern India's Telangana state. A major center for the technology industry, it's home to many upscale restaurants and shops. Its historic sites include Golconda Fort, a former diamond-trading center that was once the Qutb Shahi dynastic capital. The Charminar, a 16th-century mosque whose 4 arches support towering minarets, is an old city landmark near the long-standing Laad Bazaar.

[[File:Hydskyline.jpg|Panorama of Hyderabad, as seen from the Hussain Sagar lake. Source: https://en.wikipedia.org/wiki/Hyderabad#/media/File:Hydskyline.jpg|center|1150x1150px]]

More details about Hyderabad location available @https://en.wikipedia.org/wiki/Hyderabad<nowiki/>{{Chapter Template|chaptername=Hyderabad|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-hyderabad|emailarchives=http://lists.owasp.org/pipermail/owasp-hyderabad}}
== Participants ==

OWASP Local Chapter meetings are free and open. Our chapter's meetings are informal and encourage open discussion of all aspects of application security. Anyone in our area interested in web application security is welcome to attend. We encourage attendees to give short presentations about specific topics.

 Stay Updated

'''[https://lists.owasp.org/mailman/listinfo/owasp-hyderabad Click here to join the local chapter mailing list]'''

'''Follow''' OWASP Hyderabad on your favorite social media sites:

[[Image:Twitter mini.png|link=http://twitter.com/OWASPHyderabad]] [[Image:Facebook mini.png|link=https://www.facebook.com/pages/Owasp-Hyderabad/181569591897591]]

'''Share''' OWASP Hyderabad on your favorite social media sites:

Presentations are invited from speakers, Please contacts us at our Telegram Group @https://goo.gl/EHqdLM

(Don't share personal details like contact numbers here, because its an open group, your privacy is our concern)

Presenters are encouraged to use OWASP presentation template for slides preparation.

Follow us at our Telegram, Twitter and Facebook handles to get latest information !

== Presentations and Training[edit | edit source] ==
OWASP Track

[https://www.owasp.org/index.php/Speaker_Agreement Speaker Agreement]

[https://www.owasp.org/images/b/b3/OWASP_Presentation_Template_v2.zip Presentation Template]

[https://www.owasp.org/index.php/Image:CFP_template.doc Call For Papers Template]

[https://www.owasp.org/images/8/85/OWASP_CFT_Template-1-.doc Call For Training proposal template].

[http://www.owasp.org/images/4/4b/SAMPLE_Training_Instructor_Agreement.doc Training Instructor Agreement]

== '''Upcoming Meetings & Events''' ==
''Stay tuned for 2019 updates - Exciting activities are under plan !''

== [[Meeting]] Details: ==

== Aug - 2019 - One-Day Conference ==
'''Organized''' '''by''' : Broadridge Financial Solutions (India) Private Limited

'''Date :''' '''31/Aug/2019'''

'''Timings :''' 9.00 AM Registration starts

'''Event :''' 10.00 AM to 06.00 PM IST

'''Venue :''' Adjacent to Cyber Towers, Hi-Tec City, Madhapur | Hyderabad 500081 Telangana

'''Registration Link:''' https://www.meraevents.com/event/owasp-hyderabad-chapter-march-2019-oneday-meet-by-sandp-global

== Mar - 2019 - One-Day Conference ==
'''Organized''' '''by''' : S&P Global

'''Date :''' '''09/Mar/2019'''

'''Timings :''' 9.00 AM Registration starts

'''Event :''' 10.00 AM to 06.00 PM IST

'''Venue :''' @Ness Software Engineering Services India ,LLP, '''4th Floor, Block 5, East Tower,''' '''North wing Divyasree NSL Infrastructure Pvt''', ,Sy No.66/1, Raidurgam Village, Serlingampally Mandal, RR Dist, Hyderabad-500032, Telangana, India

'''Registration Link:''' https://www.meraevents.com/event/owasp-hyderabad-chapter-march-2019-oneday-meet-by-sandp-global
{| class="wikitable"
|'''Registration & Networking'''
|-
|Welcome and Overview by OWASP Core Team:

''Felicitation to Guest of Honor: '''G Janaki Sharmila''' - Dy. Commissioner of Police - Crime''

http://www.cyberabadpolice.gov.in/crime-wing/dcp-crimes.html

''Welcome note by S&P Global Team''
|-
|'''Authentication in API, Microservices Architecture''' '''and Cloud Security''' – By ''Varun Kumar Srivastava'':

Varun is principal Engineer with 9 + years of experience in developing and securing web applications and expertise in Application Security, Identity and Access management, He is a computer science graduate from IIT
|-
|Refreshments / Tea Break
|-
|'''''Panel Discussion''''' ''(Cybersecurity Readiness – Maturity and Capability)''

Dr. Bheemarjuna Reddy Tamma - Associate Professor, IIT Hyderabad - https://www.iith.ac.in/~tbr/

Dr. V. Radha, Associate Professor, Institute for Development and Research in Banking Technology (IDRBT) - http://idrbt.ac.in/vradha.html

Mr. Veeraindhra Dinker, Director Information Security at GSS Infotech Hyderabad - https://www.linkedin.com/in/vdinker

Mr. Venu Rao , Founder and CEO - We Secure App - https://www.linkedin.com/in/venu-rao-wsa
|-
|'''Networking Lunch -'''

'''Registrations for Onsite Hackathon by Secure Code Warrior'''
|-
|'''Executive Briefing: Secure Software Development''' – By Satish Kumar Vadlakonda: Satish is Associate Director with 12 + years of broad industry experience in to software design, architecture and development. Specialized in Web and Windows applications development with a strong acquaintance to the best practices of Agile, UX, UI and Information security
|-
|'''An Introduction to IOT firmware analysis and Security''' – By ''Vivek Rengarajan:''

Vivek is a cybersecurity team leader in a multinational bank with almost 18 years of experience. He has held varied roles in his career and has been a cyber security enthusiast for a long time. His areas of interest include mobile and ioT security, Malware analysis and reverse engineering and exploit development. He tweets at @vivek_310
|-
|Refreshments / Tea Break
|-
|'''''Onsite Hackathon (CTF) by''''' '''''Secure Code Warrior''': '''(3 Hours)'''''[[File:SCW LOGO.png|thumb]]

''Secure Code Warrior is a global security company that makes software development better and more secure: Gamified competitive Developer Quality Assurance platform''

https://securecodewarrior.com , https://insights.securecodewarrior.com

'''Announcement of the winners and Prize distribution:'''

'''The participants can form a group up to 3 members each or can participate individually'''

Watch as you climb to the top of the leaderboard and be crowned the ‘Secure Code Warrior.’ We are giving away prizes:

The following are prizes :

· 1st - 3x t-shirt, Rs. 3001 Amazon voucher each from '''SCW''' and 9000 Amazon gift card from '''S&P Global'''

· 2nd - 3x t-shirt from '''SCW''' – 5000 Amazon gift card from '''S&P Global'''

· 3rd - 3x t-shirt from '''SCW''' – 3000 Amazon gift card from '''S&P Global'''
|-
|'''Vote of Thanks'''

Closing: Network Business / Announce Next Meeting – By OWASP Team
|-
|Meeting Concludes: ''Network Social''
|}

== Dec - 2018 ==
[[File:Session Photo.jpg|thumb]]
[[File:Group Photo.jpg|thumb]]
'''Organized''' '''by''' : ThoughtWorks Technologies Private Limited

'''Date :''' 15/Dec/2018

'''Timings :''' 10.00 AM to 1.00 PM IST

'''Venue :''' ThoughtWorks Technologies Private Limited, Hyderabad, Telangana, India

'''Registration Link:''' https://www.eventbrite.com/e/owasp-hyderabad-december-2018-chapter-meet-tickets-53371662078#

'''Agenda:'''

'''1) All about Java Deserialization Vulnerability'''

Java Deserialization of untrusted data has been a security buzzword for the past couple of years with almost every application using native Java serialization framework being vulnerable to Java deserialization attacks. Since it's inception, there have been many scattered attempts to come up with a solution to best address this flaw. In this talk we will focus on Java deserialization vulnerability and mitigation framework provided by Oracle in its latest JDK.

'''About Speakers:''' Venkata Suresh Sanga is a Principle Security Engineer in Oracle having more than 13+ years of experience in Application Development and Security. Currently working on SAST Tools to remediate or mitigate the Application Vulnerabilities. He has Masters in Computer Science (M.Tech) from Andhra University. Linkedin : <nowiki>https://in.linkedin.com/in/svsuresh-appse</nowiki>

'''Our Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Our Twitter URL:''' https://twitter.com/owasphyderabad

'''Our Telegram URL:''' https://goo.gl/EHqdLM

== Sept-2018 - One-Day Conference ==
'''Organized''' '''by''' : S&P Global and Ness

'''Date :''' 01/Sept/2018

'''Timings :''' 10.00 AM to 05.30 PM IST

'''Venue :''' @Ness Software Engineering Services India ,LLP, 4th Floor, Block 5, East Tower, '''North wing Divyasree NSL Infrastructure Pvt''', ,Sy No.66/1, Raidurgam Village, Serlingampally Mandal, RR Dist, Hyderabad-500032, Telangana, India

'''Registration Link:'''

https://www.meraevents.com/event/owasp-hyderabad-september-2018-chapter-meet?ucode=organizer

'''Agenda:'''
{| class="wikitable"
|'''Registration & Networking'''
|-
|Welcome and Overview by OWASP Core Team

Welcome note by S&P Global Team

Welcome & Overview of Meeting by OWASP Network Representative
|-
|'''Running Frida on jailed devices by using Frida and to bypass root/jailbreak detection – By Satish Kumar Patnayak'''

About Speaker : Information Security Consultant with 7+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. His areas of interest are android security, ios security
|-
|Refreshments / Tea Break
|-
|'''SSRF Exploit Development – By Aayush Deo'''

About Speaker : Good industry experience in information security and completed my BE from PUNE University. Have worked with shopclues.com, an eCommerce company in the past and have couple of Hall of Fame’s on ZETA, Paytm etc.
|-
|Networking Lunch
|-
|'''Mobile Vulnerabilities worth Millions - Pentesting and Securing iOS Apps using OWASP iGoat – By Swaroop Deepak Yermalkar'''

About Speaker : works as Sr Security Engineer with a diverse skill set focused on Mobile App Pentest, Web, API and AWS Pentesting. In addition he has authored the popular book “Learning iOS Pentesting” (<nowiki>https://goo.gl/T8jvjJ</nowiki>) and lead an open source project - OWASP iGoat (<nowiki>https://github.com/OWASP/iGoat-Swift</nowiki>) which is developed for mobile security. He is one of the top bug bounty researchers worldwide, working with Cobalt.io (<nowiki>https://app.cobalt.io/swaroopsy</nowiki>), Synack.inc.

He has given talks and workshops at many security conferences including AppSec USA 2017, BruCON, SEC-T, EuropeanSec, Hacks in Taiwan (HITCON), GroundZero, c0c0n, 0x90, GNUnify
|-
|'''OS Command Injection - Observation, Attack & Analysis (A1 - OWASP Top 10 2017) - By Bhaskar Puppala and Saikrishna Gobburi'''

About Speaker: Bhaskar Puppala is an Information Security Professional, working as a consultant for a fortune 500 company and has 8.5 years of experience. He is more interested in application security area and love to share his knowledge when possible. He also has some experience in bug bounty programs and listed on couple of Security Hall of Fames.

For more details please visit : <nowiki>https://in.linkedin.com/in/bhaskar-puppala-3bb11316</nowiki>

About Speaker: Saikrishna Gobburi has around 8.5 years of work experience on QA automation, performance and security testing .Currently he is working as Principal engineer with Pramati technologies. He is also associated as core member with OWASP-Hyderabad.

For more details please visit: <nowiki>https://www.linkedin.com/in/saikrishna-gobburi-b0088118/</nowiki>
|-
|Refreshments / Tea Break
|-
|Panel Discussion – Corporate attack methodology vs Attacks in the wild (Resource pool: Demand vs Supply)
Panel to be announced
|-
|Closing - Network Business / Announce Next Meeting – By OWASP Team
|-
|''Network Social''
|}
'''Sponsor :'''
{| class="wikitable"
![[File:Session_Photos.jpg|thumb|S and P]]
![[File:Session_Photos1.jpg|thumb|S and P]]
![[File:Session_Photos2.jpg|thumb|S and P]]
|} [[File:SP.png|frameless|168x168px]]
== July - 2018[edit | edit source] ==
'''Time & Venue:'''
[[File:July 2018 Core Team meet.jpg|thumb|July 2018 Core Team Meet]]
@28/July/2018

CCD, Banjara Hills, Hyderabad, Telangana.

'''Agenda:'''

1. Planning for Sep 2018 OWASP meet - '''Done'''

2. Telegraph Group Mentoring - '''Done'''

3. Speakers Finalizing - '''Done'''

'''Attendees : Hyderabad OWASP Core Team'''

[[File:CoMakeIT - June 2018 Meet Pic 2.jpg|thumb|CoMakeIT - June 2018 Meet]]

== June - 2018 ==
[[File:CoMakeIT - June 2018 Meet.jpg|alt=CoMakeIT - June 2018 Meet|thumb|CoMakeIT - June 2018 Meet]]
'''Venue: coMakeIT Software Pvt Ltd'''

Address: 7th Floor, Block-I, My Home Hub, Hitech City, Madhapur, Hyderabad, INDIA

'''Event Start Time:''' Saturday, 23rd June, 2018 at 10:00 AM (IST)

'''Event Registration URL''': https://tinyurl.com/yc9cb6hg

'''Agenda:'''

'''1) Adapting to DevSecOps in Agile World'''

In this talk, speaker will try talk about basics of DevSecOps and its benefits when we integrate it in Agile SDLC space.

'''2) Understanding the internals of 'Server-Side Request Forgery' (SSRF)'''

Here speaker will try to touch the basics about how application communicates with end devices and using the same he will try to explain SSRF issue and criticality of it, if exploited.

'''About Speakers:'''

'''1) Saikrishna Gobburi''' has around 8.5 years of work experience on QA automation, performance and security testing .Currently he is working as Principle engineer with Pramati technologies. He is also associated as core member with OWASP-Hyderabad. For more details please visit: <nowiki>https://www.linkedin.com/in/saikrishna-gobburi-b0088118/</nowiki>

'''2) Bhaskar Puppala''' is an Information Security Professional, working as a consultant for a fortune 500 company and has 8.5 years of experience. He is more interested in application security area and love to share his knowledge when possible. He also has some experience in bug bounty programs and listed on couple of Security Hall of Fames. For more details please visit : <nowiki>https://in.linkedin.com/in/bhaskar-puppala-3bb11316</nowiki>

'''Our Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Our Twitter URL:''' https://twitter.com/owasphyderabad

'''Our Telegram URL:''' https://goo.gl/EHqdLM

== Mar - 2018 ==
[[File:Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet.jpg|alt=Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet|thumb|Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet]]
'''Venue: Daspalla Hotel'''
[[File:Daspalla_Hotel_-_Meet.jpg|thumb|Daspalla Hotel Meet - Mar 2018]]

Address: Rd Number 37, CBI Colony, Jubilee Hills, Hyderabad, Telangana 500033, Phone: 040 6654 5678

'''Event Start Time:''' Saturday, 10th Mar, 2018 at 10:00 AM (IST)

'''Agenda:'''

'''1) Does your Pentesting cover all the basis of IT Security ?'''

This talk focuses on how to align the security validation of a web application with the three basic elements of security namely,Confidentiality,Integrity, and Availability (CIA). The test effectiveness can be achieved by analyzing the requirements of each element and identifying the potential breaches that can compromise each element. The efficiency should be built by relating these breaches with the known OWASP Top 10 and other vulnerabilities and, leveraging that knowledge to identify the testing approach - static and dynamic throughout the SDLC.

'''About Speakers:'''

'''Bhushan Gupta''' has over 30 years of experience in software engineering, 23 of which have been in the software industry. Although recognized for his contributions in the areas of software engineering such as agile processes and quality methods and metrics, Bhushan has taken a vigorous interest in web application security and is keen on applying pragmatic software development practices that yield a secure product. He is one of the leaders of the OWASP Portland Chapter. Bhushan has been a speaker, a panelist, and a reviewer for software quality and security organizations. As a change agent, Bhushan volunteers his time and energy for organizations that promote software security and quality. He has a MS degree in Computer Science from New Mexico Institute of Mining and Technology, Socorro, New Mexico, 1985.

'''Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Twitter URL:''' https://twitter.com/owasphyderabad

'''Telegram URL:''' https://goo.gl/EHqdLM

'''Registration URL:''' https://goo.gl/tEXnec

== Feb-2018 ==

=== '''Venue: coMakeIT''' ===
7th Floor, Block-I, My Home Hub, Hitech City, Madhapur, Hyderabad, INDIA

'''Time:''' Saturday, 03rd Feb, 2018 at 10:30 AM (IST)

'''Agenda:'''

1) Mobile Application Pentest & Mobile Application Ransomware

2) Using Static Analyser tools while coding

'''About Speakers:'''

1) '''Spv Reddy''' is an Application Security Analyst at '''IMImobile Pvt Ltd''', member of '''National Technical Committee Member''' at National Cyber Safety and Security Standards

Also a '''Steering Committee Lead''' Member in National Information Security Summit.

2) '''Dathu Rachapudi''' is having 9 years of experience with 6+ years into Application Security only. He is currently working with '''ValueLabs''' as a “Technical Lead-Security”

He likes to teach and a happy a bug hunter during his leisure time.

== Dec-2017 ==
[[File:WhatsApp Image 2017-12-15 at 11.09.39 PM.jpg|thumb]]
'''Time & Venue:'''

@15/Dec/2017

KFC location, Shilparamam, Hi-Tech city, Hyderabad

'''Agenda:'''

1. Planning for Jan 20th 2018 general OWASP meet - '''Done'''

2. Need to clear OWASP mail account - '''Done'''

'''Attendees : Hyderabad OWASP Core Team'''

== Sec-2017 ==
[[File:WhatsApp Image 2017-12-15 at 10.13.27 PM.jpg|thumb]]
'''Time & Venue:'''

@03/Sep/2017

Cafe Coffee day, Road Number 10, Banjara Hills, Hyderabad

'''Below decisions were made after careful discussions'''

1. Uploading of OWASP presentation template, speakers should make use of this template to prepare their presentation

2. Recording the technical demo is mandate for presenters

'''Attendees : Hyderabad OWASP Core Team'''

== July 2017 ==
'''Time & Venue:'''

OpenText Technologies, Building No-14, 3rd Floor, Raheja Mindspace, HITEH City, Hyderabad

Saturday, July 15th, 2017 at 10:30 AM (IST)

'''Agenda:'''

1. Introduction to DevOps and its Tools - Krishna Reddy Pedala

2. API Security Auditing using RESTED Plug-in - Vikas Kumar Pal

'''About the speaker:'''

'''Krishna Reddy Pedala''' is currently working as an Sr.Information Security consultant in financial sector. His previous endeavour was with Microsoft and has 9+ years of experience in Information security domain with expertise in service industry and banking domains.

'''Vikas Kumar Pal''' is an information security professional working with Ceredox Technologies Pvt Ltd, Hyderabad with an interest in research and development in the areas of Application Security, Penetration Testing and Web Application Development.

== Feb 2017 ==

'''Time & Venue:'''

Starbucks, Opp: Cybergateway, HiTech City, Hyderbad

Monday, February 20th, 2017 at 7.30 PM (IST)

'''Agenda:'''

Topic: New Core Team Meeting

Road map for year 2017

Changes in core team members responsibilities

Getting OWASP accounts for core members

Administration of all social accounts of OWASP Hyderabad Chapter

== April 2016 ==
'''Time & Venue:'''

OpenText Technologies, Building No-14, 3rd Floor, Raheja Mindspace, HITEH City, Hyderabad

Saturday, April 2nd, 2016 at 10:30 AM (IST)

'''Agenda:'''

Topic: Mobile application security and testing by Satish Kumar Patnaik

About the speaker - Satish Kumar Patnayak : he is currently working as an Senior Information Security Consultant financial sector and has 5+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. His areas of interest are android security, ios security.

==February 2016==

'''Time & Venue:'''

Saturday, February 27th, 2016 at 10:30 AM (IST)

Location: Pramati Technologies Private Limited, Mid Town 6-3-348 Road No. 1, Banjara Hills, Hyderabad, Telangana, India

'''Agenda:'''

Microsoft Threat Modeling Tool 2016 by Krishna Reddy Padala

Creating DFD STRIDE Model Identifying STRIDE Threats by DFD, Mitigation Techniques and Technologies

'''About the speaker:''' Krishna Reddy Padala, he is currently working as an Senior Information Security Consultant financial sectore and worked with Microsoft and has 8+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. QUALYS GUARD Certified Vulnerability Management Specialist.Certified Ethical Hacker from EC Council.Worked extensively on Web Application Security, Secure Code Reviews in Banking & Financial, Healthcare, Retail, Logistics domains.

== '''Previous Meets:''' ==

==May 11, 2013==

'''Venue:'''

CA Technologies, 115, IT Park Area, Nanakramguda, Gachibowli - (Phone - 040 6687 8000), Hyderabad

'''Agenda:''' Exploiting Java 0-day by Ravindra and Raghuveer, CA Technologies Compliance and Governance by Shalem Raj, Cognizant.

==February 9, 2013==

'''Date & Time: Saturday, February 9, 2013 from 10:00 AM to 1:00 PM '''

'''Venue:'''
CA Technologies 
115, IT Park Area 
Nanakramguda, Gachibowli - (Phone - 040 6687 8000) 
Hyderabad

'''Agenda:'''
IBM Appscan - An automated approach to web app security by Rohit Tamma 
Insecure Storage in iPhone applications by Satish Bommisetty

''' Speakers: '''

'''Rohit Tamma'''
Rohit Tamma has been working in the field of Application Security since 3.5 years. He has experience in Vulnerability Assessments and Penetration Testing of web applications. He is passionate about Mobile security with special interest in Android security. He is currently working with ADP.

'''Satish Bommisetty'''
Satish is an Information Security Professional with 6.5 years of experience in penetration testing of web applications and mobile applications. He is currently working with ADP as a security analyst. He is a Facebook whitehat. He also reported vulnerabilities in Bing, Linkedin and Paypal.

== October 27, 2012 ==

'''Date & Time: Saturday, October 27, 2012 at 11:00 AM (IST) '''.

'''Venue:'''

Invesco private Limited 
15th Floor , North Block, Beside Raidurg Police Station 
DivyaSree Orion SEZ 
Hyderabad, Andhra Pradesh 500032 

'''Agenda:'''

A bird'd eye view of securing Web Applications by Imran Mohammed

SSDLC BSIMM by M S Sripathi

''' Speakers '''

'''Imran Mohammed'''

Mohammed Imran works as Researcher at TCS, Innovation Labs. He also leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Imran is a CEH and his interests include application security assessment, penetration testing and secure code review. When not at work he practices horse riding and marksmanship.

'''Sreepati M S '''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him .

'''Sponsor'''

Invesco Pvt Ltd

== August 11, 2012 ==

'''Date & Time: Saturday, Aug 11, 2012 at 10:30 AM '''.

'''Venue:'''

ADP pvt ltd 
Kothaguda 
Ground floor, Block C Laxmi cyber city Opposite TCS e-park 
Hyderabad, Andhra Pradesh 500081 

'''Agenda:'''

HTML5 Security Part II by Krishna Chaitanya

''' Speakers '''

'''Krishna Chaitanya T'''

Krishna Chaitanya T is a web geek working at Security & Privacy Research Lab, Infosys Labs. He is very much passionate about the web with special interest on Web security and areas such as HTML5, JavaScript, Web browsers, social networking platforms etc. He is a regular blogger and speaker at technical events. For his contributions to technical communities, he has been awarded Microsoft MVP award for 3 consecutive years-ASP.NET MVP(2010) and Internet Explorer MVP (2011, 2012). He is also pursuing M.S by Research at IIIT-Hyd with focus on security aspects of the modern web. When not at work he practices Yoga and plays Chess.

'''Sponsor'''

https://www.owasp.org/images/9/91/Adp.jpg

== May 19, 2012 ==

'''Date & Time: Saturday, May 19, 2012 at 10:30 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

HTML5 Security by Krishna Chaitanya

''' Speakers '''

'''Krishna Chaitanya T'''

Krishna Chaitanya T is a web geek working at Security & Privacy Research Lab, Infosys Labs. He is very much passionate about the web with special interest on Web security and areas such as HTML5, JavaScript, Web browsers, social networking platforms etc. He is a regular blogger and speaker at technical events. For his contributions to technical communities, he has been awarded Microsoft MVP award for 3 consecutive years-ASP.NET MVP(2010) and Internet Explorer MVP (2011, 2012). He is also pursuing M.S by Research at IIIT-Hyd with focus on security aspects of the modern web. When not at work he practices Yoga and plays Chess.

== February 25, 2012 ==

'''Date & Time: Saturday, February 25, 2012 at 11:00 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

How to find zero days in web applications by Imran & Raghunath

''' Speakers '''

'''Mohammed Imran'''

Imran works as Application Security Researcher at Tata consultancy services,leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Apart from his day job he contributes to matriux and Fedora open source projects. Imran is a CEH and his interests include application security assessment, penetration testing and code review.

'''Raghunath'''

Raghunath works as a senior security engineer at entersoft information systems private limited. His interests include web application penetration testing.

== December 17, 2011 ==

'''Date & Time: Saturday, at 10:30 AM '''.

'''Venue: '''

Hotel Sitara Grand 
Road No.12, Road No.12, Banjara Hills 
Hyderabad, Andhra Pradesh 500034, India 

'''Agenda:'''

Cloud Security by Arshad Noor

''' Speakers '''

'''Arshad Noor'''
Chief Technology Officer
StrongAuth, Inc., Sunnyvale, California

Started his great profession as a senior systems designer way back in 1986 at Port Authority of Newyork and New Jersey,- Newyork and worked in Citibank - newyork as Vice President apart from Newyork Life Insurance, BASF Corporation, Sun IT ,Sun Microsystems, INC to name.
Architected and built several Public Key Infrastructure (PKI) assignments for several defense, communication, medical, Banking, e-commerce, life sciences and other industries.

== November 12, 2011==

'''Date & Time: Saturday, at 10:30 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

HP WebInspect by Rohit Tamma

Pentesting Iphone Applications By B Satish

''' Speakers '''

'''Rohit Tamma'''

Rohit Tamma (CEH) has been working as a Application security Analyst in TCS from past 2 years. His job responsibilities include Vulnerability Assessment and Penetration Testing which enabled him to acquire extensive knowledge on HP WebInspect,IBM Rational Appscan Source Edition and HP Assessment Management Platform. Recently he also gave a presentation in Null Hyderabad meet on HP WebInspect.

'''Satish B'''

Satish has been working as a web application penetration tester since 5 years. Pentested over 200 web applications during this period. Recently he got involved in reverse engineering of binaries, WLAN security and mobile application hacking. He also Performed a couple of network assessments and source code reviews. Developed a compiler in the early stage of the career. He has a Bachelor’s Degree in Computer Science from JNTU, Hyderabad.Passionate about hacking and sharing knowledge.

== 20th August 2011 ==

'''Date & Time: Saturady, at 11 AM '''

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

Oracle Padding Attack by B. Satish

Open SAM part II by Sripati MS

''' Speakers '''

'''B Satish'''

I have been working as a web application penetration tester since 5 years. Pentested over 200 web applications during this period. Recently got involved in reverse engineering of binaries, WLAN security and mobile application hacking. Performed a couple of network assessments and source code reviews. Developed a compiler in the early stage of the career. I have a Bachelor’s Degree in Computer Science from JNTU, Hyderabad. Passionate about hacking and sharing knowledge

'''Sreepati M S'''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him

== July 2011 ==

'''Date: 23/07/2011 saturady of at 12:00 Noon '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

Presentation on Burp Suite by Omair Seminar on Open SAM by Sreepati

''' Speakers '''

'''Sreepati M S '''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him

 

'''Omair '''

Omair works as penetration tester in NII consulting, has over 5 years of experience in Penetration testing. His interests include Network Penetration testing, Exploit generation and Reverse engineering

 ''' Facility Sponsor & Refreshment sponsor'''

3i Infotech

[[Image:3i Infotech.png]]

 

== june 2011 ==

'''Meet on:''' 11/06/2011 saturday

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Facility Sponsor & Refreshment sponsor''' 

Cognizant Technology Solutions

 

[[Image:Cognizant.png|273x86px|Cognizant.png]]

 

== May 2011 ==

'''Meet on:''' 07/05/2011 saturday

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

XSS Autopsy and w3af by Imran

''' Speakers '''

'''Mohammed Imran'''

Imran works as Application Security Researcher at Tata consultancy services,leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Apart from his day job he contributes to matriux and Fedora open source projects. Imran is a CEH and his interests include application security assessment, penetration testing and code review.

'''Sponsor''' 

Cognizant Technology Solutions

 

==== Audio/Video/Slides Archive ====

<paypal>Hyderabad</paypal>

__NOTOC__ <headertabs></headertabs>

[[Category:OWASP_Chapter]]
[[Category:Asia/Pacific/Middle East]]
[[Category:India]]
[[Category:Hyderabad]]

Hyderabad

2019-03-08T07:52:06Z

Raj Shalem: /* OWASP - Hyderabad Chapter Board Members */

Welcome to the OWASP Hyderabad chapter homepage.

== OWASP - Hyderabad Chapter Board Members ==
Scope of the board is to discuss and approve local activities, meetings and plans.The board meetings will be announced at a later date. 

'''The board currently includes the following members :'''
* '''OWASP Hyderabad chapter: 'Core Team'''' (Members since 2017) [mailto:gshalemraj@gmail.com Shalem Raj - Cognizant Technology Solutions] : Chapter Leader [mailto:rajesh.gopal@owasp.org Rajesh Gopal - Fortune 500 Organisation] [mailto:bhaskar.puppala@owasp.org Bhaskar Puppala - Fortune 500 Organisation] [mailto:sathya.achanta@owasp.org Achanta Sathya Phani Bapi Raju - CSC] [mailto:saikrishna.gobburi@owasp.org Saikrishna Gobburi - Pramati Technologies Pvt Ltd] 
* '''OWASP Hyderabad chapter: 'Advisory Group'''' (Members since Mar-2019)
# Vasudeva Aremanda - Genpact
# Riyaz Shaik - FX Labs
# Krishna Chaitanya Suraparaju - Cycops (Founder)
Information about future meets can be seen in the '''''Upcoming Meetings''''' section below.

== '''Location Details''' ==

Hyderabad is the capital of southern India's Telangana state. A major center for the technology industry, it's home to many upscale restaurants and shops. Its historic sites include Golconda Fort, a former diamond-trading center that was once the Qutb Shahi dynastic capital. The Charminar, a 16th-century mosque whose 4 arches support towering minarets, is an old city landmark near the long-standing Laad Bazaar.

[[File:Hydskyline.jpg|Panorama of Hyderabad, as seen from the Hussain Sagar lake. Source: https://en.wikipedia.org/wiki/Hyderabad#/media/File:Hydskyline.jpg|center|1150x1150px]]

More details about Hyderabad location available @https://en.wikipedia.org/wiki/Hyderabad<nowiki/>{{Chapter Template|chaptername=Hyderabad|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-hyderabad|emailarchives=http://lists.owasp.org/pipermail/owasp-hyderabad}}
== Participants ==

OWASP Local Chapter meetings are free and open. Our chapter's meetings are informal and encourage open discussion of all aspects of application security. Anyone in our area interested in web application security is welcome to attend. We encourage attendees to give short presentations about specific topics.

 Stay Updated

'''[https://lists.owasp.org/mailman/listinfo/owasp-hyderabad Click here to join the local chapter mailing list]'''

'''Follow''' OWASP Hyderabad on your favorite social media sites:

[[Image:Twitter mini.png|link=http://twitter.com/OWASPHyderabad]] [[Image:Facebook mini.png|link=https://www.facebook.com/pages/Owasp-Hyderabad/181569591897591]]

'''Share''' OWASP Hyderabad on your favorite social media sites:

Presentations are invited from speakers, Please contacts us at our Telegram Group @https://goo.gl/EHqdLM

(Don't share personal details like contact numbers here, because its an open group, your privacy is our concern)

Presenters are encouraged to use OWASP presentation template for slides preparation.

Follow us at our Telegram, Twitter and Facebook handles to get latest information !

== Presentations and Training[edit | edit source] ==
OWASP Track

[https://www.owasp.org/index.php/Speaker_Agreement Speaker Agreement]

[https://www.owasp.org/images/b/b3/OWASP_Presentation_Template_v2.zip Presentation Template]

[https://www.owasp.org/index.php/Image:CFP_template.doc Call For Papers Template]

[https://www.owasp.org/images/8/85/OWASP_CFT_Template-1-.doc Call For Training proposal template].

[http://www.owasp.org/images/4/4b/SAMPLE_Training_Instructor_Agreement.doc Training Instructor Agreement]

== '''Upcoming Meetings & Events''' ==
''Stay tuned for 2019 updates - Exciting activities are under plan !''

== [[Meeting]] Details: ==

== Mar - 2019 - One-Day Conference ==
'''Organized''' '''by''' : S&P Global

'''Date :''' '''09/Mar/2019'''

'''Timings :''' 9.00 AM Registration starts

'''Event :''' 10.00 AM to 06.00 PM IST

'''Venue :''' @Ness Software Engineering Services India ,LLP, '''4th Floor, Block 5, East Tower,''' '''North wing Divyasree NSL Infrastructure Pvt''', ,Sy No.66/1, Raidurgam Village, Serlingampally Mandal, RR Dist, Hyderabad-500032, Telangana, India

'''Registration Link:''' https://www.meraevents.com/event/owasp-hyderabad-chapter-march-2019-oneday-meet-by-sandp-global
{| class="wikitable"
|'''Registration & Networking'''
|-
|Welcome and Overview by OWASP Core Team:

''Felicitation to Guest of Honor: '''G Janaki Sharmila''' - Dy. Commissioner of Police - Crime''

http://www.cyberabadpolice.gov.in/crime-wing/dcp-crimes.html

''Welcome note by S&P Global Team''
|-
|'''Authentication in API, Microservices Architecture''' '''and Cloud Security''' – By ''Varun Kumar Srivastava'':

Varun is principal Engineer with 9 + years of experience in developing and securing web applications and expertise in Application Security, Identity and Access management, He is a computer science graduate from IIT
|-
|Refreshments / Tea Break
|-
|'''''Panel Discussion''''' ''(Cybersecurity Readiness – Maturity and Capability)''

Dr. Bheemarjuna Reddy Tamma - Associate Professor, IIT Hyderabad - https://www.iith.ac.in/~tbr/

Dr. V. Radha, Associate Professor, Institute for Development and Research in Banking Technology (IDRBT) - http://idrbt.ac.in/vradha.html

Mr. Veeraindhra Dinker, Director Information Security at GSS Infotech Hyderabad - https://www.linkedin.com/in/vdinker

Mr. Venu Rao , Founder and CEO - We Secure App - https://www.linkedin.com/in/venu-rao-wsa
|-
|'''Networking Lunch -'''

'''Registrations for Onsite Hackathon by Secure Code Warrior'''
|-
|'''Executive Briefing: Secure Software Development''' – By Satish Kumar Vadlakonda: Satish is Associate Director with 12 + years of broad industry experience in to software design, architecture and development. Specialized in Web and Windows applications development with a strong acquaintance to the best practices of Agile, UX, UI and Information security
|-
|'''An Introduction to IOT firmware analysis and Security''' – By ''Vivek Rengarajan:''

Vivek is a cybersecurity team leader in a multinational bank with almost 18 years of experience. He has held varied roles in his career and has been a cyber security enthusiast for a long time. His areas of interest include mobile and ioT security, Malware analysis and reverse engineering and exploit development. He tweets at @vivek_310
|-
|Refreshments / Tea Break
|-
|'''''Onsite Hackathon (CTF) by''''' '''''Secure Code Warrior''': '''(3 Hours)'''''[[File:SCW LOGO.png|thumb]]

''Secure Code Warrior is a global security company that makes software development better and more secure: Gamified competitive Developer Quality Assurance platform''

https://securecodewarrior.com , https://insights.securecodewarrior.com

'''Announcement of the winners and Prize distribution:'''

'''The participants can form a group up to 3 members each or can participate individually'''

Watch as you climb to the top of the leaderboard and be crowned the ‘Secure Code Warrior.’ We are giving away prizes:

The following are prizes :

· 1st - 3x t-shirt, Rs. 3001 Amazon voucher each from '''SCW''' and 9000 Amazon gift card from '''S&P Global'''

· 2nd - 3x t-shirt from '''SCW''' – 5000 Amazon gift card from '''S&P Global'''

· 3rd - 3x t-shirt from '''SCW''' – 3000 Amazon gift card from '''S&P Global'''
|-
|'''Vote of Thanks'''

Closing: Network Business / Announce Next Meeting – By OWASP Team
|-
|Meeting Concludes: ''Network Social''
|}

== Dec - 2018 ==
[[File:Session Photo.jpg|thumb]]
[[File:Group Photo.jpg|thumb]]
'''Organized''' '''by''' : ThoughtWorks Technologies Private Limited

'''Date :''' 15/Dec/2018

'''Timings :''' 10.00 AM to 1.00 PM IST

'''Venue :''' ThoughtWorks Technologies Private Limited, Hyderabad, Telangana, India

'''Registration Link:''' https://www.eventbrite.com/e/owasp-hyderabad-december-2018-chapter-meet-tickets-53371662078#

'''Agenda:'''

'''1) All about Java Deserialization Vulnerability'''

Java Deserialization of untrusted data has been a security buzzword for the past couple of years with almost every application using native Java serialization framework being vulnerable to Java deserialization attacks. Since it's inception, there have been many scattered attempts to come up with a solution to best address this flaw. In this talk we will focus on Java deserialization vulnerability and mitigation framework provided by Oracle in its latest JDK.

'''About Speakers:''' Venkata Suresh Sanga is a Principle Security Engineer in Oracle having more than 13+ years of experience in Application Development and Security. Currently working on SAST Tools to remediate or mitigate the Application Vulnerabilities. He has Masters in Computer Science (M.Tech) from Andhra University. Linkedin : <nowiki>https://in.linkedin.com/in/svsuresh-appse</nowiki>

'''Our Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Our Twitter URL:''' https://twitter.com/owasphyderabad

'''Our Telegram URL:''' https://goo.gl/EHqdLM

== Sept-2018 - One-Day Conference ==
'''Organized''' '''by''' : S&P Global and Ness

'''Date :''' 01/Sept/2018

'''Timings :''' 10.00 AM to 05.30 PM IST

'''Venue :''' @Ness Software Engineering Services India ,LLP, 4th Floor, Block 5, East Tower, '''North wing Divyasree NSL Infrastructure Pvt''', ,Sy No.66/1, Raidurgam Village, Serlingampally Mandal, RR Dist, Hyderabad-500032, Telangana, India

'''Registration Link:'''

https://www.meraevents.com/event/owasp-hyderabad-september-2018-chapter-meet?ucode=organizer

'''Agenda:'''
{| class="wikitable"
|'''Registration & Networking'''
|-
|Welcome and Overview by OWASP Core Team

Welcome note by S&P Global Team

Welcome & Overview of Meeting by OWASP Network Representative
|-
|'''Running Frida on jailed devices by using Frida and to bypass root/jailbreak detection – By Satish Kumar Patnayak'''

About Speaker : Information Security Consultant with 7+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. His areas of interest are android security, ios security
|-
|Refreshments / Tea Break
|-
|'''SSRF Exploit Development – By Aayush Deo'''

About Speaker : Good industry experience in information security and completed my BE from PUNE University. Have worked with shopclues.com, an eCommerce company in the past and have couple of Hall of Fame’s on ZETA, Paytm etc.
|-
|Networking Lunch
|-
|'''Mobile Vulnerabilities worth Millions - Pentesting and Securing iOS Apps using OWASP iGoat – By Swaroop Deepak Yermalkar'''

About Speaker : works as Sr Security Engineer with a diverse skill set focused on Mobile App Pentest, Web, API and AWS Pentesting. In addition he has authored the popular book “Learning iOS Pentesting” (<nowiki>https://goo.gl/T8jvjJ</nowiki>) and lead an open source project - OWASP iGoat (<nowiki>https://github.com/OWASP/iGoat-Swift</nowiki>) which is developed for mobile security. He is one of the top bug bounty researchers worldwide, working with Cobalt.io (<nowiki>https://app.cobalt.io/swaroopsy</nowiki>), Synack.inc.

He has given talks and workshops at many security conferences including AppSec USA 2017, BruCON, SEC-T, EuropeanSec, Hacks in Taiwan (HITCON), GroundZero, c0c0n, 0x90, GNUnify
|-
|'''OS Command Injection - Observation, Attack & Analysis (A1 - OWASP Top 10 2017) - By Bhaskar Puppala and Saikrishna Gobburi'''

About Speaker: Bhaskar Puppala is an Information Security Professional, working as a consultant for a fortune 500 company and has 8.5 years of experience. He is more interested in application security area and love to share his knowledge when possible. He also has some experience in bug bounty programs and listed on couple of Security Hall of Fames.

For more details please visit : <nowiki>https://in.linkedin.com/in/bhaskar-puppala-3bb11316</nowiki>

About Speaker: Saikrishna Gobburi has around 8.5 years of work experience on QA automation, performance and security testing .Currently he is working as Principal engineer with Pramati technologies. He is also associated as core member with OWASP-Hyderabad.

For more details please visit: <nowiki>https://www.linkedin.com/in/saikrishna-gobburi-b0088118/</nowiki>
|-
|Refreshments / Tea Break
|-
|Panel Discussion – Corporate attack methodology vs Attacks in the wild (Resource pool: Demand vs Supply)
Panel to be announced
|-
|Closing - Network Business / Announce Next Meeting – By OWASP Team
|-
|''Network Social''
|}
'''Sponsor :'''
{| class="wikitable"
![[File:Session_Photos.jpg|thumb|S and P]]
![[File:Session_Photos1.jpg|thumb|S and P]]
![[File:Session_Photos2.jpg|thumb|S and P]]
|} [[File:SP.png|frameless|168x168px]]
== July - 2018[edit | edit source] ==
'''Time & Venue:'''
[[File:July 2018 Core Team meet.jpg|thumb|July 2018 Core Team Meet]]
@28/July/2018

CCD, Banjara Hills, Hyderabad, Telangana.

'''Agenda:'''

1. Planning for Sep 2018 OWASP meet - '''Done'''

2. Telegraph Group Mentoring - '''Done'''

3. Speakers Finalizing - '''Done'''

'''Attendees : Hyderabad OWASP Core Team'''

[[File:CoMakeIT - June 2018 Meet Pic 2.jpg|thumb|CoMakeIT - June 2018 Meet]]

== June - 2018 ==
[[File:CoMakeIT - June 2018 Meet.jpg|alt=CoMakeIT - June 2018 Meet|thumb|CoMakeIT - June 2018 Meet]]
'''Venue: coMakeIT Software Pvt Ltd'''

Address: 7th Floor, Block-I, My Home Hub, Hitech City, Madhapur, Hyderabad, INDIA

'''Event Start Time:''' Saturday, 23rd June, 2018 at 10:00 AM (IST)

'''Event Registration URL''': https://tinyurl.com/yc9cb6hg

'''Agenda:'''

'''1) Adapting to DevSecOps in Agile World'''

In this talk, speaker will try talk about basics of DevSecOps and its benefits when we integrate it in Agile SDLC space.

'''2) Understanding the internals of 'Server-Side Request Forgery' (SSRF)'''

Here speaker will try to touch the basics about how application communicates with end devices and using the same he will try to explain SSRF issue and criticality of it, if exploited.

'''About Speakers:'''

'''1) Saikrishna Gobburi''' has around 8.5 years of work experience on QA automation, performance and security testing .Currently he is working as Principle engineer with Pramati technologies. He is also associated as core member with OWASP-Hyderabad. For more details please visit: <nowiki>https://www.linkedin.com/in/saikrishna-gobburi-b0088118/</nowiki>

'''2) Bhaskar Puppala''' is an Information Security Professional, working as a consultant for a fortune 500 company and has 8.5 years of experience. He is more interested in application security area and love to share his knowledge when possible. He also has some experience in bug bounty programs and listed on couple of Security Hall of Fames. For more details please visit : <nowiki>https://in.linkedin.com/in/bhaskar-puppala-3bb11316</nowiki>

'''Our Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Our Twitter URL:''' https://twitter.com/owasphyderabad

'''Our Telegram URL:''' https://goo.gl/EHqdLM

== Mar - 2018 ==
[[File:Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet.jpg|alt=Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet|thumb|Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet]]
'''Venue: Daspalla Hotel'''
[[File:Daspalla_Hotel_-_Meet.jpg|thumb|Daspalla Hotel Meet - Mar 2018]]

Address: Rd Number 37, CBI Colony, Jubilee Hills, Hyderabad, Telangana 500033, Phone: 040 6654 5678

'''Event Start Time:''' Saturday, 10th Mar, 2018 at 10:00 AM (IST)

'''Agenda:'''

'''1) Does your Pentesting cover all the basis of IT Security ?'''

This talk focuses on how to align the security validation of a web application with the three basic elements of security namely,Confidentiality,Integrity, and Availability (CIA). The test effectiveness can be achieved by analyzing the requirements of each element and identifying the potential breaches that can compromise each element. The efficiency should be built by relating these breaches with the known OWASP Top 10 and other vulnerabilities and, leveraging that knowledge to identify the testing approach - static and dynamic throughout the SDLC.

'''About Speakers:'''

'''Bhushan Gupta''' has over 30 years of experience in software engineering, 23 of which have been in the software industry. Although recognized for his contributions in the areas of software engineering such as agile processes and quality methods and metrics, Bhushan has taken a vigorous interest in web application security and is keen on applying pragmatic software development practices that yield a secure product. He is one of the leaders of the OWASP Portland Chapter. Bhushan has been a speaker, a panelist, and a reviewer for software quality and security organizations. As a change agent, Bhushan volunteers his time and energy for organizations that promote software security and quality. He has a MS degree in Computer Science from New Mexico Institute of Mining and Technology, Socorro, New Mexico, 1985.

'''Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Twitter URL:''' https://twitter.com/owasphyderabad

'''Telegram URL:''' https://goo.gl/EHqdLM

'''Registration URL:''' https://goo.gl/tEXnec

== Feb-2018 ==

=== '''Venue: coMakeIT''' ===
7th Floor, Block-I, My Home Hub, Hitech City, Madhapur, Hyderabad, INDIA

'''Time:''' Saturday, 03rd Feb, 2018 at 10:30 AM (IST)

'''Agenda:'''

1) Mobile Application Pentest & Mobile Application Ransomware

2) Using Static Analyser tools while coding

'''About Speakers:'''

1) '''Spv Reddy''' is an Application Security Analyst at '''IMImobile Pvt Ltd''', member of '''National Technical Committee Member''' at National Cyber Safety and Security Standards

Also a '''Steering Committee Lead''' Member in National Information Security Summit.

2) '''Dathu Rachapudi''' is having 9 years of experience with 6+ years into Application Security only. He is currently working with '''ValueLabs''' as a “Technical Lead-Security”

He likes to teach and a happy a bug hunter during his leisure time.

== Dec-2017 ==
[[File:WhatsApp Image 2017-12-15 at 11.09.39 PM.jpg|thumb]]
'''Time & Venue:'''

@15/Dec/2017

KFC location, Shilparamam, Hi-Tech city, Hyderabad

'''Agenda:'''

1. Planning for Jan 20th 2018 general OWASP meet - '''Done'''

2. Need to clear OWASP mail account - '''Done'''

'''Attendees : Hyderabad OWASP Core Team'''

== Sec-2017 ==
[[File:WhatsApp Image 2017-12-15 at 10.13.27 PM.jpg|thumb]]
'''Time & Venue:'''

@03/Sep/2017

Cafe Coffee day, Road Number 10, Banjara Hills, Hyderabad

'''Below decisions were made after careful discussions'''

1. Uploading of OWASP presentation template, speakers should make use of this template to prepare their presentation

2. Recording the technical demo is mandate for presenters

'''Attendees : Hyderabad OWASP Core Team'''

== July 2017 ==
'''Time & Venue:'''

OpenText Technologies, Building No-14, 3rd Floor, Raheja Mindspace, HITEH City, Hyderabad

Saturday, July 15th, 2017 at 10:30 AM (IST)

'''Agenda:'''

1. Introduction to DevOps and its Tools - Krishna Reddy Pedala

2. API Security Auditing using RESTED Plug-in - Vikas Kumar Pal

'''About the speaker:'''

'''Krishna Reddy Pedala''' is currently working as an Sr.Information Security consultant in financial sector. His previous endeavour was with Microsoft and has 9+ years of experience in Information security domain with expertise in service industry and banking domains.

'''Vikas Kumar Pal''' is an information security professional working with Ceredox Technologies Pvt Ltd, Hyderabad with an interest in research and development in the areas of Application Security, Penetration Testing and Web Application Development.

== Feb 2017 ==

'''Time & Venue:'''

Starbucks, Opp: Cybergateway, HiTech City, Hyderbad

Monday, February 20th, 2017 at 7.30 PM (IST)

'''Agenda:'''

Topic: New Core Team Meeting

Road map for year 2017

Changes in core team members responsibilities

Getting OWASP accounts for core members

Administration of all social accounts of OWASP Hyderabad Chapter

== April 2016 ==
'''Time & Venue:'''

OpenText Technologies, Building No-14, 3rd Floor, Raheja Mindspace, HITEH City, Hyderabad

Saturday, April 2nd, 2016 at 10:30 AM (IST)

'''Agenda:'''

Topic: Mobile application security and testing by Satish Kumar Patnaik

About the speaker - Satish Kumar Patnayak : he is currently working as an Senior Information Security Consultant financial sector and has 5+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. His areas of interest are android security, ios security.

==February 2016==

'''Time & Venue:'''

Saturday, February 27th, 2016 at 10:30 AM (IST)

Location: Pramati Technologies Private Limited, Mid Town 6-3-348 Road No. 1, Banjara Hills, Hyderabad, Telangana, India

'''Agenda:'''

Microsoft Threat Modeling Tool 2016 by Krishna Reddy Padala

Creating DFD STRIDE Model Identifying STRIDE Threats by DFD, Mitigation Techniques and Technologies

'''About the speaker:''' Krishna Reddy Padala, he is currently working as an Senior Information Security Consultant financial sectore and worked with Microsoft and has 8+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. QUALYS GUARD Certified Vulnerability Management Specialist.Certified Ethical Hacker from EC Council.Worked extensively on Web Application Security, Secure Code Reviews in Banking & Financial, Healthcare, Retail, Logistics domains.

== '''Previous Meets:''' ==

==May 11, 2013==

'''Venue:'''

CA Technologies, 115, IT Park Area, Nanakramguda, Gachibowli - (Phone - 040 6687 8000), Hyderabad

'''Agenda:''' Exploiting Java 0-day by Ravindra and Raghuveer, CA Technologies Compliance and Governance by Shalem Raj, Cognizant.

==February 9, 2013==

'''Date & Time: Saturday, February 9, 2013 from 10:00 AM to 1:00 PM '''

'''Venue:'''
CA Technologies 
115, IT Park Area 
Nanakramguda, Gachibowli - (Phone - 040 6687 8000) 
Hyderabad

'''Agenda:'''
IBM Appscan - An automated approach to web app security by Rohit Tamma 
Insecure Storage in iPhone applications by Satish Bommisetty

''' Speakers: '''

'''Rohit Tamma'''
Rohit Tamma has been working in the field of Application Security since 3.5 years. He has experience in Vulnerability Assessments and Penetration Testing of web applications. He is passionate about Mobile security with special interest in Android security. He is currently working with ADP.

'''Satish Bommisetty'''
Satish is an Information Security Professional with 6.5 years of experience in penetration testing of web applications and mobile applications. He is currently working with ADP as a security analyst. He is a Facebook whitehat. He also reported vulnerabilities in Bing, Linkedin and Paypal.

== October 27, 2012 ==

'''Date & Time: Saturday, October 27, 2012 at 11:00 AM (IST) '''.

'''Venue:'''

Invesco private Limited 
15th Floor , North Block, Beside Raidurg Police Station 
DivyaSree Orion SEZ 
Hyderabad, Andhra Pradesh 500032 

'''Agenda:'''

A bird'd eye view of securing Web Applications by Imran Mohammed

SSDLC BSIMM by M S Sripathi

''' Speakers '''

'''Imran Mohammed'''

Mohammed Imran works as Researcher at TCS, Innovation Labs. He also leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Imran is a CEH and his interests include application security assessment, penetration testing and secure code review. When not at work he practices horse riding and marksmanship.

'''Sreepati M S '''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him .

'''Sponsor'''

Invesco Pvt Ltd

== August 11, 2012 ==

'''Date & Time: Saturday, Aug 11, 2012 at 10:30 AM '''.

'''Venue:'''

ADP pvt ltd 
Kothaguda 
Ground floor, Block C Laxmi cyber city Opposite TCS e-park 
Hyderabad, Andhra Pradesh 500081 

'''Agenda:'''

HTML5 Security Part II by Krishna Chaitanya

''' Speakers '''

'''Krishna Chaitanya T'''

Krishna Chaitanya T is a web geek working at Security & Privacy Research Lab, Infosys Labs. He is very much passionate about the web with special interest on Web security and areas such as HTML5, JavaScript, Web browsers, social networking platforms etc. He is a regular blogger and speaker at technical events. For his contributions to technical communities, he has been awarded Microsoft MVP award for 3 consecutive years-ASP.NET MVP(2010) and Internet Explorer MVP (2011, 2012). He is also pursuing M.S by Research at IIIT-Hyd with focus on security aspects of the modern web. When not at work he practices Yoga and plays Chess.

'''Sponsor'''

https://www.owasp.org/images/9/91/Adp.jpg

== May 19, 2012 ==

'''Date & Time: Saturday, May 19, 2012 at 10:30 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

HTML5 Security by Krishna Chaitanya

''' Speakers '''

'''Krishna Chaitanya T'''

Krishna Chaitanya T is a web geek working at Security & Privacy Research Lab, Infosys Labs. He is very much passionate about the web with special interest on Web security and areas such as HTML5, JavaScript, Web browsers, social networking platforms etc. He is a regular blogger and speaker at technical events. For his contributions to technical communities, he has been awarded Microsoft MVP award for 3 consecutive years-ASP.NET MVP(2010) and Internet Explorer MVP (2011, 2012). He is also pursuing M.S by Research at IIIT-Hyd with focus on security aspects of the modern web. When not at work he practices Yoga and plays Chess.

== February 25, 2012 ==

'''Date & Time: Saturday, February 25, 2012 at 11:00 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

How to find zero days in web applications by Imran & Raghunath

''' Speakers '''

'''Mohammed Imran'''

Imran works as Application Security Researcher at Tata consultancy services,leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Apart from his day job he contributes to matriux and Fedora open source projects. Imran is a CEH and his interests include application security assessment, penetration testing and code review.

'''Raghunath'''

Raghunath works as a senior security engineer at entersoft information systems private limited. His interests include web application penetration testing.

== December 17, 2011 ==

'''Date & Time: Saturday, at 10:30 AM '''.

'''Venue: '''

Hotel Sitara Grand 
Road No.12, Road No.12, Banjara Hills 
Hyderabad, Andhra Pradesh 500034, India 

'''Agenda:'''

Cloud Security by Arshad Noor

''' Speakers '''

'''Arshad Noor'''
Chief Technology Officer
StrongAuth, Inc., Sunnyvale, California

Started his great profession as a senior systems designer way back in 1986 at Port Authority of Newyork and New Jersey,- Newyork and worked in Citibank - newyork as Vice President apart from Newyork Life Insurance, BASF Corporation, Sun IT ,Sun Microsystems, INC to name.
Architected and built several Public Key Infrastructure (PKI) assignments for several defense, communication, medical, Banking, e-commerce, life sciences and other industries.

== November 12, 2011==

'''Date & Time: Saturday, at 10:30 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

HP WebInspect by Rohit Tamma

Pentesting Iphone Applications By B Satish

''' Speakers '''

'''Rohit Tamma'''

Rohit Tamma (CEH) has been working as a Application security Analyst in TCS from past 2 years. His job responsibilities include Vulnerability Assessment and Penetration Testing which enabled him to acquire extensive knowledge on HP WebInspect,IBM Rational Appscan Source Edition and HP Assessment Management Platform. Recently he also gave a presentation in Null Hyderabad meet on HP WebInspect.

'''Satish B'''

Satish has been working as a web application penetration tester since 5 years. Pentested over 200 web applications during this period. Recently he got involved in reverse engineering of binaries, WLAN security and mobile application hacking. He also Performed a couple of network assessments and source code reviews. Developed a compiler in the early stage of the career. He has a Bachelor’s Degree in Computer Science from JNTU, Hyderabad.Passionate about hacking and sharing knowledge.

== 20th August 2011 ==

'''Date & Time: Saturady, at 11 AM '''

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

Oracle Padding Attack by B. Satish

Open SAM part II by Sripati MS

''' Speakers '''

'''B Satish'''

I have been working as a web application penetration tester since 5 years. Pentested over 200 web applications during this period. Recently got involved in reverse engineering of binaries, WLAN security and mobile application hacking. Performed a couple of network assessments and source code reviews. Developed a compiler in the early stage of the career. I have a Bachelor’s Degree in Computer Science from JNTU, Hyderabad. Passionate about hacking and sharing knowledge

'''Sreepati M S'''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him

== July 2011 ==

'''Date: 23/07/2011 saturady of at 12:00 Noon '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

Presentation on Burp Suite by Omair Seminar on Open SAM by Sreepati

''' Speakers '''

'''Sreepati M S '''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him

 

'''Omair '''

Omair works as penetration tester in NII consulting, has over 5 years of experience in Penetration testing. His interests include Network Penetration testing, Exploit generation and Reverse engineering

 ''' Facility Sponsor & Refreshment sponsor'''

3i Infotech

[[Image:3i Infotech.png]]

 

== june 2011 ==

'''Meet on:''' 11/06/2011 saturday

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Facility Sponsor & Refreshment sponsor''' 

Cognizant Technology Solutions

 

[[Image:Cognizant.png|273x86px|Cognizant.png]]

 

== May 2011 ==

'''Meet on:''' 07/05/2011 saturday

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

XSS Autopsy and w3af by Imran

''' Speakers '''

'''Mohammed Imran'''

Imran works as Application Security Researcher at Tata consultancy services,leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Apart from his day job he contributes to matriux and Fedora open source projects. Imran is a CEH and his interests include application security assessment, penetration testing and code review.

'''Sponsor''' 

Cognizant Technology Solutions

 

==== Audio/Video/Slides Archive ====

<paypal>Hyderabad</paypal>

__NOTOC__ <headertabs></headertabs>

[[Category:OWASP_Chapter]]
[[Category:Asia/Pacific/Middle East]]
[[Category:India]]
[[Category:Hyderabad]]

Hyderabad

2019-03-07T17:19:29Z

Raj Shalem: /* July - 2018[edit | edit source] */

Welcome to the OWASP Hyderabad chapter homepage.

== OWASP - Hyderabad Chapter Board Members ==
Scope of the board is to discuss and approve local activities, meetings and plans.The board meetings will be announced at a later date. 

'''The board currently includes the following members :'''
* '''OWASP Hyderabad chapter: 'Core Team'''' (Members since 2017) [mailto:gshalemraj@gmail.com Shalem Raj - Cognizant Technology Solutions] : Chapter Leader [mailto:rajesh.gopal@owasp.org Rajesh Gopal - Fortune 500 Organisation] [mailto:bhaskar.puppala@owasp.org Bhaskar Puppala - Fortune 500 Organisation] [mailto:sathya.achanta@owasp.org Achanta Sathya Phani Bapi Raju - CSC] [mailto:saikrishna.gobburi@owasp.org Saikrishna Gobburi - Pramati Technologies Pvt Ltd] 
* '''OWASP Hyderabad chapter: 'Board of Advisors'''' (Members since Mar-2019)
# Vasudeva Aremanda - Genpact
# Riyaz Shaik - FX Labs
# Krishna Chaitanya Suraparaju - Cycops (Founder)
Information about future meets can be seen in the '''''Upcoming Meetings''''' section below.

== '''Location Details''' ==

Hyderabad is the capital of southern India's Telangana state. A major center for the technology industry, it's home to many upscale restaurants and shops. Its historic sites include Golconda Fort, a former diamond-trading center that was once the Qutb Shahi dynastic capital. The Charminar, a 16th-century mosque whose 4 arches support towering minarets, is an old city landmark near the long-standing Laad Bazaar.

[[File:Hydskyline.jpg|Panorama of Hyderabad, as seen from the Hussain Sagar lake. Source: https://en.wikipedia.org/wiki/Hyderabad#/media/File:Hydskyline.jpg|center|1150x1150px]]

More details about Hyderabad location available @https://en.wikipedia.org/wiki/Hyderabad<nowiki/>{{Chapter Template|chaptername=Hyderabad|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-hyderabad|emailarchives=http://lists.owasp.org/pipermail/owasp-hyderabad}}
== Participants ==

OWASP Local Chapter meetings are free and open. Our chapter's meetings are informal and encourage open discussion of all aspects of application security. Anyone in our area interested in web application security is welcome to attend. We encourage attendees to give short presentations about specific topics.

 Stay Updated

'''[https://lists.owasp.org/mailman/listinfo/owasp-hyderabad Click here to join the local chapter mailing list]'''

'''Follow''' OWASP Hyderabad on your favorite social media sites:

[[Image:Twitter mini.png|link=http://twitter.com/OWASPHyderabad]] [[Image:Facebook mini.png|link=https://www.facebook.com/pages/Owasp-Hyderabad/181569591897591]]

'''Share''' OWASP Hyderabad on your favorite social media sites:

Presentations are invited from speakers, Please contacts us at our Telegram Group @https://goo.gl/EHqdLM

(Don't share personal details like contact numbers here, because its an open group, your privacy is our concern)

Presenters are encouraged to use OWASP presentation template for slides preparation.

Follow us at our Telegram, Twitter and Facebook handles to get latest information !

== Presentations and Training[edit | edit source] ==
OWASP Track

[https://www.owasp.org/index.php/Speaker_Agreement Speaker Agreement]

[https://www.owasp.org/images/b/b3/OWASP_Presentation_Template_v2.zip Presentation Template]

[https://www.owasp.org/index.php/Image:CFP_template.doc Call For Papers Template]

[https://www.owasp.org/images/8/85/OWASP_CFT_Template-1-.doc Call For Training proposal template].

[http://www.owasp.org/images/4/4b/SAMPLE_Training_Instructor_Agreement.doc Training Instructor Agreement]

== '''Upcoming Meetings & Events''' ==
''Stay tuned for 2019 updates - Exciting activities are under plan !''

== [[Meeting]] Details: ==

== Mar - 2019 - One-Day Conference ==
'''Organized''' '''by''' : S&P Global

'''Date :''' '''09/Mar/2019'''

'''Timings :''' 9.00 AM Registration starts

'''Event :''' 10.00 AM to 06.00 PM IST

'''Venue :''' @Ness Software Engineering Services India ,LLP, '''4th Floor, Block 5, East Tower,''' '''North wing Divyasree NSL Infrastructure Pvt''', ,Sy No.66/1, Raidurgam Village, Serlingampally Mandal, RR Dist, Hyderabad-500032, Telangana, India

'''Registration Link:''' https://www.meraevents.com/event/owasp-hyderabad-chapter-march-2019-oneday-meet-by-sandp-global
{| class="wikitable"
|'''Registration & Networking'''
|-
|Welcome and Overview by OWASP Core Team:

''Felicitation to Guest of Honor: '''G Janaki Sharmila''' - Dy. Commissioner of Police - Crime''

http://www.cyberabadpolice.gov.in/crime-wing/dcp-crimes.html

''Welcome note by S&P Global Team''
|-
|'''Authentication in API, Microservices Architecture''' '''and Cloud Security''' – By ''Varun Kumar Srivastava'':

Varun is principal Engineer with 9 + years of experience in developing and securing web applications and expertise in Application Security, Identity and Access management, He is a computer science graduate from IIT
|-
|Refreshments / Tea Break
|-
|'''''Panel Discussion''''' ''(Cybersecurity Readiness – Maturity and Capability)''

Dr. Bheemarjuna Reddy Tamma - Associate Professor, IIT Hyderabad - https://www.iith.ac.in/~tbr/

Dr. V. Radha, Associate Professor, Institute for Development and Research in Banking Technology (IDRBT) - http://idrbt.ac.in/vradha.html

Mr. Veeraindhra Dinker, Director Information Security at GSS Infotech Hyderabad - https://www.linkedin.com/in/vdinker

Mr. Venu Rao , Founder and CEO - We Secure App - https://www.linkedin.com/in/venu-rao-wsa
|-
|'''Networking Lunch -'''

'''Registrations for Onsite Hackathon by Secure Code Warrior'''
|-
|'''Executive Briefing: Secure Software Development''' – By Satish Kumar Vadlakonda: Satish is Associate Director with 12 + years of broad industry experience in to software design, architecture and development. Specialized in Web and Windows applications development with a strong acquaintance to the best practices of Agile, UX, UI and Information security
|-
|'''An Introduction to IOT firmware analysis and Security''' – By ''Vivek Rengarajan:''

Vivek is a cybersecurity team leader in a multinational bank with almost 18 years of experience. He has held varied roles in his career and has been a cyber security enthusiast for a long time. His areas of interest include mobile and ioT security, Malware analysis and reverse engineering and exploit development. He tweets at @vivek_310
|-
|Refreshments / Tea Break
|-
|'''''Onsite Hackathon (CTF) by''''' '''''Secure Code Warrior''': '''(3 Hours)'''''[[File:SCW LOGO.png|thumb]]

''Secure Code Warrior is a global security company that makes software development better and more secure: Gamified competitive Developer Quality Assurance platform''

https://securecodewarrior.com , https://insights.securecodewarrior.com

'''Announcement of the winners and Prize distribution:'''

'''The participants can form a group up to 3 members each or can participate individually'''

Watch as you climb to the top of the leaderboard and be crowned the ‘Secure Code Warrior.’ We are giving away prizes:

The following are prizes :

· 1st - 3x t-shirt, Rs. 3001 Amazon voucher each from '''SCW''' and 9000 Amazon gift card from '''S&P Global'''

· 2nd - 3x t-shirt from '''SCW''' – 5000 Amazon gift card from '''S&P Global'''

· 3rd - 3x t-shirt from '''SCW''' – 3000 Amazon gift card from '''S&P Global'''
|-
|'''Vote of Thanks'''

Closing: Network Business / Announce Next Meeting – By OWASP Team
|-
|Meeting Concludes: ''Network Social''
|}

== Dec - 2018 ==
[[File:Session Photo.jpg|thumb]]
[[File:Group Photo.jpg|thumb]]
'''Organized''' '''by''' : ThoughtWorks Technologies Private Limited

'''Date :''' 15/Dec/2018

'''Timings :''' 10.00 AM to 1.00 PM IST

'''Venue :''' ThoughtWorks Technologies Private Limited, Hyderabad, Telangana, India

'''Registration Link:''' https://www.eventbrite.com/e/owasp-hyderabad-december-2018-chapter-meet-tickets-53371662078#

'''Agenda:'''

'''1) All about Java Deserialization Vulnerability'''

Java Deserialization of untrusted data has been a security buzzword for the past couple of years with almost every application using native Java serialization framework being vulnerable to Java deserialization attacks. Since it's inception, there have been many scattered attempts to come up with a solution to best address this flaw. In this talk we will focus on Java deserialization vulnerability and mitigation framework provided by Oracle in its latest JDK.

'''About Speakers:''' Venkata Suresh Sanga is a Principle Security Engineer in Oracle having more than 13+ years of experience in Application Development and Security. Currently working on SAST Tools to remediate or mitigate the Application Vulnerabilities. He has Masters in Computer Science (M.Tech) from Andhra University. Linkedin : <nowiki>https://in.linkedin.com/in/svsuresh-appse</nowiki>

'''Our Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Our Twitter URL:''' https://twitter.com/owasphyderabad

'''Our Telegram URL:''' https://goo.gl/EHqdLM

== Sept-2018 - One-Day Conference ==
'''Organized''' '''by''' : S&P Global and Ness

'''Date :''' 01/Sept/2018

'''Timings :''' 10.00 AM to 05.30 PM IST

'''Venue :''' @Ness Software Engineering Services India ,LLP, 4th Floor, Block 5, East Tower, '''North wing Divyasree NSL Infrastructure Pvt''', ,Sy No.66/1, Raidurgam Village, Serlingampally Mandal, RR Dist, Hyderabad-500032, Telangana, India

'''Registration Link:'''

https://www.meraevents.com/event/owasp-hyderabad-september-2018-chapter-meet?ucode=organizer

'''Agenda:'''
{| class="wikitable"
|'''Registration & Networking'''
|-
|Welcome and Overview by OWASP Core Team

Welcome note by S&P Global Team

Welcome & Overview of Meeting by OWASP Network Representative
|-
|'''Running Frida on jailed devices by using Frida and to bypass root/jailbreak detection – By Satish Kumar Patnayak'''

About Speaker : Information Security Consultant with 7+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. His areas of interest are android security, ios security
|-
|Refreshments / Tea Break
|-
|'''SSRF Exploit Development – By Aayush Deo'''

About Speaker : Good industry experience in information security and completed my BE from PUNE University. Have worked with shopclues.com, an eCommerce company in the past and have couple of Hall of Fame’s on ZETA, Paytm etc.
|-
|Networking Lunch
|-
|'''Mobile Vulnerabilities worth Millions - Pentesting and Securing iOS Apps using OWASP iGoat – By Swaroop Deepak Yermalkar'''

About Speaker : works as Sr Security Engineer with a diverse skill set focused on Mobile App Pentest, Web, API and AWS Pentesting. In addition he has authored the popular book “Learning iOS Pentesting” (<nowiki>https://goo.gl/T8jvjJ</nowiki>) and lead an open source project - OWASP iGoat (<nowiki>https://github.com/OWASP/iGoat-Swift</nowiki>) which is developed for mobile security. He is one of the top bug bounty researchers worldwide, working with Cobalt.io (<nowiki>https://app.cobalt.io/swaroopsy</nowiki>), Synack.inc.

He has given talks and workshops at many security conferences including AppSec USA 2017, BruCON, SEC-T, EuropeanSec, Hacks in Taiwan (HITCON), GroundZero, c0c0n, 0x90, GNUnify
|-
|'''OS Command Injection - Observation, Attack & Analysis (A1 - OWASP Top 10 2017) - By Bhaskar Puppala and Saikrishna Gobburi'''

About Speaker: Bhaskar Puppala is an Information Security Professional, working as a consultant for a fortune 500 company and has 8.5 years of experience. He is more interested in application security area and love to share his knowledge when possible. He also has some experience in bug bounty programs and listed on couple of Security Hall of Fames.

For more details please visit : <nowiki>https://in.linkedin.com/in/bhaskar-puppala-3bb11316</nowiki>

About Speaker: Saikrishna Gobburi has around 8.5 years of work experience on QA automation, performance and security testing .Currently he is working as Principal engineer with Pramati technologies. He is also associated as core member with OWASP-Hyderabad.

For more details please visit: <nowiki>https://www.linkedin.com/in/saikrishna-gobburi-b0088118/</nowiki>
|-
|Refreshments / Tea Break
|-
|Panel Discussion – Corporate attack methodology vs Attacks in the wild (Resource pool: Demand vs Supply)
Panel to be announced
|-
|Closing - Network Business / Announce Next Meeting – By OWASP Team
|-
|''Network Social''
|}
'''Sponsor :'''
{| class="wikitable"
![[File:Session_Photos.jpg|thumb|S and P]]
![[File:Session_Photos1.jpg|thumb|S and P]]
![[File:Session_Photos2.jpg|thumb|S and P]]
|} [[File:SP.png|frameless|168x168px]]
== July - 2018[edit | edit source] ==
'''Time & Venue:'''
[[File:July 2018 Core Team meet.jpg|thumb|July 2018 Core Team Meet]]
@28/July/2018

CCD, Banjara Hills, Hyderabad, Telangana.

'''Agenda:'''

1. Planning for Sep 2018 OWASP meet - '''Done'''

2. Telegraph Group Mentoring - '''Done'''

3. Speakers Finalizing - '''Done'''

'''Attendees : Hyderabad OWASP Core Team'''

[[File:CoMakeIT - June 2018 Meet Pic 2.jpg|thumb|CoMakeIT - June 2018 Meet]]

== June - 2018 ==
[[File:CoMakeIT - June 2018 Meet.jpg|alt=CoMakeIT - June 2018 Meet|thumb|CoMakeIT - June 2018 Meet]]
'''Venue: coMakeIT Software Pvt Ltd'''

Address: 7th Floor, Block-I, My Home Hub, Hitech City, Madhapur, Hyderabad, INDIA

'''Event Start Time:''' Saturday, 23rd June, 2018 at 10:00 AM (IST)

'''Event Registration URL''': https://tinyurl.com/yc9cb6hg

'''Agenda:'''

'''1) Adapting to DevSecOps in Agile World'''

In this talk, speaker will try talk about basics of DevSecOps and its benefits when we integrate it in Agile SDLC space.

'''2) Understanding the internals of 'Server-Side Request Forgery' (SSRF)'''

Here speaker will try to touch the basics about how application communicates with end devices and using the same he will try to explain SSRF issue and criticality of it, if exploited.

'''About Speakers:'''

'''1) Saikrishna Gobburi''' has around 8.5 years of work experience on QA automation, performance and security testing .Currently he is working as Principle engineer with Pramati technologies. He is also associated as core member with OWASP-Hyderabad. For more details please visit: <nowiki>https://www.linkedin.com/in/saikrishna-gobburi-b0088118/</nowiki>

'''2) Bhaskar Puppala''' is an Information Security Professional, working as a consultant for a fortune 500 company and has 8.5 years of experience. He is more interested in application security area and love to share his knowledge when possible. He also has some experience in bug bounty programs and listed on couple of Security Hall of Fames. For more details please visit : <nowiki>https://in.linkedin.com/in/bhaskar-puppala-3bb11316</nowiki>

'''Our Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Our Twitter URL:''' https://twitter.com/owasphyderabad

'''Our Telegram URL:''' https://goo.gl/EHqdLM

== Mar - 2018 ==
[[File:Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet.jpg|alt=Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet|thumb|Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet]]
'''Venue: Daspalla Hotel'''
[[File:Daspalla_Hotel_-_Meet.jpg|thumb|Daspalla Hotel Meet - Mar 2018]]

Address: Rd Number 37, CBI Colony, Jubilee Hills, Hyderabad, Telangana 500033, Phone: 040 6654 5678

'''Event Start Time:''' Saturday, 10th Mar, 2018 at 10:00 AM (IST)

'''Agenda:'''

'''1) Does your Pentesting cover all the basis of IT Security ?'''

This talk focuses on how to align the security validation of a web application with the three basic elements of security namely,Confidentiality,Integrity, and Availability (CIA). The test effectiveness can be achieved by analyzing the requirements of each element and identifying the potential breaches that can compromise each element. The efficiency should be built by relating these breaches with the known OWASP Top 10 and other vulnerabilities and, leveraging that knowledge to identify the testing approach - static and dynamic throughout the SDLC.

'''About Speakers:'''

'''Bhushan Gupta''' has over 30 years of experience in software engineering, 23 of which have been in the software industry. Although recognized for his contributions in the areas of software engineering such as agile processes and quality methods and metrics, Bhushan has taken a vigorous interest in web application security and is keen on applying pragmatic software development practices that yield a secure product. He is one of the leaders of the OWASP Portland Chapter. Bhushan has been a speaker, a panelist, and a reviewer for software quality and security organizations. As a change agent, Bhushan volunteers his time and energy for organizations that promote software security and quality. He has a MS degree in Computer Science from New Mexico Institute of Mining and Technology, Socorro, New Mexico, 1985.

'''Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Twitter URL:''' https://twitter.com/owasphyderabad

'''Telegram URL:''' https://goo.gl/EHqdLM

'''Registration URL:''' https://goo.gl/tEXnec

== Feb-2018 ==

=== '''Venue: coMakeIT''' ===
7th Floor, Block-I, My Home Hub, Hitech City, Madhapur, Hyderabad, INDIA

'''Time:''' Saturday, 03rd Feb, 2018 at 10:30 AM (IST)

'''Agenda:'''

1) Mobile Application Pentest & Mobile Application Ransomware

2) Using Static Analyser tools while coding

'''About Speakers:'''

1) '''Spv Reddy''' is an Application Security Analyst at '''IMImobile Pvt Ltd''', member of '''National Technical Committee Member''' at National Cyber Safety and Security Standards

Also a '''Steering Committee Lead''' Member in National Information Security Summit.

2) '''Dathu Rachapudi''' is having 9 years of experience with 6+ years into Application Security only. He is currently working with '''ValueLabs''' as a “Technical Lead-Security”

He likes to teach and a happy a bug hunter during his leisure time.

== Dec-2017 ==
[[File:WhatsApp Image 2017-12-15 at 11.09.39 PM.jpg|thumb]]
'''Time & Venue:'''

@15/Dec/2017

KFC location, Shilparamam, Hi-Tech city, Hyderabad

'''Agenda:'''

1. Planning for Jan 20th 2018 general OWASP meet - '''Done'''

2. Need to clear OWASP mail account - '''Done'''

'''Attendees : Hyderabad OWASP Core Team'''

== Sec-2017 ==
[[File:WhatsApp Image 2017-12-15 at 10.13.27 PM.jpg|thumb]]
'''Time & Venue:'''

@03/Sep/2017

Cafe Coffee day, Road Number 10, Banjara Hills, Hyderabad

'''Below decisions were made after careful discussions'''

1. Uploading of OWASP presentation template, speakers should make use of this template to prepare their presentation

2. Recording the technical demo is mandate for presenters

'''Attendees : Hyderabad OWASP Core Team'''

== July 2017 ==
'''Time & Venue:'''

OpenText Technologies, Building No-14, 3rd Floor, Raheja Mindspace, HITEH City, Hyderabad

Saturday, July 15th, 2017 at 10:30 AM (IST)

'''Agenda:'''

1. Introduction to DevOps and its Tools - Krishna Reddy Pedala

2. API Security Auditing using RESTED Plug-in - Vikas Kumar Pal

'''About the speaker:'''

'''Krishna Reddy Pedala''' is currently working as an Sr.Information Security consultant in financial sector. His previous endeavour was with Microsoft and has 9+ years of experience in Information security domain with expertise in service industry and banking domains.

'''Vikas Kumar Pal''' is an information security professional working with Ceredox Technologies Pvt Ltd, Hyderabad with an interest in research and development in the areas of Application Security, Penetration Testing and Web Application Development.

== Feb 2017 ==

'''Time & Venue:'''

Starbucks, Opp: Cybergateway, HiTech City, Hyderbad

Monday, February 20th, 2017 at 7.30 PM (IST)

'''Agenda:'''

Topic: New Core Team Meeting

Road map for year 2017

Changes in core team members responsibilities

Getting OWASP accounts for core members

Administration of all social accounts of OWASP Hyderabad Chapter

== April 2016 ==
'''Time & Venue:'''

OpenText Technologies, Building No-14, 3rd Floor, Raheja Mindspace, HITEH City, Hyderabad

Saturday, April 2nd, 2016 at 10:30 AM (IST)

'''Agenda:'''

Topic: Mobile application security and testing by Satish Kumar Patnaik

About the speaker - Satish Kumar Patnayak : he is currently working as an Senior Information Security Consultant financial sector and has 5+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. His areas of interest are android security, ios security.

==February 2016==

'''Time & Venue:'''

Saturday, February 27th, 2016 at 10:30 AM (IST)

Location: Pramati Technologies Private Limited, Mid Town 6-3-348 Road No. 1, Banjara Hills, Hyderabad, Telangana, India

'''Agenda:'''

Microsoft Threat Modeling Tool 2016 by Krishna Reddy Padala

Creating DFD STRIDE Model Identifying STRIDE Threats by DFD, Mitigation Techniques and Technologies

'''About the speaker:''' Krishna Reddy Padala, he is currently working as an Senior Information Security Consultant financial sectore and worked with Microsoft and has 8+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. QUALYS GUARD Certified Vulnerability Management Specialist.Certified Ethical Hacker from EC Council.Worked extensively on Web Application Security, Secure Code Reviews in Banking & Financial, Healthcare, Retail, Logistics domains.

== '''Previous Meets:''' ==

==May 11, 2013==

'''Venue:'''

CA Technologies, 115, IT Park Area, Nanakramguda, Gachibowli - (Phone - 040 6687 8000), Hyderabad

'''Agenda:''' Exploiting Java 0-day by Ravindra and Raghuveer, CA Technologies Compliance and Governance by Shalem Raj, Cognizant.

==February 9, 2013==

'''Date & Time: Saturday, February 9, 2013 from 10:00 AM to 1:00 PM '''

'''Venue:'''
CA Technologies 
115, IT Park Area 
Nanakramguda, Gachibowli - (Phone - 040 6687 8000) 
Hyderabad

'''Agenda:'''
IBM Appscan - An automated approach to web app security by Rohit Tamma 
Insecure Storage in iPhone applications by Satish Bommisetty

''' Speakers: '''

'''Rohit Tamma'''
Rohit Tamma has been working in the field of Application Security since 3.5 years. He has experience in Vulnerability Assessments and Penetration Testing of web applications. He is passionate about Mobile security with special interest in Android security. He is currently working with ADP.

'''Satish Bommisetty'''
Satish is an Information Security Professional with 6.5 years of experience in penetration testing of web applications and mobile applications. He is currently working with ADP as a security analyst. He is a Facebook whitehat. He also reported vulnerabilities in Bing, Linkedin and Paypal.

== October 27, 2012 ==

'''Date & Time: Saturday, October 27, 2012 at 11:00 AM (IST) '''.

'''Venue:'''

Invesco private Limited 
15th Floor , North Block, Beside Raidurg Police Station 
DivyaSree Orion SEZ 
Hyderabad, Andhra Pradesh 500032 

'''Agenda:'''

A bird'd eye view of securing Web Applications by Imran Mohammed

SSDLC BSIMM by M S Sripathi

''' Speakers '''

'''Imran Mohammed'''

Mohammed Imran works as Researcher at TCS, Innovation Labs. He also leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Imran is a CEH and his interests include application security assessment, penetration testing and secure code review. When not at work he practices horse riding and marksmanship.

'''Sreepati M S '''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him .

'''Sponsor'''

Invesco Pvt Ltd

== August 11, 2012 ==

'''Date & Time: Saturday, Aug 11, 2012 at 10:30 AM '''.

'''Venue:'''

ADP pvt ltd 
Kothaguda 
Ground floor, Block C Laxmi cyber city Opposite TCS e-park 
Hyderabad, Andhra Pradesh 500081 

'''Agenda:'''

HTML5 Security Part II by Krishna Chaitanya

''' Speakers '''

'''Krishna Chaitanya T'''

Krishna Chaitanya T is a web geek working at Security & Privacy Research Lab, Infosys Labs. He is very much passionate about the web with special interest on Web security and areas such as HTML5, JavaScript, Web browsers, social networking platforms etc. He is a regular blogger and speaker at technical events. For his contributions to technical communities, he has been awarded Microsoft MVP award for 3 consecutive years-ASP.NET MVP(2010) and Internet Explorer MVP (2011, 2012). He is also pursuing M.S by Research at IIIT-Hyd with focus on security aspects of the modern web. When not at work he practices Yoga and plays Chess.

'''Sponsor'''

https://www.owasp.org/images/9/91/Adp.jpg

== May 19, 2012 ==

'''Date & Time: Saturday, May 19, 2012 at 10:30 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

HTML5 Security by Krishna Chaitanya

''' Speakers '''

'''Krishna Chaitanya T'''

Krishna Chaitanya T is a web geek working at Security & Privacy Research Lab, Infosys Labs. He is very much passionate about the web with special interest on Web security and areas such as HTML5, JavaScript, Web browsers, social networking platforms etc. He is a regular blogger and speaker at technical events. For his contributions to technical communities, he has been awarded Microsoft MVP award for 3 consecutive years-ASP.NET MVP(2010) and Internet Explorer MVP (2011, 2012). He is also pursuing M.S by Research at IIIT-Hyd with focus on security aspects of the modern web. When not at work he practices Yoga and plays Chess.

== February 25, 2012 ==

'''Date & Time: Saturday, February 25, 2012 at 11:00 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

How to find zero days in web applications by Imran & Raghunath

''' Speakers '''

'''Mohammed Imran'''

Imran works as Application Security Researcher at Tata consultancy services,leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Apart from his day job he contributes to matriux and Fedora open source projects. Imran is a CEH and his interests include application security assessment, penetration testing and code review.

'''Raghunath'''

Raghunath works as a senior security engineer at entersoft information systems private limited. His interests include web application penetration testing.

== December 17, 2011 ==

'''Date & Time: Saturday, at 10:30 AM '''.

'''Venue: '''

Hotel Sitara Grand 
Road No.12, Road No.12, Banjara Hills 
Hyderabad, Andhra Pradesh 500034, India 

'''Agenda:'''

Cloud Security by Arshad Noor

''' Speakers '''

'''Arshad Noor'''
Chief Technology Officer
StrongAuth, Inc., Sunnyvale, California

Started his great profession as a senior systems designer way back in 1986 at Port Authority of Newyork and New Jersey,- Newyork and worked in Citibank - newyork as Vice President apart from Newyork Life Insurance, BASF Corporation, Sun IT ,Sun Microsystems, INC to name.
Architected and built several Public Key Infrastructure (PKI) assignments for several defense, communication, medical, Banking, e-commerce, life sciences and other industries.

== November 12, 2011==

'''Date & Time: Saturday, at 10:30 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

HP WebInspect by Rohit Tamma

Pentesting Iphone Applications By B Satish

''' Speakers '''

'''Rohit Tamma'''

Rohit Tamma (CEH) has been working as a Application security Analyst in TCS from past 2 years. His job responsibilities include Vulnerability Assessment and Penetration Testing which enabled him to acquire extensive knowledge on HP WebInspect,IBM Rational Appscan Source Edition and HP Assessment Management Platform. Recently he also gave a presentation in Null Hyderabad meet on HP WebInspect.

'''Satish B'''

Satish has been working as a web application penetration tester since 5 years. Pentested over 200 web applications during this period. Recently he got involved in reverse engineering of binaries, WLAN security and mobile application hacking. He also Performed a couple of network assessments and source code reviews. Developed a compiler in the early stage of the career. He has a Bachelor’s Degree in Computer Science from JNTU, Hyderabad.Passionate about hacking and sharing knowledge.

== 20th August 2011 ==

'''Date & Time: Saturady, at 11 AM '''

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

Oracle Padding Attack by B. Satish

Open SAM part II by Sripati MS

''' Speakers '''

'''B Satish'''

I have been working as a web application penetration tester since 5 years. Pentested over 200 web applications during this period. Recently got involved in reverse engineering of binaries, WLAN security and mobile application hacking. Performed a couple of network assessments and source code reviews. Developed a compiler in the early stage of the career. I have a Bachelor’s Degree in Computer Science from JNTU, Hyderabad. Passionate about hacking and sharing knowledge

'''Sreepati M S'''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him

== July 2011 ==

'''Date: 23/07/2011 saturady of at 12:00 Noon '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

Presentation on Burp Suite by Omair Seminar on Open SAM by Sreepati

''' Speakers '''

'''Sreepati M S '''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him

 

'''Omair '''

Omair works as penetration tester in NII consulting, has over 5 years of experience in Penetration testing. His interests include Network Penetration testing, Exploit generation and Reverse engineering

 ''' Facility Sponsor & Refreshment sponsor'''

3i Infotech

[[Image:3i Infotech.png]]

 

== june 2011 ==

'''Meet on:''' 11/06/2011 saturday

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Facility Sponsor & Refreshment sponsor''' 

Cognizant Technology Solutions

 

[[Image:Cognizant.png|273x86px|Cognizant.png]]

 

== May 2011 ==

'''Meet on:''' 07/05/2011 saturday

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

XSS Autopsy and w3af by Imran

''' Speakers '''

'''Mohammed Imran'''

Imran works as Application Security Researcher at Tata consultancy services,leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Apart from his day job he contributes to matriux and Fedora open source projects. Imran is a CEH and his interests include application security assessment, penetration testing and code review.

'''Sponsor''' 

Cognizant Technology Solutions

 

==== Audio/Video/Slides Archive ====

<paypal>Hyderabad</paypal>

__NOTOC__ <headertabs></headertabs>

[[Category:OWASP_Chapter]]
[[Category:Asia/Pacific/Middle East]]
[[Category:India]]
[[Category:Hyderabad]]

Hyderabad

2019-03-07T17:17:53Z

Raj Shalem: /* July - 2018[edit | edit source] */

Welcome to the OWASP Hyderabad chapter homepage.

== OWASP - Hyderabad Chapter Board Members ==
Scope of the board is to discuss and approve local activities, meetings and plans.The board meetings will be announced at a later date. 

'''The board currently includes the following members :'''
* '''OWASP Hyderabad chapter: 'Core Team'''' (Members since 2017) [mailto:gshalemraj@gmail.com Shalem Raj - Cognizant Technology Solutions] : Chapter Leader [mailto:rajesh.gopal@owasp.org Rajesh Gopal - Fortune 500 Organisation] [mailto:bhaskar.puppala@owasp.org Bhaskar Puppala - Fortune 500 Organisation] [mailto:sathya.achanta@owasp.org Achanta Sathya Phani Bapi Raju - CSC] [mailto:saikrishna.gobburi@owasp.org Saikrishna Gobburi - Pramati Technologies Pvt Ltd] 
* '''OWASP Hyderabad chapter: 'Board of Advisors'''' (Members since Mar-2019)
# Vasudeva Aremanda - Genpact
# Riyaz Shaik - FX Labs
# Krishna Chaitanya Suraparaju - Cycops (Founder)
Information about future meets can be seen in the '''''Upcoming Meetings''''' section below.

== '''Location Details''' ==

Hyderabad is the capital of southern India's Telangana state. A major center for the technology industry, it's home to many upscale restaurants and shops. Its historic sites include Golconda Fort, a former diamond-trading center that was once the Qutb Shahi dynastic capital. The Charminar, a 16th-century mosque whose 4 arches support towering minarets, is an old city landmark near the long-standing Laad Bazaar.

[[File:Hydskyline.jpg|Panorama of Hyderabad, as seen from the Hussain Sagar lake. Source: https://en.wikipedia.org/wiki/Hyderabad#/media/File:Hydskyline.jpg|center|1150x1150px]]

More details about Hyderabad location available @https://en.wikipedia.org/wiki/Hyderabad<nowiki/>{{Chapter Template|chaptername=Hyderabad|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-hyderabad|emailarchives=http://lists.owasp.org/pipermail/owasp-hyderabad}}
== Participants ==

OWASP Local Chapter meetings are free and open. Our chapter's meetings are informal and encourage open discussion of all aspects of application security. Anyone in our area interested in web application security is welcome to attend. We encourage attendees to give short presentations about specific topics.

 Stay Updated

'''[https://lists.owasp.org/mailman/listinfo/owasp-hyderabad Click here to join the local chapter mailing list]'''

'''Follow''' OWASP Hyderabad on your favorite social media sites:

[[Image:Twitter mini.png|link=http://twitter.com/OWASPHyderabad]] [[Image:Facebook mini.png|link=https://www.facebook.com/pages/Owasp-Hyderabad/181569591897591]]

'''Share''' OWASP Hyderabad on your favorite social media sites:

Presentations are invited from speakers, Please contacts us at our Telegram Group @https://goo.gl/EHqdLM

(Don't share personal details like contact numbers here, because its an open group, your privacy is our concern)

Presenters are encouraged to use OWASP presentation template for slides preparation.

Follow us at our Telegram, Twitter and Facebook handles to get latest information !

== Presentations and Training[edit | edit source] ==
OWASP Track

[https://www.owasp.org/index.php/Speaker_Agreement Speaker Agreement]

[https://www.owasp.org/images/b/b3/OWASP_Presentation_Template_v2.zip Presentation Template]

[https://www.owasp.org/index.php/Image:CFP_template.doc Call For Papers Template]

[https://www.owasp.org/images/8/85/OWASP_CFT_Template-1-.doc Call For Training proposal template].

[http://www.owasp.org/images/4/4b/SAMPLE_Training_Instructor_Agreement.doc Training Instructor Agreement]

== '''Upcoming Meetings & Events''' ==
''Stay tuned for 2019 updates - Exciting activities are under plan !''

== [[Meeting]] Details: ==

== Mar - 2019 - One-Day Conference ==
'''Organized''' '''by''' : S&P Global

'''Date :''' '''09/Mar/2019'''

'''Timings :''' 9.00 AM Registration starts

'''Event :''' 10.00 AM to 06.00 PM IST

'''Venue :''' @Ness Software Engineering Services India ,LLP, '''4th Floor, Block 5, East Tower,''' '''North wing Divyasree NSL Infrastructure Pvt''', ,Sy No.66/1, Raidurgam Village, Serlingampally Mandal, RR Dist, Hyderabad-500032, Telangana, India

'''Registration Link:''' https://www.meraevents.com/event/owasp-hyderabad-chapter-march-2019-oneday-meet-by-sandp-global
{| class="wikitable"
|'''Registration & Networking'''
|-
|Welcome and Overview by OWASP Core Team:

''Felicitation to Guest of Honor: '''G Janaki Sharmila''' - Dy. Commissioner of Police - Crime''

http://www.cyberabadpolice.gov.in/crime-wing/dcp-crimes.html

''Welcome note by S&P Global Team''
|-
|'''Authentication in API, Microservices Architecture''' '''and Cloud Security''' – By ''Varun Kumar Srivastava'':

Varun is principal Engineer with 9 + years of experience in developing and securing web applications and expertise in Application Security, Identity and Access management, He is a computer science graduate from IIT
|-
|Refreshments / Tea Break
|-
|'''''Panel Discussion''''' ''(Cybersecurity Readiness – Maturity and Capability)''

Dr. Bheemarjuna Reddy Tamma - Associate Professor, IIT Hyderabad - https://www.iith.ac.in/~tbr/

Dr. V. Radha, Associate Professor, Institute for Development and Research in Banking Technology (IDRBT) - http://idrbt.ac.in/vradha.html

Mr. Veeraindhra Dinker, Director Information Security at GSS Infotech Hyderabad - https://www.linkedin.com/in/vdinker

Mr. Venu Rao , Founder and CEO - We Secure App - https://www.linkedin.com/in/venu-rao-wsa
|-
|'''Networking Lunch -'''

'''Registrations for Onsite Hackathon by Secure Code Warrior'''
|-
|'''Executive Briefing: Secure Software Development''' – By Satish Kumar Vadlakonda: Satish is Associate Director with 12 + years of broad industry experience in to software design, architecture and development. Specialized in Web and Windows applications development with a strong acquaintance to the best practices of Agile, UX, UI and Information security
|-
|'''An Introduction to IOT firmware analysis and Security''' – By ''Vivek Rengarajan:''

Vivek is a cybersecurity team leader in a multinational bank with almost 18 years of experience. He has held varied roles in his career and has been a cyber security enthusiast for a long time. His areas of interest include mobile and ioT security, Malware analysis and reverse engineering and exploit development. He tweets at @vivek_310
|-
|Refreshments / Tea Break
|-
|'''''Onsite Hackathon (CTF) by''''' '''''Secure Code Warrior''': '''(3 Hours)'''''[[File:SCW LOGO.png|thumb]]

''Secure Code Warrior is a global security company that makes software development better and more secure: Gamified competitive Developer Quality Assurance platform''

https://securecodewarrior.com , https://insights.securecodewarrior.com

'''Announcement of the winners and Prize distribution:'''

'''The participants can form a group up to 3 members each or can participate individually'''

Watch as you climb to the top of the leaderboard and be crowned the ‘Secure Code Warrior.’ We are giving away prizes:

The following are prizes :

· 1st - 3x t-shirt, Rs. 3001 Amazon voucher each from '''SCW''' and 9000 Amazon gift card from '''S&P Global'''

· 2nd - 3x t-shirt from '''SCW''' – 5000 Amazon gift card from '''S&P Global'''

· 3rd - 3x t-shirt from '''SCW''' – 3000 Amazon gift card from '''S&P Global'''
|-
|'''Vote of Thanks'''

Closing: Network Business / Announce Next Meeting – By OWASP Team
|-
|Meeting Concludes: ''Network Social''
|}

== Dec - 2018 ==
[[File:Session Photo.jpg|thumb]]
[[File:Group Photo.jpg|thumb]]
'''Organized''' '''by''' : ThoughtWorks Technologies Private Limited

'''Date :''' 15/Dec/2018

'''Timings :''' 10.00 AM to 1.00 PM IST

'''Venue :''' ThoughtWorks Technologies Private Limited, Hyderabad, Telangana, India

'''Registration Link:''' https://www.eventbrite.com/e/owasp-hyderabad-december-2018-chapter-meet-tickets-53371662078#

'''Agenda:'''

'''1) All about Java Deserialization Vulnerability'''

Java Deserialization of untrusted data has been a security buzzword for the past couple of years with almost every application using native Java serialization framework being vulnerable to Java deserialization attacks. Since it's inception, there have been many scattered attempts to come up with a solution to best address this flaw. In this talk we will focus on Java deserialization vulnerability and mitigation framework provided by Oracle in its latest JDK.

'''About Speakers:''' Venkata Suresh Sanga is a Principle Security Engineer in Oracle having more than 13+ years of experience in Application Development and Security. Currently working on SAST Tools to remediate or mitigate the Application Vulnerabilities. He has Masters in Computer Science (M.Tech) from Andhra University. Linkedin : <nowiki>https://in.linkedin.com/in/svsuresh-appse</nowiki>

'''Our Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Our Twitter URL:''' https://twitter.com/owasphyderabad

'''Our Telegram URL:''' https://goo.gl/EHqdLM

== Sept-2018 - One-Day Conference ==
'''Organized''' '''by''' : S&P Global and Ness

'''Date :''' 01/Sept/2018

'''Timings :''' 10.00 AM to 05.30 PM IST

'''Venue :''' @Ness Software Engineering Services India ,LLP, 4th Floor, Block 5, East Tower, '''North wing Divyasree NSL Infrastructure Pvt''', ,Sy No.66/1, Raidurgam Village, Serlingampally Mandal, RR Dist, Hyderabad-500032, Telangana, India

'''Registration Link:'''

https://www.meraevents.com/event/owasp-hyderabad-september-2018-chapter-meet?ucode=organizer

'''Agenda:'''
{| class="wikitable"
|'''Registration & Networking'''
|-
|Welcome and Overview by OWASP Core Team

Welcome note by S&P Global Team

Welcome & Overview of Meeting by OWASP Network Representative
|-
|'''Running Frida on jailed devices by using Frida and to bypass root/jailbreak detection – By Satish Kumar Patnayak'''

About Speaker : Information Security Consultant with 7+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. His areas of interest are android security, ios security
|-
|Refreshments / Tea Break
|-
|'''SSRF Exploit Development – By Aayush Deo'''

About Speaker : Good industry experience in information security and completed my BE from PUNE University. Have worked with shopclues.com, an eCommerce company in the past and have couple of Hall of Fame’s on ZETA, Paytm etc.
|-
|Networking Lunch
|-
|'''Mobile Vulnerabilities worth Millions - Pentesting and Securing iOS Apps using OWASP iGoat – By Swaroop Deepak Yermalkar'''

About Speaker : works as Sr Security Engineer with a diverse skill set focused on Mobile App Pentest, Web, API and AWS Pentesting. In addition he has authored the popular book “Learning iOS Pentesting” (<nowiki>https://goo.gl/T8jvjJ</nowiki>) and lead an open source project - OWASP iGoat (<nowiki>https://github.com/OWASP/iGoat-Swift</nowiki>) which is developed for mobile security. He is one of the top bug bounty researchers worldwide, working with Cobalt.io (<nowiki>https://app.cobalt.io/swaroopsy</nowiki>), Synack.inc.

He has given talks and workshops at many security conferences including AppSec USA 2017, BruCON, SEC-T, EuropeanSec, Hacks in Taiwan (HITCON), GroundZero, c0c0n, 0x90, GNUnify
|-
|'''OS Command Injection - Observation, Attack & Analysis (A1 - OWASP Top 10 2017) - By Bhaskar Puppala and Saikrishna Gobburi'''

About Speaker: Bhaskar Puppala is an Information Security Professional, working as a consultant for a fortune 500 company and has 8.5 years of experience. He is more interested in application security area and love to share his knowledge when possible. He also has some experience in bug bounty programs and listed on couple of Security Hall of Fames.

For more details please visit : <nowiki>https://in.linkedin.com/in/bhaskar-puppala-3bb11316</nowiki>

About Speaker: Saikrishna Gobburi has around 8.5 years of work experience on QA automation, performance and security testing .Currently he is working as Principal engineer with Pramati technologies. He is also associated as core member with OWASP-Hyderabad.

For more details please visit: <nowiki>https://www.linkedin.com/in/saikrishna-gobburi-b0088118/</nowiki>
|-
|Refreshments / Tea Break
|-
|Panel Discussion – Corporate attack methodology vs Attacks in the wild (Resource pool: Demand vs Supply)
Panel to be announced
|-
|Closing - Network Business / Announce Next Meeting – By OWASP Team
|-
|''Network Social''
|}
'''Sponsor :'''
{| class="wikitable"
![[File:Session_Photos.jpg|thumb|S and P]]
![[File:Session_Photos1.jpg|thumb|S and P]]
![[File:Session_Photos2.jpg|thumb|S and P]]
|}
[[File:SP.png|168x168px|Sponsor|left|frameless]]

== July - 2018[edit | edit source] ==
'''Time & Venue:'''
[[File:July 2018 Core Team meet.jpg|thumb|July 2018 Core Team Meet]]
@28/July/2018

CCD, Banjara Hills, Hyderabad, Telangana.

'''Agenda:'''

1. Planning for Sep 2018 OWASP meet - '''Done'''

2. Telegraph Group Mentoring - '''Done'''

3. Speakers Finalizing - '''Done'''

'''Attendees : Hyderabad OWASP Core Team'''

[[File:CoMakeIT - June 2018 Meet Pic 2.jpg|thumb|CoMakeIT - June 2018 Meet]]

== June - 2018 ==
[[File:CoMakeIT - June 2018 Meet.jpg|alt=CoMakeIT - June 2018 Meet|thumb|CoMakeIT - June 2018 Meet]]
'''Venue: coMakeIT Software Pvt Ltd'''

Address: 7th Floor, Block-I, My Home Hub, Hitech City, Madhapur, Hyderabad, INDIA

'''Event Start Time:''' Saturday, 23rd June, 2018 at 10:00 AM (IST)

'''Event Registration URL''': https://tinyurl.com/yc9cb6hg

'''Agenda:'''

'''1) Adapting to DevSecOps in Agile World'''

In this talk, speaker will try talk about basics of DevSecOps and its benefits when we integrate it in Agile SDLC space.

'''2) Understanding the internals of 'Server-Side Request Forgery' (SSRF)'''

Here speaker will try to touch the basics about how application communicates with end devices and using the same he will try to explain SSRF issue and criticality of it, if exploited.

'''About Speakers:'''

'''1) Saikrishna Gobburi''' has around 8.5 years of work experience on QA automation, performance and security testing .Currently he is working as Principle engineer with Pramati technologies. He is also associated as core member with OWASP-Hyderabad. For more details please visit: <nowiki>https://www.linkedin.com/in/saikrishna-gobburi-b0088118/</nowiki>

'''2) Bhaskar Puppala''' is an Information Security Professional, working as a consultant for a fortune 500 company and has 8.5 years of experience. He is more interested in application security area and love to share his knowledge when possible. He also has some experience in bug bounty programs and listed on couple of Security Hall of Fames. For more details please visit : <nowiki>https://in.linkedin.com/in/bhaskar-puppala-3bb11316</nowiki>

'''Our Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Our Twitter URL:''' https://twitter.com/owasphyderabad

'''Our Telegram URL:''' https://goo.gl/EHqdLM

== Mar - 2018 ==
[[File:Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet.jpg|alt=Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet|thumb|Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet]]
'''Venue: Daspalla Hotel'''
[[File:Daspalla_Hotel_-_Meet.jpg|thumb|Daspalla Hotel Meet - Mar 2018]]

Address: Rd Number 37, CBI Colony, Jubilee Hills, Hyderabad, Telangana 500033, Phone: 040 6654 5678

'''Event Start Time:''' Saturday, 10th Mar, 2018 at 10:00 AM (IST)

'''Agenda:'''

'''1) Does your Pentesting cover all the basis of IT Security ?'''

This talk focuses on how to align the security validation of a web application with the three basic elements of security namely,Confidentiality,Integrity, and Availability (CIA). The test effectiveness can be achieved by analyzing the requirements of each element and identifying the potential breaches that can compromise each element. The efficiency should be built by relating these breaches with the known OWASP Top 10 and other vulnerabilities and, leveraging that knowledge to identify the testing approach - static and dynamic throughout the SDLC.

'''About Speakers:'''

'''Bhushan Gupta''' has over 30 years of experience in software engineering, 23 of which have been in the software industry. Although recognized for his contributions in the areas of software engineering such as agile processes and quality methods and metrics, Bhushan has taken a vigorous interest in web application security and is keen on applying pragmatic software development practices that yield a secure product. He is one of the leaders of the OWASP Portland Chapter. Bhushan has been a speaker, a panelist, and a reviewer for software quality and security organizations. As a change agent, Bhushan volunteers his time and energy for organizations that promote software security and quality. He has a MS degree in Computer Science from New Mexico Institute of Mining and Technology, Socorro, New Mexico, 1985.

'''Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Twitter URL:''' https://twitter.com/owasphyderabad

'''Telegram URL:''' https://goo.gl/EHqdLM

'''Registration URL:''' https://goo.gl/tEXnec

== Feb-2018 ==

=== '''Venue: coMakeIT''' ===
7th Floor, Block-I, My Home Hub, Hitech City, Madhapur, Hyderabad, INDIA

'''Time:''' Saturday, 03rd Feb, 2018 at 10:30 AM (IST)

'''Agenda:'''

1) Mobile Application Pentest & Mobile Application Ransomware

2) Using Static Analyser tools while coding

'''About Speakers:'''

1) '''Spv Reddy''' is an Application Security Analyst at '''IMImobile Pvt Ltd''', member of '''National Technical Committee Member''' at National Cyber Safety and Security Standards

Also a '''Steering Committee Lead''' Member in National Information Security Summit.

2) '''Dathu Rachapudi''' is having 9 years of experience with 6+ years into Application Security only. He is currently working with '''ValueLabs''' as a “Technical Lead-Security”

He likes to teach and a happy a bug hunter during his leisure time.

== Dec-2017 ==
[[File:WhatsApp Image 2017-12-15 at 11.09.39 PM.jpg|thumb]]
'''Time & Venue:'''

@15/Dec/2017

KFC location, Shilparamam, Hi-Tech city, Hyderabad

'''Agenda:'''

1. Planning for Jan 20th 2018 general OWASP meet - '''Done'''

2. Need to clear OWASP mail account - '''Done'''

'''Attendees : Hyderabad OWASP Core Team'''

== Sec-2017 ==
[[File:WhatsApp Image 2017-12-15 at 10.13.27 PM.jpg|thumb]]
'''Time & Venue:'''

@03/Sep/2017

Cafe Coffee day, Road Number 10, Banjara Hills, Hyderabad

'''Below decisions were made after careful discussions'''

1. Uploading of OWASP presentation template, speakers should make use of this template to prepare their presentation

2. Recording the technical demo is mandate for presenters

'''Attendees : Hyderabad OWASP Core Team'''

== July 2017 ==
'''Time & Venue:'''

OpenText Technologies, Building No-14, 3rd Floor, Raheja Mindspace, HITEH City, Hyderabad

Saturday, July 15th, 2017 at 10:30 AM (IST)

'''Agenda:'''

1. Introduction to DevOps and its Tools - Krishna Reddy Pedala

2. API Security Auditing using RESTED Plug-in - Vikas Kumar Pal

'''About the speaker:'''

'''Krishna Reddy Pedala''' is currently working as an Sr.Information Security consultant in financial sector. His previous endeavour was with Microsoft and has 9+ years of experience in Information security domain with expertise in service industry and banking domains.

'''Vikas Kumar Pal''' is an information security professional working with Ceredox Technologies Pvt Ltd, Hyderabad with an interest in research and development in the areas of Application Security, Penetration Testing and Web Application Development.

== Feb 2017 ==

'''Time & Venue:'''

Starbucks, Opp: Cybergateway, HiTech City, Hyderbad

Monday, February 20th, 2017 at 7.30 PM (IST)

'''Agenda:'''

Topic: New Core Team Meeting

Road map for year 2017

Changes in core team members responsibilities

Getting OWASP accounts for core members

Administration of all social accounts of OWASP Hyderabad Chapter

== April 2016 ==
'''Time & Venue:'''

OpenText Technologies, Building No-14, 3rd Floor, Raheja Mindspace, HITEH City, Hyderabad

Saturday, April 2nd, 2016 at 10:30 AM (IST)

'''Agenda:'''

Topic: Mobile application security and testing by Satish Kumar Patnaik

About the speaker - Satish Kumar Patnayak : he is currently working as an Senior Information Security Consultant financial sector and has 5+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. His areas of interest are android security, ios security.

==February 2016==

'''Time & Venue:'''

Saturday, February 27th, 2016 at 10:30 AM (IST)

Location: Pramati Technologies Private Limited, Mid Town 6-3-348 Road No. 1, Banjara Hills, Hyderabad, Telangana, India

'''Agenda:'''

Microsoft Threat Modeling Tool 2016 by Krishna Reddy Padala

Creating DFD STRIDE Model Identifying STRIDE Threats by DFD, Mitigation Techniques and Technologies

'''About the speaker:''' Krishna Reddy Padala, he is currently working as an Senior Information Security Consultant financial sectore and worked with Microsoft and has 8+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. QUALYS GUARD Certified Vulnerability Management Specialist.Certified Ethical Hacker from EC Council.Worked extensively on Web Application Security, Secure Code Reviews in Banking & Financial, Healthcare, Retail, Logistics domains.

== '''Previous Meets:''' ==

==May 11, 2013==

'''Venue:'''

CA Technologies, 115, IT Park Area, Nanakramguda, Gachibowli - (Phone - 040 6687 8000), Hyderabad

'''Agenda:''' Exploiting Java 0-day by Ravindra and Raghuveer, CA Technologies Compliance and Governance by Shalem Raj, Cognizant.

==February 9, 2013==

'''Date & Time: Saturday, February 9, 2013 from 10:00 AM to 1:00 PM '''

'''Venue:'''
CA Technologies 
115, IT Park Area 
Nanakramguda, Gachibowli - (Phone - 040 6687 8000) 
Hyderabad

'''Agenda:'''
IBM Appscan - An automated approach to web app security by Rohit Tamma 
Insecure Storage in iPhone applications by Satish Bommisetty

''' Speakers: '''

'''Rohit Tamma'''
Rohit Tamma has been working in the field of Application Security since 3.5 years. He has experience in Vulnerability Assessments and Penetration Testing of web applications. He is passionate about Mobile security with special interest in Android security. He is currently working with ADP.

'''Satish Bommisetty'''
Satish is an Information Security Professional with 6.5 years of experience in penetration testing of web applications and mobile applications. He is currently working with ADP as a security analyst. He is a Facebook whitehat. He also reported vulnerabilities in Bing, Linkedin and Paypal.

== October 27, 2012 ==

'''Date & Time: Saturday, October 27, 2012 at 11:00 AM (IST) '''.

'''Venue:'''

Invesco private Limited 
15th Floor , North Block, Beside Raidurg Police Station 
DivyaSree Orion SEZ 
Hyderabad, Andhra Pradesh 500032 

'''Agenda:'''

A bird'd eye view of securing Web Applications by Imran Mohammed

SSDLC BSIMM by M S Sripathi

''' Speakers '''

'''Imran Mohammed'''

Mohammed Imran works as Researcher at TCS, Innovation Labs. He also leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Imran is a CEH and his interests include application security assessment, penetration testing and secure code review. When not at work he practices horse riding and marksmanship.

'''Sreepati M S '''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him .

'''Sponsor'''

Invesco Pvt Ltd

== August 11, 2012 ==

'''Date & Time: Saturday, Aug 11, 2012 at 10:30 AM '''.

'''Venue:'''

ADP pvt ltd 
Kothaguda 
Ground floor, Block C Laxmi cyber city Opposite TCS e-park 
Hyderabad, Andhra Pradesh 500081 

'''Agenda:'''

HTML5 Security Part II by Krishna Chaitanya

''' Speakers '''

'''Krishna Chaitanya T'''

Krishna Chaitanya T is a web geek working at Security & Privacy Research Lab, Infosys Labs. He is very much passionate about the web with special interest on Web security and areas such as HTML5, JavaScript, Web browsers, social networking platforms etc. He is a regular blogger and speaker at technical events. For his contributions to technical communities, he has been awarded Microsoft MVP award for 3 consecutive years-ASP.NET MVP(2010) and Internet Explorer MVP (2011, 2012). He is also pursuing M.S by Research at IIIT-Hyd with focus on security aspects of the modern web. When not at work he practices Yoga and plays Chess.

'''Sponsor'''

https://www.owasp.org/images/9/91/Adp.jpg

== May 19, 2012 ==

'''Date & Time: Saturday, May 19, 2012 at 10:30 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

HTML5 Security by Krishna Chaitanya

''' Speakers '''

'''Krishna Chaitanya T'''

Krishna Chaitanya T is a web geek working at Security & Privacy Research Lab, Infosys Labs. He is very much passionate about the web with special interest on Web security and areas such as HTML5, JavaScript, Web browsers, social networking platforms etc. He is a regular blogger and speaker at technical events. For his contributions to technical communities, he has been awarded Microsoft MVP award for 3 consecutive years-ASP.NET MVP(2010) and Internet Explorer MVP (2011, 2012). He is also pursuing M.S by Research at IIIT-Hyd with focus on security aspects of the modern web. When not at work he practices Yoga and plays Chess.

== February 25, 2012 ==

'''Date & Time: Saturday, February 25, 2012 at 11:00 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

How to find zero days in web applications by Imran & Raghunath

''' Speakers '''

'''Mohammed Imran'''

Imran works as Application Security Researcher at Tata consultancy services,leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Apart from his day job he contributes to matriux and Fedora open source projects. Imran is a CEH and his interests include application security assessment, penetration testing and code review.

'''Raghunath'''

Raghunath works as a senior security engineer at entersoft information systems private limited. His interests include web application penetration testing.

== December 17, 2011 ==

'''Date & Time: Saturday, at 10:30 AM '''.

'''Venue: '''

Hotel Sitara Grand 
Road No.12, Road No.12, Banjara Hills 
Hyderabad, Andhra Pradesh 500034, India 

'''Agenda:'''

Cloud Security by Arshad Noor

''' Speakers '''

'''Arshad Noor'''
Chief Technology Officer
StrongAuth, Inc., Sunnyvale, California

Started his great profession as a senior systems designer way back in 1986 at Port Authority of Newyork and New Jersey,- Newyork and worked in Citibank - newyork as Vice President apart from Newyork Life Insurance, BASF Corporation, Sun IT ,Sun Microsystems, INC to name.
Architected and built several Public Key Infrastructure (PKI) assignments for several defense, communication, medical, Banking, e-commerce, life sciences and other industries.

== November 12, 2011==

'''Date & Time: Saturday, at 10:30 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

HP WebInspect by Rohit Tamma

Pentesting Iphone Applications By B Satish

''' Speakers '''

'''Rohit Tamma'''

Rohit Tamma (CEH) has been working as a Application security Analyst in TCS from past 2 years. His job responsibilities include Vulnerability Assessment and Penetration Testing which enabled him to acquire extensive knowledge on HP WebInspect,IBM Rational Appscan Source Edition and HP Assessment Management Platform. Recently he also gave a presentation in Null Hyderabad meet on HP WebInspect.

'''Satish B'''

Satish has been working as a web application penetration tester since 5 years. Pentested over 200 web applications during this period. Recently he got involved in reverse engineering of binaries, WLAN security and mobile application hacking. He also Performed a couple of network assessments and source code reviews. Developed a compiler in the early stage of the career. He has a Bachelor’s Degree in Computer Science from JNTU, Hyderabad.Passionate about hacking and sharing knowledge.

== 20th August 2011 ==

'''Date & Time: Saturady, at 11 AM '''

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

Oracle Padding Attack by B. Satish

Open SAM part II by Sripati MS

''' Speakers '''

'''B Satish'''

I have been working as a web application penetration tester since 5 years. Pentested over 200 web applications during this period. Recently got involved in reverse engineering of binaries, WLAN security and mobile application hacking. Performed a couple of network assessments and source code reviews. Developed a compiler in the early stage of the career. I have a Bachelor’s Degree in Computer Science from JNTU, Hyderabad. Passionate about hacking and sharing knowledge

'''Sreepati M S'''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him

== July 2011 ==

'''Date: 23/07/2011 saturady of at 12:00 Noon '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

Presentation on Burp Suite by Omair Seminar on Open SAM by Sreepati

''' Speakers '''

'''Sreepati M S '''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him

 

'''Omair '''

Omair works as penetration tester in NII consulting, has over 5 years of experience in Penetration testing. His interests include Network Penetration testing, Exploit generation and Reverse engineering

 ''' Facility Sponsor & Refreshment sponsor'''

3i Infotech

[[Image:3i Infotech.png]]

 

== june 2011 ==

'''Meet on:''' 11/06/2011 saturday

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Facility Sponsor & Refreshment sponsor''' 

Cognizant Technology Solutions

 

[[Image:Cognizant.png|273x86px|Cognizant.png]]

 

== May 2011 ==

'''Meet on:''' 07/05/2011 saturday

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

XSS Autopsy and w3af by Imran

''' Speakers '''

'''Mohammed Imran'''

Imran works as Application Security Researcher at Tata consultancy services,leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Apart from his day job he contributes to matriux and Fedora open source projects. Imran is a CEH and his interests include application security assessment, penetration testing and code review.

'''Sponsor''' 

Cognizant Technology Solutions

 

==== Audio/Video/Slides Archive ====

<paypal>Hyderabad</paypal>

__NOTOC__ <headertabs></headertabs>

[[Category:OWASP_Chapter]]
[[Category:Asia/Pacific/Middle East]]
[[Category:India]]
[[Category:Hyderabad]]

Hyderabad

2019-03-07T17:16:11Z

Raj Shalem: /* OWASP - Hyderabad Chapter Board Members */

Welcome to the OWASP Hyderabad chapter homepage.

== OWASP - Hyderabad Chapter Board Members ==
Scope of the board is to discuss and approve local activities, meetings and plans.The board meetings will be announced at a later date. 

'''The board currently includes the following members :'''
* '''OWASP Hyderabad chapter: 'Core Team'''' (Members since 2017) [mailto:gshalemraj@gmail.com Shalem Raj - Cognizant Technology Solutions] : Chapter Leader [mailto:rajesh.gopal@owasp.org Rajesh Gopal - Fortune 500 Organisation] [mailto:bhaskar.puppala@owasp.org Bhaskar Puppala - Fortune 500 Organisation] [mailto:sathya.achanta@owasp.org Achanta Sathya Phani Bapi Raju - CSC] [mailto:saikrishna.gobburi@owasp.org Saikrishna Gobburi - Pramati Technologies Pvt Ltd] 
* '''OWASP Hyderabad chapter: 'Board of Advisors'''' (Members since Mar-2019)
# Vasudeva Aremanda - Genpact
# Riyaz Shaik - FX Labs
# Krishna Chaitanya Suraparaju - Cycops (Founder)
Information about future meets can be seen in the '''''Upcoming Meetings''''' section below.

== '''Location Details''' ==

Hyderabad is the capital of southern India's Telangana state. A major center for the technology industry, it's home to many upscale restaurants and shops. Its historic sites include Golconda Fort, a former diamond-trading center that was once the Qutb Shahi dynastic capital. The Charminar, a 16th-century mosque whose 4 arches support towering minarets, is an old city landmark near the long-standing Laad Bazaar.

[[File:Hydskyline.jpg|Panorama of Hyderabad, as seen from the Hussain Sagar lake. Source: https://en.wikipedia.org/wiki/Hyderabad#/media/File:Hydskyline.jpg|center|1150x1150px]]

More details about Hyderabad location available @https://en.wikipedia.org/wiki/Hyderabad<nowiki/>{{Chapter Template|chaptername=Hyderabad|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-hyderabad|emailarchives=http://lists.owasp.org/pipermail/owasp-hyderabad}}
== Participants ==

OWASP Local Chapter meetings are free and open. Our chapter's meetings are informal and encourage open discussion of all aspects of application security. Anyone in our area interested in web application security is welcome to attend. We encourage attendees to give short presentations about specific topics.

 Stay Updated

'''[https://lists.owasp.org/mailman/listinfo/owasp-hyderabad Click here to join the local chapter mailing list]'''

'''Follow''' OWASP Hyderabad on your favorite social media sites:

[[Image:Twitter mini.png|link=http://twitter.com/OWASPHyderabad]] [[Image:Facebook mini.png|link=https://www.facebook.com/pages/Owasp-Hyderabad/181569591897591]]

'''Share''' OWASP Hyderabad on your favorite social media sites:

Presentations are invited from speakers, Please contacts us at our Telegram Group @https://goo.gl/EHqdLM

(Don't share personal details like contact numbers here, because its an open group, your privacy is our concern)

Presenters are encouraged to use OWASP presentation template for slides preparation.

Follow us at our Telegram, Twitter and Facebook handles to get latest information !

== Presentations and Training[edit | edit source] ==
OWASP Track

[https://www.owasp.org/index.php/Speaker_Agreement Speaker Agreement]

[https://www.owasp.org/images/b/b3/OWASP_Presentation_Template_v2.zip Presentation Template]

[https://www.owasp.org/index.php/Image:CFP_template.doc Call For Papers Template]

[https://www.owasp.org/images/8/85/OWASP_CFT_Template-1-.doc Call For Training proposal template].

[http://www.owasp.org/images/4/4b/SAMPLE_Training_Instructor_Agreement.doc Training Instructor Agreement]

== '''Upcoming Meetings & Events''' ==
''Stay tuned for 2019 updates - Exciting activities are under plan !''

== [[Meeting]] Details: ==

== Mar - 2019 - One-Day Conference ==
'''Organized''' '''by''' : S&P Global

'''Date :''' '''09/Mar/2019'''

'''Timings :''' 9.00 AM Registration starts

'''Event :''' 10.00 AM to 06.00 PM IST

'''Venue :''' @Ness Software Engineering Services India ,LLP, '''4th Floor, Block 5, East Tower,''' '''North wing Divyasree NSL Infrastructure Pvt''', ,Sy No.66/1, Raidurgam Village, Serlingampally Mandal, RR Dist, Hyderabad-500032, Telangana, India

'''Registration Link:''' https://www.meraevents.com/event/owasp-hyderabad-chapter-march-2019-oneday-meet-by-sandp-global
{| class="wikitable"
|'''Registration & Networking'''
|-
|Welcome and Overview by OWASP Core Team:

''Felicitation to Guest of Honor: '''G Janaki Sharmila''' - Dy. Commissioner of Police - Crime''

http://www.cyberabadpolice.gov.in/crime-wing/dcp-crimes.html

''Welcome note by S&P Global Team''
|-
|'''Authentication in API, Microservices Architecture''' '''and Cloud Security''' – By ''Varun Kumar Srivastava'':

Varun is principal Engineer with 9 + years of experience in developing and securing web applications and expertise in Application Security, Identity and Access management, He is a computer science graduate from IIT
|-
|Refreshments / Tea Break
|-
|'''''Panel Discussion''''' ''(Cybersecurity Readiness – Maturity and Capability)''

Dr. Bheemarjuna Reddy Tamma - Associate Professor, IIT Hyderabad - https://www.iith.ac.in/~tbr/

Dr. V. Radha, Associate Professor, Institute for Development and Research in Banking Technology (IDRBT) - http://idrbt.ac.in/vradha.html

Mr. Veeraindhra Dinker, Director Information Security at GSS Infotech Hyderabad - https://www.linkedin.com/in/vdinker

Mr. Venu Rao , Founder and CEO - We Secure App - https://www.linkedin.com/in/venu-rao-wsa
|-
|'''Networking Lunch -'''

'''Registrations for Onsite Hackathon by Secure Code Warrior'''
|-
|'''Executive Briefing: Secure Software Development''' – By Satish Kumar Vadlakonda: Satish is Associate Director with 12 + years of broad industry experience in to software design, architecture and development. Specialized in Web and Windows applications development with a strong acquaintance to the best practices of Agile, UX, UI and Information security
|-
|'''An Introduction to IOT firmware analysis and Security''' – By ''Vivek Rengarajan:''

Vivek is a cybersecurity team leader in a multinational bank with almost 18 years of experience. He has held varied roles in his career and has been a cyber security enthusiast for a long time. His areas of interest include mobile and ioT security, Malware analysis and reverse engineering and exploit development. He tweets at @vivek_310
|-
|Refreshments / Tea Break
|-
|'''''Onsite Hackathon (CTF) by''''' '''''Secure Code Warrior''': '''(3 Hours)'''''[[File:SCW LOGO.png|thumb]]

''Secure Code Warrior is a global security company that makes software development better and more secure: Gamified competitive Developer Quality Assurance platform''

https://securecodewarrior.com , https://insights.securecodewarrior.com

'''Announcement of the winners and Prize distribution:'''

'''The participants can form a group up to 3 members each or can participate individually'''

Watch as you climb to the top of the leaderboard and be crowned the ‘Secure Code Warrior.’ We are giving away prizes:

The following are prizes :

· 1st - 3x t-shirt, Rs. 3001 Amazon voucher each from '''SCW''' and 9000 Amazon gift card from '''S&P Global'''

· 2nd - 3x t-shirt from '''SCW''' – 5000 Amazon gift card from '''S&P Global'''

· 3rd - 3x t-shirt from '''SCW''' – 3000 Amazon gift card from '''S&P Global'''
|-
|'''Vote of Thanks'''

Closing: Network Business / Announce Next Meeting – By OWASP Team
|-
|Meeting Concludes: ''Network Social''
|}

== Dec - 2018 ==
[[File:Session Photo.jpg|thumb]]
[[File:Group Photo.jpg|thumb]]
'''Organized''' '''by''' : ThoughtWorks Technologies Private Limited

'''Date :''' 15/Dec/2018

'''Timings :''' 10.00 AM to 1.00 PM IST

'''Venue :''' ThoughtWorks Technologies Private Limited, Hyderabad, Telangana, India

'''Registration Link:''' https://www.eventbrite.com/e/owasp-hyderabad-december-2018-chapter-meet-tickets-53371662078#

'''Agenda:'''

'''1) All about Java Deserialization Vulnerability'''

Java Deserialization of untrusted data has been a security buzzword for the past couple of years with almost every application using native Java serialization framework being vulnerable to Java deserialization attacks. Since it's inception, there have been many scattered attempts to come up with a solution to best address this flaw. In this talk we will focus on Java deserialization vulnerability and mitigation framework provided by Oracle in its latest JDK.

'''About Speakers:''' Venkata Suresh Sanga is a Principle Security Engineer in Oracle having more than 13+ years of experience in Application Development and Security. Currently working on SAST Tools to remediate or mitigate the Application Vulnerabilities. He has Masters in Computer Science (M.Tech) from Andhra University. Linkedin : <nowiki>https://in.linkedin.com/in/svsuresh-appse</nowiki>

'''Our Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Our Twitter URL:''' https://twitter.com/owasphyderabad

'''Our Telegram URL:''' https://goo.gl/EHqdLM

== Sept-2018 - One-Day Conference ==
'''Organized''' '''by''' : S&P Global and Ness

'''Date :''' 01/Sept/2018

'''Timings :''' 10.00 AM to 05.30 PM IST

'''Venue :''' @Ness Software Engineering Services India ,LLP, 4th Floor, Block 5, East Tower, '''North wing Divyasree NSL Infrastructure Pvt''', ,Sy No.66/1, Raidurgam Village, Serlingampally Mandal, RR Dist, Hyderabad-500032, Telangana, India

'''Registration Link:'''

https://www.meraevents.com/event/owasp-hyderabad-september-2018-chapter-meet?ucode=organizer

'''Agenda:'''
{| class="wikitable"
|'''Registration & Networking'''
|-
|Welcome and Overview by OWASP Core Team

Welcome note by S&P Global Team

Welcome & Overview of Meeting by OWASP Network Representative
|-
|'''Running Frida on jailed devices by using Frida and to bypass root/jailbreak detection – By Satish Kumar Patnayak'''

About Speaker : Information Security Consultant with 7+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. His areas of interest are android security, ios security
|-
|Refreshments / Tea Break
|-
|'''SSRF Exploit Development – By Aayush Deo'''

About Speaker : Good industry experience in information security and completed my BE from PUNE University. Have worked with shopclues.com, an eCommerce company in the past and have couple of Hall of Fame’s on ZETA, Paytm etc.
|-
|Networking Lunch
|-
|'''Mobile Vulnerabilities worth Millions - Pentesting and Securing iOS Apps using OWASP iGoat – By Swaroop Deepak Yermalkar'''

About Speaker : works as Sr Security Engineer with a diverse skill set focused on Mobile App Pentest, Web, API and AWS Pentesting. In addition he has authored the popular book “Learning iOS Pentesting” (<nowiki>https://goo.gl/T8jvjJ</nowiki>) and lead an open source project - OWASP iGoat (<nowiki>https://github.com/OWASP/iGoat-Swift</nowiki>) which is developed for mobile security. He is one of the top bug bounty researchers worldwide, working with Cobalt.io (<nowiki>https://app.cobalt.io/swaroopsy</nowiki>), Synack.inc.

He has given talks and workshops at many security conferences including AppSec USA 2017, BruCON, SEC-T, EuropeanSec, Hacks in Taiwan (HITCON), GroundZero, c0c0n, 0x90, GNUnify
|-
|'''OS Command Injection - Observation, Attack & Analysis (A1 - OWASP Top 10 2017) - By Bhaskar Puppala and Saikrishna Gobburi'''

About Speaker: Bhaskar Puppala is an Information Security Professional, working as a consultant for a fortune 500 company and has 8.5 years of experience. He is more interested in application security area and love to share his knowledge when possible. He also has some experience in bug bounty programs and listed on couple of Security Hall of Fames.

For more details please visit : <nowiki>https://in.linkedin.com/in/bhaskar-puppala-3bb11316</nowiki>

About Speaker: Saikrishna Gobburi has around 8.5 years of work experience on QA automation, performance and security testing .Currently he is working as Principal engineer with Pramati technologies. He is also associated as core member with OWASP-Hyderabad.

For more details please visit: <nowiki>https://www.linkedin.com/in/saikrishna-gobburi-b0088118/</nowiki>
|-
|Refreshments / Tea Break
|-
|Panel Discussion – Corporate attack methodology vs Attacks in the wild (Resource pool: Demand vs Supply)
Panel to be announced
|-
|Closing - Network Business / Announce Next Meeting – By OWASP Team
|-
|''Network Social''
|}
'''Sponsor :'''
{| class="wikitable"
![[File:Session_Photos.jpg|thumb|S and P]]
![[File:Session_Photos1.jpg|thumb|S and P]]
![[File:Session_Photos2.jpg|thumb|S and P]]
|}
[[File:SP.png|thumb|168x168px|Sponsor]]

== July - 2018[edit | edit source] ==
'''Time & Venue:'''
[[File:July 2018 Core Team meet.jpg|thumb|July 2018 Core Team Meet]]
@28/July/2018

CCD, Banjara Hills, Hyderabad, Telangana.

'''Agenda:'''

1. Planning for Sep 2018 OWASP meet - '''Done'''

2. Telegraph Group Mentoring - '''Done'''

3. Speakers Finalizing - '''Done'''

'''Attendees : Hyderabad OWASP Core Team'''

[[File:CoMakeIT - June 2018 Meet Pic 2.jpg|thumb|CoMakeIT - June 2018 Meet]]

== June - 2018 ==
[[File:CoMakeIT - June 2018 Meet.jpg|alt=CoMakeIT - June 2018 Meet|thumb|CoMakeIT - June 2018 Meet]]
'''Venue: coMakeIT Software Pvt Ltd'''

Address: 7th Floor, Block-I, My Home Hub, Hitech City, Madhapur, Hyderabad, INDIA

'''Event Start Time:''' Saturday, 23rd June, 2018 at 10:00 AM (IST)

'''Event Registration URL''': https://tinyurl.com/yc9cb6hg

'''Agenda:'''

'''1) Adapting to DevSecOps in Agile World'''

In this talk, speaker will try talk about basics of DevSecOps and its benefits when we integrate it in Agile SDLC space.

'''2) Understanding the internals of 'Server-Side Request Forgery' (SSRF)'''

Here speaker will try to touch the basics about how application communicates with end devices and using the same he will try to explain SSRF issue and criticality of it, if exploited.

'''About Speakers:'''

'''1) Saikrishna Gobburi''' has around 8.5 years of work experience on QA automation, performance and security testing .Currently he is working as Principle engineer with Pramati technologies. He is also associated as core member with OWASP-Hyderabad. For more details please visit: <nowiki>https://www.linkedin.com/in/saikrishna-gobburi-b0088118/</nowiki>

'''2) Bhaskar Puppala''' is an Information Security Professional, working as a consultant for a fortune 500 company and has 8.5 years of experience. He is more interested in application security area and love to share his knowledge when possible. He also has some experience in bug bounty programs and listed on couple of Security Hall of Fames. For more details please visit : <nowiki>https://in.linkedin.com/in/bhaskar-puppala-3bb11316</nowiki>

'''Our Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Our Twitter URL:''' https://twitter.com/owasphyderabad

'''Our Telegram URL:''' https://goo.gl/EHqdLM

== Mar - 2018 ==
[[File:Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet.jpg|alt=Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet|thumb|Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet]]
'''Venue: Daspalla Hotel'''
[[File:Daspalla_Hotel_-_Meet.jpg|thumb|Daspalla Hotel Meet - Mar 2018]]

Address: Rd Number 37, CBI Colony, Jubilee Hills, Hyderabad, Telangana 500033, Phone: 040 6654 5678

'''Event Start Time:''' Saturday, 10th Mar, 2018 at 10:00 AM (IST)

'''Agenda:'''

'''1) Does your Pentesting cover all the basis of IT Security ?'''

This talk focuses on how to align the security validation of a web application with the three basic elements of security namely,Confidentiality,Integrity, and Availability (CIA). The test effectiveness can be achieved by analyzing the requirements of each element and identifying the potential breaches that can compromise each element. The efficiency should be built by relating these breaches with the known OWASP Top 10 and other vulnerabilities and, leveraging that knowledge to identify the testing approach - static and dynamic throughout the SDLC.

'''About Speakers:'''

'''Bhushan Gupta''' has over 30 years of experience in software engineering, 23 of which have been in the software industry. Although recognized for his contributions in the areas of software engineering such as agile processes and quality methods and metrics, Bhushan has taken a vigorous interest in web application security and is keen on applying pragmatic software development practices that yield a secure product. He is one of the leaders of the OWASP Portland Chapter. Bhushan has been a speaker, a panelist, and a reviewer for software quality and security organizations. As a change agent, Bhushan volunteers his time and energy for organizations that promote software security and quality. He has a MS degree in Computer Science from New Mexico Institute of Mining and Technology, Socorro, New Mexico, 1985.

'''Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Twitter URL:''' https://twitter.com/owasphyderabad

'''Telegram URL:''' https://goo.gl/EHqdLM

'''Registration URL:''' https://goo.gl/tEXnec

== Feb-2018 ==

=== '''Venue: coMakeIT''' ===
7th Floor, Block-I, My Home Hub, Hitech City, Madhapur, Hyderabad, INDIA

'''Time:''' Saturday, 03rd Feb, 2018 at 10:30 AM (IST)

'''Agenda:'''

1) Mobile Application Pentest & Mobile Application Ransomware

2) Using Static Analyser tools while coding

'''About Speakers:'''

1) '''Spv Reddy''' is an Application Security Analyst at '''IMImobile Pvt Ltd''', member of '''National Technical Committee Member''' at National Cyber Safety and Security Standards

Also a '''Steering Committee Lead''' Member in National Information Security Summit.

2) '''Dathu Rachapudi''' is having 9 years of experience with 6+ years into Application Security only. He is currently working with '''ValueLabs''' as a “Technical Lead-Security”

He likes to teach and a happy a bug hunter during his leisure time.

== Dec-2017 ==
[[File:WhatsApp Image 2017-12-15 at 11.09.39 PM.jpg|thumb]]
'''Time & Venue:'''

@15/Dec/2017

KFC location, Shilparamam, Hi-Tech city, Hyderabad

'''Agenda:'''

1. Planning for Jan 20th 2018 general OWASP meet - '''Done'''

2. Need to clear OWASP mail account - '''Done'''

'''Attendees : Hyderabad OWASP Core Team'''

== Sec-2017 ==
[[File:WhatsApp Image 2017-12-15 at 10.13.27 PM.jpg|thumb]]
'''Time & Venue:'''

@03/Sep/2017

Cafe Coffee day, Road Number 10, Banjara Hills, Hyderabad

'''Below decisions were made after careful discussions'''

1. Uploading of OWASP presentation template, speakers should make use of this template to prepare their presentation

2. Recording the technical demo is mandate for presenters

'''Attendees : Hyderabad OWASP Core Team'''

== July 2017 ==
'''Time & Venue:'''

OpenText Technologies, Building No-14, 3rd Floor, Raheja Mindspace, HITEH City, Hyderabad

Saturday, July 15th, 2017 at 10:30 AM (IST)

'''Agenda:'''

1. Introduction to DevOps and its Tools - Krishna Reddy Pedala

2. API Security Auditing using RESTED Plug-in - Vikas Kumar Pal

'''About the speaker:'''

'''Krishna Reddy Pedala''' is currently working as an Sr.Information Security consultant in financial sector. His previous endeavour was with Microsoft and has 9+ years of experience in Information security domain with expertise in service industry and banking domains.

'''Vikas Kumar Pal''' is an information security professional working with Ceredox Technologies Pvt Ltd, Hyderabad with an interest in research and development in the areas of Application Security, Penetration Testing and Web Application Development.

== Feb 2017 ==

'''Time & Venue:'''

Starbucks, Opp: Cybergateway, HiTech City, Hyderbad

Monday, February 20th, 2017 at 7.30 PM (IST)

'''Agenda:'''

Topic: New Core Team Meeting

Road map for year 2017

Changes in core team members responsibilities

Getting OWASP accounts for core members

Administration of all social accounts of OWASP Hyderabad Chapter

== April 2016 ==
'''Time & Venue:'''

OpenText Technologies, Building No-14, 3rd Floor, Raheja Mindspace, HITEH City, Hyderabad

Saturday, April 2nd, 2016 at 10:30 AM (IST)

'''Agenda:'''

Topic: Mobile application security and testing by Satish Kumar Patnaik

About the speaker - Satish Kumar Patnayak : he is currently working as an Senior Information Security Consultant financial sector and has 5+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. His areas of interest are android security, ios security.

==February 2016==

'''Time & Venue:'''

Saturday, February 27th, 2016 at 10:30 AM (IST)

Location: Pramati Technologies Private Limited, Mid Town 6-3-348 Road No. 1, Banjara Hills, Hyderabad, Telangana, India

'''Agenda:'''

Microsoft Threat Modeling Tool 2016 by Krishna Reddy Padala

Creating DFD STRIDE Model Identifying STRIDE Threats by DFD, Mitigation Techniques and Technologies

'''About the speaker:''' Krishna Reddy Padala, he is currently working as an Senior Information Security Consultant financial sectore and worked with Microsoft and has 8+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. QUALYS GUARD Certified Vulnerability Management Specialist.Certified Ethical Hacker from EC Council.Worked extensively on Web Application Security, Secure Code Reviews in Banking & Financial, Healthcare, Retail, Logistics domains.

== '''Previous Meets:''' ==

==May 11, 2013==

'''Venue:'''

CA Technologies, 115, IT Park Area, Nanakramguda, Gachibowli - (Phone - 040 6687 8000), Hyderabad

'''Agenda:''' Exploiting Java 0-day by Ravindra and Raghuveer, CA Technologies Compliance and Governance by Shalem Raj, Cognizant.

==February 9, 2013==

'''Date & Time: Saturday, February 9, 2013 from 10:00 AM to 1:00 PM '''

'''Venue:'''
CA Technologies 
115, IT Park Area 
Nanakramguda, Gachibowli - (Phone - 040 6687 8000) 
Hyderabad

'''Agenda:'''
IBM Appscan - An automated approach to web app security by Rohit Tamma 
Insecure Storage in iPhone applications by Satish Bommisetty

''' Speakers: '''

'''Rohit Tamma'''
Rohit Tamma has been working in the field of Application Security since 3.5 years. He has experience in Vulnerability Assessments and Penetration Testing of web applications. He is passionate about Mobile security with special interest in Android security. He is currently working with ADP.

'''Satish Bommisetty'''
Satish is an Information Security Professional with 6.5 years of experience in penetration testing of web applications and mobile applications. He is currently working with ADP as a security analyst. He is a Facebook whitehat. He also reported vulnerabilities in Bing, Linkedin and Paypal.

== October 27, 2012 ==

'''Date & Time: Saturday, October 27, 2012 at 11:00 AM (IST) '''.

'''Venue:'''

Invesco private Limited 
15th Floor , North Block, Beside Raidurg Police Station 
DivyaSree Orion SEZ 
Hyderabad, Andhra Pradesh 500032 

'''Agenda:'''

A bird'd eye view of securing Web Applications by Imran Mohammed

SSDLC BSIMM by M S Sripathi

''' Speakers '''

'''Imran Mohammed'''

Mohammed Imran works as Researcher at TCS, Innovation Labs. He also leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Imran is a CEH and his interests include application security assessment, penetration testing and secure code review. When not at work he practices horse riding and marksmanship.

'''Sreepati M S '''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him .

'''Sponsor'''

Invesco Pvt Ltd

== August 11, 2012 ==

'''Date & Time: Saturday, Aug 11, 2012 at 10:30 AM '''.

'''Venue:'''

ADP pvt ltd 
Kothaguda 
Ground floor, Block C Laxmi cyber city Opposite TCS e-park 
Hyderabad, Andhra Pradesh 500081 

'''Agenda:'''

HTML5 Security Part II by Krishna Chaitanya

''' Speakers '''

'''Krishna Chaitanya T'''

Krishna Chaitanya T is a web geek working at Security & Privacy Research Lab, Infosys Labs. He is very much passionate about the web with special interest on Web security and areas such as HTML5, JavaScript, Web browsers, social networking platforms etc. He is a regular blogger and speaker at technical events. For his contributions to technical communities, he has been awarded Microsoft MVP award for 3 consecutive years-ASP.NET MVP(2010) and Internet Explorer MVP (2011, 2012). He is also pursuing M.S by Research at IIIT-Hyd with focus on security aspects of the modern web. When not at work he practices Yoga and plays Chess.

'''Sponsor'''

https://www.owasp.org/images/9/91/Adp.jpg

== May 19, 2012 ==

'''Date & Time: Saturday, May 19, 2012 at 10:30 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

HTML5 Security by Krishna Chaitanya

''' Speakers '''

'''Krishna Chaitanya T'''

Krishna Chaitanya T is a web geek working at Security & Privacy Research Lab, Infosys Labs. He is very much passionate about the web with special interest on Web security and areas such as HTML5, JavaScript, Web browsers, social networking platforms etc. He is a regular blogger and speaker at technical events. For his contributions to technical communities, he has been awarded Microsoft MVP award for 3 consecutive years-ASP.NET MVP(2010) and Internet Explorer MVP (2011, 2012). He is also pursuing M.S by Research at IIIT-Hyd with focus on security aspects of the modern web. When not at work he practices Yoga and plays Chess.

== February 25, 2012 ==

'''Date & Time: Saturday, February 25, 2012 at 11:00 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

How to find zero days in web applications by Imran & Raghunath

''' Speakers '''

'''Mohammed Imran'''

Imran works as Application Security Researcher at Tata consultancy services,leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Apart from his day job he contributes to matriux and Fedora open source projects. Imran is a CEH and his interests include application security assessment, penetration testing and code review.

'''Raghunath'''

Raghunath works as a senior security engineer at entersoft information systems private limited. His interests include web application penetration testing.

== December 17, 2011 ==

'''Date & Time: Saturday, at 10:30 AM '''.

'''Venue: '''

Hotel Sitara Grand 
Road No.12, Road No.12, Banjara Hills 
Hyderabad, Andhra Pradesh 500034, India 

'''Agenda:'''

Cloud Security by Arshad Noor

''' Speakers '''

'''Arshad Noor'''
Chief Technology Officer
StrongAuth, Inc., Sunnyvale, California

Started his great profession as a senior systems designer way back in 1986 at Port Authority of Newyork and New Jersey,- Newyork and worked in Citibank - newyork as Vice President apart from Newyork Life Insurance, BASF Corporation, Sun IT ,Sun Microsystems, INC to name.
Architected and built several Public Key Infrastructure (PKI) assignments for several defense, communication, medical, Banking, e-commerce, life sciences and other industries.

== November 12, 2011==

'''Date & Time: Saturday, at 10:30 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

HP WebInspect by Rohit Tamma

Pentesting Iphone Applications By B Satish

''' Speakers '''

'''Rohit Tamma'''

Rohit Tamma (CEH) has been working as a Application security Analyst in TCS from past 2 years. His job responsibilities include Vulnerability Assessment and Penetration Testing which enabled him to acquire extensive knowledge on HP WebInspect,IBM Rational Appscan Source Edition and HP Assessment Management Platform. Recently he also gave a presentation in Null Hyderabad meet on HP WebInspect.

'''Satish B'''

Satish has been working as a web application penetration tester since 5 years. Pentested over 200 web applications during this period. Recently he got involved in reverse engineering of binaries, WLAN security and mobile application hacking. He also Performed a couple of network assessments and source code reviews. Developed a compiler in the early stage of the career. He has a Bachelor’s Degree in Computer Science from JNTU, Hyderabad.Passionate about hacking and sharing knowledge.

== 20th August 2011 ==

'''Date & Time: Saturady, at 11 AM '''

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

Oracle Padding Attack by B. Satish

Open SAM part II by Sripati MS

''' Speakers '''

'''B Satish'''

I have been working as a web application penetration tester since 5 years. Pentested over 200 web applications during this period. Recently got involved in reverse engineering of binaries, WLAN security and mobile application hacking. Performed a couple of network assessments and source code reviews. Developed a compiler in the early stage of the career. I have a Bachelor’s Degree in Computer Science from JNTU, Hyderabad. Passionate about hacking and sharing knowledge

'''Sreepati M S'''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him

== July 2011 ==

'''Date: 23/07/2011 saturady of at 12:00 Noon '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

Presentation on Burp Suite by Omair Seminar on Open SAM by Sreepati

''' Speakers '''

'''Sreepati M S '''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him

 

'''Omair '''

Omair works as penetration tester in NII consulting, has over 5 years of experience in Penetration testing. His interests include Network Penetration testing, Exploit generation and Reverse engineering

 ''' Facility Sponsor & Refreshment sponsor'''

3i Infotech

[[Image:3i Infotech.png]]

 

== june 2011 ==

'''Meet on:''' 11/06/2011 saturday

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Facility Sponsor & Refreshment sponsor''' 

Cognizant Technology Solutions

 

[[Image:Cognizant.png|273x86px|Cognizant.png]]

 

== May 2011 ==

'''Meet on:''' 07/05/2011 saturday

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

XSS Autopsy and w3af by Imran

''' Speakers '''

'''Mohammed Imran'''

Imran works as Application Security Researcher at Tata consultancy services,leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Apart from his day job he contributes to matriux and Fedora open source projects. Imran is a CEH and his interests include application security assessment, penetration testing and code review.

'''Sponsor''' 

Cognizant Technology Solutions

 

==== Audio/Video/Slides Archive ====

<paypal>Hyderabad</paypal>

__NOTOC__ <headertabs></headertabs>

[[Category:OWASP_Chapter]]
[[Category:Asia/Pacific/Middle East]]
[[Category:India]]
[[Category:Hyderabad]]

Hyderabad

2019-03-07T17:12:49Z

Raj Shalem: /* OWASP - Hyderabad Chapter Board Members */

Welcome to the OWASP Hyderabad chapter homepage.

== OWASP - Hyderabad Chapter Board Members ==
Scope of the board is to discuss and approve local activities, meetings and plans.The board meetings will be announced at a later date. 

'''The board currently includes the following members :'''
* '''OWASP Hyderabad chapter: 'Core Team'''' (Members since 2017) [mailto:gshalemraj@gmail.com Shalem Raj - Cognizant Technology Solutions] : Chapter Leader [mailto:rajesh.gopal@owasp.org Rajesh Gopal - Fortune 500 Organisation] [mailto:bhaskar.puppala@owasp.org Bhaskar Puppala - Fortune 500 Organisation] [mailto:sathya.achanta@owasp.org Achanta Sathya Phani Bapi Raju - CSC] [mailto:saikrishna.gobburi@owasp.org Saikrishna Gobburi - Pramati Technologies Pvt Ltd] 
* '''OWASP Hyderabad chapter: 'Board of Advisors'''' (Members since Mar-2019)
# Vasudeva Aremanda - Genpact
# Riyaz Shaik - FX Labs
# Krishna Chaitanya - Cycops (Founder)
Information about future meets can be seen in the '''''Upcoming Meetings''''' section below.

== '''Location Details''' ==

Hyderabad is the capital of southern India's Telangana state. A major center for the technology industry, it's home to many upscale restaurants and shops. Its historic sites include Golconda Fort, a former diamond-trading center that was once the Qutb Shahi dynastic capital. The Charminar, a 16th-century mosque whose 4 arches support towering minarets, is an old city landmark near the long-standing Laad Bazaar.

[[File:Hydskyline.jpg|Panorama of Hyderabad, as seen from the Hussain Sagar lake. Source: https://en.wikipedia.org/wiki/Hyderabad#/media/File:Hydskyline.jpg|center|1150x1150px]]

More details about Hyderabad location available @https://en.wikipedia.org/wiki/Hyderabad<nowiki/>{{Chapter Template|chaptername=Hyderabad|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-hyderabad|emailarchives=http://lists.owasp.org/pipermail/owasp-hyderabad}}
== Participants ==

OWASP Local Chapter meetings are free and open. Our chapter's meetings are informal and encourage open discussion of all aspects of application security. Anyone in our area interested in web application security is welcome to attend. We encourage attendees to give short presentations about specific topics.

 Stay Updated

'''[https://lists.owasp.org/mailman/listinfo/owasp-hyderabad Click here to join the local chapter mailing list]'''

'''Follow''' OWASP Hyderabad on your favorite social media sites:

[[Image:Twitter mini.png|link=http://twitter.com/OWASPHyderabad]] [[Image:Facebook mini.png|link=https://www.facebook.com/pages/Owasp-Hyderabad/181569591897591]]

'''Share''' OWASP Hyderabad on your favorite social media sites:

Presentations are invited from speakers, Please contacts us at our Telegram Group @https://goo.gl/EHqdLM

(Don't share personal details like contact numbers here, because its an open group, your privacy is our concern)

Presenters are encouraged to use OWASP presentation template for slides preparation.

Follow us at our Telegram, Twitter and Facebook handles to get latest information !

== Presentations and Training[edit | edit source] ==
OWASP Track

[https://www.owasp.org/index.php/Speaker_Agreement Speaker Agreement]

[https://www.owasp.org/images/b/b3/OWASP_Presentation_Template_v2.zip Presentation Template]

[https://www.owasp.org/index.php/Image:CFP_template.doc Call For Papers Template]

[https://www.owasp.org/images/8/85/OWASP_CFT_Template-1-.doc Call For Training proposal template].

[http://www.owasp.org/images/4/4b/SAMPLE_Training_Instructor_Agreement.doc Training Instructor Agreement]

== '''Upcoming Meetings & Events''' ==
''Stay tuned for 2019 updates - Exciting activities are under plan !''

== [[Meeting]] Details: ==

== Mar - 2019 - One-Day Conference ==
'''Organized''' '''by''' : S&P Global

'''Date :''' '''09/Mar/2019'''

'''Timings :''' 9.00 AM Registration starts

'''Event :''' 10.00 AM to 06.00 PM IST

'''Venue :''' @Ness Software Engineering Services India ,LLP, '''4th Floor, Block 5, East Tower,''' '''North wing Divyasree NSL Infrastructure Pvt''', ,Sy No.66/1, Raidurgam Village, Serlingampally Mandal, RR Dist, Hyderabad-500032, Telangana, India

'''Registration Link:''' https://www.meraevents.com/event/owasp-hyderabad-chapter-march-2019-oneday-meet-by-sandp-global
{| class="wikitable"
|'''Registration & Networking'''
|-
|Welcome and Overview by OWASP Core Team:

''Felicitation to Guest of Honor: '''G Janaki Sharmila''' - Dy. Commissioner of Police - Crime''

http://www.cyberabadpolice.gov.in/crime-wing/dcp-crimes.html

''Welcome note by S&P Global Team''
|-
|'''Authentication in API, Microservices Architecture''' '''and Cloud Security''' – By ''Varun Kumar Srivastava'':

Varun is principal Engineer with 9 + years of experience in developing and securing web applications and expertise in Application Security, Identity and Access management, He is a computer science graduate from IIT
|-
|Refreshments / Tea Break
|-
|'''''Panel Discussion''''' ''(Cybersecurity Readiness – Maturity and Capability)''

Dr. Bheemarjuna Reddy Tamma - Associate Professor, IIT Hyderabad - https://www.iith.ac.in/~tbr/

Dr. V. Radha, Associate Professor, Institute for Development and Research in Banking Technology (IDRBT) - http://idrbt.ac.in/vradha.html

Mr. Veeraindhra Dinker, Director Information Security at GSS Infotech Hyderabad - https://www.linkedin.com/in/vdinker

Mr. Venu Rao , Founder and CEO - We Secure App - https://www.linkedin.com/in/venu-rao-wsa
|-
|'''Networking Lunch -'''

'''Registrations for Onsite Hackathon by Secure Code Warrior'''
|-
|'''Executive Briefing: Secure Software Development''' – By Satish Kumar Vadlakonda: Satish is Associate Director with 12 + years of broad industry experience in to software design, architecture and development. Specialized in Web and Windows applications development with a strong acquaintance to the best practices of Agile, UX, UI and Information security
|-
|'''An Introduction to IOT firmware analysis and Security''' – By ''Vivek Rengarajan:''

Vivek is a cybersecurity team leader in a multinational bank with almost 18 years of experience. He has held varied roles in his career and has been a cyber security enthusiast for a long time. His areas of interest include mobile and ioT security, Malware analysis and reverse engineering and exploit development. He tweets at @vivek_310
|-
|Refreshments / Tea Break
|-
|'''''Onsite Hackathon (CTF) by''''' '''''Secure Code Warrior''': '''(3 Hours)'''''[[File:SCW LOGO.png|thumb]]

''Secure Code Warrior is a global security company that makes software development better and more secure: Gamified competitive Developer Quality Assurance platform''

https://securecodewarrior.com , https://insights.securecodewarrior.com

'''Announcement of the winners and Prize distribution:'''

'''The participants can form a group up to 3 members each or can participate individually'''

Watch as you climb to the top of the leaderboard and be crowned the ‘Secure Code Warrior.’ We are giving away prizes:

The following are prizes :

· 1st - 3x t-shirt, Rs. 3001 Amazon voucher each from '''SCW''' and 9000 Amazon gift card from '''S&P Global'''

· 2nd - 3x t-shirt from '''SCW''' – 5000 Amazon gift card from '''S&P Global'''

· 3rd - 3x t-shirt from '''SCW''' – 3000 Amazon gift card from '''S&P Global'''
|-
|'''Vote of Thanks'''

Closing: Network Business / Announce Next Meeting – By OWASP Team
|-
|Meeting Concludes: ''Network Social''
|}

== Dec - 2018 ==
[[File:Session Photo.jpg|thumb]]
[[File:Group Photo.jpg|thumb]]
'''Organized''' '''by''' : ThoughtWorks Technologies Private Limited

'''Date :''' 15/Dec/2018

'''Timings :''' 10.00 AM to 1.00 PM IST

'''Venue :''' ThoughtWorks Technologies Private Limited, Hyderabad, Telangana, India

'''Registration Link:''' https://www.eventbrite.com/e/owasp-hyderabad-december-2018-chapter-meet-tickets-53371662078#

'''Agenda:'''

'''1) All about Java Deserialization Vulnerability'''

Java Deserialization of untrusted data has been a security buzzword for the past couple of years with almost every application using native Java serialization framework being vulnerable to Java deserialization attacks. Since it's inception, there have been many scattered attempts to come up with a solution to best address this flaw. In this talk we will focus on Java deserialization vulnerability and mitigation framework provided by Oracle in its latest JDK.

'''About Speakers:''' Venkata Suresh Sanga is a Principle Security Engineer in Oracle having more than 13+ years of experience in Application Development and Security. Currently working on SAST Tools to remediate or mitigate the Application Vulnerabilities. He has Masters in Computer Science (M.Tech) from Andhra University. Linkedin : <nowiki>https://in.linkedin.com/in/svsuresh-appse</nowiki>

'''Our Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Our Twitter URL:''' https://twitter.com/owasphyderabad

'''Our Telegram URL:''' https://goo.gl/EHqdLM

== Sept-2018 - One-Day Conference ==
'''Organized''' '''by''' : S&P Global and Ness

'''Date :''' 01/Sept/2018

'''Timings :''' 10.00 AM to 05.30 PM IST

'''Venue :''' @Ness Software Engineering Services India ,LLP, 4th Floor, Block 5, East Tower, '''North wing Divyasree NSL Infrastructure Pvt''', ,Sy No.66/1, Raidurgam Village, Serlingampally Mandal, RR Dist, Hyderabad-500032, Telangana, India

'''Registration Link:'''

https://www.meraevents.com/event/owasp-hyderabad-september-2018-chapter-meet?ucode=organizer

'''Agenda:'''
{| class="wikitable"
|'''Registration & Networking'''
|-
|Welcome and Overview by OWASP Core Team

Welcome note by S&P Global Team

Welcome & Overview of Meeting by OWASP Network Representative
|-
|'''Running Frida on jailed devices by using Frida and to bypass root/jailbreak detection – By Satish Kumar Patnayak'''

About Speaker : Information Security Consultant with 7+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. His areas of interest are android security, ios security
|-
|Refreshments / Tea Break
|-
|'''SSRF Exploit Development – By Aayush Deo'''

About Speaker : Good industry experience in information security and completed my BE from PUNE University. Have worked with shopclues.com, an eCommerce company in the past and have couple of Hall of Fame’s on ZETA, Paytm etc.
|-
|Networking Lunch
|-
|'''Mobile Vulnerabilities worth Millions - Pentesting and Securing iOS Apps using OWASP iGoat – By Swaroop Deepak Yermalkar'''

About Speaker : works as Sr Security Engineer with a diverse skill set focused on Mobile App Pentest, Web, API and AWS Pentesting. In addition he has authored the popular book “Learning iOS Pentesting” (<nowiki>https://goo.gl/T8jvjJ</nowiki>) and lead an open source project - OWASP iGoat (<nowiki>https://github.com/OWASP/iGoat-Swift</nowiki>) which is developed for mobile security. He is one of the top bug bounty researchers worldwide, working with Cobalt.io (<nowiki>https://app.cobalt.io/swaroopsy</nowiki>), Synack.inc.

He has given talks and workshops at many security conferences including AppSec USA 2017, BruCON, SEC-T, EuropeanSec, Hacks in Taiwan (HITCON), GroundZero, c0c0n, 0x90, GNUnify
|-
|'''OS Command Injection - Observation, Attack & Analysis (A1 - OWASP Top 10 2017) - By Bhaskar Puppala and Saikrishna Gobburi'''

About Speaker: Bhaskar Puppala is an Information Security Professional, working as a consultant for a fortune 500 company and has 8.5 years of experience. He is more interested in application security area and love to share his knowledge when possible. He also has some experience in bug bounty programs and listed on couple of Security Hall of Fames.

For more details please visit : <nowiki>https://in.linkedin.com/in/bhaskar-puppala-3bb11316</nowiki>

About Speaker: Saikrishna Gobburi has around 8.5 years of work experience on QA automation, performance and security testing .Currently he is working as Principal engineer with Pramati technologies. He is also associated as core member with OWASP-Hyderabad.

For more details please visit: <nowiki>https://www.linkedin.com/in/saikrishna-gobburi-b0088118/</nowiki>
|-
|Refreshments / Tea Break
|-
|Panel Discussion – Corporate attack methodology vs Attacks in the wild (Resource pool: Demand vs Supply)
Panel to be announced
|-
|Closing - Network Business / Announce Next Meeting – By OWASP Team
|-
|''Network Social''
|}
'''Sponsor :'''
{| class="wikitable"
![[File:Session_Photos.jpg|thumb|S and P]]
![[File:Session_Photos1.jpg|thumb|S and P]]
![[File:Session_Photos2.jpg|thumb|S and P]]
|}
[[File:SP.png|thumb|168x168px|Sponsor]]

== July - 2018[edit | edit source] ==
'''Time & Venue:'''
[[File:July 2018 Core Team meet.jpg|thumb|July 2018 Core Team Meet]]
@28/July/2018

CCD, Banjara Hills, Hyderabad, Telangana.

'''Agenda:'''

1. Planning for Sep 2018 OWASP meet - '''Done'''

2. Telegraph Group Mentoring - '''Done'''

3. Speakers Finalizing - '''Done'''

'''Attendees : Hyderabad OWASP Core Team'''

[[File:CoMakeIT - June 2018 Meet Pic 2.jpg|thumb|CoMakeIT - June 2018 Meet]]

== June - 2018 ==
[[File:CoMakeIT - June 2018 Meet.jpg|alt=CoMakeIT - June 2018 Meet|thumb|CoMakeIT - June 2018 Meet]]
'''Venue: coMakeIT Software Pvt Ltd'''

Address: 7th Floor, Block-I, My Home Hub, Hitech City, Madhapur, Hyderabad, INDIA

'''Event Start Time:''' Saturday, 23rd June, 2018 at 10:00 AM (IST)

'''Event Registration URL''': https://tinyurl.com/yc9cb6hg

'''Agenda:'''

'''1) Adapting to DevSecOps in Agile World'''

In this talk, speaker will try talk about basics of DevSecOps and its benefits when we integrate it in Agile SDLC space.

'''2) Understanding the internals of 'Server-Side Request Forgery' (SSRF)'''

Here speaker will try to touch the basics about how application communicates with end devices and using the same he will try to explain SSRF issue and criticality of it, if exploited.

'''About Speakers:'''

'''1) Saikrishna Gobburi''' has around 8.5 years of work experience on QA automation, performance and security testing .Currently he is working as Principle engineer with Pramati technologies. He is also associated as core member with OWASP-Hyderabad. For more details please visit: <nowiki>https://www.linkedin.com/in/saikrishna-gobburi-b0088118/</nowiki>

'''2) Bhaskar Puppala''' is an Information Security Professional, working as a consultant for a fortune 500 company and has 8.5 years of experience. He is more interested in application security area and love to share his knowledge when possible. He also has some experience in bug bounty programs and listed on couple of Security Hall of Fames. For more details please visit : <nowiki>https://in.linkedin.com/in/bhaskar-puppala-3bb11316</nowiki>

'''Our Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Our Twitter URL:''' https://twitter.com/owasphyderabad

'''Our Telegram URL:''' https://goo.gl/EHqdLM

== Mar - 2018 ==
[[File:Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet.jpg|alt=Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet|thumb|Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet]]
'''Venue: Daspalla Hotel'''
[[File:Daspalla_Hotel_-_Meet.jpg|thumb|Daspalla Hotel Meet - Mar 2018]]

Address: Rd Number 37, CBI Colony, Jubilee Hills, Hyderabad, Telangana 500033, Phone: 040 6654 5678

'''Event Start Time:''' Saturday, 10th Mar, 2018 at 10:00 AM (IST)

'''Agenda:'''

'''1) Does your Pentesting cover all the basis of IT Security ?'''

This talk focuses on how to align the security validation of a web application with the three basic elements of security namely,Confidentiality,Integrity, and Availability (CIA). The test effectiveness can be achieved by analyzing the requirements of each element and identifying the potential breaches that can compromise each element. The efficiency should be built by relating these breaches with the known OWASP Top 10 and other vulnerabilities and, leveraging that knowledge to identify the testing approach - static and dynamic throughout the SDLC.

'''About Speakers:'''

'''Bhushan Gupta''' has over 30 years of experience in software engineering, 23 of which have been in the software industry. Although recognized for his contributions in the areas of software engineering such as agile processes and quality methods and metrics, Bhushan has taken a vigorous interest in web application security and is keen on applying pragmatic software development practices that yield a secure product. He is one of the leaders of the OWASP Portland Chapter. Bhushan has been a speaker, a panelist, and a reviewer for software quality and security organizations. As a change agent, Bhushan volunteers his time and energy for organizations that promote software security and quality. He has a MS degree in Computer Science from New Mexico Institute of Mining and Technology, Socorro, New Mexico, 1985.

'''Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Twitter URL:''' https://twitter.com/owasphyderabad

'''Telegram URL:''' https://goo.gl/EHqdLM

'''Registration URL:''' https://goo.gl/tEXnec

== Feb-2018 ==

=== '''Venue: coMakeIT''' ===
7th Floor, Block-I, My Home Hub, Hitech City, Madhapur, Hyderabad, INDIA

'''Time:''' Saturday, 03rd Feb, 2018 at 10:30 AM (IST)

'''Agenda:'''

1) Mobile Application Pentest & Mobile Application Ransomware

2) Using Static Analyser tools while coding

'''About Speakers:'''

1) '''Spv Reddy''' is an Application Security Analyst at '''IMImobile Pvt Ltd''', member of '''National Technical Committee Member''' at National Cyber Safety and Security Standards

Also a '''Steering Committee Lead''' Member in National Information Security Summit.

2) '''Dathu Rachapudi''' is having 9 years of experience with 6+ years into Application Security only. He is currently working with '''ValueLabs''' as a “Technical Lead-Security”

He likes to teach and a happy a bug hunter during his leisure time.

== Dec-2017 ==
[[File:WhatsApp Image 2017-12-15 at 11.09.39 PM.jpg|thumb]]
'''Time & Venue:'''

@15/Dec/2017

KFC location, Shilparamam, Hi-Tech city, Hyderabad

'''Agenda:'''

1. Planning for Jan 20th 2018 general OWASP meet - '''Done'''

2. Need to clear OWASP mail account - '''Done'''

'''Attendees : Hyderabad OWASP Core Team'''

== Sec-2017 ==
[[File:WhatsApp Image 2017-12-15 at 10.13.27 PM.jpg|thumb]]
'''Time & Venue:'''

@03/Sep/2017

Cafe Coffee day, Road Number 10, Banjara Hills, Hyderabad

'''Below decisions were made after careful discussions'''

1. Uploading of OWASP presentation template, speakers should make use of this template to prepare their presentation

2. Recording the technical demo is mandate for presenters

'''Attendees : Hyderabad OWASP Core Team'''

== July 2017 ==
'''Time & Venue:'''

OpenText Technologies, Building No-14, 3rd Floor, Raheja Mindspace, HITEH City, Hyderabad

Saturday, July 15th, 2017 at 10:30 AM (IST)

'''Agenda:'''

1. Introduction to DevOps and its Tools - Krishna Reddy Pedala

2. API Security Auditing using RESTED Plug-in - Vikas Kumar Pal

'''About the speaker:'''

'''Krishna Reddy Pedala''' is currently working as an Sr.Information Security consultant in financial sector. His previous endeavour was with Microsoft and has 9+ years of experience in Information security domain with expertise in service industry and banking domains.

'''Vikas Kumar Pal''' is an information security professional working with Ceredox Technologies Pvt Ltd, Hyderabad with an interest in research and development in the areas of Application Security, Penetration Testing and Web Application Development.

== Feb 2017 ==

'''Time & Venue:'''

Starbucks, Opp: Cybergateway, HiTech City, Hyderbad

Monday, February 20th, 2017 at 7.30 PM (IST)

'''Agenda:'''

Topic: New Core Team Meeting

Road map for year 2017

Changes in core team members responsibilities

Getting OWASP accounts for core members

Administration of all social accounts of OWASP Hyderabad Chapter

== April 2016 ==
'''Time & Venue:'''

OpenText Technologies, Building No-14, 3rd Floor, Raheja Mindspace, HITEH City, Hyderabad

Saturday, April 2nd, 2016 at 10:30 AM (IST)

'''Agenda:'''

Topic: Mobile application security and testing by Satish Kumar Patnaik

About the speaker - Satish Kumar Patnayak : he is currently working as an Senior Information Security Consultant financial sector and has 5+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. His areas of interest are android security, ios security.

==February 2016==

'''Time & Venue:'''

Saturday, February 27th, 2016 at 10:30 AM (IST)

Location: Pramati Technologies Private Limited, Mid Town 6-3-348 Road No. 1, Banjara Hills, Hyderabad, Telangana, India

'''Agenda:'''

Microsoft Threat Modeling Tool 2016 by Krishna Reddy Padala

Creating DFD STRIDE Model Identifying STRIDE Threats by DFD, Mitigation Techniques and Technologies

'''About the speaker:''' Krishna Reddy Padala, he is currently working as an Senior Information Security Consultant financial sectore and worked with Microsoft and has 8+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. QUALYS GUARD Certified Vulnerability Management Specialist.Certified Ethical Hacker from EC Council.Worked extensively on Web Application Security, Secure Code Reviews in Banking & Financial, Healthcare, Retail, Logistics domains.

== '''Previous Meets:''' ==

==May 11, 2013==

'''Venue:'''

CA Technologies, 115, IT Park Area, Nanakramguda, Gachibowli - (Phone - 040 6687 8000), Hyderabad

'''Agenda:''' Exploiting Java 0-day by Ravindra and Raghuveer, CA Technologies Compliance and Governance by Shalem Raj, Cognizant.

==February 9, 2013==

'''Date & Time: Saturday, February 9, 2013 from 10:00 AM to 1:00 PM '''

'''Venue:'''
CA Technologies 
115, IT Park Area 
Nanakramguda, Gachibowli - (Phone - 040 6687 8000) 
Hyderabad

'''Agenda:'''
IBM Appscan - An automated approach to web app security by Rohit Tamma 
Insecure Storage in iPhone applications by Satish Bommisetty

''' Speakers: '''

'''Rohit Tamma'''
Rohit Tamma has been working in the field of Application Security since 3.5 years. He has experience in Vulnerability Assessments and Penetration Testing of web applications. He is passionate about Mobile security with special interest in Android security. He is currently working with ADP.

'''Satish Bommisetty'''
Satish is an Information Security Professional with 6.5 years of experience in penetration testing of web applications and mobile applications. He is currently working with ADP as a security analyst. He is a Facebook whitehat. He also reported vulnerabilities in Bing, Linkedin and Paypal.

== October 27, 2012 ==

'''Date & Time: Saturday, October 27, 2012 at 11:00 AM (IST) '''.

'''Venue:'''

Invesco private Limited 
15th Floor , North Block, Beside Raidurg Police Station 
DivyaSree Orion SEZ 
Hyderabad, Andhra Pradesh 500032 

'''Agenda:'''

A bird'd eye view of securing Web Applications by Imran Mohammed

SSDLC BSIMM by M S Sripathi

''' Speakers '''

'''Imran Mohammed'''

Mohammed Imran works as Researcher at TCS, Innovation Labs. He also leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Imran is a CEH and his interests include application security assessment, penetration testing and secure code review. When not at work he practices horse riding and marksmanship.

'''Sreepati M S '''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him .

'''Sponsor'''

Invesco Pvt Ltd

== August 11, 2012 ==

'''Date & Time: Saturday, Aug 11, 2012 at 10:30 AM '''.

'''Venue:'''

ADP pvt ltd 
Kothaguda 
Ground floor, Block C Laxmi cyber city Opposite TCS e-park 
Hyderabad, Andhra Pradesh 500081 

'''Agenda:'''

HTML5 Security Part II by Krishna Chaitanya

''' Speakers '''

'''Krishna Chaitanya T'''

Krishna Chaitanya T is a web geek working at Security & Privacy Research Lab, Infosys Labs. He is very much passionate about the web with special interest on Web security and areas such as HTML5, JavaScript, Web browsers, social networking platforms etc. He is a regular blogger and speaker at technical events. For his contributions to technical communities, he has been awarded Microsoft MVP award for 3 consecutive years-ASP.NET MVP(2010) and Internet Explorer MVP (2011, 2012). He is also pursuing M.S by Research at IIIT-Hyd with focus on security aspects of the modern web. When not at work he practices Yoga and plays Chess.

'''Sponsor'''

https://www.owasp.org/images/9/91/Adp.jpg

== May 19, 2012 ==

'''Date & Time: Saturday, May 19, 2012 at 10:30 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

HTML5 Security by Krishna Chaitanya

''' Speakers '''

'''Krishna Chaitanya T'''

Krishna Chaitanya T is a web geek working at Security & Privacy Research Lab, Infosys Labs. He is very much passionate about the web with special interest on Web security and areas such as HTML5, JavaScript, Web browsers, social networking platforms etc. He is a regular blogger and speaker at technical events. For his contributions to technical communities, he has been awarded Microsoft MVP award for 3 consecutive years-ASP.NET MVP(2010) and Internet Explorer MVP (2011, 2012). He is also pursuing M.S by Research at IIIT-Hyd with focus on security aspects of the modern web. When not at work he practices Yoga and plays Chess.

== February 25, 2012 ==

'''Date & Time: Saturday, February 25, 2012 at 11:00 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

How to find zero days in web applications by Imran & Raghunath

''' Speakers '''

'''Mohammed Imran'''

Imran works as Application Security Researcher at Tata consultancy services,leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Apart from his day job he contributes to matriux and Fedora open source projects. Imran is a CEH and his interests include application security assessment, penetration testing and code review.

'''Raghunath'''

Raghunath works as a senior security engineer at entersoft information systems private limited. His interests include web application penetration testing.

== December 17, 2011 ==

'''Date & Time: Saturday, at 10:30 AM '''.

'''Venue: '''

Hotel Sitara Grand 
Road No.12, Road No.12, Banjara Hills 
Hyderabad, Andhra Pradesh 500034, India 

'''Agenda:'''

Cloud Security by Arshad Noor

''' Speakers '''

'''Arshad Noor'''
Chief Technology Officer
StrongAuth, Inc., Sunnyvale, California

Started his great profession as a senior systems designer way back in 1986 at Port Authority of Newyork and New Jersey,- Newyork and worked in Citibank - newyork as Vice President apart from Newyork Life Insurance, BASF Corporation, Sun IT ,Sun Microsystems, INC to name.
Architected and built several Public Key Infrastructure (PKI) assignments for several defense, communication, medical, Banking, e-commerce, life sciences and other industries.

== November 12, 2011==

'''Date & Time: Saturday, at 10:30 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

HP WebInspect by Rohit Tamma

Pentesting Iphone Applications By B Satish

''' Speakers '''

'''Rohit Tamma'''

Rohit Tamma (CEH) has been working as a Application security Analyst in TCS from past 2 years. His job responsibilities include Vulnerability Assessment and Penetration Testing which enabled him to acquire extensive knowledge on HP WebInspect,IBM Rational Appscan Source Edition and HP Assessment Management Platform. Recently he also gave a presentation in Null Hyderabad meet on HP WebInspect.

'''Satish B'''

Satish has been working as a web application penetration tester since 5 years. Pentested over 200 web applications during this period. Recently he got involved in reverse engineering of binaries, WLAN security and mobile application hacking. He also Performed a couple of network assessments and source code reviews. Developed a compiler in the early stage of the career. He has a Bachelor’s Degree in Computer Science from JNTU, Hyderabad.Passionate about hacking and sharing knowledge.

== 20th August 2011 ==

'''Date & Time: Saturady, at 11 AM '''

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

Oracle Padding Attack by B. Satish

Open SAM part II by Sripati MS

''' Speakers '''

'''B Satish'''

I have been working as a web application penetration tester since 5 years. Pentested over 200 web applications during this period. Recently got involved in reverse engineering of binaries, WLAN security and mobile application hacking. Performed a couple of network assessments and source code reviews. Developed a compiler in the early stage of the career. I have a Bachelor’s Degree in Computer Science from JNTU, Hyderabad. Passionate about hacking and sharing knowledge

'''Sreepati M S'''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him

== July 2011 ==

'''Date: 23/07/2011 saturady of at 12:00 Noon '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

Presentation on Burp Suite by Omair Seminar on Open SAM by Sreepati

''' Speakers '''

'''Sreepati M S '''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him

 

'''Omair '''

Omair works as penetration tester in NII consulting, has over 5 years of experience in Penetration testing. His interests include Network Penetration testing, Exploit generation and Reverse engineering

 ''' Facility Sponsor & Refreshment sponsor'''

3i Infotech

[[Image:3i Infotech.png]]

 

== june 2011 ==

'''Meet on:''' 11/06/2011 saturday

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Facility Sponsor & Refreshment sponsor''' 

Cognizant Technology Solutions

 

[[Image:Cognizant.png|273x86px|Cognizant.png]]

 

== May 2011 ==

'''Meet on:''' 07/05/2011 saturday

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

XSS Autopsy and w3af by Imran

''' Speakers '''

'''Mohammed Imran'''

Imran works as Application Security Researcher at Tata consultancy services,leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Apart from his day job he contributes to matriux and Fedora open source projects. Imran is a CEH and his interests include application security assessment, penetration testing and code review.

'''Sponsor''' 

Cognizant Technology Solutions

 

==== Audio/Video/Slides Archive ====

<paypal>Hyderabad</paypal>

__NOTOC__ <headertabs></headertabs>

[[Category:OWASP_Chapter]]
[[Category:Asia/Pacific/Middle East]]
[[Category:India]]
[[Category:Hyderabad]]

Hyderabad

2019-03-07T16:56:28Z

Raj Shalem: /* OWASP - Hyderabad Chapter Board Members */

Welcome to the OWASP Hyderabad chapter homepage.

== OWASP - Hyderabad Chapter Board Members ==
Scope of the board is to discuss and approve local activities, meetings and plans.The board meetings will be announced at a later date. 

'''The board currently includes the following members :'''
* '''OWASP Hyderabad chapter: 'Core Team'''' '''('''Members since 2017''')''' [mailto:gshalemraj@gmail.com Shalem Raj - Cognizant Technology Solutions] : Chapter Leader [mailto:rajesh.gopal@owasp.org Rajesh Gopal - Fortune 500 Organisation] [mailto:bhaskar.puppala@owasp.org Bhaskar Puppala - Fortune 500 Organisation] [mailto:sathya.achanta@owasp.org Achanta Sathya Phani Bapi Raju - CSC] [mailto:saikrishna.gobburi@owasp.org Saikrishna Gobburi - Pramati Technologies Pvt Ltd] 
* '''OWASP Hyderabad chapter: 'Board of Advisory' ('''Members since Mar-2019)
# Vasudeva Aremanda - Genpact
# Riyaz Shaik - FX Labs
# Krishna Chaitanya - Cycops (Founder)
Information about future meets can be seen in the '''''Upcoming Meetings''''' section below.

== '''Location Details''' ==

Hyderabad is the capital of southern India's Telangana state. A major center for the technology industry, it's home to many upscale restaurants and shops. Its historic sites include Golconda Fort, a former diamond-trading center that was once the Qutb Shahi dynastic capital. The Charminar, a 16th-century mosque whose 4 arches support towering minarets, is an old city landmark near the long-standing Laad Bazaar.

[[File:Hydskyline.jpg|Panorama of Hyderabad, as seen from the Hussain Sagar lake. Source: https://en.wikipedia.org/wiki/Hyderabad#/media/File:Hydskyline.jpg|center|1150x1150px]]

More details about Hyderabad location available @https://en.wikipedia.org/wiki/Hyderabad<nowiki/>{{Chapter Template|chaptername=Hyderabad|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-hyderabad|emailarchives=http://lists.owasp.org/pipermail/owasp-hyderabad}}
== Participants ==

OWASP Local Chapter meetings are free and open. Our chapter's meetings are informal and encourage open discussion of all aspects of application security. Anyone in our area interested in web application security is welcome to attend. We encourage attendees to give short presentations about specific topics.

 Stay Updated

'''[https://lists.owasp.org/mailman/listinfo/owasp-hyderabad Click here to join the local chapter mailing list]'''

'''Follow''' OWASP Hyderabad on your favorite social media sites:

[[Image:Twitter mini.png|link=http://twitter.com/OWASPHyderabad]] [[Image:Facebook mini.png|link=https://www.facebook.com/pages/Owasp-Hyderabad/181569591897591]]

'''Share''' OWASP Hyderabad on your favorite social media sites:

Presentations are invited from speakers, Please contacts us at our Telegram Group @https://goo.gl/EHqdLM

(Don't share personal details like contact numbers here, because its an open group, your privacy is our concern)

Presenters are encouraged to use OWASP presentation template for slides preparation.

Follow us at our Telegram, Twitter and Facebook handles to get latest information !

== Presentations and Training[edit | edit source] ==
OWASP Track

[https://www.owasp.org/index.php/Speaker_Agreement Speaker Agreement]

[https://www.owasp.org/images/b/b3/OWASP_Presentation_Template_v2.zip Presentation Template]

[https://www.owasp.org/index.php/Image:CFP_template.doc Call For Papers Template]

[https://www.owasp.org/images/8/85/OWASP_CFT_Template-1-.doc Call For Training proposal template].

[http://www.owasp.org/images/4/4b/SAMPLE_Training_Instructor_Agreement.doc Training Instructor Agreement]

== '''Upcoming Meetings & Events''' ==
''Stay tuned for 2019 updates - Exciting activities are under plan !''

== [[Meeting]] Details: ==

== Mar - 2019 - One-Day Conference ==
'''Organized''' '''by''' : S&P Global

'''Date :''' '''09/Mar/2019'''

'''Timings :''' 9.00 AM Registration starts

'''Event :''' 10.00 AM to 06.00 PM IST

'''Venue :''' @Ness Software Engineering Services India ,LLP, '''4th Floor, Block 5, East Tower,''' '''North wing Divyasree NSL Infrastructure Pvt''', ,Sy No.66/1, Raidurgam Village, Serlingampally Mandal, RR Dist, Hyderabad-500032, Telangana, India

'''Registration Link:''' https://www.meraevents.com/event/owasp-hyderabad-chapter-march-2019-oneday-meet-by-sandp-global
{| class="wikitable"
|'''Registration & Networking'''
|-
|Welcome and Overview by OWASP Core Team:

''Felicitation to Guest of Honor: '''G Janaki Sharmila''' - Dy. Commissioner of Police - Crime''

http://www.cyberabadpolice.gov.in/crime-wing/dcp-crimes.html

''Welcome note by S&P Global Team''
|-
|'''Authentication in API, Microservices Architecture''' '''and Cloud Security''' – By ''Varun Kumar Srivastava'':

Varun is principal Engineer with 9 + years of experience in developing and securing web applications and expertise in Application Security, Identity and Access management, He is a computer science graduate from IIT
|-
|Refreshments / Tea Break
|-
|'''''Panel Discussion''''' ''(Cybersecurity Readiness – Maturity and Capability)''

Dr. Bheemarjuna Reddy Tamma - Associate Professor, IIT Hyderabad - https://www.iith.ac.in/~tbr/

Dr. V. Radha, Associate Professor, Institute for Development and Research in Banking Technology (IDRBT) - http://idrbt.ac.in/vradha.html

Mr. Veeraindhra Dinker, Director Information Security at GSS Infotech Hyderabad - https://www.linkedin.com/in/vdinker

Mr. Venu Rao , Founder and CEO - We Secure App - https://www.linkedin.com/in/venu-rao-wsa
|-
|'''Networking Lunch -'''

'''Registrations for Onsite Hackathon by Secure Code Warrior'''
|-
|'''Executive Briefing: Secure Software Development''' – By Satish Kumar Vadlakonda: Satish is Associate Director with 12 + years of broad industry experience in to software design, architecture and development. Specialized in Web and Windows applications development with a strong acquaintance to the best practices of Agile, UX, UI and Information security
|-
|'''An Introduction to IOT firmware analysis and Security''' – By ''Vivek Rengarajan:''

Vivek is a cybersecurity team leader in a multinational bank with almost 18 years of experience. He has held varied roles in his career and has been a cyber security enthusiast for a long time. His areas of interest include mobile and ioT security, Malware analysis and reverse engineering and exploit development. He tweets at @vivek_310
|-
|Refreshments / Tea Break
|-
|'''''Onsite Hackathon (CTF) by''''' '''''Secure Code Warrior''': '''(3 Hours)'''''[[File:SCW LOGO.png|thumb]]

''Secure Code Warrior is a global security company that makes software development better and more secure: Gamified competitive Developer Quality Assurance platform''

https://securecodewarrior.com , https://insights.securecodewarrior.com

'''Announcement of the winners and Prize distribution:'''

'''The participants can form a group up to 3 members each or can participate individually'''

Watch as you climb to the top of the leaderboard and be crowned the ‘Secure Code Warrior.’ We are giving away prizes:

The following are prizes :

· 1st - 3x t-shirt, Rs. 3001 Amazon voucher each from '''SCW''' and 9000 Amazon gift card from '''S&P Global'''

· 2nd - 3x t-shirt from '''SCW''' – 5000 Amazon gift card from '''S&P Global'''

· 3rd - 3x t-shirt from '''SCW''' – 3000 Amazon gift card from '''S&P Global'''
|-
|'''Vote of Thanks'''

Closing: Network Business / Announce Next Meeting – By OWASP Team
|-
|Meeting Concludes: ''Network Social''
|}

== Dec - 2018 ==
[[File:Session Photo.jpg|thumb]]
[[File:Group Photo.jpg|thumb]]
'''Organized''' '''by''' : ThoughtWorks Technologies Private Limited

'''Date :''' 15/Dec/2018

'''Timings :''' 10.00 AM to 1.00 PM IST

'''Venue :''' ThoughtWorks Technologies Private Limited, Hyderabad, Telangana, India

'''Registration Link:''' https://www.eventbrite.com/e/owasp-hyderabad-december-2018-chapter-meet-tickets-53371662078#

'''Agenda:'''

'''1) All about Java Deserialization Vulnerability'''

Java Deserialization of untrusted data has been a security buzzword for the past couple of years with almost every application using native Java serialization framework being vulnerable to Java deserialization attacks. Since it's inception, there have been many scattered attempts to come up with a solution to best address this flaw. In this talk we will focus on Java deserialization vulnerability and mitigation framework provided by Oracle in its latest JDK.

'''About Speakers:''' Venkata Suresh Sanga is a Principle Security Engineer in Oracle having more than 13+ years of experience in Application Development and Security. Currently working on SAST Tools to remediate or mitigate the Application Vulnerabilities. He has Masters in Computer Science (M.Tech) from Andhra University. Linkedin : <nowiki>https://in.linkedin.com/in/svsuresh-appse</nowiki>

'''Our Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Our Twitter URL:''' https://twitter.com/owasphyderabad

'''Our Telegram URL:''' https://goo.gl/EHqdLM

== Sept-2018 - One-Day Conference ==
'''Organized''' '''by''' : S&P Global and Ness

'''Date :''' 01/Sept/2018

'''Timings :''' 10.00 AM to 05.30 PM IST

'''Venue :''' @Ness Software Engineering Services India ,LLP, 4th Floor, Block 5, East Tower, '''North wing Divyasree NSL Infrastructure Pvt''', ,Sy No.66/1, Raidurgam Village, Serlingampally Mandal, RR Dist, Hyderabad-500032, Telangana, India

'''Registration Link:'''

https://www.meraevents.com/event/owasp-hyderabad-september-2018-chapter-meet?ucode=organizer

'''Agenda:'''
{| class="wikitable"
|'''Registration & Networking'''
|-
|Welcome and Overview by OWASP Core Team

Welcome note by S&P Global Team

Welcome & Overview of Meeting by OWASP Network Representative
|-
|'''Running Frida on jailed devices by using Frida and to bypass root/jailbreak detection – By Satish Kumar Patnayak'''

About Speaker : Information Security Consultant with 7+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. His areas of interest are android security, ios security
|-
|Refreshments / Tea Break
|-
|'''SSRF Exploit Development – By Aayush Deo'''

About Speaker : Good industry experience in information security and completed my BE from PUNE University. Have worked with shopclues.com, an eCommerce company in the past and have couple of Hall of Fame’s on ZETA, Paytm etc.
|-
|Networking Lunch
|-
|'''Mobile Vulnerabilities worth Millions - Pentesting and Securing iOS Apps using OWASP iGoat – By Swaroop Deepak Yermalkar'''

About Speaker : works as Sr Security Engineer with a diverse skill set focused on Mobile App Pentest, Web, API and AWS Pentesting. In addition he has authored the popular book “Learning iOS Pentesting” (<nowiki>https://goo.gl/T8jvjJ</nowiki>) and lead an open source project - OWASP iGoat (<nowiki>https://github.com/OWASP/iGoat-Swift</nowiki>) which is developed for mobile security. He is one of the top bug bounty researchers worldwide, working with Cobalt.io (<nowiki>https://app.cobalt.io/swaroopsy</nowiki>), Synack.inc.

He has given talks and workshops at many security conferences including AppSec USA 2017, BruCON, SEC-T, EuropeanSec, Hacks in Taiwan (HITCON), GroundZero, c0c0n, 0x90, GNUnify
|-
|'''OS Command Injection - Observation, Attack & Analysis (A1 - OWASP Top 10 2017) - By Bhaskar Puppala and Saikrishna Gobburi'''

About Speaker: Bhaskar Puppala is an Information Security Professional, working as a consultant for a fortune 500 company and has 8.5 years of experience. He is more interested in application security area and love to share his knowledge when possible. He also has some experience in bug bounty programs and listed on couple of Security Hall of Fames.

For more details please visit : <nowiki>https://in.linkedin.com/in/bhaskar-puppala-3bb11316</nowiki>

About Speaker: Saikrishna Gobburi has around 8.5 years of work experience on QA automation, performance and security testing .Currently he is working as Principal engineer with Pramati technologies. He is also associated as core member with OWASP-Hyderabad.

For more details please visit: <nowiki>https://www.linkedin.com/in/saikrishna-gobburi-b0088118/</nowiki>
|-
|Refreshments / Tea Break
|-
|Panel Discussion – Corporate attack methodology vs Attacks in the wild (Resource pool: Demand vs Supply)
Panel to be announced
|-
|Closing - Network Business / Announce Next Meeting – By OWASP Team
|-
|''Network Social''
|}
'''Sponsor :'''
{| class="wikitable"
![[File:Session_Photos.jpg|thumb|S and P]]
![[File:Session_Photos1.jpg|thumb|S and P]]
![[File:Session_Photos2.jpg|thumb|S and P]]
|}
[[File:SP.png|thumb|168x168px|Sponsor]]

== July - 2018[edit | edit source] ==
'''Time & Venue:'''
[[File:July 2018 Core Team meet.jpg|thumb|July 2018 Core Team Meet]]
@28/July/2018

CCD, Banjara Hills, Hyderabad, Telangana.

'''Agenda:'''

1. Planning for Sep 2018 OWASP meet - '''Done'''

2. Telegraph Group Mentoring - '''Done'''

3. Speakers Finalizing - '''Done'''

'''Attendees : Hyderabad OWASP Core Team'''

[[File:CoMakeIT - June 2018 Meet Pic 2.jpg|thumb|CoMakeIT - June 2018 Meet]]

== June - 2018 ==
[[File:CoMakeIT - June 2018 Meet.jpg|alt=CoMakeIT - June 2018 Meet|thumb|CoMakeIT - June 2018 Meet]]
'''Venue: coMakeIT Software Pvt Ltd'''

Address: 7th Floor, Block-I, My Home Hub, Hitech City, Madhapur, Hyderabad, INDIA

'''Event Start Time:''' Saturday, 23rd June, 2018 at 10:00 AM (IST)

'''Event Registration URL''': https://tinyurl.com/yc9cb6hg

'''Agenda:'''

'''1) Adapting to DevSecOps in Agile World'''

In this talk, speaker will try talk about basics of DevSecOps and its benefits when we integrate it in Agile SDLC space.

'''2) Understanding the internals of 'Server-Side Request Forgery' (SSRF)'''

Here speaker will try to touch the basics about how application communicates with end devices and using the same he will try to explain SSRF issue and criticality of it, if exploited.

'''About Speakers:'''

'''1) Saikrishna Gobburi''' has around 8.5 years of work experience on QA automation, performance and security testing .Currently he is working as Principle engineer with Pramati technologies. He is also associated as core member with OWASP-Hyderabad. For more details please visit: <nowiki>https://www.linkedin.com/in/saikrishna-gobburi-b0088118/</nowiki>

'''2) Bhaskar Puppala''' is an Information Security Professional, working as a consultant for a fortune 500 company and has 8.5 years of experience. He is more interested in application security area and love to share his knowledge when possible. He also has some experience in bug bounty programs and listed on couple of Security Hall of Fames. For more details please visit : <nowiki>https://in.linkedin.com/in/bhaskar-puppala-3bb11316</nowiki>

'''Our Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Our Twitter URL:''' https://twitter.com/owasphyderabad

'''Our Telegram URL:''' https://goo.gl/EHqdLM

== Mar - 2018 ==
[[File:Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet.jpg|alt=Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet|thumb|Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet]]
'''Venue: Daspalla Hotel'''
[[File:Daspalla_Hotel_-_Meet.jpg|thumb|Daspalla Hotel Meet - Mar 2018]]

Address: Rd Number 37, CBI Colony, Jubilee Hills, Hyderabad, Telangana 500033, Phone: 040 6654 5678

'''Event Start Time:''' Saturday, 10th Mar, 2018 at 10:00 AM (IST)

'''Agenda:'''

'''1) Does your Pentesting cover all the basis of IT Security ?'''

This talk focuses on how to align the security validation of a web application with the three basic elements of security namely,Confidentiality,Integrity, and Availability (CIA). The test effectiveness can be achieved by analyzing the requirements of each element and identifying the potential breaches that can compromise each element. The efficiency should be built by relating these breaches with the known OWASP Top 10 and other vulnerabilities and, leveraging that knowledge to identify the testing approach - static and dynamic throughout the SDLC.

'''About Speakers:'''

'''Bhushan Gupta''' has over 30 years of experience in software engineering, 23 of which have been in the software industry. Although recognized for his contributions in the areas of software engineering such as agile processes and quality methods and metrics, Bhushan has taken a vigorous interest in web application security and is keen on applying pragmatic software development practices that yield a secure product. He is one of the leaders of the OWASP Portland Chapter. Bhushan has been a speaker, a panelist, and a reviewer for software quality and security organizations. As a change agent, Bhushan volunteers his time and energy for organizations that promote software security and quality. He has a MS degree in Computer Science from New Mexico Institute of Mining and Technology, Socorro, New Mexico, 1985.

'''Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Twitter URL:''' https://twitter.com/owasphyderabad

'''Telegram URL:''' https://goo.gl/EHqdLM

'''Registration URL:''' https://goo.gl/tEXnec

== Feb-2018 ==

=== '''Venue: coMakeIT''' ===
7th Floor, Block-I, My Home Hub, Hitech City, Madhapur, Hyderabad, INDIA

'''Time:''' Saturday, 03rd Feb, 2018 at 10:30 AM (IST)

'''Agenda:'''

1) Mobile Application Pentest & Mobile Application Ransomware

2) Using Static Analyser tools while coding

'''About Speakers:'''

1) '''Spv Reddy''' is an Application Security Analyst at '''IMImobile Pvt Ltd''', member of '''National Technical Committee Member''' at National Cyber Safety and Security Standards

Also a '''Steering Committee Lead''' Member in National Information Security Summit.

2) '''Dathu Rachapudi''' is having 9 years of experience with 6+ years into Application Security only. He is currently working with '''ValueLabs''' as a “Technical Lead-Security”

He likes to teach and a happy a bug hunter during his leisure time.

== Dec-2017 ==
[[File:WhatsApp Image 2017-12-15 at 11.09.39 PM.jpg|thumb]]
'''Time & Venue:'''

@15/Dec/2017

KFC location, Shilparamam, Hi-Tech city, Hyderabad

'''Agenda:'''

1. Planning for Jan 20th 2018 general OWASP meet - '''Done'''

2. Need to clear OWASP mail account - '''Done'''

'''Attendees : Hyderabad OWASP Core Team'''

== Sec-2017 ==
[[File:WhatsApp Image 2017-12-15 at 10.13.27 PM.jpg|thumb]]
'''Time & Venue:'''

@03/Sep/2017

Cafe Coffee day, Road Number 10, Banjara Hills, Hyderabad

'''Below decisions were made after careful discussions'''

1. Uploading of OWASP presentation template, speakers should make use of this template to prepare their presentation

2. Recording the technical demo is mandate for presenters

'''Attendees : Hyderabad OWASP Core Team'''

== July 2017 ==
'''Time & Venue:'''

OpenText Technologies, Building No-14, 3rd Floor, Raheja Mindspace, HITEH City, Hyderabad

Saturday, July 15th, 2017 at 10:30 AM (IST)

'''Agenda:'''

1. Introduction to DevOps and its Tools - Krishna Reddy Pedala

2. API Security Auditing using RESTED Plug-in - Vikas Kumar Pal

'''About the speaker:'''

'''Krishna Reddy Pedala''' is currently working as an Sr.Information Security consultant in financial sector. His previous endeavour was with Microsoft and has 9+ years of experience in Information security domain with expertise in service industry and banking domains.

'''Vikas Kumar Pal''' is an information security professional working with Ceredox Technologies Pvt Ltd, Hyderabad with an interest in research and development in the areas of Application Security, Penetration Testing and Web Application Development.

== Feb 2017 ==

'''Time & Venue:'''

Starbucks, Opp: Cybergateway, HiTech City, Hyderbad

Monday, February 20th, 2017 at 7.30 PM (IST)

'''Agenda:'''

Topic: New Core Team Meeting

Road map for year 2017

Changes in core team members responsibilities

Getting OWASP accounts for core members

Administration of all social accounts of OWASP Hyderabad Chapter

== April 2016 ==
'''Time & Venue:'''

OpenText Technologies, Building No-14, 3rd Floor, Raheja Mindspace, HITEH City, Hyderabad

Saturday, April 2nd, 2016 at 10:30 AM (IST)

'''Agenda:'''

Topic: Mobile application security and testing by Satish Kumar Patnaik

About the speaker - Satish Kumar Patnayak : he is currently working as an Senior Information Security Consultant financial sector and has 5+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. His areas of interest are android security, ios security.

==February 2016==

'''Time & Venue:'''

Saturday, February 27th, 2016 at 10:30 AM (IST)

Location: Pramati Technologies Private Limited, Mid Town 6-3-348 Road No. 1, Banjara Hills, Hyderabad, Telangana, India

'''Agenda:'''

Microsoft Threat Modeling Tool 2016 by Krishna Reddy Padala

Creating DFD STRIDE Model Identifying STRIDE Threats by DFD, Mitigation Techniques and Technologies

'''About the speaker:''' Krishna Reddy Padala, he is currently working as an Senior Information Security Consultant financial sectore and worked with Microsoft and has 8+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. QUALYS GUARD Certified Vulnerability Management Specialist.Certified Ethical Hacker from EC Council.Worked extensively on Web Application Security, Secure Code Reviews in Banking & Financial, Healthcare, Retail, Logistics domains.

== '''Previous Meets:''' ==

==May 11, 2013==

'''Venue:'''

CA Technologies, 115, IT Park Area, Nanakramguda, Gachibowli - (Phone - 040 6687 8000), Hyderabad

'''Agenda:''' Exploiting Java 0-day by Ravindra and Raghuveer, CA Technologies Compliance and Governance by Shalem Raj, Cognizant.

==February 9, 2013==

'''Date & Time: Saturday, February 9, 2013 from 10:00 AM to 1:00 PM '''

'''Venue:'''
CA Technologies 
115, IT Park Area 
Nanakramguda, Gachibowli - (Phone - 040 6687 8000) 
Hyderabad

'''Agenda:'''
IBM Appscan - An automated approach to web app security by Rohit Tamma 
Insecure Storage in iPhone applications by Satish Bommisetty

''' Speakers: '''

'''Rohit Tamma'''
Rohit Tamma has been working in the field of Application Security since 3.5 years. He has experience in Vulnerability Assessments and Penetration Testing of web applications. He is passionate about Mobile security with special interest in Android security. He is currently working with ADP.

'''Satish Bommisetty'''
Satish is an Information Security Professional with 6.5 years of experience in penetration testing of web applications and mobile applications. He is currently working with ADP as a security analyst. He is a Facebook whitehat. He also reported vulnerabilities in Bing, Linkedin and Paypal.

== October 27, 2012 ==

'''Date & Time: Saturday, October 27, 2012 at 11:00 AM (IST) '''.

'''Venue:'''

Invesco private Limited 
15th Floor , North Block, Beside Raidurg Police Station 
DivyaSree Orion SEZ 
Hyderabad, Andhra Pradesh 500032 

'''Agenda:'''

A bird'd eye view of securing Web Applications by Imran Mohammed

SSDLC BSIMM by M S Sripathi

''' Speakers '''

'''Imran Mohammed'''

Mohammed Imran works as Researcher at TCS, Innovation Labs. He also leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Imran is a CEH and his interests include application security assessment, penetration testing and secure code review. When not at work he practices horse riding and marksmanship.

'''Sreepati M S '''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him .

'''Sponsor'''

Invesco Pvt Ltd

== August 11, 2012 ==

'''Date & Time: Saturday, Aug 11, 2012 at 10:30 AM '''.

'''Venue:'''

ADP pvt ltd 
Kothaguda 
Ground floor, Block C Laxmi cyber city Opposite TCS e-park 
Hyderabad, Andhra Pradesh 500081 

'''Agenda:'''

HTML5 Security Part II by Krishna Chaitanya

''' Speakers '''

'''Krishna Chaitanya T'''

Krishna Chaitanya T is a web geek working at Security & Privacy Research Lab, Infosys Labs. He is very much passionate about the web with special interest on Web security and areas such as HTML5, JavaScript, Web browsers, social networking platforms etc. He is a regular blogger and speaker at technical events. For his contributions to technical communities, he has been awarded Microsoft MVP award for 3 consecutive years-ASP.NET MVP(2010) and Internet Explorer MVP (2011, 2012). He is also pursuing M.S by Research at IIIT-Hyd with focus on security aspects of the modern web. When not at work he practices Yoga and plays Chess.

'''Sponsor'''

https://www.owasp.org/images/9/91/Adp.jpg

== May 19, 2012 ==

'''Date & Time: Saturday, May 19, 2012 at 10:30 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

HTML5 Security by Krishna Chaitanya

''' Speakers '''

'''Krishna Chaitanya T'''

Krishna Chaitanya T is a web geek working at Security & Privacy Research Lab, Infosys Labs. He is very much passionate about the web with special interest on Web security and areas such as HTML5, JavaScript, Web browsers, social networking platforms etc. He is a regular blogger and speaker at technical events. For his contributions to technical communities, he has been awarded Microsoft MVP award for 3 consecutive years-ASP.NET MVP(2010) and Internet Explorer MVP (2011, 2012). He is also pursuing M.S by Research at IIIT-Hyd with focus on security aspects of the modern web. When not at work he practices Yoga and plays Chess.

== February 25, 2012 ==

'''Date & Time: Saturday, February 25, 2012 at 11:00 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

How to find zero days in web applications by Imran & Raghunath

''' Speakers '''

'''Mohammed Imran'''

Imran works as Application Security Researcher at Tata consultancy services,leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Apart from his day job he contributes to matriux and Fedora open source projects. Imran is a CEH and his interests include application security assessment, penetration testing and code review.

'''Raghunath'''

Raghunath works as a senior security engineer at entersoft information systems private limited. His interests include web application penetration testing.

== December 17, 2011 ==

'''Date & Time: Saturday, at 10:30 AM '''.

'''Venue: '''

Hotel Sitara Grand 
Road No.12, Road No.12, Banjara Hills 
Hyderabad, Andhra Pradesh 500034, India 

'''Agenda:'''

Cloud Security by Arshad Noor

''' Speakers '''

'''Arshad Noor'''
Chief Technology Officer
StrongAuth, Inc., Sunnyvale, California

Started his great profession as a senior systems designer way back in 1986 at Port Authority of Newyork and New Jersey,- Newyork and worked in Citibank - newyork as Vice President apart from Newyork Life Insurance, BASF Corporation, Sun IT ,Sun Microsystems, INC to name.
Architected and built several Public Key Infrastructure (PKI) assignments for several defense, communication, medical, Banking, e-commerce, life sciences and other industries.

== November 12, 2011==

'''Date & Time: Saturday, at 10:30 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

HP WebInspect by Rohit Tamma

Pentesting Iphone Applications By B Satish

''' Speakers '''

'''Rohit Tamma'''

Rohit Tamma (CEH) has been working as a Application security Analyst in TCS from past 2 years. His job responsibilities include Vulnerability Assessment and Penetration Testing which enabled him to acquire extensive knowledge on HP WebInspect,IBM Rational Appscan Source Edition and HP Assessment Management Platform. Recently he also gave a presentation in Null Hyderabad meet on HP WebInspect.

'''Satish B'''

Satish has been working as a web application penetration tester since 5 years. Pentested over 200 web applications during this period. Recently he got involved in reverse engineering of binaries, WLAN security and mobile application hacking. He also Performed a couple of network assessments and source code reviews. Developed a compiler in the early stage of the career. He has a Bachelor’s Degree in Computer Science from JNTU, Hyderabad.Passionate about hacking and sharing knowledge.

== 20th August 2011 ==

'''Date & Time: Saturady, at 11 AM '''

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

Oracle Padding Attack by B. Satish

Open SAM part II by Sripati MS

''' Speakers '''

'''B Satish'''

I have been working as a web application penetration tester since 5 years. Pentested over 200 web applications during this period. Recently got involved in reverse engineering of binaries, WLAN security and mobile application hacking. Performed a couple of network assessments and source code reviews. Developed a compiler in the early stage of the career. I have a Bachelor’s Degree in Computer Science from JNTU, Hyderabad. Passionate about hacking and sharing knowledge

'''Sreepati M S'''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him

== July 2011 ==

'''Date: 23/07/2011 saturady of at 12:00 Noon '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

Presentation on Burp Suite by Omair Seminar on Open SAM by Sreepati

''' Speakers '''

'''Sreepati M S '''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him

 

'''Omair '''

Omair works as penetration tester in NII consulting, has over 5 years of experience in Penetration testing. His interests include Network Penetration testing, Exploit generation and Reverse engineering

 ''' Facility Sponsor & Refreshment sponsor'''

3i Infotech

[[Image:3i Infotech.png]]

 

== june 2011 ==

'''Meet on:''' 11/06/2011 saturday

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Facility Sponsor & Refreshment sponsor''' 

Cognizant Technology Solutions

 

[[Image:Cognizant.png|273x86px|Cognizant.png]]

 

== May 2011 ==

'''Meet on:''' 07/05/2011 saturday

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

XSS Autopsy and w3af by Imran

''' Speakers '''

'''Mohammed Imran'''

Imran works as Application Security Researcher at Tata consultancy services,leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Apart from his day job he contributes to matriux and Fedora open source projects. Imran is a CEH and his interests include application security assessment, penetration testing and code review.

'''Sponsor''' 

Cognizant Technology Solutions

 

==== Audio/Video/Slides Archive ====

<paypal>Hyderabad</paypal>

__NOTOC__ <headertabs></headertabs>

[[Category:OWASP_Chapter]]
[[Category:Asia/Pacific/Middle East]]
[[Category:India]]
[[Category:Hyderabad]]

Hyderabad

2019-03-07T16:54:43Z

Raj Shalem: /* Members (since Mar-2019) */

Welcome to the OWASP Hyderabad chapter homepage.

== OWASP - Hyderabad Chapter Board Members ==
Scope of the board is to discuss and approve local activities, meetings and plans.The board meetings will be announced at a later date. 

'''The board currently includes the following members :'''
* '''OWASP Hyderabad chapter: 'Core Team'''' '''('''Members since 2017''')''' [mailto:gshalemraj@gmail.com Shalem Raj - Cognizant Technology Solutions] : Chapter Leader [mailto:rajesh.gopal@owasp.org Rajesh Gopal - Fortune 500 Organisation] [mailto:bhaskar.puppala@owasp.org Bhaskar Puppala - Fortune 500 Organisation] [mailto:sathya.achanta@owasp.org Achanta Sathya Phani Bapi Raju - CSC] [mailto:saikrishna.gobburi@owasp.org Saikrishna Gobburi - Pramati Technologies Pvt Ltd] 
* '''OWASP Hyderabad chapter: 'Board of Advisory' ('''Members since Mar-2019)
Vasudeva Aremanda - Genpact

Riyaz Shaik - FX Labs

Krishna Chaitanya - Cycops (Founder)

Information about future meets can be seen in the '''''Upcoming Meetings''''' section below.

== '''Location Details''' ==

Hyderabad is the capital of southern India's Telangana state. A major center for the technology industry, it's home to many upscale restaurants and shops. Its historic sites include Golconda Fort, a former diamond-trading center that was once the Qutb Shahi dynastic capital. The Charminar, a 16th-century mosque whose 4 arches support towering minarets, is an old city landmark near the long-standing Laad Bazaar.

[[File:Hydskyline.jpg|Panorama of Hyderabad, as seen from the Hussain Sagar lake. Source: https://en.wikipedia.org/wiki/Hyderabad#/media/File:Hydskyline.jpg|center|1150x1150px]]

More details about Hyderabad location available @https://en.wikipedia.org/wiki/Hyderabad<nowiki/>{{Chapter Template|chaptername=Hyderabad|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-hyderabad|emailarchives=http://lists.owasp.org/pipermail/owasp-hyderabad}}
== Participants ==

OWASP Local Chapter meetings are free and open. Our chapter's meetings are informal and encourage open discussion of all aspects of application security. Anyone in our area interested in web application security is welcome to attend. We encourage attendees to give short presentations about specific topics.

 Stay Updated

'''[https://lists.owasp.org/mailman/listinfo/owasp-hyderabad Click here to join the local chapter mailing list]'''

'''Follow''' OWASP Hyderabad on your favorite social media sites:

[[Image:Twitter mini.png|link=http://twitter.com/OWASPHyderabad]] [[Image:Facebook mini.png|link=https://www.facebook.com/pages/Owasp-Hyderabad/181569591897591]]

'''Share''' OWASP Hyderabad on your favorite social media sites:

Presentations are invited from speakers, Please contacts us at our Telegram Group @https://goo.gl/EHqdLM

(Don't share personal details like contact numbers here, because its an open group, your privacy is our concern)

Presenters are encouraged to use OWASP presentation template for slides preparation.

Follow us at our Telegram, Twitter and Facebook handles to get latest information !

== Presentations and Training[edit | edit source] ==
OWASP Track

[https://www.owasp.org/index.php/Speaker_Agreement Speaker Agreement]

[https://www.owasp.org/images/b/b3/OWASP_Presentation_Template_v2.zip Presentation Template]

[https://www.owasp.org/index.php/Image:CFP_template.doc Call For Papers Template]

[https://www.owasp.org/images/8/85/OWASP_CFT_Template-1-.doc Call For Training proposal template].

[http://www.owasp.org/images/4/4b/SAMPLE_Training_Instructor_Agreement.doc Training Instructor Agreement]

== '''Upcoming Meetings & Events''' ==
''Stay tuned for 2019 updates - Exciting activities are under plan !''

== [[Meeting]] Details: ==

== Mar - 2019 - One-Day Conference ==
'''Organized''' '''by''' : S&P Global

'''Date :''' '''09/Mar/2019'''

'''Timings :''' 9.00 AM Registration starts

'''Event :''' 10.00 AM to 06.00 PM IST

'''Venue :''' @Ness Software Engineering Services India ,LLP, '''4th Floor, Block 5, East Tower,''' '''North wing Divyasree NSL Infrastructure Pvt''', ,Sy No.66/1, Raidurgam Village, Serlingampally Mandal, RR Dist, Hyderabad-500032, Telangana, India

'''Registration Link:''' https://www.meraevents.com/event/owasp-hyderabad-chapter-march-2019-oneday-meet-by-sandp-global
{| class="wikitable"
|'''Registration & Networking'''
|-
|Welcome and Overview by OWASP Core Team:

''Felicitation to Guest of Honor: '''G Janaki Sharmila''' - Dy. Commissioner of Police - Crime''

http://www.cyberabadpolice.gov.in/crime-wing/dcp-crimes.html

''Welcome note by S&P Global Team''
|-
|'''Authentication in API, Microservices Architecture''' '''and Cloud Security''' – By ''Varun Kumar Srivastava'':

Varun is principal Engineer with 9 + years of experience in developing and securing web applications and expertise in Application Security, Identity and Access management, He is a computer science graduate from IIT
|-
|Refreshments / Tea Break
|-
|'''''Panel Discussion''''' ''(Cybersecurity Readiness – Maturity and Capability)''

Dr. Bheemarjuna Reddy Tamma - Associate Professor, IIT Hyderabad - https://www.iith.ac.in/~tbr/

Dr. V. Radha, Associate Professor, Institute for Development and Research in Banking Technology (IDRBT) - http://idrbt.ac.in/vradha.html

Mr. Veeraindhra Dinker, Director Information Security at GSS Infotech Hyderabad - https://www.linkedin.com/in/vdinker

Mr. Venu Rao , Founder and CEO - We Secure App - https://www.linkedin.com/in/venu-rao-wsa
|-
|'''Networking Lunch -'''

'''Registrations for Onsite Hackathon by Secure Code Warrior'''
|-
|'''Executive Briefing: Secure Software Development''' – By Satish Kumar Vadlakonda: Satish is Associate Director with 12 + years of broad industry experience in to software design, architecture and development. Specialized in Web and Windows applications development with a strong acquaintance to the best practices of Agile, UX, UI and Information security
|-
|'''An Introduction to IOT firmware analysis and Security''' – By ''Vivek Rengarajan:''

Vivek is a cybersecurity team leader in a multinational bank with almost 18 years of experience. He has held varied roles in his career and has been a cyber security enthusiast for a long time. His areas of interest include mobile and ioT security, Malware analysis and reverse engineering and exploit development. He tweets at @vivek_310
|-
|Refreshments / Tea Break
|-
|'''''Onsite Hackathon (CTF) by''''' '''''Secure Code Warrior''': '''(3 Hours)'''''[[File:SCW LOGO.png|thumb]]

''Secure Code Warrior is a global security company that makes software development better and more secure: Gamified competitive Developer Quality Assurance platform''

https://securecodewarrior.com , https://insights.securecodewarrior.com

'''Announcement of the winners and Prize distribution:'''

'''The participants can form a group up to 3 members each or can participate individually'''

Watch as you climb to the top of the leaderboard and be crowned the ‘Secure Code Warrior.’ We are giving away prizes:

The following are prizes :

· 1st - 3x t-shirt, Rs. 3001 Amazon voucher each from '''SCW''' and 9000 Amazon gift card from '''S&P Global'''

· 2nd - 3x t-shirt from '''SCW''' – 5000 Amazon gift card from '''S&P Global'''

· 3rd - 3x t-shirt from '''SCW''' – 3000 Amazon gift card from '''S&P Global'''
|-
|'''Vote of Thanks'''

Closing: Network Business / Announce Next Meeting – By OWASP Team
|-
|Meeting Concludes: ''Network Social''
|}

== Dec - 2018 ==
[[File:Session Photo.jpg|thumb]]
[[File:Group Photo.jpg|thumb]]
'''Organized''' '''by''' : ThoughtWorks Technologies Private Limited

'''Date :''' 15/Dec/2018

'''Timings :''' 10.00 AM to 1.00 PM IST

'''Venue :''' ThoughtWorks Technologies Private Limited, Hyderabad, Telangana, India

'''Registration Link:''' https://www.eventbrite.com/e/owasp-hyderabad-december-2018-chapter-meet-tickets-53371662078#

'''Agenda:'''

'''1) All about Java Deserialization Vulnerability'''

Java Deserialization of untrusted data has been a security buzzword for the past couple of years with almost every application using native Java serialization framework being vulnerable to Java deserialization attacks. Since it's inception, there have been many scattered attempts to come up with a solution to best address this flaw. In this talk we will focus on Java deserialization vulnerability and mitigation framework provided by Oracle in its latest JDK.

'''About Speakers:''' Venkata Suresh Sanga is a Principle Security Engineer in Oracle having more than 13+ years of experience in Application Development and Security. Currently working on SAST Tools to remediate or mitigate the Application Vulnerabilities. He has Masters in Computer Science (M.Tech) from Andhra University. Linkedin : <nowiki>https://in.linkedin.com/in/svsuresh-appse</nowiki>

'''Our Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Our Twitter URL:''' https://twitter.com/owasphyderabad

'''Our Telegram URL:''' https://goo.gl/EHqdLM

== Sept-2018 - One-Day Conference ==
'''Organized''' '''by''' : S&P Global and Ness

'''Date :''' 01/Sept/2018

'''Timings :''' 10.00 AM to 05.30 PM IST

'''Venue :''' @Ness Software Engineering Services India ,LLP, 4th Floor, Block 5, East Tower, '''North wing Divyasree NSL Infrastructure Pvt''', ,Sy No.66/1, Raidurgam Village, Serlingampally Mandal, RR Dist, Hyderabad-500032, Telangana, India

'''Registration Link:'''

https://www.meraevents.com/event/owasp-hyderabad-september-2018-chapter-meet?ucode=organizer

'''Agenda:'''
{| class="wikitable"
|'''Registration & Networking'''
|-
|Welcome and Overview by OWASP Core Team

Welcome note by S&P Global Team

Welcome & Overview of Meeting by OWASP Network Representative
|-
|'''Running Frida on jailed devices by using Frida and to bypass root/jailbreak detection – By Satish Kumar Patnayak'''

About Speaker : Information Security Consultant with 7+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. His areas of interest are android security, ios security
|-
|Refreshments / Tea Break
|-
|'''SSRF Exploit Development – By Aayush Deo'''

About Speaker : Good industry experience in information security and completed my BE from PUNE University. Have worked with shopclues.com, an eCommerce company in the past and have couple of Hall of Fame’s on ZETA, Paytm etc.
|-
|Networking Lunch
|-
|'''Mobile Vulnerabilities worth Millions - Pentesting and Securing iOS Apps using OWASP iGoat – By Swaroop Deepak Yermalkar'''

About Speaker : works as Sr Security Engineer with a diverse skill set focused on Mobile App Pentest, Web, API and AWS Pentesting. In addition he has authored the popular book “Learning iOS Pentesting” (<nowiki>https://goo.gl/T8jvjJ</nowiki>) and lead an open source project - OWASP iGoat (<nowiki>https://github.com/OWASP/iGoat-Swift</nowiki>) which is developed for mobile security. He is one of the top bug bounty researchers worldwide, working with Cobalt.io (<nowiki>https://app.cobalt.io/swaroopsy</nowiki>), Synack.inc.

He has given talks and workshops at many security conferences including AppSec USA 2017, BruCON, SEC-T, EuropeanSec, Hacks in Taiwan (HITCON), GroundZero, c0c0n, 0x90, GNUnify
|-
|'''OS Command Injection - Observation, Attack & Analysis (A1 - OWASP Top 10 2017) - By Bhaskar Puppala and Saikrishna Gobburi'''

About Speaker: Bhaskar Puppala is an Information Security Professional, working as a consultant for a fortune 500 company and has 8.5 years of experience. He is more interested in application security area and love to share his knowledge when possible. He also has some experience in bug bounty programs and listed on couple of Security Hall of Fames.

For more details please visit : <nowiki>https://in.linkedin.com/in/bhaskar-puppala-3bb11316</nowiki>

About Speaker: Saikrishna Gobburi has around 8.5 years of work experience on QA automation, performance and security testing .Currently he is working as Principal engineer with Pramati technologies. He is also associated as core member with OWASP-Hyderabad.

For more details please visit: <nowiki>https://www.linkedin.com/in/saikrishna-gobburi-b0088118/</nowiki>
|-
|Refreshments / Tea Break
|-
|Panel Discussion – Corporate attack methodology vs Attacks in the wild (Resource pool: Demand vs Supply)
Panel to be announced
|-
|Closing - Network Business / Announce Next Meeting – By OWASP Team
|-
|''Network Social''
|}
'''Sponsor :'''
{| class="wikitable"
![[File:Session_Photos.jpg|thumb|S and P]]
![[File:Session_Photos1.jpg|thumb|S and P]]
![[File:Session_Photos2.jpg|thumb|S and P]]
|}
[[File:SP.png|thumb|168x168px|Sponsor]]

== July - 2018[edit | edit source] ==
'''Time & Venue:'''
[[File:July 2018 Core Team meet.jpg|thumb|July 2018 Core Team Meet]]
@28/July/2018

CCD, Banjara Hills, Hyderabad, Telangana.

'''Agenda:'''

1. Planning for Sep 2018 OWASP meet - '''Done'''

2. Telegraph Group Mentoring - '''Done'''

3. Speakers Finalizing - '''Done'''

'''Attendees : Hyderabad OWASP Core Team'''

[[File:CoMakeIT - June 2018 Meet Pic 2.jpg|thumb|CoMakeIT - June 2018 Meet]]

== June - 2018 ==
[[File:CoMakeIT - June 2018 Meet.jpg|alt=CoMakeIT - June 2018 Meet|thumb|CoMakeIT - June 2018 Meet]]
'''Venue: coMakeIT Software Pvt Ltd'''

Address: 7th Floor, Block-I, My Home Hub, Hitech City, Madhapur, Hyderabad, INDIA

'''Event Start Time:''' Saturday, 23rd June, 2018 at 10:00 AM (IST)

'''Event Registration URL''': https://tinyurl.com/yc9cb6hg

'''Agenda:'''

'''1) Adapting to DevSecOps in Agile World'''

In this talk, speaker will try talk about basics of DevSecOps and its benefits when we integrate it in Agile SDLC space.

'''2) Understanding the internals of 'Server-Side Request Forgery' (SSRF)'''

Here speaker will try to touch the basics about how application communicates with end devices and using the same he will try to explain SSRF issue and criticality of it, if exploited.

'''About Speakers:'''

'''1) Saikrishna Gobburi''' has around 8.5 years of work experience on QA automation, performance and security testing .Currently he is working as Principle engineer with Pramati technologies. He is also associated as core member with OWASP-Hyderabad. For more details please visit: <nowiki>https://www.linkedin.com/in/saikrishna-gobburi-b0088118/</nowiki>

'''2) Bhaskar Puppala''' is an Information Security Professional, working as a consultant for a fortune 500 company and has 8.5 years of experience. He is more interested in application security area and love to share his knowledge when possible. He also has some experience in bug bounty programs and listed on couple of Security Hall of Fames. For more details please visit : <nowiki>https://in.linkedin.com/in/bhaskar-puppala-3bb11316</nowiki>

'''Our Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Our Twitter URL:''' https://twitter.com/owasphyderabad

'''Our Telegram URL:''' https://goo.gl/EHqdLM

== Mar - 2018 ==
[[File:Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet.jpg|alt=Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet|thumb|Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet]]
'''Venue: Daspalla Hotel'''
[[File:Daspalla_Hotel_-_Meet.jpg|thumb|Daspalla Hotel Meet - Mar 2018]]

Address: Rd Number 37, CBI Colony, Jubilee Hills, Hyderabad, Telangana 500033, Phone: 040 6654 5678

'''Event Start Time:''' Saturday, 10th Mar, 2018 at 10:00 AM (IST)

'''Agenda:'''

'''1) Does your Pentesting cover all the basis of IT Security ?'''

This talk focuses on how to align the security validation of a web application with the three basic elements of security namely,Confidentiality,Integrity, and Availability (CIA). The test effectiveness can be achieved by analyzing the requirements of each element and identifying the potential breaches that can compromise each element. The efficiency should be built by relating these breaches with the known OWASP Top 10 and other vulnerabilities and, leveraging that knowledge to identify the testing approach - static and dynamic throughout the SDLC.

'''About Speakers:'''

'''Bhushan Gupta''' has over 30 years of experience in software engineering, 23 of which have been in the software industry. Although recognized for his contributions in the areas of software engineering such as agile processes and quality methods and metrics, Bhushan has taken a vigorous interest in web application security and is keen on applying pragmatic software development practices that yield a secure product. He is one of the leaders of the OWASP Portland Chapter. Bhushan has been a speaker, a panelist, and a reviewer for software quality and security organizations. As a change agent, Bhushan volunteers his time and energy for organizations that promote software security and quality. He has a MS degree in Computer Science from New Mexico Institute of Mining and Technology, Socorro, New Mexico, 1985.

'''Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Twitter URL:''' https://twitter.com/owasphyderabad

'''Telegram URL:''' https://goo.gl/EHqdLM

'''Registration URL:''' https://goo.gl/tEXnec

== Feb-2018 ==

=== '''Venue: coMakeIT''' ===
7th Floor, Block-I, My Home Hub, Hitech City, Madhapur, Hyderabad, INDIA

'''Time:''' Saturday, 03rd Feb, 2018 at 10:30 AM (IST)

'''Agenda:'''

1) Mobile Application Pentest & Mobile Application Ransomware

2) Using Static Analyser tools while coding

'''About Speakers:'''

1) '''Spv Reddy''' is an Application Security Analyst at '''IMImobile Pvt Ltd''', member of '''National Technical Committee Member''' at National Cyber Safety and Security Standards

Also a '''Steering Committee Lead''' Member in National Information Security Summit.

2) '''Dathu Rachapudi''' is having 9 years of experience with 6+ years into Application Security only. He is currently working with '''ValueLabs''' as a “Technical Lead-Security”

He likes to teach and a happy a bug hunter during his leisure time.

== Dec-2017 ==
[[File:WhatsApp Image 2017-12-15 at 11.09.39 PM.jpg|thumb]]
'''Time & Venue:'''

@15/Dec/2017

KFC location, Shilparamam, Hi-Tech city, Hyderabad

'''Agenda:'''

1. Planning for Jan 20th 2018 general OWASP meet - '''Done'''

2. Need to clear OWASP mail account - '''Done'''

'''Attendees : Hyderabad OWASP Core Team'''

== Sec-2017 ==
[[File:WhatsApp Image 2017-12-15 at 10.13.27 PM.jpg|thumb]]
'''Time & Venue:'''

@03/Sep/2017

Cafe Coffee day, Road Number 10, Banjara Hills, Hyderabad

'''Below decisions were made after careful discussions'''

1. Uploading of OWASP presentation template, speakers should make use of this template to prepare their presentation

2. Recording the technical demo is mandate for presenters

'''Attendees : Hyderabad OWASP Core Team'''

== July 2017 ==
'''Time & Venue:'''

OpenText Technologies, Building No-14, 3rd Floor, Raheja Mindspace, HITEH City, Hyderabad

Saturday, July 15th, 2017 at 10:30 AM (IST)

'''Agenda:'''

1. Introduction to DevOps and its Tools - Krishna Reddy Pedala

2. API Security Auditing using RESTED Plug-in - Vikas Kumar Pal

'''About the speaker:'''

'''Krishna Reddy Pedala''' is currently working as an Sr.Information Security consultant in financial sector. His previous endeavour was with Microsoft and has 9+ years of experience in Information security domain with expertise in service industry and banking domains.

'''Vikas Kumar Pal''' is an information security professional working with Ceredox Technologies Pvt Ltd, Hyderabad with an interest in research and development in the areas of Application Security, Penetration Testing and Web Application Development.

== Feb 2017 ==

'''Time & Venue:'''

Starbucks, Opp: Cybergateway, HiTech City, Hyderbad

Monday, February 20th, 2017 at 7.30 PM (IST)

'''Agenda:'''

Topic: New Core Team Meeting

Road map for year 2017

Changes in core team members responsibilities

Getting OWASP accounts for core members

Administration of all social accounts of OWASP Hyderabad Chapter

== April 2016 ==
'''Time & Venue:'''

OpenText Technologies, Building No-14, 3rd Floor, Raheja Mindspace, HITEH City, Hyderabad

Saturday, April 2nd, 2016 at 10:30 AM (IST)

'''Agenda:'''

Topic: Mobile application security and testing by Satish Kumar Patnaik

About the speaker - Satish Kumar Patnayak : he is currently working as an Senior Information Security Consultant financial sector and has 5+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. His areas of interest are android security, ios security.

==February 2016==

'''Time & Venue:'''

Saturday, February 27th, 2016 at 10:30 AM (IST)

Location: Pramati Technologies Private Limited, Mid Town 6-3-348 Road No. 1, Banjara Hills, Hyderabad, Telangana, India

'''Agenda:'''

Microsoft Threat Modeling Tool 2016 by Krishna Reddy Padala

Creating DFD STRIDE Model Identifying STRIDE Threats by DFD, Mitigation Techniques and Technologies

'''About the speaker:''' Krishna Reddy Padala, he is currently working as an Senior Information Security Consultant financial sectore and worked with Microsoft and has 8+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. QUALYS GUARD Certified Vulnerability Management Specialist.Certified Ethical Hacker from EC Council.Worked extensively on Web Application Security, Secure Code Reviews in Banking & Financial, Healthcare, Retail, Logistics domains.

== '''Previous Meets:''' ==

==May 11, 2013==

'''Venue:'''

CA Technologies, 115, IT Park Area, Nanakramguda, Gachibowli - (Phone - 040 6687 8000), Hyderabad

'''Agenda:''' Exploiting Java 0-day by Ravindra and Raghuveer, CA Technologies Compliance and Governance by Shalem Raj, Cognizant.

==February 9, 2013==

'''Date & Time: Saturday, February 9, 2013 from 10:00 AM to 1:00 PM '''

'''Venue:'''
CA Technologies 
115, IT Park Area 
Nanakramguda, Gachibowli - (Phone - 040 6687 8000) 
Hyderabad

'''Agenda:'''
IBM Appscan - An automated approach to web app security by Rohit Tamma 
Insecure Storage in iPhone applications by Satish Bommisetty

''' Speakers: '''

'''Rohit Tamma'''
Rohit Tamma has been working in the field of Application Security since 3.5 years. He has experience in Vulnerability Assessments and Penetration Testing of web applications. He is passionate about Mobile security with special interest in Android security. He is currently working with ADP.

'''Satish Bommisetty'''
Satish is an Information Security Professional with 6.5 years of experience in penetration testing of web applications and mobile applications. He is currently working with ADP as a security analyst. He is a Facebook whitehat. He also reported vulnerabilities in Bing, Linkedin and Paypal.

== October 27, 2012 ==

'''Date & Time: Saturday, October 27, 2012 at 11:00 AM (IST) '''.

'''Venue:'''

Invesco private Limited 
15th Floor , North Block, Beside Raidurg Police Station 
DivyaSree Orion SEZ 
Hyderabad, Andhra Pradesh 500032 

'''Agenda:'''

A bird'd eye view of securing Web Applications by Imran Mohammed

SSDLC BSIMM by M S Sripathi

''' Speakers '''

'''Imran Mohammed'''

Mohammed Imran works as Researcher at TCS, Innovation Labs. He also leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Imran is a CEH and his interests include application security assessment, penetration testing and secure code review. When not at work he practices horse riding and marksmanship.

'''Sreepati M S '''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him .

'''Sponsor'''

Invesco Pvt Ltd

== August 11, 2012 ==

'''Date & Time: Saturday, Aug 11, 2012 at 10:30 AM '''.

'''Venue:'''

ADP pvt ltd 
Kothaguda 
Ground floor, Block C Laxmi cyber city Opposite TCS e-park 
Hyderabad, Andhra Pradesh 500081 

'''Agenda:'''

HTML5 Security Part II by Krishna Chaitanya

''' Speakers '''

'''Krishna Chaitanya T'''

Krishna Chaitanya T is a web geek working at Security & Privacy Research Lab, Infosys Labs. He is very much passionate about the web with special interest on Web security and areas such as HTML5, JavaScript, Web browsers, social networking platforms etc. He is a regular blogger and speaker at technical events. For his contributions to technical communities, he has been awarded Microsoft MVP award for 3 consecutive years-ASP.NET MVP(2010) and Internet Explorer MVP (2011, 2012). He is also pursuing M.S by Research at IIIT-Hyd with focus on security aspects of the modern web. When not at work he practices Yoga and plays Chess.

'''Sponsor'''

https://www.owasp.org/images/9/91/Adp.jpg

== May 19, 2012 ==

'''Date & Time: Saturday, May 19, 2012 at 10:30 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

HTML5 Security by Krishna Chaitanya

''' Speakers '''

'''Krishna Chaitanya T'''

Krishna Chaitanya T is a web geek working at Security & Privacy Research Lab, Infosys Labs. He is very much passionate about the web with special interest on Web security and areas such as HTML5, JavaScript, Web browsers, social networking platforms etc. He is a regular blogger and speaker at technical events. For his contributions to technical communities, he has been awarded Microsoft MVP award for 3 consecutive years-ASP.NET MVP(2010) and Internet Explorer MVP (2011, 2012). He is also pursuing M.S by Research at IIIT-Hyd with focus on security aspects of the modern web. When not at work he practices Yoga and plays Chess.

== February 25, 2012 ==

'''Date & Time: Saturday, February 25, 2012 at 11:00 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

How to find zero days in web applications by Imran & Raghunath

''' Speakers '''

'''Mohammed Imran'''

Imran works as Application Security Researcher at Tata consultancy services,leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Apart from his day job he contributes to matriux and Fedora open source projects. Imran is a CEH and his interests include application security assessment, penetration testing and code review.

'''Raghunath'''

Raghunath works as a senior security engineer at entersoft information systems private limited. His interests include web application penetration testing.

== December 17, 2011 ==

'''Date & Time: Saturday, at 10:30 AM '''.

'''Venue: '''

Hotel Sitara Grand 
Road No.12, Road No.12, Banjara Hills 
Hyderabad, Andhra Pradesh 500034, India 

'''Agenda:'''

Cloud Security by Arshad Noor

''' Speakers '''

'''Arshad Noor'''
Chief Technology Officer
StrongAuth, Inc., Sunnyvale, California

Started his great profession as a senior systems designer way back in 1986 at Port Authority of Newyork and New Jersey,- Newyork and worked in Citibank - newyork as Vice President apart from Newyork Life Insurance, BASF Corporation, Sun IT ,Sun Microsystems, INC to name.
Architected and built several Public Key Infrastructure (PKI) assignments for several defense, communication, medical, Banking, e-commerce, life sciences and other industries.

== November 12, 2011==

'''Date & Time: Saturday, at 10:30 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

HP WebInspect by Rohit Tamma

Pentesting Iphone Applications By B Satish

''' Speakers '''

'''Rohit Tamma'''

Rohit Tamma (CEH) has been working as a Application security Analyst in TCS from past 2 years. His job responsibilities include Vulnerability Assessment and Penetration Testing which enabled him to acquire extensive knowledge on HP WebInspect,IBM Rational Appscan Source Edition and HP Assessment Management Platform. Recently he also gave a presentation in Null Hyderabad meet on HP WebInspect.

'''Satish B'''

Satish has been working as a web application penetration tester since 5 years. Pentested over 200 web applications during this period. Recently he got involved in reverse engineering of binaries, WLAN security and mobile application hacking. He also Performed a couple of network assessments and source code reviews. Developed a compiler in the early stage of the career. He has a Bachelor’s Degree in Computer Science from JNTU, Hyderabad.Passionate about hacking and sharing knowledge.

== 20th August 2011 ==

'''Date & Time: Saturady, at 11 AM '''

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

Oracle Padding Attack by B. Satish

Open SAM part II by Sripati MS

''' Speakers '''

'''B Satish'''

I have been working as a web application penetration tester since 5 years. Pentested over 200 web applications during this period. Recently got involved in reverse engineering of binaries, WLAN security and mobile application hacking. Performed a couple of network assessments and source code reviews. Developed a compiler in the early stage of the career. I have a Bachelor’s Degree in Computer Science from JNTU, Hyderabad. Passionate about hacking and sharing knowledge

'''Sreepati M S'''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him

== July 2011 ==

'''Date: 23/07/2011 saturady of at 12:00 Noon '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

Presentation on Burp Suite by Omair Seminar on Open SAM by Sreepati

''' Speakers '''

'''Sreepati M S '''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him

 

'''Omair '''

Omair works as penetration tester in NII consulting, has over 5 years of experience in Penetration testing. His interests include Network Penetration testing, Exploit generation and Reverse engineering

 ''' Facility Sponsor & Refreshment sponsor'''

3i Infotech

[[Image:3i Infotech.png]]

 

== june 2011 ==

'''Meet on:''' 11/06/2011 saturday

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Facility Sponsor & Refreshment sponsor''' 

Cognizant Technology Solutions

 

[[Image:Cognizant.png|273x86px|Cognizant.png]]

 

== May 2011 ==

'''Meet on:''' 07/05/2011 saturday

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

XSS Autopsy and w3af by Imran

''' Speakers '''

'''Mohammed Imran'''

Imran works as Application Security Researcher at Tata consultancy services,leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Apart from his day job he contributes to matriux and Fedora open source projects. Imran is a CEH and his interests include application security assessment, penetration testing and code review.

'''Sponsor''' 

Cognizant Technology Solutions

 

==== Audio/Video/Slides Archive ====

<paypal>Hyderabad</paypal>

__NOTOC__ <headertabs></headertabs>

[[Category:OWASP_Chapter]]
[[Category:Asia/Pacific/Middle East]]
[[Category:India]]
[[Category:Hyderabad]]

Hyderabad

2019-03-07T16:50:10Z

Raj Shalem: /* OWASP - Hyderabad Chapter Board Members */

Welcome to the OWASP Hyderabad chapter homepage.

== OWASP - Hyderabad Chapter Board Members ==
Scope of the board is to discuss and approve local activities, meetings and plans.The board meetings will be announced at a later date. 

'''The board currently includes the following members :'''

'''''Core Team Members - Since 2017''''' [mailto:gshalemraj@gmail.com Shalem Raj - Cognizant Technology Solutions] : Chapter Leader [mailto:rajesh.gopal@owasp.org Rajesh Gopal - Fortune 500 Organisation] [mailto:bhaskar.puppala@owasp.org Bhaskar Puppala - Fortune 500 Organisation] [mailto:sathya.achanta@owasp.org Achanta Sathya Phani Bapi Raju - CSC] [mailto:saikrishna.gobburi@owasp.org Saikrishna Gobburi - Pramati Technologies Pvt Ltd] 

'''OWASP Hyderabad chapter: 'Board of Advisory':'''

===== Members (since Mar-2019) =====
Vasudeva Aremanda - Genpact

Riyaz Shaik - FX Labs

Krishna Chaitanya - Cycops (Founder)

Information about future meets can be seen in the '''''Upcoming Meetings''''' section below.

== '''Location Details''' ==

Hyderabad is the capital of southern India's Telangana state. A major center for the technology industry, it's home to many upscale restaurants and shops. Its historic sites include Golconda Fort, a former diamond-trading center that was once the Qutb Shahi dynastic capital. The Charminar, a 16th-century mosque whose 4 arches support towering minarets, is an old city landmark near the long-standing Laad Bazaar.

[[File:Hydskyline.jpg|Panorama of Hyderabad, as seen from the Hussain Sagar lake. Source: https://en.wikipedia.org/wiki/Hyderabad#/media/File:Hydskyline.jpg|center|1150x1150px]]

More details about Hyderabad location available @https://en.wikipedia.org/wiki/Hyderabad<nowiki/>{{Chapter Template|chaptername=Hyderabad|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-hyderabad|emailarchives=http://lists.owasp.org/pipermail/owasp-hyderabad}}
== Participants ==

OWASP Local Chapter meetings are free and open. Our chapter's meetings are informal and encourage open discussion of all aspects of application security. Anyone in our area interested in web application security is welcome to attend. We encourage attendees to give short presentations about specific topics.

 Stay Updated

'''[https://lists.owasp.org/mailman/listinfo/owasp-hyderabad Click here to join the local chapter mailing list]'''

'''Follow''' OWASP Hyderabad on your favorite social media sites:

[[Image:Twitter mini.png|link=http://twitter.com/OWASPHyderabad]] [[Image:Facebook mini.png|link=https://www.facebook.com/pages/Owasp-Hyderabad/181569591897591]]

'''Share''' OWASP Hyderabad on your favorite social media sites:

Presentations are invited from speakers, Please contacts us at our Telegram Group @https://goo.gl/EHqdLM

(Don't share personal details like contact numbers here, because its an open group, your privacy is our concern)

Presenters are encouraged to use OWASP presentation template for slides preparation.

Follow us at our Telegram, Twitter and Facebook handles to get latest information !

== Presentations and Training[edit | edit source] ==
OWASP Track

[https://www.owasp.org/index.php/Speaker_Agreement Speaker Agreement]

[https://www.owasp.org/images/b/b3/OWASP_Presentation_Template_v2.zip Presentation Template]

[https://www.owasp.org/index.php/Image:CFP_template.doc Call For Papers Template]

[https://www.owasp.org/images/8/85/OWASP_CFT_Template-1-.doc Call For Training proposal template].

[http://www.owasp.org/images/4/4b/SAMPLE_Training_Instructor_Agreement.doc Training Instructor Agreement]

== '''Upcoming Meetings & Events''' ==
''Stay tuned for 2019 updates - Exciting activities are under plan !''

== [[Meeting]] Details: ==

== Mar - 2019 - One-Day Conference ==
'''Organized''' '''by''' : S&P Global

'''Date :''' '''09/Mar/2019'''

'''Timings :''' 9.00 AM Registration starts

'''Event :''' 10.00 AM to 06.00 PM IST

'''Venue :''' @Ness Software Engineering Services India ,LLP, '''4th Floor, Block 5, East Tower,''' '''North wing Divyasree NSL Infrastructure Pvt''', ,Sy No.66/1, Raidurgam Village, Serlingampally Mandal, RR Dist, Hyderabad-500032, Telangana, India

'''Registration Link:''' https://www.meraevents.com/event/owasp-hyderabad-chapter-march-2019-oneday-meet-by-sandp-global
{| class="wikitable"
|'''Registration & Networking'''
|-
|Welcome and Overview by OWASP Core Team:

''Felicitation to Guest of Honor: '''G Janaki Sharmila''' - Dy. Commissioner of Police - Crime''

http://www.cyberabadpolice.gov.in/crime-wing/dcp-crimes.html

''Welcome note by S&P Global Team''
|-
|'''Authentication in API, Microservices Architecture''' '''and Cloud Security''' – By ''Varun Kumar Srivastava'':

Varun is principal Engineer with 9 + years of experience in developing and securing web applications and expertise in Application Security, Identity and Access management, He is a computer science graduate from IIT
|-
|Refreshments / Tea Break
|-
|'''''Panel Discussion''''' ''(Cybersecurity Readiness – Maturity and Capability)''

Dr. Bheemarjuna Reddy Tamma - Associate Professor, IIT Hyderabad - https://www.iith.ac.in/~tbr/

Dr. V. Radha, Associate Professor, Institute for Development and Research in Banking Technology (IDRBT) - http://idrbt.ac.in/vradha.html

Mr. Veeraindhra Dinker, Director Information Security at GSS Infotech Hyderabad - https://www.linkedin.com/in/vdinker

Mr. Venu Rao , Founder and CEO - We Secure App - https://www.linkedin.com/in/venu-rao-wsa
|-
|'''Networking Lunch -'''

'''Registrations for Onsite Hackathon by Secure Code Warrior'''
|-
|'''Executive Briefing: Secure Software Development''' – By Satish Kumar Vadlakonda: Satish is Associate Director with 12 + years of broad industry experience in to software design, architecture and development. Specialized in Web and Windows applications development with a strong acquaintance to the best practices of Agile, UX, UI and Information security
|-
|'''An Introduction to IOT firmware analysis and Security''' – By ''Vivek Rengarajan:''

Vivek is a cybersecurity team leader in a multinational bank with almost 18 years of experience. He has held varied roles in his career and has been a cyber security enthusiast for a long time. His areas of interest include mobile and ioT security, Malware analysis and reverse engineering and exploit development. He tweets at @vivek_310
|-
|Refreshments / Tea Break
|-
|'''''Onsite Hackathon (CTF) by''''' '''''Secure Code Warrior''': '''(3 Hours)'''''[[File:SCW LOGO.png|thumb]]

''Secure Code Warrior is a global security company that makes software development better and more secure: Gamified competitive Developer Quality Assurance platform''

https://securecodewarrior.com , https://insights.securecodewarrior.com

'''Announcement of the winners and Prize distribution:'''

'''The participants can form a group up to 3 members each or can participate individually'''

Watch as you climb to the top of the leaderboard and be crowned the ‘Secure Code Warrior.’ We are giving away prizes:

The following are prizes :

· 1st - 3x t-shirt, Rs. 3001 Amazon voucher each from '''SCW''' and 9000 Amazon gift card from '''S&P Global'''

· 2nd - 3x t-shirt from '''SCW''' – 5000 Amazon gift card from '''S&P Global'''

· 3rd - 3x t-shirt from '''SCW''' – 3000 Amazon gift card from '''S&P Global'''
|-
|'''Vote of Thanks'''

Closing: Network Business / Announce Next Meeting – By OWASP Team
|-
|Meeting Concludes: ''Network Social''
|}

== Dec - 2018 ==
[[File:Session Photo.jpg|thumb]]
[[File:Group Photo.jpg|thumb]]
'''Organized''' '''by''' : ThoughtWorks Technologies Private Limited

'''Date :''' 15/Dec/2018

'''Timings :''' 10.00 AM to 1.00 PM IST

'''Venue :''' ThoughtWorks Technologies Private Limited, Hyderabad, Telangana, India

'''Registration Link:''' https://www.eventbrite.com/e/owasp-hyderabad-december-2018-chapter-meet-tickets-53371662078#

'''Agenda:'''

'''1) All about Java Deserialization Vulnerability'''

Java Deserialization of untrusted data has been a security buzzword for the past couple of years with almost every application using native Java serialization framework being vulnerable to Java deserialization attacks. Since it's inception, there have been many scattered attempts to come up with a solution to best address this flaw. In this talk we will focus on Java deserialization vulnerability and mitigation framework provided by Oracle in its latest JDK.

'''About Speakers:''' Venkata Suresh Sanga is a Principle Security Engineer in Oracle having more than 13+ years of experience in Application Development and Security. Currently working on SAST Tools to remediate or mitigate the Application Vulnerabilities. He has Masters in Computer Science (M.Tech) from Andhra University. Linkedin : <nowiki>https://in.linkedin.com/in/svsuresh-appse</nowiki>

'''Our Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Our Twitter URL:''' https://twitter.com/owasphyderabad

'''Our Telegram URL:''' https://goo.gl/EHqdLM

== Sept-2018 - One-Day Conference ==
'''Organized''' '''by''' : S&P Global and Ness

'''Date :''' 01/Sept/2018

'''Timings :''' 10.00 AM to 05.30 PM IST

'''Venue :''' @Ness Software Engineering Services India ,LLP, 4th Floor, Block 5, East Tower, '''North wing Divyasree NSL Infrastructure Pvt''', ,Sy No.66/1, Raidurgam Village, Serlingampally Mandal, RR Dist, Hyderabad-500032, Telangana, India

'''Registration Link:'''

https://www.meraevents.com/event/owasp-hyderabad-september-2018-chapter-meet?ucode=organizer

'''Agenda:'''
{| class="wikitable"
|'''Registration & Networking'''
|-
|Welcome and Overview by OWASP Core Team

Welcome note by S&P Global Team

Welcome & Overview of Meeting by OWASP Network Representative
|-
|'''Running Frida on jailed devices by using Frida and to bypass root/jailbreak detection – By Satish Kumar Patnayak'''

About Speaker : Information Security Consultant with 7+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. His areas of interest are android security, ios security
|-
|Refreshments / Tea Break
|-
|'''SSRF Exploit Development – By Aayush Deo'''

About Speaker : Good industry experience in information security and completed my BE from PUNE University. Have worked with shopclues.com, an eCommerce company in the past and have couple of Hall of Fame’s on ZETA, Paytm etc.
|-
|Networking Lunch
|-
|'''Mobile Vulnerabilities worth Millions - Pentesting and Securing iOS Apps using OWASP iGoat – By Swaroop Deepak Yermalkar'''

About Speaker : works as Sr Security Engineer with a diverse skill set focused on Mobile App Pentest, Web, API and AWS Pentesting. In addition he has authored the popular book “Learning iOS Pentesting” (<nowiki>https://goo.gl/T8jvjJ</nowiki>) and lead an open source project - OWASP iGoat (<nowiki>https://github.com/OWASP/iGoat-Swift</nowiki>) which is developed for mobile security. He is one of the top bug bounty researchers worldwide, working with Cobalt.io (<nowiki>https://app.cobalt.io/swaroopsy</nowiki>), Synack.inc.

He has given talks and workshops at many security conferences including AppSec USA 2017, BruCON, SEC-T, EuropeanSec, Hacks in Taiwan (HITCON), GroundZero, c0c0n, 0x90, GNUnify
|-
|'''OS Command Injection - Observation, Attack & Analysis (A1 - OWASP Top 10 2017) - By Bhaskar Puppala and Saikrishna Gobburi'''

About Speaker: Bhaskar Puppala is an Information Security Professional, working as a consultant for a fortune 500 company and has 8.5 years of experience. He is more interested in application security area and love to share his knowledge when possible. He also has some experience in bug bounty programs and listed on couple of Security Hall of Fames.

For more details please visit : <nowiki>https://in.linkedin.com/in/bhaskar-puppala-3bb11316</nowiki>

About Speaker: Saikrishna Gobburi has around 8.5 years of work experience on QA automation, performance and security testing .Currently he is working as Principal engineer with Pramati technologies. He is also associated as core member with OWASP-Hyderabad.

For more details please visit: <nowiki>https://www.linkedin.com/in/saikrishna-gobburi-b0088118/</nowiki>
|-
|Refreshments / Tea Break
|-
|Panel Discussion – Corporate attack methodology vs Attacks in the wild (Resource pool: Demand vs Supply)
Panel to be announced
|-
|Closing - Network Business / Announce Next Meeting – By OWASP Team
|-
|''Network Social''
|}
'''Sponsor :'''
{| class="wikitable"
![[File:Session_Photos.jpg|thumb|S and P]]
![[File:Session_Photos1.jpg|thumb|S and P]]
![[File:Session_Photos2.jpg|thumb|S and P]]
|}
[[File:SP.png|thumb|168x168px|Sponsor]]

== July - 2018[edit | edit source] ==
'''Time & Venue:'''
[[File:July 2018 Core Team meet.jpg|thumb|July 2018 Core Team Meet]]
@28/July/2018

CCD, Banjara Hills, Hyderabad, Telangana.

'''Agenda:'''

1. Planning for Sep 2018 OWASP meet - '''Done'''

2. Telegraph Group Mentoring - '''Done'''

3. Speakers Finalizing - '''Done'''

'''Attendees : Hyderabad OWASP Core Team'''

[[File:CoMakeIT - June 2018 Meet Pic 2.jpg|thumb|CoMakeIT - June 2018 Meet]]

== June - 2018 ==
[[File:CoMakeIT - June 2018 Meet.jpg|alt=CoMakeIT - June 2018 Meet|thumb|CoMakeIT - June 2018 Meet]]
'''Venue: coMakeIT Software Pvt Ltd'''

Address: 7th Floor, Block-I, My Home Hub, Hitech City, Madhapur, Hyderabad, INDIA

'''Event Start Time:''' Saturday, 23rd June, 2018 at 10:00 AM (IST)

'''Event Registration URL''': https://tinyurl.com/yc9cb6hg

'''Agenda:'''

'''1) Adapting to DevSecOps in Agile World'''

In this talk, speaker will try talk about basics of DevSecOps and its benefits when we integrate it in Agile SDLC space.

'''2) Understanding the internals of 'Server-Side Request Forgery' (SSRF)'''

Here speaker will try to touch the basics about how application communicates with end devices and using the same he will try to explain SSRF issue and criticality of it, if exploited.

'''About Speakers:'''

'''1) Saikrishna Gobburi''' has around 8.5 years of work experience on QA automation, performance and security testing .Currently he is working as Principle engineer with Pramati technologies. He is also associated as core member with OWASP-Hyderabad. For more details please visit: <nowiki>https://www.linkedin.com/in/saikrishna-gobburi-b0088118/</nowiki>

'''2) Bhaskar Puppala''' is an Information Security Professional, working as a consultant for a fortune 500 company and has 8.5 years of experience. He is more interested in application security area and love to share his knowledge when possible. He also has some experience in bug bounty programs and listed on couple of Security Hall of Fames. For more details please visit : <nowiki>https://in.linkedin.com/in/bhaskar-puppala-3bb11316</nowiki>

'''Our Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Our Twitter URL:''' https://twitter.com/owasphyderabad

'''Our Telegram URL:''' https://goo.gl/EHqdLM

== Mar - 2018 ==
[[File:Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet.jpg|alt=Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet|thumb|Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet]]
'''Venue: Daspalla Hotel'''
[[File:Daspalla_Hotel_-_Meet.jpg|thumb|Daspalla Hotel Meet - Mar 2018]]

Address: Rd Number 37, CBI Colony, Jubilee Hills, Hyderabad, Telangana 500033, Phone: 040 6654 5678

'''Event Start Time:''' Saturday, 10th Mar, 2018 at 10:00 AM (IST)

'''Agenda:'''

'''1) Does your Pentesting cover all the basis of IT Security ?'''

This talk focuses on how to align the security validation of a web application with the three basic elements of security namely,Confidentiality,Integrity, and Availability (CIA). The test effectiveness can be achieved by analyzing the requirements of each element and identifying the potential breaches that can compromise each element. The efficiency should be built by relating these breaches with the known OWASP Top 10 and other vulnerabilities and, leveraging that knowledge to identify the testing approach - static and dynamic throughout the SDLC.

'''About Speakers:'''

'''Bhushan Gupta''' has over 30 years of experience in software engineering, 23 of which have been in the software industry. Although recognized for his contributions in the areas of software engineering such as agile processes and quality methods and metrics, Bhushan has taken a vigorous interest in web application security and is keen on applying pragmatic software development practices that yield a secure product. He is one of the leaders of the OWASP Portland Chapter. Bhushan has been a speaker, a panelist, and a reviewer for software quality and security organizations. As a change agent, Bhushan volunteers his time and energy for organizations that promote software security and quality. He has a MS degree in Computer Science from New Mexico Institute of Mining and Technology, Socorro, New Mexico, 1985.

'''Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Twitter URL:''' https://twitter.com/owasphyderabad

'''Telegram URL:''' https://goo.gl/EHqdLM

'''Registration URL:''' https://goo.gl/tEXnec

== Feb-2018 ==

=== '''Venue: coMakeIT''' ===
7th Floor, Block-I, My Home Hub, Hitech City, Madhapur, Hyderabad, INDIA

'''Time:''' Saturday, 03rd Feb, 2018 at 10:30 AM (IST)

'''Agenda:'''

1) Mobile Application Pentest & Mobile Application Ransomware

2) Using Static Analyser tools while coding

'''About Speakers:'''

1) '''Spv Reddy''' is an Application Security Analyst at '''IMImobile Pvt Ltd''', member of '''National Technical Committee Member''' at National Cyber Safety and Security Standards

Also a '''Steering Committee Lead''' Member in National Information Security Summit.

2) '''Dathu Rachapudi''' is having 9 years of experience with 6+ years into Application Security only. He is currently working with '''ValueLabs''' as a “Technical Lead-Security”

He likes to teach and a happy a bug hunter during his leisure time.

== Dec-2017 ==
[[File:WhatsApp Image 2017-12-15 at 11.09.39 PM.jpg|thumb]]
'''Time & Venue:'''

@15/Dec/2017

KFC location, Shilparamam, Hi-Tech city, Hyderabad

'''Agenda:'''

1. Planning for Jan 20th 2018 general OWASP meet - '''Done'''

2. Need to clear OWASP mail account - '''Done'''

'''Attendees : Hyderabad OWASP Core Team'''

== Sec-2017 ==
[[File:WhatsApp Image 2017-12-15 at 10.13.27 PM.jpg|thumb]]
'''Time & Venue:'''

@03/Sep/2017

Cafe Coffee day, Road Number 10, Banjara Hills, Hyderabad

'''Below decisions were made after careful discussions'''

1. Uploading of OWASP presentation template, speakers should make use of this template to prepare their presentation

2. Recording the technical demo is mandate for presenters

'''Attendees : Hyderabad OWASP Core Team'''

== July 2017 ==
'''Time & Venue:'''

OpenText Technologies, Building No-14, 3rd Floor, Raheja Mindspace, HITEH City, Hyderabad

Saturday, July 15th, 2017 at 10:30 AM (IST)

'''Agenda:'''

1. Introduction to DevOps and its Tools - Krishna Reddy Pedala

2. API Security Auditing using RESTED Plug-in - Vikas Kumar Pal

'''About the speaker:'''

'''Krishna Reddy Pedala''' is currently working as an Sr.Information Security consultant in financial sector. His previous endeavour was with Microsoft and has 9+ years of experience in Information security domain with expertise in service industry and banking domains.

'''Vikas Kumar Pal''' is an information security professional working with Ceredox Technologies Pvt Ltd, Hyderabad with an interest in research and development in the areas of Application Security, Penetration Testing and Web Application Development.

== Feb 2017 ==

'''Time & Venue:'''

Starbucks, Opp: Cybergateway, HiTech City, Hyderbad

Monday, February 20th, 2017 at 7.30 PM (IST)

'''Agenda:'''

Topic: New Core Team Meeting

Road map for year 2017

Changes in core team members responsibilities

Getting OWASP accounts for core members

Administration of all social accounts of OWASP Hyderabad Chapter

== April 2016 ==
'''Time & Venue:'''

OpenText Technologies, Building No-14, 3rd Floor, Raheja Mindspace, HITEH City, Hyderabad

Saturday, April 2nd, 2016 at 10:30 AM (IST)

'''Agenda:'''

Topic: Mobile application security and testing by Satish Kumar Patnaik

About the speaker - Satish Kumar Patnayak : he is currently working as an Senior Information Security Consultant financial sector and has 5+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. His areas of interest are android security, ios security.

==February 2016==

'''Time & Venue:'''

Saturday, February 27th, 2016 at 10:30 AM (IST)

Location: Pramati Technologies Private Limited, Mid Town 6-3-348 Road No. 1, Banjara Hills, Hyderabad, Telangana, India

'''Agenda:'''

Microsoft Threat Modeling Tool 2016 by Krishna Reddy Padala

Creating DFD STRIDE Model Identifying STRIDE Threats by DFD, Mitigation Techniques and Technologies

'''About the speaker:''' Krishna Reddy Padala, he is currently working as an Senior Information Security Consultant financial sectore and worked with Microsoft and has 8+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. QUALYS GUARD Certified Vulnerability Management Specialist.Certified Ethical Hacker from EC Council.Worked extensively on Web Application Security, Secure Code Reviews in Banking & Financial, Healthcare, Retail, Logistics domains.

== '''Previous Meets:''' ==

==May 11, 2013==

'''Venue:'''

CA Technologies, 115, IT Park Area, Nanakramguda, Gachibowli - (Phone - 040 6687 8000), Hyderabad

'''Agenda:''' Exploiting Java 0-day by Ravindra and Raghuveer, CA Technologies Compliance and Governance by Shalem Raj, Cognizant.

==February 9, 2013==

'''Date & Time: Saturday, February 9, 2013 from 10:00 AM to 1:00 PM '''

'''Venue:'''
CA Technologies 
115, IT Park Area 
Nanakramguda, Gachibowli - (Phone - 040 6687 8000) 
Hyderabad

'''Agenda:'''
IBM Appscan - An automated approach to web app security by Rohit Tamma 
Insecure Storage in iPhone applications by Satish Bommisetty

''' Speakers: '''

'''Rohit Tamma'''
Rohit Tamma has been working in the field of Application Security since 3.5 years. He has experience in Vulnerability Assessments and Penetration Testing of web applications. He is passionate about Mobile security with special interest in Android security. He is currently working with ADP.

'''Satish Bommisetty'''
Satish is an Information Security Professional with 6.5 years of experience in penetration testing of web applications and mobile applications. He is currently working with ADP as a security analyst. He is a Facebook whitehat. He also reported vulnerabilities in Bing, Linkedin and Paypal.

== October 27, 2012 ==

'''Date & Time: Saturday, October 27, 2012 at 11:00 AM (IST) '''.

'''Venue:'''

Invesco private Limited 
15th Floor , North Block, Beside Raidurg Police Station 
DivyaSree Orion SEZ 
Hyderabad, Andhra Pradesh 500032 

'''Agenda:'''

A bird'd eye view of securing Web Applications by Imran Mohammed

SSDLC BSIMM by M S Sripathi

''' Speakers '''

'''Imran Mohammed'''

Mohammed Imran works as Researcher at TCS, Innovation Labs. He also leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Imran is a CEH and his interests include application security assessment, penetration testing and secure code review. When not at work he practices horse riding and marksmanship.

'''Sreepati M S '''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him .

'''Sponsor'''

Invesco Pvt Ltd

== August 11, 2012 ==

'''Date & Time: Saturday, Aug 11, 2012 at 10:30 AM '''.

'''Venue:'''

ADP pvt ltd 
Kothaguda 
Ground floor, Block C Laxmi cyber city Opposite TCS e-park 
Hyderabad, Andhra Pradesh 500081 

'''Agenda:'''

HTML5 Security Part II by Krishna Chaitanya

''' Speakers '''

'''Krishna Chaitanya T'''

Krishna Chaitanya T is a web geek working at Security & Privacy Research Lab, Infosys Labs. He is very much passionate about the web with special interest on Web security and areas such as HTML5, JavaScript, Web browsers, social networking platforms etc. He is a regular blogger and speaker at technical events. For his contributions to technical communities, he has been awarded Microsoft MVP award for 3 consecutive years-ASP.NET MVP(2010) and Internet Explorer MVP (2011, 2012). He is also pursuing M.S by Research at IIIT-Hyd with focus on security aspects of the modern web. When not at work he practices Yoga and plays Chess.

'''Sponsor'''

https://www.owasp.org/images/9/91/Adp.jpg

== May 19, 2012 ==

'''Date & Time: Saturday, May 19, 2012 at 10:30 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

HTML5 Security by Krishna Chaitanya

''' Speakers '''

'''Krishna Chaitanya T'''

Krishna Chaitanya T is a web geek working at Security & Privacy Research Lab, Infosys Labs. He is very much passionate about the web with special interest on Web security and areas such as HTML5, JavaScript, Web browsers, social networking platforms etc. He is a regular blogger and speaker at technical events. For his contributions to technical communities, he has been awarded Microsoft MVP award for 3 consecutive years-ASP.NET MVP(2010) and Internet Explorer MVP (2011, 2012). He is also pursuing M.S by Research at IIIT-Hyd with focus on security aspects of the modern web. When not at work he practices Yoga and plays Chess.

== February 25, 2012 ==

'''Date & Time: Saturday, February 25, 2012 at 11:00 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

How to find zero days in web applications by Imran & Raghunath

''' Speakers '''

'''Mohammed Imran'''

Imran works as Application Security Researcher at Tata consultancy services,leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Apart from his day job he contributes to matriux and Fedora open source projects. Imran is a CEH and his interests include application security assessment, penetration testing and code review.

'''Raghunath'''

Raghunath works as a senior security engineer at entersoft information systems private limited. His interests include web application penetration testing.

== December 17, 2011 ==

'''Date & Time: Saturday, at 10:30 AM '''.

'''Venue: '''

Hotel Sitara Grand 
Road No.12, Road No.12, Banjara Hills 
Hyderabad, Andhra Pradesh 500034, India 

'''Agenda:'''

Cloud Security by Arshad Noor

''' Speakers '''

'''Arshad Noor'''
Chief Technology Officer
StrongAuth, Inc., Sunnyvale, California

Started his great profession as a senior systems designer way back in 1986 at Port Authority of Newyork and New Jersey,- Newyork and worked in Citibank - newyork as Vice President apart from Newyork Life Insurance, BASF Corporation, Sun IT ,Sun Microsystems, INC to name.
Architected and built several Public Key Infrastructure (PKI) assignments for several defense, communication, medical, Banking, e-commerce, life sciences and other industries.

== November 12, 2011==

'''Date & Time: Saturday, at 10:30 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

HP WebInspect by Rohit Tamma

Pentesting Iphone Applications By B Satish

''' Speakers '''

'''Rohit Tamma'''

Rohit Tamma (CEH) has been working as a Application security Analyst in TCS from past 2 years. His job responsibilities include Vulnerability Assessment and Penetration Testing which enabled him to acquire extensive knowledge on HP WebInspect,IBM Rational Appscan Source Edition and HP Assessment Management Platform. Recently he also gave a presentation in Null Hyderabad meet on HP WebInspect.

'''Satish B'''

Satish has been working as a web application penetration tester since 5 years. Pentested over 200 web applications during this period. Recently he got involved in reverse engineering of binaries, WLAN security and mobile application hacking. He also Performed a couple of network assessments and source code reviews. Developed a compiler in the early stage of the career. He has a Bachelor’s Degree in Computer Science from JNTU, Hyderabad.Passionate about hacking and sharing knowledge.

== 20th August 2011 ==

'''Date & Time: Saturady, at 11 AM '''

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

Oracle Padding Attack by B. Satish

Open SAM part II by Sripati MS

''' Speakers '''

'''B Satish'''

I have been working as a web application penetration tester since 5 years. Pentested over 200 web applications during this period. Recently got involved in reverse engineering of binaries, WLAN security and mobile application hacking. Performed a couple of network assessments and source code reviews. Developed a compiler in the early stage of the career. I have a Bachelor’s Degree in Computer Science from JNTU, Hyderabad. Passionate about hacking and sharing knowledge

'''Sreepati M S'''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him

== July 2011 ==

'''Date: 23/07/2011 saturady of at 12:00 Noon '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

Presentation on Burp Suite by Omair Seminar on Open SAM by Sreepati

''' Speakers '''

'''Sreepati M S '''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him

 

'''Omair '''

Omair works as penetration tester in NII consulting, has over 5 years of experience in Penetration testing. His interests include Network Penetration testing, Exploit generation and Reverse engineering

 ''' Facility Sponsor & Refreshment sponsor'''

3i Infotech

[[Image:3i Infotech.png]]

 

== june 2011 ==

'''Meet on:''' 11/06/2011 saturday

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Facility Sponsor & Refreshment sponsor''' 

Cognizant Technology Solutions

 

[[Image:Cognizant.png|273x86px|Cognizant.png]]

 

== May 2011 ==

'''Meet on:''' 07/05/2011 saturday

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

XSS Autopsy and w3af by Imran

''' Speakers '''

'''Mohammed Imran'''

Imran works as Application Security Researcher at Tata consultancy services,leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Apart from his day job he contributes to matriux and Fedora open source projects. Imran is a CEH and his interests include application security assessment, penetration testing and code review.

'''Sponsor''' 

Cognizant Technology Solutions

 

==== Audio/Video/Slides Archive ====

<paypal>Hyderabad</paypal>

__NOTOC__ <headertabs></headertabs>

[[Category:OWASP_Chapter]]
[[Category:Asia/Pacific/Middle East]]
[[Category:India]]
[[Category:Hyderabad]]

Hyderabad

2019-03-06T07:35:24Z

Raj Shalem: /* Mar - 2019 - One-Day Conference */

Welcome to the OWASP Hyderabad chapter homepage.

== OWASP - Hyderabad Chapter Board Members ==
Scope of the board is to discuss and approve local activities, meetings and plans.The board meetings will be announced at a later date. 

'''The board currently includes the following members :'''

''Core Team Members - Since 2017'' [mailto:gshalemraj@gmail.com Shalem Raj - Cognizant Technology Solutions] : Chapter Leader [mailto:rajesh.gopal@owasp.org Rajesh Gopal - Fortune 500 Organisation] [mailto:bhaskar.puppala@owasp.org Bhaskar Puppala - Fortune 500 Organisation] [mailto:sathya.achanta@owasp.org Achanta Sathya Phani Bapi Raju - CSC] [mailto:saikrishna.gobburi@owasp.org Saikrishna Gobburi - Pramati Technologies Pvt Ltd] 

Information about future meets can be seen in the '''''Upcoming Meetings''''' section below.

== '''Location Details''' ==

Hyderabad is the capital of southern India's Telangana state. A major center for the technology industry, it's home to many upscale restaurants and shops. Its historic sites include Golconda Fort, a former diamond-trading center that was once the Qutb Shahi dynastic capital. The Charminar, a 16th-century mosque whose 4 arches support towering minarets, is an old city landmark near the long-standing Laad Bazaar.

[[File:Hydskyline.jpg|Panorama of Hyderabad, as seen from the Hussain Sagar lake. Source: https://en.wikipedia.org/wiki/Hyderabad#/media/File:Hydskyline.jpg|center|1150x1150px]]

More details about Hyderabad location available @https://en.wikipedia.org/wiki/Hyderabad<nowiki/>{{Chapter Template|chaptername=Hyderabad|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-hyderabad|emailarchives=http://lists.owasp.org/pipermail/owasp-hyderabad}}
== Participants ==

OWASP Local Chapter meetings are free and open. Our chapter's meetings are informal and encourage open discussion of all aspects of application security. Anyone in our area interested in web application security is welcome to attend. We encourage attendees to give short presentations about specific topics.

 Stay Updated

'''[https://lists.owasp.org/mailman/listinfo/owasp-hyderabad Click here to join the local chapter mailing list]'''

'''Follow''' OWASP Hyderabad on your favorite social media sites:

[[Image:Twitter mini.png|link=http://twitter.com/OWASPHyderabad]] [[Image:Facebook mini.png|link=https://www.facebook.com/pages/Owasp-Hyderabad/181569591897591]]

'''Share''' OWASP Hyderabad on your favorite social media sites:

Presentations are invited from speakers, Please contacts us at our Telegram Group @https://goo.gl/EHqdLM

(Don't share personal details like contact numbers here, because its an open group, your privacy is our concern)

Presenters are encouraged to use OWASP presentation template for slides preparation.

Follow us at our Telegram, Twitter and Facebook handles to get latest information !

== Presentations and Training[edit | edit source] ==
OWASP Track

[https://www.owasp.org/index.php/Speaker_Agreement Speaker Agreement]

[https://www.owasp.org/images/b/b3/OWASP_Presentation_Template_v2.zip Presentation Template]

[https://www.owasp.org/index.php/Image:CFP_template.doc Call For Papers Template]

[https://www.owasp.org/images/8/85/OWASP_CFT_Template-1-.doc Call For Training proposal template].

[http://www.owasp.org/images/4/4b/SAMPLE_Training_Instructor_Agreement.doc Training Instructor Agreement]

== '''Upcoming Meetings & Events''' ==
''Stay tuned for 2019 updates - Exciting activities are under plan !''

== [[Meeting]] Details: ==

== Mar - 2019 - One-Day Conference ==
'''Organized''' '''by''' : S&P Global

'''Date :''' '''09/Mar/2019'''

'''Timings :''' 9.00 AM Registration starts

'''Event :''' 10.00 AM to 06.00 PM IST

'''Venue :''' @Ness Software Engineering Services India ,LLP, '''4th Floor, Block 5, East Tower,''' '''North wing Divyasree NSL Infrastructure Pvt''', ,Sy No.66/1, Raidurgam Village, Serlingampally Mandal, RR Dist, Hyderabad-500032, Telangana, India

'''Registration Link:''' https://www.meraevents.com/event/owasp-hyderabad-chapter-march-2019-oneday-meet-by-sandp-global
{| class="wikitable"
|'''Registration & Networking'''
|-
|Welcome and Overview by OWASP Core Team:

''Felicitation to Guest of Honor: '''G Janaki Sharmila''' - Dy. Commissioner of Police - Crime''

http://www.cyberabadpolice.gov.in/crime-wing/dcp-crimes.html

''Welcome note by S&P Global Team''
|-
|'''Authentication in API, Microservices Architecture''' '''and Cloud Security''' – By ''Varun Kumar Srivastava'':

Varun is principal Engineer with 9 + years of experience in developing and securing web applications and expertise in Application Security, Identity and Access management, He is a computer science graduate from IIT
|-
|Refreshments / Tea Break
|-
|'''''Panel Discussion''''' ''(Cybersecurity Readiness – Maturity and Capability)''

Dr. Bheemarjuna Reddy Tamma - Associate Professor, IIT Hyderabad - https://www.iith.ac.in/~tbr/

Dr. V. Radha, Associate Professor, Institute for Development and Research in Banking Technology (IDRBT) - http://idrbt.ac.in/vradha.html

Mr. Veeraindhra Dinker, Director Information Security at GSS Infotech Hyderabad - https://www.linkedin.com/in/vdinker

Mr. Venu Rao , Founder and CEO - We Secure App - https://www.linkedin.com/in/venu-rao-wsa
|-
|'''Networking Lunch -'''

'''Registrations for Onsite Hackathon by Secure Code Warrior'''
|-
|'''Executive Briefing: Secure Software Development''' – By Satish Kumar Vadlakonda: Satish is Associate Director with 12 + years of broad industry experience in to software design, architecture and development. Specialized in Web and Windows applications development with a strong acquaintance to the best practices of Agile, UX, UI and Information security
|-
|'''An Introduction to IOT firmware analysis and Security''' – By ''Vivek Rengarajan:''

Vivek is a cybersecurity team leader in a multinational bank with almost 18 years of experience. He has held varied roles in his career and has been a cyber security enthusiast for a long time. His areas of interest include mobile and ioT security, Malware analysis and reverse engineering and exploit development. He tweets at @vivek_310
|-
|Refreshments / Tea Break
|-
|'''''Onsite Hackathon (CTF) by''''' '''''Secure Code Warrior''': '''(3 Hours)'''''[[File:SCW LOGO.png|thumb]]

''Secure Code Warrior is a global security company that makes software development better and more secure: Gamified competitive Developer Quality Assurance platform''

https://securecodewarrior.com , https://insights.securecodewarrior.com

'''Announcement of the winners and Prize distribution:'''

'''The participants can form a group up to 3 members each or can participate individually'''

Watch as you climb to the top of the leaderboard and be crowned the ‘Secure Code Warrior.’ We are giving away prizes:

The following are prizes :

· 1st - 3x t-shirt, Rs. 3001 Amazon voucher each from '''SCW''' and 9000 Amazon gift card from '''S&P Global'''

· 2nd - 3x t-shirt from '''SCW''' – 5000 Amazon gift card from '''S&P Global'''

· 3rd - 3x t-shirt from '''SCW''' – 3000 Amazon gift card from '''S&P Global'''
|-
|'''Vote of Thanks'''

Closing: Network Business / Announce Next Meeting – By OWASP Team
|-
|Meeting Concludes: ''Network Social''
|}

== Dec - 2018 ==
[[File:Session Photo.jpg|thumb]]
[[File:Group Photo.jpg|thumb]]
'''Organized''' '''by''' : ThoughtWorks Technologies Private Limited

'''Date :''' 15/Dec/2018

'''Timings :''' 10.00 AM to 1.00 PM IST

'''Venue :''' ThoughtWorks Technologies Private Limited, Hyderabad, Telangana, India

'''Registration Link:''' https://www.eventbrite.com/e/owasp-hyderabad-december-2018-chapter-meet-tickets-53371662078#

'''Agenda:'''

'''1) All about Java Deserialization Vulnerability'''

Java Deserialization of untrusted data has been a security buzzword for the past couple of years with almost every application using native Java serialization framework being vulnerable to Java deserialization attacks. Since it's inception, there have been many scattered attempts to come up with a solution to best address this flaw. In this talk we will focus on Java deserialization vulnerability and mitigation framework provided by Oracle in its latest JDK.

'''About Speakers:''' Venkata Suresh Sanga is a Principle Security Engineer in Oracle having more than 13+ years of experience in Application Development and Security. Currently working on SAST Tools to remediate or mitigate the Application Vulnerabilities. He has Masters in Computer Science (M.Tech) from Andhra University. Linkedin : <nowiki>https://in.linkedin.com/in/svsuresh-appse</nowiki>

'''Our Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Our Twitter URL:''' https://twitter.com/owasphyderabad

'''Our Telegram URL:''' https://goo.gl/EHqdLM

== Sept-2018 - One-Day Conference ==
'''Organized''' '''by''' : S&P Global and Ness

'''Date :''' 01/Sept/2018

'''Timings :''' 10.00 AM to 05.30 PM IST

'''Venue :''' @Ness Software Engineering Services India ,LLP, 4th Floor, Block 5, East Tower, '''North wing Divyasree NSL Infrastructure Pvt''', ,Sy No.66/1, Raidurgam Village, Serlingampally Mandal, RR Dist, Hyderabad-500032, Telangana, India

'''Registration Link:'''

https://www.meraevents.com/event/owasp-hyderabad-september-2018-chapter-meet?ucode=organizer

'''Agenda:'''
{| class="wikitable"
|'''Registration & Networking'''
|-
|Welcome and Overview by OWASP Core Team

Welcome note by S&P Global Team

Welcome & Overview of Meeting by OWASP Network Representative
|-
|'''Running Frida on jailed devices by using Frida and to bypass root/jailbreak detection – By Satish Kumar Patnayak'''

About Speaker : Information Security Consultant with 7+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. His areas of interest are android security, ios security
|-
|Refreshments / Tea Break
|-
|'''SSRF Exploit Development – By Aayush Deo'''

About Speaker : Good industry experience in information security and completed my BE from PUNE University. Have worked with shopclues.com, an eCommerce company in the past and have couple of Hall of Fame’s on ZETA, Paytm etc.
|-
|Networking Lunch
|-
|'''Mobile Vulnerabilities worth Millions - Pentesting and Securing iOS Apps using OWASP iGoat – By Swaroop Deepak Yermalkar'''

About Speaker : works as Sr Security Engineer with a diverse skill set focused on Mobile App Pentest, Web, API and AWS Pentesting. In addition he has authored the popular book “Learning iOS Pentesting” (<nowiki>https://goo.gl/T8jvjJ</nowiki>) and lead an open source project - OWASP iGoat (<nowiki>https://github.com/OWASP/iGoat-Swift</nowiki>) which is developed for mobile security. He is one of the top bug bounty researchers worldwide, working with Cobalt.io (<nowiki>https://app.cobalt.io/swaroopsy</nowiki>), Synack.inc.

He has given talks and workshops at many security conferences including AppSec USA 2017, BruCON, SEC-T, EuropeanSec, Hacks in Taiwan (HITCON), GroundZero, c0c0n, 0x90, GNUnify
|-
|'''OS Command Injection - Observation, Attack & Analysis (A1 - OWASP Top 10 2017) - By Bhaskar Puppala and Saikrishna Gobburi'''

About Speaker: Bhaskar Puppala is an Information Security Professional, working as a consultant for a fortune 500 company and has 8.5 years of experience. He is more interested in application security area and love to share his knowledge when possible. He also has some experience in bug bounty programs and listed on couple of Security Hall of Fames.

For more details please visit : <nowiki>https://in.linkedin.com/in/bhaskar-puppala-3bb11316</nowiki>

About Speaker: Saikrishna Gobburi has around 8.5 years of work experience on QA automation, performance and security testing .Currently he is working as Principal engineer with Pramati technologies. He is also associated as core member with OWASP-Hyderabad.

For more details please visit: <nowiki>https://www.linkedin.com/in/saikrishna-gobburi-b0088118/</nowiki>
|-
|Refreshments / Tea Break
|-
|Panel Discussion – Corporate attack methodology vs Attacks in the wild (Resource pool: Demand vs Supply)
Panel to be announced
|-
|Closing - Network Business / Announce Next Meeting – By OWASP Team
|-
|''Network Social''
|}
'''Sponsor :'''
{| class="wikitable"
![[File:Session_Photos.jpg|thumb|S and P]]
![[File:Session_Photos1.jpg|thumb|S and P]]
![[File:Session_Photos2.jpg|thumb|S and P]]
|}
[[File:SP.png|thumb|168x168px|Sponsor]]

== July - 2018[edit | edit source] ==
'''Time & Venue:'''
[[File:July 2018 Core Team meet.jpg|thumb|July 2018 Core Team Meet]]
@28/July/2018

CCD, Banjara Hills, Hyderabad, Telangana.

'''Agenda:'''

1. Planning for Sep 2018 OWASP meet - '''Done'''

2. Telegraph Group Mentoring - '''Done'''

3. Speakers Finalizing - '''Done'''

'''Attendees : Hyderabad OWASP Core Team'''

[[File:CoMakeIT - June 2018 Meet Pic 2.jpg|thumb|CoMakeIT - June 2018 Meet]]

== June - 2018 ==
[[File:CoMakeIT - June 2018 Meet.jpg|alt=CoMakeIT - June 2018 Meet|thumb|CoMakeIT - June 2018 Meet]]
'''Venue: coMakeIT Software Pvt Ltd'''

Address: 7th Floor, Block-I, My Home Hub, Hitech City, Madhapur, Hyderabad, INDIA

'''Event Start Time:''' Saturday, 23rd June, 2018 at 10:00 AM (IST)

'''Event Registration URL''': https://tinyurl.com/yc9cb6hg

'''Agenda:'''

'''1) Adapting to DevSecOps in Agile World'''

In this talk, speaker will try talk about basics of DevSecOps and its benefits when we integrate it in Agile SDLC space.

'''2) Understanding the internals of 'Server-Side Request Forgery' (SSRF)'''

Here speaker will try to touch the basics about how application communicates with end devices and using the same he will try to explain SSRF issue and criticality of it, if exploited.

'''About Speakers:'''

'''1) Saikrishna Gobburi''' has around 8.5 years of work experience on QA automation, performance and security testing .Currently he is working as Principle engineer with Pramati technologies. He is also associated as core member with OWASP-Hyderabad. For more details please visit: <nowiki>https://www.linkedin.com/in/saikrishna-gobburi-b0088118/</nowiki>

'''2) Bhaskar Puppala''' is an Information Security Professional, working as a consultant for a fortune 500 company and has 8.5 years of experience. He is more interested in application security area and love to share his knowledge when possible. He also has some experience in bug bounty programs and listed on couple of Security Hall of Fames. For more details please visit : <nowiki>https://in.linkedin.com/in/bhaskar-puppala-3bb11316</nowiki>

'''Our Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Our Twitter URL:''' https://twitter.com/owasphyderabad

'''Our Telegram URL:''' https://goo.gl/EHqdLM

== Mar - 2018 ==
[[File:Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet.jpg|alt=Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet|thumb|Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet]]
'''Venue: Daspalla Hotel'''
[[File:Daspalla_Hotel_-_Meet.jpg|thumb|Daspalla Hotel Meet - Mar 2018]]

Address: Rd Number 37, CBI Colony, Jubilee Hills, Hyderabad, Telangana 500033, Phone: 040 6654 5678

'''Event Start Time:''' Saturday, 10th Mar, 2018 at 10:00 AM (IST)

'''Agenda:'''

'''1) Does your Pentesting cover all the basis of IT Security ?'''

This talk focuses on how to align the security validation of a web application with the three basic elements of security namely,Confidentiality,Integrity, and Availability (CIA). The test effectiveness can be achieved by analyzing the requirements of each element and identifying the potential breaches that can compromise each element. The efficiency should be built by relating these breaches with the known OWASP Top 10 and other vulnerabilities and, leveraging that knowledge to identify the testing approach - static and dynamic throughout the SDLC.

'''About Speakers:'''

'''Bhushan Gupta''' has over 30 years of experience in software engineering, 23 of which have been in the software industry. Although recognized for his contributions in the areas of software engineering such as agile processes and quality methods and metrics, Bhushan has taken a vigorous interest in web application security and is keen on applying pragmatic software development practices that yield a secure product. He is one of the leaders of the OWASP Portland Chapter. Bhushan has been a speaker, a panelist, and a reviewer for software quality and security organizations. As a change agent, Bhushan volunteers his time and energy for organizations that promote software security and quality. He has a MS degree in Computer Science from New Mexico Institute of Mining and Technology, Socorro, New Mexico, 1985.

'''Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Twitter URL:''' https://twitter.com/owasphyderabad

'''Telegram URL:''' https://goo.gl/EHqdLM

'''Registration URL:''' https://goo.gl/tEXnec

== Feb-2018 ==

=== '''Venue: coMakeIT''' ===
7th Floor, Block-I, My Home Hub, Hitech City, Madhapur, Hyderabad, INDIA

'''Time:''' Saturday, 03rd Feb, 2018 at 10:30 AM (IST)

'''Agenda:'''

1) Mobile Application Pentest & Mobile Application Ransomware

2) Using Static Analyser tools while coding

'''About Speakers:'''

1) '''Spv Reddy''' is an Application Security Analyst at '''IMImobile Pvt Ltd''', member of '''National Technical Committee Member''' at National Cyber Safety and Security Standards

Also a '''Steering Committee Lead''' Member in National Information Security Summit.

2) '''Dathu Rachapudi''' is having 9 years of experience with 6+ years into Application Security only. He is currently working with '''ValueLabs''' as a “Technical Lead-Security”

He likes to teach and a happy a bug hunter during his leisure time.

== Dec-2017 ==
[[File:WhatsApp Image 2017-12-15 at 11.09.39 PM.jpg|thumb]]
'''Time & Venue:'''

@15/Dec/2017

KFC location, Shilparamam, Hi-Tech city, Hyderabad

'''Agenda:'''

1. Planning for Jan 20th 2018 general OWASP meet - '''Done'''

2. Need to clear OWASP mail account - '''Done'''

'''Attendees : Hyderabad OWASP Core Team'''

== Sec-2017 ==
[[File:WhatsApp Image 2017-12-15 at 10.13.27 PM.jpg|thumb]]
'''Time & Venue:'''

@03/Sep/2017

Cafe Coffee day, Road Number 10, Banjara Hills, Hyderabad

'''Below decisions were made after careful discussions'''

1. Uploading of OWASP presentation template, speakers should make use of this template to prepare their presentation

2. Recording the technical demo is mandate for presenters

'''Attendees : Hyderabad OWASP Core Team'''

== July 2017 ==
'''Time & Venue:'''

OpenText Technologies, Building No-14, 3rd Floor, Raheja Mindspace, HITEH City, Hyderabad

Saturday, July 15th, 2017 at 10:30 AM (IST)

'''Agenda:'''

1. Introduction to DevOps and its Tools - Krishna Reddy Pedala

2. API Security Auditing using RESTED Plug-in - Vikas Kumar Pal

'''About the speaker:'''

'''Krishna Reddy Pedala''' is currently working as an Sr.Information Security consultant in financial sector. His previous endeavour was with Microsoft and has 9+ years of experience in Information security domain with expertise in service industry and banking domains.

'''Vikas Kumar Pal''' is an information security professional working with Ceredox Technologies Pvt Ltd, Hyderabad with an interest in research and development in the areas of Application Security, Penetration Testing and Web Application Development.

== Feb 2017 ==

'''Time & Venue:'''

Starbucks, Opp: Cybergateway, HiTech City, Hyderbad

Monday, February 20th, 2017 at 7.30 PM (IST)

'''Agenda:'''

Topic: New Core Team Meeting

Road map for year 2017

Changes in core team members responsibilities

Getting OWASP accounts for core members

Administration of all social accounts of OWASP Hyderabad Chapter

== April 2016 ==
'''Time & Venue:'''

OpenText Technologies, Building No-14, 3rd Floor, Raheja Mindspace, HITEH City, Hyderabad

Saturday, April 2nd, 2016 at 10:30 AM (IST)

'''Agenda:'''

Topic: Mobile application security and testing by Satish Kumar Patnaik

About the speaker - Satish Kumar Patnayak : he is currently working as an Senior Information Security Consultant financial sector and has 5+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. His areas of interest are android security, ios security.

==February 2016==

'''Time & Venue:'''

Saturday, February 27th, 2016 at 10:30 AM (IST)

Location: Pramati Technologies Private Limited, Mid Town 6-3-348 Road No. 1, Banjara Hills, Hyderabad, Telangana, India

'''Agenda:'''

Microsoft Threat Modeling Tool 2016 by Krishna Reddy Padala

Creating DFD STRIDE Model Identifying STRIDE Threats by DFD, Mitigation Techniques and Technologies

'''About the speaker:''' Krishna Reddy Padala, he is currently working as an Senior Information Security Consultant financial sectore and worked with Microsoft and has 8+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. QUALYS GUARD Certified Vulnerability Management Specialist.Certified Ethical Hacker from EC Council.Worked extensively on Web Application Security, Secure Code Reviews in Banking & Financial, Healthcare, Retail, Logistics domains.

== '''Previous Meets:''' ==

==May 11, 2013==

'''Venue:'''

CA Technologies, 115, IT Park Area, Nanakramguda, Gachibowli - (Phone - 040 6687 8000), Hyderabad

'''Agenda:''' Exploiting Java 0-day by Ravindra and Raghuveer, CA Technologies Compliance and Governance by Shalem Raj, Cognizant.

==February 9, 2013==

'''Date & Time: Saturday, February 9, 2013 from 10:00 AM to 1:00 PM '''

'''Venue:'''
CA Technologies 
115, IT Park Area 
Nanakramguda, Gachibowli - (Phone - 040 6687 8000) 
Hyderabad

'''Agenda:'''
IBM Appscan - An automated approach to web app security by Rohit Tamma 
Insecure Storage in iPhone applications by Satish Bommisetty

''' Speakers: '''

'''Rohit Tamma'''
Rohit Tamma has been working in the field of Application Security since 3.5 years. He has experience in Vulnerability Assessments and Penetration Testing of web applications. He is passionate about Mobile security with special interest in Android security. He is currently working with ADP.

'''Satish Bommisetty'''
Satish is an Information Security Professional with 6.5 years of experience in penetration testing of web applications and mobile applications. He is currently working with ADP as a security analyst. He is a Facebook whitehat. He also reported vulnerabilities in Bing, Linkedin and Paypal.

== October 27, 2012 ==

'''Date & Time: Saturday, October 27, 2012 at 11:00 AM (IST) '''.

'''Venue:'''

Invesco private Limited 
15th Floor , North Block, Beside Raidurg Police Station 
DivyaSree Orion SEZ 
Hyderabad, Andhra Pradesh 500032 

'''Agenda:'''

A bird'd eye view of securing Web Applications by Imran Mohammed

SSDLC BSIMM by M S Sripathi

''' Speakers '''

'''Imran Mohammed'''

Mohammed Imran works as Researcher at TCS, Innovation Labs. He also leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Imran is a CEH and his interests include application security assessment, penetration testing and secure code review. When not at work he practices horse riding and marksmanship.

'''Sreepati M S '''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him .

'''Sponsor'''

Invesco Pvt Ltd

== August 11, 2012 ==

'''Date & Time: Saturday, Aug 11, 2012 at 10:30 AM '''.

'''Venue:'''

ADP pvt ltd 
Kothaguda 
Ground floor, Block C Laxmi cyber city Opposite TCS e-park 
Hyderabad, Andhra Pradesh 500081 

'''Agenda:'''

HTML5 Security Part II by Krishna Chaitanya

''' Speakers '''

'''Krishna Chaitanya T'''

Krishna Chaitanya T is a web geek working at Security & Privacy Research Lab, Infosys Labs. He is very much passionate about the web with special interest on Web security and areas such as HTML5, JavaScript, Web browsers, social networking platforms etc. He is a regular blogger and speaker at technical events. For his contributions to technical communities, he has been awarded Microsoft MVP award for 3 consecutive years-ASP.NET MVP(2010) and Internet Explorer MVP (2011, 2012). He is also pursuing M.S by Research at IIIT-Hyd with focus on security aspects of the modern web. When not at work he practices Yoga and plays Chess.

'''Sponsor'''

https://www.owasp.org/images/9/91/Adp.jpg

== May 19, 2012 ==

'''Date & Time: Saturday, May 19, 2012 at 10:30 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

HTML5 Security by Krishna Chaitanya

''' Speakers '''

'''Krishna Chaitanya T'''

Krishna Chaitanya T is a web geek working at Security & Privacy Research Lab, Infosys Labs. He is very much passionate about the web with special interest on Web security and areas such as HTML5, JavaScript, Web browsers, social networking platforms etc. He is a regular blogger and speaker at technical events. For his contributions to technical communities, he has been awarded Microsoft MVP award for 3 consecutive years-ASP.NET MVP(2010) and Internet Explorer MVP (2011, 2012). He is also pursuing M.S by Research at IIIT-Hyd with focus on security aspects of the modern web. When not at work he practices Yoga and plays Chess.

== February 25, 2012 ==

'''Date & Time: Saturday, February 25, 2012 at 11:00 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

How to find zero days in web applications by Imran & Raghunath

''' Speakers '''

'''Mohammed Imran'''

Imran works as Application Security Researcher at Tata consultancy services,leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Apart from his day job he contributes to matriux and Fedora open source projects. Imran is a CEH and his interests include application security assessment, penetration testing and code review.

'''Raghunath'''

Raghunath works as a senior security engineer at entersoft information systems private limited. His interests include web application penetration testing.

== December 17, 2011 ==

'''Date & Time: Saturday, at 10:30 AM '''.

'''Venue: '''

Hotel Sitara Grand 
Road No.12, Road No.12, Banjara Hills 
Hyderabad, Andhra Pradesh 500034, India 

'''Agenda:'''

Cloud Security by Arshad Noor

''' Speakers '''

'''Arshad Noor'''
Chief Technology Officer
StrongAuth, Inc., Sunnyvale, California

Started his great profession as a senior systems designer way back in 1986 at Port Authority of Newyork and New Jersey,- Newyork and worked in Citibank - newyork as Vice President apart from Newyork Life Insurance, BASF Corporation, Sun IT ,Sun Microsystems, INC to name.
Architected and built several Public Key Infrastructure (PKI) assignments for several defense, communication, medical, Banking, e-commerce, life sciences and other industries.

== November 12, 2011==

'''Date & Time: Saturday, at 10:30 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

HP WebInspect by Rohit Tamma

Pentesting Iphone Applications By B Satish

''' Speakers '''

'''Rohit Tamma'''

Rohit Tamma (CEH) has been working as a Application security Analyst in TCS from past 2 years. His job responsibilities include Vulnerability Assessment and Penetration Testing which enabled him to acquire extensive knowledge on HP WebInspect,IBM Rational Appscan Source Edition and HP Assessment Management Platform. Recently he also gave a presentation in Null Hyderabad meet on HP WebInspect.

'''Satish B'''

Satish has been working as a web application penetration tester since 5 years. Pentested over 200 web applications during this period. Recently he got involved in reverse engineering of binaries, WLAN security and mobile application hacking. He also Performed a couple of network assessments and source code reviews. Developed a compiler in the early stage of the career. He has a Bachelor’s Degree in Computer Science from JNTU, Hyderabad.Passionate about hacking and sharing knowledge.

== 20th August 2011 ==

'''Date & Time: Saturady, at 11 AM '''

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

Oracle Padding Attack by B. Satish

Open SAM part II by Sripati MS

''' Speakers '''

'''B Satish'''

I have been working as a web application penetration tester since 5 years. Pentested over 200 web applications during this period. Recently got involved in reverse engineering of binaries, WLAN security and mobile application hacking. Performed a couple of network assessments and source code reviews. Developed a compiler in the early stage of the career. I have a Bachelor’s Degree in Computer Science from JNTU, Hyderabad. Passionate about hacking and sharing knowledge

'''Sreepati M S'''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him

== July 2011 ==

'''Date: 23/07/2011 saturady of at 12:00 Noon '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

Presentation on Burp Suite by Omair Seminar on Open SAM by Sreepati

''' Speakers '''

'''Sreepati M S '''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him

 

'''Omair '''

Omair works as penetration tester in NII consulting, has over 5 years of experience in Penetration testing. His interests include Network Penetration testing, Exploit generation and Reverse engineering

 ''' Facility Sponsor & Refreshment sponsor'''

3i Infotech

[[Image:3i Infotech.png]]

 

== june 2011 ==

'''Meet on:''' 11/06/2011 saturday

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Facility Sponsor & Refreshment sponsor''' 

Cognizant Technology Solutions

 

[[Image:Cognizant.png|273x86px|Cognizant.png]]

 

== May 2011 ==

'''Meet on:''' 07/05/2011 saturday

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

XSS Autopsy and w3af by Imran

''' Speakers '''

'''Mohammed Imran'''

Imran works as Application Security Researcher at Tata consultancy services,leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Apart from his day job he contributes to matriux and Fedora open source projects. Imran is a CEH and his interests include application security assessment, penetration testing and code review.

'''Sponsor''' 

Cognizant Technology Solutions

 

==== Audio/Video/Slides Archive ====

<paypal>Hyderabad</paypal>

__NOTOC__ <headertabs></headertabs>

[[Category:OWASP_Chapter]]
[[Category:Asia/Pacific/Middle East]]
[[Category:India]]
[[Category:Hyderabad]]

Hyderabad

2019-03-06T07:31:12Z

Raj Shalem:

Welcome to the OWASP Hyderabad chapter homepage.

== OWASP - Hyderabad Chapter Board Members ==
Scope of the board is to discuss and approve local activities, meetings and plans.The board meetings will be announced at a later date. 

'''The board currently includes the following members :'''

''Core Team Members - Since 2017'' [mailto:gshalemraj@gmail.com Shalem Raj - Cognizant Technology Solutions] : Chapter Leader [mailto:rajesh.gopal@owasp.org Rajesh Gopal - Fortune 500 Organisation] [mailto:bhaskar.puppala@owasp.org Bhaskar Puppala - Fortune 500 Organisation] [mailto:sathya.achanta@owasp.org Achanta Sathya Phani Bapi Raju - CSC] [mailto:saikrishna.gobburi@owasp.org Saikrishna Gobburi - Pramati Technologies Pvt Ltd] 

Information about future meets can be seen in the '''''Upcoming Meetings''''' section below.

== '''Location Details''' ==

Hyderabad is the capital of southern India's Telangana state. A major center for the technology industry, it's home to many upscale restaurants and shops. Its historic sites include Golconda Fort, a former diamond-trading center that was once the Qutb Shahi dynastic capital. The Charminar, a 16th-century mosque whose 4 arches support towering minarets, is an old city landmark near the long-standing Laad Bazaar.

[[File:Hydskyline.jpg|Panorama of Hyderabad, as seen from the Hussain Sagar lake. Source: https://en.wikipedia.org/wiki/Hyderabad#/media/File:Hydskyline.jpg|center|1150x1150px]]

More details about Hyderabad location available @https://en.wikipedia.org/wiki/Hyderabad<nowiki/>{{Chapter Template|chaptername=Hyderabad|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-hyderabad|emailarchives=http://lists.owasp.org/pipermail/owasp-hyderabad}}
== Participants ==

OWASP Local Chapter meetings are free and open. Our chapter's meetings are informal and encourage open discussion of all aspects of application security. Anyone in our area interested in web application security is welcome to attend. We encourage attendees to give short presentations about specific topics.

 Stay Updated

'''[https://lists.owasp.org/mailman/listinfo/owasp-hyderabad Click here to join the local chapter mailing list]'''

'''Follow''' OWASP Hyderabad on your favorite social media sites:

[[Image:Twitter mini.png|link=http://twitter.com/OWASPHyderabad]] [[Image:Facebook mini.png|link=https://www.facebook.com/pages/Owasp-Hyderabad/181569591897591]]

'''Share''' OWASP Hyderabad on your favorite social media sites:

Presentations are invited from speakers, Please contacts us at our Telegram Group @https://goo.gl/EHqdLM

(Don't share personal details like contact numbers here, because its an open group, your privacy is our concern)

Presenters are encouraged to use OWASP presentation template for slides preparation.

Follow us at our Telegram, Twitter and Facebook handles to get latest information !

== Presentations and Training[edit | edit source] ==
OWASP Track

[https://www.owasp.org/index.php/Speaker_Agreement Speaker Agreement]

[https://www.owasp.org/images/b/b3/OWASP_Presentation_Template_v2.zip Presentation Template]

[https://www.owasp.org/index.php/Image:CFP_template.doc Call For Papers Template]

[https://www.owasp.org/images/8/85/OWASP_CFT_Template-1-.doc Call For Training proposal template].

[http://www.owasp.org/images/4/4b/SAMPLE_Training_Instructor_Agreement.doc Training Instructor Agreement]

== '''Upcoming Meetings & Events''' ==
''Stay tuned for 2019 updates - Exciting activities are under plan !''

== [[Meeting]] Details: ==

== Mar - 2019 - One-Day Conference ==
'''Organized''' '''by''' : S&P Global

'''Date :''' '''09/Mar/2019'''

'''Timings :''' 9.00 AM Registration starts

'''Event :''' 10.00 AM to 06.00 PM IST

'''Venue :''' @Ness Software Engineering Services India ,LLP, '''4th Floor, Block 5, East Tower,''' '''North wing Divyasree NSL Infrastructure Pvt''', ,Sy No.66/1, Raidurgam Village, Serlingampally Mandal, RR Dist, Hyderabad-500032, Telangana, India

'''Registration Link:''' https://www.meraevents.com/event/owasp-hyderabad-chapter-march-2019-oneday-meet-by-sandp-global
{| class="wikitable"
|'''Registration & Networking'''
|-
|Welcome and Overview by OWASP Core Team:

''Felicitation to Guest of Honor: '''G Janaki Sharmila''' - Dy. Commissioner of Police - Crime''

http://www.cyberabadpolice.gov.in/crime-wing/dcp-crimes.html

''Welcome note by S&P Global Team''
|-
|'''Authentication in API, Microservices Architecture''' '''and Cloud Security''' – By ''Varun Kumar Srivastava'':

Varun is principal Engineer with 9 + years of experience in developing and securing web applications and expertise in Application Security, Identity and Access management, He is a computer science graduate from IIT
|-
|Refreshments / Tea Break
|-
|'''''Panel Discussion''''' ''(Cybersecurity Readiness – Maturity and Capability)''

Dr. Bheemarjuna Reddy Tamma - Associate Professor, IIT Hyderabad - https://www.iith.ac.in/~tbr/

Dr. V. Radha, Associate Professor, Institute for Development and Research in Banking Technology (IDRBT) - http://idrbt.ac.in/vradha.html

Mr. Veeraindhra Dinker, Director Information Security at GSS Infotech Hyderabad - https://www.linkedin.com/in/vdinker

Mr. Venu Rao , Founder and CEO - We Secure App - https://www.linkedin.com/in/venu-rao-wsa
|-
|'''Networking Lunch -'''

'''Registrations for Onsite Hackathon by Secure Code Warrior'''
|-
|'''Executive Briefing: Secure Software Development''' – By Satish Kumar Vadlakonda: Satish is Associate Director with 12 + years of broad industry experience in to software design, architecture and development. Specialized in Web and Windows applications development with a strong acquaintance to the best practices of Agile, UX, UI and Information security
|-
|'''An Introduction to IOT firmware analysis and Security''' – By ''Vivek Rengarajan:''

Vivek is a cybersecurity team leader in a multinational bank with almost 18 years of experience. He has held varied roles in his career and has been a cyber security enthusiast for a long time. His areas of interest include mobile and ioT security, Malware analysis and reverse engineering and exploit development. He tweets at @vivek_310
|-
|Refreshments / Tea Break
|-
|'''''Onsite Hackathon (CTF) by''''' '''''Secure Code Warrior''': '''(3 Hours)'''''[[File:SCW LOGO.png|thumb]]

''Secure Code Warrior is a global security company that makes software development better and more secure: Gamified competitive Developer Quality Assurance platform''

https://securecodewarrior.com , https://insights.securecodewarrior.com

'''Announcement of the winners and Prize distribution'''
|-
|'''Vote of Thanks'''

Closing: Network Business / Announce Next Meeting – By OWASP Team
|-
|Meeting Concludes: ''Network Social''
|}

== Dec - 2018 ==
[[File:Session Photo.jpg|thumb]]
[[File:Group Photo.jpg|thumb]]
'''Organized''' '''by''' : ThoughtWorks Technologies Private Limited

'''Date :''' 15/Dec/2018

'''Timings :''' 10.00 AM to 1.00 PM IST

'''Venue :''' ThoughtWorks Technologies Private Limited, Hyderabad, Telangana, India

'''Registration Link:''' https://www.eventbrite.com/e/owasp-hyderabad-december-2018-chapter-meet-tickets-53371662078#

'''Agenda:'''

'''1) All about Java Deserialization Vulnerability'''

Java Deserialization of untrusted data has been a security buzzword for the past couple of years with almost every application using native Java serialization framework being vulnerable to Java deserialization attacks. Since it's inception, there have been many scattered attempts to come up with a solution to best address this flaw. In this talk we will focus on Java deserialization vulnerability and mitigation framework provided by Oracle in its latest JDK.

'''About Speakers:''' Venkata Suresh Sanga is a Principle Security Engineer in Oracle having more than 13+ years of experience in Application Development and Security. Currently working on SAST Tools to remediate or mitigate the Application Vulnerabilities. He has Masters in Computer Science (M.Tech) from Andhra University. Linkedin : <nowiki>https://in.linkedin.com/in/svsuresh-appse</nowiki>

'''Our Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Our Twitter URL:''' https://twitter.com/owasphyderabad

'''Our Telegram URL:''' https://goo.gl/EHqdLM

== Sept-2018 - One-Day Conference ==
'''Organized''' '''by''' : S&P Global and Ness

'''Date :''' 01/Sept/2018

'''Timings :''' 10.00 AM to 05.30 PM IST

'''Venue :''' @Ness Software Engineering Services India ,LLP, 4th Floor, Block 5, East Tower, '''North wing Divyasree NSL Infrastructure Pvt''', ,Sy No.66/1, Raidurgam Village, Serlingampally Mandal, RR Dist, Hyderabad-500032, Telangana, India

'''Registration Link:'''

https://www.meraevents.com/event/owasp-hyderabad-september-2018-chapter-meet?ucode=organizer

'''Agenda:'''
{| class="wikitable"
|'''Registration & Networking'''
|-
|Welcome and Overview by OWASP Core Team

Welcome note by S&P Global Team

Welcome & Overview of Meeting by OWASP Network Representative
|-
|'''Running Frida on jailed devices by using Frida and to bypass root/jailbreak detection – By Satish Kumar Patnayak'''

About Speaker : Information Security Consultant with 7+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. His areas of interest are android security, ios security
|-
|Refreshments / Tea Break
|-
|'''SSRF Exploit Development – By Aayush Deo'''

About Speaker : Good industry experience in information security and completed my BE from PUNE University. Have worked with shopclues.com, an eCommerce company in the past and have couple of Hall of Fame’s on ZETA, Paytm etc.
|-
|Networking Lunch
|-
|'''Mobile Vulnerabilities worth Millions - Pentesting and Securing iOS Apps using OWASP iGoat – By Swaroop Deepak Yermalkar'''

About Speaker : works as Sr Security Engineer with a diverse skill set focused on Mobile App Pentest, Web, API and AWS Pentesting. In addition he has authored the popular book “Learning iOS Pentesting” (<nowiki>https://goo.gl/T8jvjJ</nowiki>) and lead an open source project - OWASP iGoat (<nowiki>https://github.com/OWASP/iGoat-Swift</nowiki>) which is developed for mobile security. He is one of the top bug bounty researchers worldwide, working with Cobalt.io (<nowiki>https://app.cobalt.io/swaroopsy</nowiki>), Synack.inc.

He has given talks and workshops at many security conferences including AppSec USA 2017, BruCON, SEC-T, EuropeanSec, Hacks in Taiwan (HITCON), GroundZero, c0c0n, 0x90, GNUnify
|-
|'''OS Command Injection - Observation, Attack & Analysis (A1 - OWASP Top 10 2017) - By Bhaskar Puppala and Saikrishna Gobburi'''

About Speaker: Bhaskar Puppala is an Information Security Professional, working as a consultant for a fortune 500 company and has 8.5 years of experience. He is more interested in application security area and love to share his knowledge when possible. He also has some experience in bug bounty programs and listed on couple of Security Hall of Fames.

For more details please visit : <nowiki>https://in.linkedin.com/in/bhaskar-puppala-3bb11316</nowiki>

About Speaker: Saikrishna Gobburi has around 8.5 years of work experience on QA automation, performance and security testing .Currently he is working as Principal engineer with Pramati technologies. He is also associated as core member with OWASP-Hyderabad.

For more details please visit: <nowiki>https://www.linkedin.com/in/saikrishna-gobburi-b0088118/</nowiki>
|-
|Refreshments / Tea Break
|-
|Panel Discussion – Corporate attack methodology vs Attacks in the wild (Resource pool: Demand vs Supply)
Panel to be announced
|-
|Closing - Network Business / Announce Next Meeting – By OWASP Team
|-
|''Network Social''
|}
'''Sponsor :'''
{| class="wikitable"
![[File:Session_Photos.jpg|thumb|S and P]]
![[File:Session_Photos1.jpg|thumb|S and P]]
![[File:Session_Photos2.jpg|thumb|S and P]]
|}
[[File:SP.png|thumb|168x168px|Sponsor]]

== July - 2018[edit | edit source] ==
'''Time & Venue:'''
[[File:July 2018 Core Team meet.jpg|thumb|July 2018 Core Team Meet]]
@28/July/2018

CCD, Banjara Hills, Hyderabad, Telangana.

'''Agenda:'''

1. Planning for Sep 2018 OWASP meet - '''Done'''

2. Telegraph Group Mentoring - '''Done'''

3. Speakers Finalizing - '''Done'''

'''Attendees : Hyderabad OWASP Core Team'''

[[File:CoMakeIT - June 2018 Meet Pic 2.jpg|thumb|CoMakeIT - June 2018 Meet]]

== June - 2018 ==
[[File:CoMakeIT - June 2018 Meet.jpg|alt=CoMakeIT - June 2018 Meet|thumb|CoMakeIT - June 2018 Meet]]
'''Venue: coMakeIT Software Pvt Ltd'''

Address: 7th Floor, Block-I, My Home Hub, Hitech City, Madhapur, Hyderabad, INDIA

'''Event Start Time:''' Saturday, 23rd June, 2018 at 10:00 AM (IST)

'''Event Registration URL''': https://tinyurl.com/yc9cb6hg

'''Agenda:'''

'''1) Adapting to DevSecOps in Agile World'''

In this talk, speaker will try talk about basics of DevSecOps and its benefits when we integrate it in Agile SDLC space.

'''2) Understanding the internals of 'Server-Side Request Forgery' (SSRF)'''

Here speaker will try to touch the basics about how application communicates with end devices and using the same he will try to explain SSRF issue and criticality of it, if exploited.

'''About Speakers:'''

'''1) Saikrishna Gobburi''' has around 8.5 years of work experience on QA automation, performance and security testing .Currently he is working as Principle engineer with Pramati technologies. He is also associated as core member with OWASP-Hyderabad. For more details please visit: <nowiki>https://www.linkedin.com/in/saikrishna-gobburi-b0088118/</nowiki>

'''2) Bhaskar Puppala''' is an Information Security Professional, working as a consultant for a fortune 500 company and has 8.5 years of experience. He is more interested in application security area and love to share his knowledge when possible. He also has some experience in bug bounty programs and listed on couple of Security Hall of Fames. For more details please visit : <nowiki>https://in.linkedin.com/in/bhaskar-puppala-3bb11316</nowiki>

'''Our Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Our Twitter URL:''' https://twitter.com/owasphyderabad

'''Our Telegram URL:''' https://goo.gl/EHqdLM

== Mar - 2018 ==
[[File:Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet.jpg|alt=Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet|thumb|Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet]]
'''Venue: Daspalla Hotel'''
[[File:Daspalla_Hotel_-_Meet.jpg|thumb|Daspalla Hotel Meet - Mar 2018]]

Address: Rd Number 37, CBI Colony, Jubilee Hills, Hyderabad, Telangana 500033, Phone: 040 6654 5678

'''Event Start Time:''' Saturday, 10th Mar, 2018 at 10:00 AM (IST)

'''Agenda:'''

'''1) Does your Pentesting cover all the basis of IT Security ?'''

This talk focuses on how to align the security validation of a web application with the three basic elements of security namely,Confidentiality,Integrity, and Availability (CIA). The test effectiveness can be achieved by analyzing the requirements of each element and identifying the potential breaches that can compromise each element. The efficiency should be built by relating these breaches with the known OWASP Top 10 and other vulnerabilities and, leveraging that knowledge to identify the testing approach - static and dynamic throughout the SDLC.

'''About Speakers:'''

'''Bhushan Gupta''' has over 30 years of experience in software engineering, 23 of which have been in the software industry. Although recognized for his contributions in the areas of software engineering such as agile processes and quality methods and metrics, Bhushan has taken a vigorous interest in web application security and is keen on applying pragmatic software development practices that yield a secure product. He is one of the leaders of the OWASP Portland Chapter. Bhushan has been a speaker, a panelist, and a reviewer for software quality and security organizations. As a change agent, Bhushan volunteers his time and energy for organizations that promote software security and quality. He has a MS degree in Computer Science from New Mexico Institute of Mining and Technology, Socorro, New Mexico, 1985.

'''Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Twitter URL:''' https://twitter.com/owasphyderabad

'''Telegram URL:''' https://goo.gl/EHqdLM

'''Registration URL:''' https://goo.gl/tEXnec

== Feb-2018 ==

=== '''Venue: coMakeIT''' ===
7th Floor, Block-I, My Home Hub, Hitech City, Madhapur, Hyderabad, INDIA

'''Time:''' Saturday, 03rd Feb, 2018 at 10:30 AM (IST)

'''Agenda:'''

1) Mobile Application Pentest & Mobile Application Ransomware

2) Using Static Analyser tools while coding

'''About Speakers:'''

1) '''Spv Reddy''' is an Application Security Analyst at '''IMImobile Pvt Ltd''', member of '''National Technical Committee Member''' at National Cyber Safety and Security Standards

Also a '''Steering Committee Lead''' Member in National Information Security Summit.

2) '''Dathu Rachapudi''' is having 9 years of experience with 6+ years into Application Security only. He is currently working with '''ValueLabs''' as a “Technical Lead-Security”

He likes to teach and a happy a bug hunter during his leisure time.

== Dec-2017 ==
[[File:WhatsApp Image 2017-12-15 at 11.09.39 PM.jpg|thumb]]
'''Time & Venue:'''

@15/Dec/2017

KFC location, Shilparamam, Hi-Tech city, Hyderabad

'''Agenda:'''

1. Planning for Jan 20th 2018 general OWASP meet - '''Done'''

2. Need to clear OWASP mail account - '''Done'''

'''Attendees : Hyderabad OWASP Core Team'''

== Sec-2017 ==
[[File:WhatsApp Image 2017-12-15 at 10.13.27 PM.jpg|thumb]]
'''Time & Venue:'''

@03/Sep/2017

Cafe Coffee day, Road Number 10, Banjara Hills, Hyderabad

'''Below decisions were made after careful discussions'''

1. Uploading of OWASP presentation template, speakers should make use of this template to prepare their presentation

2. Recording the technical demo is mandate for presenters

'''Attendees : Hyderabad OWASP Core Team'''

== July 2017 ==
'''Time & Venue:'''

OpenText Technologies, Building No-14, 3rd Floor, Raheja Mindspace, HITEH City, Hyderabad

Saturday, July 15th, 2017 at 10:30 AM (IST)

'''Agenda:'''

1. Introduction to DevOps and its Tools - Krishna Reddy Pedala

2. API Security Auditing using RESTED Plug-in - Vikas Kumar Pal

'''About the speaker:'''

'''Krishna Reddy Pedala''' is currently working as an Sr.Information Security consultant in financial sector. His previous endeavour was with Microsoft and has 9+ years of experience in Information security domain with expertise in service industry and banking domains.

'''Vikas Kumar Pal''' is an information security professional working with Ceredox Technologies Pvt Ltd, Hyderabad with an interest in research and development in the areas of Application Security, Penetration Testing and Web Application Development.

== Feb 2017 ==

'''Time & Venue:'''

Starbucks, Opp: Cybergateway, HiTech City, Hyderbad

Monday, February 20th, 2017 at 7.30 PM (IST)

'''Agenda:'''

Topic: New Core Team Meeting

Road map for year 2017

Changes in core team members responsibilities

Getting OWASP accounts for core members

Administration of all social accounts of OWASP Hyderabad Chapter

== April 2016 ==
'''Time & Venue:'''

OpenText Technologies, Building No-14, 3rd Floor, Raheja Mindspace, HITEH City, Hyderabad

Saturday, April 2nd, 2016 at 10:30 AM (IST)

'''Agenda:'''

Topic: Mobile application security and testing by Satish Kumar Patnaik

About the speaker - Satish Kumar Patnayak : he is currently working as an Senior Information Security Consultant financial sector and has 5+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. His areas of interest are android security, ios security.

==February 2016==

'''Time & Venue:'''

Saturday, February 27th, 2016 at 10:30 AM (IST)

Location: Pramati Technologies Private Limited, Mid Town 6-3-348 Road No. 1, Banjara Hills, Hyderabad, Telangana, India

'''Agenda:'''

Microsoft Threat Modeling Tool 2016 by Krishna Reddy Padala

Creating DFD STRIDE Model Identifying STRIDE Threats by DFD, Mitigation Techniques and Technologies

'''About the speaker:''' Krishna Reddy Padala, he is currently working as an Senior Information Security Consultant financial sectore and worked with Microsoft and has 8+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. QUALYS GUARD Certified Vulnerability Management Specialist.Certified Ethical Hacker from EC Council.Worked extensively on Web Application Security, Secure Code Reviews in Banking & Financial, Healthcare, Retail, Logistics domains.

== '''Previous Meets:''' ==

==May 11, 2013==

'''Venue:'''

CA Technologies, 115, IT Park Area, Nanakramguda, Gachibowli - (Phone - 040 6687 8000), Hyderabad

'''Agenda:''' Exploiting Java 0-day by Ravindra and Raghuveer, CA Technologies Compliance and Governance by Shalem Raj, Cognizant.

==February 9, 2013==

'''Date & Time: Saturday, February 9, 2013 from 10:00 AM to 1:00 PM '''

'''Venue:'''
CA Technologies 
115, IT Park Area 
Nanakramguda, Gachibowli - (Phone - 040 6687 8000) 
Hyderabad

'''Agenda:'''
IBM Appscan - An automated approach to web app security by Rohit Tamma 
Insecure Storage in iPhone applications by Satish Bommisetty

''' Speakers: '''

'''Rohit Tamma'''
Rohit Tamma has been working in the field of Application Security since 3.5 years. He has experience in Vulnerability Assessments and Penetration Testing of web applications. He is passionate about Mobile security with special interest in Android security. He is currently working with ADP.

'''Satish Bommisetty'''
Satish is an Information Security Professional with 6.5 years of experience in penetration testing of web applications and mobile applications. He is currently working with ADP as a security analyst. He is a Facebook whitehat. He also reported vulnerabilities in Bing, Linkedin and Paypal.

== October 27, 2012 ==

'''Date & Time: Saturday, October 27, 2012 at 11:00 AM (IST) '''.

'''Venue:'''

Invesco private Limited 
15th Floor , North Block, Beside Raidurg Police Station 
DivyaSree Orion SEZ 
Hyderabad, Andhra Pradesh 500032 

'''Agenda:'''

A bird'd eye view of securing Web Applications by Imran Mohammed

SSDLC BSIMM by M S Sripathi

''' Speakers '''

'''Imran Mohammed'''

Mohammed Imran works as Researcher at TCS, Innovation Labs. He also leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Imran is a CEH and his interests include application security assessment, penetration testing and secure code review. When not at work he practices horse riding and marksmanship.

'''Sreepati M S '''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him .

'''Sponsor'''

Invesco Pvt Ltd

== August 11, 2012 ==

'''Date & Time: Saturday, Aug 11, 2012 at 10:30 AM '''.

'''Venue:'''

ADP pvt ltd 
Kothaguda 
Ground floor, Block C Laxmi cyber city Opposite TCS e-park 
Hyderabad, Andhra Pradesh 500081 

'''Agenda:'''

HTML5 Security Part II by Krishna Chaitanya

''' Speakers '''

'''Krishna Chaitanya T'''

Krishna Chaitanya T is a web geek working at Security & Privacy Research Lab, Infosys Labs. He is very much passionate about the web with special interest on Web security and areas such as HTML5, JavaScript, Web browsers, social networking platforms etc. He is a regular blogger and speaker at technical events. For his contributions to technical communities, he has been awarded Microsoft MVP award for 3 consecutive years-ASP.NET MVP(2010) and Internet Explorer MVP (2011, 2012). He is also pursuing M.S by Research at IIIT-Hyd with focus on security aspects of the modern web. When not at work he practices Yoga and plays Chess.

'''Sponsor'''

https://www.owasp.org/images/9/91/Adp.jpg

== May 19, 2012 ==

'''Date & Time: Saturday, May 19, 2012 at 10:30 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

HTML5 Security by Krishna Chaitanya

''' Speakers '''

'''Krishna Chaitanya T'''

Krishna Chaitanya T is a web geek working at Security & Privacy Research Lab, Infosys Labs. He is very much passionate about the web with special interest on Web security and areas such as HTML5, JavaScript, Web browsers, social networking platforms etc. He is a regular blogger and speaker at technical events. For his contributions to technical communities, he has been awarded Microsoft MVP award for 3 consecutive years-ASP.NET MVP(2010) and Internet Explorer MVP (2011, 2012). He is also pursuing M.S by Research at IIIT-Hyd with focus on security aspects of the modern web. When not at work he practices Yoga and plays Chess.

== February 25, 2012 ==

'''Date & Time: Saturday, February 25, 2012 at 11:00 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

How to find zero days in web applications by Imran & Raghunath

''' Speakers '''

'''Mohammed Imran'''

Imran works as Application Security Researcher at Tata consultancy services,leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Apart from his day job he contributes to matriux and Fedora open source projects. Imran is a CEH and his interests include application security assessment, penetration testing and code review.

'''Raghunath'''

Raghunath works as a senior security engineer at entersoft information systems private limited. His interests include web application penetration testing.

== December 17, 2011 ==

'''Date & Time: Saturday, at 10:30 AM '''.

'''Venue: '''

Hotel Sitara Grand 
Road No.12, Road No.12, Banjara Hills 
Hyderabad, Andhra Pradesh 500034, India 

'''Agenda:'''

Cloud Security by Arshad Noor

''' Speakers '''

'''Arshad Noor'''
Chief Technology Officer
StrongAuth, Inc., Sunnyvale, California

Started his great profession as a senior systems designer way back in 1986 at Port Authority of Newyork and New Jersey,- Newyork and worked in Citibank - newyork as Vice President apart from Newyork Life Insurance, BASF Corporation, Sun IT ,Sun Microsystems, INC to name.
Architected and built several Public Key Infrastructure (PKI) assignments for several defense, communication, medical, Banking, e-commerce, life sciences and other industries.

== November 12, 2011==

'''Date & Time: Saturday, at 10:30 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

HP WebInspect by Rohit Tamma

Pentesting Iphone Applications By B Satish

''' Speakers '''

'''Rohit Tamma'''

Rohit Tamma (CEH) has been working as a Application security Analyst in TCS from past 2 years. His job responsibilities include Vulnerability Assessment and Penetration Testing which enabled him to acquire extensive knowledge on HP WebInspect,IBM Rational Appscan Source Edition and HP Assessment Management Platform. Recently he also gave a presentation in Null Hyderabad meet on HP WebInspect.

'''Satish B'''

Satish has been working as a web application penetration tester since 5 years. Pentested over 200 web applications during this period. Recently he got involved in reverse engineering of binaries, WLAN security and mobile application hacking. He also Performed a couple of network assessments and source code reviews. Developed a compiler in the early stage of the career. He has a Bachelor’s Degree in Computer Science from JNTU, Hyderabad.Passionate about hacking and sharing knowledge.

== 20th August 2011 ==

'''Date & Time: Saturady, at 11 AM '''

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

Oracle Padding Attack by B. Satish

Open SAM part II by Sripati MS

''' Speakers '''

'''B Satish'''

I have been working as a web application penetration tester since 5 years. Pentested over 200 web applications during this period. Recently got involved in reverse engineering of binaries, WLAN security and mobile application hacking. Performed a couple of network assessments and source code reviews. Developed a compiler in the early stage of the career. I have a Bachelor’s Degree in Computer Science from JNTU, Hyderabad. Passionate about hacking and sharing knowledge

'''Sreepati M S'''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him

== July 2011 ==

'''Date: 23/07/2011 saturady of at 12:00 Noon '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

Presentation on Burp Suite by Omair Seminar on Open SAM by Sreepati

''' Speakers '''

'''Sreepati M S '''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him

 

'''Omair '''

Omair works as penetration tester in NII consulting, has over 5 years of experience in Penetration testing. His interests include Network Penetration testing, Exploit generation and Reverse engineering

 ''' Facility Sponsor & Refreshment sponsor'''

3i Infotech

[[Image:3i Infotech.png]]

 

== june 2011 ==

'''Meet on:''' 11/06/2011 saturday

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Facility Sponsor & Refreshment sponsor''' 

Cognizant Technology Solutions

 

[[Image:Cognizant.png|273x86px|Cognizant.png]]

 

== May 2011 ==

'''Meet on:''' 07/05/2011 saturday

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

XSS Autopsy and w3af by Imran

''' Speakers '''

'''Mohammed Imran'''

Imran works as Application Security Researcher at Tata consultancy services,leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Apart from his day job he contributes to matriux and Fedora open source projects. Imran is a CEH and his interests include application security assessment, penetration testing and code review.

'''Sponsor''' 

Cognizant Technology Solutions

 

==== Audio/Video/Slides Archive ====

<paypal>Hyderabad</paypal>

__NOTOC__ <headertabs></headertabs>

[[Category:OWASP_Chapter]]
[[Category:Asia/Pacific/Middle East]]
[[Category:India]]
[[Category:Hyderabad]]

Hyderabad

2019-03-06T07:29:14Z

Raj Shalem: /* Sept-2018 - One-Day Conference */

Welcome to the OWASP Hyderabad chapter homepage.

== OWASP - Hyderabad Chapter Board Members ==
Scope of the board is to discuss and approve local activities, meetings and plans.The board meetings will be announced at a later date. 

'''The board currently includes the following members :'''

''Core Team Members - Since 2017'' [mailto:gshalemraj@gmail.com Shalem Raj - Cognizant Technology Solutions] : Chapter Leader [mailto:rajesh.gopal@owasp.org Rajesh Gopal - Fortune 500 Organisation] [mailto:bhaskar.puppala@owasp.org Bhaskar Puppala - Fortune 500 Organisation] [mailto:sathya.achanta@owasp.org Achanta Sathya Phani Bapi Raju - CSC] [mailto:saikrishna.gobburi@owasp.org Saikrishna Gobburi - Pramati Technologies Pvt Ltd] 

Information about future meets can be seen in the '''''Upcoming Meetings''''' section below.

== '''Location Details''' ==

Hyderabad is the capital of southern India's Telangana state. A major center for the technology industry, it's home to many upscale restaurants and shops. Its historic sites include Golconda Fort, a former diamond-trading center that was once the Qutb Shahi dynastic capital. The Charminar, a 16th-century mosque whose 4 arches support towering minarets, is an old city landmark near the long-standing Laad Bazaar.

[[File:Hydskyline.jpg|Panorama of Hyderabad, as seen from the Hussain Sagar lake. Source: https://en.wikipedia.org/wiki/Hyderabad#/media/File:Hydskyline.jpg|center|1150x1150px]]

More details about Hyderabad location available @https://en.wikipedia.org/wiki/Hyderabad<nowiki/>{{Chapter Template|chaptername=Hyderabad|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-hyderabad|emailarchives=http://lists.owasp.org/pipermail/owasp-hyderabad}}
== Participants ==

OWASP Local Chapter meetings are free and open. Our chapter's meetings are informal and encourage open discussion of all aspects of application security. Anyone in our area interested in web application security is welcome to attend. We encourage attendees to give short presentations about specific topics.

 Stay Updated

'''[https://lists.owasp.org/mailman/listinfo/owasp-hyderabad Click here to join the local chapter mailing list]'''

'''Follow''' OWASP Hyderabad on your favorite social media sites:

[[Image:Twitter mini.png|link=http://twitter.com/OWASPHyderabad]] [[Image:Facebook mini.png|link=https://www.facebook.com/pages/Owasp-Hyderabad/181569591897591]]

'''Share''' OWASP Hyderabad on your favorite social media sites:

Presentations are invited from speakers, Please contacts us at our Telegram Group @https://goo.gl/EHqdLM

(Don't share personal details like contact numbers here, because its an open group, your privacy is our concern)

Presenters are encouraged to use OWASP presentation template for slides preparation.

Follow us at our Telegram, Twitter and Facebook handles to get latest information !

== Presentations and Training[edit | edit source] ==
OWASP Track

[https://www.owasp.org/index.php/Speaker_Agreement Speaker Agreement]

[https://www.owasp.org/images/b/b3/OWASP_Presentation_Template_v2.zip Presentation Template]

[https://www.owasp.org/index.php/Image:CFP_template.doc Call For Papers Template]

[https://www.owasp.org/images/8/85/OWASP_CFT_Template-1-.doc Call For Training proposal template].

[http://www.owasp.org/images/4/4b/SAMPLE_Training_Instructor_Agreement.doc Training Instructor Agreement]

== '''Upcoming Meetings & Events''' ==
''Stay tuned for 2019 updates - Exciting activities are under plan !''

== [[Meeting]] Details: ==

== Mar - 2019 - One-Day Conference ==
'''Organized''' '''by''' : S&P Global

'''Date :''' '''09/Mar/2019'''

'''Timings :''' 9.00 AM Registration starts

'''Event :''' 10.00 AM to 06.00 PM IST

'''Venue :''' @Ness Software Engineering Services India ,LLP, '''4th Floor, Block 5, East Tower,''' '''North wing Divyasree NSL Infrastructure Pvt''', ,Sy No.66/1, Raidurgam Village, Serlingampally Mandal, RR Dist, Hyderabad-500032, Telangana, India

'''Registration Link:''' https://www.meraevents.com/event/owasp-hyderabad-chapter-march-2019-oneday-meet-by-sandp-global
{| class="wikitable"
|'''Registration & Networking'''
|-
|Welcome and Overview by OWASP Core Team:

''Felicitation to Guest of Honor: '''G Janaki Sharmila''' - Dy. Commissioner of Police - Crime''

http://www.cyberabadpolice.gov.in/crime-wing/dcp-crimes.html

''Welcome note by S&P Global Team''
|-
|'''Authentication in API, Microservices Architecture''' '''and Cloud Security''' – By ''Varun Kumar Srivastava'':

Varun is principal Engineer with 9 + years of experience in developing and securing web applications and expertise in Application Security, Identity and Access management, He is a computer science graduate from IIT
|-
|Refreshments / Tea Break
|-
|'''''Panel Discussion''''' ''(Cybersecurity Readiness – Maturity and Capability)''

Dr. Bheemarjuna Reddy Tamma - Associate Professor, IIT Hyderabad - https://www.iith.ac.in/~tbr/

Dr. V. Radha, Associate Professor, Institute for Development and Research in Banking Technology (IDRBT) - http://idrbt.ac.in/vradha.html

Mr. Veeraindhra Dinker, Director Information Security at GSS Infotech Hyderabad - https://www.linkedin.com/in/vdinker

Mr. Venu Rao , Founder and CEO - We Secure App - https://www.linkedin.com/in/venu-rao-wsa
|-
|'''Networking Lunch -'''

'''Registrations for Onsite Hackathon by Secure Code Warrior'''
|-
|'''Executive Briefing: Secure Software Development''' – By Satish Kumar Vadlakonda: Satish is Associate Director with 12 + years of broad industry experience in to software design, architecture and development. Specialized in Web and Windows applications development with a strong acquaintance to the best practices of Agile, UX, UI and Information security
|-
|'''An Introduction to IOT firmware analysis and Security''' – By ''Vivek Rengarajan:''

Vivek is a cybersecurity team leader in a multinational bank with almost 18 years of experience. He has held varied roles in his career and has been a cyber security enthusiast for a long time. His areas of interest include mobile and ioT security, Malware analysis and reverse engineering and exploit development. He tweets at @vivek_310
|-
|Refreshments / Tea Break
|-
|'''''Onsite Hackathon (CTF) by''''' '''''Secure Code Warrior''': '''(3 Hours)'''''[[File:SCW LOGO.png|thumb]]

''Secure Code Warrior is a global security company that makes software development better and more secure: Gamified competitive Developer Quality Assurance platform''

https://securecodewarrior.com , https://insights.securecodewarrior.com

'''Announcement of the winners and Prize distribution'''
|-
|'''Vote of Thanks'''

Closing: Network Business / Announce Next Meeting – By OWASP Team
|-
|Meeting Concludes: ''Network Social''
|}

== Dec - 2018 ==
[[File:Session Photo.jpg|thumb]]
[[File:Group Photo.jpg|thumb]]
'''Organized''' '''by''' : ThoughtWorks Technologies Private Limited

'''Date :''' 15/Dec/2018

'''Timings :''' 10.00 AM to 1.00 PM IST

'''Venue :''' ThoughtWorks Technologies Private Limited, Hyderabad, Telangana, India

'''Registration Link:''' https://www.eventbrite.com/e/owasp-hyderabad-december-2018-chapter-meet-tickets-53371662078#

'''Agenda:'''

'''1) All about Java Deserialization Vulnerability'''

Java Deserialization of untrusted data has been a security buzzword for the past couple of years with almost every application using native Java serialization framework being vulnerable to Java deserialization attacks. Since it's inception, there have been many scattered attempts to come up with a solution to best address this flaw. In this talk we will focus on Java deserialization vulnerability and mitigation framework provided by Oracle in its latest JDK.

'''About Speakers:''' Venkata Suresh Sanga is a Principle Security Engineer in Oracle having more than 13+ years of experience in Application Development and Security. Currently working on SAST Tools to remediate or mitigate the Application Vulnerabilities. He has Masters in Computer Science (M.Tech) from Andhra University. Linkedin : <nowiki>https://in.linkedin.com/in/svsuresh-appse</nowiki>

'''Our Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Our Twitter URL:''' https://twitter.com/owasphyderabad

'''Our Telegram URL:''' https://goo.gl/EHqdLM

== Sept-2018 - One-Day Conference ==
'''Organized''' '''by''' : S&P Global and Ness

'''Date :''' 01/Sept/2018

'''Timings :''' 10.00 AM to 05.30 PM IST

'''Venue :''' @Ness Software Engineering Services India ,LLP, 4th Floor, Block 5, East Tower, '''North wing Divyasree NSL Infrastructure Pvt''', ,Sy No.66/1, Raidurgam Village, Serlingampally Mandal, RR Dist, Hyderabad-500032, Telangana, India

'''Registration Link:'''

https://www.meraevents.com/event/owasp-hyderabad-september-2018-chapter-meet?ucode=organizer

'''Agenda:'''
{| class="wikitable"
|'''Registration & Networking'''
|-
|Welcome and Overview by OWASP Core Team

Welcome note by S&P Global Team

Welcome & Overview of Meeting by OWASP Network Representative
|-
|'''Running Frida on jailed devices by using Frida and to bypass root/jailbreak detection – By Satish Kumar Patnayak'''

About Speaker : Information Security Consultant with 7+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. His areas of interest are android security, ios security
|-
|Refreshments / Tea Break
|-
|'''SSRF Exploit Development – By Aayush Deo'''

About Speaker : Good industry experience in information security and completed my BE from PUNE University. Have worked with shopclues.com, an eCommerce company in the past and have couple of Hall of Fame’s on ZETA, Paytm etc.
|-
|Networking Lunch
|-
|'''Mobile Vulnerabilities worth Millions - Pentesting and Securing iOS Apps using OWASP iGoat – By Swaroop Deepak Yermalkar'''

About Speaker : works as Sr Security Engineer with a diverse skill set focused on Mobile App Pentest, Web, API and AWS Pentesting. In addition he has authored the popular book “Learning iOS Pentesting” (<nowiki>https://goo.gl/T8jvjJ</nowiki>) and lead an open source project - OWASP iGoat (<nowiki>https://github.com/OWASP/iGoat-Swift</nowiki>) which is developed for mobile security. He is one of the top bug bounty researchers worldwide, working with Cobalt.io (<nowiki>https://app.cobalt.io/swaroopsy</nowiki>), Synack.inc.

He has given talks and workshops at many security conferences including AppSec USA 2017, BruCON, SEC-T, EuropeanSec, Hacks in Taiwan (HITCON), GroundZero, c0c0n, 0x90, GNUnify
|-
|'''OS Command Injection - Observation, Attack & Analysis (A1 - OWASP Top 10 2017) - By Bhaskar Puppala and Saikrishna Gobburi'''

About Speaker: Bhaskar Puppala is an Information Security Professional, working as a consultant for a fortune 500 company and has 8.5 years of experience. He is more interested in application security area and love to share his knowledge when possible. He also has some experience in bug bounty programs and listed on couple of Security Hall of Fames.

For more details please visit : <nowiki>https://in.linkedin.com/in/bhaskar-puppala-3bb11316</nowiki>

About Speaker: Saikrishna Gobburi has around 8.5 years of work experience on QA automation, performance and security testing .Currently he is working as Principal engineer with Pramati technologies. He is also associated as core member with OWASP-Hyderabad.

For more details please visit: <nowiki>https://www.linkedin.com/in/saikrishna-gobburi-b0088118/</nowiki>
|-
|Refreshments / Tea Break
|-
|Panel Discussion – Corporate attack methodology vs Attacks in the wild (Resource pool: Demand vs Supply)
Panel to be announced
|-
|Closing - Network Business / Announce Next Meeting – By OWASP Team
|-
|''Network Social''
|}
'''Sponsor :'''
{| class="wikitable"
!Hello1
!Hello2
![[File:Session_Photos.jpg|thumb|S and P]]
|-
| colspan="3" |[[File:Session_Photos1.jpg|thumb|S and P]]
|}
[[File:SP.png|thumb|168x168px|Sponsor]]

== July - 2018[edit | edit source] ==
'''Time & Venue:'''
[[File:July 2018 Core Team meet.jpg|thumb|July 2018 Core Team Meet]]
@28/July/2018

CCD, Banjara Hills, Hyderabad, Telangana.

'''Agenda:'''

1. Planning for Sep 2018 OWASP meet - '''Done'''

2. Telegraph Group Mentoring - '''Done'''

3. Speakers Finalizing - '''Done'''

'''Attendees : Hyderabad OWASP Core Team'''

[[File:CoMakeIT - June 2018 Meet Pic 2.jpg|thumb|CoMakeIT - June 2018 Meet]]

== June - 2018 ==
[[File:CoMakeIT - June 2018 Meet.jpg|alt=CoMakeIT - June 2018 Meet|thumb|CoMakeIT - June 2018 Meet]]
'''Venue: coMakeIT Software Pvt Ltd'''

Address: 7th Floor, Block-I, My Home Hub, Hitech City, Madhapur, Hyderabad, INDIA

'''Event Start Time:''' Saturday, 23rd June, 2018 at 10:00 AM (IST)

'''Event Registration URL''': https://tinyurl.com/yc9cb6hg

'''Agenda:'''

'''1) Adapting to DevSecOps in Agile World'''

In this talk, speaker will try talk about basics of DevSecOps and its benefits when we integrate it in Agile SDLC space.

'''2) Understanding the internals of 'Server-Side Request Forgery' (SSRF)'''

Here speaker will try to touch the basics about how application communicates with end devices and using the same he will try to explain SSRF issue and criticality of it, if exploited.

'''About Speakers:'''

'''1) Saikrishna Gobburi''' has around 8.5 years of work experience on QA automation, performance and security testing .Currently he is working as Principle engineer with Pramati technologies. He is also associated as core member with OWASP-Hyderabad. For more details please visit: <nowiki>https://www.linkedin.com/in/saikrishna-gobburi-b0088118/</nowiki>

'''2) Bhaskar Puppala''' is an Information Security Professional, working as a consultant for a fortune 500 company and has 8.5 years of experience. He is more interested in application security area and love to share his knowledge when possible. He also has some experience in bug bounty programs and listed on couple of Security Hall of Fames. For more details please visit : <nowiki>https://in.linkedin.com/in/bhaskar-puppala-3bb11316</nowiki>

'''Our Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Our Twitter URL:''' https://twitter.com/owasphyderabad

'''Our Telegram URL:''' https://goo.gl/EHqdLM

== Mar - 2018 ==
[[File:Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet.jpg|alt=Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet|thumb|Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet]]
'''Venue: Daspalla Hotel'''
[[File:Daspalla_Hotel_-_Meet.jpg|thumb|Daspalla Hotel Meet - Mar 2018]]

Address: Rd Number 37, CBI Colony, Jubilee Hills, Hyderabad, Telangana 500033, Phone: 040 6654 5678

'''Event Start Time:''' Saturday, 10th Mar, 2018 at 10:00 AM (IST)

'''Agenda:'''

'''1) Does your Pentesting cover all the basis of IT Security ?'''

This talk focuses on how to align the security validation of a web application with the three basic elements of security namely,Confidentiality,Integrity, and Availability (CIA). The test effectiveness can be achieved by analyzing the requirements of each element and identifying the potential breaches that can compromise each element. The efficiency should be built by relating these breaches with the known OWASP Top 10 and other vulnerabilities and, leveraging that knowledge to identify the testing approach - static and dynamic throughout the SDLC.

'''About Speakers:'''

'''Bhushan Gupta''' has over 30 years of experience in software engineering, 23 of which have been in the software industry. Although recognized for his contributions in the areas of software engineering such as agile processes and quality methods and metrics, Bhushan has taken a vigorous interest in web application security and is keen on applying pragmatic software development practices that yield a secure product. He is one of the leaders of the OWASP Portland Chapter. Bhushan has been a speaker, a panelist, and a reviewer for software quality and security organizations. As a change agent, Bhushan volunteers his time and energy for organizations that promote software security and quality. He has a MS degree in Computer Science from New Mexico Institute of Mining and Technology, Socorro, New Mexico, 1985.

'''Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Twitter URL:''' https://twitter.com/owasphyderabad

'''Telegram URL:''' https://goo.gl/EHqdLM

'''Registration URL:''' https://goo.gl/tEXnec

== Feb-2018 ==

=== '''Venue: coMakeIT''' ===
7th Floor, Block-I, My Home Hub, Hitech City, Madhapur, Hyderabad, INDIA

'''Time:''' Saturday, 03rd Feb, 2018 at 10:30 AM (IST)

'''Agenda:'''

1) Mobile Application Pentest & Mobile Application Ransomware

2) Using Static Analyser tools while coding

'''About Speakers:'''

1) '''Spv Reddy''' is an Application Security Analyst at '''IMImobile Pvt Ltd''', member of '''National Technical Committee Member''' at National Cyber Safety and Security Standards

Also a '''Steering Committee Lead''' Member in National Information Security Summit.

2) '''Dathu Rachapudi''' is having 9 years of experience with 6+ years into Application Security only. He is currently working with '''ValueLabs''' as a “Technical Lead-Security”

He likes to teach and a happy a bug hunter during his leisure time.

== Dec-2017 ==
[[File:WhatsApp Image 2017-12-15 at 11.09.39 PM.jpg|thumb]]
'''Time & Venue:'''

@15/Dec/2017

KFC location, Shilparamam, Hi-Tech city, Hyderabad

'''Agenda:'''

1. Planning for Jan 20th 2018 general OWASP meet - '''Done'''

2. Need to clear OWASP mail account - '''Done'''

'''Attendees : Hyderabad OWASP Core Team'''

== Sec-2017 ==
[[File:WhatsApp Image 2017-12-15 at 10.13.27 PM.jpg|thumb]]
'''Time & Venue:'''

@03/Sep/2017

Cafe Coffee day, Road Number 10, Banjara Hills, Hyderabad

'''Below decisions were made after careful discussions'''

1. Uploading of OWASP presentation template, speakers should make use of this template to prepare their presentation

2. Recording the technical demo is mandate for presenters

'''Attendees : Hyderabad OWASP Core Team'''

== July 2017 ==
'''Time & Venue:'''

OpenText Technologies, Building No-14, 3rd Floor, Raheja Mindspace, HITEH City, Hyderabad

Saturday, July 15th, 2017 at 10:30 AM (IST)

'''Agenda:'''

1. Introduction to DevOps and its Tools - Krishna Reddy Pedala

2. API Security Auditing using RESTED Plug-in - Vikas Kumar Pal

'''About the speaker:'''

'''Krishna Reddy Pedala''' is currently working as an Sr.Information Security consultant in financial sector. His previous endeavour was with Microsoft and has 9+ years of experience in Information security domain with expertise in service industry and banking domains.

'''Vikas Kumar Pal''' is an information security professional working with Ceredox Technologies Pvt Ltd, Hyderabad with an interest in research and development in the areas of Application Security, Penetration Testing and Web Application Development.

== Feb 2017 ==

'''Time & Venue:'''

Starbucks, Opp: Cybergateway, HiTech City, Hyderbad

Monday, February 20th, 2017 at 7.30 PM (IST)

'''Agenda:'''

Topic: New Core Team Meeting

Road map for year 2017

Changes in core team members responsibilities

Getting OWASP accounts for core members

Administration of all social accounts of OWASP Hyderabad Chapter

== April 2016 ==
'''Time & Venue:'''

OpenText Technologies, Building No-14, 3rd Floor, Raheja Mindspace, HITEH City, Hyderabad

Saturday, April 2nd, 2016 at 10:30 AM (IST)

'''Agenda:'''

Topic: Mobile application security and testing by Satish Kumar Patnaik

About the speaker - Satish Kumar Patnayak : he is currently working as an Senior Information Security Consultant financial sector and has 5+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. His areas of interest are android security, ios security.

==February 2016==

'''Time & Venue:'''

Saturday, February 27th, 2016 at 10:30 AM (IST)

Location: Pramati Technologies Private Limited, Mid Town 6-3-348 Road No. 1, Banjara Hills, Hyderabad, Telangana, India

'''Agenda:'''

Microsoft Threat Modeling Tool 2016 by Krishna Reddy Padala

Creating DFD STRIDE Model Identifying STRIDE Threats by DFD, Mitigation Techniques and Technologies

'''About the speaker:''' Krishna Reddy Padala, he is currently working as an Senior Information Security Consultant financial sectore and worked with Microsoft and has 8+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. QUALYS GUARD Certified Vulnerability Management Specialist.Certified Ethical Hacker from EC Council.Worked extensively on Web Application Security, Secure Code Reviews in Banking & Financial, Healthcare, Retail, Logistics domains.

== '''Previous Meets:''' ==

==May 11, 2013==

'''Venue:'''

CA Technologies, 115, IT Park Area, Nanakramguda, Gachibowli - (Phone - 040 6687 8000), Hyderabad

'''Agenda:''' Exploiting Java 0-day by Ravindra and Raghuveer, CA Technologies Compliance and Governance by Shalem Raj, Cognizant.

==February 9, 2013==

'''Date & Time: Saturday, February 9, 2013 from 10:00 AM to 1:00 PM '''

'''Venue:'''
CA Technologies 
115, IT Park Area 
Nanakramguda, Gachibowli - (Phone - 040 6687 8000) 
Hyderabad

'''Agenda:'''
IBM Appscan - An automated approach to web app security by Rohit Tamma 
Insecure Storage in iPhone applications by Satish Bommisetty

''' Speakers: '''

'''Rohit Tamma'''
Rohit Tamma has been working in the field of Application Security since 3.5 years. He has experience in Vulnerability Assessments and Penetration Testing of web applications. He is passionate about Mobile security with special interest in Android security. He is currently working with ADP.

'''Satish Bommisetty'''
Satish is an Information Security Professional with 6.5 years of experience in penetration testing of web applications and mobile applications. He is currently working with ADP as a security analyst. He is a Facebook whitehat. He also reported vulnerabilities in Bing, Linkedin and Paypal.

== October 27, 2012 ==

'''Date & Time: Saturday, October 27, 2012 at 11:00 AM (IST) '''.

'''Venue:'''

Invesco private Limited 
15th Floor , North Block, Beside Raidurg Police Station 
DivyaSree Orion SEZ 
Hyderabad, Andhra Pradesh 500032 

'''Agenda:'''

A bird'd eye view of securing Web Applications by Imran Mohammed

SSDLC BSIMM by M S Sripathi

''' Speakers '''

'''Imran Mohammed'''

Mohammed Imran works as Researcher at TCS, Innovation Labs. He also leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Imran is a CEH and his interests include application security assessment, penetration testing and secure code review. When not at work he practices horse riding and marksmanship.

'''Sreepati M S '''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him .

'''Sponsor'''

Invesco Pvt Ltd

== August 11, 2012 ==

'''Date & Time: Saturday, Aug 11, 2012 at 10:30 AM '''.

'''Venue:'''

ADP pvt ltd 
Kothaguda 
Ground floor, Block C Laxmi cyber city Opposite TCS e-park 
Hyderabad, Andhra Pradesh 500081 

'''Agenda:'''

HTML5 Security Part II by Krishna Chaitanya

''' Speakers '''

'''Krishna Chaitanya T'''

Krishna Chaitanya T is a web geek working at Security & Privacy Research Lab, Infosys Labs. He is very much passionate about the web with special interest on Web security and areas such as HTML5, JavaScript, Web browsers, social networking platforms etc. He is a regular blogger and speaker at technical events. For his contributions to technical communities, he has been awarded Microsoft MVP award for 3 consecutive years-ASP.NET MVP(2010) and Internet Explorer MVP (2011, 2012). He is also pursuing M.S by Research at IIIT-Hyd with focus on security aspects of the modern web. When not at work he practices Yoga and plays Chess.

'''Sponsor'''

https://www.owasp.org/images/9/91/Adp.jpg

== May 19, 2012 ==

'''Date & Time: Saturday, May 19, 2012 at 10:30 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

HTML5 Security by Krishna Chaitanya

''' Speakers '''

'''Krishna Chaitanya T'''

Krishna Chaitanya T is a web geek working at Security & Privacy Research Lab, Infosys Labs. He is very much passionate about the web with special interest on Web security and areas such as HTML5, JavaScript, Web browsers, social networking platforms etc. He is a regular blogger and speaker at technical events. For his contributions to technical communities, he has been awarded Microsoft MVP award for 3 consecutive years-ASP.NET MVP(2010) and Internet Explorer MVP (2011, 2012). He is also pursuing M.S by Research at IIIT-Hyd with focus on security aspects of the modern web. When not at work he practices Yoga and plays Chess.

== February 25, 2012 ==

'''Date & Time: Saturday, February 25, 2012 at 11:00 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

How to find zero days in web applications by Imran & Raghunath

''' Speakers '''

'''Mohammed Imran'''

Imran works as Application Security Researcher at Tata consultancy services,leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Apart from his day job he contributes to matriux and Fedora open source projects. Imran is a CEH and his interests include application security assessment, penetration testing and code review.

'''Raghunath'''

Raghunath works as a senior security engineer at entersoft information systems private limited. His interests include web application penetration testing.

== December 17, 2011 ==

'''Date & Time: Saturday, at 10:30 AM '''.

'''Venue: '''

Hotel Sitara Grand 
Road No.12, Road No.12, Banjara Hills 
Hyderabad, Andhra Pradesh 500034, India 

'''Agenda:'''

Cloud Security by Arshad Noor

''' Speakers '''

'''Arshad Noor'''
Chief Technology Officer
StrongAuth, Inc., Sunnyvale, California

Started his great profession as a senior systems designer way back in 1986 at Port Authority of Newyork and New Jersey,- Newyork and worked in Citibank - newyork as Vice President apart from Newyork Life Insurance, BASF Corporation, Sun IT ,Sun Microsystems, INC to name.
Architected and built several Public Key Infrastructure (PKI) assignments for several defense, communication, medical, Banking, e-commerce, life sciences and other industries.

== November 12, 2011==

'''Date & Time: Saturday, at 10:30 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

HP WebInspect by Rohit Tamma

Pentesting Iphone Applications By B Satish

''' Speakers '''

'''Rohit Tamma'''

Rohit Tamma (CEH) has been working as a Application security Analyst in TCS from past 2 years. His job responsibilities include Vulnerability Assessment and Penetration Testing which enabled him to acquire extensive knowledge on HP WebInspect,IBM Rational Appscan Source Edition and HP Assessment Management Platform. Recently he also gave a presentation in Null Hyderabad meet on HP WebInspect.

'''Satish B'''

Satish has been working as a web application penetration tester since 5 years. Pentested over 200 web applications during this period. Recently he got involved in reverse engineering of binaries, WLAN security and mobile application hacking. He also Performed a couple of network assessments and source code reviews. Developed a compiler in the early stage of the career. He has a Bachelor’s Degree in Computer Science from JNTU, Hyderabad.Passionate about hacking and sharing knowledge.

== 20th August 2011 ==

'''Date & Time: Saturady, at 11 AM '''

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

Oracle Padding Attack by B. Satish

Open SAM part II by Sripati MS

''' Speakers '''

'''B Satish'''

I have been working as a web application penetration tester since 5 years. Pentested over 200 web applications during this period. Recently got involved in reverse engineering of binaries, WLAN security and mobile application hacking. Performed a couple of network assessments and source code reviews. Developed a compiler in the early stage of the career. I have a Bachelor’s Degree in Computer Science from JNTU, Hyderabad. Passionate about hacking and sharing knowledge

'''Sreepati M S'''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him

== July 2011 ==

'''Date: 23/07/2011 saturady of at 12:00 Noon '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

Presentation on Burp Suite by Omair Seminar on Open SAM by Sreepati

''' Speakers '''

'''Sreepati M S '''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him

 

'''Omair '''

Omair works as penetration tester in NII consulting, has over 5 years of experience in Penetration testing. His interests include Network Penetration testing, Exploit generation and Reverse engineering

 ''' Facility Sponsor & Refreshment sponsor'''

3i Infotech

[[Image:3i Infotech.png]]

 

== june 2011 ==

'''Meet on:''' 11/06/2011 saturday

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Facility Sponsor & Refreshment sponsor''' 

Cognizant Technology Solutions

 

[[Image:Cognizant.png|273x86px|Cognizant.png]]

 

== May 2011 ==

'''Meet on:''' 07/05/2011 saturday

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

XSS Autopsy and w3af by Imran

''' Speakers '''

'''Mohammed Imran'''

Imran works as Application Security Researcher at Tata consultancy services,leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Apart from his day job he contributes to matriux and Fedora open source projects. Imran is a CEH and his interests include application security assessment, penetration testing and code review.

'''Sponsor''' 

Cognizant Technology Solutions

 

==== Audio/Video/Slides Archive ====

<paypal>Hyderabad</paypal>

__NOTOC__ <headertabs></headertabs>

[[Category:OWASP_Chapter]]
[[Category:Asia/Pacific/Middle East]]
[[Category:India]]
[[Category:Hyderabad]]

Hyderabad

2019-03-06T07:27:09Z

Raj Shalem:

Welcome to the OWASP Hyderabad chapter homepage.

== OWASP - Hyderabad Chapter Board Members ==
Scope of the board is to discuss and approve local activities, meetings and plans.The board meetings will be announced at a later date. 

'''The board currently includes the following members :'''

''Core Team Members - Since 2017'' [mailto:gshalemraj@gmail.com Shalem Raj - Cognizant Technology Solutions] : Chapter Leader [mailto:rajesh.gopal@owasp.org Rajesh Gopal - Fortune 500 Organisation] [mailto:bhaskar.puppala@owasp.org Bhaskar Puppala - Fortune 500 Organisation] [mailto:sathya.achanta@owasp.org Achanta Sathya Phani Bapi Raju - CSC] [mailto:saikrishna.gobburi@owasp.org Saikrishna Gobburi - Pramati Technologies Pvt Ltd] 

Information about future meets can be seen in the '''''Upcoming Meetings''''' section below.

== '''Location Details''' ==

Hyderabad is the capital of southern India's Telangana state. A major center for the technology industry, it's home to many upscale restaurants and shops. Its historic sites include Golconda Fort, a former diamond-trading center that was once the Qutb Shahi dynastic capital. The Charminar, a 16th-century mosque whose 4 arches support towering minarets, is an old city landmark near the long-standing Laad Bazaar.

[[File:Hydskyline.jpg|Panorama of Hyderabad, as seen from the Hussain Sagar lake. Source: https://en.wikipedia.org/wiki/Hyderabad#/media/File:Hydskyline.jpg|center|1150x1150px]]

More details about Hyderabad location available @https://en.wikipedia.org/wiki/Hyderabad<nowiki/>{{Chapter Template|chaptername=Hyderabad|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-hyderabad|emailarchives=http://lists.owasp.org/pipermail/owasp-hyderabad}}
== Participants ==

OWASP Local Chapter meetings are free and open. Our chapter's meetings are informal and encourage open discussion of all aspects of application security. Anyone in our area interested in web application security is welcome to attend. We encourage attendees to give short presentations about specific topics.

 Stay Updated

'''[https://lists.owasp.org/mailman/listinfo/owasp-hyderabad Click here to join the local chapter mailing list]'''

'''Follow''' OWASP Hyderabad on your favorite social media sites:

[[Image:Twitter mini.png|link=http://twitter.com/OWASPHyderabad]] [[Image:Facebook mini.png|link=https://www.facebook.com/pages/Owasp-Hyderabad/181569591897591]]

'''Share''' OWASP Hyderabad on your favorite social media sites:

Presentations are invited from speakers, Please contacts us at our Telegram Group @https://goo.gl/EHqdLM

(Don't share personal details like contact numbers here, because its an open group, your privacy is our concern)

Presenters are encouraged to use OWASP presentation template for slides preparation.

Follow us at our Telegram, Twitter and Facebook handles to get latest information !

== Presentations and Training[edit | edit source] ==
OWASP Track

[https://www.owasp.org/index.php/Speaker_Agreement Speaker Agreement]

[https://www.owasp.org/images/b/b3/OWASP_Presentation_Template_v2.zip Presentation Template]

[https://www.owasp.org/index.php/Image:CFP_template.doc Call For Papers Template]

[https://www.owasp.org/images/8/85/OWASP_CFT_Template-1-.doc Call For Training proposal template].

[http://www.owasp.org/images/4/4b/SAMPLE_Training_Instructor_Agreement.doc Training Instructor Agreement]

== '''Upcoming Meetings & Events''' ==
''Stay tuned for 2019 updates - Exciting activities are under plan !''

== [[Meeting]] Details: ==

== Mar - 2019 - One-Day Conference ==
'''Organized''' '''by''' : S&P Global

'''Date :''' '''09/Mar/2019'''

'''Timings :''' 9.00 AM Registration starts

'''Event :''' 10.00 AM to 06.00 PM IST

'''Venue :''' @Ness Software Engineering Services India ,LLP, '''4th Floor, Block 5, East Tower,''' '''North wing Divyasree NSL Infrastructure Pvt''', ,Sy No.66/1, Raidurgam Village, Serlingampally Mandal, RR Dist, Hyderabad-500032, Telangana, India

'''Registration Link:''' https://www.meraevents.com/event/owasp-hyderabad-chapter-march-2019-oneday-meet-by-sandp-global
{| class="wikitable"
|'''Registration & Networking'''
|-
|Welcome and Overview by OWASP Core Team:

''Felicitation to Guest of Honor: '''G Janaki Sharmila''' - Dy. Commissioner of Police - Crime''

http://www.cyberabadpolice.gov.in/crime-wing/dcp-crimes.html

''Welcome note by S&P Global Team''
|-
|'''Authentication in API, Microservices Architecture''' '''and Cloud Security''' – By ''Varun Kumar Srivastava'':

Varun is principal Engineer with 9 + years of experience in developing and securing web applications and expertise in Application Security, Identity and Access management, He is a computer science graduate from IIT
|-
|Refreshments / Tea Break
|-
|'''''Panel Discussion''''' ''(Cybersecurity Readiness – Maturity and Capability)''

Dr. Bheemarjuna Reddy Tamma - Associate Professor, IIT Hyderabad - https://www.iith.ac.in/~tbr/

Dr. V. Radha, Associate Professor, Institute for Development and Research in Banking Technology (IDRBT) - http://idrbt.ac.in/vradha.html

Mr. Veeraindhra Dinker, Director Information Security at GSS Infotech Hyderabad - https://www.linkedin.com/in/vdinker

Mr. Venu Rao , Founder and CEO - We Secure App - https://www.linkedin.com/in/venu-rao-wsa
|-
|'''Networking Lunch -'''

'''Registrations for Onsite Hackathon by Secure Code Warrior'''
|-
|'''Executive Briefing: Secure Software Development''' – By Satish Kumar Vadlakonda: Satish is Associate Director with 12 + years of broad industry experience in to software design, architecture and development. Specialized in Web and Windows applications development with a strong acquaintance to the best practices of Agile, UX, UI and Information security
|-
|'''An Introduction to IOT firmware analysis and Security''' – By ''Vivek Rengarajan:''

Vivek is a cybersecurity team leader in a multinational bank with almost 18 years of experience. He has held varied roles in his career and has been a cyber security enthusiast for a long time. His areas of interest include mobile and ioT security, Malware analysis and reverse engineering and exploit development. He tweets at @vivek_310
|-
|Refreshments / Tea Break
|-
|'''''Onsite Hackathon (CTF) by''''' '''''Secure Code Warrior''': '''(3 Hours)'''''[[File:SCW LOGO.png|thumb]]

''Secure Code Warrior is a global security company that makes software development better and more secure: Gamified competitive Developer Quality Assurance platform''

https://securecodewarrior.com , https://insights.securecodewarrior.com

'''Announcement of the winners and Prize distribution'''
|-
|'''Vote of Thanks'''

Closing: Network Business / Announce Next Meeting – By OWASP Team
|-
|Meeting Concludes: ''Network Social''
|}

== Dec - 2018 ==
[[File:Session Photo.jpg|thumb]]
[[File:Group Photo.jpg|thumb]]
'''Organized''' '''by''' : ThoughtWorks Technologies Private Limited

'''Date :''' 15/Dec/2018

'''Timings :''' 10.00 AM to 1.00 PM IST

'''Venue :''' ThoughtWorks Technologies Private Limited, Hyderabad, Telangana, India

'''Registration Link:''' https://www.eventbrite.com/e/owasp-hyderabad-december-2018-chapter-meet-tickets-53371662078#

'''Agenda:'''

'''1) All about Java Deserialization Vulnerability'''

Java Deserialization of untrusted data has been a security buzzword for the past couple of years with almost every application using native Java serialization framework being vulnerable to Java deserialization attacks. Since it's inception, there have been many scattered attempts to come up with a solution to best address this flaw. In this talk we will focus on Java deserialization vulnerability and mitigation framework provided by Oracle in its latest JDK.

'''About Speakers:''' Venkata Suresh Sanga is a Principle Security Engineer in Oracle having more than 13+ years of experience in Application Development and Security. Currently working on SAST Tools to remediate or mitigate the Application Vulnerabilities. He has Masters in Computer Science (M.Tech) from Andhra University. Linkedin : <nowiki>https://in.linkedin.com/in/svsuresh-appse</nowiki>

'''Our Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Our Twitter URL:''' https://twitter.com/owasphyderabad

'''Our Telegram URL:''' https://goo.gl/EHqdLM

== Sept-2018 - One-Day Conference ==
'''Organized''' '''by''' : S&P Global and Ness

'''Date :''' 01/Sept/2018

'''Timings :''' 10.00 AM to 05.30 PM IST

'''Venue :''' @Ness Software Engineering Services India ,LLP, 4th Floor, Block 5, East Tower, '''North wing Divyasree NSL Infrastructure Pvt''', ,Sy No.66/1, Raidurgam Village, Serlingampally Mandal, RR Dist, Hyderabad-500032, Telangana, India

'''Registration Link:'''

https://www.meraevents.com/event/owasp-hyderabad-september-2018-chapter-meet?ucode=organizer

'''Agenda:'''
{| class="wikitable"
|'''Registration & Networking'''
|-
|Welcome and Overview by OWASP Core Team

Welcome note by S&P Global Team

Welcome & Overview of Meeting by OWASP Network Representative
|-
|'''Running Frida on jailed devices by using Frida and to bypass root/jailbreak detection – By Satish Kumar Patnayak'''

About Speaker : Information Security Consultant with 7+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. His areas of interest are android security, ios security
|-
|Refreshments / Tea Break
|-
|'''SSRF Exploit Development – By Aayush Deo'''

About Speaker : Good industry experience in information security and completed my BE from PUNE University. Have worked with shopclues.com, an eCommerce company in the past and have couple of Hall of Fame’s on ZETA, Paytm etc.
|-
|Networking Lunch
|-
|'''Mobile Vulnerabilities worth Millions - Pentesting and Securing iOS Apps using OWASP iGoat – By Swaroop Deepak Yermalkar'''

About Speaker : works as Sr Security Engineer with a diverse skill set focused on Mobile App Pentest, Web, API and AWS Pentesting. In addition he has authored the popular book “Learning iOS Pentesting” (<nowiki>https://goo.gl/T8jvjJ</nowiki>) and lead an open source project - OWASP iGoat (<nowiki>https://github.com/OWASP/iGoat-Swift</nowiki>) which is developed for mobile security. He is one of the top bug bounty researchers worldwide, working with Cobalt.io (<nowiki>https://app.cobalt.io/swaroopsy</nowiki>), Synack.inc.

He has given talks and workshops at many security conferences including AppSec USA 2017, BruCON, SEC-T, EuropeanSec, Hacks in Taiwan (HITCON), GroundZero, c0c0n, 0x90, GNUnify
|-
|'''OS Command Injection - Observation, Attack & Analysis (A1 - OWASP Top 10 2017) - By Bhaskar Puppala and Saikrishna Gobburi'''

About Speaker: Bhaskar Puppala is an Information Security Professional, working as a consultant for a fortune 500 company and has 8.5 years of experience. He is more interested in application security area and love to share his knowledge when possible. He also has some experience in bug bounty programs and listed on couple of Security Hall of Fames.

For more details please visit : <nowiki>https://in.linkedin.com/in/bhaskar-puppala-3bb11316</nowiki>

About Speaker: Saikrishna Gobburi has around 8.5 years of work experience on QA automation, performance and security testing .Currently he is working as Principal engineer with Pramati technologies. He is also associated as core member with OWASP-Hyderabad.

For more details please visit: <nowiki>https://www.linkedin.com/in/saikrishna-gobburi-b0088118/</nowiki>
|-
|Refreshments / Tea Break
|-
|Panel Discussion – Corporate attack methodology vs Attacks in the wild (Resource pool: Demand vs Supply)
Panel to be announced
|-
|Closing - Network Business / Announce Next Meeting – By OWASP Team
|-
|''Network Social''
|}
'''Sponsor :'''
{| class="wikitable"
!1
!2
! rowspan="2" |[[File:Session_Photos.jpg|thumb|S and P]]
|-
| colspan="2" |[[File:Session_Photos2.jpg|thumb|S and P]]
|-
| colspan="3" |[[File:Session_Photos1.jpg|thumb|S and P]]
|}
[[File:SP.png|thumb|168x168px|Sponsor]]

== July - 2018[edit | edit source] ==
'''Time & Venue:'''
[[File:July 2018 Core Team meet.jpg|thumb|July 2018 Core Team Meet]]
@28/July/2018

CCD, Banjara Hills, Hyderabad, Telangana.

'''Agenda:'''

1. Planning for Sep 2018 OWASP meet - '''Done'''

2. Telegraph Group Mentoring - '''Done'''

3. Speakers Finalizing - '''Done'''

'''Attendees : Hyderabad OWASP Core Team'''

[[File:CoMakeIT - June 2018 Meet Pic 2.jpg|thumb|CoMakeIT - June 2018 Meet]]

== June - 2018 ==
[[File:CoMakeIT - June 2018 Meet.jpg|alt=CoMakeIT - June 2018 Meet|thumb|CoMakeIT - June 2018 Meet]]
'''Venue: coMakeIT Software Pvt Ltd'''

Address: 7th Floor, Block-I, My Home Hub, Hitech City, Madhapur, Hyderabad, INDIA

'''Event Start Time:''' Saturday, 23rd June, 2018 at 10:00 AM (IST)

'''Event Registration URL''': https://tinyurl.com/yc9cb6hg

'''Agenda:'''

'''1) Adapting to DevSecOps in Agile World'''

In this talk, speaker will try talk about basics of DevSecOps and its benefits when we integrate it in Agile SDLC space.

'''2) Understanding the internals of 'Server-Side Request Forgery' (SSRF)'''

Here speaker will try to touch the basics about how application communicates with end devices and using the same he will try to explain SSRF issue and criticality of it, if exploited.

'''About Speakers:'''

'''1) Saikrishna Gobburi''' has around 8.5 years of work experience on QA automation, performance and security testing .Currently he is working as Principle engineer with Pramati technologies. He is also associated as core member with OWASP-Hyderabad. For more details please visit: <nowiki>https://www.linkedin.com/in/saikrishna-gobburi-b0088118/</nowiki>

'''2) Bhaskar Puppala''' is an Information Security Professional, working as a consultant for a fortune 500 company and has 8.5 years of experience. He is more interested in application security area and love to share his knowledge when possible. He also has some experience in bug bounty programs and listed on couple of Security Hall of Fames. For more details please visit : <nowiki>https://in.linkedin.com/in/bhaskar-puppala-3bb11316</nowiki>

'''Our Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Our Twitter URL:''' https://twitter.com/owasphyderabad

'''Our Telegram URL:''' https://goo.gl/EHqdLM

== Mar - 2018 ==
[[File:Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet.jpg|alt=Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet|thumb|Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet]]
'''Venue: Daspalla Hotel'''
[[File:Daspalla_Hotel_-_Meet.jpg|thumb|Daspalla Hotel Meet - Mar 2018]]

Address: Rd Number 37, CBI Colony, Jubilee Hills, Hyderabad, Telangana 500033, Phone: 040 6654 5678

'''Event Start Time:''' Saturday, 10th Mar, 2018 at 10:00 AM (IST)

'''Agenda:'''

'''1) Does your Pentesting cover all the basis of IT Security ?'''

This talk focuses on how to align the security validation of a web application with the three basic elements of security namely,Confidentiality,Integrity, and Availability (CIA). The test effectiveness can be achieved by analyzing the requirements of each element and identifying the potential breaches that can compromise each element. The efficiency should be built by relating these breaches with the known OWASP Top 10 and other vulnerabilities and, leveraging that knowledge to identify the testing approach - static and dynamic throughout the SDLC.

'''About Speakers:'''

'''Bhushan Gupta''' has over 30 years of experience in software engineering, 23 of which have been in the software industry. Although recognized for his contributions in the areas of software engineering such as agile processes and quality methods and metrics, Bhushan has taken a vigorous interest in web application security and is keen on applying pragmatic software development practices that yield a secure product. He is one of the leaders of the OWASP Portland Chapter. Bhushan has been a speaker, a panelist, and a reviewer for software quality and security organizations. As a change agent, Bhushan volunteers his time and energy for organizations that promote software security and quality. He has a MS degree in Computer Science from New Mexico Institute of Mining and Technology, Socorro, New Mexico, 1985.

'''Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Twitter URL:''' https://twitter.com/owasphyderabad

'''Telegram URL:''' https://goo.gl/EHqdLM

'''Registration URL:''' https://goo.gl/tEXnec

== Feb-2018 ==

=== '''Venue: coMakeIT''' ===
7th Floor, Block-I, My Home Hub, Hitech City, Madhapur, Hyderabad, INDIA

'''Time:''' Saturday, 03rd Feb, 2018 at 10:30 AM (IST)

'''Agenda:'''

1) Mobile Application Pentest & Mobile Application Ransomware

2) Using Static Analyser tools while coding

'''About Speakers:'''

1) '''Spv Reddy''' is an Application Security Analyst at '''IMImobile Pvt Ltd''', member of '''National Technical Committee Member''' at National Cyber Safety and Security Standards

Also a '''Steering Committee Lead''' Member in National Information Security Summit.

2) '''Dathu Rachapudi''' is having 9 years of experience with 6+ years into Application Security only. He is currently working with '''ValueLabs''' as a “Technical Lead-Security”

He likes to teach and a happy a bug hunter during his leisure time.

== Dec-2017 ==
[[File:WhatsApp Image 2017-12-15 at 11.09.39 PM.jpg|thumb]]
'''Time & Venue:'''

@15/Dec/2017

KFC location, Shilparamam, Hi-Tech city, Hyderabad

'''Agenda:'''

1. Planning for Jan 20th 2018 general OWASP meet - '''Done'''

2. Need to clear OWASP mail account - '''Done'''

'''Attendees : Hyderabad OWASP Core Team'''

== Sec-2017 ==
[[File:WhatsApp Image 2017-12-15 at 10.13.27 PM.jpg|thumb]]
'''Time & Venue:'''

@03/Sep/2017

Cafe Coffee day, Road Number 10, Banjara Hills, Hyderabad

'''Below decisions were made after careful discussions'''

1. Uploading of OWASP presentation template, speakers should make use of this template to prepare their presentation

2. Recording the technical demo is mandate for presenters

'''Attendees : Hyderabad OWASP Core Team'''

== July 2017 ==
'''Time & Venue:'''

OpenText Technologies, Building No-14, 3rd Floor, Raheja Mindspace, HITEH City, Hyderabad

Saturday, July 15th, 2017 at 10:30 AM (IST)

'''Agenda:'''

1. Introduction to DevOps and its Tools - Krishna Reddy Pedala

2. API Security Auditing using RESTED Plug-in - Vikas Kumar Pal

'''About the speaker:'''

'''Krishna Reddy Pedala''' is currently working as an Sr.Information Security consultant in financial sector. His previous endeavour was with Microsoft and has 9+ years of experience in Information security domain with expertise in service industry and banking domains.

'''Vikas Kumar Pal''' is an information security professional working with Ceredox Technologies Pvt Ltd, Hyderabad with an interest in research and development in the areas of Application Security, Penetration Testing and Web Application Development.

== Feb 2017 ==

'''Time & Venue:'''

Starbucks, Opp: Cybergateway, HiTech City, Hyderbad

Monday, February 20th, 2017 at 7.30 PM (IST)

'''Agenda:'''

Topic: New Core Team Meeting

Road map for year 2017

Changes in core team members responsibilities

Getting OWASP accounts for core members

Administration of all social accounts of OWASP Hyderabad Chapter

== April 2016 ==
'''Time & Venue:'''

OpenText Technologies, Building No-14, 3rd Floor, Raheja Mindspace, HITEH City, Hyderabad

Saturday, April 2nd, 2016 at 10:30 AM (IST)

'''Agenda:'''

Topic: Mobile application security and testing by Satish Kumar Patnaik

About the speaker - Satish Kumar Patnayak : he is currently working as an Senior Information Security Consultant financial sector and has 5+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. His areas of interest are android security, ios security.

==February 2016==

'''Time & Venue:'''

Saturday, February 27th, 2016 at 10:30 AM (IST)

Location: Pramati Technologies Private Limited, Mid Town 6-3-348 Road No. 1, Banjara Hills, Hyderabad, Telangana, India

'''Agenda:'''

Microsoft Threat Modeling Tool 2016 by Krishna Reddy Padala

Creating DFD STRIDE Model Identifying STRIDE Threats by DFD, Mitigation Techniques and Technologies

'''About the speaker:''' Krishna Reddy Padala, he is currently working as an Senior Information Security Consultant financial sectore and worked with Microsoft and has 8+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. QUALYS GUARD Certified Vulnerability Management Specialist.Certified Ethical Hacker from EC Council.Worked extensively on Web Application Security, Secure Code Reviews in Banking & Financial, Healthcare, Retail, Logistics domains.

== '''Previous Meets:''' ==

==May 11, 2013==

'''Venue:'''

CA Technologies, 115, IT Park Area, Nanakramguda, Gachibowli - (Phone - 040 6687 8000), Hyderabad

'''Agenda:''' Exploiting Java 0-day by Ravindra and Raghuveer, CA Technologies Compliance and Governance by Shalem Raj, Cognizant.

==February 9, 2013==

'''Date & Time: Saturday, February 9, 2013 from 10:00 AM to 1:00 PM '''

'''Venue:'''
CA Technologies 
115, IT Park Area 
Nanakramguda, Gachibowli - (Phone - 040 6687 8000) 
Hyderabad

'''Agenda:'''
IBM Appscan - An automated approach to web app security by Rohit Tamma 
Insecure Storage in iPhone applications by Satish Bommisetty

''' Speakers: '''

'''Rohit Tamma'''
Rohit Tamma has been working in the field of Application Security since 3.5 years. He has experience in Vulnerability Assessments and Penetration Testing of web applications. He is passionate about Mobile security with special interest in Android security. He is currently working with ADP.

'''Satish Bommisetty'''
Satish is an Information Security Professional with 6.5 years of experience in penetration testing of web applications and mobile applications. He is currently working with ADP as a security analyst. He is a Facebook whitehat. He also reported vulnerabilities in Bing, Linkedin and Paypal.

== October 27, 2012 ==

'''Date & Time: Saturday, October 27, 2012 at 11:00 AM (IST) '''.

'''Venue:'''

Invesco private Limited 
15th Floor , North Block, Beside Raidurg Police Station 
DivyaSree Orion SEZ 
Hyderabad, Andhra Pradesh 500032 

'''Agenda:'''

A bird'd eye view of securing Web Applications by Imran Mohammed

SSDLC BSIMM by M S Sripathi

''' Speakers '''

'''Imran Mohammed'''

Mohammed Imran works as Researcher at TCS, Innovation Labs. He also leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Imran is a CEH and his interests include application security assessment, penetration testing and secure code review. When not at work he practices horse riding and marksmanship.

'''Sreepati M S '''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him .

'''Sponsor'''

Invesco Pvt Ltd

== August 11, 2012 ==

'''Date & Time: Saturday, Aug 11, 2012 at 10:30 AM '''.

'''Venue:'''

ADP pvt ltd 
Kothaguda 
Ground floor, Block C Laxmi cyber city Opposite TCS e-park 
Hyderabad, Andhra Pradesh 500081 

'''Agenda:'''

HTML5 Security Part II by Krishna Chaitanya

''' Speakers '''

'''Krishna Chaitanya T'''

Krishna Chaitanya T is a web geek working at Security & Privacy Research Lab, Infosys Labs. He is very much passionate about the web with special interest on Web security and areas such as HTML5, JavaScript, Web browsers, social networking platforms etc. He is a regular blogger and speaker at technical events. For his contributions to technical communities, he has been awarded Microsoft MVP award for 3 consecutive years-ASP.NET MVP(2010) and Internet Explorer MVP (2011, 2012). He is also pursuing M.S by Research at IIIT-Hyd with focus on security aspects of the modern web. When not at work he practices Yoga and plays Chess.

'''Sponsor'''

https://www.owasp.org/images/9/91/Adp.jpg

== May 19, 2012 ==

'''Date & Time: Saturday, May 19, 2012 at 10:30 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

HTML5 Security by Krishna Chaitanya

''' Speakers '''

'''Krishna Chaitanya T'''

Krishna Chaitanya T is a web geek working at Security & Privacy Research Lab, Infosys Labs. He is very much passionate about the web with special interest on Web security and areas such as HTML5, JavaScript, Web browsers, social networking platforms etc. He is a regular blogger and speaker at technical events. For his contributions to technical communities, he has been awarded Microsoft MVP award for 3 consecutive years-ASP.NET MVP(2010) and Internet Explorer MVP (2011, 2012). He is also pursuing M.S by Research at IIIT-Hyd with focus on security aspects of the modern web. When not at work he practices Yoga and plays Chess.

== February 25, 2012 ==

'''Date & Time: Saturday, February 25, 2012 at 11:00 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

How to find zero days in web applications by Imran & Raghunath

''' Speakers '''

'''Mohammed Imran'''

Imran works as Application Security Researcher at Tata consultancy services,leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Apart from his day job he contributes to matriux and Fedora open source projects. Imran is a CEH and his interests include application security assessment, penetration testing and code review.

'''Raghunath'''

Raghunath works as a senior security engineer at entersoft information systems private limited. His interests include web application penetration testing.

== December 17, 2011 ==

'''Date & Time: Saturday, at 10:30 AM '''.

'''Venue: '''

Hotel Sitara Grand 
Road No.12, Road No.12, Banjara Hills 
Hyderabad, Andhra Pradesh 500034, India 

'''Agenda:'''

Cloud Security by Arshad Noor

''' Speakers '''

'''Arshad Noor'''
Chief Technology Officer
StrongAuth, Inc., Sunnyvale, California

Started his great profession as a senior systems designer way back in 1986 at Port Authority of Newyork and New Jersey,- Newyork and worked in Citibank - newyork as Vice President apart from Newyork Life Insurance, BASF Corporation, Sun IT ,Sun Microsystems, INC to name.
Architected and built several Public Key Infrastructure (PKI) assignments for several defense, communication, medical, Banking, e-commerce, life sciences and other industries.

== November 12, 2011==

'''Date & Time: Saturday, at 10:30 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

HP WebInspect by Rohit Tamma

Pentesting Iphone Applications By B Satish

''' Speakers '''

'''Rohit Tamma'''

Rohit Tamma (CEH) has been working as a Application security Analyst in TCS from past 2 years. His job responsibilities include Vulnerability Assessment and Penetration Testing which enabled him to acquire extensive knowledge on HP WebInspect,IBM Rational Appscan Source Edition and HP Assessment Management Platform. Recently he also gave a presentation in Null Hyderabad meet on HP WebInspect.

'''Satish B'''

Satish has been working as a web application penetration tester since 5 years. Pentested over 200 web applications during this period. Recently he got involved in reverse engineering of binaries, WLAN security and mobile application hacking. He also Performed a couple of network assessments and source code reviews. Developed a compiler in the early stage of the career. He has a Bachelor’s Degree in Computer Science from JNTU, Hyderabad.Passionate about hacking and sharing knowledge.

== 20th August 2011 ==

'''Date & Time: Saturady, at 11 AM '''

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

Oracle Padding Attack by B. Satish

Open SAM part II by Sripati MS

''' Speakers '''

'''B Satish'''

I have been working as a web application penetration tester since 5 years. Pentested over 200 web applications during this period. Recently got involved in reverse engineering of binaries, WLAN security and mobile application hacking. Performed a couple of network assessments and source code reviews. Developed a compiler in the early stage of the career. I have a Bachelor’s Degree in Computer Science from JNTU, Hyderabad. Passionate about hacking and sharing knowledge

'''Sreepati M S'''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him

== July 2011 ==

'''Date: 23/07/2011 saturady of at 12:00 Noon '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

Presentation on Burp Suite by Omair Seminar on Open SAM by Sreepati

''' Speakers '''

'''Sreepati M S '''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him

 

'''Omair '''

Omair works as penetration tester in NII consulting, has over 5 years of experience in Penetration testing. His interests include Network Penetration testing, Exploit generation and Reverse engineering

 ''' Facility Sponsor & Refreshment sponsor'''

3i Infotech

[[Image:3i Infotech.png]]

 

== june 2011 ==

'''Meet on:''' 11/06/2011 saturday

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Facility Sponsor & Refreshment sponsor''' 

Cognizant Technology Solutions

 

[[Image:Cognizant.png|273x86px|Cognizant.png]]

 

== May 2011 ==

'''Meet on:''' 07/05/2011 saturday

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

XSS Autopsy and w3af by Imran

''' Speakers '''

'''Mohammed Imran'''

Imran works as Application Security Researcher at Tata consultancy services,leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Apart from his day job he contributes to matriux and Fedora open source projects. Imran is a CEH and his interests include application security assessment, penetration testing and code review.

'''Sponsor''' 

Cognizant Technology Solutions

 

==== Audio/Video/Slides Archive ====

<paypal>Hyderabad</paypal>

__NOTOC__ <headertabs></headertabs>

[[Category:OWASP_Chapter]]
[[Category:Asia/Pacific/Middle East]]
[[Category:India]]
[[Category:Hyderabad]]

Hyderabad

2019-03-06T07:25:19Z

Raj Shalem:

Welcome to the OWASP Hyderabad chapter homepage.

== OWASP - Hyderabad Chapter Board Members ==
Scope of the board is to discuss and approve local activities, meetings and plans.The board meetings will be announced at a later date. 

'''The board currently includes the following members :'''

''Core Team Members - Since 2017'' [mailto:gshalemraj@gmail.com Shalem Raj - Cognizant Technology Solutions] : Chapter Leader [mailto:rajesh.gopal@owasp.org Rajesh Gopal - Fortune 500 Organisation] [mailto:bhaskar.puppala@owasp.org Bhaskar Puppala - Fortune 500 Organisation] [mailto:sathya.achanta@owasp.org Achanta Sathya Phani Bapi Raju - CSC] [mailto:saikrishna.gobburi@owasp.org Saikrishna Gobburi - Pramati Technologies Pvt Ltd] 

Information about future meets can be seen in the '''''Upcoming Meetings''''' section below.

== '''Location Details''' ==

Hyderabad is the capital of southern India's Telangana state. A major center for the technology industry, it's home to many upscale restaurants and shops. Its historic sites include Golconda Fort, a former diamond-trading center that was once the Qutb Shahi dynastic capital. The Charminar, a 16th-century mosque whose 4 arches support towering minarets, is an old city landmark near the long-standing Laad Bazaar.

[[File:Hydskyline.jpg|Panorama of Hyderabad, as seen from the Hussain Sagar lake. Source: https://en.wikipedia.org/wiki/Hyderabad#/media/File:Hydskyline.jpg|center|1150x1150px]]

More details about Hyderabad location available @https://en.wikipedia.org/wiki/Hyderabad<nowiki/>{{Chapter Template|chaptername=Hyderabad|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-hyderabad|emailarchives=http://lists.owasp.org/pipermail/owasp-hyderabad}}
== Participants ==

OWASP Local Chapter meetings are free and open. Our chapter's meetings are informal and encourage open discussion of all aspects of application security. Anyone in our area interested in web application security is welcome to attend. We encourage attendees to give short presentations about specific topics.

 Stay Updated

'''[https://lists.owasp.org/mailman/listinfo/owasp-hyderabad Click here to join the local chapter mailing list]'''

'''Follow''' OWASP Hyderabad on your favorite social media sites:

[[Image:Twitter mini.png|link=http://twitter.com/OWASPHyderabad]] [[Image:Facebook mini.png|link=https://www.facebook.com/pages/Owasp-Hyderabad/181569591897591]]

'''Share''' OWASP Hyderabad on your favorite social media sites:

Presentations are invited from speakers, Please contacts us at our Telegram Group @https://goo.gl/EHqdLM

(Don't share personal details like contact numbers here, because its an open group, your privacy is our concern)

Presenters are encouraged to use OWASP presentation template for slides preparation.

Follow us at our Telegram, Twitter and Facebook handles to get latest information !

== Presentations and Training[edit | edit source] ==
OWASP Track

[https://www.owasp.org/index.php/Speaker_Agreement Speaker Agreement]

[https://www.owasp.org/images/b/b3/OWASP_Presentation_Template_v2.zip Presentation Template]

[https://www.owasp.org/index.php/Image:CFP_template.doc Call For Papers Template]

[https://www.owasp.org/images/8/85/OWASP_CFT_Template-1-.doc Call For Training proposal template].

[http://www.owasp.org/images/4/4b/SAMPLE_Training_Instructor_Agreement.doc Training Instructor Agreement]

== '''Upcoming Meetings & Events''' ==
''Stay tuned for 2019 updates - Exciting activities are under plan !''

== [[Meeting]] Details: ==

== Mar - 2019 - One-Day Conference ==
'''Organized''' '''by''' : S&P Global

'''Date :''' '''09/Mar/2019'''

'''Timings :''' 9.00 AM Registration starts

'''Event :''' 10.00 AM to 06.00 PM IST

'''Venue :''' @Ness Software Engineering Services India ,LLP, '''4th Floor, Block 5, East Tower,''' '''North wing Divyasree NSL Infrastructure Pvt''', ,Sy No.66/1, Raidurgam Village, Serlingampally Mandal, RR Dist, Hyderabad-500032, Telangana, India

'''Registration Link:''' https://www.meraevents.com/event/owasp-hyderabad-chapter-march-2019-oneday-meet-by-sandp-global
{| class="wikitable"
|'''Registration & Networking'''
|-
|Welcome and Overview by OWASP Core Team:

''Felicitation to Guest of Honor: '''G Janaki Sharmila''' - Dy. Commissioner of Police - Crime''

http://www.cyberabadpolice.gov.in/crime-wing/dcp-crimes.html

''Welcome note by S&P Global Team''
|-
|'''Authentication in API, Microservices Architecture''' '''and Cloud Security''' – By ''Varun Kumar Srivastava'':

Varun is principal Engineer with 9 + years of experience in developing and securing web applications and expertise in Application Security, Identity and Access management, He is a computer science graduate from IIT
|-
|Refreshments / Tea Break
|-
|'''''Panel Discussion''''' ''(Cybersecurity Readiness – Maturity and Capability)''

Dr. Bheemarjuna Reddy Tamma - Associate Professor, IIT Hyderabad - https://www.iith.ac.in/~tbr/

Dr. V. Radha, Associate Professor, Institute for Development and Research in Banking Technology (IDRBT) - http://idrbt.ac.in/vradha.html

Mr. Veeraindhra Dinker, Director Information Security at GSS Infotech Hyderabad - https://www.linkedin.com/in/vdinker

Mr. Venu Rao , Founder and CEO - We Secure App - https://www.linkedin.com/in/venu-rao-wsa
|-
|'''Networking Lunch -'''

'''Registrations for Onsite Hackathon by Secure Code Warrior'''
|-
|'''Executive Briefing: Secure Software Development''' – By Satish Kumar Vadlakonda: Satish is Associate Director with 12 + years of broad industry experience in to software design, architecture and development. Specialized in Web and Windows applications development with a strong acquaintance to the best practices of Agile, UX, UI and Information security
|-
|'''An Introduction to IOT firmware analysis and Security''' – By ''Vivek Rengarajan:''

Vivek is a cybersecurity team leader in a multinational bank with almost 18 years of experience. He has held varied roles in his career and has been a cyber security enthusiast for a long time. His areas of interest include mobile and ioT security, Malware analysis and reverse engineering and exploit development. He tweets at @vivek_310
|-
|Refreshments / Tea Break
|-
|'''''Onsite Hackathon (CTF) by''''' '''''Secure Code Warrior''': '''(3 Hours)'''''[[File:SCW LOGO.png|thumb]]

''Secure Code Warrior is a global security company that makes software development better and more secure: Gamified competitive Developer Quality Assurance platform''

https://securecodewarrior.com , https://insights.securecodewarrior.com

'''Announcement of the winners and Prize distribution'''
|-
|'''Vote of Thanks'''

Closing: Network Business / Announce Next Meeting – By OWASP Team
|-
|Meeting Concludes: ''Network Social''
|}

== Dec - 2018 ==
[[File:Session Photo.jpg|thumb]]
[[File:Group Photo.jpg|thumb]]
'''Organized''' '''by''' : ThoughtWorks Technologies Private Limited

'''Date :''' 15/Dec/2018

'''Timings :''' 10.00 AM to 1.00 PM IST

'''Venue :''' ThoughtWorks Technologies Private Limited, Hyderabad, Telangana, India

'''Registration Link:''' https://www.eventbrite.com/e/owasp-hyderabad-december-2018-chapter-meet-tickets-53371662078#

'''Agenda:'''

'''1) All about Java Deserialization Vulnerability'''

Java Deserialization of untrusted data has been a security buzzword for the past couple of years with almost every application using native Java serialization framework being vulnerable to Java deserialization attacks. Since it's inception, there have been many scattered attempts to come up with a solution to best address this flaw. In this talk we will focus on Java deserialization vulnerability and mitigation framework provided by Oracle in its latest JDK.

'''About Speakers:''' Venkata Suresh Sanga is a Principle Security Engineer in Oracle having more than 13+ years of experience in Application Development and Security. Currently working on SAST Tools to remediate or mitigate the Application Vulnerabilities. He has Masters in Computer Science (M.Tech) from Andhra University. Linkedin : <nowiki>https://in.linkedin.com/in/svsuresh-appse</nowiki>

'''Our Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Our Twitter URL:''' https://twitter.com/owasphyderabad

'''Our Telegram URL:''' https://goo.gl/EHqdLM

== Sept-2018 - One-Day Conference ==
'''Organized''' '''by''' : S&P Global and Ness

'''Date :''' 01/Sept/2018

'''Timings :''' 10.00 AM to 05.30 PM IST

'''Venue :''' @Ness Software Engineering Services India ,LLP, 4th Floor, Block 5, East Tower, '''North wing Divyasree NSL Infrastructure Pvt''', ,Sy No.66/1, Raidurgam Village, Serlingampally Mandal, RR Dist, Hyderabad-500032, Telangana, India

'''Registration Link:'''

https://www.meraevents.com/event/owasp-hyderabad-september-2018-chapter-meet?ucode=organizer

'''Agenda:'''
{| class="wikitable"
|'''Registration & Networking'''
|-
|Welcome and Overview by OWASP Core Team

Welcome note by S&P Global Team

Welcome & Overview of Meeting by OWASP Network Representative
|-
|'''Running Frida on jailed devices by using Frida and to bypass root/jailbreak detection – By Satish Kumar Patnayak'''

About Speaker : Information Security Consultant with 7+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. His areas of interest are android security, ios security
|-
|Refreshments / Tea Break
|-
|'''SSRF Exploit Development – By Aayush Deo'''

About Speaker : Good industry experience in information security and completed my BE from PUNE University. Have worked with shopclues.com, an eCommerce company in the past and have couple of Hall of Fame’s on ZETA, Paytm etc.
|-
|Networking Lunch
|-
|'''Mobile Vulnerabilities worth Millions - Pentesting and Securing iOS Apps using OWASP iGoat – By Swaroop Deepak Yermalkar'''

About Speaker : works as Sr Security Engineer with a diverse skill set focused on Mobile App Pentest, Web, API and AWS Pentesting. In addition he has authored the popular book “Learning iOS Pentesting” (<nowiki>https://goo.gl/T8jvjJ</nowiki>) and lead an open source project - OWASP iGoat (<nowiki>https://github.com/OWASP/iGoat-Swift</nowiki>) which is developed for mobile security. He is one of the top bug bounty researchers worldwide, working with Cobalt.io (<nowiki>https://app.cobalt.io/swaroopsy</nowiki>), Synack.inc.

He has given talks and workshops at many security conferences including AppSec USA 2017, BruCON, SEC-T, EuropeanSec, Hacks in Taiwan (HITCON), GroundZero, c0c0n, 0x90, GNUnify
|-
|'''OS Command Injection - Observation, Attack & Analysis (A1 - OWASP Top 10 2017) - By Bhaskar Puppala and Saikrishna Gobburi'''

About Speaker: Bhaskar Puppala is an Information Security Professional, working as a consultant for a fortune 500 company and has 8.5 years of experience. He is more interested in application security area and love to share his knowledge when possible. He also has some experience in bug bounty programs and listed on couple of Security Hall of Fames.

For more details please visit : <nowiki>https://in.linkedin.com/in/bhaskar-puppala-3bb11316</nowiki>

About Speaker: Saikrishna Gobburi has around 8.5 years of work experience on QA automation, performance and security testing .Currently he is working as Principal engineer with Pramati technologies. He is also associated as core member with OWASP-Hyderabad.

For more details please visit: <nowiki>https://www.linkedin.com/in/saikrishna-gobburi-b0088118/</nowiki>
|-
|Refreshments / Tea Break
|-
|Panel Discussion – Corporate attack methodology vs Attacks in the wild (Resource pool: Demand vs Supply)
Panel to be announced
|-
|Closing - Network Business / Announce Next Meeting – By OWASP Team
|-
|''Network Social''
|}
'''Sponsor :'''
{| class="wikitable"
!1
!2
! rowspan="2" |[[File:SP1.png|thumb|S and P]]
|-
| colspan="2" |[[File:SP1.png|thumb|S and P]]
|-
| colspan="3" |[[File:SP1.png|thumb|S and P]]
|}
[[File:SP.png|thumb|168x168px|Sponsor]]

== July - 2018[edit | edit source] ==
'''Time & Venue:'''
[[File:July 2018 Core Team meet.jpg|thumb|July 2018 Core Team Meet]]
@28/July/2018

CCD, Banjara Hills, Hyderabad, Telangana.

'''Agenda:'''

1. Planning for Sep 2018 OWASP meet - '''Done'''

2. Telegraph Group Mentoring - '''Done'''

3. Speakers Finalizing - '''Done'''

'''Attendees : Hyderabad OWASP Core Team'''

[[File:CoMakeIT - June 2018 Meet Pic 2.jpg|thumb|CoMakeIT - June 2018 Meet]]

== June - 2018 ==
[[File:CoMakeIT - June 2018 Meet.jpg|alt=CoMakeIT - June 2018 Meet|thumb|CoMakeIT - June 2018 Meet]]
'''Venue: coMakeIT Software Pvt Ltd'''

Address: 7th Floor, Block-I, My Home Hub, Hitech City, Madhapur, Hyderabad, INDIA

'''Event Start Time:''' Saturday, 23rd June, 2018 at 10:00 AM (IST)

'''Event Registration URL''': https://tinyurl.com/yc9cb6hg

'''Agenda:'''

'''1) Adapting to DevSecOps in Agile World'''

In this talk, speaker will try talk about basics of DevSecOps and its benefits when we integrate it in Agile SDLC space.

'''2) Understanding the internals of 'Server-Side Request Forgery' (SSRF)'''

Here speaker will try to touch the basics about how application communicates with end devices and using the same he will try to explain SSRF issue and criticality of it, if exploited.

'''About Speakers:'''

'''1) Saikrishna Gobburi''' has around 8.5 years of work experience on QA automation, performance and security testing .Currently he is working as Principle engineer with Pramati technologies. He is also associated as core member with OWASP-Hyderabad. For more details please visit: <nowiki>https://www.linkedin.com/in/saikrishna-gobburi-b0088118/</nowiki>

'''2) Bhaskar Puppala''' is an Information Security Professional, working as a consultant for a fortune 500 company and has 8.5 years of experience. He is more interested in application security area and love to share his knowledge when possible. He also has some experience in bug bounty programs and listed on couple of Security Hall of Fames. For more details please visit : <nowiki>https://in.linkedin.com/in/bhaskar-puppala-3bb11316</nowiki>

'''Our Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Our Twitter URL:''' https://twitter.com/owasphyderabad

'''Our Telegram URL:''' https://goo.gl/EHqdLM

== Mar - 2018 ==
[[File:Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet.jpg|alt=Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet|thumb|Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet]]
'''Venue: Daspalla Hotel'''
[[File:Daspalla_Hotel_-_Meet.jpg|thumb|Daspalla Hotel Meet - Mar 2018]]

Address: Rd Number 37, CBI Colony, Jubilee Hills, Hyderabad, Telangana 500033, Phone: 040 6654 5678

'''Event Start Time:''' Saturday, 10th Mar, 2018 at 10:00 AM (IST)

'''Agenda:'''

'''1) Does your Pentesting cover all the basis of IT Security ?'''

This talk focuses on how to align the security validation of a web application with the three basic elements of security namely,Confidentiality,Integrity, and Availability (CIA). The test effectiveness can be achieved by analyzing the requirements of each element and identifying the potential breaches that can compromise each element. The efficiency should be built by relating these breaches with the known OWASP Top 10 and other vulnerabilities and, leveraging that knowledge to identify the testing approach - static and dynamic throughout the SDLC.

'''About Speakers:'''

'''Bhushan Gupta''' has over 30 years of experience in software engineering, 23 of which have been in the software industry. Although recognized for his contributions in the areas of software engineering such as agile processes and quality methods and metrics, Bhushan has taken a vigorous interest in web application security and is keen on applying pragmatic software development practices that yield a secure product. He is one of the leaders of the OWASP Portland Chapter. Bhushan has been a speaker, a panelist, and a reviewer for software quality and security organizations. As a change agent, Bhushan volunteers his time and energy for organizations that promote software security and quality. He has a MS degree in Computer Science from New Mexico Institute of Mining and Technology, Socorro, New Mexico, 1985.

'''Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Twitter URL:''' https://twitter.com/owasphyderabad

'''Telegram URL:''' https://goo.gl/EHqdLM

'''Registration URL:''' https://goo.gl/tEXnec

== Feb-2018 ==

=== '''Venue: coMakeIT''' ===
7th Floor, Block-I, My Home Hub, Hitech City, Madhapur, Hyderabad, INDIA

'''Time:''' Saturday, 03rd Feb, 2018 at 10:30 AM (IST)

'''Agenda:'''

1) Mobile Application Pentest & Mobile Application Ransomware

2) Using Static Analyser tools while coding

'''About Speakers:'''

1) '''Spv Reddy''' is an Application Security Analyst at '''IMImobile Pvt Ltd''', member of '''National Technical Committee Member''' at National Cyber Safety and Security Standards

Also a '''Steering Committee Lead''' Member in National Information Security Summit.

2) '''Dathu Rachapudi''' is having 9 years of experience with 6+ years into Application Security only. He is currently working with '''ValueLabs''' as a “Technical Lead-Security”

He likes to teach and a happy a bug hunter during his leisure time.

== Dec-2017 ==
[[File:WhatsApp Image 2017-12-15 at 11.09.39 PM.jpg|thumb]]
'''Time & Venue:'''

@15/Dec/2017

KFC location, Shilparamam, Hi-Tech city, Hyderabad

'''Agenda:'''

1. Planning for Jan 20th 2018 general OWASP meet - '''Done'''

2. Need to clear OWASP mail account - '''Done'''

'''Attendees : Hyderabad OWASP Core Team'''

== Sec-2017 ==
[[File:WhatsApp Image 2017-12-15 at 10.13.27 PM.jpg|thumb]]
'''Time & Venue:'''

@03/Sep/2017

Cafe Coffee day, Road Number 10, Banjara Hills, Hyderabad

'''Below decisions were made after careful discussions'''

1. Uploading of OWASP presentation template, speakers should make use of this template to prepare their presentation

2. Recording the technical demo is mandate for presenters

'''Attendees : Hyderabad OWASP Core Team'''

== July 2017 ==
'''Time & Venue:'''

OpenText Technologies, Building No-14, 3rd Floor, Raheja Mindspace, HITEH City, Hyderabad

Saturday, July 15th, 2017 at 10:30 AM (IST)

'''Agenda:'''

1. Introduction to DevOps and its Tools - Krishna Reddy Pedala

2. API Security Auditing using RESTED Plug-in - Vikas Kumar Pal

'''About the speaker:'''

'''Krishna Reddy Pedala''' is currently working as an Sr.Information Security consultant in financial sector. His previous endeavour was with Microsoft and has 9+ years of experience in Information security domain with expertise in service industry and banking domains.

'''Vikas Kumar Pal''' is an information security professional working with Ceredox Technologies Pvt Ltd, Hyderabad with an interest in research and development in the areas of Application Security, Penetration Testing and Web Application Development.

== Feb 2017 ==

'''Time & Venue:'''

Starbucks, Opp: Cybergateway, HiTech City, Hyderbad

Monday, February 20th, 2017 at 7.30 PM (IST)

'''Agenda:'''

Topic: New Core Team Meeting

Road map for year 2017

Changes in core team members responsibilities

Getting OWASP accounts for core members

Administration of all social accounts of OWASP Hyderabad Chapter

== April 2016 ==
'''Time & Venue:'''

OpenText Technologies, Building No-14, 3rd Floor, Raheja Mindspace, HITEH City, Hyderabad

Saturday, April 2nd, 2016 at 10:30 AM (IST)

'''Agenda:'''

Topic: Mobile application security and testing by Satish Kumar Patnaik

About the speaker - Satish Kumar Patnayak : he is currently working as an Senior Information Security Consultant financial sector and has 5+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. His areas of interest are android security, ios security.

==February 2016==

'''Time & Venue:'''

Saturday, February 27th, 2016 at 10:30 AM (IST)

Location: Pramati Technologies Private Limited, Mid Town 6-3-348 Road No. 1, Banjara Hills, Hyderabad, Telangana, India

'''Agenda:'''

Microsoft Threat Modeling Tool 2016 by Krishna Reddy Padala

Creating DFD STRIDE Model Identifying STRIDE Threats by DFD, Mitigation Techniques and Technologies

'''About the speaker:''' Krishna Reddy Padala, he is currently working as an Senior Information Security Consultant financial sectore and worked with Microsoft and has 8+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. QUALYS GUARD Certified Vulnerability Management Specialist.Certified Ethical Hacker from EC Council.Worked extensively on Web Application Security, Secure Code Reviews in Banking & Financial, Healthcare, Retail, Logistics domains.

== '''Previous Meets:''' ==

==May 11, 2013==

'''Venue:'''

CA Technologies, 115, IT Park Area, Nanakramguda, Gachibowli - (Phone - 040 6687 8000), Hyderabad

'''Agenda:''' Exploiting Java 0-day by Ravindra and Raghuveer, CA Technologies Compliance and Governance by Shalem Raj, Cognizant.

==February 9, 2013==

'''Date & Time: Saturday, February 9, 2013 from 10:00 AM to 1:00 PM '''

'''Venue:'''
CA Technologies 
115, IT Park Area 
Nanakramguda, Gachibowli - (Phone - 040 6687 8000) 
Hyderabad

'''Agenda:'''
IBM Appscan - An automated approach to web app security by Rohit Tamma 
Insecure Storage in iPhone applications by Satish Bommisetty

''' Speakers: '''

'''Rohit Tamma'''
Rohit Tamma has been working in the field of Application Security since 3.5 years. He has experience in Vulnerability Assessments and Penetration Testing of web applications. He is passionate about Mobile security with special interest in Android security. He is currently working with ADP.

'''Satish Bommisetty'''
Satish is an Information Security Professional with 6.5 years of experience in penetration testing of web applications and mobile applications. He is currently working with ADP as a security analyst. He is a Facebook whitehat. He also reported vulnerabilities in Bing, Linkedin and Paypal.

== October 27, 2012 ==

'''Date & Time: Saturday, October 27, 2012 at 11:00 AM (IST) '''.

'''Venue:'''

Invesco private Limited 
15th Floor , North Block, Beside Raidurg Police Station 
DivyaSree Orion SEZ 
Hyderabad, Andhra Pradesh 500032 

'''Agenda:'''

A bird'd eye view of securing Web Applications by Imran Mohammed

SSDLC BSIMM by M S Sripathi

''' Speakers '''

'''Imran Mohammed'''

Mohammed Imran works as Researcher at TCS, Innovation Labs. He also leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Imran is a CEH and his interests include application security assessment, penetration testing and secure code review. When not at work he practices horse riding and marksmanship.

'''Sreepati M S '''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him .

'''Sponsor'''

Invesco Pvt Ltd

== August 11, 2012 ==

'''Date & Time: Saturday, Aug 11, 2012 at 10:30 AM '''.

'''Venue:'''

ADP pvt ltd 
Kothaguda 
Ground floor, Block C Laxmi cyber city Opposite TCS e-park 
Hyderabad, Andhra Pradesh 500081 

'''Agenda:'''

HTML5 Security Part II by Krishna Chaitanya

''' Speakers '''

'''Krishna Chaitanya T'''

Krishna Chaitanya T is a web geek working at Security & Privacy Research Lab, Infosys Labs. He is very much passionate about the web with special interest on Web security and areas such as HTML5, JavaScript, Web browsers, social networking platforms etc. He is a regular blogger and speaker at technical events. For his contributions to technical communities, he has been awarded Microsoft MVP award for 3 consecutive years-ASP.NET MVP(2010) and Internet Explorer MVP (2011, 2012). He is also pursuing M.S by Research at IIIT-Hyd with focus on security aspects of the modern web. When not at work he practices Yoga and plays Chess.

'''Sponsor'''

https://www.owasp.org/images/9/91/Adp.jpg

== May 19, 2012 ==

'''Date & Time: Saturday, May 19, 2012 at 10:30 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

HTML5 Security by Krishna Chaitanya

''' Speakers '''

'''Krishna Chaitanya T'''

Krishna Chaitanya T is a web geek working at Security & Privacy Research Lab, Infosys Labs. He is very much passionate about the web with special interest on Web security and areas such as HTML5, JavaScript, Web browsers, social networking platforms etc. He is a regular blogger and speaker at technical events. For his contributions to technical communities, he has been awarded Microsoft MVP award for 3 consecutive years-ASP.NET MVP(2010) and Internet Explorer MVP (2011, 2012). He is also pursuing M.S by Research at IIIT-Hyd with focus on security aspects of the modern web. When not at work he practices Yoga and plays Chess.

== February 25, 2012 ==

'''Date & Time: Saturday, February 25, 2012 at 11:00 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

How to find zero days in web applications by Imran & Raghunath

''' Speakers '''

'''Mohammed Imran'''

Imran works as Application Security Researcher at Tata consultancy services,leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Apart from his day job he contributes to matriux and Fedora open source projects. Imran is a CEH and his interests include application security assessment, penetration testing and code review.

'''Raghunath'''

Raghunath works as a senior security engineer at entersoft information systems private limited. His interests include web application penetration testing.

== December 17, 2011 ==

'''Date & Time: Saturday, at 10:30 AM '''.

'''Venue: '''

Hotel Sitara Grand 
Road No.12, Road No.12, Banjara Hills 
Hyderabad, Andhra Pradesh 500034, India 

'''Agenda:'''

Cloud Security by Arshad Noor

''' Speakers '''

'''Arshad Noor'''
Chief Technology Officer
StrongAuth, Inc., Sunnyvale, California

Started his great profession as a senior systems designer way back in 1986 at Port Authority of Newyork and New Jersey,- Newyork and worked in Citibank - newyork as Vice President apart from Newyork Life Insurance, BASF Corporation, Sun IT ,Sun Microsystems, INC to name.
Architected and built several Public Key Infrastructure (PKI) assignments for several defense, communication, medical, Banking, e-commerce, life sciences and other industries.

== November 12, 2011==

'''Date & Time: Saturday, at 10:30 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

HP WebInspect by Rohit Tamma

Pentesting Iphone Applications By B Satish

''' Speakers '''

'''Rohit Tamma'''

Rohit Tamma (CEH) has been working as a Application security Analyst in TCS from past 2 years. His job responsibilities include Vulnerability Assessment and Penetration Testing which enabled him to acquire extensive knowledge on HP WebInspect,IBM Rational Appscan Source Edition and HP Assessment Management Platform. Recently he also gave a presentation in Null Hyderabad meet on HP WebInspect.

'''Satish B'''

Satish has been working as a web application penetration tester since 5 years. Pentested over 200 web applications during this period. Recently he got involved in reverse engineering of binaries, WLAN security and mobile application hacking. He also Performed a couple of network assessments and source code reviews. Developed a compiler in the early stage of the career. He has a Bachelor’s Degree in Computer Science from JNTU, Hyderabad.Passionate about hacking and sharing knowledge.

== 20th August 2011 ==

'''Date & Time: Saturady, at 11 AM '''

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

Oracle Padding Attack by B. Satish

Open SAM part II by Sripati MS

''' Speakers '''

'''B Satish'''

I have been working as a web application penetration tester since 5 years. Pentested over 200 web applications during this period. Recently got involved in reverse engineering of binaries, WLAN security and mobile application hacking. Performed a couple of network assessments and source code reviews. Developed a compiler in the early stage of the career. I have a Bachelor’s Degree in Computer Science from JNTU, Hyderabad. Passionate about hacking and sharing knowledge

'''Sreepati M S'''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him

== July 2011 ==

'''Date: 23/07/2011 saturady of at 12:00 Noon '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

Presentation on Burp Suite by Omair Seminar on Open SAM by Sreepati

''' Speakers '''

'''Sreepati M S '''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him

 

'''Omair '''

Omair works as penetration tester in NII consulting, has over 5 years of experience in Penetration testing. His interests include Network Penetration testing, Exploit generation and Reverse engineering

 ''' Facility Sponsor & Refreshment sponsor'''

3i Infotech

[[Image:3i Infotech.png]]

 

== june 2011 ==

'''Meet on:''' 11/06/2011 saturday

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Facility Sponsor & Refreshment sponsor''' 

Cognizant Technology Solutions

 

[[Image:Cognizant.png|273x86px|Cognizant.png]]

 

== May 2011 ==

'''Meet on:''' 07/05/2011 saturday

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

XSS Autopsy and w3af by Imran

''' Speakers '''

'''Mohammed Imran'''

Imran works as Application Security Researcher at Tata consultancy services,leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Apart from his day job he contributes to matriux and Fedora open source projects. Imran is a CEH and his interests include application security assessment, penetration testing and code review.

'''Sponsor''' 

Cognizant Technology Solutions

 

==== Audio/Video/Slides Archive ====

<paypal>Hyderabad</paypal>

__NOTOC__ <headertabs></headertabs>

[[Category:OWASP_Chapter]]
[[Category:Asia/Pacific/Middle East]]
[[Category:India]]
[[Category:Hyderabad]]

Hyderabad

2019-03-06T07:23:46Z

Raj Shalem: /* July - 2018[edit | edit source] */

Welcome to the OWASP Hyderabad chapter homepage.

== OWASP - Hyderabad Chapter Board Members ==
Scope of the board is to discuss and approve local activities, meetings and plans.The board meetings will be announced at a later date. 

'''The board currently includes the following members :'''

''Core Team Members - Since 2017'' [mailto:gshalemraj@gmail.com Shalem Raj - Cognizant Technology Solutions] : Chapter Leader [mailto:rajesh.gopal@owasp.org Rajesh Gopal - Fortune 500 Organisation] [mailto:bhaskar.puppala@owasp.org Bhaskar Puppala - Fortune 500 Organisation] [mailto:sathya.achanta@owasp.org Achanta Sathya Phani Bapi Raju - CSC] [mailto:saikrishna.gobburi@owasp.org Saikrishna Gobburi - Pramati Technologies Pvt Ltd] 

Information about future meets can be seen in the '''''Upcoming Meetings''''' section below.

== '''Location Details''' ==

Hyderabad is the capital of southern India's Telangana state. A major center for the technology industry, it's home to many upscale restaurants and shops. Its historic sites include Golconda Fort, a former diamond-trading center that was once the Qutb Shahi dynastic capital. The Charminar, a 16th-century mosque whose 4 arches support towering minarets, is an old city landmark near the long-standing Laad Bazaar.

[[File:Hydskyline.jpg|Panorama of Hyderabad, as seen from the Hussain Sagar lake. Source: https://en.wikipedia.org/wiki/Hyderabad#/media/File:Hydskyline.jpg|center|1150x1150px]]

More details about Hyderabad location available @https://en.wikipedia.org/wiki/Hyderabad<nowiki/>{{Chapter Template|chaptername=Hyderabad|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-hyderabad|emailarchives=http://lists.owasp.org/pipermail/owasp-hyderabad}}
== Participants ==

OWASP Local Chapter meetings are free and open. Our chapter's meetings are informal and encourage open discussion of all aspects of application security. Anyone in our area interested in web application security is welcome to attend. We encourage attendees to give short presentations about specific topics.

 Stay Updated

'''[https://lists.owasp.org/mailman/listinfo/owasp-hyderabad Click here to join the local chapter mailing list]'''

'''Follow''' OWASP Hyderabad on your favorite social media sites:

[[Image:Twitter mini.png|link=http://twitter.com/OWASPHyderabad]] [[Image:Facebook mini.png|link=https://www.facebook.com/pages/Owasp-Hyderabad/181569591897591]]

'''Share''' OWASP Hyderabad on your favorite social media sites:

Presentations are invited from speakers, Please contacts us at our Telegram Group @https://goo.gl/EHqdLM

(Don't share personal details like contact numbers here, because its an open group, your privacy is our concern)

Presenters are encouraged to use OWASP presentation template for slides preparation.

Follow us at our Telegram, Twitter and Facebook handles to get latest information !

== Presentations and Training[edit | edit source] ==
OWASP Track

[https://www.owasp.org/index.php/Speaker_Agreement Speaker Agreement]

[https://www.owasp.org/images/b/b3/OWASP_Presentation_Template_v2.zip Presentation Template]

[https://www.owasp.org/index.php/Image:CFP_template.doc Call For Papers Template]

[https://www.owasp.org/images/8/85/OWASP_CFT_Template-1-.doc Call For Training proposal template].

[http://www.owasp.org/images/4/4b/SAMPLE_Training_Instructor_Agreement.doc Training Instructor Agreement]

== '''Upcoming Meetings & Events''' ==
''Stay tuned for 2019 updates - Exciting activities are under plan !''

== [[Meeting]] Details: ==

== Mar - 2019 - One-Day Conference ==
'''Organized''' '''by''' : S&P Global

'''Date :''' '''09/Mar/2019'''

'''Timings :''' 9.00 AM Registration starts

'''Event :''' 10.00 AM to 06.00 PM IST

'''Venue :''' @Ness Software Engineering Services India ,LLP, '''4th Floor, Block 5, East Tower,''' '''North wing Divyasree NSL Infrastructure Pvt''', ,Sy No.66/1, Raidurgam Village, Serlingampally Mandal, RR Dist, Hyderabad-500032, Telangana, India

'''Registration Link:''' https://www.meraevents.com/event/owasp-hyderabad-chapter-march-2019-oneday-meet-by-sandp-global
{| class="wikitable"
|'''Registration & Networking'''
|-
|Welcome and Overview by OWASP Core Team:

''Felicitation to Guest of Honor: '''G Janaki Sharmila''' - Dy. Commissioner of Police - Crime''

http://www.cyberabadpolice.gov.in/crime-wing/dcp-crimes.html

''Welcome note by S&P Global Team''
|-
|'''Authentication in API, Microservices Architecture''' '''and Cloud Security''' – By ''Varun Kumar Srivastava'':

Varun is principal Engineer with 9 + years of experience in developing and securing web applications and expertise in Application Security, Identity and Access management, He is a computer science graduate from IIT
|-
|Refreshments / Tea Break
|-
|'''''Panel Discussion''''' ''(Cybersecurity Readiness – Maturity and Capability)''

Dr. Bheemarjuna Reddy Tamma - Associate Professor, IIT Hyderabad - https://www.iith.ac.in/~tbr/

Dr. V. Radha, Associate Professor, Institute for Development and Research in Banking Technology (IDRBT) - http://idrbt.ac.in/vradha.html

Mr. Veeraindhra Dinker, Director Information Security at GSS Infotech Hyderabad - https://www.linkedin.com/in/vdinker

Mr. Venu Rao , Founder and CEO - We Secure App - https://www.linkedin.com/in/venu-rao-wsa
|-
|'''Networking Lunch -'''

'''Registrations for Onsite Hackathon by Secure Code Warrior'''
|-
|'''Executive Briefing: Secure Software Development''' – By Satish Kumar Vadlakonda: Satish is Associate Director with 12 + years of broad industry experience in to software design, architecture and development. Specialized in Web and Windows applications development with a strong acquaintance to the best practices of Agile, UX, UI and Information security
|-
|'''An Introduction to IOT firmware analysis and Security''' – By ''Vivek Rengarajan:''

Vivek is a cybersecurity team leader in a multinational bank with almost 18 years of experience. He has held varied roles in his career and has been a cyber security enthusiast for a long time. His areas of interest include mobile and ioT security, Malware analysis and reverse engineering and exploit development. He tweets at @vivek_310
|-
|Refreshments / Tea Break
|-
|'''''Onsite Hackathon (CTF) by''''' '''''Secure Code Warrior''': '''(3 Hours)'''''[[File:SCW LOGO.png|thumb]]

''Secure Code Warrior is a global security company that makes software development better and more secure: Gamified competitive Developer Quality Assurance platform''

https://securecodewarrior.com , https://insights.securecodewarrior.com

'''Announcement of the winners and Prize distribution'''
|-
|'''Vote of Thanks'''

Closing: Network Business / Announce Next Meeting – By OWASP Team
|-
|Meeting Concludes: ''Network Social''
|}

== Dec - 2018 ==
[[File:Session Photo.jpg|thumb]]
[[File:Group Photo.jpg|thumb]]
'''Organized''' '''by''' : ThoughtWorks Technologies Private Limited

'''Date :''' 15/Dec/2018

'''Timings :''' 10.00 AM to 1.00 PM IST

'''Venue :''' ThoughtWorks Technologies Private Limited, Hyderabad, Telangana, India

'''Registration Link:''' https://www.eventbrite.com/e/owasp-hyderabad-december-2018-chapter-meet-tickets-53371662078#

'''Agenda:'''

'''1) All about Java Deserialization Vulnerability'''

Java Deserialization of untrusted data has been a security buzzword for the past couple of years with almost every application using native Java serialization framework being vulnerable to Java deserialization attacks. Since it's inception, there have been many scattered attempts to come up with a solution to best address this flaw. In this talk we will focus on Java deserialization vulnerability and mitigation framework provided by Oracle in its latest JDK.

'''About Speakers:''' Venkata Suresh Sanga is a Principle Security Engineer in Oracle having more than 13+ years of experience in Application Development and Security. Currently working on SAST Tools to remediate or mitigate the Application Vulnerabilities. He has Masters in Computer Science (M.Tech) from Andhra University. Linkedin : <nowiki>https://in.linkedin.com/in/svsuresh-appse</nowiki>

'''Our Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Our Twitter URL:''' https://twitter.com/owasphyderabad

'''Our Telegram URL:''' https://goo.gl/EHqdLM

== Sept-2018 - One-Day Conference ==
'''Organized''' '''by''' : S&P Global and Ness

'''Date :''' 01/Sept/2018

'''Timings :''' 10.00 AM to 05.30 PM IST

'''Venue :''' @Ness Software Engineering Services India ,LLP, 4th Floor, Block 5, East Tower, '''North wing Divyasree NSL Infrastructure Pvt''', ,Sy No.66/1, Raidurgam Village, Serlingampally Mandal, RR Dist, Hyderabad-500032, Telangana, India

'''Registration Link:'''

https://www.meraevents.com/event/owasp-hyderabad-september-2018-chapter-meet?ucode=organizer

'''Agenda:'''
{| class="wikitable"
|'''Registration & Networking'''
|-
|Welcome and Overview by OWASP Core Team

Welcome note by S&P Global Team

Welcome & Overview of Meeting by OWASP Network Representative
|-
|'''Running Frida on jailed devices by using Frida and to bypass root/jailbreak detection – By Satish Kumar Patnayak'''

About Speaker : Information Security Consultant with 7+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. His areas of interest are android security, ios security
|-
|Refreshments / Tea Break
|-
|'''SSRF Exploit Development – By Aayush Deo'''

About Speaker : Good industry experience in information security and completed my BE from PUNE University. Have worked with shopclues.com, an eCommerce company in the past and have couple of Hall of Fame’s on ZETA, Paytm etc.
|-
|Networking Lunch
|-
|'''Mobile Vulnerabilities worth Millions - Pentesting and Securing iOS Apps using OWASP iGoat – By Swaroop Deepak Yermalkar'''

About Speaker : works as Sr Security Engineer with a diverse skill set focused on Mobile App Pentest, Web, API and AWS Pentesting. In addition he has authored the popular book “Learning iOS Pentesting” (<nowiki>https://goo.gl/T8jvjJ</nowiki>) and lead an open source project - OWASP iGoat (<nowiki>https://github.com/OWASP/iGoat-Swift</nowiki>) which is developed for mobile security. He is one of the top bug bounty researchers worldwide, working with Cobalt.io (<nowiki>https://app.cobalt.io/swaroopsy</nowiki>), Synack.inc.

He has given talks and workshops at many security conferences including AppSec USA 2017, BruCON, SEC-T, EuropeanSec, Hacks in Taiwan (HITCON), GroundZero, c0c0n, 0x90, GNUnify
|-
|'''OS Command Injection - Observation, Attack & Analysis (A1 - OWASP Top 10 2017) - By Bhaskar Puppala and Saikrishna Gobburi'''

About Speaker: Bhaskar Puppala is an Information Security Professional, working as a consultant for a fortune 500 company and has 8.5 years of experience. He is more interested in application security area and love to share his knowledge when possible. He also has some experience in bug bounty programs and listed on couple of Security Hall of Fames.

For more details please visit : <nowiki>https://in.linkedin.com/in/bhaskar-puppala-3bb11316</nowiki>

About Speaker: Saikrishna Gobburi has around 8.5 years of work experience on QA automation, performance and security testing .Currently he is working as Principal engineer with Pramati technologies. He is also associated as core member with OWASP-Hyderabad.

For more details please visit: <nowiki>https://www.linkedin.com/in/saikrishna-gobburi-b0088118/</nowiki>
|-
|Refreshments / Tea Break
|-
|Panel Discussion – Corporate attack methodology vs Attacks in the wild (Resource pool: Demand vs Supply)
Panel to be announced
|-
|Closing - Network Business / Announce Next Meeting – By OWASP Team
|-
|''Network Social''
|}
'''Sponsor :'''
{| class="wikitable"
!1
!2
! rowspan="2" |[[File:SP1.png|thumb|S and P]]
|-
| colspan="2" |3
|-
| colspan="3" |All
|}
[[File:SP.png|thumb|168x168px|Sponsor]]

== July - 2018[edit | edit source] ==
'''Time & Venue:'''
[[File:July 2018 Core Team meet.jpg|thumb|July 2018 Core Team Meet]]
@28/July/2018

CCD, Banjara Hills, Hyderabad, Telangana.

'''Agenda:'''

1. Planning for Sep 2018 OWASP meet - '''Done'''

2. Telegraph Group Mentoring - '''Done'''

3. Speakers Finalizing - '''Done'''

'''Attendees : Hyderabad OWASP Core Team'''

[[File:CoMakeIT - June 2018 Meet Pic 2.jpg|thumb|CoMakeIT - June 2018 Meet]]

== June - 2018 ==
[[File:CoMakeIT - June 2018 Meet.jpg|alt=CoMakeIT - June 2018 Meet|thumb|CoMakeIT - June 2018 Meet]]
'''Venue: coMakeIT Software Pvt Ltd'''

Address: 7th Floor, Block-I, My Home Hub, Hitech City, Madhapur, Hyderabad, INDIA

'''Event Start Time:''' Saturday, 23rd June, 2018 at 10:00 AM (IST)

'''Event Registration URL''': https://tinyurl.com/yc9cb6hg

'''Agenda:'''

'''1) Adapting to DevSecOps in Agile World'''

In this talk, speaker will try talk about basics of DevSecOps and its benefits when we integrate it in Agile SDLC space.

'''2) Understanding the internals of 'Server-Side Request Forgery' (SSRF)'''

Here speaker will try to touch the basics about how application communicates with end devices and using the same he will try to explain SSRF issue and criticality of it, if exploited.

'''About Speakers:'''

'''1) Saikrishna Gobburi''' has around 8.5 years of work experience on QA automation, performance and security testing .Currently he is working as Principle engineer with Pramati technologies. He is also associated as core member with OWASP-Hyderabad. For more details please visit: <nowiki>https://www.linkedin.com/in/saikrishna-gobburi-b0088118/</nowiki>

'''2) Bhaskar Puppala''' is an Information Security Professional, working as a consultant for a fortune 500 company and has 8.5 years of experience. He is more interested in application security area and love to share his knowledge when possible. He also has some experience in bug bounty programs and listed on couple of Security Hall of Fames. For more details please visit : <nowiki>https://in.linkedin.com/in/bhaskar-puppala-3bb11316</nowiki>

'''Our Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Our Twitter URL:''' https://twitter.com/owasphyderabad

'''Our Telegram URL:''' https://goo.gl/EHqdLM

== Mar - 2018 ==
[[File:Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet.jpg|alt=Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet|thumb|Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet]]
'''Venue: Daspalla Hotel'''
[[File:Daspalla_Hotel_-_Meet.jpg|thumb|Daspalla Hotel Meet - Mar 2018]]

Address: Rd Number 37, CBI Colony, Jubilee Hills, Hyderabad, Telangana 500033, Phone: 040 6654 5678

'''Event Start Time:''' Saturday, 10th Mar, 2018 at 10:00 AM (IST)

'''Agenda:'''

'''1) Does your Pentesting cover all the basis of IT Security ?'''

This talk focuses on how to align the security validation of a web application with the three basic elements of security namely,Confidentiality,Integrity, and Availability (CIA). The test effectiveness can be achieved by analyzing the requirements of each element and identifying the potential breaches that can compromise each element. The efficiency should be built by relating these breaches with the known OWASP Top 10 and other vulnerabilities and, leveraging that knowledge to identify the testing approach - static and dynamic throughout the SDLC.

'''About Speakers:'''

'''Bhushan Gupta''' has over 30 years of experience in software engineering, 23 of which have been in the software industry. Although recognized for his contributions in the areas of software engineering such as agile processes and quality methods and metrics, Bhushan has taken a vigorous interest in web application security and is keen on applying pragmatic software development practices that yield a secure product. He is one of the leaders of the OWASP Portland Chapter. Bhushan has been a speaker, a panelist, and a reviewer for software quality and security organizations. As a change agent, Bhushan volunteers his time and energy for organizations that promote software security and quality. He has a MS degree in Computer Science from New Mexico Institute of Mining and Technology, Socorro, New Mexico, 1985.

'''Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Twitter URL:''' https://twitter.com/owasphyderabad

'''Telegram URL:''' https://goo.gl/EHqdLM

'''Registration URL:''' https://goo.gl/tEXnec

== Feb-2018 ==

=== '''Venue: coMakeIT''' ===
7th Floor, Block-I, My Home Hub, Hitech City, Madhapur, Hyderabad, INDIA

'''Time:''' Saturday, 03rd Feb, 2018 at 10:30 AM (IST)

'''Agenda:'''

1) Mobile Application Pentest & Mobile Application Ransomware

2) Using Static Analyser tools while coding

'''About Speakers:'''

1) '''Spv Reddy''' is an Application Security Analyst at '''IMImobile Pvt Ltd''', member of '''National Technical Committee Member''' at National Cyber Safety and Security Standards

Also a '''Steering Committee Lead''' Member in National Information Security Summit.

2) '''Dathu Rachapudi''' is having 9 years of experience with 6+ years into Application Security only. He is currently working with '''ValueLabs''' as a “Technical Lead-Security”

He likes to teach and a happy a bug hunter during his leisure time.

== Dec-2017 ==
[[File:WhatsApp Image 2017-12-15 at 11.09.39 PM.jpg|thumb]]
'''Time & Venue:'''

@15/Dec/2017

KFC location, Shilparamam, Hi-Tech city, Hyderabad

'''Agenda:'''

1. Planning for Jan 20th 2018 general OWASP meet - '''Done'''

2. Need to clear OWASP mail account - '''Done'''

'''Attendees : Hyderabad OWASP Core Team'''

== Sec-2017 ==
[[File:WhatsApp Image 2017-12-15 at 10.13.27 PM.jpg|thumb]]
'''Time & Venue:'''

@03/Sep/2017

Cafe Coffee day, Road Number 10, Banjara Hills, Hyderabad

'''Below decisions were made after careful discussions'''

1. Uploading of OWASP presentation template, speakers should make use of this template to prepare their presentation

2. Recording the technical demo is mandate for presenters

'''Attendees : Hyderabad OWASP Core Team'''

== July 2017 ==
'''Time & Venue:'''

OpenText Technologies, Building No-14, 3rd Floor, Raheja Mindspace, HITEH City, Hyderabad

Saturday, July 15th, 2017 at 10:30 AM (IST)

'''Agenda:'''

1. Introduction to DevOps and its Tools - Krishna Reddy Pedala

2. API Security Auditing using RESTED Plug-in - Vikas Kumar Pal

'''About the speaker:'''

'''Krishna Reddy Pedala''' is currently working as an Sr.Information Security consultant in financial sector. His previous endeavour was with Microsoft and has 9+ years of experience in Information security domain with expertise in service industry and banking domains.

'''Vikas Kumar Pal''' is an information security professional working with Ceredox Technologies Pvt Ltd, Hyderabad with an interest in research and development in the areas of Application Security, Penetration Testing and Web Application Development.

== Feb 2017 ==

'''Time & Venue:'''

Starbucks, Opp: Cybergateway, HiTech City, Hyderbad

Monday, February 20th, 2017 at 7.30 PM (IST)

'''Agenda:'''

Topic: New Core Team Meeting

Road map for year 2017

Changes in core team members responsibilities

Getting OWASP accounts for core members

Administration of all social accounts of OWASP Hyderabad Chapter

== April 2016 ==
'''Time & Venue:'''

OpenText Technologies, Building No-14, 3rd Floor, Raheja Mindspace, HITEH City, Hyderabad

Saturday, April 2nd, 2016 at 10:30 AM (IST)

'''Agenda:'''

Topic: Mobile application security and testing by Satish Kumar Patnaik

About the speaker - Satish Kumar Patnayak : he is currently working as an Senior Information Security Consultant financial sector and has 5+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. His areas of interest are android security, ios security.

==February 2016==

'''Time & Venue:'''

Saturday, February 27th, 2016 at 10:30 AM (IST)

Location: Pramati Technologies Private Limited, Mid Town 6-3-348 Road No. 1, Banjara Hills, Hyderabad, Telangana, India

'''Agenda:'''

Microsoft Threat Modeling Tool 2016 by Krishna Reddy Padala

Creating DFD STRIDE Model Identifying STRIDE Threats by DFD, Mitigation Techniques and Technologies

'''About the speaker:''' Krishna Reddy Padala, he is currently working as an Senior Information Security Consultant financial sectore and worked with Microsoft and has 8+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. QUALYS GUARD Certified Vulnerability Management Specialist.Certified Ethical Hacker from EC Council.Worked extensively on Web Application Security, Secure Code Reviews in Banking & Financial, Healthcare, Retail, Logistics domains.

== '''Previous Meets:''' ==

==May 11, 2013==

'''Venue:'''

CA Technologies, 115, IT Park Area, Nanakramguda, Gachibowli - (Phone - 040 6687 8000), Hyderabad

'''Agenda:''' Exploiting Java 0-day by Ravindra and Raghuveer, CA Technologies Compliance and Governance by Shalem Raj, Cognizant.

==February 9, 2013==

'''Date & Time: Saturday, February 9, 2013 from 10:00 AM to 1:00 PM '''

'''Venue:'''
CA Technologies 
115, IT Park Area 
Nanakramguda, Gachibowli - (Phone - 040 6687 8000) 
Hyderabad

'''Agenda:'''
IBM Appscan - An automated approach to web app security by Rohit Tamma 
Insecure Storage in iPhone applications by Satish Bommisetty

''' Speakers: '''

'''Rohit Tamma'''
Rohit Tamma has been working in the field of Application Security since 3.5 years. He has experience in Vulnerability Assessments and Penetration Testing of web applications. He is passionate about Mobile security with special interest in Android security. He is currently working with ADP.

'''Satish Bommisetty'''
Satish is an Information Security Professional with 6.5 years of experience in penetration testing of web applications and mobile applications. He is currently working with ADP as a security analyst. He is a Facebook whitehat. He also reported vulnerabilities in Bing, Linkedin and Paypal.

== October 27, 2012 ==

'''Date & Time: Saturday, October 27, 2012 at 11:00 AM (IST) '''.

'''Venue:'''

Invesco private Limited 
15th Floor , North Block, Beside Raidurg Police Station 
DivyaSree Orion SEZ 
Hyderabad, Andhra Pradesh 500032 

'''Agenda:'''

A bird'd eye view of securing Web Applications by Imran Mohammed

SSDLC BSIMM by M S Sripathi

''' Speakers '''

'''Imran Mohammed'''

Mohammed Imran works as Researcher at TCS, Innovation Labs. He also leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Imran is a CEH and his interests include application security assessment, penetration testing and secure code review. When not at work he practices horse riding and marksmanship.

'''Sreepati M S '''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him .

'''Sponsor'''

Invesco Pvt Ltd

== August 11, 2012 ==

'''Date & Time: Saturday, Aug 11, 2012 at 10:30 AM '''.

'''Venue:'''

ADP pvt ltd 
Kothaguda 
Ground floor, Block C Laxmi cyber city Opposite TCS e-park 
Hyderabad, Andhra Pradesh 500081 

'''Agenda:'''

HTML5 Security Part II by Krishna Chaitanya

''' Speakers '''

'''Krishna Chaitanya T'''

Krishna Chaitanya T is a web geek working at Security & Privacy Research Lab, Infosys Labs. He is very much passionate about the web with special interest on Web security and areas such as HTML5, JavaScript, Web browsers, social networking platforms etc. He is a regular blogger and speaker at technical events. For his contributions to technical communities, he has been awarded Microsoft MVP award for 3 consecutive years-ASP.NET MVP(2010) and Internet Explorer MVP (2011, 2012). He is also pursuing M.S by Research at IIIT-Hyd with focus on security aspects of the modern web. When not at work he practices Yoga and plays Chess.

'''Sponsor'''

https://www.owasp.org/images/9/91/Adp.jpg

== May 19, 2012 ==

'''Date & Time: Saturday, May 19, 2012 at 10:30 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

HTML5 Security by Krishna Chaitanya

''' Speakers '''

'''Krishna Chaitanya T'''

Krishna Chaitanya T is a web geek working at Security & Privacy Research Lab, Infosys Labs. He is very much passionate about the web with special interest on Web security and areas such as HTML5, JavaScript, Web browsers, social networking platforms etc. He is a regular blogger and speaker at technical events. For his contributions to technical communities, he has been awarded Microsoft MVP award for 3 consecutive years-ASP.NET MVP(2010) and Internet Explorer MVP (2011, 2012). He is also pursuing M.S by Research at IIIT-Hyd with focus on security aspects of the modern web. When not at work he practices Yoga and plays Chess.

== February 25, 2012 ==

'''Date & Time: Saturday, February 25, 2012 at 11:00 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

How to find zero days in web applications by Imran & Raghunath

''' Speakers '''

'''Mohammed Imran'''

Imran works as Application Security Researcher at Tata consultancy services,leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Apart from his day job he contributes to matriux and Fedora open source projects. Imran is a CEH and his interests include application security assessment, penetration testing and code review.

'''Raghunath'''

Raghunath works as a senior security engineer at entersoft information systems private limited. His interests include web application penetration testing.

== December 17, 2011 ==

'''Date & Time: Saturday, at 10:30 AM '''.

'''Venue: '''

Hotel Sitara Grand 
Road No.12, Road No.12, Banjara Hills 
Hyderabad, Andhra Pradesh 500034, India 

'''Agenda:'''

Cloud Security by Arshad Noor

''' Speakers '''

'''Arshad Noor'''
Chief Technology Officer
StrongAuth, Inc., Sunnyvale, California

Started his great profession as a senior systems designer way back in 1986 at Port Authority of Newyork and New Jersey,- Newyork and worked in Citibank - newyork as Vice President apart from Newyork Life Insurance, BASF Corporation, Sun IT ,Sun Microsystems, INC to name.
Architected and built several Public Key Infrastructure (PKI) assignments for several defense, communication, medical, Banking, e-commerce, life sciences and other industries.

== November 12, 2011==

'''Date & Time: Saturday, at 10:30 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

HP WebInspect by Rohit Tamma

Pentesting Iphone Applications By B Satish

''' Speakers '''

'''Rohit Tamma'''

Rohit Tamma (CEH) has been working as a Application security Analyst in TCS from past 2 years. His job responsibilities include Vulnerability Assessment and Penetration Testing which enabled him to acquire extensive knowledge on HP WebInspect,IBM Rational Appscan Source Edition and HP Assessment Management Platform. Recently he also gave a presentation in Null Hyderabad meet on HP WebInspect.

'''Satish B'''

Satish has been working as a web application penetration tester since 5 years. Pentested over 200 web applications during this period. Recently he got involved in reverse engineering of binaries, WLAN security and mobile application hacking. He also Performed a couple of network assessments and source code reviews. Developed a compiler in the early stage of the career. He has a Bachelor’s Degree in Computer Science from JNTU, Hyderabad.Passionate about hacking and sharing knowledge.

== 20th August 2011 ==

'''Date & Time: Saturady, at 11 AM '''

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

Oracle Padding Attack by B. Satish

Open SAM part II by Sripati MS

''' Speakers '''

'''B Satish'''

I have been working as a web application penetration tester since 5 years. Pentested over 200 web applications during this period. Recently got involved in reverse engineering of binaries, WLAN security and mobile application hacking. Performed a couple of network assessments and source code reviews. Developed a compiler in the early stage of the career. I have a Bachelor’s Degree in Computer Science from JNTU, Hyderabad. Passionate about hacking and sharing knowledge

'''Sreepati M S'''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him

== July 2011 ==

'''Date: 23/07/2011 saturady of at 12:00 Noon '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

Presentation on Burp Suite by Omair Seminar on Open SAM by Sreepati

''' Speakers '''

'''Sreepati M S '''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him

 

'''Omair '''

Omair works as penetration tester in NII consulting, has over 5 years of experience in Penetration testing. His interests include Network Penetration testing, Exploit generation and Reverse engineering

 ''' Facility Sponsor & Refreshment sponsor'''

3i Infotech

[[Image:3i Infotech.png]]

 

== june 2011 ==

'''Meet on:''' 11/06/2011 saturday

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Facility Sponsor & Refreshment sponsor''' 

Cognizant Technology Solutions

 

[[Image:Cognizant.png|273x86px|Cognizant.png]]

 

== May 2011 ==

'''Meet on:''' 07/05/2011 saturday

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

XSS Autopsy and w3af by Imran

''' Speakers '''

'''Mohammed Imran'''

Imran works as Application Security Researcher at Tata consultancy services,leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Apart from his day job he contributes to matriux and Fedora open source projects. Imran is a CEH and his interests include application security assessment, penetration testing and code review.

'''Sponsor''' 

Cognizant Technology Solutions

 

==== Audio/Video/Slides Archive ====

<paypal>Hyderabad</paypal>

__NOTOC__ <headertabs></headertabs>

[[Category:OWASP_Chapter]]
[[Category:Asia/Pacific/Middle East]]
[[Category:India]]
[[Category:Hyderabad]]

File:SP1.png

2019-03-06T07:23:24Z

Raj Shalem:

S and P

Hyderabad

2019-03-06T07:20:29Z

Raj Shalem:

Welcome to the OWASP Hyderabad chapter homepage.

== OWASP - Hyderabad Chapter Board Members ==
Scope of the board is to discuss and approve local activities, meetings and plans.The board meetings will be announced at a later date. 

'''The board currently includes the following members :'''

''Core Team Members - Since 2017'' [mailto:gshalemraj@gmail.com Shalem Raj - Cognizant Technology Solutions] : Chapter Leader [mailto:rajesh.gopal@owasp.org Rajesh Gopal - Fortune 500 Organisation] [mailto:bhaskar.puppala@owasp.org Bhaskar Puppala - Fortune 500 Organisation] [mailto:sathya.achanta@owasp.org Achanta Sathya Phani Bapi Raju - CSC] [mailto:saikrishna.gobburi@owasp.org Saikrishna Gobburi - Pramati Technologies Pvt Ltd] 

Information about future meets can be seen in the '''''Upcoming Meetings''''' section below.

== '''Location Details''' ==

Hyderabad is the capital of southern India's Telangana state. A major center for the technology industry, it's home to many upscale restaurants and shops. Its historic sites include Golconda Fort, a former diamond-trading center that was once the Qutb Shahi dynastic capital. The Charminar, a 16th-century mosque whose 4 arches support towering minarets, is an old city landmark near the long-standing Laad Bazaar.

[[File:Hydskyline.jpg|Panorama of Hyderabad, as seen from the Hussain Sagar lake. Source: https://en.wikipedia.org/wiki/Hyderabad#/media/File:Hydskyline.jpg|center|1150x1150px]]

More details about Hyderabad location available @https://en.wikipedia.org/wiki/Hyderabad<nowiki/>{{Chapter Template|chaptername=Hyderabad|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-hyderabad|emailarchives=http://lists.owasp.org/pipermail/owasp-hyderabad}}
== Participants ==

OWASP Local Chapter meetings are free and open. Our chapter's meetings are informal and encourage open discussion of all aspects of application security. Anyone in our area interested in web application security is welcome to attend. We encourage attendees to give short presentations about specific topics.

 Stay Updated

'''[https://lists.owasp.org/mailman/listinfo/owasp-hyderabad Click here to join the local chapter mailing list]'''

'''Follow''' OWASP Hyderabad on your favorite social media sites:

[[Image:Twitter mini.png|link=http://twitter.com/OWASPHyderabad]] [[Image:Facebook mini.png|link=https://www.facebook.com/pages/Owasp-Hyderabad/181569591897591]]

'''Share''' OWASP Hyderabad on your favorite social media sites:

Presentations are invited from speakers, Please contacts us at our Telegram Group @https://goo.gl/EHqdLM

(Don't share personal details like contact numbers here, because its an open group, your privacy is our concern)

Presenters are encouraged to use OWASP presentation template for slides preparation.

Follow us at our Telegram, Twitter and Facebook handles to get latest information !

== Presentations and Training[edit | edit source] ==
OWASP Track

[https://www.owasp.org/index.php/Speaker_Agreement Speaker Agreement]

[https://www.owasp.org/images/b/b3/OWASP_Presentation_Template_v2.zip Presentation Template]

[https://www.owasp.org/index.php/Image:CFP_template.doc Call For Papers Template]

[https://www.owasp.org/images/8/85/OWASP_CFT_Template-1-.doc Call For Training proposal template].

[http://www.owasp.org/images/4/4b/SAMPLE_Training_Instructor_Agreement.doc Training Instructor Agreement]

== '''Upcoming Meetings & Events''' ==
''Stay tuned for 2019 updates - Exciting activities are under plan !''

== [[Meeting]] Details: ==

== Mar - 2019 - One-Day Conference ==
'''Organized''' '''by''' : S&P Global

'''Date :''' '''09/Mar/2019'''

'''Timings :''' 9.00 AM Registration starts

'''Event :''' 10.00 AM to 06.00 PM IST

'''Venue :''' @Ness Software Engineering Services India ,LLP, '''4th Floor, Block 5, East Tower,''' '''North wing Divyasree NSL Infrastructure Pvt''', ,Sy No.66/1, Raidurgam Village, Serlingampally Mandal, RR Dist, Hyderabad-500032, Telangana, India

'''Registration Link:''' https://www.meraevents.com/event/owasp-hyderabad-chapter-march-2019-oneday-meet-by-sandp-global
{| class="wikitable"
|'''Registration & Networking'''
|-
|Welcome and Overview by OWASP Core Team:

''Felicitation to Guest of Honor: '''G Janaki Sharmila''' - Dy. Commissioner of Police - Crime''

http://www.cyberabadpolice.gov.in/crime-wing/dcp-crimes.html

''Welcome note by S&P Global Team''
|-
|'''Authentication in API, Microservices Architecture''' '''and Cloud Security''' – By ''Varun Kumar Srivastava'':

Varun is principal Engineer with 9 + years of experience in developing and securing web applications and expertise in Application Security, Identity and Access management, He is a computer science graduate from IIT
|-
|Refreshments / Tea Break
|-
|'''''Panel Discussion''''' ''(Cybersecurity Readiness – Maturity and Capability)''

Dr. Bheemarjuna Reddy Tamma - Associate Professor, IIT Hyderabad - https://www.iith.ac.in/~tbr/

Dr. V. Radha, Associate Professor, Institute for Development and Research in Banking Technology (IDRBT) - http://idrbt.ac.in/vradha.html

Mr. Veeraindhra Dinker, Director Information Security at GSS Infotech Hyderabad - https://www.linkedin.com/in/vdinker

Mr. Venu Rao , Founder and CEO - We Secure App - https://www.linkedin.com/in/venu-rao-wsa
|-
|'''Networking Lunch -'''

'''Registrations for Onsite Hackathon by Secure Code Warrior'''
|-
|'''Executive Briefing: Secure Software Development''' – By Satish Kumar Vadlakonda: Satish is Associate Director with 12 + years of broad industry experience in to software design, architecture and development. Specialized in Web and Windows applications development with a strong acquaintance to the best practices of Agile, UX, UI and Information security
|-
|'''An Introduction to IOT firmware analysis and Security''' – By ''Vivek Rengarajan:''

Vivek is a cybersecurity team leader in a multinational bank with almost 18 years of experience. He has held varied roles in his career and has been a cyber security enthusiast for a long time. His areas of interest include mobile and ioT security, Malware analysis and reverse engineering and exploit development. He tweets at @vivek_310
|-
|Refreshments / Tea Break
|-
|'''''Onsite Hackathon (CTF) by''''' '''''Secure Code Warrior''': '''(3 Hours)'''''[[File:SCW LOGO.png|thumb]]

''Secure Code Warrior is a global security company that makes software development better and more secure: Gamified competitive Developer Quality Assurance platform''

https://securecodewarrior.com , https://insights.securecodewarrior.com

'''Announcement of the winners and Prize distribution'''
|-
|'''Vote of Thanks'''

Closing: Network Business / Announce Next Meeting – By OWASP Team
|-
|Meeting Concludes: ''Network Social''
|}

== Dec - 2018 ==
[[File:Session Photo.jpg|thumb]]
[[File:Group Photo.jpg|thumb]]
'''Organized''' '''by''' : ThoughtWorks Technologies Private Limited

'''Date :''' 15/Dec/2018

'''Timings :''' 10.00 AM to 1.00 PM IST

'''Venue :''' ThoughtWorks Technologies Private Limited, Hyderabad, Telangana, India

'''Registration Link:''' https://www.eventbrite.com/e/owasp-hyderabad-december-2018-chapter-meet-tickets-53371662078#

'''Agenda:'''

'''1) All about Java Deserialization Vulnerability'''

Java Deserialization of untrusted data has been a security buzzword for the past couple of years with almost every application using native Java serialization framework being vulnerable to Java deserialization attacks. Since it's inception, there have been many scattered attempts to come up with a solution to best address this flaw. In this talk we will focus on Java deserialization vulnerability and mitigation framework provided by Oracle in its latest JDK.

'''About Speakers:''' Venkata Suresh Sanga is a Principle Security Engineer in Oracle having more than 13+ years of experience in Application Development and Security. Currently working on SAST Tools to remediate or mitigate the Application Vulnerabilities. He has Masters in Computer Science (M.Tech) from Andhra University. Linkedin : <nowiki>https://in.linkedin.com/in/svsuresh-appse</nowiki>

'''Our Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Our Twitter URL:''' https://twitter.com/owasphyderabad

'''Our Telegram URL:''' https://goo.gl/EHqdLM

== Sept-2018 - One-Day Conference ==
'''Organized''' '''by''' : S&P Global and Ness

'''Date :''' 01/Sept/2018

'''Timings :''' 10.00 AM to 05.30 PM IST

'''Venue :''' @Ness Software Engineering Services India ,LLP, 4th Floor, Block 5, East Tower, '''North wing Divyasree NSL Infrastructure Pvt''', ,Sy No.66/1, Raidurgam Village, Serlingampally Mandal, RR Dist, Hyderabad-500032, Telangana, India

'''Registration Link:'''

https://www.meraevents.com/event/owasp-hyderabad-september-2018-chapter-meet?ucode=organizer

'''Agenda:'''
{| class="wikitable"
|'''Registration & Networking'''
|-
|Welcome and Overview by OWASP Core Team

Welcome note by S&P Global Team

Welcome & Overview of Meeting by OWASP Network Representative
|-
|'''Running Frida on jailed devices by using Frida and to bypass root/jailbreak detection – By Satish Kumar Patnayak'''

About Speaker : Information Security Consultant with 7+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. His areas of interest are android security, ios security
|-
|Refreshments / Tea Break
|-
|'''SSRF Exploit Development – By Aayush Deo'''

About Speaker : Good industry experience in information security and completed my BE from PUNE University. Have worked with shopclues.com, an eCommerce company in the past and have couple of Hall of Fame’s on ZETA, Paytm etc.
|-
|Networking Lunch
|-
|'''Mobile Vulnerabilities worth Millions - Pentesting and Securing iOS Apps using OWASP iGoat – By Swaroop Deepak Yermalkar'''

About Speaker : works as Sr Security Engineer with a diverse skill set focused on Mobile App Pentest, Web, API and AWS Pentesting. In addition he has authored the popular book “Learning iOS Pentesting” (<nowiki>https://goo.gl/T8jvjJ</nowiki>) and lead an open source project - OWASP iGoat (<nowiki>https://github.com/OWASP/iGoat-Swift</nowiki>) which is developed for mobile security. He is one of the top bug bounty researchers worldwide, working with Cobalt.io (<nowiki>https://app.cobalt.io/swaroopsy</nowiki>), Synack.inc.

He has given talks and workshops at many security conferences including AppSec USA 2017, BruCON, SEC-T, EuropeanSec, Hacks in Taiwan (HITCON), GroundZero, c0c0n, 0x90, GNUnify
|-
|'''OS Command Injection - Observation, Attack & Analysis (A1 - OWASP Top 10 2017) - By Bhaskar Puppala and Saikrishna Gobburi'''

About Speaker: Bhaskar Puppala is an Information Security Professional, working as a consultant for a fortune 500 company and has 8.5 years of experience. He is more interested in application security area and love to share his knowledge when possible. He also has some experience in bug bounty programs and listed on couple of Security Hall of Fames.

For more details please visit : <nowiki>https://in.linkedin.com/in/bhaskar-puppala-3bb11316</nowiki>

About Speaker: Saikrishna Gobburi has around 8.5 years of work experience on QA automation, performance and security testing .Currently he is working as Principal engineer with Pramati technologies. He is also associated as core member with OWASP-Hyderabad.

For more details please visit: <nowiki>https://www.linkedin.com/in/saikrishna-gobburi-b0088118/</nowiki>
|-
|Refreshments / Tea Break
|-
|Panel Discussion – Corporate attack methodology vs Attacks in the wild (Resource pool: Demand vs Supply)
Panel to be announced
|-
|Closing - Network Business / Announce Next Meeting – By OWASP Team
|-
|''Network Social''
|}
'''Sponsor :'''
{| class="wikitable"
!1
!2
! rowspan="2" |<nowiki>File:Session_Photos2.jpg|thumb|168x168px|Sponsor</nowiki>
|-
| colspan="2" |3
|-
| colspan="3" |All
|}
[[File:SP.png|thumb|168x168px|Sponsor]]

== July - 2018[edit | edit source] ==
'''Time & Venue:'''
[[File:July 2018 Core Team meet.jpg|thumb|July 2018 Core Team Meet]]
@28/July/2018

CCD, Banjara Hills, Hyderabad, Telangana.

'''Agenda:'''

1. Planning for Sep 2018 OWASP meet - '''Done'''

2. Telegraph Group Mentoring - '''Done'''

3. Speakers Finalizing - '''Done'''

'''Attendees : Hyderabad OWASP Core Team'''

[[File:CoMakeIT - June 2018 Meet Pic 2.jpg|thumb|CoMakeIT - June 2018 Meet]]

== June - 2018 ==
[[File:CoMakeIT - June 2018 Meet.jpg|alt=CoMakeIT - June 2018 Meet|thumb|CoMakeIT - June 2018 Meet]]
'''Venue: coMakeIT Software Pvt Ltd'''

Address: 7th Floor, Block-I, My Home Hub, Hitech City, Madhapur, Hyderabad, INDIA

'''Event Start Time:''' Saturday, 23rd June, 2018 at 10:00 AM (IST)

'''Event Registration URL''': https://tinyurl.com/yc9cb6hg

'''Agenda:'''

'''1) Adapting to DevSecOps in Agile World'''

In this talk, speaker will try talk about basics of DevSecOps and its benefits when we integrate it in Agile SDLC space.

'''2) Understanding the internals of 'Server-Side Request Forgery' (SSRF)'''

Here speaker will try to touch the basics about how application communicates with end devices and using the same he will try to explain SSRF issue and criticality of it, if exploited.

'''About Speakers:'''

'''1) Saikrishna Gobburi''' has around 8.5 years of work experience on QA automation, performance and security testing .Currently he is working as Principle engineer with Pramati technologies. He is also associated as core member with OWASP-Hyderabad. For more details please visit: <nowiki>https://www.linkedin.com/in/saikrishna-gobburi-b0088118/</nowiki>

'''2) Bhaskar Puppala''' is an Information Security Professional, working as a consultant for a fortune 500 company and has 8.5 years of experience. He is more interested in application security area and love to share his knowledge when possible. He also has some experience in bug bounty programs and listed on couple of Security Hall of Fames. For more details please visit : <nowiki>https://in.linkedin.com/in/bhaskar-puppala-3bb11316</nowiki>

'''Our Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Our Twitter URL:''' https://twitter.com/owasphyderabad

'''Our Telegram URL:''' https://goo.gl/EHqdLM

== Mar - 2018 ==
[[File:Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet.jpg|alt=Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet|thumb|Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet]]
'''Venue: Daspalla Hotel'''
[[File:Daspalla_Hotel_-_Meet.jpg|thumb|Daspalla Hotel Meet - Mar 2018]]

Address: Rd Number 37, CBI Colony, Jubilee Hills, Hyderabad, Telangana 500033, Phone: 040 6654 5678

'''Event Start Time:''' Saturday, 10th Mar, 2018 at 10:00 AM (IST)

'''Agenda:'''

'''1) Does your Pentesting cover all the basis of IT Security ?'''

This talk focuses on how to align the security validation of a web application with the three basic elements of security namely,Confidentiality,Integrity, and Availability (CIA). The test effectiveness can be achieved by analyzing the requirements of each element and identifying the potential breaches that can compromise each element. The efficiency should be built by relating these breaches with the known OWASP Top 10 and other vulnerabilities and, leveraging that knowledge to identify the testing approach - static and dynamic throughout the SDLC.

'''About Speakers:'''

'''Bhushan Gupta''' has over 30 years of experience in software engineering, 23 of which have been in the software industry. Although recognized for his contributions in the areas of software engineering such as agile processes and quality methods and metrics, Bhushan has taken a vigorous interest in web application security and is keen on applying pragmatic software development practices that yield a secure product. He is one of the leaders of the OWASP Portland Chapter. Bhushan has been a speaker, a panelist, and a reviewer for software quality and security organizations. As a change agent, Bhushan volunteers his time and energy for organizations that promote software security and quality. He has a MS degree in Computer Science from New Mexico Institute of Mining and Technology, Socorro, New Mexico, 1985.

'''Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Twitter URL:''' https://twitter.com/owasphyderabad

'''Telegram URL:''' https://goo.gl/EHqdLM

'''Registration URL:''' https://goo.gl/tEXnec

== Feb-2018 ==

=== '''Venue: coMakeIT''' ===
7th Floor, Block-I, My Home Hub, Hitech City, Madhapur, Hyderabad, INDIA

'''Time:''' Saturday, 03rd Feb, 2018 at 10:30 AM (IST)

'''Agenda:'''

1) Mobile Application Pentest & Mobile Application Ransomware

2) Using Static Analyser tools while coding

'''About Speakers:'''

1) '''Spv Reddy''' is an Application Security Analyst at '''IMImobile Pvt Ltd''', member of '''National Technical Committee Member''' at National Cyber Safety and Security Standards

Also a '''Steering Committee Lead''' Member in National Information Security Summit.

2) '''Dathu Rachapudi''' is having 9 years of experience with 6+ years into Application Security only. He is currently working with '''ValueLabs''' as a “Technical Lead-Security”

He likes to teach and a happy a bug hunter during his leisure time.

== Dec-2017 ==
[[File:WhatsApp Image 2017-12-15 at 11.09.39 PM.jpg|thumb]]
'''Time & Venue:'''

@15/Dec/2017

KFC location, Shilparamam, Hi-Tech city, Hyderabad

'''Agenda:'''

1. Planning for Jan 20th 2018 general OWASP meet - '''Done'''

2. Need to clear OWASP mail account - '''Done'''

'''Attendees : Hyderabad OWASP Core Team'''

== Sec-2017 ==
[[File:WhatsApp Image 2017-12-15 at 10.13.27 PM.jpg|thumb]]
'''Time & Venue:'''

@03/Sep/2017

Cafe Coffee day, Road Number 10, Banjara Hills, Hyderabad

'''Below decisions were made after careful discussions'''

1. Uploading of OWASP presentation template, speakers should make use of this template to prepare their presentation

2. Recording the technical demo is mandate for presenters

'''Attendees : Hyderabad OWASP Core Team'''

== July 2017 ==
'''Time & Venue:'''

OpenText Technologies, Building No-14, 3rd Floor, Raheja Mindspace, HITEH City, Hyderabad

Saturday, July 15th, 2017 at 10:30 AM (IST)

'''Agenda:'''

1. Introduction to DevOps and its Tools - Krishna Reddy Pedala

2. API Security Auditing using RESTED Plug-in - Vikas Kumar Pal

'''About the speaker:'''

'''Krishna Reddy Pedala''' is currently working as an Sr.Information Security consultant in financial sector. His previous endeavour was with Microsoft and has 9+ years of experience in Information security domain with expertise in service industry and banking domains.

'''Vikas Kumar Pal''' is an information security professional working with Ceredox Technologies Pvt Ltd, Hyderabad with an interest in research and development in the areas of Application Security, Penetration Testing and Web Application Development.

== Feb 2017 ==

'''Time & Venue:'''

Starbucks, Opp: Cybergateway, HiTech City, Hyderbad

Monday, February 20th, 2017 at 7.30 PM (IST)

'''Agenda:'''

Topic: New Core Team Meeting

Road map for year 2017

Changes in core team members responsibilities

Getting OWASP accounts for core members

Administration of all social accounts of OWASP Hyderabad Chapter

== April 2016 ==
'''Time & Venue:'''

OpenText Technologies, Building No-14, 3rd Floor, Raheja Mindspace, HITEH City, Hyderabad

Saturday, April 2nd, 2016 at 10:30 AM (IST)

'''Agenda:'''

Topic: Mobile application security and testing by Satish Kumar Patnaik

About the speaker - Satish Kumar Patnayak : he is currently working as an Senior Information Security Consultant financial sector and has 5+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. His areas of interest are android security, ios security.

==February 2016==

'''Time & Venue:'''

Saturday, February 27th, 2016 at 10:30 AM (IST)

Location: Pramati Technologies Private Limited, Mid Town 6-3-348 Road No. 1, Banjara Hills, Hyderabad, Telangana, India

'''Agenda:'''

Microsoft Threat Modeling Tool 2016 by Krishna Reddy Padala

Creating DFD STRIDE Model Identifying STRIDE Threats by DFD, Mitigation Techniques and Technologies

'''About the speaker:''' Krishna Reddy Padala, he is currently working as an Senior Information Security Consultant financial sectore and worked with Microsoft and has 8+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. QUALYS GUARD Certified Vulnerability Management Specialist.Certified Ethical Hacker from EC Council.Worked extensively on Web Application Security, Secure Code Reviews in Banking & Financial, Healthcare, Retail, Logistics domains.

== '''Previous Meets:''' ==

==May 11, 2013==

'''Venue:'''

CA Technologies, 115, IT Park Area, Nanakramguda, Gachibowli - (Phone - 040 6687 8000), Hyderabad

'''Agenda:''' Exploiting Java 0-day by Ravindra and Raghuveer, CA Technologies Compliance and Governance by Shalem Raj, Cognizant.

==February 9, 2013==

'''Date & Time: Saturday, February 9, 2013 from 10:00 AM to 1:00 PM '''

'''Venue:'''
CA Technologies 
115, IT Park Area 
Nanakramguda, Gachibowli - (Phone - 040 6687 8000) 
Hyderabad

'''Agenda:'''
IBM Appscan - An automated approach to web app security by Rohit Tamma 
Insecure Storage in iPhone applications by Satish Bommisetty

''' Speakers: '''

'''Rohit Tamma'''
Rohit Tamma has been working in the field of Application Security since 3.5 years. He has experience in Vulnerability Assessments and Penetration Testing of web applications. He is passionate about Mobile security with special interest in Android security. He is currently working with ADP.

'''Satish Bommisetty'''
Satish is an Information Security Professional with 6.5 years of experience in penetration testing of web applications and mobile applications. He is currently working with ADP as a security analyst. He is a Facebook whitehat. He also reported vulnerabilities in Bing, Linkedin and Paypal.

== October 27, 2012 ==

'''Date & Time: Saturday, October 27, 2012 at 11:00 AM (IST) '''.

'''Venue:'''

Invesco private Limited 
15th Floor , North Block, Beside Raidurg Police Station 
DivyaSree Orion SEZ 
Hyderabad, Andhra Pradesh 500032 

'''Agenda:'''

A bird'd eye view of securing Web Applications by Imran Mohammed

SSDLC BSIMM by M S Sripathi

''' Speakers '''

'''Imran Mohammed'''

Mohammed Imran works as Researcher at TCS, Innovation Labs. He also leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Imran is a CEH and his interests include application security assessment, penetration testing and secure code review. When not at work he practices horse riding and marksmanship.

'''Sreepati M S '''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him .

'''Sponsor'''

Invesco Pvt Ltd

== August 11, 2012 ==

'''Date & Time: Saturday, Aug 11, 2012 at 10:30 AM '''.

'''Venue:'''

ADP pvt ltd 
Kothaguda 
Ground floor, Block C Laxmi cyber city Opposite TCS e-park 
Hyderabad, Andhra Pradesh 500081 

'''Agenda:'''

HTML5 Security Part II by Krishna Chaitanya

''' Speakers '''

'''Krishna Chaitanya T'''

Krishna Chaitanya T is a web geek working at Security & Privacy Research Lab, Infosys Labs. He is very much passionate about the web with special interest on Web security and areas such as HTML5, JavaScript, Web browsers, social networking platforms etc. He is a regular blogger and speaker at technical events. For his contributions to technical communities, he has been awarded Microsoft MVP award for 3 consecutive years-ASP.NET MVP(2010) and Internet Explorer MVP (2011, 2012). He is also pursuing M.S by Research at IIIT-Hyd with focus on security aspects of the modern web. When not at work he practices Yoga and plays Chess.

'''Sponsor'''

https://www.owasp.org/images/9/91/Adp.jpg

== May 19, 2012 ==

'''Date & Time: Saturday, May 19, 2012 at 10:30 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

HTML5 Security by Krishna Chaitanya

''' Speakers '''

'''Krishna Chaitanya T'''

Krishna Chaitanya T is a web geek working at Security & Privacy Research Lab, Infosys Labs. He is very much passionate about the web with special interest on Web security and areas such as HTML5, JavaScript, Web browsers, social networking platforms etc. He is a regular blogger and speaker at technical events. For his contributions to technical communities, he has been awarded Microsoft MVP award for 3 consecutive years-ASP.NET MVP(2010) and Internet Explorer MVP (2011, 2012). He is also pursuing M.S by Research at IIIT-Hyd with focus on security aspects of the modern web. When not at work he practices Yoga and plays Chess.

== February 25, 2012 ==

'''Date & Time: Saturday, February 25, 2012 at 11:00 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

How to find zero days in web applications by Imran & Raghunath

''' Speakers '''

'''Mohammed Imran'''

Imran works as Application Security Researcher at Tata consultancy services,leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Apart from his day job he contributes to matriux and Fedora open source projects. Imran is a CEH and his interests include application security assessment, penetration testing and code review.

'''Raghunath'''

Raghunath works as a senior security engineer at entersoft information systems private limited. His interests include web application penetration testing.

== December 17, 2011 ==

'''Date & Time: Saturday, at 10:30 AM '''.

'''Venue: '''

Hotel Sitara Grand 
Road No.12, Road No.12, Banjara Hills 
Hyderabad, Andhra Pradesh 500034, India 

'''Agenda:'''

Cloud Security by Arshad Noor

''' Speakers '''

'''Arshad Noor'''
Chief Technology Officer
StrongAuth, Inc., Sunnyvale, California

Started his great profession as a senior systems designer way back in 1986 at Port Authority of Newyork and New Jersey,- Newyork and worked in Citibank - newyork as Vice President apart from Newyork Life Insurance, BASF Corporation, Sun IT ,Sun Microsystems, INC to name.
Architected and built several Public Key Infrastructure (PKI) assignments for several defense, communication, medical, Banking, e-commerce, life sciences and other industries.

== November 12, 2011==

'''Date & Time: Saturday, at 10:30 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

HP WebInspect by Rohit Tamma

Pentesting Iphone Applications By B Satish

''' Speakers '''

'''Rohit Tamma'''

Rohit Tamma (CEH) has been working as a Application security Analyst in TCS from past 2 years. His job responsibilities include Vulnerability Assessment and Penetration Testing which enabled him to acquire extensive knowledge on HP WebInspect,IBM Rational Appscan Source Edition and HP Assessment Management Platform. Recently he also gave a presentation in Null Hyderabad meet on HP WebInspect.

'''Satish B'''

Satish has been working as a web application penetration tester since 5 years. Pentested over 200 web applications during this period. Recently he got involved in reverse engineering of binaries, WLAN security and mobile application hacking. He also Performed a couple of network assessments and source code reviews. Developed a compiler in the early stage of the career. He has a Bachelor’s Degree in Computer Science from JNTU, Hyderabad.Passionate about hacking and sharing knowledge.

== 20th August 2011 ==

'''Date & Time: Saturady, at 11 AM '''

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

Oracle Padding Attack by B. Satish

Open SAM part II by Sripati MS

''' Speakers '''

'''B Satish'''

I have been working as a web application penetration tester since 5 years. Pentested over 200 web applications during this period. Recently got involved in reverse engineering of binaries, WLAN security and mobile application hacking. Performed a couple of network assessments and source code reviews. Developed a compiler in the early stage of the career. I have a Bachelor’s Degree in Computer Science from JNTU, Hyderabad. Passionate about hacking and sharing knowledge

'''Sreepati M S'''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him

== July 2011 ==

'''Date: 23/07/2011 saturady of at 12:00 Noon '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

Presentation on Burp Suite by Omair Seminar on Open SAM by Sreepati

''' Speakers '''

'''Sreepati M S '''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him

 

'''Omair '''

Omair works as penetration tester in NII consulting, has over 5 years of experience in Penetration testing. His interests include Network Penetration testing, Exploit generation and Reverse engineering

 ''' Facility Sponsor & Refreshment sponsor'''

3i Infotech

[[Image:3i Infotech.png]]

 

== june 2011 ==

'''Meet on:''' 11/06/2011 saturday

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Facility Sponsor & Refreshment sponsor''' 

Cognizant Technology Solutions

 

[[Image:Cognizant.png|273x86px|Cognizant.png]]

 

== May 2011 ==

'''Meet on:''' 07/05/2011 saturday

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

XSS Autopsy and w3af by Imran

''' Speakers '''

'''Mohammed Imran'''

Imran works as Application Security Researcher at Tata consultancy services,leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Apart from his day job he contributes to matriux and Fedora open source projects. Imran is a CEH and his interests include application security assessment, penetration testing and code review.

'''Sponsor''' 

Cognizant Technology Solutions

 

==== Audio/Video/Slides Archive ====

<paypal>Hyderabad</paypal>

__NOTOC__ <headertabs></headertabs>

[[Category:OWASP_Chapter]]
[[Category:Asia/Pacific/Middle East]]
[[Category:India]]
[[Category:Hyderabad]]

Hyderabad

2019-03-06T07:14:52Z

Raj Shalem:

Welcome to the OWASP Hyderabad chapter homepage.

== OWASP - Hyderabad Chapter Board Members ==
Scope of the board is to discuss and approve local activities, meetings and plans.The board meetings will be announced at a later date. 

'''The board currently includes the following members :'''

''Core Team Members - Since 2017'' [mailto:gshalemraj@gmail.com Shalem Raj - Cognizant Technology Solutions] : Chapter Leader [mailto:rajesh.gopal@owasp.org Rajesh Gopal - Fortune 500 Organisation] [mailto:bhaskar.puppala@owasp.org Bhaskar Puppala - Fortune 500 Organisation] [mailto:sathya.achanta@owasp.org Achanta Sathya Phani Bapi Raju - CSC] [mailto:saikrishna.gobburi@owasp.org Saikrishna Gobburi - Pramati Technologies Pvt Ltd] 

Information about future meets can be seen in the '''''Upcoming Meetings''''' section below.

== '''Location Details''' ==

Hyderabad is the capital of southern India's Telangana state. A major center for the technology industry, it's home to many upscale restaurants and shops. Its historic sites include Golconda Fort, a former diamond-trading center that was once the Qutb Shahi dynastic capital. The Charminar, a 16th-century mosque whose 4 arches support towering minarets, is an old city landmark near the long-standing Laad Bazaar.

[[File:Hydskyline.jpg|Panorama of Hyderabad, as seen from the Hussain Sagar lake. Source: https://en.wikipedia.org/wiki/Hyderabad#/media/File:Hydskyline.jpg|center|1150x1150px]]

More details about Hyderabad location available @https://en.wikipedia.org/wiki/Hyderabad<nowiki/>{{Chapter Template|chaptername=Hyderabad|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-hyderabad|emailarchives=http://lists.owasp.org/pipermail/owasp-hyderabad}}
== Participants ==

OWASP Local Chapter meetings are free and open. Our chapter's meetings are informal and encourage open discussion of all aspects of application security. Anyone in our area interested in web application security is welcome to attend. We encourage attendees to give short presentations about specific topics.

 Stay Updated

'''[https://lists.owasp.org/mailman/listinfo/owasp-hyderabad Click here to join the local chapter mailing list]'''

'''Follow''' OWASP Hyderabad on your favorite social media sites:

[[Image:Twitter mini.png|link=http://twitter.com/OWASPHyderabad]] [[Image:Facebook mini.png|link=https://www.facebook.com/pages/Owasp-Hyderabad/181569591897591]]

'''Share''' OWASP Hyderabad on your favorite social media sites:

Presentations are invited from speakers, Please contacts us at our Telegram Group @https://goo.gl/EHqdLM

(Don't share personal details like contact numbers here, because its an open group, your privacy is our concern)

Presenters are encouraged to use OWASP presentation template for slides preparation.

Follow us at our Telegram, Twitter and Facebook handles to get latest information !

== Presentations and Training[edit | edit source] ==
OWASP Track

[https://www.owasp.org/index.php/Speaker_Agreement Speaker Agreement]

[https://www.owasp.org/images/b/b3/OWASP_Presentation_Template_v2.zip Presentation Template]

[https://www.owasp.org/index.php/Image:CFP_template.doc Call For Papers Template]

[https://www.owasp.org/images/8/85/OWASP_CFT_Template-1-.doc Call For Training proposal template].

[http://www.owasp.org/images/4/4b/SAMPLE_Training_Instructor_Agreement.doc Training Instructor Agreement]

== '''Upcoming Meetings & Events''' ==
''Stay tuned for 2019 updates - Exciting activities are under plan !''

== [[Meeting]] Details: ==

== Mar - 2019 - One-Day Conference ==
'''Organized''' '''by''' : S&P Global

'''Date :''' '''09/Mar/2019'''

'''Timings :''' 9.00 AM Registration starts

'''Event :''' 10.00 AM to 06.00 PM IST

'''Venue :''' @Ness Software Engineering Services India ,LLP, '''4th Floor, Block 5, East Tower,''' '''North wing Divyasree NSL Infrastructure Pvt''', ,Sy No.66/1, Raidurgam Village, Serlingampally Mandal, RR Dist, Hyderabad-500032, Telangana, India

'''Registration Link:''' https://www.meraevents.com/event/owasp-hyderabad-chapter-march-2019-oneday-meet-by-sandp-global
{| class="wikitable"
|'''Registration & Networking'''
|-
|Welcome and Overview by OWASP Core Team:

''Felicitation to Guest of Honor: '''G Janaki Sharmila''' - Dy. Commissioner of Police - Crime''

http://www.cyberabadpolice.gov.in/crime-wing/dcp-crimes.html

''Welcome note by S&P Global Team''
|-
|'''Authentication in API, Microservices Architecture''' '''and Cloud Security''' – By ''Varun Kumar Srivastava'':

Varun is principal Engineer with 9 + years of experience in developing and securing web applications and expertise in Application Security, Identity and Access management, He is a computer science graduate from IIT
|-
|Refreshments / Tea Break
|-
|'''''Panel Discussion''''' ''(Cybersecurity Readiness – Maturity and Capability)''

Dr. Bheemarjuna Reddy Tamma - Associate Professor, IIT Hyderabad - https://www.iith.ac.in/~tbr/

Dr. V. Radha, Associate Professor, Institute for Development and Research in Banking Technology (IDRBT) - http://idrbt.ac.in/vradha.html

Mr. Veeraindhra Dinker, Director Information Security at GSS Infotech Hyderabad - https://www.linkedin.com/in/vdinker

Mr. Venu Rao , Founder and CEO - We Secure App - https://www.linkedin.com/in/venu-rao-wsa
|-
|'''Networking Lunch -'''

'''Registrations for Onsite Hackathon by Secure Code Warrior'''
|-
|'''Executive Briefing: Secure Software Development''' – By Satish Kumar Vadlakonda: Satish is Associate Director with 12 + years of broad industry experience in to software design, architecture and development. Specialized in Web and Windows applications development with a strong acquaintance to the best practices of Agile, UX, UI and Information security
|-
|'''An Introduction to IOT firmware analysis and Security''' – By ''Vivek Rengarajan:''

Vivek is a cybersecurity team leader in a multinational bank with almost 18 years of experience. He has held varied roles in his career and has been a cyber security enthusiast for a long time. His areas of interest include mobile and ioT security, Malware analysis and reverse engineering and exploit development. He tweets at @vivek_310
|-
|Refreshments / Tea Break
|-
|'''''Onsite Hackathon (CTF) by''''' '''''Secure Code Warrior''': '''(3 Hours)'''''[[File:SCW LOGO.png|thumb]]

''Secure Code Warrior is a global security company that makes software development better and more secure: Gamified competitive Developer Quality Assurance platform''

https://securecodewarrior.com , https://insights.securecodewarrior.com

'''Announcement of the winners and Prize distribution'''
|-
|'''Vote of Thanks'''

Closing: Network Business / Announce Next Meeting – By OWASP Team
|-
|Meeting Concludes: ''Network Social''
|}

== Dec - 2018 ==
[[File:Session Photo.jpg|thumb]]
[[File:Group Photo.jpg|thumb]]
'''Organized''' '''by''' : ThoughtWorks Technologies Private Limited

'''Date :''' 15/Dec/2018

'''Timings :''' 10.00 AM to 1.00 PM IST

'''Venue :''' ThoughtWorks Technologies Private Limited, Hyderabad, Telangana, India

'''Registration Link:''' https://www.eventbrite.com/e/owasp-hyderabad-december-2018-chapter-meet-tickets-53371662078#

'''Agenda:'''

'''1) All about Java Deserialization Vulnerability'''

Java Deserialization of untrusted data has been a security buzzword for the past couple of years with almost every application using native Java serialization framework being vulnerable to Java deserialization attacks. Since it's inception, there have been many scattered attempts to come up with a solution to best address this flaw. In this talk we will focus on Java deserialization vulnerability and mitigation framework provided by Oracle in its latest JDK.

'''About Speakers:''' Venkata Suresh Sanga is a Principle Security Engineer in Oracle having more than 13+ years of experience in Application Development and Security. Currently working on SAST Tools to remediate or mitigate the Application Vulnerabilities. He has Masters in Computer Science (M.Tech) from Andhra University. Linkedin : <nowiki>https://in.linkedin.com/in/svsuresh-appse</nowiki>

'''Our Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Our Twitter URL:''' https://twitter.com/owasphyderabad

'''Our Telegram URL:''' https://goo.gl/EHqdLM

== Sept-2018 - One-Day Conference ==
'''Organized''' '''by''' : S&P Global and Ness

'''Date :''' 01/Sept/2018

'''Timings :''' 10.00 AM to 05.30 PM IST

'''Venue :''' @Ness Software Engineering Services India ,LLP, 4th Floor, Block 5, East Tower, '''North wing Divyasree NSL Infrastructure Pvt''', ,Sy No.66/1, Raidurgam Village, Serlingampally Mandal, RR Dist, Hyderabad-500032, Telangana, India

'''Registration Link:'''

https://www.meraevents.com/event/owasp-hyderabad-september-2018-chapter-meet?ucode=organizer

'''Agenda:'''
{| class="wikitable"
|'''Registration & Networking'''
|-
|Welcome and Overview by OWASP Core Team

Welcome note by S&P Global Team

Welcome & Overview of Meeting by OWASP Network Representative
|-
|'''Running Frida on jailed devices by using Frida and to bypass root/jailbreak detection – By Satish Kumar Patnayak'''

About Speaker : Information Security Consultant with 7+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. His areas of interest are android security, ios security
|-
|Refreshments / Tea Break
|-
|'''SSRF Exploit Development – By Aayush Deo'''

About Speaker : Good industry experience in information security and completed my BE from PUNE University. Have worked with shopclues.com, an eCommerce company in the past and have couple of Hall of Fame’s on ZETA, Paytm etc.
|-
|Networking Lunch
|-
|'''Mobile Vulnerabilities worth Millions - Pentesting and Securing iOS Apps using OWASP iGoat – By Swaroop Deepak Yermalkar'''

About Speaker : works as Sr Security Engineer with a diverse skill set focused on Mobile App Pentest, Web, API and AWS Pentesting. In addition he has authored the popular book “Learning iOS Pentesting” (<nowiki>https://goo.gl/T8jvjJ</nowiki>) and lead an open source project - OWASP iGoat (<nowiki>https://github.com/OWASP/iGoat-Swift</nowiki>) which is developed for mobile security. He is one of the top bug bounty researchers worldwide, working with Cobalt.io (<nowiki>https://app.cobalt.io/swaroopsy</nowiki>), Synack.inc.

He has given talks and workshops at many security conferences including AppSec USA 2017, BruCON, SEC-T, EuropeanSec, Hacks in Taiwan (HITCON), GroundZero, c0c0n, 0x90, GNUnify
|-
|'''OS Command Injection - Observation, Attack & Analysis (A1 - OWASP Top 10 2017) - By Bhaskar Puppala and Saikrishna Gobburi'''

About Speaker: Bhaskar Puppala is an Information Security Professional, working as a consultant for a fortune 500 company and has 8.5 years of experience. He is more interested in application security area and love to share his knowledge when possible. He also has some experience in bug bounty programs and listed on couple of Security Hall of Fames.

For more details please visit : <nowiki>https://in.linkedin.com/in/bhaskar-puppala-3bb11316</nowiki>

About Speaker: Saikrishna Gobburi has around 8.5 years of work experience on QA automation, performance and security testing .Currently he is working as Principal engineer with Pramati technologies. He is also associated as core member with OWASP-Hyderabad.

For more details please visit: <nowiki>https://www.linkedin.com/in/saikrishna-gobburi-b0088118/</nowiki>
|-
|Refreshments / Tea Break
|-
|Panel Discussion – Corporate attack methodology vs Attacks in the wild (Resource pool: Demand vs Supply)
Panel to be announced
|-
|Closing - Network Business / Announce Next Meeting – By OWASP Team
|-
|''Network Social''
|}
'''Sponsor :'''
{| class="wikitable"
!1
!2
! rowspan="2" |[File:Session_Photos2.jpg|thumb|168x168px|Sponsor]
|-
| colspan="2" |3
|-
| colspan="3" |All
|}
[[File:SP.png|thumb|168x168px|Sponsor]]

== July - 2018[edit | edit source] ==
'''Time & Venue:'''
[[File:July 2018 Core Team meet.jpg|thumb|July 2018 Core Team Meet]]
@28/July/2018

CCD, Banjara Hills, Hyderabad, Telangana.

'''Agenda:'''

1. Planning for Sep 2018 OWASP meet - '''Done'''

2. Telegraph Group Mentoring - '''Done'''

3. Speakers Finalizing - '''Done'''

'''Attendees : Hyderabad OWASP Core Team'''

[[File:CoMakeIT - June 2018 Meet Pic 2.jpg|thumb|CoMakeIT - June 2018 Meet]]

== June - 2018 ==
[[File:CoMakeIT - June 2018 Meet.jpg|alt=CoMakeIT - June 2018 Meet|thumb|CoMakeIT - June 2018 Meet]]
'''Venue: coMakeIT Software Pvt Ltd'''

Address: 7th Floor, Block-I, My Home Hub, Hitech City, Madhapur, Hyderabad, INDIA

'''Event Start Time:''' Saturday, 23rd June, 2018 at 10:00 AM (IST)

'''Event Registration URL''': https://tinyurl.com/yc9cb6hg

'''Agenda:'''

'''1) Adapting to DevSecOps in Agile World'''

In this talk, speaker will try talk about basics of DevSecOps and its benefits when we integrate it in Agile SDLC space.

'''2) Understanding the internals of 'Server-Side Request Forgery' (SSRF)'''

Here speaker will try to touch the basics about how application communicates with end devices and using the same he will try to explain SSRF issue and criticality of it, if exploited.

'''About Speakers:'''

'''1) Saikrishna Gobburi''' has around 8.5 years of work experience on QA automation, performance and security testing .Currently he is working as Principle engineer with Pramati technologies. He is also associated as core member with OWASP-Hyderabad. For more details please visit: <nowiki>https://www.linkedin.com/in/saikrishna-gobburi-b0088118/</nowiki>

'''2) Bhaskar Puppala''' is an Information Security Professional, working as a consultant for a fortune 500 company and has 8.5 years of experience. He is more interested in application security area and love to share his knowledge when possible. He also has some experience in bug bounty programs and listed on couple of Security Hall of Fames. For more details please visit : <nowiki>https://in.linkedin.com/in/bhaskar-puppala-3bb11316</nowiki>

'''Our Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Our Twitter URL:''' https://twitter.com/owasphyderabad

'''Our Telegram URL:''' https://goo.gl/EHqdLM

== Mar - 2018 ==
[[File:Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet.jpg|alt=Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet|thumb|Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet]]
'''Venue: Daspalla Hotel'''
[[File:Daspalla_Hotel_-_Meet.jpg|thumb|Daspalla Hotel Meet - Mar 2018]]

Address: Rd Number 37, CBI Colony, Jubilee Hills, Hyderabad, Telangana 500033, Phone: 040 6654 5678

'''Event Start Time:''' Saturday, 10th Mar, 2018 at 10:00 AM (IST)

'''Agenda:'''

'''1) Does your Pentesting cover all the basis of IT Security ?'''

This talk focuses on how to align the security validation of a web application with the three basic elements of security namely,Confidentiality,Integrity, and Availability (CIA). The test effectiveness can be achieved by analyzing the requirements of each element and identifying the potential breaches that can compromise each element. The efficiency should be built by relating these breaches with the known OWASP Top 10 and other vulnerabilities and, leveraging that knowledge to identify the testing approach - static and dynamic throughout the SDLC.

'''About Speakers:'''

'''Bhushan Gupta''' has over 30 years of experience in software engineering, 23 of which have been in the software industry. Although recognized for his contributions in the areas of software engineering such as agile processes and quality methods and metrics, Bhushan has taken a vigorous interest in web application security and is keen on applying pragmatic software development practices that yield a secure product. He is one of the leaders of the OWASP Portland Chapter. Bhushan has been a speaker, a panelist, and a reviewer for software quality and security organizations. As a change agent, Bhushan volunteers his time and energy for organizations that promote software security and quality. He has a MS degree in Computer Science from New Mexico Institute of Mining and Technology, Socorro, New Mexico, 1985.

'''Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Twitter URL:''' https://twitter.com/owasphyderabad

'''Telegram URL:''' https://goo.gl/EHqdLM

'''Registration URL:''' https://goo.gl/tEXnec

== Feb-2018 ==

=== '''Venue: coMakeIT''' ===
7th Floor, Block-I, My Home Hub, Hitech City, Madhapur, Hyderabad, INDIA

'''Time:''' Saturday, 03rd Feb, 2018 at 10:30 AM (IST)

'''Agenda:'''

1) Mobile Application Pentest & Mobile Application Ransomware

2) Using Static Analyser tools while coding

'''About Speakers:'''

1) '''Spv Reddy''' is an Application Security Analyst at '''IMImobile Pvt Ltd''', member of '''National Technical Committee Member''' at National Cyber Safety and Security Standards

Also a '''Steering Committee Lead''' Member in National Information Security Summit.

2) '''Dathu Rachapudi''' is having 9 years of experience with 6+ years into Application Security only. He is currently working with '''ValueLabs''' as a “Technical Lead-Security”

He likes to teach and a happy a bug hunter during his leisure time.

== Dec-2017 ==
[[File:WhatsApp Image 2017-12-15 at 11.09.39 PM.jpg|thumb]]
'''Time & Venue:'''

@15/Dec/2017

KFC location, Shilparamam, Hi-Tech city, Hyderabad

'''Agenda:'''

1. Planning for Jan 20th 2018 general OWASP meet - '''Done'''

2. Need to clear OWASP mail account - '''Done'''

'''Attendees : Hyderabad OWASP Core Team'''

== Sec-2017 ==
[[File:WhatsApp Image 2017-12-15 at 10.13.27 PM.jpg|thumb]]
'''Time & Venue:'''

@03/Sep/2017

Cafe Coffee day, Road Number 10, Banjara Hills, Hyderabad

'''Below decisions were made after careful discussions'''

1. Uploading of OWASP presentation template, speakers should make use of this template to prepare their presentation

2. Recording the technical demo is mandate for presenters

'''Attendees : Hyderabad OWASP Core Team'''

== July 2017 ==
'''Time & Venue:'''

OpenText Technologies, Building No-14, 3rd Floor, Raheja Mindspace, HITEH City, Hyderabad

Saturday, July 15th, 2017 at 10:30 AM (IST)

'''Agenda:'''

1. Introduction to DevOps and its Tools - Krishna Reddy Pedala

2. API Security Auditing using RESTED Plug-in - Vikas Kumar Pal

'''About the speaker:'''

'''Krishna Reddy Pedala''' is currently working as an Sr.Information Security consultant in financial sector. His previous endeavour was with Microsoft and has 9+ years of experience in Information security domain with expertise in service industry and banking domains.

'''Vikas Kumar Pal''' is an information security professional working with Ceredox Technologies Pvt Ltd, Hyderabad with an interest in research and development in the areas of Application Security, Penetration Testing and Web Application Development.

== Feb 2017 ==

'''Time & Venue:'''

Starbucks, Opp: Cybergateway, HiTech City, Hyderbad

Monday, February 20th, 2017 at 7.30 PM (IST)

'''Agenda:'''

Topic: New Core Team Meeting

Road map for year 2017

Changes in core team members responsibilities

Getting OWASP accounts for core members

Administration of all social accounts of OWASP Hyderabad Chapter

== April 2016 ==
'''Time & Venue:'''

OpenText Technologies, Building No-14, 3rd Floor, Raheja Mindspace, HITEH City, Hyderabad

Saturday, April 2nd, 2016 at 10:30 AM (IST)

'''Agenda:'''

Topic: Mobile application security and testing by Satish Kumar Patnaik

About the speaker - Satish Kumar Patnayak : he is currently working as an Senior Information Security Consultant financial sector and has 5+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. His areas of interest are android security, ios security.

==February 2016==

'''Time & Venue:'''

Saturday, February 27th, 2016 at 10:30 AM (IST)

Location: Pramati Technologies Private Limited, Mid Town 6-3-348 Road No. 1, Banjara Hills, Hyderabad, Telangana, India

'''Agenda:'''

Microsoft Threat Modeling Tool 2016 by Krishna Reddy Padala

Creating DFD STRIDE Model Identifying STRIDE Threats by DFD, Mitigation Techniques and Technologies

'''About the speaker:''' Krishna Reddy Padala, he is currently working as an Senior Information Security Consultant financial sectore and worked with Microsoft and has 8+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. QUALYS GUARD Certified Vulnerability Management Specialist.Certified Ethical Hacker from EC Council.Worked extensively on Web Application Security, Secure Code Reviews in Banking & Financial, Healthcare, Retail, Logistics domains.

== '''Previous Meets:''' ==

==May 11, 2013==

'''Venue:'''

CA Technologies, 115, IT Park Area, Nanakramguda, Gachibowli - (Phone - 040 6687 8000), Hyderabad

'''Agenda:''' Exploiting Java 0-day by Ravindra and Raghuveer, CA Technologies Compliance and Governance by Shalem Raj, Cognizant.

==February 9, 2013==

'''Date & Time: Saturday, February 9, 2013 from 10:00 AM to 1:00 PM '''

'''Venue:'''
CA Technologies 
115, IT Park Area 
Nanakramguda, Gachibowli - (Phone - 040 6687 8000) 
Hyderabad

'''Agenda:'''
IBM Appscan - An automated approach to web app security by Rohit Tamma 
Insecure Storage in iPhone applications by Satish Bommisetty

''' Speakers: '''

'''Rohit Tamma'''
Rohit Tamma has been working in the field of Application Security since 3.5 years. He has experience in Vulnerability Assessments and Penetration Testing of web applications. He is passionate about Mobile security with special interest in Android security. He is currently working with ADP.

'''Satish Bommisetty'''
Satish is an Information Security Professional with 6.5 years of experience in penetration testing of web applications and mobile applications. He is currently working with ADP as a security analyst. He is a Facebook whitehat. He also reported vulnerabilities in Bing, Linkedin and Paypal.

== October 27, 2012 ==

'''Date & Time: Saturday, October 27, 2012 at 11:00 AM (IST) '''.

'''Venue:'''

Invesco private Limited 
15th Floor , North Block, Beside Raidurg Police Station 
DivyaSree Orion SEZ 
Hyderabad, Andhra Pradesh 500032 

'''Agenda:'''

A bird'd eye view of securing Web Applications by Imran Mohammed

SSDLC BSIMM by M S Sripathi

''' Speakers '''

'''Imran Mohammed'''

Mohammed Imran works as Researcher at TCS, Innovation Labs. He also leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Imran is a CEH and his interests include application security assessment, penetration testing and secure code review. When not at work he practices horse riding and marksmanship.

'''Sreepati M S '''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him .

'''Sponsor'''

Invesco Pvt Ltd

== August 11, 2012 ==

'''Date & Time: Saturday, Aug 11, 2012 at 10:30 AM '''.

'''Venue:'''

ADP pvt ltd 
Kothaguda 
Ground floor, Block C Laxmi cyber city Opposite TCS e-park 
Hyderabad, Andhra Pradesh 500081 

'''Agenda:'''

HTML5 Security Part II by Krishna Chaitanya

''' Speakers '''

'''Krishna Chaitanya T'''

Krishna Chaitanya T is a web geek working at Security & Privacy Research Lab, Infosys Labs. He is very much passionate about the web with special interest on Web security and areas such as HTML5, JavaScript, Web browsers, social networking platforms etc. He is a regular blogger and speaker at technical events. For his contributions to technical communities, he has been awarded Microsoft MVP award for 3 consecutive years-ASP.NET MVP(2010) and Internet Explorer MVP (2011, 2012). He is also pursuing M.S by Research at IIIT-Hyd with focus on security aspects of the modern web. When not at work he practices Yoga and plays Chess.

'''Sponsor'''

https://www.owasp.org/images/9/91/Adp.jpg

== May 19, 2012 ==

'''Date & Time: Saturday, May 19, 2012 at 10:30 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

HTML5 Security by Krishna Chaitanya

''' Speakers '''

'''Krishna Chaitanya T'''

Krishna Chaitanya T is a web geek working at Security & Privacy Research Lab, Infosys Labs. He is very much passionate about the web with special interest on Web security and areas such as HTML5, JavaScript, Web browsers, social networking platforms etc. He is a regular blogger and speaker at technical events. For his contributions to technical communities, he has been awarded Microsoft MVP award for 3 consecutive years-ASP.NET MVP(2010) and Internet Explorer MVP (2011, 2012). He is also pursuing M.S by Research at IIIT-Hyd with focus on security aspects of the modern web. When not at work he practices Yoga and plays Chess.

== February 25, 2012 ==

'''Date & Time: Saturday, February 25, 2012 at 11:00 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

How to find zero days in web applications by Imran & Raghunath

''' Speakers '''

'''Mohammed Imran'''

Imran works as Application Security Researcher at Tata consultancy services,leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Apart from his day job he contributes to matriux and Fedora open source projects. Imran is a CEH and his interests include application security assessment, penetration testing and code review.

'''Raghunath'''

Raghunath works as a senior security engineer at entersoft information systems private limited. His interests include web application penetration testing.

== December 17, 2011 ==

'''Date & Time: Saturday, at 10:30 AM '''.

'''Venue: '''

Hotel Sitara Grand 
Road No.12, Road No.12, Banjara Hills 
Hyderabad, Andhra Pradesh 500034, India 

'''Agenda:'''

Cloud Security by Arshad Noor

''' Speakers '''

'''Arshad Noor'''
Chief Technology Officer
StrongAuth, Inc., Sunnyvale, California

Started his great profession as a senior systems designer way back in 1986 at Port Authority of Newyork and New Jersey,- Newyork and worked in Citibank - newyork as Vice President apart from Newyork Life Insurance, BASF Corporation, Sun IT ,Sun Microsystems, INC to name.
Architected and built several Public Key Infrastructure (PKI) assignments for several defense, communication, medical, Banking, e-commerce, life sciences and other industries.

== November 12, 2011==

'''Date & Time: Saturday, at 10:30 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

HP WebInspect by Rohit Tamma

Pentesting Iphone Applications By B Satish

''' Speakers '''

'''Rohit Tamma'''

Rohit Tamma (CEH) has been working as a Application security Analyst in TCS from past 2 years. His job responsibilities include Vulnerability Assessment and Penetration Testing which enabled him to acquire extensive knowledge on HP WebInspect,IBM Rational Appscan Source Edition and HP Assessment Management Platform. Recently he also gave a presentation in Null Hyderabad meet on HP WebInspect.

'''Satish B'''

Satish has been working as a web application penetration tester since 5 years. Pentested over 200 web applications during this period. Recently he got involved in reverse engineering of binaries, WLAN security and mobile application hacking. He also Performed a couple of network assessments and source code reviews. Developed a compiler in the early stage of the career. He has a Bachelor’s Degree in Computer Science from JNTU, Hyderabad.Passionate about hacking and sharing knowledge.

== 20th August 2011 ==

'''Date & Time: Saturady, at 11 AM '''

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

Oracle Padding Attack by B. Satish

Open SAM part II by Sripati MS

''' Speakers '''

'''B Satish'''

I have been working as a web application penetration tester since 5 years. Pentested over 200 web applications during this period. Recently got involved in reverse engineering of binaries, WLAN security and mobile application hacking. Performed a couple of network assessments and source code reviews. Developed a compiler in the early stage of the career. I have a Bachelor’s Degree in Computer Science from JNTU, Hyderabad. Passionate about hacking and sharing knowledge

'''Sreepati M S'''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him

== July 2011 ==

'''Date: 23/07/2011 saturady of at 12:00 Noon '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

Presentation on Burp Suite by Omair Seminar on Open SAM by Sreepati

''' Speakers '''

'''Sreepati M S '''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him

 

'''Omair '''

Omair works as penetration tester in NII consulting, has over 5 years of experience in Penetration testing. His interests include Network Penetration testing, Exploit generation and Reverse engineering

 ''' Facility Sponsor & Refreshment sponsor'''

3i Infotech

[[Image:3i Infotech.png]]

 

== june 2011 ==

'''Meet on:''' 11/06/2011 saturday

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Facility Sponsor & Refreshment sponsor''' 

Cognizant Technology Solutions

 

[[Image:Cognizant.png|273x86px|Cognizant.png]]

 

== May 2011 ==

'''Meet on:''' 07/05/2011 saturday

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

XSS Autopsy and w3af by Imran

''' Speakers '''

'''Mohammed Imran'''

Imran works as Application Security Researcher at Tata consultancy services,leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Apart from his day job he contributes to matriux and Fedora open source projects. Imran is a CEH and his interests include application security assessment, penetration testing and code review.

'''Sponsor''' 

Cognizant Technology Solutions

 

==== Audio/Video/Slides Archive ====

<paypal>Hyderabad</paypal>

__NOTOC__ <headertabs></headertabs>

[[Category:OWASP_Chapter]]
[[Category:Asia/Pacific/Middle East]]
[[Category:India]]
[[Category:Hyderabad]]

Hyderabad

2019-03-06T07:10:59Z

Raj Shalem: /* July - 2018[edit | edit source] */

Welcome to the OWASP Hyderabad chapter homepage.

== OWASP - Hyderabad Chapter Board Members ==
Scope of the board is to discuss and approve local activities, meetings and plans.The board meetings will be announced at a later date. 

'''The board currently includes the following members :'''

''Core Team Members - Since 2017'' [mailto:gshalemraj@gmail.com Shalem Raj - Cognizant Technology Solutions] : Chapter Leader [mailto:rajesh.gopal@owasp.org Rajesh Gopal - Fortune 500 Organisation] [mailto:bhaskar.puppala@owasp.org Bhaskar Puppala - Fortune 500 Organisation] [mailto:sathya.achanta@owasp.org Achanta Sathya Phani Bapi Raju - CSC] [mailto:saikrishna.gobburi@owasp.org Saikrishna Gobburi - Pramati Technologies Pvt Ltd] 

Information about future meets can be seen in the '''''Upcoming Meetings''''' section below.

== '''Location Details''' ==

Hyderabad is the capital of southern India's Telangana state. A major center for the technology industry, it's home to many upscale restaurants and shops. Its historic sites include Golconda Fort, a former diamond-trading center that was once the Qutb Shahi dynastic capital. The Charminar, a 16th-century mosque whose 4 arches support towering minarets, is an old city landmark near the long-standing Laad Bazaar.

[[File:Hydskyline.jpg|Panorama of Hyderabad, as seen from the Hussain Sagar lake. Source: https://en.wikipedia.org/wiki/Hyderabad#/media/File:Hydskyline.jpg|center|1150x1150px]]

More details about Hyderabad location available @https://en.wikipedia.org/wiki/Hyderabad<nowiki/>{{Chapter Template|chaptername=Hyderabad|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-hyderabad|emailarchives=http://lists.owasp.org/pipermail/owasp-hyderabad}}
== Participants ==

OWASP Local Chapter meetings are free and open. Our chapter's meetings are informal and encourage open discussion of all aspects of application security. Anyone in our area interested in web application security is welcome to attend. We encourage attendees to give short presentations about specific topics.

 Stay Updated

'''[https://lists.owasp.org/mailman/listinfo/owasp-hyderabad Click here to join the local chapter mailing list]'''

'''Follow''' OWASP Hyderabad on your favorite social media sites:

[[Image:Twitter mini.png|link=http://twitter.com/OWASPHyderabad]] [[Image:Facebook mini.png|link=https://www.facebook.com/pages/Owasp-Hyderabad/181569591897591]]

'''Share''' OWASP Hyderabad on your favorite social media sites:

Presentations are invited from speakers, Please contacts us at our Telegram Group @https://goo.gl/EHqdLM

(Don't share personal details like contact numbers here, because its an open group, your privacy is our concern)

Presenters are encouraged to use OWASP presentation template for slides preparation.

Follow us at our Telegram, Twitter and Facebook handles to get latest information !

== Presentations and Training[edit | edit source] ==
OWASP Track

[https://www.owasp.org/index.php/Speaker_Agreement Speaker Agreement]

[https://www.owasp.org/images/b/b3/OWASP_Presentation_Template_v2.zip Presentation Template]

[https://www.owasp.org/index.php/Image:CFP_template.doc Call For Papers Template]

[https://www.owasp.org/images/8/85/OWASP_CFT_Template-1-.doc Call For Training proposal template].

[http://www.owasp.org/images/4/4b/SAMPLE_Training_Instructor_Agreement.doc Training Instructor Agreement]

== '''Upcoming Meetings & Events''' ==
''Stay tuned for 2019 updates - Exciting activities are under plan !''

== [[Meeting]] Details: ==

== Mar - 2019 - One-Day Conference ==
'''Organized''' '''by''' : S&P Global

'''Date :''' '''09/Mar/2019'''

'''Timings :''' 9.00 AM Registration starts

'''Event :''' 10.00 AM to 06.00 PM IST

'''Venue :''' @Ness Software Engineering Services India ,LLP, '''4th Floor, Block 5, East Tower,''' '''North wing Divyasree NSL Infrastructure Pvt''', ,Sy No.66/1, Raidurgam Village, Serlingampally Mandal, RR Dist, Hyderabad-500032, Telangana, India

'''Registration Link:''' https://www.meraevents.com/event/owasp-hyderabad-chapter-march-2019-oneday-meet-by-sandp-global
{| class="wikitable"
|'''Registration & Networking'''
|-
|Welcome and Overview by OWASP Core Team:

''Felicitation to Guest of Honor: '''G Janaki Sharmila''' - Dy. Commissioner of Police - Crime''

http://www.cyberabadpolice.gov.in/crime-wing/dcp-crimes.html

''Welcome note by S&P Global Team''
|-
|'''Authentication in API, Microservices Architecture''' '''and Cloud Security''' – By ''Varun Kumar Srivastava'':

Varun is principal Engineer with 9 + years of experience in developing and securing web applications and expertise in Application Security, Identity and Access management, He is a computer science graduate from IIT
|-
|Refreshments / Tea Break
|-
|'''''Panel Discussion''''' ''(Cybersecurity Readiness – Maturity and Capability)''

Dr. Bheemarjuna Reddy Tamma - Associate Professor, IIT Hyderabad - https://www.iith.ac.in/~tbr/

Dr. V. Radha, Associate Professor, Institute for Development and Research in Banking Technology (IDRBT) - http://idrbt.ac.in/vradha.html

Mr. Veeraindhra Dinker, Director Information Security at GSS Infotech Hyderabad - https://www.linkedin.com/in/vdinker

Mr. Venu Rao , Founder and CEO - We Secure App - https://www.linkedin.com/in/venu-rao-wsa
|-
|'''Networking Lunch -'''

'''Registrations for Onsite Hackathon by Secure Code Warrior'''
|-
|'''Executive Briefing: Secure Software Development''' – By Satish Kumar Vadlakonda: Satish is Associate Director with 12 + years of broad industry experience in to software design, architecture and development. Specialized in Web and Windows applications development with a strong acquaintance to the best practices of Agile, UX, UI and Information security
|-
|'''An Introduction to IOT firmware analysis and Security''' – By ''Vivek Rengarajan:''

Vivek is a cybersecurity team leader in a multinational bank with almost 18 years of experience. He has held varied roles in his career and has been a cyber security enthusiast for a long time. His areas of interest include mobile and ioT security, Malware analysis and reverse engineering and exploit development. He tweets at @vivek_310
|-
|Refreshments / Tea Break
|-
|'''''Onsite Hackathon (CTF) by''''' '''''Secure Code Warrior''': '''(3 Hours)'''''[[File:SCW LOGO.png|thumb]]

''Secure Code Warrior is a global security company that makes software development better and more secure: Gamified competitive Developer Quality Assurance platform''

https://securecodewarrior.com , https://insights.securecodewarrior.com

'''Announcement of the winners and Prize distribution'''
|-
|'''Vote of Thanks'''

Closing: Network Business / Announce Next Meeting – By OWASP Team
|-
|Meeting Concludes: ''Network Social''
|}

== Dec - 2018 ==
[[File:Session Photo.jpg|thumb]]
[[File:Group Photo.jpg|thumb]]
'''Organized''' '''by''' : ThoughtWorks Technologies Private Limited

'''Date :''' 15/Dec/2018

'''Timings :''' 10.00 AM to 1.00 PM IST

'''Venue :''' ThoughtWorks Technologies Private Limited, Hyderabad, Telangana, India

'''Registration Link:''' https://www.eventbrite.com/e/owasp-hyderabad-december-2018-chapter-meet-tickets-53371662078#

'''Agenda:'''

'''1) All about Java Deserialization Vulnerability'''

Java Deserialization of untrusted data has been a security buzzword for the past couple of years with almost every application using native Java serialization framework being vulnerable to Java deserialization attacks. Since it's inception, there have been many scattered attempts to come up with a solution to best address this flaw. In this talk we will focus on Java deserialization vulnerability and mitigation framework provided by Oracle in its latest JDK.

'''About Speakers:''' Venkata Suresh Sanga is a Principle Security Engineer in Oracle having more than 13+ years of experience in Application Development and Security. Currently working on SAST Tools to remediate or mitigate the Application Vulnerabilities. He has Masters in Computer Science (M.Tech) from Andhra University. Linkedin : <nowiki>https://in.linkedin.com/in/svsuresh-appse</nowiki>

'''Our Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Our Twitter URL:''' https://twitter.com/owasphyderabad

'''Our Telegram URL:''' https://goo.gl/EHqdLM

== Sept-2018 - One-Day Conference ==
'''Organized''' '''by''' : S&P Global and Ness

'''Date :''' 01/Sept/2018

'''Timings :''' 10.00 AM to 05.30 PM IST

'''Venue :''' @Ness Software Engineering Services India ,LLP, 4th Floor, Block 5, East Tower, '''North wing Divyasree NSL Infrastructure Pvt''', ,Sy No.66/1, Raidurgam Village, Serlingampally Mandal, RR Dist, Hyderabad-500032, Telangana, India

'''Registration Link:'''

https://www.meraevents.com/event/owasp-hyderabad-september-2018-chapter-meet?ucode=organizer

'''Agenda:'''
{| class="wikitable"
|'''Registration & Networking'''
|-
|Welcome and Overview by OWASP Core Team

Welcome note by S&P Global Team

Welcome & Overview of Meeting by OWASP Network Representative
|-
|'''Running Frida on jailed devices by using Frida and to bypass root/jailbreak detection – By Satish Kumar Patnayak'''

About Speaker : Information Security Consultant with 7+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. His areas of interest are android security, ios security
|-
|Refreshments / Tea Break
|-
|'''SSRF Exploit Development – By Aayush Deo'''

About Speaker : Good industry experience in information security and completed my BE from PUNE University. Have worked with shopclues.com, an eCommerce company in the past and have couple of Hall of Fame’s on ZETA, Paytm etc.
|-
|Networking Lunch
|-
|'''Mobile Vulnerabilities worth Millions - Pentesting and Securing iOS Apps using OWASP iGoat – By Swaroop Deepak Yermalkar'''

About Speaker : works as Sr Security Engineer with a diverse skill set focused on Mobile App Pentest, Web, API and AWS Pentesting. In addition he has authored the popular book “Learning iOS Pentesting” (<nowiki>https://goo.gl/T8jvjJ</nowiki>) and lead an open source project - OWASP iGoat (<nowiki>https://github.com/OWASP/iGoat-Swift</nowiki>) which is developed for mobile security. He is one of the top bug bounty researchers worldwide, working with Cobalt.io (<nowiki>https://app.cobalt.io/swaroopsy</nowiki>), Synack.inc.

He has given talks and workshops at many security conferences including AppSec USA 2017, BruCON, SEC-T, EuropeanSec, Hacks in Taiwan (HITCON), GroundZero, c0c0n, 0x90, GNUnify
|-
|'''OS Command Injection - Observation, Attack & Analysis (A1 - OWASP Top 10 2017) - By Bhaskar Puppala and Saikrishna Gobburi'''

About Speaker: Bhaskar Puppala is an Information Security Professional, working as a consultant for a fortune 500 company and has 8.5 years of experience. He is more interested in application security area and love to share his knowledge when possible. He also has some experience in bug bounty programs and listed on couple of Security Hall of Fames.

For more details please visit : <nowiki>https://in.linkedin.com/in/bhaskar-puppala-3bb11316</nowiki>

About Speaker: Saikrishna Gobburi has around 8.5 years of work experience on QA automation, performance and security testing .Currently he is working as Principal engineer with Pramati technologies. He is also associated as core member with OWASP-Hyderabad.

For more details please visit: <nowiki>https://www.linkedin.com/in/saikrishna-gobburi-b0088118/</nowiki>
|-
|Refreshments / Tea Break
|-
|Panel Discussion – Corporate attack methodology vs Attacks in the wild (Resource pool: Demand vs Supply)
Panel to be announced
|-
|Closing - Network Business / Announce Next Meeting – By OWASP Team
|-
|''Network Social''
|}
'''Sponsor :'''
{| class="wikitable"
!1
!2
! rowspan="2" |hi
|-
| colspan="2" |3
|-
| colspan="3" |All
|}
[[File:SP.png|thumb|168x168px|Sponsor]]

== July - 2018[edit | edit source] ==
'''Time & Venue:'''
[[File:July 2018 Core Team meet.jpg|thumb|July 2018 Core Team Meet]]
@28/July/2018

CCD, Banjara Hills, Hyderabad, Telangana.

'''Agenda:'''

1. Planning for Sep 2018 OWASP meet - '''Done'''

2. Telegraph Group Mentoring - '''Done'''

3. Speakers Finalizing - '''Done'''

'''Attendees : Hyderabad OWASP Core Team'''

[[File:CoMakeIT - June 2018 Meet Pic 2.jpg|thumb|CoMakeIT - June 2018 Meet]]

== June - 2018 ==
[[File:CoMakeIT - June 2018 Meet.jpg|alt=CoMakeIT - June 2018 Meet|thumb|CoMakeIT - June 2018 Meet]]
'''Venue: coMakeIT Software Pvt Ltd'''

Address: 7th Floor, Block-I, My Home Hub, Hitech City, Madhapur, Hyderabad, INDIA

'''Event Start Time:''' Saturday, 23rd June, 2018 at 10:00 AM (IST)

'''Event Registration URL''': https://tinyurl.com/yc9cb6hg

'''Agenda:'''

'''1) Adapting to DevSecOps in Agile World'''

In this talk, speaker will try talk about basics of DevSecOps and its benefits when we integrate it in Agile SDLC space.

'''2) Understanding the internals of 'Server-Side Request Forgery' (SSRF)'''

Here speaker will try to touch the basics about how application communicates with end devices and using the same he will try to explain SSRF issue and criticality of it, if exploited.

'''About Speakers:'''

'''1) Saikrishna Gobburi''' has around 8.5 years of work experience on QA automation, performance and security testing .Currently he is working as Principle engineer with Pramati technologies. He is also associated as core member with OWASP-Hyderabad. For more details please visit: <nowiki>https://www.linkedin.com/in/saikrishna-gobburi-b0088118/</nowiki>

'''2) Bhaskar Puppala''' is an Information Security Professional, working as a consultant for a fortune 500 company and has 8.5 years of experience. He is more interested in application security area and love to share his knowledge when possible. He also has some experience in bug bounty programs and listed on couple of Security Hall of Fames. For more details please visit : <nowiki>https://in.linkedin.com/in/bhaskar-puppala-3bb11316</nowiki>

'''Our Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Our Twitter URL:''' https://twitter.com/owasphyderabad

'''Our Telegram URL:''' https://goo.gl/EHqdLM

== Mar - 2018 ==
[[File:Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet.jpg|alt=Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet|thumb|Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet]]
'''Venue: Daspalla Hotel'''
[[File:Daspalla_Hotel_-_Meet.jpg|thumb|Daspalla Hotel Meet - Mar 2018]]

Address: Rd Number 37, CBI Colony, Jubilee Hills, Hyderabad, Telangana 500033, Phone: 040 6654 5678

'''Event Start Time:''' Saturday, 10th Mar, 2018 at 10:00 AM (IST)

'''Agenda:'''

'''1) Does your Pentesting cover all the basis of IT Security ?'''

This talk focuses on how to align the security validation of a web application with the three basic elements of security namely,Confidentiality,Integrity, and Availability (CIA). The test effectiveness can be achieved by analyzing the requirements of each element and identifying the potential breaches that can compromise each element. The efficiency should be built by relating these breaches with the known OWASP Top 10 and other vulnerabilities and, leveraging that knowledge to identify the testing approach - static and dynamic throughout the SDLC.

'''About Speakers:'''

'''Bhushan Gupta''' has over 30 years of experience in software engineering, 23 of which have been in the software industry. Although recognized for his contributions in the areas of software engineering such as agile processes and quality methods and metrics, Bhushan has taken a vigorous interest in web application security and is keen on applying pragmatic software development practices that yield a secure product. He is one of the leaders of the OWASP Portland Chapter. Bhushan has been a speaker, a panelist, and a reviewer for software quality and security organizations. As a change agent, Bhushan volunteers his time and energy for organizations that promote software security and quality. He has a MS degree in Computer Science from New Mexico Institute of Mining and Technology, Socorro, New Mexico, 1985.

'''Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Twitter URL:''' https://twitter.com/owasphyderabad

'''Telegram URL:''' https://goo.gl/EHqdLM

'''Registration URL:''' https://goo.gl/tEXnec

== Feb-2018 ==

=== '''Venue: coMakeIT''' ===
7th Floor, Block-I, My Home Hub, Hitech City, Madhapur, Hyderabad, INDIA

'''Time:''' Saturday, 03rd Feb, 2018 at 10:30 AM (IST)

'''Agenda:'''

1) Mobile Application Pentest & Mobile Application Ransomware

2) Using Static Analyser tools while coding

'''About Speakers:'''

1) '''Spv Reddy''' is an Application Security Analyst at '''IMImobile Pvt Ltd''', member of '''National Technical Committee Member''' at National Cyber Safety and Security Standards

Also a '''Steering Committee Lead''' Member in National Information Security Summit.

2) '''Dathu Rachapudi''' is having 9 years of experience with 6+ years into Application Security only. He is currently working with '''ValueLabs''' as a “Technical Lead-Security”

He likes to teach and a happy a bug hunter during his leisure time.

== Dec-2017 ==
[[File:WhatsApp Image 2017-12-15 at 11.09.39 PM.jpg|thumb]]
'''Time & Venue:'''

@15/Dec/2017

KFC location, Shilparamam, Hi-Tech city, Hyderabad

'''Agenda:'''

1. Planning for Jan 20th 2018 general OWASP meet - '''Done'''

2. Need to clear OWASP mail account - '''Done'''

'''Attendees : Hyderabad OWASP Core Team'''

== Sec-2017 ==
[[File:WhatsApp Image 2017-12-15 at 10.13.27 PM.jpg|thumb]]
'''Time & Venue:'''

@03/Sep/2017

Cafe Coffee day, Road Number 10, Banjara Hills, Hyderabad

'''Below decisions were made after careful discussions'''

1. Uploading of OWASP presentation template, speakers should make use of this template to prepare their presentation

2. Recording the technical demo is mandate for presenters

'''Attendees : Hyderabad OWASP Core Team'''

== July 2017 ==
'''Time & Venue:'''

OpenText Technologies, Building No-14, 3rd Floor, Raheja Mindspace, HITEH City, Hyderabad

Saturday, July 15th, 2017 at 10:30 AM (IST)

'''Agenda:'''

1. Introduction to DevOps and its Tools - Krishna Reddy Pedala

2. API Security Auditing using RESTED Plug-in - Vikas Kumar Pal

'''About the speaker:'''

'''Krishna Reddy Pedala''' is currently working as an Sr.Information Security consultant in financial sector. His previous endeavour was with Microsoft and has 9+ years of experience in Information security domain with expertise in service industry and banking domains.

'''Vikas Kumar Pal''' is an information security professional working with Ceredox Technologies Pvt Ltd, Hyderabad with an interest in research and development in the areas of Application Security, Penetration Testing and Web Application Development.

== Feb 2017 ==

'''Time & Venue:'''

Starbucks, Opp: Cybergateway, HiTech City, Hyderbad

Monday, February 20th, 2017 at 7.30 PM (IST)

'''Agenda:'''

Topic: New Core Team Meeting

Road map for year 2017

Changes in core team members responsibilities

Getting OWASP accounts for core members

Administration of all social accounts of OWASP Hyderabad Chapter

== April 2016 ==
'''Time & Venue:'''

OpenText Technologies, Building No-14, 3rd Floor, Raheja Mindspace, HITEH City, Hyderabad

Saturday, April 2nd, 2016 at 10:30 AM (IST)

'''Agenda:'''

Topic: Mobile application security and testing by Satish Kumar Patnaik

About the speaker - Satish Kumar Patnayak : he is currently working as an Senior Information Security Consultant financial sector and has 5+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. His areas of interest are android security, ios security.

==February 2016==

'''Time & Venue:'''

Saturday, February 27th, 2016 at 10:30 AM (IST)

Location: Pramati Technologies Private Limited, Mid Town 6-3-348 Road No. 1, Banjara Hills, Hyderabad, Telangana, India

'''Agenda:'''

Microsoft Threat Modeling Tool 2016 by Krishna Reddy Padala

Creating DFD STRIDE Model Identifying STRIDE Threats by DFD, Mitigation Techniques and Technologies

'''About the speaker:''' Krishna Reddy Padala, he is currently working as an Senior Information Security Consultant financial sectore and worked with Microsoft and has 8+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. QUALYS GUARD Certified Vulnerability Management Specialist.Certified Ethical Hacker from EC Council.Worked extensively on Web Application Security, Secure Code Reviews in Banking & Financial, Healthcare, Retail, Logistics domains.

== '''Previous Meets:''' ==

==May 11, 2013==

'''Venue:'''

CA Technologies, 115, IT Park Area, Nanakramguda, Gachibowli - (Phone - 040 6687 8000), Hyderabad

'''Agenda:''' Exploiting Java 0-day by Ravindra and Raghuveer, CA Technologies Compliance and Governance by Shalem Raj, Cognizant.

==February 9, 2013==

'''Date & Time: Saturday, February 9, 2013 from 10:00 AM to 1:00 PM '''

'''Venue:'''
CA Technologies 
115, IT Park Area 
Nanakramguda, Gachibowli - (Phone - 040 6687 8000) 
Hyderabad

'''Agenda:'''
IBM Appscan - An automated approach to web app security by Rohit Tamma 
Insecure Storage in iPhone applications by Satish Bommisetty

''' Speakers: '''

'''Rohit Tamma'''
Rohit Tamma has been working in the field of Application Security since 3.5 years. He has experience in Vulnerability Assessments and Penetration Testing of web applications. He is passionate about Mobile security with special interest in Android security. He is currently working with ADP.

'''Satish Bommisetty'''
Satish is an Information Security Professional with 6.5 years of experience in penetration testing of web applications and mobile applications. He is currently working with ADP as a security analyst. He is a Facebook whitehat. He also reported vulnerabilities in Bing, Linkedin and Paypal.

== October 27, 2012 ==

'''Date & Time: Saturday, October 27, 2012 at 11:00 AM (IST) '''.

'''Venue:'''

Invesco private Limited 
15th Floor , North Block, Beside Raidurg Police Station 
DivyaSree Orion SEZ 
Hyderabad, Andhra Pradesh 500032 

'''Agenda:'''

A bird'd eye view of securing Web Applications by Imran Mohammed

SSDLC BSIMM by M S Sripathi

''' Speakers '''

'''Imran Mohammed'''

Mohammed Imran works as Researcher at TCS, Innovation Labs. He also leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Imran is a CEH and his interests include application security assessment, penetration testing and secure code review. When not at work he practices horse riding and marksmanship.

'''Sreepati M S '''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him .

'''Sponsor'''

Invesco Pvt Ltd

== August 11, 2012 ==

'''Date & Time: Saturday, Aug 11, 2012 at 10:30 AM '''.

'''Venue:'''

ADP pvt ltd 
Kothaguda 
Ground floor, Block C Laxmi cyber city Opposite TCS e-park 
Hyderabad, Andhra Pradesh 500081 

'''Agenda:'''

HTML5 Security Part II by Krishna Chaitanya

''' Speakers '''

'''Krishna Chaitanya T'''

Krishna Chaitanya T is a web geek working at Security & Privacy Research Lab, Infosys Labs. He is very much passionate about the web with special interest on Web security and areas such as HTML5, JavaScript, Web browsers, social networking platforms etc. He is a regular blogger and speaker at technical events. For his contributions to technical communities, he has been awarded Microsoft MVP award for 3 consecutive years-ASP.NET MVP(2010) and Internet Explorer MVP (2011, 2012). He is also pursuing M.S by Research at IIIT-Hyd with focus on security aspects of the modern web. When not at work he practices Yoga and plays Chess.

'''Sponsor'''

https://www.owasp.org/images/9/91/Adp.jpg

== May 19, 2012 ==

'''Date & Time: Saturday, May 19, 2012 at 10:30 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

HTML5 Security by Krishna Chaitanya

''' Speakers '''

'''Krishna Chaitanya T'''

Krishna Chaitanya T is a web geek working at Security & Privacy Research Lab, Infosys Labs. He is very much passionate about the web with special interest on Web security and areas such as HTML5, JavaScript, Web browsers, social networking platforms etc. He is a regular blogger and speaker at technical events. For his contributions to technical communities, he has been awarded Microsoft MVP award for 3 consecutive years-ASP.NET MVP(2010) and Internet Explorer MVP (2011, 2012). He is also pursuing M.S by Research at IIIT-Hyd with focus on security aspects of the modern web. When not at work he practices Yoga and plays Chess.

== February 25, 2012 ==

'''Date & Time: Saturday, February 25, 2012 at 11:00 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

How to find zero days in web applications by Imran & Raghunath

''' Speakers '''

'''Mohammed Imran'''

Imran works as Application Security Researcher at Tata consultancy services,leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Apart from his day job he contributes to matriux and Fedora open source projects. Imran is a CEH and his interests include application security assessment, penetration testing and code review.

'''Raghunath'''

Raghunath works as a senior security engineer at entersoft information systems private limited. His interests include web application penetration testing.

== December 17, 2011 ==

'''Date & Time: Saturday, at 10:30 AM '''.

'''Venue: '''

Hotel Sitara Grand 
Road No.12, Road No.12, Banjara Hills 
Hyderabad, Andhra Pradesh 500034, India 

'''Agenda:'''

Cloud Security by Arshad Noor

''' Speakers '''

'''Arshad Noor'''
Chief Technology Officer
StrongAuth, Inc., Sunnyvale, California

Started his great profession as a senior systems designer way back in 1986 at Port Authority of Newyork and New Jersey,- Newyork and worked in Citibank - newyork as Vice President apart from Newyork Life Insurance, BASF Corporation, Sun IT ,Sun Microsystems, INC to name.
Architected and built several Public Key Infrastructure (PKI) assignments for several defense, communication, medical, Banking, e-commerce, life sciences and other industries.

== November 12, 2011==

'''Date & Time: Saturday, at 10:30 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

HP WebInspect by Rohit Tamma

Pentesting Iphone Applications By B Satish

''' Speakers '''

'''Rohit Tamma'''

Rohit Tamma (CEH) has been working as a Application security Analyst in TCS from past 2 years. His job responsibilities include Vulnerability Assessment and Penetration Testing which enabled him to acquire extensive knowledge on HP WebInspect,IBM Rational Appscan Source Edition and HP Assessment Management Platform. Recently he also gave a presentation in Null Hyderabad meet on HP WebInspect.

'''Satish B'''

Satish has been working as a web application penetration tester since 5 years. Pentested over 200 web applications during this period. Recently he got involved in reverse engineering of binaries, WLAN security and mobile application hacking. He also Performed a couple of network assessments and source code reviews. Developed a compiler in the early stage of the career. He has a Bachelor’s Degree in Computer Science from JNTU, Hyderabad.Passionate about hacking and sharing knowledge.

== 20th August 2011 ==

'''Date & Time: Saturady, at 11 AM '''

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

Oracle Padding Attack by B. Satish

Open SAM part II by Sripati MS

''' Speakers '''

'''B Satish'''

I have been working as a web application penetration tester since 5 years. Pentested over 200 web applications during this period. Recently got involved in reverse engineering of binaries, WLAN security and mobile application hacking. Performed a couple of network assessments and source code reviews. Developed a compiler in the early stage of the career. I have a Bachelor’s Degree in Computer Science from JNTU, Hyderabad. Passionate about hacking and sharing knowledge

'''Sreepati M S'''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him

== July 2011 ==

'''Date: 23/07/2011 saturady of at 12:00 Noon '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

Presentation on Burp Suite by Omair Seminar on Open SAM by Sreepati

''' Speakers '''

'''Sreepati M S '''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him

 

'''Omair '''

Omair works as penetration tester in NII consulting, has over 5 years of experience in Penetration testing. His interests include Network Penetration testing, Exploit generation and Reverse engineering

 ''' Facility Sponsor & Refreshment sponsor'''

3i Infotech

[[Image:3i Infotech.png]]

 

== june 2011 ==

'''Meet on:''' 11/06/2011 saturday

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Facility Sponsor & Refreshment sponsor''' 

Cognizant Technology Solutions

 

[[Image:Cognizant.png|273x86px|Cognizant.png]]

 

== May 2011 ==

'''Meet on:''' 07/05/2011 saturday

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

XSS Autopsy and w3af by Imran

''' Speakers '''

'''Mohammed Imran'''

Imran works as Application Security Researcher at Tata consultancy services,leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Apart from his day job he contributes to matriux and Fedora open source projects. Imran is a CEH and his interests include application security assessment, penetration testing and code review.

'''Sponsor''' 

Cognizant Technology Solutions

 

==== Audio/Video/Slides Archive ====

<paypal>Hyderabad</paypal>

__NOTOC__ <headertabs></headertabs>

[[Category:OWASP_Chapter]]
[[Category:Asia/Pacific/Middle East]]
[[Category:India]]
[[Category:Hyderabad]]

Hyderabad

2019-03-06T07:02:46Z

Raj Shalem: /* Mar - 2019 - One-Day Conference */

Welcome to the OWASP Hyderabad chapter homepage.

== OWASP - Hyderabad Chapter Board Members ==
Scope of the board is to discuss and approve local activities, meetings and plans.The board meetings will be announced at a later date. 

'''The board currently includes the following members :'''

''Core Team Members - Since 2017'' [mailto:gshalemraj@gmail.com Shalem Raj - Cognizant Technology Solutions] : Chapter Leader [mailto:rajesh.gopal@owasp.org Rajesh Gopal - Fortune 500 Organisation] [mailto:bhaskar.puppala@owasp.org Bhaskar Puppala - Fortune 500 Organisation] [mailto:sathya.achanta@owasp.org Achanta Sathya Phani Bapi Raju - CSC] [mailto:saikrishna.gobburi@owasp.org Saikrishna Gobburi - Pramati Technologies Pvt Ltd] 

Information about future meets can be seen in the '''''Upcoming Meetings''''' section below.

== '''Location Details''' ==

Hyderabad is the capital of southern India's Telangana state. A major center for the technology industry, it's home to many upscale restaurants and shops. Its historic sites include Golconda Fort, a former diamond-trading center that was once the Qutb Shahi dynastic capital. The Charminar, a 16th-century mosque whose 4 arches support towering minarets, is an old city landmark near the long-standing Laad Bazaar.

[[File:Hydskyline.jpg|Panorama of Hyderabad, as seen from the Hussain Sagar lake. Source: https://en.wikipedia.org/wiki/Hyderabad#/media/File:Hydskyline.jpg|center|1150x1150px]]

More details about Hyderabad location available @https://en.wikipedia.org/wiki/Hyderabad<nowiki/>{{Chapter Template|chaptername=Hyderabad|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-hyderabad|emailarchives=http://lists.owasp.org/pipermail/owasp-hyderabad}}
== Participants ==

OWASP Local Chapter meetings are free and open. Our chapter's meetings are informal and encourage open discussion of all aspects of application security. Anyone in our area interested in web application security is welcome to attend. We encourage attendees to give short presentations about specific topics.

 Stay Updated

'''[https://lists.owasp.org/mailman/listinfo/owasp-hyderabad Click here to join the local chapter mailing list]'''

'''Follow''' OWASP Hyderabad on your favorite social media sites:

[[Image:Twitter mini.png|link=http://twitter.com/OWASPHyderabad]] [[Image:Facebook mini.png|link=https://www.facebook.com/pages/Owasp-Hyderabad/181569591897591]]

'''Share''' OWASP Hyderabad on your favorite social media sites:

Presentations are invited from speakers, Please contacts us at our Telegram Group @https://goo.gl/EHqdLM

(Don't share personal details like contact numbers here, because its an open group, your privacy is our concern)

Presenters are encouraged to use OWASP presentation template for slides preparation.

Follow us at our Telegram, Twitter and Facebook handles to get latest information !

== Presentations and Training[edit | edit source] ==
OWASP Track

[https://www.owasp.org/index.php/Speaker_Agreement Speaker Agreement]

[https://www.owasp.org/images/b/b3/OWASP_Presentation_Template_v2.zip Presentation Template]

[https://www.owasp.org/index.php/Image:CFP_template.doc Call For Papers Template]

[https://www.owasp.org/images/8/85/OWASP_CFT_Template-1-.doc Call For Training proposal template].

[http://www.owasp.org/images/4/4b/SAMPLE_Training_Instructor_Agreement.doc Training Instructor Agreement]

== '''Upcoming Meetings & Events''' ==
''Stay tuned for 2019 updates - Exciting activities are under plan !''

== [[Meeting]] Details: ==

== Mar - 2019 - One-Day Conference ==
'''Organized''' '''by''' : S&P Global

'''Date :''' '''09/Mar/2019'''

'''Timings :''' 9.00 AM Registration starts

'''Event :''' 10.00 AM to 06.00 PM IST

'''Venue :''' @Ness Software Engineering Services India ,LLP, '''4th Floor, Block 5, East Tower,''' '''North wing Divyasree NSL Infrastructure Pvt''', ,Sy No.66/1, Raidurgam Village, Serlingampally Mandal, RR Dist, Hyderabad-500032, Telangana, India

'''Registration Link:''' https://www.meraevents.com/event/owasp-hyderabad-chapter-march-2019-oneday-meet-by-sandp-global
{| class="wikitable"
|'''Registration & Networking'''
|-
|Welcome and Overview by OWASP Core Team:

''Felicitation to Guest of Honor: '''G Janaki Sharmila''' - Dy. Commissioner of Police - Crime''

http://www.cyberabadpolice.gov.in/crime-wing/dcp-crimes.html

''Welcome note by S&P Global Team''
|-
|'''Authentication in API, Microservices Architecture''' '''and Cloud Security''' – By ''Varun Kumar Srivastava'':

Varun is principal Engineer with 9 + years of experience in developing and securing web applications and expertise in Application Security, Identity and Access management, He is a computer science graduate from IIT
|-
|Refreshments / Tea Break
|-
|'''''Panel Discussion''''' ''(Cybersecurity Readiness – Maturity and Capability)''

Dr. Bheemarjuna Reddy Tamma - Associate Professor, IIT Hyderabad - https://www.iith.ac.in/~tbr/

Dr. V. Radha, Associate Professor, Institute for Development and Research in Banking Technology (IDRBT) - http://idrbt.ac.in/vradha.html

Mr. Veeraindhra Dinker, Director Information Security at GSS Infotech Hyderabad - https://www.linkedin.com/in/vdinker

Mr. Venu Rao , Founder and CEO - We Secure App - https://www.linkedin.com/in/venu-rao-wsa
|-
|'''Networking Lunch -'''

'''Registrations for Onsite Hackathon by Secure Code Warrior'''
|-
|'''Executive Briefing: Secure Software Development''' – By Satish Kumar Vadlakonda: Satish is Associate Director with 12 + years of broad industry experience in to software design, architecture and development. Specialized in Web and Windows applications development with a strong acquaintance to the best practices of Agile, UX, UI and Information security
|-
|'''An Introduction to IOT firmware analysis and Security''' – By ''Vivek Rengarajan:''

Vivek is a cybersecurity team leader in a multinational bank with almost 18 years of experience. He has held varied roles in his career and has been a cyber security enthusiast for a long time. His areas of interest include mobile and ioT security, Malware analysis and reverse engineering and exploit development. He tweets at @vivek_310
|-
|Refreshments / Tea Break
|-
|'''''Onsite Hackathon (CTF) by''''' '''''Secure Code Warrior''': '''(3 Hours)'''''[[File:SCW LOGO.png|thumb]]

''Secure Code Warrior is a global security company that makes software development better and more secure: Gamified competitive Developer Quality Assurance platform''

https://securecodewarrior.com , https://insights.securecodewarrior.com

'''Announcement of the winners and Prize distribution'''
|-
|'''Vote of Thanks'''

Closing: Network Business / Announce Next Meeting – By OWASP Team
|-
|Meeting Concludes: ''Network Social''
|}

== Dec - 2018 ==
[[File:Session Photo.jpg|thumb]]
[[File:Group Photo.jpg|thumb]]
'''Organized''' '''by''' : ThoughtWorks Technologies Private Limited

'''Date :''' 15/Dec/2018

'''Timings :''' 10.00 AM to 1.00 PM IST

'''Venue :''' ThoughtWorks Technologies Private Limited, Hyderabad, Telangana, India

'''Registration Link:''' https://www.eventbrite.com/e/owasp-hyderabad-december-2018-chapter-meet-tickets-53371662078#

'''Agenda:'''

'''1) All about Java Deserialization Vulnerability'''

Java Deserialization of untrusted data has been a security buzzword for the past couple of years with almost every application using native Java serialization framework being vulnerable to Java deserialization attacks. Since it's inception, there have been many scattered attempts to come up with a solution to best address this flaw. In this talk we will focus on Java deserialization vulnerability and mitigation framework provided by Oracle in its latest JDK.

'''About Speakers:''' Venkata Suresh Sanga is a Principle Security Engineer in Oracle having more than 13+ years of experience in Application Development and Security. Currently working on SAST Tools to remediate or mitigate the Application Vulnerabilities. He has Masters in Computer Science (M.Tech) from Andhra University. Linkedin : <nowiki>https://in.linkedin.com/in/svsuresh-appse</nowiki>

'''Our Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Our Twitter URL:''' https://twitter.com/owasphyderabad

'''Our Telegram URL:''' https://goo.gl/EHqdLM

== Sept-2018 - One-Day Conference ==
'''Organized''' '''by''' : S&P Global and Ness

'''Date :''' 01/Sept/2018

'''Timings :''' 10.00 AM to 05.30 PM IST

'''Venue :''' @Ness Software Engineering Services India ,LLP, 4th Floor, Block 5, East Tower, '''North wing Divyasree NSL Infrastructure Pvt''', ,Sy No.66/1, Raidurgam Village, Serlingampally Mandal, RR Dist, Hyderabad-500032, Telangana, India

'''Registration Link:'''

https://www.meraevents.com/event/owasp-hyderabad-september-2018-chapter-meet?ucode=organizer

'''Agenda:'''
{| class="wikitable"
|'''Registration & Networking'''
|-
|Welcome and Overview by OWASP Core Team

Welcome note by S&P Global Team

Welcome & Overview of Meeting by OWASP Network Representative
|-
|'''Running Frida on jailed devices by using Frida and to bypass root/jailbreak detection – By Satish Kumar Patnayak'''

About Speaker : Information Security Consultant with 7+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. His areas of interest are android security, ios security
|-
|Refreshments / Tea Break
|-
|'''SSRF Exploit Development – By Aayush Deo'''

About Speaker : Good industry experience in information security and completed my BE from PUNE University. Have worked with shopclues.com, an eCommerce company in the past and have couple of Hall of Fame’s on ZETA, Paytm etc.
|-
|Networking Lunch
|-
|'''Mobile Vulnerabilities worth Millions - Pentesting and Securing iOS Apps using OWASP iGoat – By Swaroop Deepak Yermalkar'''

About Speaker : works as Sr Security Engineer with a diverse skill set focused on Mobile App Pentest, Web, API and AWS Pentesting. In addition he has authored the popular book “Learning iOS Pentesting” (<nowiki>https://goo.gl/T8jvjJ</nowiki>) and lead an open source project - OWASP iGoat (<nowiki>https://github.com/OWASP/iGoat-Swift</nowiki>) which is developed for mobile security. He is one of the top bug bounty researchers worldwide, working with Cobalt.io (<nowiki>https://app.cobalt.io/swaroopsy</nowiki>), Synack.inc.

He has given talks and workshops at many security conferences including AppSec USA 2017, BruCON, SEC-T, EuropeanSec, Hacks in Taiwan (HITCON), GroundZero, c0c0n, 0x90, GNUnify
|-
|'''OS Command Injection - Observation, Attack & Analysis (A1 - OWASP Top 10 2017) - By Bhaskar Puppala and Saikrishna Gobburi'''

About Speaker: Bhaskar Puppala is an Information Security Professional, working as a consultant for a fortune 500 company and has 8.5 years of experience. He is more interested in application security area and love to share his knowledge when possible. He also has some experience in bug bounty programs and listed on couple of Security Hall of Fames.

For more details please visit : <nowiki>https://in.linkedin.com/in/bhaskar-puppala-3bb11316</nowiki>

About Speaker: Saikrishna Gobburi has around 8.5 years of work experience on QA automation, performance and security testing .Currently he is working as Principal engineer with Pramati technologies. He is also associated as core member with OWASP-Hyderabad.

For more details please visit: <nowiki>https://www.linkedin.com/in/saikrishna-gobburi-b0088118/</nowiki>
|-
|Refreshments / Tea Break
|-
|Panel Discussion – Corporate attack methodology vs Attacks in the wild (Resource pool: Demand vs Supply)
Panel to be announced
|-
|Closing - Network Business / Announce Next Meeting – By OWASP Team
|-
|''Network Social''
|}
'''Sponsor :'''<gallery>
https://www.owasp.org/images/9/9e/SP.png|S&P
</gallery>

[[File:SP.png|thumb|168x168px|Sponsor]]

== July - 2018[edit | edit source] ==
'''Time & Venue:'''
[[File:July 2018 Core Team meet.jpg|thumb|July 2018 Core Team Meet]]
@28/July/2018

CCD, Banjara Hills, Hyderabad, Telangana.

'''Agenda:'''

1. Planning for Sep 2018 OWASP meet - '''Done'''

2. Telegraph Group Mentoring - '''Done'''

3. Speakers Finalizing - '''Done'''

'''Attendees : Hyderabad OWASP Core Team'''

[[File:CoMakeIT - June 2018 Meet Pic 2.jpg|thumb|CoMakeIT - June 2018 Meet]]

== June - 2018 ==
[[File:CoMakeIT - June 2018 Meet.jpg|alt=CoMakeIT - June 2018 Meet|thumb|CoMakeIT - June 2018 Meet]]
'''Venue: coMakeIT Software Pvt Ltd'''

Address: 7th Floor, Block-I, My Home Hub, Hitech City, Madhapur, Hyderabad, INDIA

'''Event Start Time:''' Saturday, 23rd June, 2018 at 10:00 AM (IST)

'''Event Registration URL''': https://tinyurl.com/yc9cb6hg

'''Agenda:'''

'''1) Adapting to DevSecOps in Agile World'''

In this talk, speaker will try talk about basics of DevSecOps and its benefits when we integrate it in Agile SDLC space.

'''2) Understanding the internals of 'Server-Side Request Forgery' (SSRF)'''

Here speaker will try to touch the basics about how application communicates with end devices and using the same he will try to explain SSRF issue and criticality of it, if exploited.

'''About Speakers:'''

'''1) Saikrishna Gobburi''' has around 8.5 years of work experience on QA automation, performance and security testing .Currently he is working as Principle engineer with Pramati technologies. He is also associated as core member with OWASP-Hyderabad. For more details please visit: <nowiki>https://www.linkedin.com/in/saikrishna-gobburi-b0088118/</nowiki>

'''2) Bhaskar Puppala''' is an Information Security Professional, working as a consultant for a fortune 500 company and has 8.5 years of experience. He is more interested in application security area and love to share his knowledge when possible. He also has some experience in bug bounty programs and listed on couple of Security Hall of Fames. For more details please visit : <nowiki>https://in.linkedin.com/in/bhaskar-puppala-3bb11316</nowiki>

'''Our Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Our Twitter URL:''' https://twitter.com/owasphyderabad

'''Our Telegram URL:''' https://goo.gl/EHqdLM

== Mar - 2018 ==
[[File:Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet.jpg|alt=Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet|thumb|Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet]]
'''Venue: Daspalla Hotel'''
[[File:Daspalla_Hotel_-_Meet.jpg|thumb|Daspalla Hotel Meet - Mar 2018]]

Address: Rd Number 37, CBI Colony, Jubilee Hills, Hyderabad, Telangana 500033, Phone: 040 6654 5678

'''Event Start Time:''' Saturday, 10th Mar, 2018 at 10:00 AM (IST)

'''Agenda:'''

'''1) Does your Pentesting cover all the basis of IT Security ?'''

This talk focuses on how to align the security validation of a web application with the three basic elements of security namely,Confidentiality,Integrity, and Availability (CIA). The test effectiveness can be achieved by analyzing the requirements of each element and identifying the potential breaches that can compromise each element. The efficiency should be built by relating these breaches with the known OWASP Top 10 and other vulnerabilities and, leveraging that knowledge to identify the testing approach - static and dynamic throughout the SDLC.

'''About Speakers:'''

'''Bhushan Gupta''' has over 30 years of experience in software engineering, 23 of which have been in the software industry. Although recognized for his contributions in the areas of software engineering such as agile processes and quality methods and metrics, Bhushan has taken a vigorous interest in web application security and is keen on applying pragmatic software development practices that yield a secure product. He is one of the leaders of the OWASP Portland Chapter. Bhushan has been a speaker, a panelist, and a reviewer for software quality and security organizations. As a change agent, Bhushan volunteers his time and energy for organizations that promote software security and quality. He has a MS degree in Computer Science from New Mexico Institute of Mining and Technology, Socorro, New Mexico, 1985.

'''Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Twitter URL:''' https://twitter.com/owasphyderabad

'''Telegram URL:''' https://goo.gl/EHqdLM

'''Registration URL:''' https://goo.gl/tEXnec

== Feb-2018 ==

=== '''Venue: coMakeIT''' ===
7th Floor, Block-I, My Home Hub, Hitech City, Madhapur, Hyderabad, INDIA

'''Time:''' Saturday, 03rd Feb, 2018 at 10:30 AM (IST)

'''Agenda:'''

1) Mobile Application Pentest & Mobile Application Ransomware

2) Using Static Analyser tools while coding

'''About Speakers:'''

1) '''Spv Reddy''' is an Application Security Analyst at '''IMImobile Pvt Ltd''', member of '''National Technical Committee Member''' at National Cyber Safety and Security Standards

Also a '''Steering Committee Lead''' Member in National Information Security Summit.

2) '''Dathu Rachapudi''' is having 9 years of experience with 6+ years into Application Security only. He is currently working with '''ValueLabs''' as a “Technical Lead-Security”

He likes to teach and a happy a bug hunter during his leisure time.

== Dec-2017 ==
[[File:WhatsApp Image 2017-12-15 at 11.09.39 PM.jpg|thumb]]
'''Time & Venue:'''

@15/Dec/2017

KFC location, Shilparamam, Hi-Tech city, Hyderabad

'''Agenda:'''

1. Planning for Jan 20th 2018 general OWASP meet - '''Done'''

2. Need to clear OWASP mail account - '''Done'''

'''Attendees : Hyderabad OWASP Core Team'''

== Sec-2017 ==
[[File:WhatsApp Image 2017-12-15 at 10.13.27 PM.jpg|thumb]]
'''Time & Venue:'''

@03/Sep/2017

Cafe Coffee day, Road Number 10, Banjara Hills, Hyderabad

'''Below decisions were made after careful discussions'''

1. Uploading of OWASP presentation template, speakers should make use of this template to prepare their presentation

2. Recording the technical demo is mandate for presenters

'''Attendees : Hyderabad OWASP Core Team'''

== July 2017 ==
'''Time & Venue:'''

OpenText Technologies, Building No-14, 3rd Floor, Raheja Mindspace, HITEH City, Hyderabad

Saturday, July 15th, 2017 at 10:30 AM (IST)

'''Agenda:'''

1. Introduction to DevOps and its Tools - Krishna Reddy Pedala

2. API Security Auditing using RESTED Plug-in - Vikas Kumar Pal

'''About the speaker:'''

'''Krishna Reddy Pedala''' is currently working as an Sr.Information Security consultant in financial sector. His previous endeavour was with Microsoft and has 9+ years of experience in Information security domain with expertise in service industry and banking domains.

'''Vikas Kumar Pal''' is an information security professional working with Ceredox Technologies Pvt Ltd, Hyderabad with an interest in research and development in the areas of Application Security, Penetration Testing and Web Application Development.

== Feb 2017 ==

'''Time & Venue:'''

Starbucks, Opp: Cybergateway, HiTech City, Hyderbad

Monday, February 20th, 2017 at 7.30 PM (IST)

'''Agenda:'''

Topic: New Core Team Meeting

Road map for year 2017

Changes in core team members responsibilities

Getting OWASP accounts for core members

Administration of all social accounts of OWASP Hyderabad Chapter

== April 2016 ==
'''Time & Venue:'''

OpenText Technologies, Building No-14, 3rd Floor, Raheja Mindspace, HITEH City, Hyderabad

Saturday, April 2nd, 2016 at 10:30 AM (IST)

'''Agenda:'''

Topic: Mobile application security and testing by Satish Kumar Patnaik

About the speaker - Satish Kumar Patnayak : he is currently working as an Senior Information Security Consultant financial sector and has 5+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. His areas of interest are android security, ios security.

==February 2016==

'''Time & Venue:'''

Saturday, February 27th, 2016 at 10:30 AM (IST)

Location: Pramati Technologies Private Limited, Mid Town 6-3-348 Road No. 1, Banjara Hills, Hyderabad, Telangana, India

'''Agenda:'''

Microsoft Threat Modeling Tool 2016 by Krishna Reddy Padala

Creating DFD STRIDE Model Identifying STRIDE Threats by DFD, Mitigation Techniques and Technologies

'''About the speaker:''' Krishna Reddy Padala, he is currently working as an Senior Information Security Consultant financial sectore and worked with Microsoft and has 8+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. QUALYS GUARD Certified Vulnerability Management Specialist.Certified Ethical Hacker from EC Council.Worked extensively on Web Application Security, Secure Code Reviews in Banking & Financial, Healthcare, Retail, Logistics domains.

== '''Previous Meets:''' ==

==May 11, 2013==

'''Venue:'''

CA Technologies, 115, IT Park Area, Nanakramguda, Gachibowli - (Phone - 040 6687 8000), Hyderabad

'''Agenda:''' Exploiting Java 0-day by Ravindra and Raghuveer, CA Technologies Compliance and Governance by Shalem Raj, Cognizant.

==February 9, 2013==

'''Date & Time: Saturday, February 9, 2013 from 10:00 AM to 1:00 PM '''

'''Venue:'''
CA Technologies 
115, IT Park Area 
Nanakramguda, Gachibowli - (Phone - 040 6687 8000) 
Hyderabad

'''Agenda:'''
IBM Appscan - An automated approach to web app security by Rohit Tamma 
Insecure Storage in iPhone applications by Satish Bommisetty

''' Speakers: '''

'''Rohit Tamma'''
Rohit Tamma has been working in the field of Application Security since 3.5 years. He has experience in Vulnerability Assessments and Penetration Testing of web applications. He is passionate about Mobile security with special interest in Android security. He is currently working with ADP.

'''Satish Bommisetty'''
Satish is an Information Security Professional with 6.5 years of experience in penetration testing of web applications and mobile applications. He is currently working with ADP as a security analyst. He is a Facebook whitehat. He also reported vulnerabilities in Bing, Linkedin and Paypal.

== October 27, 2012 ==

'''Date & Time: Saturday, October 27, 2012 at 11:00 AM (IST) '''.

'''Venue:'''

Invesco private Limited 
15th Floor , North Block, Beside Raidurg Police Station 
DivyaSree Orion SEZ 
Hyderabad, Andhra Pradesh 500032 

'''Agenda:'''

A bird'd eye view of securing Web Applications by Imran Mohammed

SSDLC BSIMM by M S Sripathi

''' Speakers '''

'''Imran Mohammed'''

Mohammed Imran works as Researcher at TCS, Innovation Labs. He also leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Imran is a CEH and his interests include application security assessment, penetration testing and secure code review. When not at work he practices horse riding and marksmanship.

'''Sreepati M S '''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him .

'''Sponsor'''

Invesco Pvt Ltd

== August 11, 2012 ==

'''Date & Time: Saturday, Aug 11, 2012 at 10:30 AM '''.

'''Venue:'''

ADP pvt ltd 
Kothaguda 
Ground floor, Block C Laxmi cyber city Opposite TCS e-park 
Hyderabad, Andhra Pradesh 500081 

'''Agenda:'''

HTML5 Security Part II by Krishna Chaitanya

''' Speakers '''

'''Krishna Chaitanya T'''

Krishna Chaitanya T is a web geek working at Security & Privacy Research Lab, Infosys Labs. He is very much passionate about the web with special interest on Web security and areas such as HTML5, JavaScript, Web browsers, social networking platforms etc. He is a regular blogger and speaker at technical events. For his contributions to technical communities, he has been awarded Microsoft MVP award for 3 consecutive years-ASP.NET MVP(2010) and Internet Explorer MVP (2011, 2012). He is also pursuing M.S by Research at IIIT-Hyd with focus on security aspects of the modern web. When not at work he practices Yoga and plays Chess.

'''Sponsor'''

https://www.owasp.org/images/9/91/Adp.jpg

== May 19, 2012 ==

'''Date & Time: Saturday, May 19, 2012 at 10:30 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

HTML5 Security by Krishna Chaitanya

''' Speakers '''

'''Krishna Chaitanya T'''

Krishna Chaitanya T is a web geek working at Security & Privacy Research Lab, Infosys Labs. He is very much passionate about the web with special interest on Web security and areas such as HTML5, JavaScript, Web browsers, social networking platforms etc. He is a regular blogger and speaker at technical events. For his contributions to technical communities, he has been awarded Microsoft MVP award for 3 consecutive years-ASP.NET MVP(2010) and Internet Explorer MVP (2011, 2012). He is also pursuing M.S by Research at IIIT-Hyd with focus on security aspects of the modern web. When not at work he practices Yoga and plays Chess.

== February 25, 2012 ==

'''Date & Time: Saturday, February 25, 2012 at 11:00 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

How to find zero days in web applications by Imran & Raghunath

''' Speakers '''

'''Mohammed Imran'''

Imran works as Application Security Researcher at Tata consultancy services,leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Apart from his day job he contributes to matriux and Fedora open source projects. Imran is a CEH and his interests include application security assessment, penetration testing and code review.

'''Raghunath'''

Raghunath works as a senior security engineer at entersoft information systems private limited. His interests include web application penetration testing.

== December 17, 2011 ==

'''Date & Time: Saturday, at 10:30 AM '''.

'''Venue: '''

Hotel Sitara Grand 
Road No.12, Road No.12, Banjara Hills 
Hyderabad, Andhra Pradesh 500034, India 

'''Agenda:'''

Cloud Security by Arshad Noor

''' Speakers '''

'''Arshad Noor'''
Chief Technology Officer
StrongAuth, Inc., Sunnyvale, California

Started his great profession as a senior systems designer way back in 1986 at Port Authority of Newyork and New Jersey,- Newyork and worked in Citibank - newyork as Vice President apart from Newyork Life Insurance, BASF Corporation, Sun IT ,Sun Microsystems, INC to name.
Architected and built several Public Key Infrastructure (PKI) assignments for several defense, communication, medical, Banking, e-commerce, life sciences and other industries.

== November 12, 2011==

'''Date & Time: Saturday, at 10:30 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

HP WebInspect by Rohit Tamma

Pentesting Iphone Applications By B Satish

''' Speakers '''

'''Rohit Tamma'''

Rohit Tamma (CEH) has been working as a Application security Analyst in TCS from past 2 years. His job responsibilities include Vulnerability Assessment and Penetration Testing which enabled him to acquire extensive knowledge on HP WebInspect,IBM Rational Appscan Source Edition and HP Assessment Management Platform. Recently he also gave a presentation in Null Hyderabad meet on HP WebInspect.

'''Satish B'''

Satish has been working as a web application penetration tester since 5 years. Pentested over 200 web applications during this period. Recently he got involved in reverse engineering of binaries, WLAN security and mobile application hacking. He also Performed a couple of network assessments and source code reviews. Developed a compiler in the early stage of the career. He has a Bachelor’s Degree in Computer Science from JNTU, Hyderabad.Passionate about hacking and sharing knowledge.

== 20th August 2011 ==

'''Date & Time: Saturady, at 11 AM '''

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

Oracle Padding Attack by B. Satish

Open SAM part II by Sripati MS

''' Speakers '''

'''B Satish'''

I have been working as a web application penetration tester since 5 years. Pentested over 200 web applications during this period. Recently got involved in reverse engineering of binaries, WLAN security and mobile application hacking. Performed a couple of network assessments and source code reviews. Developed a compiler in the early stage of the career. I have a Bachelor’s Degree in Computer Science from JNTU, Hyderabad. Passionate about hacking and sharing knowledge

'''Sreepati M S'''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him

== July 2011 ==

'''Date: 23/07/2011 saturady of at 12:00 Noon '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

Presentation on Burp Suite by Omair Seminar on Open SAM by Sreepati

''' Speakers '''

'''Sreepati M S '''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him

 

'''Omair '''

Omair works as penetration tester in NII consulting, has over 5 years of experience in Penetration testing. His interests include Network Penetration testing, Exploit generation and Reverse engineering

 ''' Facility Sponsor & Refreshment sponsor'''

3i Infotech

[[Image:3i Infotech.png]]

 

== june 2011 ==

'''Meet on:''' 11/06/2011 saturday

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Facility Sponsor & Refreshment sponsor''' 

Cognizant Technology Solutions

 

[[Image:Cognizant.png|273x86px|Cognizant.png]]

 

== May 2011 ==

'''Meet on:''' 07/05/2011 saturday

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

XSS Autopsy and w3af by Imran

''' Speakers '''

'''Mohammed Imran'''

Imran works as Application Security Researcher at Tata consultancy services,leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Apart from his day job he contributes to matriux and Fedora open source projects. Imran is a CEH and his interests include application security assessment, penetration testing and code review.

'''Sponsor''' 

Cognizant Technology Solutions

 

==== Audio/Video/Slides Archive ====

<paypal>Hyderabad</paypal>

__NOTOC__ <headertabs></headertabs>

[[Category:OWASP_Chapter]]
[[Category:Asia/Pacific/Middle East]]
[[Category:India]]
[[Category:Hyderabad]]

Hyderabad

2019-03-06T07:01:06Z

Raj Shalem: /* Sept-2018 - One-Day Conference */

Welcome to the OWASP Hyderabad chapter homepage.

== OWASP - Hyderabad Chapter Board Members ==
Scope of the board is to discuss and approve local activities, meetings and plans.The board meetings will be announced at a later date. 

'''The board currently includes the following members :'''

''Core Team Members - Since 2017'' [mailto:gshalemraj@gmail.com Shalem Raj - Cognizant Technology Solutions] : Chapter Leader [mailto:rajesh.gopal@owasp.org Rajesh Gopal - Fortune 500 Organisation] [mailto:bhaskar.puppala@owasp.org Bhaskar Puppala - Fortune 500 Organisation] [mailto:sathya.achanta@owasp.org Achanta Sathya Phani Bapi Raju - CSC] [mailto:saikrishna.gobburi@owasp.org Saikrishna Gobburi - Pramati Technologies Pvt Ltd] 

Information about future meets can be seen in the '''''Upcoming Meetings''''' section below.

== '''Location Details''' ==

Hyderabad is the capital of southern India's Telangana state. A major center for the technology industry, it's home to many upscale restaurants and shops. Its historic sites include Golconda Fort, a former diamond-trading center that was once the Qutb Shahi dynastic capital. The Charminar, a 16th-century mosque whose 4 arches support towering minarets, is an old city landmark near the long-standing Laad Bazaar.

[[File:Hydskyline.jpg|Panorama of Hyderabad, as seen from the Hussain Sagar lake. Source: https://en.wikipedia.org/wiki/Hyderabad#/media/File:Hydskyline.jpg|center|1150x1150px]]

More details about Hyderabad location available @https://en.wikipedia.org/wiki/Hyderabad<nowiki/>{{Chapter Template|chaptername=Hyderabad|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-hyderabad|emailarchives=http://lists.owasp.org/pipermail/owasp-hyderabad}}
== Participants ==

OWASP Local Chapter meetings are free and open. Our chapter's meetings are informal and encourage open discussion of all aspects of application security. Anyone in our area interested in web application security is welcome to attend. We encourage attendees to give short presentations about specific topics.

 Stay Updated

'''[https://lists.owasp.org/mailman/listinfo/owasp-hyderabad Click here to join the local chapter mailing list]'''

'''Follow''' OWASP Hyderabad on your favorite social media sites:

[[Image:Twitter mini.png|link=http://twitter.com/OWASPHyderabad]] [[Image:Facebook mini.png|link=https://www.facebook.com/pages/Owasp-Hyderabad/181569591897591]]

'''Share''' OWASP Hyderabad on your favorite social media sites:

Presentations are invited from speakers, Please contacts us at our Telegram Group @https://goo.gl/EHqdLM

(Don't share personal details like contact numbers here, because its an open group, your privacy is our concern)

Presenters are encouraged to use OWASP presentation template for slides preparation.

Follow us at our Telegram, Twitter and Facebook handles to get latest information !

== Presentations and Training[edit | edit source] ==
OWASP Track

[https://www.owasp.org/index.php/Speaker_Agreement Speaker Agreement]

[https://www.owasp.org/images/b/b3/OWASP_Presentation_Template_v2.zip Presentation Template]

[https://www.owasp.org/index.php/Image:CFP_template.doc Call For Papers Template]

[https://www.owasp.org/images/8/85/OWASP_CFT_Template-1-.doc Call For Training proposal template].

[http://www.owasp.org/images/4/4b/SAMPLE_Training_Instructor_Agreement.doc Training Instructor Agreement]

== '''Upcoming Meetings & Events''' ==
''Stay tuned for 2019 updates - Exciting activities are under plan !''

== [[Meeting]] Details: ==

== Mar - 2019 - One-Day Conference ==
'''Organized''' '''by''' : S&P Global

'''Date :''' '''09/Mar/2019'''

'''Timings :''' 9.00 AM Registration starts

'''Event :''' 10.00 AM to 06.00 PM IST

'''Venue :''' @Ness Software Engineering Services India ,LLP, '''4th Floor, Block 5, East Tower,''' '''North wing Divyasree NSL Infrastructure Pvt''', ,Sy No.66/1, Raidurgam Village, Serlingampally Mandal, RR Dist, Hyderabad-500032, Telangana, India

'''Registration Link:''' https://www.meraevents.com/event/owasp-hyderabad-chapter-march-2019-oneday-meet-by-sandp-global
{| class="wikitable"
|'''Registration & Networking'''
|-
|Welcome and Overview by OWASP Core Team:

''Felicitation to Guest of Honor: '''G Janaki Sharmila''' - Dy. Commissioner of Police - Crime''

http://www.cyberabadpolice.gov.in/crime-wing/dcp-crimes.html

''Welcome note by S&P Global Team''
|-
|'''Authentication in API, Microservices Architecture''' '''and Cloud Security''' – By ''Varun Kumar Srivastava'':

Varun is principal Engineer with 9 + years of experience in developing and securing web applications and expertise in Application Security, Identity and Access management, He is a computer science graduate from IIT
|-
|Refreshments / Tea Break
|-
|'''''Panel Discussion''''' ''(Cybersecurity Readiness – Maturity and Capability)''

Dr. Bheemarjuna Reddy Tamma - Associate Professor, IIT Hyderabad - https://www.iith.ac.in/~tbr/

Dr. V. Radha, Associate Professor, Institute for Development and Research in Banking Technology (IDRBT) - http://idrbt.ac.in/vradha.html

Mr. Veeraindhra Dinker, Director Information Security at GSS Infotech Hyderabad - https://www.linkedin.com/in/vdinker

Mr. Venu Rao , Founder and CEO - We Secure App - https://www.linkedin.com/in/venu-rao-wsa
|-
|'''Networking Lunch -'''

'''Registrations for Onsite Hackathon by Secure Code Warrior'''
|-
|'''Executive Briefing: Secure Software Development''' – By Satish Kumar Vadlakonda: Satish is Associate Director with 12 + years of broad industry experience in to software design, architecture and development. Specialized in Web and Windows applications development with a strong acquaintance to the best practices of Agile, UX, UI and Information security
|-
|'''An Introduction to IOT firmware analysis and Security''' – By ''Vivek Rengarajan:''

Vivek is a cybersecurity team leader in a multinational bank with almost 18 years of experience. He has held varied roles in his career and has been a cyber security enthusiast for a long time. His areas of interest include mobile and ioT security, Malware analysis and reverse engineering and exploit development. He tweets at @vivek_310
|-
|Refreshments / Tea Break
|-
|'''''Onsite Hackathon (CTF) by''''' '''''Secure Code Warrior''': '''(3 Hours)'''''[[File:SCW LOGO.png|thumb]]

''Secure Code Warrior is a global security company that makes software development better and more secure: Gamified competitive Developer Quality Assurance platform''

https://securecodewarrior.com , https://insights.securecodewarrior.com

'''Announcement of the winners and Prize distribution'''
|-
|'''Vote of Thanks'''

Closing: Network Business / Announce Next Meeting – By OWASP Team
|-
|Meeting Concludes: ''Network Social''
|}

== Dec - 2018 ==
[[File:Session Photo.jpg|thumb]]
[[File:Group Photo.jpg|thumb]]
'''Organized''' '''by''' : ThoughtWorks Technologies Private Limited

'''Date :''' 15/Dec/2018

'''Timings :''' 10.00 AM to 1.00 PM IST

'''Venue :''' ThoughtWorks Technologies Private Limited, Hyderabad, Telangana, India

'''Registration Link:''' https://www.eventbrite.com/e/owasp-hyderabad-december-2018-chapter-meet-tickets-53371662078#

'''Agenda:'''

'''1) All about Java Deserialization Vulnerability'''

Java Deserialization of untrusted data has been a security buzzword for the past couple of years with almost every application using native Java serialization framework being vulnerable to Java deserialization attacks. Since it's inception, there have been many scattered attempts to come up with a solution to best address this flaw. In this talk we will focus on Java deserialization vulnerability and mitigation framework provided by Oracle in its latest JDK.

'''About Speakers:''' Venkata Suresh Sanga is a Principle Security Engineer in Oracle having more than 13+ years of experience in Application Development and Security. Currently working on SAST Tools to remediate or mitigate the Application Vulnerabilities. He has Masters in Computer Science (M.Tech) from Andhra University. Linkedin : <nowiki>https://in.linkedin.com/in/svsuresh-appse</nowiki>

'''Our Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Our Twitter URL:''' https://twitter.com/owasphyderabad

'''Our Telegram URL:''' https://goo.gl/EHqdLM

== Sept-2018 - One-Day Conference ==
'''Organized''' '''by''' : S&P Global and Ness

'''Date :''' 01/Sept/2018

'''Timings :''' 10.00 AM to 05.30 PM IST

'''Venue :''' @Ness Software Engineering Services India ,LLP, 4th Floor, Block 5, East Tower, '''North wing Divyasree NSL Infrastructure Pvt''', ,Sy No.66/1, Raidurgam Village, Serlingampally Mandal, RR Dist, Hyderabad-500032, Telangana, India

'''Registration Link:'''

https://www.meraevents.com/event/owasp-hyderabad-september-2018-chapter-meet?ucode=organizer

'''Agenda:'''
{| class="wikitable"
|'''Registration & Networking'''
|-
|Welcome and Overview by OWASP Core Team

Welcome note by S&P Global Team

Welcome & Overview of Meeting by OWASP Network Representative
|-
|'''Running Frida on jailed devices by using Frida and to bypass root/jailbreak detection – By Satish Kumar Patnayak'''

About Speaker : Information Security Consultant with 7+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. His areas of interest are android security, ios security
|-
|Refreshments / Tea Break
|-
|'''SSRF Exploit Development – By Aayush Deo'''

About Speaker : Good industry experience in information security and completed my BE from PUNE University. Have worked with shopclues.com, an eCommerce company in the past and have couple of Hall of Fame’s on ZETA, Paytm etc.
|-
|Networking Lunch
|-
|'''Mobile Vulnerabilities worth Millions - Pentesting and Securing iOS Apps using OWASP iGoat – By Swaroop Deepak Yermalkar'''

About Speaker : works as Sr Security Engineer with a diverse skill set focused on Mobile App Pentest, Web, API and AWS Pentesting. In addition he has authored the popular book “Learning iOS Pentesting” (<nowiki>https://goo.gl/T8jvjJ</nowiki>) and lead an open source project - OWASP iGoat (<nowiki>https://github.com/OWASP/iGoat-Swift</nowiki>) which is developed for mobile security. He is one of the top bug bounty researchers worldwide, working with Cobalt.io (<nowiki>https://app.cobalt.io/swaroopsy</nowiki>), Synack.inc.

He has given talks and workshops at many security conferences including AppSec USA 2017, BruCON, SEC-T, EuropeanSec, Hacks in Taiwan (HITCON), GroundZero, c0c0n, 0x90, GNUnify
|-
|'''OS Command Injection - Observation, Attack & Analysis (A1 - OWASP Top 10 2017) - By Bhaskar Puppala and Saikrishna Gobburi'''

About Speaker: Bhaskar Puppala is an Information Security Professional, working as a consultant for a fortune 500 company and has 8.5 years of experience. He is more interested in application security area and love to share his knowledge when possible. He also has some experience in bug bounty programs and listed on couple of Security Hall of Fames.

For more details please visit : <nowiki>https://in.linkedin.com/in/bhaskar-puppala-3bb11316</nowiki>

About Speaker: Saikrishna Gobburi has around 8.5 years of work experience on QA automation, performance and security testing .Currently he is working as Principal engineer with Pramati technologies. He is also associated as core member with OWASP-Hyderabad.

For more details please visit: <nowiki>https://www.linkedin.com/in/saikrishna-gobburi-b0088118/</nowiki>
|-
|Refreshments / Tea Break
|-
|Panel Discussion – Corporate attack methodology vs Attacks in the wild (Resource pool: Demand vs Supply)
Panel to be announced
|-
|Closing - Network Business / Announce Next Meeting – By OWASP Team
|-
|''Network Social''
|}
'''Sponsor :'''<gallery>
File:https://www.owasp.org/images/9/9e/SP.png|S&P
</gallery>

[[File:SP.png|thumb|168x168px|Sponsor]]

== July - 2018[edit | edit source] ==
'''Time & Venue:'''
[[File:July 2018 Core Team meet.jpg|thumb|July 2018 Core Team Meet]]
@28/July/2018

CCD, Banjara Hills, Hyderabad, Telangana.

'''Agenda:'''

1. Planning for Sep 2018 OWASP meet - '''Done'''

2. Telegraph Group Mentoring - '''Done'''

3. Speakers Finalizing - '''Done'''

'''Attendees : Hyderabad OWASP Core Team'''

[[File:CoMakeIT - June 2018 Meet Pic 2.jpg|thumb|CoMakeIT - June 2018 Meet]]

== June - 2018 ==
[[File:CoMakeIT - June 2018 Meet.jpg|alt=CoMakeIT - June 2018 Meet|thumb|CoMakeIT - June 2018 Meet]]
'''Venue: coMakeIT Software Pvt Ltd'''

Address: 7th Floor, Block-I, My Home Hub, Hitech City, Madhapur, Hyderabad, INDIA

'''Event Start Time:''' Saturday, 23rd June, 2018 at 10:00 AM (IST)

'''Event Registration URL''': https://tinyurl.com/yc9cb6hg

'''Agenda:'''

'''1) Adapting to DevSecOps in Agile World'''

In this talk, speaker will try talk about basics of DevSecOps and its benefits when we integrate it in Agile SDLC space.

'''2) Understanding the internals of 'Server-Side Request Forgery' (SSRF)'''

Here speaker will try to touch the basics about how application communicates with end devices and using the same he will try to explain SSRF issue and criticality of it, if exploited.

'''About Speakers:'''

'''1) Saikrishna Gobburi''' has around 8.5 years of work experience on QA automation, performance and security testing .Currently he is working as Principle engineer with Pramati technologies. He is also associated as core member with OWASP-Hyderabad. For more details please visit: <nowiki>https://www.linkedin.com/in/saikrishna-gobburi-b0088118/</nowiki>

'''2) Bhaskar Puppala''' is an Information Security Professional, working as a consultant for a fortune 500 company and has 8.5 years of experience. He is more interested in application security area and love to share his knowledge when possible. He also has some experience in bug bounty programs and listed on couple of Security Hall of Fames. For more details please visit : <nowiki>https://in.linkedin.com/in/bhaskar-puppala-3bb11316</nowiki>

'''Our Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Our Twitter URL:''' https://twitter.com/owasphyderabad

'''Our Telegram URL:''' https://goo.gl/EHqdLM

== Mar - 2018 ==
[[File:Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet.jpg|alt=Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet|thumb|Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet]]
'''Venue: Daspalla Hotel'''
[[File:Daspalla_Hotel_-_Meet.jpg|thumb|Daspalla Hotel Meet - Mar 2018]]

Address: Rd Number 37, CBI Colony, Jubilee Hills, Hyderabad, Telangana 500033, Phone: 040 6654 5678

'''Event Start Time:''' Saturday, 10th Mar, 2018 at 10:00 AM (IST)

'''Agenda:'''

'''1) Does your Pentesting cover all the basis of IT Security ?'''

This talk focuses on how to align the security validation of a web application with the three basic elements of security namely,Confidentiality,Integrity, and Availability (CIA). The test effectiveness can be achieved by analyzing the requirements of each element and identifying the potential breaches that can compromise each element. The efficiency should be built by relating these breaches with the known OWASP Top 10 and other vulnerabilities and, leveraging that knowledge to identify the testing approach - static and dynamic throughout the SDLC.

'''About Speakers:'''

'''Bhushan Gupta''' has over 30 years of experience in software engineering, 23 of which have been in the software industry. Although recognized for his contributions in the areas of software engineering such as agile processes and quality methods and metrics, Bhushan has taken a vigorous interest in web application security and is keen on applying pragmatic software development practices that yield a secure product. He is one of the leaders of the OWASP Portland Chapter. Bhushan has been a speaker, a panelist, and a reviewer for software quality and security organizations. As a change agent, Bhushan volunteers his time and energy for organizations that promote software security and quality. He has a MS degree in Computer Science from New Mexico Institute of Mining and Technology, Socorro, New Mexico, 1985.

'''Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Twitter URL:''' https://twitter.com/owasphyderabad

'''Telegram URL:''' https://goo.gl/EHqdLM

'''Registration URL:''' https://goo.gl/tEXnec

== Feb-2018 ==

=== '''Venue: coMakeIT''' ===
7th Floor, Block-I, My Home Hub, Hitech City, Madhapur, Hyderabad, INDIA

'''Time:''' Saturday, 03rd Feb, 2018 at 10:30 AM (IST)

'''Agenda:'''

1) Mobile Application Pentest & Mobile Application Ransomware

2) Using Static Analyser tools while coding

'''About Speakers:'''

1) '''Spv Reddy''' is an Application Security Analyst at '''IMImobile Pvt Ltd''', member of '''National Technical Committee Member''' at National Cyber Safety and Security Standards

Also a '''Steering Committee Lead''' Member in National Information Security Summit.

2) '''Dathu Rachapudi''' is having 9 years of experience with 6+ years into Application Security only. He is currently working with '''ValueLabs''' as a “Technical Lead-Security”

He likes to teach and a happy a bug hunter during his leisure time.

== Dec-2017 ==
[[File:WhatsApp Image 2017-12-15 at 11.09.39 PM.jpg|thumb]]
'''Time & Venue:'''

@15/Dec/2017

KFC location, Shilparamam, Hi-Tech city, Hyderabad

'''Agenda:'''

1. Planning for Jan 20th 2018 general OWASP meet - '''Done'''

2. Need to clear OWASP mail account - '''Done'''

'''Attendees : Hyderabad OWASP Core Team'''

== Sec-2017 ==
[[File:WhatsApp Image 2017-12-15 at 10.13.27 PM.jpg|thumb]]
'''Time & Venue:'''

@03/Sep/2017

Cafe Coffee day, Road Number 10, Banjara Hills, Hyderabad

'''Below decisions were made after careful discussions'''

1. Uploading of OWASP presentation template, speakers should make use of this template to prepare their presentation

2. Recording the technical demo is mandate for presenters

'''Attendees : Hyderabad OWASP Core Team'''

== July 2017 ==
'''Time & Venue:'''

OpenText Technologies, Building No-14, 3rd Floor, Raheja Mindspace, HITEH City, Hyderabad

Saturday, July 15th, 2017 at 10:30 AM (IST)

'''Agenda:'''

1. Introduction to DevOps and its Tools - Krishna Reddy Pedala

2. API Security Auditing using RESTED Plug-in - Vikas Kumar Pal

'''About the speaker:'''

'''Krishna Reddy Pedala''' is currently working as an Sr.Information Security consultant in financial sector. His previous endeavour was with Microsoft and has 9+ years of experience in Information security domain with expertise in service industry and banking domains.

'''Vikas Kumar Pal''' is an information security professional working with Ceredox Technologies Pvt Ltd, Hyderabad with an interest in research and development in the areas of Application Security, Penetration Testing and Web Application Development.

== Feb 2017 ==

'''Time & Venue:'''

Starbucks, Opp: Cybergateway, HiTech City, Hyderbad

Monday, February 20th, 2017 at 7.30 PM (IST)

'''Agenda:'''

Topic: New Core Team Meeting

Road map for year 2017

Changes in core team members responsibilities

Getting OWASP accounts for core members

Administration of all social accounts of OWASP Hyderabad Chapter

== April 2016 ==
'''Time & Venue:'''

OpenText Technologies, Building No-14, 3rd Floor, Raheja Mindspace, HITEH City, Hyderabad

Saturday, April 2nd, 2016 at 10:30 AM (IST)

'''Agenda:'''

Topic: Mobile application security and testing by Satish Kumar Patnaik

About the speaker - Satish Kumar Patnayak : he is currently working as an Senior Information Security Consultant financial sector and has 5+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. His areas of interest are android security, ios security.

==February 2016==

'''Time & Venue:'''

Saturday, February 27th, 2016 at 10:30 AM (IST)

Location: Pramati Technologies Private Limited, Mid Town 6-3-348 Road No. 1, Banjara Hills, Hyderabad, Telangana, India

'''Agenda:'''

Microsoft Threat Modeling Tool 2016 by Krishna Reddy Padala

Creating DFD STRIDE Model Identifying STRIDE Threats by DFD, Mitigation Techniques and Technologies

'''About the speaker:''' Krishna Reddy Padala, he is currently working as an Senior Information Security Consultant financial sectore and worked with Microsoft and has 8+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. QUALYS GUARD Certified Vulnerability Management Specialist.Certified Ethical Hacker from EC Council.Worked extensively on Web Application Security, Secure Code Reviews in Banking & Financial, Healthcare, Retail, Logistics domains.

== '''Previous Meets:''' ==

==May 11, 2013==

'''Venue:'''

CA Technologies, 115, IT Park Area, Nanakramguda, Gachibowli - (Phone - 040 6687 8000), Hyderabad

'''Agenda:''' Exploiting Java 0-day by Ravindra and Raghuveer, CA Technologies Compliance and Governance by Shalem Raj, Cognizant.

==February 9, 2013==

'''Date & Time: Saturday, February 9, 2013 from 10:00 AM to 1:00 PM '''

'''Venue:'''
CA Technologies 
115, IT Park Area 
Nanakramguda, Gachibowli - (Phone - 040 6687 8000) 
Hyderabad

'''Agenda:'''
IBM Appscan - An automated approach to web app security by Rohit Tamma 
Insecure Storage in iPhone applications by Satish Bommisetty

''' Speakers: '''

'''Rohit Tamma'''
Rohit Tamma has been working in the field of Application Security since 3.5 years. He has experience in Vulnerability Assessments and Penetration Testing of web applications. He is passionate about Mobile security with special interest in Android security. He is currently working with ADP.

'''Satish Bommisetty'''
Satish is an Information Security Professional with 6.5 years of experience in penetration testing of web applications and mobile applications. He is currently working with ADP as a security analyst. He is a Facebook whitehat. He also reported vulnerabilities in Bing, Linkedin and Paypal.

== October 27, 2012 ==

'''Date & Time: Saturday, October 27, 2012 at 11:00 AM (IST) '''.

'''Venue:'''

Invesco private Limited 
15th Floor , North Block, Beside Raidurg Police Station 
DivyaSree Orion SEZ 
Hyderabad, Andhra Pradesh 500032 

'''Agenda:'''

A bird'd eye view of securing Web Applications by Imran Mohammed

SSDLC BSIMM by M S Sripathi

''' Speakers '''

'''Imran Mohammed'''

Mohammed Imran works as Researcher at TCS, Innovation Labs. He also leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Imran is a CEH and his interests include application security assessment, penetration testing and secure code review. When not at work he practices horse riding and marksmanship.

'''Sreepati M S '''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him .

'''Sponsor'''

Invesco Pvt Ltd

== August 11, 2012 ==

'''Date & Time: Saturday, Aug 11, 2012 at 10:30 AM '''.

'''Venue:'''

ADP pvt ltd 
Kothaguda 
Ground floor, Block C Laxmi cyber city Opposite TCS e-park 
Hyderabad, Andhra Pradesh 500081 

'''Agenda:'''

HTML5 Security Part II by Krishna Chaitanya

''' Speakers '''

'''Krishna Chaitanya T'''

Krishna Chaitanya T is a web geek working at Security & Privacy Research Lab, Infosys Labs. He is very much passionate about the web with special interest on Web security and areas such as HTML5, JavaScript, Web browsers, social networking platforms etc. He is a regular blogger and speaker at technical events. For his contributions to technical communities, he has been awarded Microsoft MVP award for 3 consecutive years-ASP.NET MVP(2010) and Internet Explorer MVP (2011, 2012). He is also pursuing M.S by Research at IIIT-Hyd with focus on security aspects of the modern web. When not at work he practices Yoga and plays Chess.

'''Sponsor'''

https://www.owasp.org/images/9/91/Adp.jpg

== May 19, 2012 ==

'''Date & Time: Saturday, May 19, 2012 at 10:30 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

HTML5 Security by Krishna Chaitanya

''' Speakers '''

'''Krishna Chaitanya T'''

Krishna Chaitanya T is a web geek working at Security & Privacy Research Lab, Infosys Labs. He is very much passionate about the web with special interest on Web security and areas such as HTML5, JavaScript, Web browsers, social networking platforms etc. He is a regular blogger and speaker at technical events. For his contributions to technical communities, he has been awarded Microsoft MVP award for 3 consecutive years-ASP.NET MVP(2010) and Internet Explorer MVP (2011, 2012). He is also pursuing M.S by Research at IIIT-Hyd with focus on security aspects of the modern web. When not at work he practices Yoga and plays Chess.

== February 25, 2012 ==

'''Date & Time: Saturday, February 25, 2012 at 11:00 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

How to find zero days in web applications by Imran & Raghunath

''' Speakers '''

'''Mohammed Imran'''

Imran works as Application Security Researcher at Tata consultancy services,leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Apart from his day job he contributes to matriux and Fedora open source projects. Imran is a CEH and his interests include application security assessment, penetration testing and code review.

'''Raghunath'''

Raghunath works as a senior security engineer at entersoft information systems private limited. His interests include web application penetration testing.

== December 17, 2011 ==

'''Date & Time: Saturday, at 10:30 AM '''.

'''Venue: '''

Hotel Sitara Grand 
Road No.12, Road No.12, Banjara Hills 
Hyderabad, Andhra Pradesh 500034, India 

'''Agenda:'''

Cloud Security by Arshad Noor

''' Speakers '''

'''Arshad Noor'''
Chief Technology Officer
StrongAuth, Inc., Sunnyvale, California

Started his great profession as a senior systems designer way back in 1986 at Port Authority of Newyork and New Jersey,- Newyork and worked in Citibank - newyork as Vice President apart from Newyork Life Insurance, BASF Corporation, Sun IT ,Sun Microsystems, INC to name.
Architected and built several Public Key Infrastructure (PKI) assignments for several defense, communication, medical, Banking, e-commerce, life sciences and other industries.

== November 12, 2011==

'''Date & Time: Saturday, at 10:30 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

HP WebInspect by Rohit Tamma

Pentesting Iphone Applications By B Satish

''' Speakers '''

'''Rohit Tamma'''

Rohit Tamma (CEH) has been working as a Application security Analyst in TCS from past 2 years. His job responsibilities include Vulnerability Assessment and Penetration Testing which enabled him to acquire extensive knowledge on HP WebInspect,IBM Rational Appscan Source Edition and HP Assessment Management Platform. Recently he also gave a presentation in Null Hyderabad meet on HP WebInspect.

'''Satish B'''

Satish has been working as a web application penetration tester since 5 years. Pentested over 200 web applications during this period. Recently he got involved in reverse engineering of binaries, WLAN security and mobile application hacking. He also Performed a couple of network assessments and source code reviews. Developed a compiler in the early stage of the career. He has a Bachelor’s Degree in Computer Science from JNTU, Hyderabad.Passionate about hacking and sharing knowledge.

== 20th August 2011 ==

'''Date & Time: Saturady, at 11 AM '''

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

Oracle Padding Attack by B. Satish

Open SAM part II by Sripati MS

''' Speakers '''

'''B Satish'''

I have been working as a web application penetration tester since 5 years. Pentested over 200 web applications during this period. Recently got involved in reverse engineering of binaries, WLAN security and mobile application hacking. Performed a couple of network assessments and source code reviews. Developed a compiler in the early stage of the career. I have a Bachelor’s Degree in Computer Science from JNTU, Hyderabad. Passionate about hacking and sharing knowledge

'''Sreepati M S'''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him

== July 2011 ==

'''Date: 23/07/2011 saturady of at 12:00 Noon '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

Presentation on Burp Suite by Omair Seminar on Open SAM by Sreepati

''' Speakers '''

'''Sreepati M S '''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him

 

'''Omair '''

Omair works as penetration tester in NII consulting, has over 5 years of experience in Penetration testing. His interests include Network Penetration testing, Exploit generation and Reverse engineering

 ''' Facility Sponsor & Refreshment sponsor'''

3i Infotech

[[Image:3i Infotech.png]]

 

== june 2011 ==

'''Meet on:''' 11/06/2011 saturday

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Facility Sponsor & Refreshment sponsor''' 

Cognizant Technology Solutions

 

[[Image:Cognizant.png|273x86px|Cognizant.png]]

 

== May 2011 ==

'''Meet on:''' 07/05/2011 saturday

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

XSS Autopsy and w3af by Imran

''' Speakers '''

'''Mohammed Imran'''

Imran works as Application Security Researcher at Tata consultancy services,leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Apart from his day job he contributes to matriux and Fedora open source projects. Imran is a CEH and his interests include application security assessment, penetration testing and code review.

'''Sponsor''' 

Cognizant Technology Solutions

 

==== Audio/Video/Slides Archive ====

<paypal>Hyderabad</paypal>

__NOTOC__ <headertabs></headertabs>

[[Category:OWASP_Chapter]]
[[Category:Asia/Pacific/Middle East]]
[[Category:India]]
[[Category:Hyderabad]]

Hyderabad

2019-03-06T06:58:53Z

Raj Shalem:

Welcome to the OWASP Hyderabad chapter homepage.

== OWASP - Hyderabad Chapter Board Members ==
Scope of the board is to discuss and approve local activities, meetings and plans.The board meetings will be announced at a later date. 

'''The board currently includes the following members :'''

''Core Team Members - Since 2017'' [mailto:gshalemraj@gmail.com Shalem Raj - Cognizant Technology Solutions] : Chapter Leader [mailto:rajesh.gopal@owasp.org Rajesh Gopal - Fortune 500 Organisation] [mailto:bhaskar.puppala@owasp.org Bhaskar Puppala - Fortune 500 Organisation] [mailto:sathya.achanta@owasp.org Achanta Sathya Phani Bapi Raju - CSC] [mailto:saikrishna.gobburi@owasp.org Saikrishna Gobburi - Pramati Technologies Pvt Ltd] 

Information about future meets can be seen in the '''''Upcoming Meetings''''' section below.

== '''Location Details''' ==

Hyderabad is the capital of southern India's Telangana state. A major center for the technology industry, it's home to many upscale restaurants and shops. Its historic sites include Golconda Fort, a former diamond-trading center that was once the Qutb Shahi dynastic capital. The Charminar, a 16th-century mosque whose 4 arches support towering minarets, is an old city landmark near the long-standing Laad Bazaar.

[[File:Hydskyline.jpg|Panorama of Hyderabad, as seen from the Hussain Sagar lake. Source: https://en.wikipedia.org/wiki/Hyderabad#/media/File:Hydskyline.jpg|center|1150x1150px]]

More details about Hyderabad location available @https://en.wikipedia.org/wiki/Hyderabad<nowiki/>{{Chapter Template|chaptername=Hyderabad|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-hyderabad|emailarchives=http://lists.owasp.org/pipermail/owasp-hyderabad}}
== Participants ==

OWASP Local Chapter meetings are free and open. Our chapter's meetings are informal and encourage open discussion of all aspects of application security. Anyone in our area interested in web application security is welcome to attend. We encourage attendees to give short presentations about specific topics.

 Stay Updated

'''[https://lists.owasp.org/mailman/listinfo/owasp-hyderabad Click here to join the local chapter mailing list]'''

'''Follow''' OWASP Hyderabad on your favorite social media sites:

[[Image:Twitter mini.png|link=http://twitter.com/OWASPHyderabad]] [[Image:Facebook mini.png|link=https://www.facebook.com/pages/Owasp-Hyderabad/181569591897591]]

'''Share''' OWASP Hyderabad on your favorite social media sites:

Presentations are invited from speakers, Please contacts us at our Telegram Group @https://goo.gl/EHqdLM

(Don't share personal details like contact numbers here, because its an open group, your privacy is our concern)

Presenters are encouraged to use OWASP presentation template for slides preparation.

Follow us at our Telegram, Twitter and Facebook handles to get latest information !

== Presentations and Training[edit | edit source] ==
OWASP Track

[https://www.owasp.org/index.php/Speaker_Agreement Speaker Agreement]

[https://www.owasp.org/images/b/b3/OWASP_Presentation_Template_v2.zip Presentation Template]

[https://www.owasp.org/index.php/Image:CFP_template.doc Call For Papers Template]

[https://www.owasp.org/images/8/85/OWASP_CFT_Template-1-.doc Call For Training proposal template].

[http://www.owasp.org/images/4/4b/SAMPLE_Training_Instructor_Agreement.doc Training Instructor Agreement]

== '''Upcoming Meetings & Events''' ==
''Stay tuned for 2019 updates - Exciting activities are under plan !''

== [[Meeting]] Details: ==

== Mar - 2019 - One-Day Conference ==
'''Organized''' '''by''' : S&P Global

'''Date :''' '''09/Mar/2019'''

'''Timings :''' 9.00 AM Registration starts

'''Event :''' 10.00 AM to 06.00 PM IST

'''Venue :''' @Ness Software Engineering Services India ,LLP, '''4th Floor, Block 5, East Tower,''' '''North wing Divyasree NSL Infrastructure Pvt''', ,Sy No.66/1, Raidurgam Village, Serlingampally Mandal, RR Dist, Hyderabad-500032, Telangana, India

'''Registration Link:''' https://www.meraevents.com/event/owasp-hyderabad-chapter-march-2019-oneday-meet-by-sandp-global
{| class="wikitable"
|'''Registration & Networking'''
|-
|Welcome and Overview by OWASP Core Team:

''Felicitation to Guest of Honor: '''G Janaki Sharmila''' - Dy. Commissioner of Police - Crime''

http://www.cyberabadpolice.gov.in/crime-wing/dcp-crimes.html

''Welcome note by S&P Global Team''
|-
|'''Authentication in API, Microservices Architecture''' '''and Cloud Security''' – By ''Varun Kumar Srivastava'':

Varun is principal Engineer with 9 + years of experience in developing and securing web applications and expertise in Application Security, Identity and Access management, He is a computer science graduate from IIT
|-
|Refreshments / Tea Break
|-
|'''''Panel Discussion''''' ''(Cybersecurity Readiness – Maturity and Capability)''

Dr. Bheemarjuna Reddy Tamma - Associate Professor, IIT Hyderabad - https://www.iith.ac.in/~tbr/

Dr. V. Radha, Associate Professor, Institute for Development and Research in Banking Technology (IDRBT) - http://idrbt.ac.in/vradha.html

Mr. Veeraindhra Dinker, Director Information Security at GSS Infotech Hyderabad - https://www.linkedin.com/in/vdinker

Mr. Venu Rao , Founder and CEO - We Secure App - https://www.linkedin.com/in/venu-rao-wsa
|-
|'''Networking Lunch -'''

'''Registrations for Onsite Hackathon by Secure Code Warrior'''
|-
|'''Executive Briefing: Secure Software Development''' – By Satish Kumar Vadlakonda: Satish is Associate Director with 12 + years of broad industry experience in to software design, architecture and development. Specialized in Web and Windows applications development with a strong acquaintance to the best practices of Agile, UX, UI and Information security
|-
|'''An Introduction to IOT firmware analysis and Security''' – By ''Vivek Rengarajan:''

Vivek is a cybersecurity team leader in a multinational bank with almost 18 years of experience. He has held varied roles in his career and has been a cyber security enthusiast for a long time. His areas of interest include mobile and ioT security, Malware analysis and reverse engineering and exploit development. He tweets at @vivek_310
|-
|Refreshments / Tea Break
|-
|'''''Onsite Hackathon (CTF) by''''' '''''Secure Code Warrior''': '''(3 Hours)'''''[[File:SCW LOGO.png|thumb]]

''Secure Code Warrior is a global security company that makes software development better and more secure: Gamified competitive Developer Quality Assurance platform''

https://securecodewarrior.com , https://insights.securecodewarrior.com

'''Announcement of the winners and Prize distribution'''
|-
|'''Vote of Thanks'''

Closing: Network Business / Announce Next Meeting – By OWASP Team
|-
|Meeting Concludes: ''Network Social''
|}

== Dec - 2018 ==
[[File:Session Photo.jpg|thumb]]
[[File:Group Photo.jpg|thumb]]
'''Organized''' '''by''' : ThoughtWorks Technologies Private Limited

'''Date :''' 15/Dec/2018

'''Timings :''' 10.00 AM to 1.00 PM IST

'''Venue :''' ThoughtWorks Technologies Private Limited, Hyderabad, Telangana, India

'''Registration Link:''' https://www.eventbrite.com/e/owasp-hyderabad-december-2018-chapter-meet-tickets-53371662078#

'''Agenda:'''

'''1) All about Java Deserialization Vulnerability'''

Java Deserialization of untrusted data has been a security buzzword for the past couple of years with almost every application using native Java serialization framework being vulnerable to Java deserialization attacks. Since it's inception, there have been many scattered attempts to come up with a solution to best address this flaw. In this talk we will focus on Java deserialization vulnerability and mitigation framework provided by Oracle in its latest JDK.

'''About Speakers:''' Venkata Suresh Sanga is a Principle Security Engineer in Oracle having more than 13+ years of experience in Application Development and Security. Currently working on SAST Tools to remediate or mitigate the Application Vulnerabilities. He has Masters in Computer Science (M.Tech) from Andhra University. Linkedin : <nowiki>https://in.linkedin.com/in/svsuresh-appse</nowiki>

'''Our Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Our Twitter URL:''' https://twitter.com/owasphyderabad

'''Our Telegram URL:''' https://goo.gl/EHqdLM

== Sept-2018 - One-Day Conference ==
'''Organized''' '''by''' : S&P Global and Ness

'''Date :''' 01/Sept/2018

'''Timings :''' 10.00 AM to 05.30 PM IST

'''Venue :''' @Ness Software Engineering Services India ,LLP, 4th Floor, Block 5, East Tower, '''North wing Divyasree NSL Infrastructure Pvt''', ,Sy No.66/1, Raidurgam Village, Serlingampally Mandal, RR Dist, Hyderabad-500032, Telangana, India

'''Registration Link:'''

https://www.meraevents.com/event/owasp-hyderabad-september-2018-chapter-meet?ucode=organizer

'''Agenda:'''
{| class="wikitable"
|'''Registration & Networking'''
|-
|Welcome and Overview by OWASP Core Team

Welcome note by S&P Global Team

Welcome & Overview of Meeting by OWASP Network Representative
|-
|'''Running Frida on jailed devices by using Frida and to bypass root/jailbreak detection – By Satish Kumar Patnayak'''

About Speaker : Information Security Consultant with 7+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. His areas of interest are android security, ios security
|-
|Refreshments / Tea Break
|-
|'''SSRF Exploit Development – By Aayush Deo'''

About Speaker : Good industry experience in information security and completed my BE from PUNE University. Have worked with shopclues.com, an eCommerce company in the past and have couple of Hall of Fame’s on ZETA, Paytm etc.
|-
|Networking Lunch
|-
|'''Mobile Vulnerabilities worth Millions - Pentesting and Securing iOS Apps using OWASP iGoat – By Swaroop Deepak Yermalkar'''

About Speaker : works as Sr Security Engineer with a diverse skill set focused on Mobile App Pentest, Web, API and AWS Pentesting. In addition he has authored the popular book “Learning iOS Pentesting” (<nowiki>https://goo.gl/T8jvjJ</nowiki>) and lead an open source project - OWASP iGoat (<nowiki>https://github.com/OWASP/iGoat-Swift</nowiki>) which is developed for mobile security. He is one of the top bug bounty researchers worldwide, working with Cobalt.io (<nowiki>https://app.cobalt.io/swaroopsy</nowiki>), Synack.inc.

He has given talks and workshops at many security conferences including AppSec USA 2017, BruCON, SEC-T, EuropeanSec, Hacks in Taiwan (HITCON), GroundZero, c0c0n, 0x90, GNUnify
|-
|'''OS Command Injection - Observation, Attack & Analysis (A1 - OWASP Top 10 2017) - By Bhaskar Puppala and Saikrishna Gobburi'''

About Speaker: Bhaskar Puppala is an Information Security Professional, working as a consultant for a fortune 500 company and has 8.5 years of experience. He is more interested in application security area and love to share his knowledge when possible. He also has some experience in bug bounty programs and listed on couple of Security Hall of Fames.

For more details please visit : <nowiki>https://in.linkedin.com/in/bhaskar-puppala-3bb11316</nowiki>

About Speaker: Saikrishna Gobburi has around 8.5 years of work experience on QA automation, performance and security testing .Currently he is working as Principal engineer with Pramati technologies. He is also associated as core member with OWASP-Hyderabad.

For more details please visit: <nowiki>https://www.linkedin.com/in/saikrishna-gobburi-b0088118/</nowiki>
|-
|Refreshments / Tea Break
|-
|Panel Discussion – Corporate attack methodology vs Attacks in the wild (Resource pool: Demand vs Supply)
Panel to be announced
|-
|Closing - Network Business / Announce Next Meeting – By OWASP Team
|-
|''Network Social''
|}
'''Sponsor :'''

[[File:SP.png|thumb|168x168px|Sponsor|center]]

== July - 2018[edit | edit source] ==
'''Time & Venue:'''
[[File:July 2018 Core Team meet.jpg|thumb|July 2018 Core Team Meet]]
@28/July/2018

CCD, Banjara Hills, Hyderabad, Telangana.

'''Agenda:'''

1. Planning for Sep 2018 OWASP meet - '''Done'''

2. Telegraph Group Mentoring - '''Done'''

3. Speakers Finalizing - '''Done'''

'''Attendees : Hyderabad OWASP Core Team'''

[[File:CoMakeIT - June 2018 Meet Pic 2.jpg|thumb|CoMakeIT - June 2018 Meet]]

== June - 2018 ==
[[File:CoMakeIT - June 2018 Meet.jpg|alt=CoMakeIT - June 2018 Meet|thumb|CoMakeIT - June 2018 Meet]]
'''Venue: coMakeIT Software Pvt Ltd'''

Address: 7th Floor, Block-I, My Home Hub, Hitech City, Madhapur, Hyderabad, INDIA

'''Event Start Time:''' Saturday, 23rd June, 2018 at 10:00 AM (IST)

'''Event Registration URL''': https://tinyurl.com/yc9cb6hg

'''Agenda:'''

'''1) Adapting to DevSecOps in Agile World'''

In this talk, speaker will try talk about basics of DevSecOps and its benefits when we integrate it in Agile SDLC space.

'''2) Understanding the internals of 'Server-Side Request Forgery' (SSRF)'''

Here speaker will try to touch the basics about how application communicates with end devices and using the same he will try to explain SSRF issue and criticality of it, if exploited.

'''About Speakers:'''

'''1) Saikrishna Gobburi''' has around 8.5 years of work experience on QA automation, performance and security testing .Currently he is working as Principle engineer with Pramati technologies. He is also associated as core member with OWASP-Hyderabad. For more details please visit: <nowiki>https://www.linkedin.com/in/saikrishna-gobburi-b0088118/</nowiki>

'''2) Bhaskar Puppala''' is an Information Security Professional, working as a consultant for a fortune 500 company and has 8.5 years of experience. He is more interested in application security area and love to share his knowledge when possible. He also has some experience in bug bounty programs and listed on couple of Security Hall of Fames. For more details please visit : <nowiki>https://in.linkedin.com/in/bhaskar-puppala-3bb11316</nowiki>

'''Our Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Our Twitter URL:''' https://twitter.com/owasphyderabad

'''Our Telegram URL:''' https://goo.gl/EHqdLM

== Mar - 2018 ==
[[File:Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet.jpg|alt=Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet|thumb|Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet]]
'''Venue: Daspalla Hotel'''
[[File:Daspalla_Hotel_-_Meet.jpg|thumb|Daspalla Hotel Meet - Mar 2018]]

Address: Rd Number 37, CBI Colony, Jubilee Hills, Hyderabad, Telangana 500033, Phone: 040 6654 5678

'''Event Start Time:''' Saturday, 10th Mar, 2018 at 10:00 AM (IST)

'''Agenda:'''

'''1) Does your Pentesting cover all the basis of IT Security ?'''

This talk focuses on how to align the security validation of a web application with the three basic elements of security namely,Confidentiality,Integrity, and Availability (CIA). The test effectiveness can be achieved by analyzing the requirements of each element and identifying the potential breaches that can compromise each element. The efficiency should be built by relating these breaches with the known OWASP Top 10 and other vulnerabilities and, leveraging that knowledge to identify the testing approach - static and dynamic throughout the SDLC.

'''About Speakers:'''

'''Bhushan Gupta''' has over 30 years of experience in software engineering, 23 of which have been in the software industry. Although recognized for his contributions in the areas of software engineering such as agile processes and quality methods and metrics, Bhushan has taken a vigorous interest in web application security and is keen on applying pragmatic software development practices that yield a secure product. He is one of the leaders of the OWASP Portland Chapter. Bhushan has been a speaker, a panelist, and a reviewer for software quality and security organizations. As a change agent, Bhushan volunteers his time and energy for organizations that promote software security and quality. He has a MS degree in Computer Science from New Mexico Institute of Mining and Technology, Socorro, New Mexico, 1985.

'''Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Twitter URL:''' https://twitter.com/owasphyderabad

'''Telegram URL:''' https://goo.gl/EHqdLM

'''Registration URL:''' https://goo.gl/tEXnec

== Feb-2018 ==

=== '''Venue: coMakeIT''' ===
7th Floor, Block-I, My Home Hub, Hitech City, Madhapur, Hyderabad, INDIA

'''Time:''' Saturday, 03rd Feb, 2018 at 10:30 AM (IST)

'''Agenda:'''

1) Mobile Application Pentest & Mobile Application Ransomware

2) Using Static Analyser tools while coding

'''About Speakers:'''

1) '''Spv Reddy''' is an Application Security Analyst at '''IMImobile Pvt Ltd''', member of '''National Technical Committee Member''' at National Cyber Safety and Security Standards

Also a '''Steering Committee Lead''' Member in National Information Security Summit.

2) '''Dathu Rachapudi''' is having 9 years of experience with 6+ years into Application Security only. He is currently working with '''ValueLabs''' as a “Technical Lead-Security”

He likes to teach and a happy a bug hunter during his leisure time.

== Dec-2017 ==
[[File:WhatsApp Image 2017-12-15 at 11.09.39 PM.jpg|thumb]]
'''Time & Venue:'''

@15/Dec/2017

KFC location, Shilparamam, Hi-Tech city, Hyderabad

'''Agenda:'''

1. Planning for Jan 20th 2018 general OWASP meet - '''Done'''

2. Need to clear OWASP mail account - '''Done'''

'''Attendees : Hyderabad OWASP Core Team'''

== Sec-2017 ==
[[File:WhatsApp Image 2017-12-15 at 10.13.27 PM.jpg|thumb]]
'''Time & Venue:'''

@03/Sep/2017

Cafe Coffee day, Road Number 10, Banjara Hills, Hyderabad

'''Below decisions were made after careful discussions'''

1. Uploading of OWASP presentation template, speakers should make use of this template to prepare their presentation

2. Recording the technical demo is mandate for presenters

'''Attendees : Hyderabad OWASP Core Team'''

== July 2017 ==
'''Time & Venue:'''

OpenText Technologies, Building No-14, 3rd Floor, Raheja Mindspace, HITEH City, Hyderabad

Saturday, July 15th, 2017 at 10:30 AM (IST)

'''Agenda:'''

1. Introduction to DevOps and its Tools - Krishna Reddy Pedala

2. API Security Auditing using RESTED Plug-in - Vikas Kumar Pal

'''About the speaker:'''

'''Krishna Reddy Pedala''' is currently working as an Sr.Information Security consultant in financial sector. His previous endeavour was with Microsoft and has 9+ years of experience in Information security domain with expertise in service industry and banking domains.

'''Vikas Kumar Pal''' is an information security professional working with Ceredox Technologies Pvt Ltd, Hyderabad with an interest in research and development in the areas of Application Security, Penetration Testing and Web Application Development.

== Feb 2017 ==

'''Time & Venue:'''

Starbucks, Opp: Cybergateway, HiTech City, Hyderbad

Monday, February 20th, 2017 at 7.30 PM (IST)

'''Agenda:'''

Topic: New Core Team Meeting

Road map for year 2017

Changes in core team members responsibilities

Getting OWASP accounts for core members

Administration of all social accounts of OWASP Hyderabad Chapter

== April 2016 ==
'''Time & Venue:'''

OpenText Technologies, Building No-14, 3rd Floor, Raheja Mindspace, HITEH City, Hyderabad

Saturday, April 2nd, 2016 at 10:30 AM (IST)

'''Agenda:'''

Topic: Mobile application security and testing by Satish Kumar Patnaik

About the speaker - Satish Kumar Patnayak : he is currently working as an Senior Information Security Consultant financial sector and has 5+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. His areas of interest are android security, ios security.

==February 2016==

'''Time & Venue:'''

Saturday, February 27th, 2016 at 10:30 AM (IST)

Location: Pramati Technologies Private Limited, Mid Town 6-3-348 Road No. 1, Banjara Hills, Hyderabad, Telangana, India

'''Agenda:'''

Microsoft Threat Modeling Tool 2016 by Krishna Reddy Padala

Creating DFD STRIDE Model Identifying STRIDE Threats by DFD, Mitigation Techniques and Technologies

'''About the speaker:''' Krishna Reddy Padala, he is currently working as an Senior Information Security Consultant financial sectore and worked with Microsoft and has 8+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. QUALYS GUARD Certified Vulnerability Management Specialist.Certified Ethical Hacker from EC Council.Worked extensively on Web Application Security, Secure Code Reviews in Banking & Financial, Healthcare, Retail, Logistics domains.

== '''Previous Meets:''' ==

==May 11, 2013==

'''Venue:'''

CA Technologies, 115, IT Park Area, Nanakramguda, Gachibowli - (Phone - 040 6687 8000), Hyderabad

'''Agenda:''' Exploiting Java 0-day by Ravindra and Raghuveer, CA Technologies Compliance and Governance by Shalem Raj, Cognizant.

==February 9, 2013==

'''Date & Time: Saturday, February 9, 2013 from 10:00 AM to 1:00 PM '''

'''Venue:'''
CA Technologies 
115, IT Park Area 
Nanakramguda, Gachibowli - (Phone - 040 6687 8000) 
Hyderabad

'''Agenda:'''
IBM Appscan - An automated approach to web app security by Rohit Tamma 
Insecure Storage in iPhone applications by Satish Bommisetty

''' Speakers: '''

'''Rohit Tamma'''
Rohit Tamma has been working in the field of Application Security since 3.5 years. He has experience in Vulnerability Assessments and Penetration Testing of web applications. He is passionate about Mobile security with special interest in Android security. He is currently working with ADP.

'''Satish Bommisetty'''
Satish is an Information Security Professional with 6.5 years of experience in penetration testing of web applications and mobile applications. He is currently working with ADP as a security analyst. He is a Facebook whitehat. He also reported vulnerabilities in Bing, Linkedin and Paypal.

== October 27, 2012 ==

'''Date & Time: Saturday, October 27, 2012 at 11:00 AM (IST) '''.

'''Venue:'''

Invesco private Limited 
15th Floor , North Block, Beside Raidurg Police Station 
DivyaSree Orion SEZ 
Hyderabad, Andhra Pradesh 500032 

'''Agenda:'''

A bird'd eye view of securing Web Applications by Imran Mohammed

SSDLC BSIMM by M S Sripathi

''' Speakers '''

'''Imran Mohammed'''

Mohammed Imran works as Researcher at TCS, Innovation Labs. He also leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Imran is a CEH and his interests include application security assessment, penetration testing and secure code review. When not at work he practices horse riding and marksmanship.

'''Sreepati M S '''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him .

'''Sponsor'''

Invesco Pvt Ltd

== August 11, 2012 ==

'''Date & Time: Saturday, Aug 11, 2012 at 10:30 AM '''.

'''Venue:'''

ADP pvt ltd 
Kothaguda 
Ground floor, Block C Laxmi cyber city Opposite TCS e-park 
Hyderabad, Andhra Pradesh 500081 

'''Agenda:'''

HTML5 Security Part II by Krishna Chaitanya

''' Speakers '''

'''Krishna Chaitanya T'''

Krishna Chaitanya T is a web geek working at Security & Privacy Research Lab, Infosys Labs. He is very much passionate about the web with special interest on Web security and areas such as HTML5, JavaScript, Web browsers, social networking platforms etc. He is a regular blogger and speaker at technical events. For his contributions to technical communities, he has been awarded Microsoft MVP award for 3 consecutive years-ASP.NET MVP(2010) and Internet Explorer MVP (2011, 2012). He is also pursuing M.S by Research at IIIT-Hyd with focus on security aspects of the modern web. When not at work he practices Yoga and plays Chess.

'''Sponsor'''

https://www.owasp.org/images/9/91/Adp.jpg

== May 19, 2012 ==

'''Date & Time: Saturday, May 19, 2012 at 10:30 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

HTML5 Security by Krishna Chaitanya

''' Speakers '''

'''Krishna Chaitanya T'''

Krishna Chaitanya T is a web geek working at Security & Privacy Research Lab, Infosys Labs. He is very much passionate about the web with special interest on Web security and areas such as HTML5, JavaScript, Web browsers, social networking platforms etc. He is a regular blogger and speaker at technical events. For his contributions to technical communities, he has been awarded Microsoft MVP award for 3 consecutive years-ASP.NET MVP(2010) and Internet Explorer MVP (2011, 2012). He is also pursuing M.S by Research at IIIT-Hyd with focus on security aspects of the modern web. When not at work he practices Yoga and plays Chess.

== February 25, 2012 ==

'''Date & Time: Saturday, February 25, 2012 at 11:00 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

How to find zero days in web applications by Imran & Raghunath

''' Speakers '''

'''Mohammed Imran'''

Imran works as Application Security Researcher at Tata consultancy services,leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Apart from his day job he contributes to matriux and Fedora open source projects. Imran is a CEH and his interests include application security assessment, penetration testing and code review.

'''Raghunath'''

Raghunath works as a senior security engineer at entersoft information systems private limited. His interests include web application penetration testing.

== December 17, 2011 ==

'''Date & Time: Saturday, at 10:30 AM '''.

'''Venue: '''

Hotel Sitara Grand 
Road No.12, Road No.12, Banjara Hills 
Hyderabad, Andhra Pradesh 500034, India 

'''Agenda:'''

Cloud Security by Arshad Noor

''' Speakers '''

'''Arshad Noor'''
Chief Technology Officer
StrongAuth, Inc., Sunnyvale, California

Started his great profession as a senior systems designer way back in 1986 at Port Authority of Newyork and New Jersey,- Newyork and worked in Citibank - newyork as Vice President apart from Newyork Life Insurance, BASF Corporation, Sun IT ,Sun Microsystems, INC to name.
Architected and built several Public Key Infrastructure (PKI) assignments for several defense, communication, medical, Banking, e-commerce, life sciences and other industries.

== November 12, 2011==

'''Date & Time: Saturday, at 10:30 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

HP WebInspect by Rohit Tamma

Pentesting Iphone Applications By B Satish

''' Speakers '''

'''Rohit Tamma'''

Rohit Tamma (CEH) has been working as a Application security Analyst in TCS from past 2 years. His job responsibilities include Vulnerability Assessment and Penetration Testing which enabled him to acquire extensive knowledge on HP WebInspect,IBM Rational Appscan Source Edition and HP Assessment Management Platform. Recently he also gave a presentation in Null Hyderabad meet on HP WebInspect.

'''Satish B'''

Satish has been working as a web application penetration tester since 5 years. Pentested over 200 web applications during this period. Recently he got involved in reverse engineering of binaries, WLAN security and mobile application hacking. He also Performed a couple of network assessments and source code reviews. Developed a compiler in the early stage of the career. He has a Bachelor’s Degree in Computer Science from JNTU, Hyderabad.Passionate about hacking and sharing knowledge.

== 20th August 2011 ==

'''Date & Time: Saturady, at 11 AM '''

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

Oracle Padding Attack by B. Satish

Open SAM part II by Sripati MS

''' Speakers '''

'''B Satish'''

I have been working as a web application penetration tester since 5 years. Pentested over 200 web applications during this period. Recently got involved in reverse engineering of binaries, WLAN security and mobile application hacking. Performed a couple of network assessments and source code reviews. Developed a compiler in the early stage of the career. I have a Bachelor’s Degree in Computer Science from JNTU, Hyderabad. Passionate about hacking and sharing knowledge

'''Sreepati M S'''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him

== July 2011 ==

'''Date: 23/07/2011 saturady of at 12:00 Noon '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

Presentation on Burp Suite by Omair Seminar on Open SAM by Sreepati

''' Speakers '''

'''Sreepati M S '''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him

 

'''Omair '''

Omair works as penetration tester in NII consulting, has over 5 years of experience in Penetration testing. His interests include Network Penetration testing, Exploit generation and Reverse engineering

 ''' Facility Sponsor & Refreshment sponsor'''

3i Infotech

[[Image:3i Infotech.png]]

 

== june 2011 ==

'''Meet on:''' 11/06/2011 saturday

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Facility Sponsor & Refreshment sponsor''' 

Cognizant Technology Solutions

 

[[Image:Cognizant.png|273x86px|Cognizant.png]]

 

== May 2011 ==

'''Meet on:''' 07/05/2011 saturday

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

XSS Autopsy and w3af by Imran

''' Speakers '''

'''Mohammed Imran'''

Imran works as Application Security Researcher at Tata consultancy services,leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Apart from his day job he contributes to matriux and Fedora open source projects. Imran is a CEH and his interests include application security assessment, penetration testing and code review.

'''Sponsor''' 

Cognizant Technology Solutions

 

==== Audio/Video/Slides Archive ====

<paypal>Hyderabad</paypal>

__NOTOC__ <headertabs></headertabs>

[[Category:OWASP_Chapter]]
[[Category:Asia/Pacific/Middle East]]
[[Category:India]]
[[Category:Hyderabad]]

Hyderabad

2019-03-06T06:42:56Z

Raj Shalem: /* Mar - 2019 - One-Day Conference */

Welcome to the OWASP Hyderabad chapter homepage.

== OWASP - Hyderabad Chapter Board Members ==
Scope of the board is to discuss and approve local activities, meetings and plans.The board meetings will be announced at a later date. 

'''The board currently includes the following members :'''

''Core Team Members - Since 2017'' [mailto:gshalemraj@gmail.com Shalem Raj - Cognizant Technology Solutions] : Chapter Leader [mailto:rajesh.gopal@owasp.org Rajesh Gopal - Fortune 500 Organisation] [mailto:bhaskar.puppala@owasp.org Bhaskar Puppala - Fortune 500 Organisation] [mailto:sathya.achanta@owasp.org Achanta Sathya Phani Bapi Raju - CSC] [mailto:saikrishna.gobburi@owasp.org Saikrishna Gobburi - Pramati Technologies Pvt Ltd] 

Information about future meets can be seen in the '''''Upcoming Meetings''''' section below.

== '''Location Details''' ==

Hyderabad is the capital of southern India's Telangana state. A major center for the technology industry, it's home to many upscale restaurants and shops. Its historic sites include Golconda Fort, a former diamond-trading center that was once the Qutb Shahi dynastic capital. The Charminar, a 16th-century mosque whose 4 arches support towering minarets, is an old city landmark near the long-standing Laad Bazaar.

[[File:Hydskyline.jpg|Panorama of Hyderabad, as seen from the Hussain Sagar lake. Source: https://en.wikipedia.org/wiki/Hyderabad#/media/File:Hydskyline.jpg|center|1150x1150px]]

More details about Hyderabad location available @https://en.wikipedia.org/wiki/Hyderabad<nowiki/>{{Chapter Template|chaptername=Hyderabad|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-hyderabad|emailarchives=http://lists.owasp.org/pipermail/owasp-hyderabad}}
== Participants ==

OWASP Local Chapter meetings are free and open. Our chapter's meetings are informal and encourage open discussion of all aspects of application security. Anyone in our area interested in web application security is welcome to attend. We encourage attendees to give short presentations about specific topics.

 Stay Updated

'''[https://lists.owasp.org/mailman/listinfo/owasp-hyderabad Click here to join the local chapter mailing list]'''

'''Follow''' OWASP Hyderabad on your favorite social media sites:

[[Image:Twitter mini.png|link=http://twitter.com/OWASPHyderabad]] [[Image:Facebook mini.png|link=https://www.facebook.com/pages/Owasp-Hyderabad/181569591897591]]

'''Share''' OWASP Hyderabad on your favorite social media sites:

Presentations are invited from speakers, Please contacts us at our Telegram Group @https://goo.gl/EHqdLM

(Don't share personal details like contact numbers here, because its an open group, your privacy is our concern)

Presenters are encouraged to use OWASP presentation template for slides preparation.

Follow us at our Telegram, Twitter and Facebook handles to get latest information !

== Presentations and Training[edit | edit source] ==
OWASP Track

[https://www.owasp.org/index.php/Speaker_Agreement Speaker Agreement]

[https://www.owasp.org/images/b/b3/OWASP_Presentation_Template_v2.zip Presentation Template]

[https://www.owasp.org/index.php/Image:CFP_template.doc Call For Papers Template]

[https://www.owasp.org/images/8/85/OWASP_CFT_Template-1-.doc Call For Training proposal template].

[http://www.owasp.org/images/4/4b/SAMPLE_Training_Instructor_Agreement.doc Training Instructor Agreement]

== '''Upcoming Meetings & Events''' ==
''Stay tuned for 2019 updates - Exciting activities are under plan !''

== [[Meeting]] Details: ==

== Mar - 2019 - One-Day Conference ==
'''Organized''' '''by''' : S&P Global

'''Date :''' '''09/Mar/2019'''

'''Timings :''' 9.00 AM Registration starts

'''Event :''' 10.00 AM to 06.00 PM IST

'''Venue :''' @Ness Software Engineering Services India ,LLP, '''4th Floor, Block 5, East Tower,''' '''North wing Divyasree NSL Infrastructure Pvt''', ,Sy No.66/1, Raidurgam Village, Serlingampally Mandal, RR Dist, Hyderabad-500032, Telangana, India

'''Registration Link:''' https://www.meraevents.com/event/owasp-hyderabad-chapter-march-2019-oneday-meet-by-sandp-global
{| class="wikitable"
|'''Registration & Networking'''
|-
|Welcome and Overview by OWASP Core Team:

''Felicitation to Guest of Honor: '''G Janaki Sharmila''' - Dy. Commissioner of Police - Crime''

http://www.cyberabadpolice.gov.in/crime-wing/dcp-crimes.html

''Welcome note by S&P Global Team''
|-
|'''Authentication in API, Microservices Architecture''' '''and Cloud Security''' – By ''Varun Kumar Srivastava'':

Varun is principal Engineer with 9 + years of experience in developing and securing web applications and expertise in Application Security, Identity and Access management, He is a computer science graduate from IIT
|-
|Refreshments / Tea Break
|-
|'''''Panel Discussion''''' ''(Cybersecurity Readiness – Maturity and Capability)''

Dr. Bheemarjuna Reddy Tamma - Associate Professor, IIT Hyderabad - https://www.iith.ac.in/~tbr/

Dr. V. Radha, Associate Professor, Institute for Development and Research in Banking Technology (IDRBT) - http://idrbt.ac.in/vradha.html

Mr. Veeraindhra Dinker, Director Information Security at GSS Infotech Hyderabad - https://www.linkedin.com/in/vdinker

Mr. Venu Rao , Founder and CEO - We Secure App - https://www.linkedin.com/in/venu-rao-wsa
|-
|'''Networking Lunch -'''

'''Registrations for Onsite Hackathon by Secure Code Warrior'''
|-
|'''Executive Briefing: Secure Software Development''' – By Satish Kumar Vadlakonda: Satish is Associate Director with 12 + years of broad industry experience in to software design, architecture and development. Specialized in Web and Windows applications development with a strong acquaintance to the best practices of Agile, UX, UI and Information security
|-
|'''An Introduction to IOT firmware analysis and Security''' – By ''Vivek Rengarajan:''

Vivek is a cybersecurity team leader in a multinational bank with almost 18 years of experience. He has held varied roles in his career and has been a cyber security enthusiast for a long time. His areas of interest include mobile and ioT security, Malware analysis and reverse engineering and exploit development. He tweets at @vivek_310
|-
|Refreshments / Tea Break
|-
|'''''Onsite Hackathon (CTF) by''''' '''''Secure Code Warrior''': '''(3 Hours)'''''[[File:SCW LOGO.png|thumb]]

''Secure Code Warrior is a global security company that makes software development better and more secure: Gamified competitive Developer Quality Assurance platform''

https://securecodewarrior.com , https://insights.securecodewarrior.com

'''Announcement of the winners and Prize distribution'''
|-
|'''Vote of Thanks'''

Closing: Network Business / Announce Next Meeting – By OWASP Team
|-
|Meeting Concludes: ''Network Social''
|}

== Dec - 2018 ==
[[File:Session Photo.jpg|thumb]]
[[File:Group Photo.jpg|thumb]]
'''Organized''' '''by''' : ThoughtWorks Technologies Private Limited

'''Date :''' 15/Dec/2018

'''Timings :''' 10.00 AM to 1.00 PM IST

'''Venue :''' ThoughtWorks Technologies Private Limited, Hyderabad, Telangana, India

'''Registration Link:''' https://www.eventbrite.com/e/owasp-hyderabad-december-2018-chapter-meet-tickets-53371662078#

'''Agenda:'''

'''1) All about Java Deserialization Vulnerability'''

Java Deserialization of untrusted data has been a security buzzword for the past couple of years with almost every application using native Java serialization framework being vulnerable to Java deserialization attacks. Since it's inception, there have been many scattered attempts to come up with a solution to best address this flaw. In this talk we will focus on Java deserialization vulnerability and mitigation framework provided by Oracle in its latest JDK.

'''About Speakers:''' Venkata Suresh Sanga is a Principle Security Engineer in Oracle having more than 13+ years of experience in Application Development and Security. Currently working on SAST Tools to remediate or mitigate the Application Vulnerabilities. He has Masters in Computer Science (M.Tech) from Andhra University. Linkedin : <nowiki>https://in.linkedin.com/in/svsuresh-appse</nowiki>

'''Our Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Our Twitter URL:''' https://twitter.com/owasphyderabad

'''Our Telegram URL:''' https://goo.gl/EHqdLM

== Sept-2018 - One-Day Conference ==
'''Organized''' '''by''' : S&P Global and Ness

'''Date :''' 01/Sept/2018

'''Timings :''' 10.00 AM to 05.30 PM IST

'''Venue :''' @Ness Software Engineering Services India ,LLP, 4th Floor, Block 5, East Tower, '''North wing Divyasree NSL Infrastructure Pvt''', ,Sy No.66/1, Raidurgam Village, Serlingampally Mandal, RR Dist, Hyderabad-500032, Telangana, India

'''Registration Link:'''

https://www.meraevents.com/event/owasp-hyderabad-september-2018-chapter-meet?ucode=organizer

'''Agenda:'''
{| class="wikitable"
|'''Registration & Networking'''
|-
|Welcome and Overview by OWASP Core Team

Welcome note by S&P Global Team

Welcome & Overview of Meeting by OWASP Network Representative
|-
|'''Running Frida on jailed devices by using Frida and to bypass root/jailbreak detection – By Satish Kumar Patnayak'''

About Speaker : Information Security Consultant with 7+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. His areas of interest are android security, ios security
|-
|Refreshments / Tea Break
|-
|'''SSRF Exploit Development – By Aayush Deo'''

About Speaker : Good industry experience in information security and completed my BE from PUNE University. Have worked with shopclues.com, an eCommerce company in the past and have couple of Hall of Fame’s on ZETA, Paytm etc.
|-
|Networking Lunch
|-
|'''Mobile Vulnerabilities worth Millions - Pentesting and Securing iOS Apps using OWASP iGoat – By Swaroop Deepak Yermalkar'''

About Speaker : works as Sr Security Engineer with a diverse skill set focused on Mobile App Pentest, Web, API and AWS Pentesting. In addition he has authored the popular book “Learning iOS Pentesting” (<nowiki>https://goo.gl/T8jvjJ</nowiki>) and lead an open source project - OWASP iGoat (<nowiki>https://github.com/OWASP/iGoat-Swift</nowiki>) which is developed for mobile security. He is one of the top bug bounty researchers worldwide, working with Cobalt.io (<nowiki>https://app.cobalt.io/swaroopsy</nowiki>), Synack.inc.

He has given talks and workshops at many security conferences including AppSec USA 2017, BruCON, SEC-T, EuropeanSec, Hacks in Taiwan (HITCON), GroundZero, c0c0n, 0x90, GNUnify
|-
|'''OS Command Injection - Observation, Attack & Analysis (A1 - OWASP Top 10 2017) - By Bhaskar Puppala and Saikrishna Gobburi'''

About Speaker: Bhaskar Puppala is an Information Security Professional, working as a consultant for a fortune 500 company and has 8.5 years of experience. He is more interested in application security area and love to share his knowledge when possible. He also has some experience in bug bounty programs and listed on couple of Security Hall of Fames.

For more details please visit : <nowiki>https://in.linkedin.com/in/bhaskar-puppala-3bb11316</nowiki>

About Speaker: Saikrishna Gobburi has around 8.5 years of work experience on QA automation, performance and security testing .Currently he is working as Principal engineer with Pramati technologies. He is also associated as core member with OWASP-Hyderabad.

For more details please visit: <nowiki>https://www.linkedin.com/in/saikrishna-gobburi-b0088118/</nowiki>
|-
|Refreshments / Tea Break
|-
|Panel Discussion – Corporate attack methodology vs Attacks in the wild (Resource pool: Demand vs Supply)
Panel to be announced
|-
|Closing - Network Business / Announce Next Meeting – By OWASP Team
|-
|''Network Social''
|}
'''Sponsor :'''

[[File:SP.png|thumb|168x168px|Sponsor]]

== July - 2018[edit | edit source] ==
'''Time & Venue:'''
[[File:July 2018 Core Team meet.jpg|thumb|July 2018 Core Team Meet]]
@28/July/2018

CCD, Banjara Hills, Hyderabad, Telangana.

'''Agenda:'''

1. Planning for Sep 2018 OWASP meet - '''Done'''

2. Telegraph Group Mentoring - '''Done'''

3. Speakers Finalizing - '''Done'''

'''Attendees : Hyderabad OWASP Core Team'''

[[File:CoMakeIT - June 2018 Meet Pic 2.jpg|thumb|CoMakeIT - June 2018 Meet]]

== June - 2018 ==
[[File:CoMakeIT - June 2018 Meet.jpg|alt=CoMakeIT - June 2018 Meet|thumb|CoMakeIT - June 2018 Meet]]
'''Venue: coMakeIT Software Pvt Ltd'''

Address: 7th Floor, Block-I, My Home Hub, Hitech City, Madhapur, Hyderabad, INDIA

'''Event Start Time:''' Saturday, 23rd June, 2018 at 10:00 AM (IST)

'''Event Registration URL''': https://tinyurl.com/yc9cb6hg

'''Agenda:'''

'''1) Adapting to DevSecOps in Agile World'''

In this talk, speaker will try talk about basics of DevSecOps and its benefits when we integrate it in Agile SDLC space.

'''2) Understanding the internals of 'Server-Side Request Forgery' (SSRF)'''

Here speaker will try to touch the basics about how application communicates with end devices and using the same he will try to explain SSRF issue and criticality of it, if exploited.

'''About Speakers:'''

'''1) Saikrishna Gobburi''' has around 8.5 years of work experience on QA automation, performance and security testing .Currently he is working as Principle engineer with Pramati technologies. He is also associated as core member with OWASP-Hyderabad. For more details please visit: <nowiki>https://www.linkedin.com/in/saikrishna-gobburi-b0088118/</nowiki>

'''2) Bhaskar Puppala''' is an Information Security Professional, working as a consultant for a fortune 500 company and has 8.5 years of experience. He is more interested in application security area and love to share his knowledge when possible. He also has some experience in bug bounty programs and listed on couple of Security Hall of Fames. For more details please visit : <nowiki>https://in.linkedin.com/in/bhaskar-puppala-3bb11316</nowiki>

'''Our Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Our Twitter URL:''' https://twitter.com/owasphyderabad

'''Our Telegram URL:''' https://goo.gl/EHqdLM

== Mar - 2018 ==
[[File:Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet.jpg|alt=Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet|thumb|Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet]]
'''Venue: Daspalla Hotel'''
[[File:Daspalla_Hotel_-_Meet.jpg|thumb|Daspalla Hotel Meet - Mar 2018]]

Address: Rd Number 37, CBI Colony, Jubilee Hills, Hyderabad, Telangana 500033, Phone: 040 6654 5678

'''Event Start Time:''' Saturday, 10th Mar, 2018 at 10:00 AM (IST)

'''Agenda:'''

'''1) Does your Pentesting cover all the basis of IT Security ?'''

This talk focuses on how to align the security validation of a web application with the three basic elements of security namely,Confidentiality,Integrity, and Availability (CIA). The test effectiveness can be achieved by analyzing the requirements of each element and identifying the potential breaches that can compromise each element. The efficiency should be built by relating these breaches with the known OWASP Top 10 and other vulnerabilities and, leveraging that knowledge to identify the testing approach - static and dynamic throughout the SDLC.

'''About Speakers:'''

'''Bhushan Gupta''' has over 30 years of experience in software engineering, 23 of which have been in the software industry. Although recognized for his contributions in the areas of software engineering such as agile processes and quality methods and metrics, Bhushan has taken a vigorous interest in web application security and is keen on applying pragmatic software development practices that yield a secure product. He is one of the leaders of the OWASP Portland Chapter. Bhushan has been a speaker, a panelist, and a reviewer for software quality and security organizations. As a change agent, Bhushan volunteers his time and energy for organizations that promote software security and quality. He has a MS degree in Computer Science from New Mexico Institute of Mining and Technology, Socorro, New Mexico, 1985.

'''Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Twitter URL:''' https://twitter.com/owasphyderabad

'''Telegram URL:''' https://goo.gl/EHqdLM

'''Registration URL:''' https://goo.gl/tEXnec

== Feb-2018 ==

=== '''Venue: coMakeIT''' ===
7th Floor, Block-I, My Home Hub, Hitech City, Madhapur, Hyderabad, INDIA

'''Time:''' Saturday, 03rd Feb, 2018 at 10:30 AM (IST)

'''Agenda:'''

1) Mobile Application Pentest & Mobile Application Ransomware

2) Using Static Analyser tools while coding

'''About Speakers:'''

1) '''Spv Reddy''' is an Application Security Analyst at '''IMImobile Pvt Ltd''', member of '''National Technical Committee Member''' at National Cyber Safety and Security Standards

Also a '''Steering Committee Lead''' Member in National Information Security Summit.

2) '''Dathu Rachapudi''' is having 9 years of experience with 6+ years into Application Security only. He is currently working with '''ValueLabs''' as a “Technical Lead-Security”

He likes to teach and a happy a bug hunter during his leisure time.

== Dec-2017 ==
[[File:WhatsApp Image 2017-12-15 at 11.09.39 PM.jpg|thumb]]
'''Time & Venue:'''

@15/Dec/2017

KFC location, Shilparamam, Hi-Tech city, Hyderabad

'''Agenda:'''

1. Planning for Jan 20th 2018 general OWASP meet - '''Done'''

2. Need to clear OWASP mail account - '''Done'''

'''Attendees : Hyderabad OWASP Core Team'''

== Sec-2017 ==
[[File:WhatsApp Image 2017-12-15 at 10.13.27 PM.jpg|thumb]]
'''Time & Venue:'''

@03/Sep/2017

Cafe Coffee day, Road Number 10, Banjara Hills, Hyderabad

'''Below decisions were made after careful discussions'''

1. Uploading of OWASP presentation template, speakers should make use of this template to prepare their presentation

2. Recording the technical demo is mandate for presenters

'''Attendees : Hyderabad OWASP Core Team'''

== July 2017 ==
'''Time & Venue:'''

OpenText Technologies, Building No-14, 3rd Floor, Raheja Mindspace, HITEH City, Hyderabad

Saturday, July 15th, 2017 at 10:30 AM (IST)

'''Agenda:'''

1. Introduction to DevOps and its Tools - Krishna Reddy Pedala

2. API Security Auditing using RESTED Plug-in - Vikas Kumar Pal

'''About the speaker:'''

'''Krishna Reddy Pedala''' is currently working as an Sr.Information Security consultant in financial sector. His previous endeavour was with Microsoft and has 9+ years of experience in Information security domain with expertise in service industry and banking domains.

'''Vikas Kumar Pal''' is an information security professional working with Ceredox Technologies Pvt Ltd, Hyderabad with an interest in research and development in the areas of Application Security, Penetration Testing and Web Application Development.

== Feb 2017 ==

'''Time & Venue:'''

Starbucks, Opp: Cybergateway, HiTech City, Hyderbad

Monday, February 20th, 2017 at 7.30 PM (IST)

'''Agenda:'''

Topic: New Core Team Meeting

Road map for year 2017

Changes in core team members responsibilities

Getting OWASP accounts for core members

Administration of all social accounts of OWASP Hyderabad Chapter

== April 2016 ==
'''Time & Venue:'''

OpenText Technologies, Building No-14, 3rd Floor, Raheja Mindspace, HITEH City, Hyderabad

Saturday, April 2nd, 2016 at 10:30 AM (IST)

'''Agenda:'''

Topic: Mobile application security and testing by Satish Kumar Patnaik

About the speaker - Satish Kumar Patnayak : he is currently working as an Senior Information Security Consultant financial sector and has 5+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. His areas of interest are android security, ios security.

==February 2016==

'''Time & Venue:'''

Saturday, February 27th, 2016 at 10:30 AM (IST)

Location: Pramati Technologies Private Limited, Mid Town 6-3-348 Road No. 1, Banjara Hills, Hyderabad, Telangana, India

'''Agenda:'''

Microsoft Threat Modeling Tool 2016 by Krishna Reddy Padala

Creating DFD STRIDE Model Identifying STRIDE Threats by DFD, Mitigation Techniques and Technologies

'''About the speaker:''' Krishna Reddy Padala, he is currently working as an Senior Information Security Consultant financial sectore and worked with Microsoft and has 8+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. QUALYS GUARD Certified Vulnerability Management Specialist.Certified Ethical Hacker from EC Council.Worked extensively on Web Application Security, Secure Code Reviews in Banking & Financial, Healthcare, Retail, Logistics domains.

== '''Previous Meets:''' ==

==May 11, 2013==

'''Venue:'''

CA Technologies, 115, IT Park Area, Nanakramguda, Gachibowli - (Phone - 040 6687 8000), Hyderabad

'''Agenda:''' Exploiting Java 0-day by Ravindra and Raghuveer, CA Technologies Compliance and Governance by Shalem Raj, Cognizant.

==February 9, 2013==

'''Date & Time: Saturday, February 9, 2013 from 10:00 AM to 1:00 PM '''

'''Venue:'''
CA Technologies 
115, IT Park Area 
Nanakramguda, Gachibowli - (Phone - 040 6687 8000) 
Hyderabad

'''Agenda:'''
IBM Appscan - An automated approach to web app security by Rohit Tamma 
Insecure Storage in iPhone applications by Satish Bommisetty

''' Speakers: '''

'''Rohit Tamma'''
Rohit Tamma has been working in the field of Application Security since 3.5 years. He has experience in Vulnerability Assessments and Penetration Testing of web applications. He is passionate about Mobile security with special interest in Android security. He is currently working with ADP.

'''Satish Bommisetty'''
Satish is an Information Security Professional with 6.5 years of experience in penetration testing of web applications and mobile applications. He is currently working with ADP as a security analyst. He is a Facebook whitehat. He also reported vulnerabilities in Bing, Linkedin and Paypal.

== October 27, 2012 ==

'''Date & Time: Saturday, October 27, 2012 at 11:00 AM (IST) '''.

'''Venue:'''

Invesco private Limited 
15th Floor , North Block, Beside Raidurg Police Station 
DivyaSree Orion SEZ 
Hyderabad, Andhra Pradesh 500032 

'''Agenda:'''

A bird'd eye view of securing Web Applications by Imran Mohammed

SSDLC BSIMM by M S Sripathi

''' Speakers '''

'''Imran Mohammed'''

Mohammed Imran works as Researcher at TCS, Innovation Labs. He also leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Imran is a CEH and his interests include application security assessment, penetration testing and secure code review. When not at work he practices horse riding and marksmanship.

'''Sreepati M S '''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him .

'''Sponsor'''

Invesco Pvt Ltd

== August 11, 2012 ==

'''Date & Time: Saturday, Aug 11, 2012 at 10:30 AM '''.

'''Venue:'''

ADP pvt ltd 
Kothaguda 
Ground floor, Block C Laxmi cyber city Opposite TCS e-park 
Hyderabad, Andhra Pradesh 500081 

'''Agenda:'''

HTML5 Security Part II by Krishna Chaitanya

''' Speakers '''

'''Krishna Chaitanya T'''

Krishna Chaitanya T is a web geek working at Security & Privacy Research Lab, Infosys Labs. He is very much passionate about the web with special interest on Web security and areas such as HTML5, JavaScript, Web browsers, social networking platforms etc. He is a regular blogger and speaker at technical events. For his contributions to technical communities, he has been awarded Microsoft MVP award for 3 consecutive years-ASP.NET MVP(2010) and Internet Explorer MVP (2011, 2012). He is also pursuing M.S by Research at IIIT-Hyd with focus on security aspects of the modern web. When not at work he practices Yoga and plays Chess.

'''Sponsor'''

https://www.owasp.org/images/9/91/Adp.jpg

== May 19, 2012 ==

'''Date & Time: Saturday, May 19, 2012 at 10:30 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

HTML5 Security by Krishna Chaitanya

''' Speakers '''

'''Krishna Chaitanya T'''

Krishna Chaitanya T is a web geek working at Security & Privacy Research Lab, Infosys Labs. He is very much passionate about the web with special interest on Web security and areas such as HTML5, JavaScript, Web browsers, social networking platforms etc. He is a regular blogger and speaker at technical events. For his contributions to technical communities, he has been awarded Microsoft MVP award for 3 consecutive years-ASP.NET MVP(2010) and Internet Explorer MVP (2011, 2012). He is also pursuing M.S by Research at IIIT-Hyd with focus on security aspects of the modern web. When not at work he practices Yoga and plays Chess.

== February 25, 2012 ==

'''Date & Time: Saturday, February 25, 2012 at 11:00 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

How to find zero days in web applications by Imran & Raghunath

''' Speakers '''

'''Mohammed Imran'''

Imran works as Application Security Researcher at Tata consultancy services,leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Apart from his day job he contributes to matriux and Fedora open source projects. Imran is a CEH and his interests include application security assessment, penetration testing and code review.

'''Raghunath'''

Raghunath works as a senior security engineer at entersoft information systems private limited. His interests include web application penetration testing.

== December 17, 2011 ==

'''Date & Time: Saturday, at 10:30 AM '''.

'''Venue: '''

Hotel Sitara Grand 
Road No.12, Road No.12, Banjara Hills 
Hyderabad, Andhra Pradesh 500034, India 

'''Agenda:'''

Cloud Security by Arshad Noor

''' Speakers '''

'''Arshad Noor'''
Chief Technology Officer
StrongAuth, Inc., Sunnyvale, California

Started his great profession as a senior systems designer way back in 1986 at Port Authority of Newyork and New Jersey,- Newyork and worked in Citibank - newyork as Vice President apart from Newyork Life Insurance, BASF Corporation, Sun IT ,Sun Microsystems, INC to name.
Architected and built several Public Key Infrastructure (PKI) assignments for several defense, communication, medical, Banking, e-commerce, life sciences and other industries.

== November 12, 2011==

'''Date & Time: Saturday, at 10:30 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

HP WebInspect by Rohit Tamma

Pentesting Iphone Applications By B Satish

''' Speakers '''

'''Rohit Tamma'''

Rohit Tamma (CEH) has been working as a Application security Analyst in TCS from past 2 years. His job responsibilities include Vulnerability Assessment and Penetration Testing which enabled him to acquire extensive knowledge on HP WebInspect,IBM Rational Appscan Source Edition and HP Assessment Management Platform. Recently he also gave a presentation in Null Hyderabad meet on HP WebInspect.

'''Satish B'''

Satish has been working as a web application penetration tester since 5 years. Pentested over 200 web applications during this period. Recently he got involved in reverse engineering of binaries, WLAN security and mobile application hacking. He also Performed a couple of network assessments and source code reviews. Developed a compiler in the early stage of the career. He has a Bachelor’s Degree in Computer Science from JNTU, Hyderabad.Passionate about hacking and sharing knowledge.

== 20th August 2011 ==

'''Date & Time: Saturady, at 11 AM '''

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

Oracle Padding Attack by B. Satish

Open SAM part II by Sripati MS

''' Speakers '''

'''B Satish'''

I have been working as a web application penetration tester since 5 years. Pentested over 200 web applications during this period. Recently got involved in reverse engineering of binaries, WLAN security and mobile application hacking. Performed a couple of network assessments and source code reviews. Developed a compiler in the early stage of the career. I have a Bachelor’s Degree in Computer Science from JNTU, Hyderabad. Passionate about hacking and sharing knowledge

'''Sreepati M S'''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him

== July 2011 ==

'''Date: 23/07/2011 saturady of at 12:00 Noon '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

Presentation on Burp Suite by Omair Seminar on Open SAM by Sreepati

''' Speakers '''

'''Sreepati M S '''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him

 

'''Omair '''

Omair works as penetration tester in NII consulting, has over 5 years of experience in Penetration testing. His interests include Network Penetration testing, Exploit generation and Reverse engineering

 ''' Facility Sponsor & Refreshment sponsor'''

3i Infotech

[[Image:3i Infotech.png]]

 

== june 2011 ==

'''Meet on:''' 11/06/2011 saturday

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Facility Sponsor & Refreshment sponsor''' 

Cognizant Technology Solutions

 

[[Image:Cognizant.png|273x86px|Cognizant.png]]

 

== May 2011 ==

'''Meet on:''' 07/05/2011 saturday

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

XSS Autopsy and w3af by Imran

''' Speakers '''

'''Mohammed Imran'''

Imran works as Application Security Researcher at Tata consultancy services,leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Apart from his day job he contributes to matriux and Fedora open source projects. Imran is a CEH and his interests include application security assessment, penetration testing and code review.

'''Sponsor''' 

Cognizant Technology Solutions

 

==== Audio/Video/Slides Archive ====

<paypal>Hyderabad</paypal>

__NOTOC__ <headertabs></headertabs>

[[Category:OWASP_Chapter]]
[[Category:Asia/Pacific/Middle East]]
[[Category:India]]
[[Category:Hyderabad]]

File:SCW LOGO.png

2019-03-06T06:41:13Z

Raj Shalem:

Secure Code Warrior

Hyderabad

2019-02-16T08:01:01Z

Raj Shalem: /* OWASP - Hyderabad Chapter Board Members */

Welcome to the OWASP Hyderabad chapter homepage.

== OWASP - Hyderabad Chapter Board Members ==
Scope of the board is to discuss and approve local activities, meetings and plans.The board meetings will be announced at a later date. 

'''The board currently includes the following members :'''

''Core Team Members - Since 2017'' [mailto:gshalemraj@gmail.com Shalem Raj - Cognizant Technology Solutions] : Chapter Leader [mailto:rajesh.gopal@owasp.org Rajesh Gopal - Fortune 500 Organisation] [mailto:bhaskar.puppala@owasp.org Bhaskar Puppala - Fortune 500 Organisation] [mailto:sathya.achanta@owasp.org Achanta Sathya Phani Bapi Raju - CSC] [mailto:saikrishna.gobburi@owasp.org Saikrishna Gobburi - Pramati Technologies Pvt Ltd] 

Information about future meets can be seen in the '''''Upcoming Meetings''''' section below.

== '''Location Details''' ==

Hyderabad is the capital of southern India's Telangana state. A major center for the technology industry, it's home to many upscale restaurants and shops. Its historic sites include Golconda Fort, a former diamond-trading center that was once the Qutb Shahi dynastic capital. The Charminar, a 16th-century mosque whose 4 arches support towering minarets, is an old city landmark near the long-standing Laad Bazaar.

[[File:Hydskyline.jpg|Panorama of Hyderabad, as seen from the Hussain Sagar lake. Source: https://en.wikipedia.org/wiki/Hyderabad#/media/File:Hydskyline.jpg|center|1150x1150px]]

More details about Hyderabad location available @https://en.wikipedia.org/wiki/Hyderabad<nowiki/>{{Chapter Template|chaptername=Hyderabad|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-hyderabad|emailarchives=http://lists.owasp.org/pipermail/owasp-hyderabad}}
== Participants ==

OWASP Local Chapter meetings are free and open. Our chapter's meetings are informal and encourage open discussion of all aspects of application security. Anyone in our area interested in web application security is welcome to attend. We encourage attendees to give short presentations about specific topics.

 Stay Updated

'''[https://lists.owasp.org/mailman/listinfo/owasp-hyderabad Click here to join the local chapter mailing list]'''

'''Follow''' OWASP Hyderabad on your favorite social media sites:

[[Image:Twitter mini.png|link=http://twitter.com/OWASPHyderabad]] [[Image:Facebook mini.png|link=https://www.facebook.com/pages/Owasp-Hyderabad/181569591897591]]

'''Share''' OWASP Hyderabad on your favorite social media sites:

Presentations are invited from speakers, Please contacts us at our Telegram Group @https://goo.gl/EHqdLM

(Don't share personal details like contact numbers here, because its an open group, your privacy is our concern)

Presenters are encouraged to use OWASP presentation template for slides preparation.

Follow us at our Telegram, Twitter and Facebook handles to get latest information !

== Presentations and Training[edit | edit source] ==
OWASP Track

[https://www.owasp.org/index.php/Speaker_Agreement Speaker Agreement]

[https://www.owasp.org/images/b/b3/OWASP_Presentation_Template_v2.zip Presentation Template]

[https://www.owasp.org/index.php/Image:CFP_template.doc Call For Papers Template]

[https://www.owasp.org/images/8/85/OWASP_CFT_Template-1-.doc Call For Training proposal template].

[http://www.owasp.org/images/4/4b/SAMPLE_Training_Instructor_Agreement.doc Training Instructor Agreement]

== '''Upcoming Meetings & Events''' ==
''Stay tuned for 2019 updates - Exciting activities are under plan !''

== [[Meeting]] Details: ==

== Mar - 2019 - One-Day Conference ==
'''Organized''' '''by''' : S&P Global

'''Date :''' '''09/Mar/2019'''

'''Timings :''' 9.00 AM Registration starts

'''Event :''' 10.00 AM to 06.00 PM IST

'''Venue :''' @Ness Software Engineering Services India ,LLP, '''4th Floor, Block 5, East Tower,''' '''North wing Divyasree NSL Infrastructure Pvt''', ,Sy No.66/1, Raidurgam Village, Serlingampally Mandal, RR Dist, Hyderabad-500032, Telangana, India

'''Registration Link:''' https://www.meraevents.com/event/owasp-hyderabad-chapter-march-2019-oneday-meet-by-sandp-global
{| class="wikitable"
|'''Registration & Networking'''
|-
|Welcome and Overview by OWASP Core Team:

''Felicitation to Guest of Honor: '''G Janaki Sharmila''' - Dy. Commissioner of Police - Crime''

http://www.cyberabadpolice.gov.in/crime-wing/dcp-crimes.html

''Welcome note by S&P Global Team''
|-
|'''Authentication in API, Microservices Architecture''' '''and Cloud Security''' – By ''Varun Kumar Srivastava'':

Varun is principal Engineer with 9 + years of experience in developing and securing web applications and expertise in Application Security, Identity and Access management, He is a computer science graduate from IIT
|-
|Refreshments / Tea Break
|-
|'''''Panel Discussion''''' ''(Cybersecurity Readiness – Maturity and Capability)''

Dr. Bheemarjuna Reddy Tamma - Associate Professor, IIT Hyderabad - https://www.iith.ac.in/~tbr/

Dr. V. Radha, Associate Professor, Institute for Development and Research in Banking Technology (IDRBT) - http://idrbt.ac.in/vradha.html

Mr. Veeraindhra Dinker, Director Information Security at GSS Infotech Hyderabad - https://www.linkedin.com/in/vdinker

Mr. Venu Rao , Founder and CEO - We Secure App - https://www.linkedin.com/in/venu-rao-wsa
|-
|'''Networking Lunch -'''

'''Registrations for Onsite Hackathon by Secure Code Warrior'''
|-
|'''Executive Briefing: Secure Software Development''' – By Satish Kumar Vadlakonda: Satish is Associate Director with 12 + years of broad industry experience in to software design, architecture and development. Specialized in Web and Windows applications development with a strong acquaintance to the best practices of Agile, UX, UI and Information security
|-
|'''An Introduction to IOT firmware analysis and Security''' – By ''Vivek Rengarajan:''

Vivek is a cybersecurity team leader in a multinational bank with almost 18 years of experience. He has held varied roles in his career and has been a cyber security enthusiast for a long time. His areas of interest include mobile and ioT security, Malware analysis and reverse engineering and exploit development. He tweets at @vivek_310
|-
|Refreshments / Tea Break
|-
|'''''Onsite Hackathon (CTF) by''''' '''''Secure Code Warrior''': '''(3 Hours)'''''

''Secure Code Warrior is a global security company that makes software development better and more secure: Gamified competitive Developer Quality Assurance platform''

https://securecodewarrior.com , https://insights.securecodewarrior.com

'''Announcement of the winners and Prize distribution'''
|-
|'''Vote of Thanks'''

Closing: Network Business / Announce Next Meeting – By OWASP Team
|-
|Meeting Concludes: ''Network Social''
|}

== Dec - 2018 ==
[[File:Session Photo.jpg|thumb]]
[[File:Group Photo.jpg|thumb]]
'''Organized''' '''by''' : ThoughtWorks Technologies Private Limited

'''Date :''' 15/Dec/2018

'''Timings :''' 10.00 AM to 1.00 PM IST

'''Venue :''' ThoughtWorks Technologies Private Limited, Hyderabad, Telangana, India

'''Registration Link:''' https://www.eventbrite.com/e/owasp-hyderabad-december-2018-chapter-meet-tickets-53371662078#

'''Agenda:'''

'''1) All about Java Deserialization Vulnerability'''

Java Deserialization of untrusted data has been a security buzzword for the past couple of years with almost every application using native Java serialization framework being vulnerable to Java deserialization attacks. Since it's inception, there have been many scattered attempts to come up with a solution to best address this flaw. In this talk we will focus on Java deserialization vulnerability and mitigation framework provided by Oracle in its latest JDK.

'''About Speakers:''' Venkata Suresh Sanga is a Principle Security Engineer in Oracle having more than 13+ years of experience in Application Development and Security. Currently working on SAST Tools to remediate or mitigate the Application Vulnerabilities. He has Masters in Computer Science (M.Tech) from Andhra University. Linkedin : <nowiki>https://in.linkedin.com/in/svsuresh-appse</nowiki>

'''Our Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Our Twitter URL:''' https://twitter.com/owasphyderabad

'''Our Telegram URL:''' https://goo.gl/EHqdLM

== Sept-2018 - One-Day Conference ==
'''Organized''' '''by''' : S&P Global and Ness

'''Date :''' 01/Sept/2018

'''Timings :''' 10.00 AM to 05.30 PM IST

'''Venue :''' @Ness Software Engineering Services India ,LLP, 4th Floor, Block 5, East Tower, '''North wing Divyasree NSL Infrastructure Pvt''', ,Sy No.66/1, Raidurgam Village, Serlingampally Mandal, RR Dist, Hyderabad-500032, Telangana, India

'''Registration Link:'''

https://www.meraevents.com/event/owasp-hyderabad-september-2018-chapter-meet?ucode=organizer

'''Agenda:'''
{| class="wikitable"
|'''Registration & Networking'''
|-
|Welcome and Overview by OWASP Core Team

Welcome note by S&P Global Team

Welcome & Overview of Meeting by OWASP Network Representative
|-
|'''Running Frida on jailed devices by using Frida and to bypass root/jailbreak detection – By Satish Kumar Patnayak'''

About Speaker : Information Security Consultant with 7+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. His areas of interest are android security, ios security
|-
|Refreshments / Tea Break
|-
|'''SSRF Exploit Development – By Aayush Deo'''

About Speaker : Good industry experience in information security and completed my BE from PUNE University. Have worked with shopclues.com, an eCommerce company in the past and have couple of Hall of Fame’s on ZETA, Paytm etc.
|-
|Networking Lunch
|-
|'''Mobile Vulnerabilities worth Millions - Pentesting and Securing iOS Apps using OWASP iGoat – By Swaroop Deepak Yermalkar'''

About Speaker : works as Sr Security Engineer with a diverse skill set focused on Mobile App Pentest, Web, API and AWS Pentesting. In addition he has authored the popular book “Learning iOS Pentesting” (<nowiki>https://goo.gl/T8jvjJ</nowiki>) and lead an open source project - OWASP iGoat (<nowiki>https://github.com/OWASP/iGoat-Swift</nowiki>) which is developed for mobile security. He is one of the top bug bounty researchers worldwide, working with Cobalt.io (<nowiki>https://app.cobalt.io/swaroopsy</nowiki>), Synack.inc.

He has given talks and workshops at many security conferences including AppSec USA 2017, BruCON, SEC-T, EuropeanSec, Hacks in Taiwan (HITCON), GroundZero, c0c0n, 0x90, GNUnify
|-
|'''OS Command Injection - Observation, Attack & Analysis (A1 - OWASP Top 10 2017) - By Bhaskar Puppala and Saikrishna Gobburi'''

About Speaker: Bhaskar Puppala is an Information Security Professional, working as a consultant for a fortune 500 company and has 8.5 years of experience. He is more interested in application security area and love to share his knowledge when possible. He also has some experience in bug bounty programs and listed on couple of Security Hall of Fames.

For more details please visit : <nowiki>https://in.linkedin.com/in/bhaskar-puppala-3bb11316</nowiki>

About Speaker: Saikrishna Gobburi has around 8.5 years of work experience on QA automation, performance and security testing .Currently he is working as Principal engineer with Pramati technologies. He is also associated as core member with OWASP-Hyderabad.

For more details please visit: <nowiki>https://www.linkedin.com/in/saikrishna-gobburi-b0088118/</nowiki>
|-
|Refreshments / Tea Break
|-
|Panel Discussion – Corporate attack methodology vs Attacks in the wild (Resource pool: Demand vs Supply)
Panel to be announced
|-
|Closing - Network Business / Announce Next Meeting – By OWASP Team
|-
|''Network Social''
|}
'''Sponsor :'''

[[File:SP.png|thumb|168x168px|Sponsor]]

== July - 2018[edit | edit source] ==
'''Time & Venue:'''
[[File:July 2018 Core Team meet.jpg|thumb|July 2018 Core Team Meet]]
@28/July/2018

CCD, Banjara Hills, Hyderabad, Telangana.

'''Agenda:'''

1. Planning for Sep 2018 OWASP meet - '''Done'''

2. Telegraph Group Mentoring - '''Done'''

3. Speakers Finalizing - '''Done'''

'''Attendees : Hyderabad OWASP Core Team'''

[[File:CoMakeIT - June 2018 Meet Pic 2.jpg|thumb|CoMakeIT - June 2018 Meet]]

== June - 2018 ==
[[File:CoMakeIT - June 2018 Meet.jpg|alt=CoMakeIT - June 2018 Meet|thumb|CoMakeIT - June 2018 Meet]]
'''Venue: coMakeIT Software Pvt Ltd'''

Address: 7th Floor, Block-I, My Home Hub, Hitech City, Madhapur, Hyderabad, INDIA

'''Event Start Time:''' Saturday, 23rd June, 2018 at 10:00 AM (IST)

'''Event Registration URL''': https://tinyurl.com/yc9cb6hg

'''Agenda:'''

'''1) Adapting to DevSecOps in Agile World'''

In this talk, speaker will try talk about basics of DevSecOps and its benefits when we integrate it in Agile SDLC space.

'''2) Understanding the internals of 'Server-Side Request Forgery' (SSRF)'''

Here speaker will try to touch the basics about how application communicates with end devices and using the same he will try to explain SSRF issue and criticality of it, if exploited.

'''About Speakers:'''

'''1) Saikrishna Gobburi''' has around 8.5 years of work experience on QA automation, performance and security testing .Currently he is working as Principle engineer with Pramati technologies. He is also associated as core member with OWASP-Hyderabad. For more details please visit: <nowiki>https://www.linkedin.com/in/saikrishna-gobburi-b0088118/</nowiki>

'''2) Bhaskar Puppala''' is an Information Security Professional, working as a consultant for a fortune 500 company and has 8.5 years of experience. He is more interested in application security area and love to share his knowledge when possible. He also has some experience in bug bounty programs and listed on couple of Security Hall of Fames. For more details please visit : <nowiki>https://in.linkedin.com/in/bhaskar-puppala-3bb11316</nowiki>

'''Our Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Our Twitter URL:''' https://twitter.com/owasphyderabad

'''Our Telegram URL:''' https://goo.gl/EHqdLM

== Mar - 2018 ==
[[File:Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet.jpg|alt=Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet|thumb|Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet]]
'''Venue: Daspalla Hotel'''
[[File:Daspalla_Hotel_-_Meet.jpg|thumb|Daspalla Hotel Meet - Mar 2018]]

Address: Rd Number 37, CBI Colony, Jubilee Hills, Hyderabad, Telangana 500033, Phone: 040 6654 5678

'''Event Start Time:''' Saturday, 10th Mar, 2018 at 10:00 AM (IST)

'''Agenda:'''

'''1) Does your Pentesting cover all the basis of IT Security ?'''

This talk focuses on how to align the security validation of a web application with the three basic elements of security namely,Confidentiality,Integrity, and Availability (CIA). The test effectiveness can be achieved by analyzing the requirements of each element and identifying the potential breaches that can compromise each element. The efficiency should be built by relating these breaches with the known OWASP Top 10 and other vulnerabilities and, leveraging that knowledge to identify the testing approach - static and dynamic throughout the SDLC.

'''About Speakers:'''

'''Bhushan Gupta''' has over 30 years of experience in software engineering, 23 of which have been in the software industry. Although recognized for his contributions in the areas of software engineering such as agile processes and quality methods and metrics, Bhushan has taken a vigorous interest in web application security and is keen on applying pragmatic software development practices that yield a secure product. He is one of the leaders of the OWASP Portland Chapter. Bhushan has been a speaker, a panelist, and a reviewer for software quality and security organizations. As a change agent, Bhushan volunteers his time and energy for organizations that promote software security and quality. He has a MS degree in Computer Science from New Mexico Institute of Mining and Technology, Socorro, New Mexico, 1985.

'''Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Twitter URL:''' https://twitter.com/owasphyderabad

'''Telegram URL:''' https://goo.gl/EHqdLM

'''Registration URL:''' https://goo.gl/tEXnec

== Feb-2018 ==

=== '''Venue: coMakeIT''' ===
7th Floor, Block-I, My Home Hub, Hitech City, Madhapur, Hyderabad, INDIA

'''Time:''' Saturday, 03rd Feb, 2018 at 10:30 AM (IST)

'''Agenda:'''

1) Mobile Application Pentest & Mobile Application Ransomware

2) Using Static Analyser tools while coding

'''About Speakers:'''

1) '''Spv Reddy''' is an Application Security Analyst at '''IMImobile Pvt Ltd''', member of '''National Technical Committee Member''' at National Cyber Safety and Security Standards

Also a '''Steering Committee Lead''' Member in National Information Security Summit.

2) '''Dathu Rachapudi''' is having 9 years of experience with 6+ years into Application Security only. He is currently working with '''ValueLabs''' as a “Technical Lead-Security”

He likes to teach and a happy a bug hunter during his leisure time.

== Dec-2017 ==
[[File:WhatsApp Image 2017-12-15 at 11.09.39 PM.jpg|thumb]]
'''Time & Venue:'''

@15/Dec/2017

KFC location, Shilparamam, Hi-Tech city, Hyderabad

'''Agenda:'''

1. Planning for Jan 20th 2018 general OWASP meet - '''Done'''

2. Need to clear OWASP mail account - '''Done'''

'''Attendees : Hyderabad OWASP Core Team'''

== Sec-2017 ==
[[File:WhatsApp Image 2017-12-15 at 10.13.27 PM.jpg|thumb]]
'''Time & Venue:'''

@03/Sep/2017

Cafe Coffee day, Road Number 10, Banjara Hills, Hyderabad

'''Below decisions were made after careful discussions'''

1. Uploading of OWASP presentation template, speakers should make use of this template to prepare their presentation

2. Recording the technical demo is mandate for presenters

'''Attendees : Hyderabad OWASP Core Team'''

== July 2017 ==
'''Time & Venue:'''

OpenText Technologies, Building No-14, 3rd Floor, Raheja Mindspace, HITEH City, Hyderabad

Saturday, July 15th, 2017 at 10:30 AM (IST)

'''Agenda:'''

1. Introduction to DevOps and its Tools - Krishna Reddy Pedala

2. API Security Auditing using RESTED Plug-in - Vikas Kumar Pal

'''About the speaker:'''

'''Krishna Reddy Pedala''' is currently working as an Sr.Information Security consultant in financial sector. His previous endeavour was with Microsoft and has 9+ years of experience in Information security domain with expertise in service industry and banking domains.

'''Vikas Kumar Pal''' is an information security professional working with Ceredox Technologies Pvt Ltd, Hyderabad with an interest in research and development in the areas of Application Security, Penetration Testing and Web Application Development.

== Feb 2017 ==

'''Time & Venue:'''

Starbucks, Opp: Cybergateway, HiTech City, Hyderbad

Monday, February 20th, 2017 at 7.30 PM (IST)

'''Agenda:'''

Topic: New Core Team Meeting

Road map for year 2017

Changes in core team members responsibilities

Getting OWASP accounts for core members

Administration of all social accounts of OWASP Hyderabad Chapter

== April 2016 ==
'''Time & Venue:'''

OpenText Technologies, Building No-14, 3rd Floor, Raheja Mindspace, HITEH City, Hyderabad

Saturday, April 2nd, 2016 at 10:30 AM (IST)

'''Agenda:'''

Topic: Mobile application security and testing by Satish Kumar Patnaik

About the speaker - Satish Kumar Patnayak : he is currently working as an Senior Information Security Consultant financial sector and has 5+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. His areas of interest are android security, ios security.

==February 2016==

'''Time & Venue:'''

Saturday, February 27th, 2016 at 10:30 AM (IST)

Location: Pramati Technologies Private Limited, Mid Town 6-3-348 Road No. 1, Banjara Hills, Hyderabad, Telangana, India

'''Agenda:'''

Microsoft Threat Modeling Tool 2016 by Krishna Reddy Padala

Creating DFD STRIDE Model Identifying STRIDE Threats by DFD, Mitigation Techniques and Technologies

'''About the speaker:''' Krishna Reddy Padala, he is currently working as an Senior Information Security Consultant financial sectore and worked with Microsoft and has 8+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. QUALYS GUARD Certified Vulnerability Management Specialist.Certified Ethical Hacker from EC Council.Worked extensively on Web Application Security, Secure Code Reviews in Banking & Financial, Healthcare, Retail, Logistics domains.

== '''Previous Meets:''' ==

==May 11, 2013==

'''Venue:'''

CA Technologies, 115, IT Park Area, Nanakramguda, Gachibowli - (Phone - 040 6687 8000), Hyderabad

'''Agenda:''' Exploiting Java 0-day by Ravindra and Raghuveer, CA Technologies Compliance and Governance by Shalem Raj, Cognizant.

==February 9, 2013==

'''Date & Time: Saturday, February 9, 2013 from 10:00 AM to 1:00 PM '''

'''Venue:'''
CA Technologies 
115, IT Park Area 
Nanakramguda, Gachibowli - (Phone - 040 6687 8000) 
Hyderabad

'''Agenda:'''
IBM Appscan - An automated approach to web app security by Rohit Tamma 
Insecure Storage in iPhone applications by Satish Bommisetty

''' Speakers: '''

'''Rohit Tamma'''
Rohit Tamma has been working in the field of Application Security since 3.5 years. He has experience in Vulnerability Assessments and Penetration Testing of web applications. He is passionate about Mobile security with special interest in Android security. He is currently working with ADP.

'''Satish Bommisetty'''
Satish is an Information Security Professional with 6.5 years of experience in penetration testing of web applications and mobile applications. He is currently working with ADP as a security analyst. He is a Facebook whitehat. He also reported vulnerabilities in Bing, Linkedin and Paypal.

== October 27, 2012 ==

'''Date & Time: Saturday, October 27, 2012 at 11:00 AM (IST) '''.

'''Venue:'''

Invesco private Limited 
15th Floor , North Block, Beside Raidurg Police Station 
DivyaSree Orion SEZ 
Hyderabad, Andhra Pradesh 500032 

'''Agenda:'''

A bird'd eye view of securing Web Applications by Imran Mohammed

SSDLC BSIMM by M S Sripathi

''' Speakers '''

'''Imran Mohammed'''

Mohammed Imran works as Researcher at TCS, Innovation Labs. He also leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Imran is a CEH and his interests include application security assessment, penetration testing and secure code review. When not at work he practices horse riding and marksmanship.

'''Sreepati M S '''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him .

'''Sponsor'''

Invesco Pvt Ltd

== August 11, 2012 ==

'''Date & Time: Saturday, Aug 11, 2012 at 10:30 AM '''.

'''Venue:'''

ADP pvt ltd 
Kothaguda 
Ground floor, Block C Laxmi cyber city Opposite TCS e-park 
Hyderabad, Andhra Pradesh 500081 

'''Agenda:'''

HTML5 Security Part II by Krishna Chaitanya

''' Speakers '''

'''Krishna Chaitanya T'''

Krishna Chaitanya T is a web geek working at Security & Privacy Research Lab, Infosys Labs. He is very much passionate about the web with special interest on Web security and areas such as HTML5, JavaScript, Web browsers, social networking platforms etc. He is a regular blogger and speaker at technical events. For his contributions to technical communities, he has been awarded Microsoft MVP award for 3 consecutive years-ASP.NET MVP(2010) and Internet Explorer MVP (2011, 2012). He is also pursuing M.S by Research at IIIT-Hyd with focus on security aspects of the modern web. When not at work he practices Yoga and plays Chess.

'''Sponsor'''

https://www.owasp.org/images/9/91/Adp.jpg

== May 19, 2012 ==

'''Date & Time: Saturday, May 19, 2012 at 10:30 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

HTML5 Security by Krishna Chaitanya

''' Speakers '''

'''Krishna Chaitanya T'''

Krishna Chaitanya T is a web geek working at Security & Privacy Research Lab, Infosys Labs. He is very much passionate about the web with special interest on Web security and areas such as HTML5, JavaScript, Web browsers, social networking platforms etc. He is a regular blogger and speaker at technical events. For his contributions to technical communities, he has been awarded Microsoft MVP award for 3 consecutive years-ASP.NET MVP(2010) and Internet Explorer MVP (2011, 2012). He is also pursuing M.S by Research at IIIT-Hyd with focus on security aspects of the modern web. When not at work he practices Yoga and plays Chess.

== February 25, 2012 ==

'''Date & Time: Saturday, February 25, 2012 at 11:00 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

How to find zero days in web applications by Imran & Raghunath

''' Speakers '''

'''Mohammed Imran'''

Imran works as Application Security Researcher at Tata consultancy services,leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Apart from his day job he contributes to matriux and Fedora open source projects. Imran is a CEH and his interests include application security assessment, penetration testing and code review.

'''Raghunath'''

Raghunath works as a senior security engineer at entersoft information systems private limited. His interests include web application penetration testing.

== December 17, 2011 ==

'''Date & Time: Saturday, at 10:30 AM '''.

'''Venue: '''

Hotel Sitara Grand 
Road No.12, Road No.12, Banjara Hills 
Hyderabad, Andhra Pradesh 500034, India 

'''Agenda:'''

Cloud Security by Arshad Noor

''' Speakers '''

'''Arshad Noor'''
Chief Technology Officer
StrongAuth, Inc., Sunnyvale, California

Started his great profession as a senior systems designer way back in 1986 at Port Authority of Newyork and New Jersey,- Newyork and worked in Citibank - newyork as Vice President apart from Newyork Life Insurance, BASF Corporation, Sun IT ,Sun Microsystems, INC to name.
Architected and built several Public Key Infrastructure (PKI) assignments for several defense, communication, medical, Banking, e-commerce, life sciences and other industries.

== November 12, 2011==

'''Date & Time: Saturday, at 10:30 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

HP WebInspect by Rohit Tamma

Pentesting Iphone Applications By B Satish

''' Speakers '''

'''Rohit Tamma'''

Rohit Tamma (CEH) has been working as a Application security Analyst in TCS from past 2 years. His job responsibilities include Vulnerability Assessment and Penetration Testing which enabled him to acquire extensive knowledge on HP WebInspect,IBM Rational Appscan Source Edition and HP Assessment Management Platform. Recently he also gave a presentation in Null Hyderabad meet on HP WebInspect.

'''Satish B'''

Satish has been working as a web application penetration tester since 5 years. Pentested over 200 web applications during this period. Recently he got involved in reverse engineering of binaries, WLAN security and mobile application hacking. He also Performed a couple of network assessments and source code reviews. Developed a compiler in the early stage of the career. He has a Bachelor’s Degree in Computer Science from JNTU, Hyderabad.Passionate about hacking and sharing knowledge.

== 20th August 2011 ==

'''Date & Time: Saturady, at 11 AM '''

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

Oracle Padding Attack by B. Satish

Open SAM part II by Sripati MS

''' Speakers '''

'''B Satish'''

I have been working as a web application penetration tester since 5 years. Pentested over 200 web applications during this period. Recently got involved in reverse engineering of binaries, WLAN security and mobile application hacking. Performed a couple of network assessments and source code reviews. Developed a compiler in the early stage of the career. I have a Bachelor’s Degree in Computer Science from JNTU, Hyderabad. Passionate about hacking and sharing knowledge

'''Sreepati M S'''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him

== July 2011 ==

'''Date: 23/07/2011 saturady of at 12:00 Noon '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

Presentation on Burp Suite by Omair Seminar on Open SAM by Sreepati

''' Speakers '''

'''Sreepati M S '''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him

 

'''Omair '''

Omair works as penetration tester in NII consulting, has over 5 years of experience in Penetration testing. His interests include Network Penetration testing, Exploit generation and Reverse engineering

 ''' Facility Sponsor & Refreshment sponsor'''

3i Infotech

[[Image:3i Infotech.png]]

 

== june 2011 ==

'''Meet on:''' 11/06/2011 saturday

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Facility Sponsor & Refreshment sponsor''' 

Cognizant Technology Solutions

 

[[Image:Cognizant.png|273x86px|Cognizant.png]]

 

== May 2011 ==

'''Meet on:''' 07/05/2011 saturday

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

XSS Autopsy and w3af by Imran

''' Speakers '''

'''Mohammed Imran'''

Imran works as Application Security Researcher at Tata consultancy services,leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Apart from his day job he contributes to matriux and Fedora open source projects. Imran is a CEH and his interests include application security assessment, penetration testing and code review.

'''Sponsor''' 

Cognizant Technology Solutions

 

==== Audio/Video/Slides Archive ====

<paypal>Hyderabad</paypal>

__NOTOC__ <headertabs></headertabs>

[[Category:OWASP_Chapter]]
[[Category:Asia/Pacific/Middle East]]
[[Category:India]]
[[Category:Hyderabad]]

Hyderabad

2019-02-16T07:41:56Z

Raj Shalem:

Welcome to the OWASP Hyderabad chapter homepage.

== OWASP - Hyderabad Chapter Board Members ==
Scope of the board is to discuss and approve local activities, meetings and plans.The board meetings will be announced at a later date. 

'''The board currently includes the following members :'''

''Core Team Members - Since 2017'' [mailto:gshalemraj@gmail.com Shalem Raj - Cognizant Technology Solutions] : Chapter Leader [mailto:rajesh.gopal@owasp.org Rajesh Gopal - Fortune 500 Organisation] [mailto:bhaskar.puppala@owasp.org Bhaskar Puppala - Fortune 500 Organisation] [mailto:sathya.achanta@owasp.org Achanta Sathya Phani Bapi Raju - CSC] [mailto:saikrishna.gobburi@owasp.org Saikrishna Gobburi - Pramati Technologies Pvt Ltd] 

Information about future meets can be seen in the '''''Upcoming Meetings''''' section below.

== '''Location Details''' ==

Hyderabad is the capital of southern India's Telangana state. A major center for the technology industry, it's home to many upscale restaurants and shops. Its historic sites include Golconda Fort, a former diamond-trading center that was once the Qutb Shahi dynastic capital. The Charminar, a 16th-century mosque whose 4 arches support towering minarets, is an old city landmark near the long-standing Laad Bazaar.

[[File:Hydskyline.jpg|Panorama of Hyderabad, as seen from the Hussain Sagar lake. Source: https://en.wikipedia.org/wiki/Hyderabad#/media/File:Hydskyline.jpg|center|1150x1150px]]

More details about Hyderabad location available @https://en.wikipedia.org/wiki/Hyderabad<nowiki/>{{Chapter Template|chaptername=Hyderabad|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-hyderabad|emailarchives=http://lists.owasp.org/pipermail/owasp-hyderabad}}
== Participants ==

OWASP Local Chapter meetings are free and open. Our chapter's meetings are informal and encourage open discussion of all aspects of application security. Anyone in our area interested in web application security is welcome to attend. We encourage attendees to give short presentations about specific topics.

 Stay Updated

'''[https://lists.owasp.org/mailman/listinfo/owasp-hyderabad Click here to join the local chapter mailing list]'''

'''Follow''' OWASP Hyderabad on your favorite social media sites:

[[Image:Twitter mini.png|link=http://twitter.com/OWASPHyderabad]] [[Image:Facebook mini.png|link=https://www.facebook.com/pages/Owasp-Hyderabad/181569591897591]]

'''Share''' OWASP Hyderabad on your favorite social media sites:

Presentations are invited from speakers, Please contacts us at our Telegram Group @https://goo.gl/EHqdLM

(Don't share personal details like contact numbers here, because its an open group, your privacy is our concern)

Presenters are encouraged to use OWASP presentation template for slides preparation.

Follow us at our Telegram, Twitter and Facebook handles to get latest information !

== Presentations and Training[edit | edit source] ==
OWASP Track

[https://www.owasp.org/index.php/Speaker_Agreement Speaker Agreement]

[https://www.owasp.org/images/b/b3/OWASP_Presentation_Template_v2.zip Presentation Template]

[https://www.owasp.org/index.php/Image:CFP_template.doc Call For Papers Template]

[https://www.owasp.org/images/8/85/OWASP_CFT_Template-1-.doc Call For Training proposal template].

[http://www.owasp.org/images/4/4b/SAMPLE_Training_Instructor_Agreement.doc Training Instructor Agreement]

== '''Upcoming Meetings & Events''' ==
''Stay tuned for 2019 updates - Exciting activities are under plan !''

== [[Meeting]] Details: ==

== Mar - 2019 - One-Day Conference ==
'''Organized''' '''by''' : S&P Global

'''Date :''' '''09/Mar/2019'''

'''Timings :''' 9.00 AM Registration starts

'''Event :''' 10.00 AM to 06.00 PM IST

'''Venue :''' @Ness Software Engineering Services India ,LLP, '''4th Floor, Block 5, East Tower,''' '''North wing Divyasree NSL Infrastructure Pvt''', ,Sy No.66/1, Raidurgam Village, Serlingampally Mandal, RR Dist, Hyderabad-500032, Telangana, India

'''Registration Link:''' https://www.meraevents.com/event/owasp-hyderabad-chapter-march-2019-oneday-meet-by-sandp-global
{| class="wikitable"
|'''Registration & Networking'''
|-
|Welcome and Overview by OWASP Core Team:

''Felicitation to Guest of Honor: '''G Janaki Sharmila''' - Dy. Commissioner of Police - Crime''

http://www.cyberabadpolice.gov.in/crime-wing/dcp-crimes.html

''Welcome note by S&P Global Team''
|-
|'''Authentication in API, Microservices Architecture''' '''and Cloud Security''' – By ''Varun Kumar Srivastava'':

Varun is principal Engineer with 9 + years of experience in developing and securing web applications and expertise in Application Security, Identity and Access management, He is a computer science graduate from IIT
|-
|Refreshments / Tea Break
|-
|'''''Panel Discussion''''' ''(Cybersecurity Readiness – Maturity and Capability)''

Dr. Bheemarjuna Reddy Tamma - Associate Professor, IIT Hyderabad - https://www.iith.ac.in/~tbr/

Dr. V. Radha, Associate Professor, Institute for Development and Research in Banking Technology (IDRBT) - http://idrbt.ac.in/vradha.html

Mr. Veeraindhra Dinker, Director Information Security at GSS Infotech Hyderabad - [https://www.linkedin.com/in/venu-rao-wsa https://www.linkedin.com/in/vdinker]

Mr. Venu Rao , Founder and CEO - We Secure App - https://www.linkedin.com/in/venu-rao-wsa
|-
|'''Networking Lunch -'''

'''Registrations for Onsite Hackathon by Secure Code Warrior'''
|-
|'''Executive Briefing: Secure Software Development''' – By Satish Kumar Vadlakonda: Satish is Associate Director with 12 + years of broad industry experience in to software design, architecture and development. Specialized in Web and Windows applications development with a strong acquaintance to the best practices of Agile, UX, UI and Information security
|-
|'''An Introduction to IOT firmware analysis and Security''' – By ''Vivek Rengarajan:''

Vivek is a cybersecurity team leader in a multinational bank with almost 18 years of experience. He has held varied roles in his career and has been a cyber security enthusiast for a long time. His areas of interest include mobile and ioT security, Malware analysis and reverse engineering and exploit development. He tweets at @vivek_310
|-
|Refreshments / Tea Break
|-
|'''''Onsite Hackathon (CTF) by''''' '''''Secure Code Warrior''': '''(3 Hours)'''''

''Secure Code Warrior is a global security company that makes software development better and more secure: Gamified competitive Developer Quality Assurance platform''

https://securecodewarrior.com , https://insights.securecodewarrior.com

'''Announcement of the winners and Prize distribution'''
|-
|'''Vote of Thanks'''

Closing: Network Business / Announce Next Meeting – By OWASP Team
|-
|Meeting Concludes: ''Network Social''
|}

== Dec - 2018 ==
[[File:Session Photo.jpg|thumb]]
[[File:Group Photo.jpg|thumb]]
'''Organized''' '''by''' : ThoughtWorks Technologies Private Limited

'''Date :''' 15/Dec/2018

'''Timings :''' 10.00 AM to 1.00 PM IST

'''Venue :''' ThoughtWorks Technologies Private Limited, Hyderabad, Telangana, India

'''Registration Link:''' https://www.eventbrite.com/e/owasp-hyderabad-december-2018-chapter-meet-tickets-53371662078#

'''Agenda:'''

'''1) All about Java Deserialization Vulnerability'''

Java Deserialization of untrusted data has been a security buzzword for the past couple of years with almost every application using native Java serialization framework being vulnerable to Java deserialization attacks. Since it's inception, there have been many scattered attempts to come up with a solution to best address this flaw. In this talk we will focus on Java deserialization vulnerability and mitigation framework provided by Oracle in its latest JDK.

'''About Speakers:''' Venkata Suresh Sanga is a Principle Security Engineer in Oracle having more than 13+ years of experience in Application Development and Security. Currently working on SAST Tools to remediate or mitigate the Application Vulnerabilities. He has Masters in Computer Science (M.Tech) from Andhra University. Linkedin : <nowiki>https://in.linkedin.com/in/svsuresh-appse</nowiki>

'''Our Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Our Twitter URL:''' https://twitter.com/owasphyderabad

'''Our Telegram URL:''' https://goo.gl/EHqdLM

== Sept-2018 - One-Day Conference ==
'''Organized''' '''by''' : S&P Global and Ness

'''Date :''' 01/Sept/2018

'''Timings :''' 10.00 AM to 05.30 PM IST

'''Venue :''' @Ness Software Engineering Services India ,LLP, 4th Floor, Block 5, East Tower, '''North wing Divyasree NSL Infrastructure Pvt''', ,Sy No.66/1, Raidurgam Village, Serlingampally Mandal, RR Dist, Hyderabad-500032, Telangana, India

'''Registration Link:'''

https://www.meraevents.com/event/owasp-hyderabad-september-2018-chapter-meet?ucode=organizer

'''Agenda:'''
{| class="wikitable"
|'''Registration & Networking'''
|-
|Welcome and Overview by OWASP Core Team

Welcome note by S&P Global Team

Welcome & Overview of Meeting by OWASP Network Representative
|-
|'''Running Frida on jailed devices by using Frida and to bypass root/jailbreak detection – By Satish Kumar Patnayak'''

About Speaker : Information Security Consultant with 7+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. His areas of interest are android security, ios security
|-
|Refreshments / Tea Break
|-
|'''SSRF Exploit Development – By Aayush Deo'''

About Speaker : Good industry experience in information security and completed my BE from PUNE University. Have worked with shopclues.com, an eCommerce company in the past and have couple of Hall of Fame’s on ZETA, Paytm etc.
|-
|Networking Lunch
|-
|'''Mobile Vulnerabilities worth Millions - Pentesting and Securing iOS Apps using OWASP iGoat – By Swaroop Deepak Yermalkar'''

About Speaker : works as Sr Security Engineer with a diverse skill set focused on Mobile App Pentest, Web, API and AWS Pentesting. In addition he has authored the popular book “Learning iOS Pentesting” (<nowiki>https://goo.gl/T8jvjJ</nowiki>) and lead an open source project - OWASP iGoat (<nowiki>https://github.com/OWASP/iGoat-Swift</nowiki>) which is developed for mobile security. He is one of the top bug bounty researchers worldwide, working with Cobalt.io (<nowiki>https://app.cobalt.io/swaroopsy</nowiki>), Synack.inc.

He has given talks and workshops at many security conferences including AppSec USA 2017, BruCON, SEC-T, EuropeanSec, Hacks in Taiwan (HITCON), GroundZero, c0c0n, 0x90, GNUnify
|-
|'''OS Command Injection - Observation, Attack & Analysis (A1 - OWASP Top 10 2017) - By Bhaskar Puppala and Saikrishna Gobburi'''

About Speaker: Bhaskar Puppala is an Information Security Professional, working as a consultant for a fortune 500 company and has 8.5 years of experience. He is more interested in application security area and love to share his knowledge when possible. He also has some experience in bug bounty programs and listed on couple of Security Hall of Fames.

For more details please visit : <nowiki>https://in.linkedin.com/in/bhaskar-puppala-3bb11316</nowiki>

About Speaker: Saikrishna Gobburi has around 8.5 years of work experience on QA automation, performance and security testing .Currently he is working as Principal engineer with Pramati technologies. He is also associated as core member with OWASP-Hyderabad.

For more details please visit: <nowiki>https://www.linkedin.com/in/saikrishna-gobburi-b0088118/</nowiki>
|-
|Refreshments / Tea Break
|-
|Panel Discussion – Corporate attack methodology vs Attacks in the wild (Resource pool: Demand vs Supply)
Panel to be announced
|-
|Closing - Network Business / Announce Next Meeting – By OWASP Team
|-
|''Network Social''
|}
'''Sponsor :'''

[[File:SP.png|thumb|168x168px|Sponsor]]

== July - 2018[edit | edit source] ==
'''Time & Venue:'''
[[File:July 2018 Core Team meet.jpg|thumb|July 2018 Core Team Meet]]
@28/July/2018

CCD, Banjara Hills, Hyderabad, Telangana.

'''Agenda:'''

1. Planning for Sep 2018 OWASP meet - '''Done'''

2. Telegraph Group Mentoring - '''Done'''

3. Speakers Finalizing - '''Done'''

'''Attendees : Hyderabad OWASP Core Team'''

[[File:CoMakeIT - June 2018 Meet Pic 2.jpg|thumb|CoMakeIT - June 2018 Meet]]

== June - 2018 ==
[[File:CoMakeIT - June 2018 Meet.jpg|alt=CoMakeIT - June 2018 Meet|thumb|CoMakeIT - June 2018 Meet]]
'''Venue: coMakeIT Software Pvt Ltd'''

Address: 7th Floor, Block-I, My Home Hub, Hitech City, Madhapur, Hyderabad, INDIA

'''Event Start Time:''' Saturday, 23rd June, 2018 at 10:00 AM (IST)

'''Event Registration URL''': https://tinyurl.com/yc9cb6hg

'''Agenda:'''

'''1) Adapting to DevSecOps in Agile World'''

In this talk, speaker will try talk about basics of DevSecOps and its benefits when we integrate it in Agile SDLC space.

'''2) Understanding the internals of 'Server-Side Request Forgery' (SSRF)'''

Here speaker will try to touch the basics about how application communicates with end devices and using the same he will try to explain SSRF issue and criticality of it, if exploited.

'''About Speakers:'''

'''1) Saikrishna Gobburi''' has around 8.5 years of work experience on QA automation, performance and security testing .Currently he is working as Principle engineer with Pramati technologies. He is also associated as core member with OWASP-Hyderabad. For more details please visit: <nowiki>https://www.linkedin.com/in/saikrishna-gobburi-b0088118/</nowiki>

'''2) Bhaskar Puppala''' is an Information Security Professional, working as a consultant for a fortune 500 company and has 8.5 years of experience. He is more interested in application security area and love to share his knowledge when possible. He also has some experience in bug bounty programs and listed on couple of Security Hall of Fames. For more details please visit : <nowiki>https://in.linkedin.com/in/bhaskar-puppala-3bb11316</nowiki>

'''Our Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Our Twitter URL:''' https://twitter.com/owasphyderabad

'''Our Telegram URL:''' https://goo.gl/EHqdLM

== Mar - 2018 ==
[[File:Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet.jpg|alt=Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet|thumb|Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet]]
'''Venue: Daspalla Hotel'''
[[File:Daspalla_Hotel_-_Meet.jpg|thumb|Daspalla Hotel Meet - Mar 2018]]

Address: Rd Number 37, CBI Colony, Jubilee Hills, Hyderabad, Telangana 500033, Phone: 040 6654 5678

'''Event Start Time:''' Saturday, 10th Mar, 2018 at 10:00 AM (IST)

'''Agenda:'''

'''1) Does your Pentesting cover all the basis of IT Security ?'''

This talk focuses on how to align the security validation of a web application with the three basic elements of security namely,Confidentiality,Integrity, and Availability (CIA). The test effectiveness can be achieved by analyzing the requirements of each element and identifying the potential breaches that can compromise each element. The efficiency should be built by relating these breaches with the known OWASP Top 10 and other vulnerabilities and, leveraging that knowledge to identify the testing approach - static and dynamic throughout the SDLC.

'''About Speakers:'''

'''Bhushan Gupta''' has over 30 years of experience in software engineering, 23 of which have been in the software industry. Although recognized for his contributions in the areas of software engineering such as agile processes and quality methods and metrics, Bhushan has taken a vigorous interest in web application security and is keen on applying pragmatic software development practices that yield a secure product. He is one of the leaders of the OWASP Portland Chapter. Bhushan has been a speaker, a panelist, and a reviewer for software quality and security organizations. As a change agent, Bhushan volunteers his time and energy for organizations that promote software security and quality. He has a MS degree in Computer Science from New Mexico Institute of Mining and Technology, Socorro, New Mexico, 1985.

'''Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Twitter URL:''' https://twitter.com/owasphyderabad

'''Telegram URL:''' https://goo.gl/EHqdLM

'''Registration URL:''' https://goo.gl/tEXnec

== Feb-2018 ==

=== '''Venue: coMakeIT''' ===
7th Floor, Block-I, My Home Hub, Hitech City, Madhapur, Hyderabad, INDIA

'''Time:''' Saturday, 03rd Feb, 2018 at 10:30 AM (IST)

'''Agenda:'''

1) Mobile Application Pentest & Mobile Application Ransomware

2) Using Static Analyser tools while coding

'''About Speakers:'''

1) '''Spv Reddy''' is an Application Security Analyst at '''IMImobile Pvt Ltd''', member of '''National Technical Committee Member''' at National Cyber Safety and Security Standards

Also a '''Steering Committee Lead''' Member in National Information Security Summit.

2) '''Dathu Rachapudi''' is having 9 years of experience with 6+ years into Application Security only. He is currently working with '''ValueLabs''' as a “Technical Lead-Security”

He likes to teach and a happy a bug hunter during his leisure time.

== Dec-2017 ==
[[File:WhatsApp Image 2017-12-15 at 11.09.39 PM.jpg|thumb]]
'''Time & Venue:'''

@15/Dec/2017

KFC location, Shilparamam, Hi-Tech city, Hyderabad

'''Agenda:'''

1. Planning for Jan 20th 2018 general OWASP meet - '''Done'''

2. Need to clear OWASP mail account - '''Done'''

'''Attendees : Hyderabad OWASP Core Team'''

== Sec-2017 ==
[[File:WhatsApp Image 2017-12-15 at 10.13.27 PM.jpg|thumb]]
'''Time & Venue:'''

@03/Sep/2017

Cafe Coffee day, Road Number 10, Banjara Hills, Hyderabad

'''Below decisions were made after careful discussions'''

1. Uploading of OWASP presentation template, speakers should make use of this template to prepare their presentation

2. Recording the technical demo is mandate for presenters

'''Attendees : Hyderabad OWASP Core Team'''

== July 2017 ==
'''Time & Venue:'''

OpenText Technologies, Building No-14, 3rd Floor, Raheja Mindspace, HITEH City, Hyderabad

Saturday, July 15th, 2017 at 10:30 AM (IST)

'''Agenda:'''

1. Introduction to DevOps and its Tools - Krishna Reddy Pedala

2. API Security Auditing using RESTED Plug-in - Vikas Kumar Pal

'''About the speaker:'''

'''Krishna Reddy Pedala''' is currently working as an Sr.Information Security consultant in financial sector. His previous endeavour was with Microsoft and has 9+ years of experience in Information security domain with expertise in service industry and banking domains.

'''Vikas Kumar Pal''' is an information security professional working with Ceredox Technologies Pvt Ltd, Hyderabad with an interest in research and development in the areas of Application Security, Penetration Testing and Web Application Development.

== Feb 2017 ==

'''Time & Venue:'''

Starbucks, Opp: Cybergateway, HiTech City, Hyderbad

Monday, February 20th, 2017 at 7.30 PM (IST)

'''Agenda:'''

Topic: New Core Team Meeting

Road map for year 2017

Changes in core team members responsibilities

Getting OWASP accounts for core members

Administration of all social accounts of OWASP Hyderabad Chapter

== April 2016 ==
'''Time & Venue:'''

OpenText Technologies, Building No-14, 3rd Floor, Raheja Mindspace, HITEH City, Hyderabad

Saturday, April 2nd, 2016 at 10:30 AM (IST)

'''Agenda:'''

Topic: Mobile application security and testing by Satish Kumar Patnaik

About the speaker - Satish Kumar Patnayak : he is currently working as an Senior Information Security Consultant financial sector and has 5+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. His areas of interest are android security, ios security.

==February 2016==

'''Time & Venue:'''

Saturday, February 27th, 2016 at 10:30 AM (IST)

Location: Pramati Technologies Private Limited, Mid Town 6-3-348 Road No. 1, Banjara Hills, Hyderabad, Telangana, India

'''Agenda:'''

Microsoft Threat Modeling Tool 2016 by Krishna Reddy Padala

Creating DFD STRIDE Model Identifying STRIDE Threats by DFD, Mitigation Techniques and Technologies

'''About the speaker:''' Krishna Reddy Padala, he is currently working as an Senior Information Security Consultant financial sectore and worked with Microsoft and has 8+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. QUALYS GUARD Certified Vulnerability Management Specialist.Certified Ethical Hacker from EC Council.Worked extensively on Web Application Security, Secure Code Reviews in Banking & Financial, Healthcare, Retail, Logistics domains.

== '''Previous Meets:''' ==

==May 11, 2013==

'''Venue:'''

CA Technologies, 115, IT Park Area, Nanakramguda, Gachibowli - (Phone - 040 6687 8000), Hyderabad

'''Agenda:''' Exploiting Java 0-day by Ravindra and Raghuveer, CA Technologies Compliance and Governance by Shalem Raj, Cognizant.

==February 9, 2013==

'''Date & Time: Saturday, February 9, 2013 from 10:00 AM to 1:00 PM '''

'''Venue:'''
CA Technologies 
115, IT Park Area 
Nanakramguda, Gachibowli - (Phone - 040 6687 8000) 
Hyderabad

'''Agenda:'''
IBM Appscan - An automated approach to web app security by Rohit Tamma 
Insecure Storage in iPhone applications by Satish Bommisetty

''' Speakers: '''

'''Rohit Tamma'''
Rohit Tamma has been working in the field of Application Security since 3.5 years. He has experience in Vulnerability Assessments and Penetration Testing of web applications. He is passionate about Mobile security with special interest in Android security. He is currently working with ADP.

'''Satish Bommisetty'''
Satish is an Information Security Professional with 6.5 years of experience in penetration testing of web applications and mobile applications. He is currently working with ADP as a security analyst. He is a Facebook whitehat. He also reported vulnerabilities in Bing, Linkedin and Paypal.

== October 27, 2012 ==

'''Date & Time: Saturday, October 27, 2012 at 11:00 AM (IST) '''.

'''Venue:'''

Invesco private Limited 
15th Floor , North Block, Beside Raidurg Police Station 
DivyaSree Orion SEZ 
Hyderabad, Andhra Pradesh 500032 

'''Agenda:'''

A bird'd eye view of securing Web Applications by Imran Mohammed

SSDLC BSIMM by M S Sripathi

''' Speakers '''

'''Imran Mohammed'''

Mohammed Imran works as Researcher at TCS, Innovation Labs. He also leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Imran is a CEH and his interests include application security assessment, penetration testing and secure code review. When not at work he practices horse riding and marksmanship.

'''Sreepati M S '''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him .

'''Sponsor'''

Invesco Pvt Ltd

== August 11, 2012 ==

'''Date & Time: Saturday, Aug 11, 2012 at 10:30 AM '''.

'''Venue:'''

ADP pvt ltd 
Kothaguda 
Ground floor, Block C Laxmi cyber city Opposite TCS e-park 
Hyderabad, Andhra Pradesh 500081 

'''Agenda:'''

HTML5 Security Part II by Krishna Chaitanya

''' Speakers '''

'''Krishna Chaitanya T'''

Krishna Chaitanya T is a web geek working at Security & Privacy Research Lab, Infosys Labs. He is very much passionate about the web with special interest on Web security and areas such as HTML5, JavaScript, Web browsers, social networking platforms etc. He is a regular blogger and speaker at technical events. For his contributions to technical communities, he has been awarded Microsoft MVP award for 3 consecutive years-ASP.NET MVP(2010) and Internet Explorer MVP (2011, 2012). He is also pursuing M.S by Research at IIIT-Hyd with focus on security aspects of the modern web. When not at work he practices Yoga and plays Chess.

'''Sponsor'''

https://www.owasp.org/images/9/91/Adp.jpg

== May 19, 2012 ==

'''Date & Time: Saturday, May 19, 2012 at 10:30 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

HTML5 Security by Krishna Chaitanya

''' Speakers '''

'''Krishna Chaitanya T'''

Krishna Chaitanya T is a web geek working at Security & Privacy Research Lab, Infosys Labs. He is very much passionate about the web with special interest on Web security and areas such as HTML5, JavaScript, Web browsers, social networking platforms etc. He is a regular blogger and speaker at technical events. For his contributions to technical communities, he has been awarded Microsoft MVP award for 3 consecutive years-ASP.NET MVP(2010) and Internet Explorer MVP (2011, 2012). He is also pursuing M.S by Research at IIIT-Hyd with focus on security aspects of the modern web. When not at work he practices Yoga and plays Chess.

== February 25, 2012 ==

'''Date & Time: Saturday, February 25, 2012 at 11:00 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

How to find zero days in web applications by Imran & Raghunath

''' Speakers '''

'''Mohammed Imran'''

Imran works as Application Security Researcher at Tata consultancy services,leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Apart from his day job he contributes to matriux and Fedora open source projects. Imran is a CEH and his interests include application security assessment, penetration testing and code review.

'''Raghunath'''

Raghunath works as a senior security engineer at entersoft information systems private limited. His interests include web application penetration testing.

== December 17, 2011 ==

'''Date & Time: Saturday, at 10:30 AM '''.

'''Venue: '''

Hotel Sitara Grand 
Road No.12, Road No.12, Banjara Hills 
Hyderabad, Andhra Pradesh 500034, India 

'''Agenda:'''

Cloud Security by Arshad Noor

''' Speakers '''

'''Arshad Noor'''
Chief Technology Officer
StrongAuth, Inc., Sunnyvale, California

Started his great profession as a senior systems designer way back in 1986 at Port Authority of Newyork and New Jersey,- Newyork and worked in Citibank - newyork as Vice President apart from Newyork Life Insurance, BASF Corporation, Sun IT ,Sun Microsystems, INC to name.
Architected and built several Public Key Infrastructure (PKI) assignments for several defense, communication, medical, Banking, e-commerce, life sciences and other industries.

== November 12, 2011==

'''Date & Time: Saturday, at 10:30 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

HP WebInspect by Rohit Tamma

Pentesting Iphone Applications By B Satish

''' Speakers '''

'''Rohit Tamma'''

Rohit Tamma (CEH) has been working as a Application security Analyst in TCS from past 2 years. His job responsibilities include Vulnerability Assessment and Penetration Testing which enabled him to acquire extensive knowledge on HP WebInspect,IBM Rational Appscan Source Edition and HP Assessment Management Platform. Recently he also gave a presentation in Null Hyderabad meet on HP WebInspect.

'''Satish B'''

Satish has been working as a web application penetration tester since 5 years. Pentested over 200 web applications during this period. Recently he got involved in reverse engineering of binaries, WLAN security and mobile application hacking. He also Performed a couple of network assessments and source code reviews. Developed a compiler in the early stage of the career. He has a Bachelor’s Degree in Computer Science from JNTU, Hyderabad.Passionate about hacking and sharing knowledge.

== 20th August 2011 ==

'''Date & Time: Saturady, at 11 AM '''

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

Oracle Padding Attack by B. Satish

Open SAM part II by Sripati MS

''' Speakers '''

'''B Satish'''

I have been working as a web application penetration tester since 5 years. Pentested over 200 web applications during this period. Recently got involved in reverse engineering of binaries, WLAN security and mobile application hacking. Performed a couple of network assessments and source code reviews. Developed a compiler in the early stage of the career. I have a Bachelor’s Degree in Computer Science from JNTU, Hyderabad. Passionate about hacking and sharing knowledge

'''Sreepati M S'''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him

== July 2011 ==

'''Date: 23/07/2011 saturady of at 12:00 Noon '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

Presentation on Burp Suite by Omair Seminar on Open SAM by Sreepati

''' Speakers '''

'''Sreepati M S '''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him

 

'''Omair '''

Omair works as penetration tester in NII consulting, has over 5 years of experience in Penetration testing. His interests include Network Penetration testing, Exploit generation and Reverse engineering

 ''' Facility Sponsor & Refreshment sponsor'''

3i Infotech

[[Image:3i Infotech.png]]

 

== june 2011 ==

'''Meet on:''' 11/06/2011 saturday

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Facility Sponsor & Refreshment sponsor''' 

Cognizant Technology Solutions

 

[[Image:Cognizant.png|273x86px|Cognizant.png]]

 

== May 2011 ==

'''Meet on:''' 07/05/2011 saturday

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

XSS Autopsy and w3af by Imran

''' Speakers '''

'''Mohammed Imran'''

Imran works as Application Security Researcher at Tata consultancy services,leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Apart from his day job he contributes to matriux and Fedora open source projects. Imran is a CEH and his interests include application security assessment, penetration testing and code review.

'''Sponsor''' 

Cognizant Technology Solutions

 

==== Audio/Video/Slides Archive ====

<paypal>Hyderabad</paypal>

__NOTOC__ <headertabs></headertabs>

[[Category:OWASP_Chapter]]
[[Category:Asia/Pacific/Middle East]]
[[Category:India]]
[[Category:Hyderabad]]

Hyderabad

2019-02-16T07:40:14Z

Raj Shalem: /* Mar - 2019 - One-Day Conference */

Welcome to the OWASP Hyderabad chapter homepage.

== OWASP - Hyderabad Chapter Board Members ==
Scope of the board is to discuss and approve local activities, meetings and plans.The board meetings will be announced at a later date. 

'''The board currently includes the following members :'''

''Core Team Members - 2017'' [mailto:gshalemraj@gmail.com Shalem Raj - Cognizant Technology Solutions] : Chapter Leader [mailto:rajesh.gopal@owasp.org Rajesh Gopal - Fortune 500 Organisation] [mailto:bhaskar.puppala@owasp.org Bhaskar Puppala - Fortune 500 Organisation] [mailto:sathya.achanta@owasp.org Achanta Sathya Phani Bapi Raju - CSC] [mailto:saikrishna.gobburi@owasp.org Saikrishna Gobburi - Pramati Technologies Pvt Ltd] 

Information about future meets can be seen in the '''''Upcoming Meetings''''' section below.

== '''Location Details''' ==

Hyderabad is the capital of southern India's Telangana state. A major center for the technology industry, it's home to many upscale restaurants and shops. Its historic sites include Golconda Fort, a former diamond-trading center that was once the Qutb Shahi dynastic capital. The Charminar, a 16th-century mosque whose 4 arches support towering minarets, is an old city landmark near the long-standing Laad Bazaar.

[[File:Hydskyline.jpg|Panorama of Hyderabad, as seen from the Hussain Sagar lake. Source: https://en.wikipedia.org/wiki/Hyderabad#/media/File:Hydskyline.jpg|center|1150x1150px]]

More details about Hyderabad location available @https://en.wikipedia.org/wiki/Hyderabad<nowiki/>{{Chapter Template|chaptername=Hyderabad|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-hyderabad|emailarchives=http://lists.owasp.org/pipermail/owasp-hyderabad}}
== Participants ==

OWASP Local Chapter meetings are free and open. Our chapter's meetings are informal and encourage open discussion of all aspects of application security. Anyone in our area interested in web application security is welcome to attend. We encourage attendees to give short presentations about specific topics.

 Stay Updated

'''[https://lists.owasp.org/mailman/listinfo/owasp-hyderabad Click here to join the local chapter mailing list]'''

'''Follow''' OWASP Hyderabad on your favorite social media sites:

[[Image:Twitter mini.png|link=http://twitter.com/OWASPHyderabad]] [[Image:Facebook mini.png|link=https://www.facebook.com/pages/Owasp-Hyderabad/181569591897591]]

'''Share''' OWASP Hyderabad on your favorite social media sites:

Presentations are invited from speakers, Please contacts us at our Telegram Group @https://goo.gl/EHqdLM

(Don't share personal details like contact numbers here, because its an open group, your privacy is our concern)

Presenters are encouraged to use OWASP presentation template for slides preparation.

Follow us at our Telegram, Twitter and Facebook handles to get latest information !

== Presentations and Training[edit | edit source] ==
OWASP Track

[https://www.owasp.org/index.php/Speaker_Agreement Speaker Agreement]

[https://www.owasp.org/images/b/b3/OWASP_Presentation_Template_v2.zip Presentation Template]

[https://www.owasp.org/index.php/Image:CFP_template.doc Call For Papers Template]

[https://www.owasp.org/images/8/85/OWASP_CFT_Template-1-.doc Call For Training proposal template].

[http://www.owasp.org/images/4/4b/SAMPLE_Training_Instructor_Agreement.doc Training Instructor Agreement]

== '''Upcoming Meetings & Events''' ==
''Stay tuned for 2018 updates - Exciting activities are under plan !''

== [[Meeting]] Details: ==

== Mar - 2019 - One-Day Conference ==
'''Organized''' '''by''' : S&P Global

'''Date :''' '''09/Mar/2019'''

'''Timings :''' 9.00 AM Registration starts

'''Event :''' 10.00 AM to 06.00 PM IST

'''Venue :''' @Ness Software Engineering Services India ,LLP, '''4th Floor, Block 5, East Tower,''' '''North wing Divyasree NSL Infrastructure Pvt''', ,Sy No.66/1, Raidurgam Village, Serlingampally Mandal, RR Dist, Hyderabad-500032, Telangana, India

'''Registration Link:''' https://www.meraevents.com/event/owasp-hyderabad-chapter-march-2019-oneday-meet-by-sandp-global
{| class="wikitable"
|'''Registration & Networking'''
|-
|Welcome and Overview by OWASP Core Team:

''Felicitation to Guest of Honor: '''G Janaki Sharmila''' - Dy. Commissioner of Police - Crime''

http://www.cyberabadpolice.gov.in/crime-wing/dcp-crimes.html

''Welcome note by S&P Global Team''
|-
|'''Authentication in API, Microservices Architecture''' '''and Cloud Security''' – By ''Varun Kumar Srivastava'':

Varun is principal Engineer with 9 + years of experience in developing and securing web applications and expertise in Application Security, Identity and Access management, He is a computer science graduate from IIT
|-
|Refreshments / Tea Break
|-
|'''''Panel Discussion''''' ''(Cybersecurity Readiness – Maturity and Capability)''

Dr. Bheemarjuna Reddy Tamma - Associate Professor, IIT Hyderabad - https://www.iith.ac.in/~tbr/

Dr. V. Radha, Associate Professor, Institute for Development and Research in Banking Technology (IDRBT) - http://idrbt.ac.in/vradha.html

Mr. Veeraindhra Dinker, Director Information Security at GSS Infotech Hyderabad - [https://www.linkedin.com/in/venu-rao-wsa https://www.linkedin.com/in/vdinker]

Mr. Venu Rao , Founder and CEO - We Secure App - https://www.linkedin.com/in/venu-rao-wsa
|-
|'''Networking Lunch -'''

'''Registrations for Onsite Hackathon by Secure Code Warrior'''
|-
|'''Executive Briefing: Secure Software Development''' – By Satish Kumar Vadlakonda: Satish is Associate Director with 12 + years of broad industry experience in to software design, architecture and development. Specialized in Web and Windows applications development with a strong acquaintance to the best practices of Agile, UX, UI and Information security
|-
|'''An Introduction to IOT firmware analysis and Security''' – By ''Vivek Rengarajan:''

Vivek is a cybersecurity team leader in a multinational bank with almost 18 years of experience. He has held varied roles in his career and has been a cyber security enthusiast for a long time. His areas of interest include mobile and ioT security, Malware analysis and reverse engineering and exploit development. He tweets at @vivek_310
|-
|Refreshments / Tea Break
|-
|'''''Onsite Hackathon (CTF) by''''' '''''Secure Code Warrior''': '''(3 Hours)'''''

''Secure Code Warrior is a global security company that makes software development better and more secure: Gamified competitive Developer Quality Assurance platform''

https://securecodewarrior.com , https://insights.securecodewarrior.com

'''Announcement of the winners and Prize distribution'''
|-
|'''Vote of Thanks'''

Closing: Network Business / Announce Next Meeting – By OWASP Team
|-
|Meeting Concludes: ''Network Social''
|}

== Dec - 2018 ==
[[File:Session Photo.jpg|thumb]]
[[File:Group Photo.jpg|thumb]]
'''Organized''' '''by''' : ThoughtWorks Technologies Private Limited

'''Date :''' 15/Dec/2018

'''Timings :''' 10.00 AM to 1.00 PM IST

'''Venue :''' ThoughtWorks Technologies Private Limited, Hyderabad, Telangana, India

'''Registration Link:''' https://www.eventbrite.com/e/owasp-hyderabad-december-2018-chapter-meet-tickets-53371662078#

'''Agenda:'''

'''1) All about Java Deserialization Vulnerability'''

Java Deserialization of untrusted data has been a security buzzword for the past couple of years with almost every application using native Java serialization framework being vulnerable to Java deserialization attacks. Since it's inception, there have been many scattered attempts to come up with a solution to best address this flaw. In this talk we will focus on Java deserialization vulnerability and mitigation framework provided by Oracle in its latest JDK.

'''About Speakers:''' Venkata Suresh Sanga is a Principle Security Engineer in Oracle having more than 13+ years of experience in Application Development and Security. Currently working on SAST Tools to remediate or mitigate the Application Vulnerabilities. He has Masters in Computer Science (M.Tech) from Andhra University. Linkedin : <nowiki>https://in.linkedin.com/in/svsuresh-appse</nowiki>

'''Our Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Our Twitter URL:''' https://twitter.com/owasphyderabad

'''Our Telegram URL:''' https://goo.gl/EHqdLM

== Sept-2018 - One-Day Conference ==
'''Organized''' '''by''' : S&P Global and Ness

'''Date :''' 01/Sept/2018

'''Timings :''' 10.00 AM to 05.30 PM IST

'''Venue :''' @Ness Software Engineering Services India ,LLP, 4th Floor, Block 5, East Tower, '''North wing Divyasree NSL Infrastructure Pvt''', ,Sy No.66/1, Raidurgam Village, Serlingampally Mandal, RR Dist, Hyderabad-500032, Telangana, India

'''Registration Link:'''

https://www.meraevents.com/event/owasp-hyderabad-september-2018-chapter-meet?ucode=organizer

'''Agenda:'''
{| class="wikitable"
|'''Registration & Networking'''
|-
|Welcome and Overview by OWASP Core Team

Welcome note by S&P Global Team

Welcome & Overview of Meeting by OWASP Network Representative
|-
|'''Running Frida on jailed devices by using Frida and to bypass root/jailbreak detection – By Satish Kumar Patnayak'''

About Speaker : Information Security Consultant with 7+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. His areas of interest are android security, ios security
|-
|Refreshments / Tea Break
|-
|'''SSRF Exploit Development – By Aayush Deo'''

About Speaker : Good industry experience in information security and completed my BE from PUNE University. Have worked with shopclues.com, an eCommerce company in the past and have couple of Hall of Fame’s on ZETA, Paytm etc.
|-
|Networking Lunch
|-
|'''Mobile Vulnerabilities worth Millions - Pentesting and Securing iOS Apps using OWASP iGoat – By Swaroop Deepak Yermalkar'''

About Speaker : works as Sr Security Engineer with a diverse skill set focused on Mobile App Pentest, Web, API and AWS Pentesting. In addition he has authored the popular book “Learning iOS Pentesting” (<nowiki>https://goo.gl/T8jvjJ</nowiki>) and lead an open source project - OWASP iGoat (<nowiki>https://github.com/OWASP/iGoat-Swift</nowiki>) which is developed for mobile security. He is one of the top bug bounty researchers worldwide, working with Cobalt.io (<nowiki>https://app.cobalt.io/swaroopsy</nowiki>), Synack.inc.

He has given talks and workshops at many security conferences including AppSec USA 2017, BruCON, SEC-T, EuropeanSec, Hacks in Taiwan (HITCON), GroundZero, c0c0n, 0x90, GNUnify
|-
|'''OS Command Injection - Observation, Attack & Analysis (A1 - OWASP Top 10 2017) - By Bhaskar Puppala and Saikrishna Gobburi'''

About Speaker: Bhaskar Puppala is an Information Security Professional, working as a consultant for a fortune 500 company and has 8.5 years of experience. He is more interested in application security area and love to share his knowledge when possible. He also has some experience in bug bounty programs and listed on couple of Security Hall of Fames.

For more details please visit : <nowiki>https://in.linkedin.com/in/bhaskar-puppala-3bb11316</nowiki>

About Speaker: Saikrishna Gobburi has around 8.5 years of work experience on QA automation, performance and security testing .Currently he is working as Principal engineer with Pramati technologies. He is also associated as core member with OWASP-Hyderabad.

For more details please visit: <nowiki>https://www.linkedin.com/in/saikrishna-gobburi-b0088118/</nowiki>
|-
|Refreshments / Tea Break
|-
|Panel Discussion – Corporate attack methodology vs Attacks in the wild (Resource pool: Demand vs Supply)
Panel to be announced
|-
|Closing - Network Business / Announce Next Meeting – By OWASP Team
|-
|''Network Social''
|}
'''Sponsor :'''

[[File:SP.png|thumb|168x168px|Sponsor]]

== July - 2018[edit | edit source] ==
'''Time & Venue:'''
[[File:July 2018 Core Team meet.jpg|thumb|July 2018 Core Team Meet]]
@28/July/2018

CCD, Banjara Hills, Hyderabad, Telangana.

'''Agenda:'''

1. Planning for Sep 2018 OWASP meet - '''Done'''

2. Telegraph Group Mentoring - '''Done'''

3. Speakers Finalizing - '''Done'''

'''Attendees : Hyderabad OWASP Core Team'''

[[File:CoMakeIT - June 2018 Meet Pic 2.jpg|thumb|CoMakeIT - June 2018 Meet]]

== June - 2018 ==
[[File:CoMakeIT - June 2018 Meet.jpg|alt=CoMakeIT - June 2018 Meet|thumb|CoMakeIT - June 2018 Meet]]
'''Venue: coMakeIT Software Pvt Ltd'''

Address: 7th Floor, Block-I, My Home Hub, Hitech City, Madhapur, Hyderabad, INDIA

'''Event Start Time:''' Saturday, 23rd June, 2018 at 10:00 AM (IST)

'''Event Registration URL''': https://tinyurl.com/yc9cb6hg

'''Agenda:'''

'''1) Adapting to DevSecOps in Agile World'''

In this talk, speaker will try talk about basics of DevSecOps and its benefits when we integrate it in Agile SDLC space.

'''2) Understanding the internals of 'Server-Side Request Forgery' (SSRF)'''

Here speaker will try to touch the basics about how application communicates with end devices and using the same he will try to explain SSRF issue and criticality of it, if exploited.

'''About Speakers:'''

'''1) Saikrishna Gobburi''' has around 8.5 years of work experience on QA automation, performance and security testing .Currently he is working as Principle engineer with Pramati technologies. He is also associated as core member with OWASP-Hyderabad. For more details please visit: <nowiki>https://www.linkedin.com/in/saikrishna-gobburi-b0088118/</nowiki>

'''2) Bhaskar Puppala''' is an Information Security Professional, working as a consultant for a fortune 500 company and has 8.5 years of experience. He is more interested in application security area and love to share his knowledge when possible. He also has some experience in bug bounty programs and listed on couple of Security Hall of Fames. For more details please visit : <nowiki>https://in.linkedin.com/in/bhaskar-puppala-3bb11316</nowiki>

'''Our Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Our Twitter URL:''' https://twitter.com/owasphyderabad

'''Our Telegram URL:''' https://goo.gl/EHqdLM

== Mar - 2018 ==
[[File:Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet.jpg|alt=Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet|thumb|Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet]]
'''Venue: Daspalla Hotel'''
[[File:Daspalla_Hotel_-_Meet.jpg|thumb|Daspalla Hotel Meet - Mar 2018]]

Address: Rd Number 37, CBI Colony, Jubilee Hills, Hyderabad, Telangana 500033, Phone: 040 6654 5678

'''Event Start Time:''' Saturday, 10th Mar, 2018 at 10:00 AM (IST)

'''Agenda:'''

'''1) Does your Pentesting cover all the basis of IT Security ?'''

This talk focuses on how to align the security validation of a web application with the three basic elements of security namely,Confidentiality,Integrity, and Availability (CIA). The test effectiveness can be achieved by analyzing the requirements of each element and identifying the potential breaches that can compromise each element. The efficiency should be built by relating these breaches with the known OWASP Top 10 and other vulnerabilities and, leveraging that knowledge to identify the testing approach - static and dynamic throughout the SDLC.

'''About Speakers:'''

'''Bhushan Gupta''' has over 30 years of experience in software engineering, 23 of which have been in the software industry. Although recognized for his contributions in the areas of software engineering such as agile processes and quality methods and metrics, Bhushan has taken a vigorous interest in web application security and is keen on applying pragmatic software development practices that yield a secure product. He is one of the leaders of the OWASP Portland Chapter. Bhushan has been a speaker, a panelist, and a reviewer for software quality and security organizations. As a change agent, Bhushan volunteers his time and energy for organizations that promote software security and quality. He has a MS degree in Computer Science from New Mexico Institute of Mining and Technology, Socorro, New Mexico, 1985.

'''Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Twitter URL:''' https://twitter.com/owasphyderabad

'''Telegram URL:''' https://goo.gl/EHqdLM

'''Registration URL:''' https://goo.gl/tEXnec

== Feb-2018 ==

=== '''Venue: coMakeIT''' ===
7th Floor, Block-I, My Home Hub, Hitech City, Madhapur, Hyderabad, INDIA

'''Time:''' Saturday, 03rd Feb, 2018 at 10:30 AM (IST)

'''Agenda:'''

1) Mobile Application Pentest & Mobile Application Ransomware

2) Using Static Analyser tools while coding

'''About Speakers:'''

1) '''Spv Reddy''' is an Application Security Analyst at '''IMImobile Pvt Ltd''', member of '''National Technical Committee Member''' at National Cyber Safety and Security Standards

Also a '''Steering Committee Lead''' Member in National Information Security Summit.

2) '''Dathu Rachapudi''' is having 9 years of experience with 6+ years into Application Security only. He is currently working with '''ValueLabs''' as a “Technical Lead-Security”

He likes to teach and a happy a bug hunter during his leisure time.

== Dec-2017 ==
[[File:WhatsApp Image 2017-12-15 at 11.09.39 PM.jpg|thumb]]
'''Time & Venue:'''

@15/Dec/2017

KFC location, Shilparamam, Hi-Tech city, Hyderabad

'''Agenda:'''

1. Planning for Jan 20th 2018 general OWASP meet - '''Done'''

2. Need to clear OWASP mail account - '''Done'''

'''Attendees : Hyderabad OWASP Core Team'''

== Sec-2017 ==
[[File:WhatsApp Image 2017-12-15 at 10.13.27 PM.jpg|thumb]]
'''Time & Venue:'''

@03/Sep/2017

Cafe Coffee day, Road Number 10, Banjara Hills, Hyderabad

'''Below decisions were made after careful discussions'''

1. Uploading of OWASP presentation template, speakers should make use of this template to prepare their presentation

2. Recording the technical demo is mandate for presenters

'''Attendees : Hyderabad OWASP Core Team'''

== July 2017 ==
'''Time & Venue:'''

OpenText Technologies, Building No-14, 3rd Floor, Raheja Mindspace, HITEH City, Hyderabad

Saturday, July 15th, 2017 at 10:30 AM (IST)

'''Agenda:'''

1. Introduction to DevOps and its Tools - Krishna Reddy Pedala

2. API Security Auditing using RESTED Plug-in - Vikas Kumar Pal

'''About the speaker:'''

'''Krishna Reddy Pedala''' is currently working as an Sr.Information Security consultant in financial sector. His previous endeavour was with Microsoft and has 9+ years of experience in Information security domain with expertise in service industry and banking domains.

'''Vikas Kumar Pal''' is an information security professional working with Ceredox Technologies Pvt Ltd, Hyderabad with an interest in research and development in the areas of Application Security, Penetration Testing and Web Application Development.

== Feb 2017 ==

'''Time & Venue:'''

Starbucks, Opp: Cybergateway, HiTech City, Hyderbad

Monday, February 20th, 2017 at 7.30 PM (IST)

'''Agenda:'''

Topic: New Core Team Meeting

Road map for year 2017

Changes in core team members responsibilities

Getting OWASP accounts for core members

Administration of all social accounts of OWASP Hyderabad Chapter

== April 2016 ==
'''Time & Venue:'''

OpenText Technologies, Building No-14, 3rd Floor, Raheja Mindspace, HITEH City, Hyderabad

Saturday, April 2nd, 2016 at 10:30 AM (IST)

'''Agenda:'''

Topic: Mobile application security and testing by Satish Kumar Patnaik

About the speaker - Satish Kumar Patnayak : he is currently working as an Senior Information Security Consultant financial sector and has 5+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. His areas of interest are android security, ios security.

==February 2016==

'''Time & Venue:'''

Saturday, February 27th, 2016 at 10:30 AM (IST)

Location: Pramati Technologies Private Limited, Mid Town 6-3-348 Road No. 1, Banjara Hills, Hyderabad, Telangana, India

'''Agenda:'''

Microsoft Threat Modeling Tool 2016 by Krishna Reddy Padala

Creating DFD STRIDE Model Identifying STRIDE Threats by DFD, Mitigation Techniques and Technologies

'''About the speaker:''' Krishna Reddy Padala, he is currently working as an Senior Information Security Consultant financial sectore and worked with Microsoft and has 8+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. QUALYS GUARD Certified Vulnerability Management Specialist.Certified Ethical Hacker from EC Council.Worked extensively on Web Application Security, Secure Code Reviews in Banking & Financial, Healthcare, Retail, Logistics domains.

== '''Previous Meets:''' ==

==May 11, 2013==

'''Venue:'''

CA Technologies, 115, IT Park Area, Nanakramguda, Gachibowli - (Phone - 040 6687 8000), Hyderabad

'''Agenda:''' Exploiting Java 0-day by Ravindra and Raghuveer, CA Technologies Compliance and Governance by Shalem Raj, Cognizant.

==February 9, 2013==

'''Date & Time: Saturday, February 9, 2013 from 10:00 AM to 1:00 PM '''

'''Venue:'''
CA Technologies 
115, IT Park Area 
Nanakramguda, Gachibowli - (Phone - 040 6687 8000) 
Hyderabad

'''Agenda:'''
IBM Appscan - An automated approach to web app security by Rohit Tamma 
Insecure Storage in iPhone applications by Satish Bommisetty

''' Speakers: '''

'''Rohit Tamma'''
Rohit Tamma has been working in the field of Application Security since 3.5 years. He has experience in Vulnerability Assessments and Penetration Testing of web applications. He is passionate about Mobile security with special interest in Android security. He is currently working with ADP.

'''Satish Bommisetty'''
Satish is an Information Security Professional with 6.5 years of experience in penetration testing of web applications and mobile applications. He is currently working with ADP as a security analyst. He is a Facebook whitehat. He also reported vulnerabilities in Bing, Linkedin and Paypal.

== October 27, 2012 ==

'''Date & Time: Saturday, October 27, 2012 at 11:00 AM (IST) '''.

'''Venue:'''

Invesco private Limited 
15th Floor , North Block, Beside Raidurg Police Station 
DivyaSree Orion SEZ 
Hyderabad, Andhra Pradesh 500032 

'''Agenda:'''

A bird'd eye view of securing Web Applications by Imran Mohammed

SSDLC BSIMM by M S Sripathi

''' Speakers '''

'''Imran Mohammed'''

Mohammed Imran works as Researcher at TCS, Innovation Labs. He also leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Imran is a CEH and his interests include application security assessment, penetration testing and secure code review. When not at work he practices horse riding and marksmanship.

'''Sreepati M S '''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him .

'''Sponsor'''

Invesco Pvt Ltd

== August 11, 2012 ==

'''Date & Time: Saturday, Aug 11, 2012 at 10:30 AM '''.

'''Venue:'''

ADP pvt ltd 
Kothaguda 
Ground floor, Block C Laxmi cyber city Opposite TCS e-park 
Hyderabad, Andhra Pradesh 500081 

'''Agenda:'''

HTML5 Security Part II by Krishna Chaitanya

''' Speakers '''

'''Krishna Chaitanya T'''

Krishna Chaitanya T is a web geek working at Security & Privacy Research Lab, Infosys Labs. He is very much passionate about the web with special interest on Web security and areas such as HTML5, JavaScript, Web browsers, social networking platforms etc. He is a regular blogger and speaker at technical events. For his contributions to technical communities, he has been awarded Microsoft MVP award for 3 consecutive years-ASP.NET MVP(2010) and Internet Explorer MVP (2011, 2012). He is also pursuing M.S by Research at IIIT-Hyd with focus on security aspects of the modern web. When not at work he practices Yoga and plays Chess.

'''Sponsor'''

https://www.owasp.org/images/9/91/Adp.jpg

== May 19, 2012 ==

'''Date & Time: Saturday, May 19, 2012 at 10:30 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

HTML5 Security by Krishna Chaitanya

''' Speakers '''

'''Krishna Chaitanya T'''

Krishna Chaitanya T is a web geek working at Security & Privacy Research Lab, Infosys Labs. He is very much passionate about the web with special interest on Web security and areas such as HTML5, JavaScript, Web browsers, social networking platforms etc. He is a regular blogger and speaker at technical events. For his contributions to technical communities, he has been awarded Microsoft MVP award for 3 consecutive years-ASP.NET MVP(2010) and Internet Explorer MVP (2011, 2012). He is also pursuing M.S by Research at IIIT-Hyd with focus on security aspects of the modern web. When not at work he practices Yoga and plays Chess.

== February 25, 2012 ==

'''Date & Time: Saturday, February 25, 2012 at 11:00 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

How to find zero days in web applications by Imran & Raghunath

''' Speakers '''

'''Mohammed Imran'''

Imran works as Application Security Researcher at Tata consultancy services,leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Apart from his day job he contributes to matriux and Fedora open source projects. Imran is a CEH and his interests include application security assessment, penetration testing and code review.

'''Raghunath'''

Raghunath works as a senior security engineer at entersoft information systems private limited. His interests include web application penetration testing.

== December 17, 2011 ==

'''Date & Time: Saturday, at 10:30 AM '''.

'''Venue: '''

Hotel Sitara Grand 
Road No.12, Road No.12, Banjara Hills 
Hyderabad, Andhra Pradesh 500034, India 

'''Agenda:'''

Cloud Security by Arshad Noor

''' Speakers '''

'''Arshad Noor'''
Chief Technology Officer
StrongAuth, Inc., Sunnyvale, California

Started his great profession as a senior systems designer way back in 1986 at Port Authority of Newyork and New Jersey,- Newyork and worked in Citibank - newyork as Vice President apart from Newyork Life Insurance, BASF Corporation, Sun IT ,Sun Microsystems, INC to name.
Architected and built several Public Key Infrastructure (PKI) assignments for several defense, communication, medical, Banking, e-commerce, life sciences and other industries.

== November 12, 2011==

'''Date & Time: Saturday, at 10:30 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

HP WebInspect by Rohit Tamma

Pentesting Iphone Applications By B Satish

''' Speakers '''

'''Rohit Tamma'''

Rohit Tamma (CEH) has been working as a Application security Analyst in TCS from past 2 years. His job responsibilities include Vulnerability Assessment and Penetration Testing which enabled him to acquire extensive knowledge on HP WebInspect,IBM Rational Appscan Source Edition and HP Assessment Management Platform. Recently he also gave a presentation in Null Hyderabad meet on HP WebInspect.

'''Satish B'''

Satish has been working as a web application penetration tester since 5 years. Pentested over 200 web applications during this period. Recently he got involved in reverse engineering of binaries, WLAN security and mobile application hacking. He also Performed a couple of network assessments and source code reviews. Developed a compiler in the early stage of the career. He has a Bachelor’s Degree in Computer Science from JNTU, Hyderabad.Passionate about hacking and sharing knowledge.

== 20th August 2011 ==

'''Date & Time: Saturady, at 11 AM '''

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

Oracle Padding Attack by B. Satish

Open SAM part II by Sripati MS

''' Speakers '''

'''B Satish'''

I have been working as a web application penetration tester since 5 years. Pentested over 200 web applications during this period. Recently got involved in reverse engineering of binaries, WLAN security and mobile application hacking. Performed a couple of network assessments and source code reviews. Developed a compiler in the early stage of the career. I have a Bachelor’s Degree in Computer Science from JNTU, Hyderabad. Passionate about hacking and sharing knowledge

'''Sreepati M S'''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him

== July 2011 ==

'''Date: 23/07/2011 saturady of at 12:00 Noon '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

Presentation on Burp Suite by Omair Seminar on Open SAM by Sreepati

''' Speakers '''

'''Sreepati M S '''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him

 

'''Omair '''

Omair works as penetration tester in NII consulting, has over 5 years of experience in Penetration testing. His interests include Network Penetration testing, Exploit generation and Reverse engineering

 ''' Facility Sponsor & Refreshment sponsor'''

3i Infotech

[[Image:3i Infotech.png]]

 

== june 2011 ==

'''Meet on:''' 11/06/2011 saturday

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Facility Sponsor & Refreshment sponsor''' 

Cognizant Technology Solutions

 

[[Image:Cognizant.png|273x86px|Cognizant.png]]

 

== May 2011 ==

'''Meet on:''' 07/05/2011 saturday

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

XSS Autopsy and w3af by Imran

''' Speakers '''

'''Mohammed Imran'''

Imran works as Application Security Researcher at Tata consultancy services,leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Apart from his day job he contributes to matriux and Fedora open source projects. Imran is a CEH and his interests include application security assessment, penetration testing and code review.

'''Sponsor''' 

Cognizant Technology Solutions

 

==== Audio/Video/Slides Archive ====

<paypal>Hyderabad</paypal>

__NOTOC__ <headertabs></headertabs>

[[Category:OWASP_Chapter]]
[[Category:Asia/Pacific/Middle East]]
[[Category:India]]
[[Category:Hyderabad]]

Hyderabad

2019-02-16T07:39:24Z

Raj Shalem: linkedin

Welcome to the OWASP Hyderabad chapter homepage.

== OWASP - Hyderabad Chapter Board Members ==
Scope of the board is to discuss and approve local activities, meetings and plans.The board meetings will be announced at a later date. 

'''The board currently includes the following members :'''

''Core Team Members - 2017'' [mailto:gshalemraj@gmail.com Shalem Raj - Cognizant Technology Solutions] : Chapter Leader [mailto:rajesh.gopal@owasp.org Rajesh Gopal - Fortune 500 Organisation] [mailto:bhaskar.puppala@owasp.org Bhaskar Puppala - Fortune 500 Organisation] [mailto:sathya.achanta@owasp.org Achanta Sathya Phani Bapi Raju - CSC] [mailto:saikrishna.gobburi@owasp.org Saikrishna Gobburi - Pramati Technologies Pvt Ltd] 

Information about future meets can be seen in the '''''Upcoming Meetings''''' section below.

== '''Location Details''' ==

Hyderabad is the capital of southern India's Telangana state. A major center for the technology industry, it's home to many upscale restaurants and shops. Its historic sites include Golconda Fort, a former diamond-trading center that was once the Qutb Shahi dynastic capital. The Charminar, a 16th-century mosque whose 4 arches support towering minarets, is an old city landmark near the long-standing Laad Bazaar.

[[File:Hydskyline.jpg|Panorama of Hyderabad, as seen from the Hussain Sagar lake. Source: https://en.wikipedia.org/wiki/Hyderabad#/media/File:Hydskyline.jpg|center|1150x1150px]]

More details about Hyderabad location available @https://en.wikipedia.org/wiki/Hyderabad<nowiki/>{{Chapter Template|chaptername=Hyderabad|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-hyderabad|emailarchives=http://lists.owasp.org/pipermail/owasp-hyderabad}}
== Participants ==

OWASP Local Chapter meetings are free and open. Our chapter's meetings are informal and encourage open discussion of all aspects of application security. Anyone in our area interested in web application security is welcome to attend. We encourage attendees to give short presentations about specific topics.

 Stay Updated

'''[https://lists.owasp.org/mailman/listinfo/owasp-hyderabad Click here to join the local chapter mailing list]'''

'''Follow''' OWASP Hyderabad on your favorite social media sites:

[[Image:Twitter mini.png|link=http://twitter.com/OWASPHyderabad]] [[Image:Facebook mini.png|link=https://www.facebook.com/pages/Owasp-Hyderabad/181569591897591]]

'''Share''' OWASP Hyderabad on your favorite social media sites:

Presentations are invited from speakers, Please contacts us at our Telegram Group @https://goo.gl/EHqdLM

(Don't share personal details like contact numbers here, because its an open group, your privacy is our concern)

Presenters are encouraged to use OWASP presentation template for slides preparation.

Follow us at our Telegram, Twitter and Facebook handles to get latest information !

== Presentations and Training[edit | edit source] ==
OWASP Track

[https://www.owasp.org/index.php/Speaker_Agreement Speaker Agreement]

[https://www.owasp.org/images/b/b3/OWASP_Presentation_Template_v2.zip Presentation Template]

[https://www.owasp.org/index.php/Image:CFP_template.doc Call For Papers Template]

[https://www.owasp.org/images/8/85/OWASP_CFT_Template-1-.doc Call For Training proposal template].

[http://www.owasp.org/images/4/4b/SAMPLE_Training_Instructor_Agreement.doc Training Instructor Agreement]

== '''Upcoming Meetings & Events''' ==
''Stay tuned for 2018 updates - Exciting activities are under plan !''

== [[Meeting]] Details: ==

== Mar - 2019 - One-Day Conference ==
'''Organized''' '''by''' : S&P Global

'''Date :''' '''09/Mar/2019'''

'''Timings :''' 9.00 AM Registration starts

'''Event :''' 10.00 AM to 06.00 PM IST

'''Venue :''' @Ness Software Engineering Services India ,LLP, '''4th Floor, Block 5, East Tower,''' '''North wing Divyasree NSL Infrastructure Pvt''', ,Sy No.66/1, Raidurgam Village, Serlingampally Mandal, RR Dist, Hyderabad-500032, Telangana, India

'''Registration Link:''' https://www.meraevents.com/event/owasp-hyderabad-chapter-march-2019-oneday-meet-by-sandp-global?ucode=organizer
{| class="wikitable"
|'''Registration & Networking'''
|-
|Welcome and Overview by OWASP Core Team:

''Felicitation to Guest of Honor: '''G Janaki Sharmila''' - Dy. Commissioner of Police - Crime''

http://www.cyberabadpolice.gov.in/crime-wing/dcp-crimes.html

''Welcome note by S&P Global Team''
|-
|'''Authentication in API, Microservices Architecture''' '''and Cloud Security''' – By ''Varun Kumar Srivastava'':

Varun is principal Engineer with 9 + years of experience in developing and securing web applications and expertise in Application Security, Identity and Access management, He is a computer science graduate from IIT
|-
|Refreshments / Tea Break
|-
|'''''Panel Discussion''''' ''(Cybersecurity Readiness – Maturity and Capability)''

Dr. Bheemarjuna Reddy Tamma - Associate Professor, IIT Hyderabad - https://www.iith.ac.in/~tbr/

Dr. V. Radha, Associate Professor, Institute for Development and Research in Banking Technology (IDRBT) - http://idrbt.ac.in/vradha.html

Mr. Veeraindhra Dinker, Director Information Security at GSS Infotech Hyderabad - [https://www.linkedin.com/in/venu-rao-wsa https://www.linkedin.com/in/vdinker]

Mr. Venu Rao , Founder and CEO - We Secure App - https://www.linkedin.com/in/venu-rao-wsa
|-
|'''Networking Lunch -'''

'''Registrations for Onsite Hackathon by Secure Code Warrior'''
|-
|'''Executive Briefing: Secure Software Development''' – By Satish Kumar Vadlakonda: Satish is Associate Director with 12 + years of broad industry experience in to software design, architecture and development. Specialized in Web and Windows applications development with a strong acquaintance to the best practices of Agile, UX, UI and Information security
|-
|'''An Introduction to IOT firmware analysis and Security''' – By ''Vivek Rengarajan:''

Vivek is a cybersecurity team leader in a multinational bank with almost 18 years of experience. He has held varied roles in his career and has been a cyber security enthusiast for a long time. His areas of interest include mobile and ioT security, Malware analysis and reverse engineering and exploit development. He tweets at @vivek_310
|-
|Refreshments / Tea Break
|-
|'''''Onsite Hackathon (CTF) by''''' '''''Secure Code Warrior''': '''(3 Hours)'''''

''Secure Code Warrior is a global security company that makes software development better and more secure: Gamified competitive Developer Quality Assurance platform''

https://securecodewarrior.com , https://insights.securecodewarrior.com

'''Announcement of the winners and Prize distribution'''
|-
|'''Vote of Thanks'''

Closing: Network Business / Announce Next Meeting – By OWASP Team
|-
|Meeting Concludes: ''Network Social''
|}

== Dec - 2018 ==
[[File:Session Photo.jpg|thumb]]
[[File:Group Photo.jpg|thumb]]
'''Organized''' '''by''' : ThoughtWorks Technologies Private Limited

'''Date :''' 15/Dec/2018

'''Timings :''' 10.00 AM to 1.00 PM IST

'''Venue :''' ThoughtWorks Technologies Private Limited, Hyderabad, Telangana, India

'''Registration Link:''' https://www.eventbrite.com/e/owasp-hyderabad-december-2018-chapter-meet-tickets-53371662078#

'''Agenda:'''

'''1) All about Java Deserialization Vulnerability'''

Java Deserialization of untrusted data has been a security buzzword for the past couple of years with almost every application using native Java serialization framework being vulnerable to Java deserialization attacks. Since it's inception, there have been many scattered attempts to come up with a solution to best address this flaw. In this talk we will focus on Java deserialization vulnerability and mitigation framework provided by Oracle in its latest JDK.

'''About Speakers:''' Venkata Suresh Sanga is a Principle Security Engineer in Oracle having more than 13+ years of experience in Application Development and Security. Currently working on SAST Tools to remediate or mitigate the Application Vulnerabilities. He has Masters in Computer Science (M.Tech) from Andhra University. Linkedin : <nowiki>https://in.linkedin.com/in/svsuresh-appse</nowiki>

'''Our Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Our Twitter URL:''' https://twitter.com/owasphyderabad

'''Our Telegram URL:''' https://goo.gl/EHqdLM

== Sept-2018 - One-Day Conference ==
'''Organized''' '''by''' : S&P Global and Ness

'''Date :''' 01/Sept/2018

'''Timings :''' 10.00 AM to 05.30 PM IST

'''Venue :''' @Ness Software Engineering Services India ,LLP, 4th Floor, Block 5, East Tower, '''North wing Divyasree NSL Infrastructure Pvt''', ,Sy No.66/1, Raidurgam Village, Serlingampally Mandal, RR Dist, Hyderabad-500032, Telangana, India

'''Registration Link:'''

https://www.meraevents.com/event/owasp-hyderabad-september-2018-chapter-meet?ucode=organizer

'''Agenda:'''
{| class="wikitable"
|'''Registration & Networking'''
|-
|Welcome and Overview by OWASP Core Team

Welcome note by S&P Global Team

Welcome & Overview of Meeting by OWASP Network Representative
|-
|'''Running Frida on jailed devices by using Frida and to bypass root/jailbreak detection – By Satish Kumar Patnayak'''

About Speaker : Information Security Consultant with 7+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. His areas of interest are android security, ios security
|-
|Refreshments / Tea Break
|-
|'''SSRF Exploit Development – By Aayush Deo'''

About Speaker : Good industry experience in information security and completed my BE from PUNE University. Have worked with shopclues.com, an eCommerce company in the past and have couple of Hall of Fame’s on ZETA, Paytm etc.
|-
|Networking Lunch
|-
|'''Mobile Vulnerabilities worth Millions - Pentesting and Securing iOS Apps using OWASP iGoat – By Swaroop Deepak Yermalkar'''

About Speaker : works as Sr Security Engineer with a diverse skill set focused on Mobile App Pentest, Web, API and AWS Pentesting. In addition he has authored the popular book “Learning iOS Pentesting” (<nowiki>https://goo.gl/T8jvjJ</nowiki>) and lead an open source project - OWASP iGoat (<nowiki>https://github.com/OWASP/iGoat-Swift</nowiki>) which is developed for mobile security. He is one of the top bug bounty researchers worldwide, working with Cobalt.io (<nowiki>https://app.cobalt.io/swaroopsy</nowiki>), Synack.inc.

He has given talks and workshops at many security conferences including AppSec USA 2017, BruCON, SEC-T, EuropeanSec, Hacks in Taiwan (HITCON), GroundZero, c0c0n, 0x90, GNUnify
|-
|'''OS Command Injection - Observation, Attack & Analysis (A1 - OWASP Top 10 2017) - By Bhaskar Puppala and Saikrishna Gobburi'''

About Speaker: Bhaskar Puppala is an Information Security Professional, working as a consultant for a fortune 500 company and has 8.5 years of experience. He is more interested in application security area and love to share his knowledge when possible. He also has some experience in bug bounty programs and listed on couple of Security Hall of Fames.

For more details please visit : <nowiki>https://in.linkedin.com/in/bhaskar-puppala-3bb11316</nowiki>

About Speaker: Saikrishna Gobburi has around 8.5 years of work experience on QA automation, performance and security testing .Currently he is working as Principal engineer with Pramati technologies. He is also associated as core member with OWASP-Hyderabad.

For more details please visit: <nowiki>https://www.linkedin.com/in/saikrishna-gobburi-b0088118/</nowiki>
|-
|Refreshments / Tea Break
|-
|Panel Discussion – Corporate attack methodology vs Attacks in the wild (Resource pool: Demand vs Supply)
Panel to be announced
|-
|Closing - Network Business / Announce Next Meeting – By OWASP Team
|-
|''Network Social''
|}
'''Sponsor :'''

[[File:SP.png|thumb|168x168px|Sponsor]]

== July - 2018[edit | edit source] ==
'''Time & Venue:'''
[[File:July 2018 Core Team meet.jpg|thumb|July 2018 Core Team Meet]]
@28/July/2018

CCD, Banjara Hills, Hyderabad, Telangana.

'''Agenda:'''

1. Planning for Sep 2018 OWASP meet - '''Done'''

2. Telegraph Group Mentoring - '''Done'''

3. Speakers Finalizing - '''Done'''

'''Attendees : Hyderabad OWASP Core Team'''

[[File:CoMakeIT - June 2018 Meet Pic 2.jpg|thumb|CoMakeIT - June 2018 Meet]]

== June - 2018 ==
[[File:CoMakeIT - June 2018 Meet.jpg|alt=CoMakeIT - June 2018 Meet|thumb|CoMakeIT - June 2018 Meet]]
'''Venue: coMakeIT Software Pvt Ltd'''

Address: 7th Floor, Block-I, My Home Hub, Hitech City, Madhapur, Hyderabad, INDIA

'''Event Start Time:''' Saturday, 23rd June, 2018 at 10:00 AM (IST)

'''Event Registration URL''': https://tinyurl.com/yc9cb6hg

'''Agenda:'''

'''1) Adapting to DevSecOps in Agile World'''

In this talk, speaker will try talk about basics of DevSecOps and its benefits when we integrate it in Agile SDLC space.

'''2) Understanding the internals of 'Server-Side Request Forgery' (SSRF)'''

Here speaker will try to touch the basics about how application communicates with end devices and using the same he will try to explain SSRF issue and criticality of it, if exploited.

'''About Speakers:'''

'''1) Saikrishna Gobburi''' has around 8.5 years of work experience on QA automation, performance and security testing .Currently he is working as Principle engineer with Pramati technologies. He is also associated as core member with OWASP-Hyderabad. For more details please visit: <nowiki>https://www.linkedin.com/in/saikrishna-gobburi-b0088118/</nowiki>

'''2) Bhaskar Puppala''' is an Information Security Professional, working as a consultant for a fortune 500 company and has 8.5 years of experience. He is more interested in application security area and love to share his knowledge when possible. He also has some experience in bug bounty programs and listed on couple of Security Hall of Fames. For more details please visit : <nowiki>https://in.linkedin.com/in/bhaskar-puppala-3bb11316</nowiki>

'''Our Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Our Twitter URL:''' https://twitter.com/owasphyderabad

'''Our Telegram URL:''' https://goo.gl/EHqdLM

== Mar - 2018 ==
[[File:Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet.jpg|alt=Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet|thumb|Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet]]
'''Venue: Daspalla Hotel'''
[[File:Daspalla_Hotel_-_Meet.jpg|thumb|Daspalla Hotel Meet - Mar 2018]]

Address: Rd Number 37, CBI Colony, Jubilee Hills, Hyderabad, Telangana 500033, Phone: 040 6654 5678

'''Event Start Time:''' Saturday, 10th Mar, 2018 at 10:00 AM (IST)

'''Agenda:'''

'''1) Does your Pentesting cover all the basis of IT Security ?'''

This talk focuses on how to align the security validation of a web application with the three basic elements of security namely,Confidentiality,Integrity, and Availability (CIA). The test effectiveness can be achieved by analyzing the requirements of each element and identifying the potential breaches that can compromise each element. The efficiency should be built by relating these breaches with the known OWASP Top 10 and other vulnerabilities and, leveraging that knowledge to identify the testing approach - static and dynamic throughout the SDLC.

'''About Speakers:'''

'''Bhushan Gupta''' has over 30 years of experience in software engineering, 23 of which have been in the software industry. Although recognized for his contributions in the areas of software engineering such as agile processes and quality methods and metrics, Bhushan has taken a vigorous interest in web application security and is keen on applying pragmatic software development practices that yield a secure product. He is one of the leaders of the OWASP Portland Chapter. Bhushan has been a speaker, a panelist, and a reviewer for software quality and security organizations. As a change agent, Bhushan volunteers his time and energy for organizations that promote software security and quality. He has a MS degree in Computer Science from New Mexico Institute of Mining and Technology, Socorro, New Mexico, 1985.

'''Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Twitter URL:''' https://twitter.com/owasphyderabad

'''Telegram URL:''' https://goo.gl/EHqdLM

'''Registration URL:''' https://goo.gl/tEXnec

== Feb-2018 ==

=== '''Venue: coMakeIT''' ===
7th Floor, Block-I, My Home Hub, Hitech City, Madhapur, Hyderabad, INDIA

'''Time:''' Saturday, 03rd Feb, 2018 at 10:30 AM (IST)

'''Agenda:'''

1) Mobile Application Pentest & Mobile Application Ransomware

2) Using Static Analyser tools while coding

'''About Speakers:'''

1) '''Spv Reddy''' is an Application Security Analyst at '''IMImobile Pvt Ltd''', member of '''National Technical Committee Member''' at National Cyber Safety and Security Standards

Also a '''Steering Committee Lead''' Member in National Information Security Summit.

2) '''Dathu Rachapudi''' is having 9 years of experience with 6+ years into Application Security only. He is currently working with '''ValueLabs''' as a “Technical Lead-Security”

He likes to teach and a happy a bug hunter during his leisure time.

== Dec-2017 ==
[[File:WhatsApp Image 2017-12-15 at 11.09.39 PM.jpg|thumb]]
'''Time & Venue:'''

@15/Dec/2017

KFC location, Shilparamam, Hi-Tech city, Hyderabad

'''Agenda:'''

1. Planning for Jan 20th 2018 general OWASP meet - '''Done'''

2. Need to clear OWASP mail account - '''Done'''

'''Attendees : Hyderabad OWASP Core Team'''

== Sec-2017 ==
[[File:WhatsApp Image 2017-12-15 at 10.13.27 PM.jpg|thumb]]
'''Time & Venue:'''

@03/Sep/2017

Cafe Coffee day, Road Number 10, Banjara Hills, Hyderabad

'''Below decisions were made after careful discussions'''

1. Uploading of OWASP presentation template, speakers should make use of this template to prepare their presentation

2. Recording the technical demo is mandate for presenters

'''Attendees : Hyderabad OWASP Core Team'''

== July 2017 ==
'''Time & Venue:'''

OpenText Technologies, Building No-14, 3rd Floor, Raheja Mindspace, HITEH City, Hyderabad

Saturday, July 15th, 2017 at 10:30 AM (IST)

'''Agenda:'''

1. Introduction to DevOps and its Tools - Krishna Reddy Pedala

2. API Security Auditing using RESTED Plug-in - Vikas Kumar Pal

'''About the speaker:'''

'''Krishna Reddy Pedala''' is currently working as an Sr.Information Security consultant in financial sector. His previous endeavour was with Microsoft and has 9+ years of experience in Information security domain with expertise in service industry and banking domains.

'''Vikas Kumar Pal''' is an information security professional working with Ceredox Technologies Pvt Ltd, Hyderabad with an interest in research and development in the areas of Application Security, Penetration Testing and Web Application Development.

== Feb 2017 ==

'''Time & Venue:'''

Starbucks, Opp: Cybergateway, HiTech City, Hyderbad

Monday, February 20th, 2017 at 7.30 PM (IST)

'''Agenda:'''

Topic: New Core Team Meeting

Road map for year 2017

Changes in core team members responsibilities

Getting OWASP accounts for core members

Administration of all social accounts of OWASP Hyderabad Chapter

== April 2016 ==
'''Time & Venue:'''

OpenText Technologies, Building No-14, 3rd Floor, Raheja Mindspace, HITEH City, Hyderabad

Saturday, April 2nd, 2016 at 10:30 AM (IST)

'''Agenda:'''

Topic: Mobile application security and testing by Satish Kumar Patnaik

About the speaker - Satish Kumar Patnayak : he is currently working as an Senior Information Security Consultant financial sector and has 5+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. His areas of interest are android security, ios security.

==February 2016==

'''Time & Venue:'''

Saturday, February 27th, 2016 at 10:30 AM (IST)

Location: Pramati Technologies Private Limited, Mid Town 6-3-348 Road No. 1, Banjara Hills, Hyderabad, Telangana, India

'''Agenda:'''

Microsoft Threat Modeling Tool 2016 by Krishna Reddy Padala

Creating DFD STRIDE Model Identifying STRIDE Threats by DFD, Mitigation Techniques and Technologies

'''About the speaker:''' Krishna Reddy Padala, he is currently working as an Senior Information Security Consultant financial sectore and worked with Microsoft and has 8+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. QUALYS GUARD Certified Vulnerability Management Specialist.Certified Ethical Hacker from EC Council.Worked extensively on Web Application Security, Secure Code Reviews in Banking & Financial, Healthcare, Retail, Logistics domains.

== '''Previous Meets:''' ==

==May 11, 2013==

'''Venue:'''

CA Technologies, 115, IT Park Area, Nanakramguda, Gachibowli - (Phone - 040 6687 8000), Hyderabad

'''Agenda:''' Exploiting Java 0-day by Ravindra and Raghuveer, CA Technologies Compliance and Governance by Shalem Raj, Cognizant.

==February 9, 2013==

'''Date & Time: Saturday, February 9, 2013 from 10:00 AM to 1:00 PM '''

'''Venue:'''
CA Technologies 
115, IT Park Area 
Nanakramguda, Gachibowli - (Phone - 040 6687 8000) 
Hyderabad

'''Agenda:'''
IBM Appscan - An automated approach to web app security by Rohit Tamma 
Insecure Storage in iPhone applications by Satish Bommisetty

''' Speakers: '''

'''Rohit Tamma'''
Rohit Tamma has been working in the field of Application Security since 3.5 years. He has experience in Vulnerability Assessments and Penetration Testing of web applications. He is passionate about Mobile security with special interest in Android security. He is currently working with ADP.

'''Satish Bommisetty'''
Satish is an Information Security Professional with 6.5 years of experience in penetration testing of web applications and mobile applications. He is currently working with ADP as a security analyst. He is a Facebook whitehat. He also reported vulnerabilities in Bing, Linkedin and Paypal.

== October 27, 2012 ==

'''Date & Time: Saturday, October 27, 2012 at 11:00 AM (IST) '''.

'''Venue:'''

Invesco private Limited 
15th Floor , North Block, Beside Raidurg Police Station 
DivyaSree Orion SEZ 
Hyderabad, Andhra Pradesh 500032 

'''Agenda:'''

A bird'd eye view of securing Web Applications by Imran Mohammed

SSDLC BSIMM by M S Sripathi

''' Speakers '''

'''Imran Mohammed'''

Mohammed Imran works as Researcher at TCS, Innovation Labs. He also leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Imran is a CEH and his interests include application security assessment, penetration testing and secure code review. When not at work he practices horse riding and marksmanship.

'''Sreepati M S '''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him .

'''Sponsor'''

Invesco Pvt Ltd

== August 11, 2012 ==

'''Date & Time: Saturday, Aug 11, 2012 at 10:30 AM '''.

'''Venue:'''

ADP pvt ltd 
Kothaguda 
Ground floor, Block C Laxmi cyber city Opposite TCS e-park 
Hyderabad, Andhra Pradesh 500081 

'''Agenda:'''

HTML5 Security Part II by Krishna Chaitanya

''' Speakers '''

'''Krishna Chaitanya T'''

Krishna Chaitanya T is a web geek working at Security & Privacy Research Lab, Infosys Labs. He is very much passionate about the web with special interest on Web security and areas such as HTML5, JavaScript, Web browsers, social networking platforms etc. He is a regular blogger and speaker at technical events. For his contributions to technical communities, he has been awarded Microsoft MVP award for 3 consecutive years-ASP.NET MVP(2010) and Internet Explorer MVP (2011, 2012). He is also pursuing M.S by Research at IIIT-Hyd with focus on security aspects of the modern web. When not at work he practices Yoga and plays Chess.

'''Sponsor'''

https://www.owasp.org/images/9/91/Adp.jpg

== May 19, 2012 ==

'''Date & Time: Saturday, May 19, 2012 at 10:30 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

HTML5 Security by Krishna Chaitanya

''' Speakers '''

'''Krishna Chaitanya T'''

Krishna Chaitanya T is a web geek working at Security & Privacy Research Lab, Infosys Labs. He is very much passionate about the web with special interest on Web security and areas such as HTML5, JavaScript, Web browsers, social networking platforms etc. He is a regular blogger and speaker at technical events. For his contributions to technical communities, he has been awarded Microsoft MVP award for 3 consecutive years-ASP.NET MVP(2010) and Internet Explorer MVP (2011, 2012). He is also pursuing M.S by Research at IIIT-Hyd with focus on security aspects of the modern web. When not at work he practices Yoga and plays Chess.

== February 25, 2012 ==

'''Date & Time: Saturday, February 25, 2012 at 11:00 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

How to find zero days in web applications by Imran & Raghunath

''' Speakers '''

'''Mohammed Imran'''

Imran works as Application Security Researcher at Tata consultancy services,leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Apart from his day job he contributes to matriux and Fedora open source projects. Imran is a CEH and his interests include application security assessment, penetration testing and code review.

'''Raghunath'''

Raghunath works as a senior security engineer at entersoft information systems private limited. His interests include web application penetration testing.

== December 17, 2011 ==

'''Date & Time: Saturday, at 10:30 AM '''.

'''Venue: '''

Hotel Sitara Grand 
Road No.12, Road No.12, Banjara Hills 
Hyderabad, Andhra Pradesh 500034, India 

'''Agenda:'''

Cloud Security by Arshad Noor

''' Speakers '''

'''Arshad Noor'''
Chief Technology Officer
StrongAuth, Inc., Sunnyvale, California

Started his great profession as a senior systems designer way back in 1986 at Port Authority of Newyork and New Jersey,- Newyork and worked in Citibank - newyork as Vice President apart from Newyork Life Insurance, BASF Corporation, Sun IT ,Sun Microsystems, INC to name.
Architected and built several Public Key Infrastructure (PKI) assignments for several defense, communication, medical, Banking, e-commerce, life sciences and other industries.

== November 12, 2011==

'''Date & Time: Saturday, at 10:30 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

HP WebInspect by Rohit Tamma

Pentesting Iphone Applications By B Satish

''' Speakers '''

'''Rohit Tamma'''

Rohit Tamma (CEH) has been working as a Application security Analyst in TCS from past 2 years. His job responsibilities include Vulnerability Assessment and Penetration Testing which enabled him to acquire extensive knowledge on HP WebInspect,IBM Rational Appscan Source Edition and HP Assessment Management Platform. Recently he also gave a presentation in Null Hyderabad meet on HP WebInspect.

'''Satish B'''

Satish has been working as a web application penetration tester since 5 years. Pentested over 200 web applications during this period. Recently he got involved in reverse engineering of binaries, WLAN security and mobile application hacking. He also Performed a couple of network assessments and source code reviews. Developed a compiler in the early stage of the career. He has a Bachelor’s Degree in Computer Science from JNTU, Hyderabad.Passionate about hacking and sharing knowledge.

== 20th August 2011 ==

'''Date & Time: Saturady, at 11 AM '''

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

Oracle Padding Attack by B. Satish

Open SAM part II by Sripati MS

''' Speakers '''

'''B Satish'''

I have been working as a web application penetration tester since 5 years. Pentested over 200 web applications during this period. Recently got involved in reverse engineering of binaries, WLAN security and mobile application hacking. Performed a couple of network assessments and source code reviews. Developed a compiler in the early stage of the career. I have a Bachelor’s Degree in Computer Science from JNTU, Hyderabad. Passionate about hacking and sharing knowledge

'''Sreepati M S'''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him

== July 2011 ==

'''Date: 23/07/2011 saturady of at 12:00 Noon '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

Presentation on Burp Suite by Omair Seminar on Open SAM by Sreepati

''' Speakers '''

'''Sreepati M S '''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him

 

'''Omair '''

Omair works as penetration tester in NII consulting, has over 5 years of experience in Penetration testing. His interests include Network Penetration testing, Exploit generation and Reverse engineering

 ''' Facility Sponsor & Refreshment sponsor'''

3i Infotech

[[Image:3i Infotech.png]]

 

== june 2011 ==

'''Meet on:''' 11/06/2011 saturday

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Facility Sponsor & Refreshment sponsor''' 

Cognizant Technology Solutions

 

[[Image:Cognizant.png|273x86px|Cognizant.png]]

 

== May 2011 ==

'''Meet on:''' 07/05/2011 saturday

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

XSS Autopsy and w3af by Imran

''' Speakers '''

'''Mohammed Imran'''

Imran works as Application Security Researcher at Tata consultancy services,leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Apart from his day job he contributes to matriux and Fedora open source projects. Imran is a CEH and his interests include application security assessment, penetration testing and code review.

'''Sponsor''' 

Cognizant Technology Solutions

 

==== Audio/Video/Slides Archive ====

<paypal>Hyderabad</paypal>

__NOTOC__ <headertabs></headertabs>

[[Category:OWASP_Chapter]]
[[Category:Asia/Pacific/Middle East]]
[[Category:India]]
[[Category:Hyderabad]]

Hyderabad

2019-02-16T07:10:48Z

Raj Shalem: /* Mar - 2019 - One-Day Conference */

Welcome to the OWASP Hyderabad chapter homepage.

== OWASP - Hyderabad Chapter Board Members ==
Scope of the board is to discuss and approve local activities, meetings and plans.The board meetings will be announced at a later date. 

'''The board currently includes the following members :'''

''Core Team Members - 2017'' [mailto:gshalemraj@gmail.com Shalem Raj - Cognizant Technology Solutions] : Chapter Leader [mailto:rajesh.gopal@owasp.org Rajesh Gopal - Fortune 500 Organisation] [mailto:bhaskar.puppala@owasp.org Bhaskar Puppala - Fortune 500 Organisation] [mailto:sathya.achanta@owasp.org Achanta Sathya Phani Bapi Raju - CSC] [mailto:saikrishna.gobburi@owasp.org Saikrishna Gobburi - Pramati Technologies Pvt Ltd] 

Information about future meets can be seen in the '''''Upcoming Meetings''''' section below.

== '''Location Details''' ==

Hyderabad is the capital of southern India's Telangana state. A major center for the technology industry, it's home to many upscale restaurants and shops. Its historic sites include Golconda Fort, a former diamond-trading center that was once the Qutb Shahi dynastic capital. The Charminar, a 16th-century mosque whose 4 arches support towering minarets, is an old city landmark near the long-standing Laad Bazaar.

[[File:Hydskyline.jpg|Panorama of Hyderabad, as seen from the Hussain Sagar lake. Source: https://en.wikipedia.org/wiki/Hyderabad#/media/File:Hydskyline.jpg|center|1150x1150px]]

More details about Hyderabad location available @https://en.wikipedia.org/wiki/Hyderabad<nowiki/>{{Chapter Template|chaptername=Hyderabad|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-hyderabad|emailarchives=http://lists.owasp.org/pipermail/owasp-hyderabad}}
== Participants ==

OWASP Local Chapter meetings are free and open. Our chapter's meetings are informal and encourage open discussion of all aspects of application security. Anyone in our area interested in web application security is welcome to attend. We encourage attendees to give short presentations about specific topics.

 Stay Updated

'''[https://lists.owasp.org/mailman/listinfo/owasp-hyderabad Click here to join the local chapter mailing list]'''

'''Follow''' OWASP Hyderabad on your favorite social media sites:

[[Image:Twitter mini.png|link=http://twitter.com/OWASPHyderabad]] [[Image:Facebook mini.png|link=https://www.facebook.com/pages/Owasp-Hyderabad/181569591897591]]

'''Share''' OWASP Hyderabad on your favorite social media sites:

Presentations are invited from speakers, Please contacts us at our Telegram Group @https://goo.gl/EHqdLM

(Don't share personal details like contact numbers here, because its an open group, your privacy is our concern)

Presenters are encouraged to use OWASP presentation template for slides preparation.

Follow us at our Telegram, Twitter and Facebook handles to get latest information !

== Presentations and Training[edit | edit source] ==
OWASP Track

[https://www.owasp.org/index.php/Speaker_Agreement Speaker Agreement]

[https://www.owasp.org/images/b/b3/OWASP_Presentation_Template_v2.zip Presentation Template]

[https://www.owasp.org/index.php/Image:CFP_template.doc Call For Papers Template]

[https://www.owasp.org/images/8/85/OWASP_CFT_Template-1-.doc Call For Training proposal template].

[http://www.owasp.org/images/4/4b/SAMPLE_Training_Instructor_Agreement.doc Training Instructor Agreement]

== '''Upcoming Meetings & Events''' ==
''Stay tuned for 2018 updates - Exciting activities are under plan !''

== [[Meeting]] Details: ==

== Mar - 2019 - One-Day Conference ==
'''Organized''' '''by''' : S&P Global

'''Date :''' '''09/Mar/2019'''

'''Timings :''' 10.00 AM to 05.30 PM IST

'''Venue :''' @Ness Software Engineering Services India ,LLP, 4th Floor, Block 5, East Tower, '''North wing Divyasree NSL Infrastructure Pvt''', ,Sy No.66/1, Raidurgam Village, Serlingampally Mandal, RR Dist, Hyderabad-500032, Telangana, India

'''Registration Link:''' https://www.meraevents.com/event/owasp-hyderabad-chapter-march-2019-oneday-meet-by-sandp-global?ucode=organizer
{| class="wikitable"
|'''Registration & Networking'''
|-
|Welcome and Overview by OWASP Core Team:

''Felicitation to Guest of Honor: '''G Janaki Sharmila''' - Dy. Commissioner of Police - Crime''

''Welcome note by S&P Global Team''
|-
|'''Authentication in API, Microservices Architecture''' '''and Cloud Security''' – By ''Varun Kumar Srivastava'':

Varun is principal Engineer with 9 + years of experience in developing and securing web applications and expertise in Application Security, Identity and Access management, He is a computer science graduate from IIT
|-
|Refreshments / Tea Break
|-
|'''''Panel Discussion''''' ''(Cybersecurity Readiness – Maturity and Capability)''

Dr. Bheemarjuna Reddy Tamma - Associate Professor, IIT Hyderabad

Dr. V. Radha, Associate Professor, Institute for Development and Research in Banking Technology (IDRBT)

Mr. Veeraindhra Dinker, Director Information Security at GSS Infotech Hyderabad
|-
|'''Networking Lunch -'''

'''Registrations for Onsite Hackathon by Secure Code Warrior'''
|-
|'''Executive Briefing: Secure Software Development''' – By Satish Kumar Vadlakonda: Satish is Associate Director with 12 + years of broad industry experience in to software design, architecture and development. Specialized in Web and Windows applications development with a strong acquaintance to the best practices of Agile, UX, UI and Information security
|-
|'''An Introduction to IOT firmware analysis and Security''' – By ''Vivek Rengarajan:''

Vivek is a cybersecurity team leader in a multinational bank with almost 18 years of experience. He has held varied roles in his career and has been a cyber security enthusiast for a long time. His areas of interest include mobile and ioT security, Malware analysis and reverse engineering and exploit development. He tweets at @vivek_310
|-
|Refreshments / Tea Break
|-
|'''''Onsite Hackathon (CTF) by''''' '''''Secure Code Warrior''': '''(3 Hours)'''''

''Secure Code Warrior is a global security company that makes software development better and more secure: Gamified competitive Developer Quality Assurance platform''

<nowiki>https://securecodewarrior.com</nowiki> , <nowiki>https://insights.securecodewarrior.com/</nowiki>

'''Announcement of the winners and Prize distribution'''
|-
|'''Vote of Thanks'''

Closing: Network Business / Announce Next Meeting – By OWASP Team
|-
|Meeting Concludes: ''Network Social''
|}

== Dec - 2018 ==
[[File:Session Photo.jpg|thumb]]
[[File:Group Photo.jpg|thumb]]
'''Organized''' '''by''' : ThoughtWorks Technologies Private Limited

'''Date :''' 15/Dec/2018

'''Timings :''' 10.00 AM to 1.00 PM IST

'''Venue :''' ThoughtWorks Technologies Private Limited, Hyderabad, Telangana, India

'''Registration Link:''' https://www.eventbrite.com/e/owasp-hyderabad-december-2018-chapter-meet-tickets-53371662078#

'''Agenda:'''

'''1) All about Java Deserialization Vulnerability'''

Java Deserialization of untrusted data has been a security buzzword for the past couple of years with almost every application using native Java serialization framework being vulnerable to Java deserialization attacks. Since it's inception, there have been many scattered attempts to come up with a solution to best address this flaw. In this talk we will focus on Java deserialization vulnerability and mitigation framework provided by Oracle in its latest JDK.

'''About Speakers:''' Venkata Suresh Sanga is a Principle Security Engineer in Oracle having more than 13+ years of experience in Application Development and Security. Currently working on SAST Tools to remediate or mitigate the Application Vulnerabilities. He has Masters in Computer Science (M.Tech) from Andhra University. Linkedin : <nowiki>https://in.linkedin.com/in/svsuresh-appse</nowiki>

'''Our Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Our Twitter URL:''' https://twitter.com/owasphyderabad

'''Our Telegram URL:''' https://goo.gl/EHqdLM

== Sept-2018 - One-Day Conference ==
'''Organized''' '''by''' : S&P Global and Ness

'''Date :''' 01/Sept/2018

'''Timings :''' 10.00 AM to 05.30 PM IST

'''Venue :''' @Ness Software Engineering Services India ,LLP, 4th Floor, Block 5, East Tower, '''North wing Divyasree NSL Infrastructure Pvt''', ,Sy No.66/1, Raidurgam Village, Serlingampally Mandal, RR Dist, Hyderabad-500032, Telangana, India

'''Registration Link:'''

https://www.meraevents.com/event/owasp-hyderabad-september-2018-chapter-meet?ucode=organizer

'''Agenda:'''
{| class="wikitable"
|'''Registration & Networking'''
|-
|Welcome and Overview by OWASP Core Team

Welcome note by S&P Global Team

Welcome & Overview of Meeting by OWASP Network Representative
|-
|'''Running Frida on jailed devices by using Frida and to bypass root/jailbreak detection – By Satish Kumar Patnayak'''

About Speaker : Information Security Consultant with 7+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. His areas of interest are android security, ios security
|-
|Refreshments / Tea Break
|-
|'''SSRF Exploit Development – By Aayush Deo'''

About Speaker : Good industry experience in information security and completed my BE from PUNE University. Have worked with shopclues.com, an eCommerce company in the past and have couple of Hall of Fame’s on ZETA, Paytm etc.
|-
|Networking Lunch
|-
|'''Mobile Vulnerabilities worth Millions - Pentesting and Securing iOS Apps using OWASP iGoat – By Swaroop Deepak Yermalkar'''

About Speaker : works as Sr Security Engineer with a diverse skill set focused on Mobile App Pentest, Web, API and AWS Pentesting. In addition he has authored the popular book “Learning iOS Pentesting” (<nowiki>https://goo.gl/T8jvjJ</nowiki>) and lead an open source project - OWASP iGoat (<nowiki>https://github.com/OWASP/iGoat-Swift</nowiki>) which is developed for mobile security. He is one of the top bug bounty researchers worldwide, working with Cobalt.io (<nowiki>https://app.cobalt.io/swaroopsy</nowiki>), Synack.inc.

He has given talks and workshops at many security conferences including AppSec USA 2017, BruCON, SEC-T, EuropeanSec, Hacks in Taiwan (HITCON), GroundZero, c0c0n, 0x90, GNUnify
|-
|'''OS Command Injection - Observation, Attack & Analysis (A1 - OWASP Top 10 2017) - By Bhaskar Puppala and Saikrishna Gobburi'''

About Speaker: Bhaskar Puppala is an Information Security Professional, working as a consultant for a fortune 500 company and has 8.5 years of experience. He is more interested in application security area and love to share his knowledge when possible. He also has some experience in bug bounty programs and listed on couple of Security Hall of Fames.

For more details please visit : <nowiki>https://in.linkedin.com/in/bhaskar-puppala-3bb11316</nowiki>

About Speaker: Saikrishna Gobburi has around 8.5 years of work experience on QA automation, performance and security testing .Currently he is working as Principal engineer with Pramati technologies. He is also associated as core member with OWASP-Hyderabad.

For more details please visit: <nowiki>https://www.linkedin.com/in/saikrishna-gobburi-b0088118/</nowiki>
|-
|Refreshments / Tea Break
|-
|Panel Discussion – Corporate attack methodology vs Attacks in the wild (Resource pool: Demand vs Supply)
Panel to be announced
|-
|Closing - Network Business / Announce Next Meeting – By OWASP Team
|-
|''Network Social''
|}
'''Sponsor :'''

[[File:SP.png|thumb|168x168px|Sponsor]]

== July - 2018[edit | edit source] ==
'''Time & Venue:'''
[[File:July 2018 Core Team meet.jpg|thumb|July 2018 Core Team Meet]]
@28/July/2018

CCD, Banjara Hills, Hyderabad, Telangana.

'''Agenda:'''

1. Planning for Sep 2018 OWASP meet - '''Done'''

2. Telegraph Group Mentoring - '''Done'''

3. Speakers Finalizing - '''Done'''

'''Attendees : Hyderabad OWASP Core Team'''

[[File:CoMakeIT - June 2018 Meet Pic 2.jpg|thumb|CoMakeIT - June 2018 Meet]]

== June - 2018 ==
[[File:CoMakeIT - June 2018 Meet.jpg|alt=CoMakeIT - June 2018 Meet|thumb|CoMakeIT - June 2018 Meet]]
'''Venue: coMakeIT Software Pvt Ltd'''

Address: 7th Floor, Block-I, My Home Hub, Hitech City, Madhapur, Hyderabad, INDIA

'''Event Start Time:''' Saturday, 23rd June, 2018 at 10:00 AM (IST)

'''Event Registration URL''': https://tinyurl.com/yc9cb6hg

'''Agenda:'''

'''1) Adapting to DevSecOps in Agile World'''

In this talk, speaker will try talk about basics of DevSecOps and its benefits when we integrate it in Agile SDLC space.

'''2) Understanding the internals of 'Server-Side Request Forgery' (SSRF)'''

Here speaker will try to touch the basics about how application communicates with end devices and using the same he will try to explain SSRF issue and criticality of it, if exploited.

'''About Speakers:'''

'''1) Saikrishna Gobburi''' has around 8.5 years of work experience on QA automation, performance and security testing .Currently he is working as Principle engineer with Pramati technologies. He is also associated as core member with OWASP-Hyderabad. For more details please visit: <nowiki>https://www.linkedin.com/in/saikrishna-gobburi-b0088118/</nowiki>

'''2) Bhaskar Puppala''' is an Information Security Professional, working as a consultant for a fortune 500 company and has 8.5 years of experience. He is more interested in application security area and love to share his knowledge when possible. He also has some experience in bug bounty programs and listed on couple of Security Hall of Fames. For more details please visit : <nowiki>https://in.linkedin.com/in/bhaskar-puppala-3bb11316</nowiki>

'''Our Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Our Twitter URL:''' https://twitter.com/owasphyderabad

'''Our Telegram URL:''' https://goo.gl/EHqdLM

== Mar - 2018 ==
[[File:Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet.jpg|alt=Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet|thumb|Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet]]
'''Venue: Daspalla Hotel'''
[[File:Daspalla_Hotel_-_Meet.jpg|thumb|Daspalla Hotel Meet - Mar 2018]]

Address: Rd Number 37, CBI Colony, Jubilee Hills, Hyderabad, Telangana 500033, Phone: 040 6654 5678

'''Event Start Time:''' Saturday, 10th Mar, 2018 at 10:00 AM (IST)

'''Agenda:'''

'''1) Does your Pentesting cover all the basis of IT Security ?'''

This talk focuses on how to align the security validation of a web application with the three basic elements of security namely,Confidentiality,Integrity, and Availability (CIA). The test effectiveness can be achieved by analyzing the requirements of each element and identifying the potential breaches that can compromise each element. The efficiency should be built by relating these breaches with the known OWASP Top 10 and other vulnerabilities and, leveraging that knowledge to identify the testing approach - static and dynamic throughout the SDLC.

'''About Speakers:'''

'''Bhushan Gupta''' has over 30 years of experience in software engineering, 23 of which have been in the software industry. Although recognized for his contributions in the areas of software engineering such as agile processes and quality methods and metrics, Bhushan has taken a vigorous interest in web application security and is keen on applying pragmatic software development practices that yield a secure product. He is one of the leaders of the OWASP Portland Chapter. Bhushan has been a speaker, a panelist, and a reviewer for software quality and security organizations. As a change agent, Bhushan volunteers his time and energy for organizations that promote software security and quality. He has a MS degree in Computer Science from New Mexico Institute of Mining and Technology, Socorro, New Mexico, 1985.

'''Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Twitter URL:''' https://twitter.com/owasphyderabad

'''Telegram URL:''' https://goo.gl/EHqdLM

'''Registration URL:''' https://goo.gl/tEXnec

== Feb-2018 ==

=== '''Venue: coMakeIT''' ===
7th Floor, Block-I, My Home Hub, Hitech City, Madhapur, Hyderabad, INDIA

'''Time:''' Saturday, 03rd Feb, 2018 at 10:30 AM (IST)

'''Agenda:'''

1) Mobile Application Pentest & Mobile Application Ransomware

2) Using Static Analyser tools while coding

'''About Speakers:'''

1) '''Spv Reddy''' is an Application Security Analyst at '''IMImobile Pvt Ltd''', member of '''National Technical Committee Member''' at National Cyber Safety and Security Standards

Also a '''Steering Committee Lead''' Member in National Information Security Summit.

2) '''Dathu Rachapudi''' is having 9 years of experience with 6+ years into Application Security only. He is currently working with '''ValueLabs''' as a “Technical Lead-Security”

He likes to teach and a happy a bug hunter during his leisure time.

== Dec-2017 ==
[[File:WhatsApp Image 2017-12-15 at 11.09.39 PM.jpg|thumb]]
'''Time & Venue:'''

@15/Dec/2017

KFC location, Shilparamam, Hi-Tech city, Hyderabad

'''Agenda:'''

1. Planning for Jan 20th 2018 general OWASP meet - '''Done'''

2. Need to clear OWASP mail account - '''Done'''

'''Attendees : Hyderabad OWASP Core Team'''

== Sec-2017 ==
[[File:WhatsApp Image 2017-12-15 at 10.13.27 PM.jpg|thumb]]
'''Time & Venue:'''

@03/Sep/2017

Cafe Coffee day, Road Number 10, Banjara Hills, Hyderabad

'''Below decisions were made after careful discussions'''

1. Uploading of OWASP presentation template, speakers should make use of this template to prepare their presentation

2. Recording the technical demo is mandate for presenters

'''Attendees : Hyderabad OWASP Core Team'''

== July 2017 ==
'''Time & Venue:'''

OpenText Technologies, Building No-14, 3rd Floor, Raheja Mindspace, HITEH City, Hyderabad

Saturday, July 15th, 2017 at 10:30 AM (IST)

'''Agenda:'''

1. Introduction to DevOps and its Tools - Krishna Reddy Pedala

2. API Security Auditing using RESTED Plug-in - Vikas Kumar Pal

'''About the speaker:'''

'''Krishna Reddy Pedala''' is currently working as an Sr.Information Security consultant in financial sector. His previous endeavour was with Microsoft and has 9+ years of experience in Information security domain with expertise in service industry and banking domains.

'''Vikas Kumar Pal''' is an information security professional working with Ceredox Technologies Pvt Ltd, Hyderabad with an interest in research and development in the areas of Application Security, Penetration Testing and Web Application Development.

== Feb 2017 ==

'''Time & Venue:'''

Starbucks, Opp: Cybergateway, HiTech City, Hyderbad

Monday, February 20th, 2017 at 7.30 PM (IST)

'''Agenda:'''

Topic: New Core Team Meeting

Road map for year 2017

Changes in core team members responsibilities

Getting OWASP accounts for core members

Administration of all social accounts of OWASP Hyderabad Chapter

== April 2016 ==
'''Time & Venue:'''

OpenText Technologies, Building No-14, 3rd Floor, Raheja Mindspace, HITEH City, Hyderabad

Saturday, April 2nd, 2016 at 10:30 AM (IST)

'''Agenda:'''

Topic: Mobile application security and testing by Satish Kumar Patnaik

About the speaker - Satish Kumar Patnayak : he is currently working as an Senior Information Security Consultant financial sector and has 5+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. His areas of interest are android security, ios security.

==February 2016==

'''Time & Venue:'''

Saturday, February 27th, 2016 at 10:30 AM (IST)

Location: Pramati Technologies Private Limited, Mid Town 6-3-348 Road No. 1, Banjara Hills, Hyderabad, Telangana, India

'''Agenda:'''

Microsoft Threat Modeling Tool 2016 by Krishna Reddy Padala

Creating DFD STRIDE Model Identifying STRIDE Threats by DFD, Mitigation Techniques and Technologies

'''About the speaker:''' Krishna Reddy Padala, he is currently working as an Senior Information Security Consultant financial sectore and worked with Microsoft and has 8+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. QUALYS GUARD Certified Vulnerability Management Specialist.Certified Ethical Hacker from EC Council.Worked extensively on Web Application Security, Secure Code Reviews in Banking & Financial, Healthcare, Retail, Logistics domains.

== '''Previous Meets:''' ==

==May 11, 2013==

'''Venue:'''

CA Technologies, 115, IT Park Area, Nanakramguda, Gachibowli - (Phone - 040 6687 8000), Hyderabad

'''Agenda:''' Exploiting Java 0-day by Ravindra and Raghuveer, CA Technologies Compliance and Governance by Shalem Raj, Cognizant.

==February 9, 2013==

'''Date & Time: Saturday, February 9, 2013 from 10:00 AM to 1:00 PM '''

'''Venue:'''
CA Technologies 
115, IT Park Area 
Nanakramguda, Gachibowli - (Phone - 040 6687 8000) 
Hyderabad

'''Agenda:'''
IBM Appscan - An automated approach to web app security by Rohit Tamma 
Insecure Storage in iPhone applications by Satish Bommisetty

''' Speakers: '''

'''Rohit Tamma'''
Rohit Tamma has been working in the field of Application Security since 3.5 years. He has experience in Vulnerability Assessments and Penetration Testing of web applications. He is passionate about Mobile security with special interest in Android security. He is currently working with ADP.

'''Satish Bommisetty'''
Satish is an Information Security Professional with 6.5 years of experience in penetration testing of web applications and mobile applications. He is currently working with ADP as a security analyst. He is a Facebook whitehat. He also reported vulnerabilities in Bing, Linkedin and Paypal.

== October 27, 2012 ==

'''Date & Time: Saturday, October 27, 2012 at 11:00 AM (IST) '''.

'''Venue:'''

Invesco private Limited 
15th Floor , North Block, Beside Raidurg Police Station 
DivyaSree Orion SEZ 
Hyderabad, Andhra Pradesh 500032 

'''Agenda:'''

A bird'd eye view of securing Web Applications by Imran Mohammed

SSDLC BSIMM by M S Sripathi

''' Speakers '''

'''Imran Mohammed'''

Mohammed Imran works as Researcher at TCS, Innovation Labs. He also leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Imran is a CEH and his interests include application security assessment, penetration testing and secure code review. When not at work he practices horse riding and marksmanship.

'''Sreepati M S '''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him .

'''Sponsor'''

Invesco Pvt Ltd

== August 11, 2012 ==

'''Date & Time: Saturday, Aug 11, 2012 at 10:30 AM '''.

'''Venue:'''

ADP pvt ltd 
Kothaguda 
Ground floor, Block C Laxmi cyber city Opposite TCS e-park 
Hyderabad, Andhra Pradesh 500081 

'''Agenda:'''

HTML5 Security Part II by Krishna Chaitanya

''' Speakers '''

'''Krishna Chaitanya T'''

Krishna Chaitanya T is a web geek working at Security & Privacy Research Lab, Infosys Labs. He is very much passionate about the web with special interest on Web security and areas such as HTML5, JavaScript, Web browsers, social networking platforms etc. He is a regular blogger and speaker at technical events. For his contributions to technical communities, he has been awarded Microsoft MVP award for 3 consecutive years-ASP.NET MVP(2010) and Internet Explorer MVP (2011, 2012). He is also pursuing M.S by Research at IIIT-Hyd with focus on security aspects of the modern web. When not at work he practices Yoga and plays Chess.

'''Sponsor'''

https://www.owasp.org/images/9/91/Adp.jpg

== May 19, 2012 ==

'''Date & Time: Saturday, May 19, 2012 at 10:30 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

HTML5 Security by Krishna Chaitanya

''' Speakers '''

'''Krishna Chaitanya T'''

Krishna Chaitanya T is a web geek working at Security & Privacy Research Lab, Infosys Labs. He is very much passionate about the web with special interest on Web security and areas such as HTML5, JavaScript, Web browsers, social networking platforms etc. He is a regular blogger and speaker at technical events. For his contributions to technical communities, he has been awarded Microsoft MVP award for 3 consecutive years-ASP.NET MVP(2010) and Internet Explorer MVP (2011, 2012). He is also pursuing M.S by Research at IIIT-Hyd with focus on security aspects of the modern web. When not at work he practices Yoga and plays Chess.

== February 25, 2012 ==

'''Date & Time: Saturday, February 25, 2012 at 11:00 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

How to find zero days in web applications by Imran & Raghunath

''' Speakers '''

'''Mohammed Imran'''

Imran works as Application Security Researcher at Tata consultancy services,leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Apart from his day job he contributes to matriux and Fedora open source projects. Imran is a CEH and his interests include application security assessment, penetration testing and code review.

'''Raghunath'''

Raghunath works as a senior security engineer at entersoft information systems private limited. His interests include web application penetration testing.

== December 17, 2011 ==

'''Date & Time: Saturday, at 10:30 AM '''.

'''Venue: '''

Hotel Sitara Grand 
Road No.12, Road No.12, Banjara Hills 
Hyderabad, Andhra Pradesh 500034, India 

'''Agenda:'''

Cloud Security by Arshad Noor

''' Speakers '''

'''Arshad Noor'''
Chief Technology Officer
StrongAuth, Inc., Sunnyvale, California

Started his great profession as a senior systems designer way back in 1986 at Port Authority of Newyork and New Jersey,- Newyork and worked in Citibank - newyork as Vice President apart from Newyork Life Insurance, BASF Corporation, Sun IT ,Sun Microsystems, INC to name.
Architected and built several Public Key Infrastructure (PKI) assignments for several defense, communication, medical, Banking, e-commerce, life sciences and other industries.

== November 12, 2011==

'''Date & Time: Saturday, at 10:30 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

HP WebInspect by Rohit Tamma

Pentesting Iphone Applications By B Satish

''' Speakers '''

'''Rohit Tamma'''

Rohit Tamma (CEH) has been working as a Application security Analyst in TCS from past 2 years. His job responsibilities include Vulnerability Assessment and Penetration Testing which enabled him to acquire extensive knowledge on HP WebInspect,IBM Rational Appscan Source Edition and HP Assessment Management Platform. Recently he also gave a presentation in Null Hyderabad meet on HP WebInspect.

'''Satish B'''

Satish has been working as a web application penetration tester since 5 years. Pentested over 200 web applications during this period. Recently he got involved in reverse engineering of binaries, WLAN security and mobile application hacking. He also Performed a couple of network assessments and source code reviews. Developed a compiler in the early stage of the career. He has a Bachelor’s Degree in Computer Science from JNTU, Hyderabad.Passionate about hacking and sharing knowledge.

== 20th August 2011 ==

'''Date & Time: Saturady, at 11 AM '''

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

Oracle Padding Attack by B. Satish

Open SAM part II by Sripati MS

''' Speakers '''

'''B Satish'''

I have been working as a web application penetration tester since 5 years. Pentested over 200 web applications during this period. Recently got involved in reverse engineering of binaries, WLAN security and mobile application hacking. Performed a couple of network assessments and source code reviews. Developed a compiler in the early stage of the career. I have a Bachelor’s Degree in Computer Science from JNTU, Hyderabad. Passionate about hacking and sharing knowledge

'''Sreepati M S'''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him

== July 2011 ==

'''Date: 23/07/2011 saturady of at 12:00 Noon '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

Presentation on Burp Suite by Omair Seminar on Open SAM by Sreepati

''' Speakers '''

'''Sreepati M S '''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him

 

'''Omair '''

Omair works as penetration tester in NII consulting, has over 5 years of experience in Penetration testing. His interests include Network Penetration testing, Exploit generation and Reverse engineering

 ''' Facility Sponsor & Refreshment sponsor'''

3i Infotech

[[Image:3i Infotech.png]]

 

== june 2011 ==

'''Meet on:''' 11/06/2011 saturday

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Facility Sponsor & Refreshment sponsor''' 

Cognizant Technology Solutions

 

[[Image:Cognizant.png|273x86px|Cognizant.png]]

 

== May 2011 ==

'''Meet on:''' 07/05/2011 saturday

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

XSS Autopsy and w3af by Imran

''' Speakers '''

'''Mohammed Imran'''

Imran works as Application Security Researcher at Tata consultancy services,leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Apart from his day job he contributes to matriux and Fedora open source projects. Imran is a CEH and his interests include application security assessment, penetration testing and code review.

'''Sponsor''' 

Cognizant Technology Solutions

 

==== Audio/Video/Slides Archive ====

<paypal>Hyderabad</paypal>

__NOTOC__ <headertabs></headertabs>

[[Category:OWASP_Chapter]]
[[Category:Asia/Pacific/Middle East]]
[[Category:India]]
[[Category:Hyderabad]]

Hyderabad

2019-02-16T07:01:14Z

Raj Shalem: /* Participants */

Welcome to the OWASP Hyderabad chapter homepage.

== OWASP - Hyderabad Chapter Board Members ==
Scope of the board is to discuss and approve local activities, meetings and plans.The board meetings will be announced at a later date. 

'''The board currently includes the following members :'''

''Core Team Members - 2017'' [mailto:gshalemraj@gmail.com Shalem Raj - Cognizant Technology Solutions] : Chapter Leader [mailto:rajesh.gopal@owasp.org Rajesh Gopal - Fortune 500 Organisation] [mailto:bhaskar.puppala@owasp.org Bhaskar Puppala - Fortune 500 Organisation] [mailto:sathya.achanta@owasp.org Achanta Sathya Phani Bapi Raju - CSC] [mailto:saikrishna.gobburi@owasp.org Saikrishna Gobburi - Pramati Technologies Pvt Ltd] 

Information about future meets can be seen in the '''''Upcoming Meetings''''' section below.

== '''Location Details''' ==

Hyderabad is the capital of southern India's Telangana state. A major center for the technology industry, it's home to many upscale restaurants and shops. Its historic sites include Golconda Fort, a former diamond-trading center that was once the Qutb Shahi dynastic capital. The Charminar, a 16th-century mosque whose 4 arches support towering minarets, is an old city landmark near the long-standing Laad Bazaar.

[[File:Hydskyline.jpg|Panorama of Hyderabad, as seen from the Hussain Sagar lake. Source: https://en.wikipedia.org/wiki/Hyderabad#/media/File:Hydskyline.jpg|center|1150x1150px]]

More details about Hyderabad location available @https://en.wikipedia.org/wiki/Hyderabad<nowiki/>{{Chapter Template|chaptername=Hyderabad|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-hyderabad|emailarchives=http://lists.owasp.org/pipermail/owasp-hyderabad}}
== Participants ==

OWASP Local Chapter meetings are free and open. Our chapter's meetings are informal and encourage open discussion of all aspects of application security. Anyone in our area interested in web application security is welcome to attend. We encourage attendees to give short presentations about specific topics.

 Stay Updated

'''[https://lists.owasp.org/mailman/listinfo/owasp-hyderabad Click here to join the local chapter mailing list]'''

'''Follow''' OWASP Hyderabad on your favorite social media sites:

[[Image:Twitter mini.png|link=http://twitter.com/OWASPHyderabad]] [[Image:Facebook mini.png|link=https://www.facebook.com/pages/Owasp-Hyderabad/181569591897591]]

'''Share''' OWASP Hyderabad on your favorite social media sites:

Presentations are invited from speakers, Please contacts us at our Telegram Group @https://goo.gl/EHqdLM

(Don't share personal details like contact numbers here, because its an open group, your privacy is our concern)

Presenters are encouraged to use OWASP presentation template for slides preparation.

Follow us at our Telegram, Twitter and Facebook handles to get latest information !

== Presentations and Training[edit | edit source] ==
OWASP Track

[https://www.owasp.org/index.php/Speaker_Agreement Speaker Agreement]

[https://www.owasp.org/images/b/b3/OWASP_Presentation_Template_v2.zip Presentation Template]

[https://www.owasp.org/index.php/Image:CFP_template.doc Call For Papers Template]

[https://www.owasp.org/images/8/85/OWASP_CFT_Template-1-.doc Call For Training proposal template].

[http://www.owasp.org/images/4/4b/SAMPLE_Training_Instructor_Agreement.doc Training Instructor Agreement]

== '''Upcoming Meetings & Events''' ==
''Stay tuned for 2018 updates - Exciting activities are under plan !''

== [[Meeting]] Details: ==

== Mar - 2019 - One-Day Conference ==
'''Organized''' '''by''' : S&P Global and Ness

'''Date :''' 09/Mar/2019

'''Timings :''' 09.00 AM to 06.00 PM IST

'''Venue :''' @Ness Software Engineering Services India ,LLP, 4th Floor, Block 5, East Tower, '''North wing Divyasree NSL Infrastructure Pvt''', ,Sy No.66/1, Raidurgam Village, Serlingampally Mandal, RR Dist, Hyderabad-500032, Telangana, India

'''Registration Link:''' https://www.meraevents.com/event/owasp-hyderabad-chapter-march-2019-oneday-meet-by-sandp-global
{| class="wikitable"
|'''Registration & Networking'''
|-
|Welcome and Overview by OWASP Core Team:

''Felicitation to Guest of Honor: '''G Janaki Sharmila, IPS''' - Dy. Commissioner of Police - Crime''

''Welcome note by S&P Global Team''
|-
|'''Authentication in API, Microservices Architecture''' '''and Cloud Security''' – By ''Varun Kumar Srivastava'':

Varun is principal Engineer with 9 + years of experience in developing and securing web applications and expertise in Application Security, Identity and Access management, He is a computer science graduate from IIT
|-
|'''Secure Software Development: Executive Briefing''' – By Satish Kumar Vadlakonda: Satish is Associate Director with 12 + years of broad industry experience in to software design, architecture and development. Specialized in Web and Windows applications development with a strong acquaintance to the best practices of Agile, UX, UI and Information security
|-
|Refreshments / Tea Break
|-
|'''''Panel Discussion''''' ''(Cybersecurity Readiness – Maturity and Capability)''

Dr. Bheemarjuna Reddy Tamma - Associate Professor, IIT Hyderabad

Dr. V. Radha, Associate Professor, Institute for Development and Research in Banking Technology (IDRBT)

Mr. Veeraindhra Dinker, Director Information Security at GSS Infotech Hyderabad
|-
|'''Networking Lunch -'''

'''Registrations for Onsite Hackathon by Secure Code Warrior'''
|-
|'''An Introduction to IOT firmware analysis and Security''' – By ''Vivek Rengarajan:''

Vivek is a cybersecurity team leader in a multinational bank with almost 18 years of experience. He has held varied roles in his career and has been a cyber security enthusiast for a long time. His areas of interest include mobile and ioT security, Malware analysis and reverse engineering and exploit development. He tweets at @vivek_310
|-
|Refreshments / Tea Break
|-
|'''''Onsite Hackathon (CTF) by''''' '''''Secure Code Warrior''': '''(3 Hours)'''''

''Secure Code Warrior is a global security company that makes software development better and more secure: Gamified competitive Developer Quality Assurance platform''

<nowiki>https://securecodewarrior.com</nowiki> , <nowiki>https://insights.securecodewarrior.com/</nowiki>

'''Announcement of the winners and Prize distribution'''
|-
|'''Vote of Thanks'''

Closing: Network Business / Announce Next Meeting – By OWASP Team
|-
|Meeting Concludes: ''Network Social''
|}

== Dec - 2018 ==
[[File:Session Photo.jpg|thumb]]
[[File:Group Photo.jpg|thumb]]
'''Organized''' '''by''' : ThoughtWorks Technologies Private Limited

'''Date :''' 15/Dec/2018

'''Timings :''' 10.00 AM to 1.00 PM IST

'''Venue :''' ThoughtWorks Technologies Private Limited, Hyderabad, Telangana, India

'''Registration Link:''' https://www.eventbrite.com/e/owasp-hyderabad-december-2018-chapter-meet-tickets-53371662078#

'''Agenda:'''

'''1) All about Java Deserialization Vulnerability'''

Java Deserialization of untrusted data has been a security buzzword for the past couple of years with almost every application using native Java serialization framework being vulnerable to Java deserialization attacks. Since it's inception, there have been many scattered attempts to come up with a solution to best address this flaw. In this talk we will focus on Java deserialization vulnerability and mitigation framework provided by Oracle in its latest JDK.

'''About Speakers:''' Venkata Suresh Sanga is a Principle Security Engineer in Oracle having more than 13+ years of experience in Application Development and Security. Currently working on SAST Tools to remediate or mitigate the Application Vulnerabilities. He has Masters in Computer Science (M.Tech) from Andhra University. Linkedin : <nowiki>https://in.linkedin.com/in/svsuresh-appse</nowiki>

'''Our Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Our Twitter URL:''' https://twitter.com/owasphyderabad

'''Our Telegram URL:''' https://goo.gl/EHqdLM

== Sept-2018 - One-Day Conference ==
'''Organized''' '''by''' : S&P Global and Ness

'''Date :''' 01/Sept/2018

'''Timings :''' 10.00 AM to 05.30 PM IST

'''Venue :''' @Ness Software Engineering Services India ,LLP, 4th Floor, Block 5, East Tower, '''North wing Divyasree NSL Infrastructure Pvt''', ,Sy No.66/1, Raidurgam Village, Serlingampally Mandal, RR Dist, Hyderabad-500032, Telangana, India

'''Registration Link:'''

https://www.meraevents.com/event/owasp-hyderabad-september-2018-chapter-meet?ucode=organizer

'''Agenda:'''
{| class="wikitable"
|'''Registration & Networking'''
|-
|Welcome and Overview by OWASP Core Team

Welcome note by S&P Global Team

Welcome & Overview of Meeting by OWASP Network Representative
|-
|'''Running Frida on jailed devices by using Frida and to bypass root/jailbreak detection – By Satish Kumar Patnayak'''

About Speaker : Information Security Consultant with 7+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. His areas of interest are android security, ios security
|-
|Refreshments / Tea Break
|-
|'''SSRF Exploit Development – By Aayush Deo'''

About Speaker : Good industry experience in information security and completed my BE from PUNE University. Have worked with shopclues.com, an eCommerce company in the past and have couple of Hall of Fame’s on ZETA, Paytm etc.
|-
|Networking Lunch
|-
|'''Mobile Vulnerabilities worth Millions - Pentesting and Securing iOS Apps using OWASP iGoat – By Swaroop Deepak Yermalkar'''

About Speaker : works as Sr Security Engineer with a diverse skill set focused on Mobile App Pentest, Web, API and AWS Pentesting. In addition he has authored the popular book “Learning iOS Pentesting” (<nowiki>https://goo.gl/T8jvjJ</nowiki>) and lead an open source project - OWASP iGoat (<nowiki>https://github.com/OWASP/iGoat-Swift</nowiki>) which is developed for mobile security. He is one of the top bug bounty researchers worldwide, working with Cobalt.io (<nowiki>https://app.cobalt.io/swaroopsy</nowiki>), Synack.inc.

He has given talks and workshops at many security conferences including AppSec USA 2017, BruCON, SEC-T, EuropeanSec, Hacks in Taiwan (HITCON), GroundZero, c0c0n, 0x90, GNUnify
|-
|'''OS Command Injection - Observation, Attack & Analysis (A1 - OWASP Top 10 2017) - By Bhaskar Puppala and Saikrishna Gobburi'''

About Speaker: Bhaskar Puppala is an Information Security Professional, working as a consultant for a fortune 500 company and has 8.5 years of experience. He is more interested in application security area and love to share his knowledge when possible. He also has some experience in bug bounty programs and listed on couple of Security Hall of Fames.

For more details please visit : <nowiki>https://in.linkedin.com/in/bhaskar-puppala-3bb11316</nowiki>

About Speaker: Saikrishna Gobburi has around 8.5 years of work experience on QA automation, performance and security testing .Currently he is working as Principal engineer with Pramati technologies. He is also associated as core member with OWASP-Hyderabad.

For more details please visit: <nowiki>https://www.linkedin.com/in/saikrishna-gobburi-b0088118/</nowiki>
|-
|Refreshments / Tea Break
|-
|Panel Discussion – Corporate attack methodology vs Attacks in the wild (Resource pool: Demand vs Supply)
Panel to be announced
|-
|Closing - Network Business / Announce Next Meeting – By OWASP Team
|-
|''Network Social''
|}
'''Sponsor :'''

[[File:SP.png|thumb|168x168px|Sponsor]]

== July - 2018[edit | edit source] ==
'''Time & Venue:'''
[[File:July 2018 Core Team meet.jpg|thumb|July 2018 Core Team Meet]]
@28/July/2018

CCD, Banjara Hills, Hyderabad, Telangana.

'''Agenda:'''

1. Planning for Sep 2018 OWASP meet - '''Done'''

2. Telegraph Group Mentoring - '''Done'''

3. Speakers Finalizing - '''Done'''

'''Attendees : Hyderabad OWASP Core Team'''

[[File:CoMakeIT - June 2018 Meet Pic 2.jpg|thumb|CoMakeIT - June 2018 Meet]]

== June - 2018 ==
[[File:CoMakeIT - June 2018 Meet.jpg|alt=CoMakeIT - June 2018 Meet|thumb|CoMakeIT - June 2018 Meet]]
'''Venue: coMakeIT Software Pvt Ltd'''

Address: 7th Floor, Block-I, My Home Hub, Hitech City, Madhapur, Hyderabad, INDIA

'''Event Start Time:''' Saturday, 23rd June, 2018 at 10:00 AM (IST)

'''Event Registration URL''': https://tinyurl.com/yc9cb6hg

'''Agenda:'''

'''1) Adapting to DevSecOps in Agile World'''

In this talk, speaker will try talk about basics of DevSecOps and its benefits when we integrate it in Agile SDLC space.

'''2) Understanding the internals of 'Server-Side Request Forgery' (SSRF)'''

Here speaker will try to touch the basics about how application communicates with end devices and using the same he will try to explain SSRF issue and criticality of it, if exploited.

'''About Speakers:'''

'''1) Saikrishna Gobburi''' has around 8.5 years of work experience on QA automation, performance and security testing .Currently he is working as Principle engineer with Pramati technologies. He is also associated as core member with OWASP-Hyderabad. For more details please visit: <nowiki>https://www.linkedin.com/in/saikrishna-gobburi-b0088118/</nowiki>

'''2) Bhaskar Puppala''' is an Information Security Professional, working as a consultant for a fortune 500 company and has 8.5 years of experience. He is more interested in application security area and love to share his knowledge when possible. He also has some experience in bug bounty programs and listed on couple of Security Hall of Fames. For more details please visit : <nowiki>https://in.linkedin.com/in/bhaskar-puppala-3bb11316</nowiki>

'''Our Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Our Twitter URL:''' https://twitter.com/owasphyderabad

'''Our Telegram URL:''' https://goo.gl/EHqdLM

== Mar - 2018 ==
[[File:Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet.jpg|alt=Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet|thumb|Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet]]
'''Venue: Daspalla Hotel'''
[[File:Daspalla_Hotel_-_Meet.jpg|thumb|Daspalla Hotel Meet - Mar 2018]]

Address: Rd Number 37, CBI Colony, Jubilee Hills, Hyderabad, Telangana 500033, Phone: 040 6654 5678

'''Event Start Time:''' Saturday, 10th Mar, 2018 at 10:00 AM (IST)

'''Agenda:'''

'''1) Does your Pentesting cover all the basis of IT Security ?'''

This talk focuses on how to align the security validation of a web application with the three basic elements of security namely,Confidentiality,Integrity, and Availability (CIA). The test effectiveness can be achieved by analyzing the requirements of each element and identifying the potential breaches that can compromise each element. The efficiency should be built by relating these breaches with the known OWASP Top 10 and other vulnerabilities and, leveraging that knowledge to identify the testing approach - static and dynamic throughout the SDLC.

'''About Speakers:'''

'''Bhushan Gupta''' has over 30 years of experience in software engineering, 23 of which have been in the software industry. Although recognized for his contributions in the areas of software engineering such as agile processes and quality methods and metrics, Bhushan has taken a vigorous interest in web application security and is keen on applying pragmatic software development practices that yield a secure product. He is one of the leaders of the OWASP Portland Chapter. Bhushan has been a speaker, a panelist, and a reviewer for software quality and security organizations. As a change agent, Bhushan volunteers his time and energy for organizations that promote software security and quality. He has a MS degree in Computer Science from New Mexico Institute of Mining and Technology, Socorro, New Mexico, 1985.

'''Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Twitter URL:''' https://twitter.com/owasphyderabad

'''Telegram URL:''' https://goo.gl/EHqdLM

'''Registration URL:''' https://goo.gl/tEXnec

== Feb-2018 ==

=== '''Venue: coMakeIT''' ===
7th Floor, Block-I, My Home Hub, Hitech City, Madhapur, Hyderabad, INDIA

'''Time:''' Saturday, 03rd Feb, 2018 at 10:30 AM (IST)

'''Agenda:'''

1) Mobile Application Pentest & Mobile Application Ransomware

2) Using Static Analyser tools while coding

'''About Speakers:'''

1) '''Spv Reddy''' is an Application Security Analyst at '''IMImobile Pvt Ltd''', member of '''National Technical Committee Member''' at National Cyber Safety and Security Standards

Also a '''Steering Committee Lead''' Member in National Information Security Summit.

2) '''Dathu Rachapudi''' is having 9 years of experience with 6+ years into Application Security only. He is currently working with '''ValueLabs''' as a “Technical Lead-Security”

He likes to teach and a happy a bug hunter during his leisure time.

== Dec-2017 ==
[[File:WhatsApp Image 2017-12-15 at 11.09.39 PM.jpg|thumb]]
'''Time & Venue:'''

@15/Dec/2017

KFC location, Shilparamam, Hi-Tech city, Hyderabad

'''Agenda:'''

1. Planning for Jan 20th 2018 general OWASP meet - '''Done'''

2. Need to clear OWASP mail account - '''Done'''

'''Attendees : Hyderabad OWASP Core Team'''

== Sec-2017 ==
[[File:WhatsApp Image 2017-12-15 at 10.13.27 PM.jpg|thumb]]
'''Time & Venue:'''

@03/Sep/2017

Cafe Coffee day, Road Number 10, Banjara Hills, Hyderabad

'''Below decisions were made after careful discussions'''

1. Uploading of OWASP presentation template, speakers should make use of this template to prepare their presentation

2. Recording the technical demo is mandate for presenters

'''Attendees : Hyderabad OWASP Core Team'''

== July 2017 ==
'''Time & Venue:'''

OpenText Technologies, Building No-14, 3rd Floor, Raheja Mindspace, HITEH City, Hyderabad

Saturday, July 15th, 2017 at 10:30 AM (IST)

'''Agenda:'''

1. Introduction to DevOps and its Tools - Krishna Reddy Pedala

2. API Security Auditing using RESTED Plug-in - Vikas Kumar Pal

'''About the speaker:'''

'''Krishna Reddy Pedala''' is currently working as an Sr.Information Security consultant in financial sector. His previous endeavour was with Microsoft and has 9+ years of experience in Information security domain with expertise in service industry and banking domains.

'''Vikas Kumar Pal''' is an information security professional working with Ceredox Technologies Pvt Ltd, Hyderabad with an interest in research and development in the areas of Application Security, Penetration Testing and Web Application Development.

== Feb 2017 ==

'''Time & Venue:'''

Starbucks, Opp: Cybergateway, HiTech City, Hyderbad

Monday, February 20th, 2017 at 7.30 PM (IST)

'''Agenda:'''

Topic: New Core Team Meeting

Road map for year 2017

Changes in core team members responsibilities

Getting OWASP accounts for core members

Administration of all social accounts of OWASP Hyderabad Chapter

== April 2016 ==
'''Time & Venue:'''

OpenText Technologies, Building No-14, 3rd Floor, Raheja Mindspace, HITEH City, Hyderabad

Saturday, April 2nd, 2016 at 10:30 AM (IST)

'''Agenda:'''

Topic: Mobile application security and testing by Satish Kumar Patnaik

About the speaker - Satish Kumar Patnayak : he is currently working as an Senior Information Security Consultant financial sector and has 5+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. His areas of interest are android security, ios security.

==February 2016==

'''Time & Venue:'''

Saturday, February 27th, 2016 at 10:30 AM (IST)

Location: Pramati Technologies Private Limited, Mid Town 6-3-348 Road No. 1, Banjara Hills, Hyderabad, Telangana, India

'''Agenda:'''

Microsoft Threat Modeling Tool 2016 by Krishna Reddy Padala

Creating DFD STRIDE Model Identifying STRIDE Threats by DFD, Mitigation Techniques and Technologies

'''About the speaker:''' Krishna Reddy Padala, he is currently working as an Senior Information Security Consultant financial sectore and worked with Microsoft and has 8+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. QUALYS GUARD Certified Vulnerability Management Specialist.Certified Ethical Hacker from EC Council.Worked extensively on Web Application Security, Secure Code Reviews in Banking & Financial, Healthcare, Retail, Logistics domains.

== '''Previous Meets:''' ==

==May 11, 2013==

'''Venue:'''

CA Technologies, 115, IT Park Area, Nanakramguda, Gachibowli - (Phone - 040 6687 8000), Hyderabad

'''Agenda:''' Exploiting Java 0-day by Ravindra and Raghuveer, CA Technologies Compliance and Governance by Shalem Raj, Cognizant.

==February 9, 2013==

'''Date & Time: Saturday, February 9, 2013 from 10:00 AM to 1:00 PM '''

'''Venue:'''
CA Technologies 
115, IT Park Area 
Nanakramguda, Gachibowli - (Phone - 040 6687 8000) 
Hyderabad

'''Agenda:'''
IBM Appscan - An automated approach to web app security by Rohit Tamma 
Insecure Storage in iPhone applications by Satish Bommisetty

''' Speakers: '''

'''Rohit Tamma'''
Rohit Tamma has been working in the field of Application Security since 3.5 years. He has experience in Vulnerability Assessments and Penetration Testing of web applications. He is passionate about Mobile security with special interest in Android security. He is currently working with ADP.

'''Satish Bommisetty'''
Satish is an Information Security Professional with 6.5 years of experience in penetration testing of web applications and mobile applications. He is currently working with ADP as a security analyst. He is a Facebook whitehat. He also reported vulnerabilities in Bing, Linkedin and Paypal.

== October 27, 2012 ==

'''Date & Time: Saturday, October 27, 2012 at 11:00 AM (IST) '''.

'''Venue:'''

Invesco private Limited 
15th Floor , North Block, Beside Raidurg Police Station 
DivyaSree Orion SEZ 
Hyderabad, Andhra Pradesh 500032 

'''Agenda:'''

A bird'd eye view of securing Web Applications by Imran Mohammed

SSDLC BSIMM by M S Sripathi

''' Speakers '''

'''Imran Mohammed'''

Mohammed Imran works as Researcher at TCS, Innovation Labs. He also leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Imran is a CEH and his interests include application security assessment, penetration testing and secure code review. When not at work he practices horse riding and marksmanship.

'''Sreepati M S '''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him .

'''Sponsor'''

Invesco Pvt Ltd

== August 11, 2012 ==

'''Date & Time: Saturday, Aug 11, 2012 at 10:30 AM '''.

'''Venue:'''

ADP pvt ltd 
Kothaguda 
Ground floor, Block C Laxmi cyber city Opposite TCS e-park 
Hyderabad, Andhra Pradesh 500081 

'''Agenda:'''

HTML5 Security Part II by Krishna Chaitanya

''' Speakers '''

'''Krishna Chaitanya T'''

Krishna Chaitanya T is a web geek working at Security & Privacy Research Lab, Infosys Labs. He is very much passionate about the web with special interest on Web security and areas such as HTML5, JavaScript, Web browsers, social networking platforms etc. He is a regular blogger and speaker at technical events. For his contributions to technical communities, he has been awarded Microsoft MVP award for 3 consecutive years-ASP.NET MVP(2010) and Internet Explorer MVP (2011, 2012). He is also pursuing M.S by Research at IIIT-Hyd with focus on security aspects of the modern web. When not at work he practices Yoga and plays Chess.

'''Sponsor'''

https://www.owasp.org/images/9/91/Adp.jpg

== May 19, 2012 ==

'''Date & Time: Saturday, May 19, 2012 at 10:30 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

HTML5 Security by Krishna Chaitanya

''' Speakers '''

'''Krishna Chaitanya T'''

Krishna Chaitanya T is a web geek working at Security & Privacy Research Lab, Infosys Labs. He is very much passionate about the web with special interest on Web security and areas such as HTML5, JavaScript, Web browsers, social networking platforms etc. He is a regular blogger and speaker at technical events. For his contributions to technical communities, he has been awarded Microsoft MVP award for 3 consecutive years-ASP.NET MVP(2010) and Internet Explorer MVP (2011, 2012). He is also pursuing M.S by Research at IIIT-Hyd with focus on security aspects of the modern web. When not at work he practices Yoga and plays Chess.

== February 25, 2012 ==

'''Date & Time: Saturday, February 25, 2012 at 11:00 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

How to find zero days in web applications by Imran & Raghunath

''' Speakers '''

'''Mohammed Imran'''

Imran works as Application Security Researcher at Tata consultancy services,leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Apart from his day job he contributes to matriux and Fedora open source projects. Imran is a CEH and his interests include application security assessment, penetration testing and code review.

'''Raghunath'''

Raghunath works as a senior security engineer at entersoft information systems private limited. His interests include web application penetration testing.

== December 17, 2011 ==

'''Date & Time: Saturday, at 10:30 AM '''.

'''Venue: '''

Hotel Sitara Grand 
Road No.12, Road No.12, Banjara Hills 
Hyderabad, Andhra Pradesh 500034, India 

'''Agenda:'''

Cloud Security by Arshad Noor

''' Speakers '''

'''Arshad Noor'''
Chief Technology Officer
StrongAuth, Inc., Sunnyvale, California

Started his great profession as a senior systems designer way back in 1986 at Port Authority of Newyork and New Jersey,- Newyork and worked in Citibank - newyork as Vice President apart from Newyork Life Insurance, BASF Corporation, Sun IT ,Sun Microsystems, INC to name.
Architected and built several Public Key Infrastructure (PKI) assignments for several defense, communication, medical, Banking, e-commerce, life sciences and other industries.

== November 12, 2011==

'''Date & Time: Saturday, at 10:30 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

HP WebInspect by Rohit Tamma

Pentesting Iphone Applications By B Satish

''' Speakers '''

'''Rohit Tamma'''

Rohit Tamma (CEH) has been working as a Application security Analyst in TCS from past 2 years. His job responsibilities include Vulnerability Assessment and Penetration Testing which enabled him to acquire extensive knowledge on HP WebInspect,IBM Rational Appscan Source Edition and HP Assessment Management Platform. Recently he also gave a presentation in Null Hyderabad meet on HP WebInspect.

'''Satish B'''

Satish has been working as a web application penetration tester since 5 years. Pentested over 200 web applications during this period. Recently he got involved in reverse engineering of binaries, WLAN security and mobile application hacking. He also Performed a couple of network assessments and source code reviews. Developed a compiler in the early stage of the career. He has a Bachelor’s Degree in Computer Science from JNTU, Hyderabad.Passionate about hacking and sharing knowledge.

== 20th August 2011 ==

'''Date & Time: Saturady, at 11 AM '''

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

Oracle Padding Attack by B. Satish

Open SAM part II by Sripati MS

''' Speakers '''

'''B Satish'''

I have been working as a web application penetration tester since 5 years. Pentested over 200 web applications during this period. Recently got involved in reverse engineering of binaries, WLAN security and mobile application hacking. Performed a couple of network assessments and source code reviews. Developed a compiler in the early stage of the career. I have a Bachelor’s Degree in Computer Science from JNTU, Hyderabad. Passionate about hacking and sharing knowledge

'''Sreepati M S'''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him

== July 2011 ==

'''Date: 23/07/2011 saturady of at 12:00 Noon '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

Presentation on Burp Suite by Omair Seminar on Open SAM by Sreepati

''' Speakers '''

'''Sreepati M S '''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him

 

'''Omair '''

Omair works as penetration tester in NII consulting, has over 5 years of experience in Penetration testing. His interests include Network Penetration testing, Exploit generation and Reverse engineering

 ''' Facility Sponsor & Refreshment sponsor'''

3i Infotech

[[Image:3i Infotech.png]]

 

== june 2011 ==

'''Meet on:''' 11/06/2011 saturday

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Facility Sponsor & Refreshment sponsor''' 

Cognizant Technology Solutions

 

[[Image:Cognizant.png|273x86px|Cognizant.png]]

 

== May 2011 ==

'''Meet on:''' 07/05/2011 saturday

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

XSS Autopsy and w3af by Imran

''' Speakers '''

'''Mohammed Imran'''

Imran works as Application Security Researcher at Tata consultancy services,leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Apart from his day job he contributes to matriux and Fedora open source projects. Imran is a CEH and his interests include application security assessment, penetration testing and code review.

'''Sponsor''' 

Cognizant Technology Solutions

 

==== Audio/Video/Slides Archive ====

<paypal>Hyderabad</paypal>

__NOTOC__ <headertabs></headertabs>

[[Category:OWASP_Chapter]]
[[Category:Asia/Pacific/Middle East]]
[[Category:India]]
[[Category:Hyderabad]]

Hyderabad

2019-02-16T06:40:55Z

Raj Shalem: /* Presentations and Training[edit | edit source] */

Welcome to the OWASP Hyderabad chapter homepage.

== OWASP - Hyderabad Chapter Board Members ==
Scope of the board is to discuss and approve local activities, meetings and plans.The board meetings will be announced at a later date. 

'''The board currently includes the following members :'''

''Core Team Members - 2017'' [mailto:gshalemraj@gmail.com Shalem Raj - Cognizant Technology Solutions] : Chapter Leader [mailto:rajesh.gopal@owasp.org Rajesh Gopal - Fortune 500 Organisation] [mailto:bhaskar.puppala@owasp.org Bhaskar Puppala - Fortune 500 Organisation] [mailto:sathya.achanta@owasp.org Achanta Sathya Phani Bapi Raju - CSC] [mailto:saikrishna.gobburi@owasp.org Saikrishna Gobburi - Pramati Technologies Pvt Ltd] 

Information about future meets can be seen in the '''''Upcoming Meetings''''' section below.

== '''Location Details''' ==

Hyderabad is the capital of southern India's Telangana state. A major center for the technology industry, it's home to many upscale restaurants and shops. Its historic sites include Golconda Fort, a former diamond-trading center that was once the Qutb Shahi dynastic capital. The Charminar, a 16th-century mosque whose 4 arches support towering minarets, is an old city landmark near the long-standing Laad Bazaar.

[[File:Hydskyline.jpg|Panorama of Hyderabad, as seen from the Hussain Sagar lake. Source: https://en.wikipedia.org/wiki/Hyderabad#/media/File:Hydskyline.jpg|center|1150x1150px]]

More details about Hyderabad location available @https://en.wikipedia.org/wiki/Hyderabad<nowiki/>{{Chapter Template|chaptername=Hyderabad|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-hyderabad|emailarchives=http://lists.owasp.org/pipermail/owasp-hyderabad}}
== Participants ==

OWASP Local Chapter meetings are free and open. Our chapter's meetings are informal and encourage open discussion of all aspects of application security. Anyone in our area interested in web application security is welcome to attend. We encourage attendees to give short presentations about specific topics.

 Stay Updated

'''[https://lists.owasp.org/mailman/listinfo/owasp-hyderabad Click here to join the local chapter mailing list]'''

'''Follow''' OWASP Hyderabad on your favorite social media sites:

[[Image:Twitter mini.png|link=http://twitter.com/OWASPHyderabad]] [[Image:Facebook mini.png|link=https://www.facebook.com/pages/Owasp-Hyderabad/181569591897591]]

'''Share''' OWASP Hyderabad on your favorite social media sites:

Presentations are invited from speakers, Please contacts us at our Telegram Group @https://goo.gl/EHqdLM

(Don't share personal details like contact numbers here, because its an open group, your privacy is our concern)

Presenters are encouraged to use OWASP presentation template for slides preparation.

Follow us at our Telegram, Twitter and Facebook handles to get latest information !

== Presentations and Training[edit | edit source] ==
OWASP Track

[https://www.owasp.org/index.php/Speaker_Agreement Speaker Agreement]

[https://www.owasp.org/images/b/b3/OWASP_Presentation_Template_v2.zip Presentation Template]

[https://www.owasp.org/index.php/Image:CFP_template.doc Call For Papers Template]

[https://www.owasp.org/images/8/85/OWASP_CFT_Template-1-.doc Call For Training proposal template].

[http://www.owasp.org/images/4/4b/SAMPLE_Training_Instructor_Agreement.doc Training Instructor Agreement]

== '''Upcoming Meetings & Events''' ==
''Stay tuned for 2018 updates - Exciting activities are under plan !''

== [[Meeting]] Details: ==

== Mar - 2019 - One-Day Conference ==
'''Organized''' '''by''' : S&P Global and Ness

'''Date :''' 09/Mar/2019

'''Timings :''' 10.00 AM to 05.30 PM IST

'''Venue :''' @Ness Software Engineering Services India ,LLP, 4th Floor, Block 5, East Tower, '''North wing Divyasree NSL Infrastructure Pvt''', ,Sy No.66/1, Raidurgam Village, Serlingampally Mandal, RR Dist, Hyderabad-500032, Telangana, India

'''Registration Link:''' Will be published soon
{| class="wikitable"
|'''Registration & Networking'''
|-
|Welcome and Overview by OWASP Core Team:

''Felicitation to Guest of Honor: '''G Janaki Sharmila, IPS''' - Dy. Commissioner of Police - Crime''

''Welcome note by S&P Global Team''
|-
|'''Authentication in API, Microservices Architecture''' '''and Cloud Security''' – By ''Varun Kumar Srivastava'':

Varun is principal Engineer with 9 + years of experience in developing and securing web applications and expertise in Application Security, Identity and Access management, He is a computer science graduate from IIT
|-
|'''Secure Software Development: Executive Briefing''' – By Satish Kumar Vadlakonda: Satish is Associate Director with 12 + years of broad industry experience in to software design, architecture and development. Specialized in Web and Windows applications development with a strong acquaintance to the best practices of Agile, UX, UI and Information security
|-
|Refreshments / Tea Break
|-
|'''''Panel Discussion''''' ''(Cybersecurity Readiness – Maturity and Capability)''

Dr. Bheemarjuna Reddy Tamma - Associate Professor, IIT Hyderabad

Dr. V. Radha, Associate Professor, Institute for Development and Research in Banking Technology (IDRBT)

Mr. Veeraindhra Dinker, Director Information Security at GSS Infotech Hyderabad
|-
|'''Networking Lunch -'''

'''Registrations for Onsite Hackathon by Secure Code Warrior'''
|-
|'''An Introduction to IOT firmware analysis and Security''' – By ''Vivek Rengarajan:''

Vivek is a cybersecurity team leader in a multinational bank with almost 18 years of experience. He has held varied roles in his career and has been a cyber security enthusiast for a long time. His areas of interest include mobile and ioT security, Malware analysis and reverse engineering and exploit development. He tweets at @vivek_310
|-
|Refreshments / Tea Break
|-
|'''''Onsite Hackathon (CTF) by''''' '''''Secure Code Warrior''': '''(3 Hours)'''''

''Secure Code Warrior is a global security company that makes software development better and more secure: Gamified competitive Developer Quality Assurance platform''

<nowiki>https://securecodewarrior.com</nowiki> , <nowiki>https://insights.securecodewarrior.com/</nowiki>

'''Announcement of the winners and Prize distribution'''
|-
|'''Vote of Thanks'''

Closing: Network Business / Announce Next Meeting – By OWASP Team
|-
|Meeting Concludes: ''Network Social''
|}

== Dec - 2018 ==
[[File:Session Photo.jpg|thumb]]
[[File:Group Photo.jpg|thumb]]
'''Organized''' '''by''' : ThoughtWorks Technologies Private Limited

'''Date :''' 15/Dec/2018

'''Timings :''' 10.00 AM to 1.00 PM IST

'''Venue :''' ThoughtWorks Technologies Private Limited, Hyderabad, Telangana, India

'''Registration Link:''' https://www.eventbrite.com/e/owasp-hyderabad-december-2018-chapter-meet-tickets-53371662078#

'''Agenda:'''

'''1) All about Java Deserialization Vulnerability'''

Java Deserialization of untrusted data has been a security buzzword for the past couple of years with almost every application using native Java serialization framework being vulnerable to Java deserialization attacks. Since it's inception, there have been many scattered attempts to come up with a solution to best address this flaw. In this talk we will focus on Java deserialization vulnerability and mitigation framework provided by Oracle in its latest JDK.

'''About Speakers:''' Venkata Suresh Sanga is a Principle Security Engineer in Oracle having more than 13+ years of experience in Application Development and Security. Currently working on SAST Tools to remediate or mitigate the Application Vulnerabilities. He has Masters in Computer Science (M.Tech) from Andhra University. Linkedin : <nowiki>https://in.linkedin.com/in/svsuresh-appse</nowiki>

'''Our Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Our Twitter URL:''' https://twitter.com/owasphyderabad

'''Our Telegram URL:''' https://goo.gl/EHqdLM

== Sept-2018 - One-Day Conference ==
'''Organized''' '''by''' : S&P Global and Ness

'''Date :''' 01/Sept/2018

'''Timings :''' 10.00 AM to 05.30 PM IST

'''Venue :''' @Ness Software Engineering Services India ,LLP, 4th Floor, Block 5, East Tower, '''North wing Divyasree NSL Infrastructure Pvt''', ,Sy No.66/1, Raidurgam Village, Serlingampally Mandal, RR Dist, Hyderabad-500032, Telangana, India

'''Registration Link:'''

https://www.meraevents.com/event/owasp-hyderabad-september-2018-chapter-meet?ucode=organizer

'''Agenda:'''
{| class="wikitable"
|'''Registration & Networking'''
|-
|Welcome and Overview by OWASP Core Team

Welcome note by S&P Global Team

Welcome & Overview of Meeting by OWASP Network Representative
|-
|'''Running Frida on jailed devices by using Frida and to bypass root/jailbreak detection – By Satish Kumar Patnayak'''

About Speaker : Information Security Consultant with 7+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. His areas of interest are android security, ios security
|-
|Refreshments / Tea Break
|-
|'''SSRF Exploit Development – By Aayush Deo'''

About Speaker : Good industry experience in information security and completed my BE from PUNE University. Have worked with shopclues.com, an eCommerce company in the past and have couple of Hall of Fame’s on ZETA, Paytm etc.
|-
|Networking Lunch
|-
|'''Mobile Vulnerabilities worth Millions - Pentesting and Securing iOS Apps using OWASP iGoat – By Swaroop Deepak Yermalkar'''

About Speaker : works as Sr Security Engineer with a diverse skill set focused on Mobile App Pentest, Web, API and AWS Pentesting. In addition he has authored the popular book “Learning iOS Pentesting” (<nowiki>https://goo.gl/T8jvjJ</nowiki>) and lead an open source project - OWASP iGoat (<nowiki>https://github.com/OWASP/iGoat-Swift</nowiki>) which is developed for mobile security. He is one of the top bug bounty researchers worldwide, working with Cobalt.io (<nowiki>https://app.cobalt.io/swaroopsy</nowiki>), Synack.inc.

He has given talks and workshops at many security conferences including AppSec USA 2017, BruCON, SEC-T, EuropeanSec, Hacks in Taiwan (HITCON), GroundZero, c0c0n, 0x90, GNUnify
|-
|'''OS Command Injection - Observation, Attack & Analysis (A1 - OWASP Top 10 2017) - By Bhaskar Puppala and Saikrishna Gobburi'''

About Speaker: Bhaskar Puppala is an Information Security Professional, working as a consultant for a fortune 500 company and has 8.5 years of experience. He is more interested in application security area and love to share his knowledge when possible. He also has some experience in bug bounty programs and listed on couple of Security Hall of Fames.

For more details please visit : <nowiki>https://in.linkedin.com/in/bhaskar-puppala-3bb11316</nowiki>

About Speaker: Saikrishna Gobburi has around 8.5 years of work experience on QA automation, performance and security testing .Currently he is working as Principal engineer with Pramati technologies. He is also associated as core member with OWASP-Hyderabad.

For more details please visit: <nowiki>https://www.linkedin.com/in/saikrishna-gobburi-b0088118/</nowiki>
|-
|Refreshments / Tea Break
|-
|Panel Discussion – Corporate attack methodology vs Attacks in the wild (Resource pool: Demand vs Supply)
Panel to be announced
|-
|Closing - Network Business / Announce Next Meeting – By OWASP Team
|-
|''Network Social''
|}
'''Sponsor :'''

[[File:SP.png|thumb|168x168px|Sponsor]]

== July - 2018[edit | edit source] ==
'''Time & Venue:'''
[[File:July 2018 Core Team meet.jpg|thumb|July 2018 Core Team Meet]]
@28/July/2018

CCD, Banjara Hills, Hyderabad, Telangana.

'''Agenda:'''

1. Planning for Sep 2018 OWASP meet - '''Done'''

2. Telegraph Group Mentoring - '''Done'''

3. Speakers Finalizing - '''Done'''

'''Attendees : Hyderabad OWASP Core Team'''

[[File:CoMakeIT - June 2018 Meet Pic 2.jpg|thumb|CoMakeIT - June 2018 Meet]]

== June - 2018 ==
[[File:CoMakeIT - June 2018 Meet.jpg|alt=CoMakeIT - June 2018 Meet|thumb|CoMakeIT - June 2018 Meet]]
'''Venue: coMakeIT Software Pvt Ltd'''

Address: 7th Floor, Block-I, My Home Hub, Hitech City, Madhapur, Hyderabad, INDIA

'''Event Start Time:''' Saturday, 23rd June, 2018 at 10:00 AM (IST)

'''Event Registration URL''': https://tinyurl.com/yc9cb6hg

'''Agenda:'''

'''1) Adapting to DevSecOps in Agile World'''

In this talk, speaker will try talk about basics of DevSecOps and its benefits when we integrate it in Agile SDLC space.

'''2) Understanding the internals of 'Server-Side Request Forgery' (SSRF)'''

Here speaker will try to touch the basics about how application communicates with end devices and using the same he will try to explain SSRF issue and criticality of it, if exploited.

'''About Speakers:'''

'''1) Saikrishna Gobburi''' has around 8.5 years of work experience on QA automation, performance and security testing .Currently he is working as Principle engineer with Pramati technologies. He is also associated as core member with OWASP-Hyderabad. For more details please visit: <nowiki>https://www.linkedin.com/in/saikrishna-gobburi-b0088118/</nowiki>

'''2) Bhaskar Puppala''' is an Information Security Professional, working as a consultant for a fortune 500 company and has 8.5 years of experience. He is more interested in application security area and love to share his knowledge when possible. He also has some experience in bug bounty programs and listed on couple of Security Hall of Fames. For more details please visit : <nowiki>https://in.linkedin.com/in/bhaskar-puppala-3bb11316</nowiki>

'''Our Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Our Twitter URL:''' https://twitter.com/owasphyderabad

'''Our Telegram URL:''' https://goo.gl/EHqdLM

== Mar - 2018 ==
[[File:Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet.jpg|alt=Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet|thumb|Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet]]
'''Venue: Daspalla Hotel'''
[[File:Daspalla_Hotel_-_Meet.jpg|thumb|Daspalla Hotel Meet - Mar 2018]]

Address: Rd Number 37, CBI Colony, Jubilee Hills, Hyderabad, Telangana 500033, Phone: 040 6654 5678

'''Event Start Time:''' Saturday, 10th Mar, 2018 at 10:00 AM (IST)

'''Agenda:'''

'''1) Does your Pentesting cover all the basis of IT Security ?'''

This talk focuses on how to align the security validation of a web application with the three basic elements of security namely,Confidentiality,Integrity, and Availability (CIA). The test effectiveness can be achieved by analyzing the requirements of each element and identifying the potential breaches that can compromise each element. The efficiency should be built by relating these breaches with the known OWASP Top 10 and other vulnerabilities and, leveraging that knowledge to identify the testing approach - static and dynamic throughout the SDLC.

'''About Speakers:'''

'''Bhushan Gupta''' has over 30 years of experience in software engineering, 23 of which have been in the software industry. Although recognized for his contributions in the areas of software engineering such as agile processes and quality methods and metrics, Bhushan has taken a vigorous interest in web application security and is keen on applying pragmatic software development practices that yield a secure product. He is one of the leaders of the OWASP Portland Chapter. Bhushan has been a speaker, a panelist, and a reviewer for software quality and security organizations. As a change agent, Bhushan volunteers his time and energy for organizations that promote software security and quality. He has a MS degree in Computer Science from New Mexico Institute of Mining and Technology, Socorro, New Mexico, 1985.

'''Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Twitter URL:''' https://twitter.com/owasphyderabad

'''Telegram URL:''' https://goo.gl/EHqdLM

'''Registration URL:''' https://goo.gl/tEXnec

== Feb-2018 ==

=== '''Venue: coMakeIT''' ===
7th Floor, Block-I, My Home Hub, Hitech City, Madhapur, Hyderabad, INDIA

'''Time:''' Saturday, 03rd Feb, 2018 at 10:30 AM (IST)

'''Agenda:'''

1) Mobile Application Pentest & Mobile Application Ransomware

2) Using Static Analyser tools while coding

'''About Speakers:'''

1) '''Spv Reddy''' is an Application Security Analyst at '''IMImobile Pvt Ltd''', member of '''National Technical Committee Member''' at National Cyber Safety and Security Standards

Also a '''Steering Committee Lead''' Member in National Information Security Summit.

2) '''Dathu Rachapudi''' is having 9 years of experience with 6+ years into Application Security only. He is currently working with '''ValueLabs''' as a “Technical Lead-Security”

He likes to teach and a happy a bug hunter during his leisure time.

== Dec-2017 ==
[[File:WhatsApp Image 2017-12-15 at 11.09.39 PM.jpg|thumb]]
'''Time & Venue:'''

@15/Dec/2017

KFC location, Shilparamam, Hi-Tech city, Hyderabad

'''Agenda:'''

1. Planning for Jan 20th 2018 general OWASP meet - '''Done'''

2. Need to clear OWASP mail account - '''Done'''

'''Attendees : Hyderabad OWASP Core Team'''

== Sec-2017 ==
[[File:WhatsApp Image 2017-12-15 at 10.13.27 PM.jpg|thumb]]
'''Time & Venue:'''

@03/Sep/2017

Cafe Coffee day, Road Number 10, Banjara Hills, Hyderabad

'''Below decisions were made after careful discussions'''

1. Uploading of OWASP presentation template, speakers should make use of this template to prepare their presentation

2. Recording the technical demo is mandate for presenters

'''Attendees : Hyderabad OWASP Core Team'''

== July 2017 ==
'''Time & Venue:'''

OpenText Technologies, Building No-14, 3rd Floor, Raheja Mindspace, HITEH City, Hyderabad

Saturday, July 15th, 2017 at 10:30 AM (IST)

'''Agenda:'''

1. Introduction to DevOps and its Tools - Krishna Reddy Pedala

2. API Security Auditing using RESTED Plug-in - Vikas Kumar Pal

'''About the speaker:'''

'''Krishna Reddy Pedala''' is currently working as an Sr.Information Security consultant in financial sector. His previous endeavour was with Microsoft and has 9+ years of experience in Information security domain with expertise in service industry and banking domains.

'''Vikas Kumar Pal''' is an information security professional working with Ceredox Technologies Pvt Ltd, Hyderabad with an interest in research and development in the areas of Application Security, Penetration Testing and Web Application Development.

== Feb 2017 ==

'''Time & Venue:'''

Starbucks, Opp: Cybergateway, HiTech City, Hyderbad

Monday, February 20th, 2017 at 7.30 PM (IST)

'''Agenda:'''

Topic: New Core Team Meeting

Road map for year 2017

Changes in core team members responsibilities

Getting OWASP accounts for core members

Administration of all social accounts of OWASP Hyderabad Chapter

== April 2016 ==
'''Time & Venue:'''

OpenText Technologies, Building No-14, 3rd Floor, Raheja Mindspace, HITEH City, Hyderabad

Saturday, April 2nd, 2016 at 10:30 AM (IST)

'''Agenda:'''

Topic: Mobile application security and testing by Satish Kumar Patnaik

About the speaker - Satish Kumar Patnayak : he is currently working as an Senior Information Security Consultant financial sector and has 5+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. His areas of interest are android security, ios security.

==February 2016==

'''Time & Venue:'''

Saturday, February 27th, 2016 at 10:30 AM (IST)

Location: Pramati Technologies Private Limited, Mid Town 6-3-348 Road No. 1, Banjara Hills, Hyderabad, Telangana, India

'''Agenda:'''

Microsoft Threat Modeling Tool 2016 by Krishna Reddy Padala

Creating DFD STRIDE Model Identifying STRIDE Threats by DFD, Mitigation Techniques and Technologies

'''About the speaker:''' Krishna Reddy Padala, he is currently working as an Senior Information Security Consultant financial sectore and worked with Microsoft and has 8+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. QUALYS GUARD Certified Vulnerability Management Specialist.Certified Ethical Hacker from EC Council.Worked extensively on Web Application Security, Secure Code Reviews in Banking & Financial, Healthcare, Retail, Logistics domains.

== '''Previous Meets:''' ==

==May 11, 2013==

'''Venue:'''

CA Technologies, 115, IT Park Area, Nanakramguda, Gachibowli - (Phone - 040 6687 8000), Hyderabad

'''Agenda:''' Exploiting Java 0-day by Ravindra and Raghuveer, CA Technologies Compliance and Governance by Shalem Raj, Cognizant.

==February 9, 2013==

'''Date & Time: Saturday, February 9, 2013 from 10:00 AM to 1:00 PM '''

'''Venue:'''
CA Technologies 
115, IT Park Area 
Nanakramguda, Gachibowli - (Phone - 040 6687 8000) 
Hyderabad

'''Agenda:'''
IBM Appscan - An automated approach to web app security by Rohit Tamma 
Insecure Storage in iPhone applications by Satish Bommisetty

''' Speakers: '''

'''Rohit Tamma'''
Rohit Tamma has been working in the field of Application Security since 3.5 years. He has experience in Vulnerability Assessments and Penetration Testing of web applications. He is passionate about Mobile security with special interest in Android security. He is currently working with ADP.

'''Satish Bommisetty'''
Satish is an Information Security Professional with 6.5 years of experience in penetration testing of web applications and mobile applications. He is currently working with ADP as a security analyst. He is a Facebook whitehat. He also reported vulnerabilities in Bing, Linkedin and Paypal.

== October 27, 2012 ==

'''Date & Time: Saturday, October 27, 2012 at 11:00 AM (IST) '''.

'''Venue:'''

Invesco private Limited 
15th Floor , North Block, Beside Raidurg Police Station 
DivyaSree Orion SEZ 
Hyderabad, Andhra Pradesh 500032 

'''Agenda:'''

A bird'd eye view of securing Web Applications by Imran Mohammed

SSDLC BSIMM by M S Sripathi

''' Speakers '''

'''Imran Mohammed'''

Mohammed Imran works as Researcher at TCS, Innovation Labs. He also leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Imran is a CEH and his interests include application security assessment, penetration testing and secure code review. When not at work he practices horse riding and marksmanship.

'''Sreepati M S '''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him .

'''Sponsor'''

Invesco Pvt Ltd

== August 11, 2012 ==

'''Date & Time: Saturday, Aug 11, 2012 at 10:30 AM '''.

'''Venue:'''

ADP pvt ltd 
Kothaguda 
Ground floor, Block C Laxmi cyber city Opposite TCS e-park 
Hyderabad, Andhra Pradesh 500081 

'''Agenda:'''

HTML5 Security Part II by Krishna Chaitanya

''' Speakers '''

'''Krishna Chaitanya T'''

Krishna Chaitanya T is a web geek working at Security & Privacy Research Lab, Infosys Labs. He is very much passionate about the web with special interest on Web security and areas such as HTML5, JavaScript, Web browsers, social networking platforms etc. He is a regular blogger and speaker at technical events. For his contributions to technical communities, he has been awarded Microsoft MVP award for 3 consecutive years-ASP.NET MVP(2010) and Internet Explorer MVP (2011, 2012). He is also pursuing M.S by Research at IIIT-Hyd with focus on security aspects of the modern web. When not at work he practices Yoga and plays Chess.

'''Sponsor'''

https://www.owasp.org/images/9/91/Adp.jpg

== May 19, 2012 ==

'''Date & Time: Saturday, May 19, 2012 at 10:30 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

HTML5 Security by Krishna Chaitanya

''' Speakers '''

'''Krishna Chaitanya T'''

Krishna Chaitanya T is a web geek working at Security & Privacy Research Lab, Infosys Labs. He is very much passionate about the web with special interest on Web security and areas such as HTML5, JavaScript, Web browsers, social networking platforms etc. He is a regular blogger and speaker at technical events. For his contributions to technical communities, he has been awarded Microsoft MVP award for 3 consecutive years-ASP.NET MVP(2010) and Internet Explorer MVP (2011, 2012). He is also pursuing M.S by Research at IIIT-Hyd with focus on security aspects of the modern web. When not at work he practices Yoga and plays Chess.

== February 25, 2012 ==

'''Date & Time: Saturday, February 25, 2012 at 11:00 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

How to find zero days in web applications by Imran & Raghunath

''' Speakers '''

'''Mohammed Imran'''

Imran works as Application Security Researcher at Tata consultancy services,leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Apart from his day job he contributes to matriux and Fedora open source projects. Imran is a CEH and his interests include application security assessment, penetration testing and code review.

'''Raghunath'''

Raghunath works as a senior security engineer at entersoft information systems private limited. His interests include web application penetration testing.

== December 17, 2011 ==

'''Date & Time: Saturday, at 10:30 AM '''.

'''Venue: '''

Hotel Sitara Grand 
Road No.12, Road No.12, Banjara Hills 
Hyderabad, Andhra Pradesh 500034, India 

'''Agenda:'''

Cloud Security by Arshad Noor

''' Speakers '''

'''Arshad Noor'''
Chief Technology Officer
StrongAuth, Inc., Sunnyvale, California

Started his great profession as a senior systems designer way back in 1986 at Port Authority of Newyork and New Jersey,- Newyork and worked in Citibank - newyork as Vice President apart from Newyork Life Insurance, BASF Corporation, Sun IT ,Sun Microsystems, INC to name.
Architected and built several Public Key Infrastructure (PKI) assignments for several defense, communication, medical, Banking, e-commerce, life sciences and other industries.

== November 12, 2011==

'''Date & Time: Saturday, at 10:30 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

HP WebInspect by Rohit Tamma

Pentesting Iphone Applications By B Satish

''' Speakers '''

'''Rohit Tamma'''

Rohit Tamma (CEH) has been working as a Application security Analyst in TCS from past 2 years. His job responsibilities include Vulnerability Assessment and Penetration Testing which enabled him to acquire extensive knowledge on HP WebInspect,IBM Rational Appscan Source Edition and HP Assessment Management Platform. Recently he also gave a presentation in Null Hyderabad meet on HP WebInspect.

'''Satish B'''

Satish has been working as a web application penetration tester since 5 years. Pentested over 200 web applications during this period. Recently he got involved in reverse engineering of binaries, WLAN security and mobile application hacking. He also Performed a couple of network assessments and source code reviews. Developed a compiler in the early stage of the career. He has a Bachelor’s Degree in Computer Science from JNTU, Hyderabad.Passionate about hacking and sharing knowledge.

== 20th August 2011 ==

'''Date & Time: Saturady, at 11 AM '''

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

Oracle Padding Attack by B. Satish

Open SAM part II by Sripati MS

''' Speakers '''

'''B Satish'''

I have been working as a web application penetration tester since 5 years. Pentested over 200 web applications during this period. Recently got involved in reverse engineering of binaries, WLAN security and mobile application hacking. Performed a couple of network assessments and source code reviews. Developed a compiler in the early stage of the career. I have a Bachelor’s Degree in Computer Science from JNTU, Hyderabad. Passionate about hacking and sharing knowledge

'''Sreepati M S'''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him

== July 2011 ==

'''Date: 23/07/2011 saturady of at 12:00 Noon '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

Presentation on Burp Suite by Omair Seminar on Open SAM by Sreepati

''' Speakers '''

'''Sreepati M S '''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him

 

'''Omair '''

Omair works as penetration tester in NII consulting, has over 5 years of experience in Penetration testing. His interests include Network Penetration testing, Exploit generation and Reverse engineering

 ''' Facility Sponsor & Refreshment sponsor'''

3i Infotech

[[Image:3i Infotech.png]]

 

== june 2011 ==

'''Meet on:''' 11/06/2011 saturday

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Facility Sponsor & Refreshment sponsor''' 

Cognizant Technology Solutions

 

[[Image:Cognizant.png|273x86px|Cognizant.png]]

 

== May 2011 ==

'''Meet on:''' 07/05/2011 saturday

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

XSS Autopsy and w3af by Imran

''' Speakers '''

'''Mohammed Imran'''

Imran works as Application Security Researcher at Tata consultancy services,leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Apart from his day job he contributes to matriux and Fedora open source projects. Imran is a CEH and his interests include application security assessment, penetration testing and code review.

'''Sponsor''' 

Cognizant Technology Solutions

 

==== Audio/Video/Slides Archive ====

<paypal>Hyderabad</paypal>

__NOTOC__ <headertabs></headertabs>

[[Category:OWASP_Chapter]]
[[Category:Asia/Pacific/Middle East]]
[[Category:India]]
[[Category:Hyderabad]]

Hyderabad

2019-02-16T06:40:04Z

Raj Shalem: /* OWASP - Hyderabad Chapter Board Members */

Welcome to the OWASP Hyderabad chapter homepage.

== OWASP - Hyderabad Chapter Board Members ==
Scope of the board is to discuss and approve local activities, meetings and plans.The board meetings will be announced at a later date. 

'''The board currently includes the following members :'''

''Core Team Members - 2017'' [mailto:gshalemraj@gmail.com Shalem Raj - Cognizant Technology Solutions] : Chapter Leader [mailto:rajesh.gopal@owasp.org Rajesh Gopal - Fortune 500 Organisation] [mailto:bhaskar.puppala@owasp.org Bhaskar Puppala - Fortune 500 Organisation] [mailto:sathya.achanta@owasp.org Achanta Sathya Phani Bapi Raju - CSC] [mailto:saikrishna.gobburi@owasp.org Saikrishna Gobburi - Pramati Technologies Pvt Ltd] 

Information about future meets can be seen in the '''''Upcoming Meetings''''' section below.

== '''Location Details''' ==

Hyderabad is the capital of southern India's Telangana state. A major center for the technology industry, it's home to many upscale restaurants and shops. Its historic sites include Golconda Fort, a former diamond-trading center that was once the Qutb Shahi dynastic capital. The Charminar, a 16th-century mosque whose 4 arches support towering minarets, is an old city landmark near the long-standing Laad Bazaar.

[[File:Hydskyline.jpg|Panorama of Hyderabad, as seen from the Hussain Sagar lake. Source: https://en.wikipedia.org/wiki/Hyderabad#/media/File:Hydskyline.jpg|center|1150x1150px]]

More details about Hyderabad location available @https://en.wikipedia.org/wiki/Hyderabad<nowiki/>{{Chapter Template|chaptername=Hyderabad|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-hyderabad|emailarchives=http://lists.owasp.org/pipermail/owasp-hyderabad}}
== Participants ==

OWASP Local Chapter meetings are free and open. Our chapter's meetings are informal and encourage open discussion of all aspects of application security. Anyone in our area interested in web application security is welcome to attend. We encourage attendees to give short presentations about specific topics.

 Stay Updated

'''[https://lists.owasp.org/mailman/listinfo/owasp-hyderabad Click here to join the local chapter mailing list]'''

'''Follow''' OWASP Hyderabad on your favorite social media sites:

[[Image:Twitter mini.png|link=http://twitter.com/OWASPHyderabad]] [[Image:Facebook mini.png|link=https://www.facebook.com/pages/Owasp-Hyderabad/181569591897591]]

'''Share''' OWASP Hyderabad on your favorite social media sites:

Presentations are invited from speakers, Please contacts us at our Telegram Group @https://goo.gl/EHqdLM

(Don't share personal details like contact numbers here, because its an open group, your privacy is our concern)

Presenters are encouraged to use OWASP presentation template for slides preparation.

Follow us at our Telegram, Twitter and Facebook handles to get latest information !

== Presentations and Training[edit | edit source] ==
OWASP Track

[https://www.owasp.org/index.php/Speaker_Agreement Speaker Agreement]

Presentation Template.

[https://www.owasp.org/index.php/Image:CFP_template.doc Call For Papers Template]

[https://www.owasp.org/images/8/85/OWASP_CFT_Template-1-.doc Call For Training proposal template].

[http://www.owasp.org/images/4/4b/SAMPLE_Training_Instructor_Agreement.doc Training Instructor Agreement]

== '''Upcoming Meetings & Events''' ==
''Stay tuned for 2018 updates - Exciting activities are under plan !''

== [[Meeting]] Details: ==

== Mar - 2019 - One-Day Conference ==
'''Organized''' '''by''' : S&P Global and Ness

'''Date :''' 09/Mar/2019

'''Timings :''' 10.00 AM to 05.30 PM IST

'''Venue :''' @Ness Software Engineering Services India ,LLP, 4th Floor, Block 5, East Tower, '''North wing Divyasree NSL Infrastructure Pvt''', ,Sy No.66/1, Raidurgam Village, Serlingampally Mandal, RR Dist, Hyderabad-500032, Telangana, India

'''Registration Link:''' Will be published soon
{| class="wikitable"
|'''Registration & Networking'''
|-
|Welcome and Overview by OWASP Core Team:

''Felicitation to Guest of Honor: '''G Janaki Sharmila, IPS''' - Dy. Commissioner of Police - Crime''

''Welcome note by S&P Global Team''
|-
|'''Authentication in API, Microservices Architecture''' '''and Cloud Security''' – By ''Varun Kumar Srivastava'':

Varun is principal Engineer with 9 + years of experience in developing and securing web applications and expertise in Application Security, Identity and Access management, He is a computer science graduate from IIT
|-
|'''Secure Software Development: Executive Briefing''' – By Satish Kumar Vadlakonda: Satish is Associate Director with 12 + years of broad industry experience in to software design, architecture and development. Specialized in Web and Windows applications development with a strong acquaintance to the best practices of Agile, UX, UI and Information security
|-
|Refreshments / Tea Break
|-
|'''''Panel Discussion''''' ''(Cybersecurity Readiness – Maturity and Capability)''

Dr. Bheemarjuna Reddy Tamma - Associate Professor, IIT Hyderabad

Dr. V. Radha, Associate Professor, Institute for Development and Research in Banking Technology (IDRBT)

Mr. Veeraindhra Dinker, Director Information Security at GSS Infotech Hyderabad
|-
|'''Networking Lunch -'''

'''Registrations for Onsite Hackathon by Secure Code Warrior'''
|-
|'''An Introduction to IOT firmware analysis and Security''' – By ''Vivek Rengarajan:''

Vivek is a cybersecurity team leader in a multinational bank with almost 18 years of experience. He has held varied roles in his career and has been a cyber security enthusiast for a long time. His areas of interest include mobile and ioT security, Malware analysis and reverse engineering and exploit development. He tweets at @vivek_310
|-
|Refreshments / Tea Break
|-
|'''''Onsite Hackathon (CTF) by''''' '''''Secure Code Warrior''': '''(3 Hours)'''''

''Secure Code Warrior is a global security company that makes software development better and more secure: Gamified competitive Developer Quality Assurance platform''

<nowiki>https://securecodewarrior.com</nowiki> , <nowiki>https://insights.securecodewarrior.com/</nowiki>

'''Announcement of the winners and Prize distribution'''
|-
|'''Vote of Thanks'''

Closing: Network Business / Announce Next Meeting – By OWASP Team
|-
|Meeting Concludes: ''Network Social''
|}

== Dec - 2018 ==
[[File:Session Photo.jpg|thumb]]
[[File:Group Photo.jpg|thumb]]
'''Organized''' '''by''' : ThoughtWorks Technologies Private Limited

'''Date :''' 15/Dec/2018

'''Timings :''' 10.00 AM to 1.00 PM IST

'''Venue :''' ThoughtWorks Technologies Private Limited, Hyderabad, Telangana, India

'''Registration Link:''' https://www.eventbrite.com/e/owasp-hyderabad-december-2018-chapter-meet-tickets-53371662078#

'''Agenda:'''

'''1) All about Java Deserialization Vulnerability'''

Java Deserialization of untrusted data has been a security buzzword for the past couple of years with almost every application using native Java serialization framework being vulnerable to Java deserialization attacks. Since it's inception, there have been many scattered attempts to come up with a solution to best address this flaw. In this talk we will focus on Java deserialization vulnerability and mitigation framework provided by Oracle in its latest JDK.

'''About Speakers:''' Venkata Suresh Sanga is a Principle Security Engineer in Oracle having more than 13+ years of experience in Application Development and Security. Currently working on SAST Tools to remediate or mitigate the Application Vulnerabilities. He has Masters in Computer Science (M.Tech) from Andhra University. Linkedin : <nowiki>https://in.linkedin.com/in/svsuresh-appse</nowiki>

'''Our Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Our Twitter URL:''' https://twitter.com/owasphyderabad

'''Our Telegram URL:''' https://goo.gl/EHqdLM

== Sept-2018 - One-Day Conference ==
'''Organized''' '''by''' : S&P Global and Ness

'''Date :''' 01/Sept/2018

'''Timings :''' 10.00 AM to 05.30 PM IST

'''Venue :''' @Ness Software Engineering Services India ,LLP, 4th Floor, Block 5, East Tower, '''North wing Divyasree NSL Infrastructure Pvt''', ,Sy No.66/1, Raidurgam Village, Serlingampally Mandal, RR Dist, Hyderabad-500032, Telangana, India

'''Registration Link:'''

https://www.meraevents.com/event/owasp-hyderabad-september-2018-chapter-meet?ucode=organizer

'''Agenda:'''
{| class="wikitable"
|'''Registration & Networking'''
|-
|Welcome and Overview by OWASP Core Team

Welcome note by S&P Global Team

Welcome & Overview of Meeting by OWASP Network Representative
|-
|'''Running Frida on jailed devices by using Frida and to bypass root/jailbreak detection – By Satish Kumar Patnayak'''

About Speaker : Information Security Consultant with 7+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. His areas of interest are android security, ios security
|-
|Refreshments / Tea Break
|-
|'''SSRF Exploit Development – By Aayush Deo'''

About Speaker : Good industry experience in information security and completed my BE from PUNE University. Have worked with shopclues.com, an eCommerce company in the past and have couple of Hall of Fame’s on ZETA, Paytm etc.
|-
|Networking Lunch
|-
|'''Mobile Vulnerabilities worth Millions - Pentesting and Securing iOS Apps using OWASP iGoat – By Swaroop Deepak Yermalkar'''

About Speaker : works as Sr Security Engineer with a diverse skill set focused on Mobile App Pentest, Web, API and AWS Pentesting. In addition he has authored the popular book “Learning iOS Pentesting” (<nowiki>https://goo.gl/T8jvjJ</nowiki>) and lead an open source project - OWASP iGoat (<nowiki>https://github.com/OWASP/iGoat-Swift</nowiki>) which is developed for mobile security. He is one of the top bug bounty researchers worldwide, working with Cobalt.io (<nowiki>https://app.cobalt.io/swaroopsy</nowiki>), Synack.inc.

He has given talks and workshops at many security conferences including AppSec USA 2017, BruCON, SEC-T, EuropeanSec, Hacks in Taiwan (HITCON), GroundZero, c0c0n, 0x90, GNUnify
|-
|'''OS Command Injection - Observation, Attack & Analysis (A1 - OWASP Top 10 2017) - By Bhaskar Puppala and Saikrishna Gobburi'''

About Speaker: Bhaskar Puppala is an Information Security Professional, working as a consultant for a fortune 500 company and has 8.5 years of experience. He is more interested in application security area and love to share his knowledge when possible. He also has some experience in bug bounty programs and listed on couple of Security Hall of Fames.

For more details please visit : <nowiki>https://in.linkedin.com/in/bhaskar-puppala-3bb11316</nowiki>

About Speaker: Saikrishna Gobburi has around 8.5 years of work experience on QA automation, performance and security testing .Currently he is working as Principal engineer with Pramati technologies. He is also associated as core member with OWASP-Hyderabad.

For more details please visit: <nowiki>https://www.linkedin.com/in/saikrishna-gobburi-b0088118/</nowiki>
|-
|Refreshments / Tea Break
|-
|Panel Discussion – Corporate attack methodology vs Attacks in the wild (Resource pool: Demand vs Supply)
Panel to be announced
|-
|Closing - Network Business / Announce Next Meeting – By OWASP Team
|-
|''Network Social''
|}
'''Sponsor :'''

[[File:SP.png|thumb|168x168px|Sponsor]]

== July - 2018[edit | edit source] ==
'''Time & Venue:'''
[[File:July 2018 Core Team meet.jpg|thumb|July 2018 Core Team Meet]]
@28/July/2018

CCD, Banjara Hills, Hyderabad, Telangana.

'''Agenda:'''

1. Planning for Sep 2018 OWASP meet - '''Done'''

2. Telegraph Group Mentoring - '''Done'''

3. Speakers Finalizing - '''Done'''

'''Attendees : Hyderabad OWASP Core Team'''

[[File:CoMakeIT - June 2018 Meet Pic 2.jpg|thumb|CoMakeIT - June 2018 Meet]]

== June - 2018 ==
[[File:CoMakeIT - June 2018 Meet.jpg|alt=CoMakeIT - June 2018 Meet|thumb|CoMakeIT - June 2018 Meet]]
'''Venue: coMakeIT Software Pvt Ltd'''

Address: 7th Floor, Block-I, My Home Hub, Hitech City, Madhapur, Hyderabad, INDIA

'''Event Start Time:''' Saturday, 23rd June, 2018 at 10:00 AM (IST)

'''Event Registration URL''': https://tinyurl.com/yc9cb6hg

'''Agenda:'''

'''1) Adapting to DevSecOps in Agile World'''

In this talk, speaker will try talk about basics of DevSecOps and its benefits when we integrate it in Agile SDLC space.

'''2) Understanding the internals of 'Server-Side Request Forgery' (SSRF)'''

Here speaker will try to touch the basics about how application communicates with end devices and using the same he will try to explain SSRF issue and criticality of it, if exploited.

'''About Speakers:'''

'''1) Saikrishna Gobburi''' has around 8.5 years of work experience on QA automation, performance and security testing .Currently he is working as Principle engineer with Pramati technologies. He is also associated as core member with OWASP-Hyderabad. For more details please visit: <nowiki>https://www.linkedin.com/in/saikrishna-gobburi-b0088118/</nowiki>

'''2) Bhaskar Puppala''' is an Information Security Professional, working as a consultant for a fortune 500 company and has 8.5 years of experience. He is more interested in application security area and love to share his knowledge when possible. He also has some experience in bug bounty programs and listed on couple of Security Hall of Fames. For more details please visit : <nowiki>https://in.linkedin.com/in/bhaskar-puppala-3bb11316</nowiki>

'''Our Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Our Twitter URL:''' https://twitter.com/owasphyderabad

'''Our Telegram URL:''' https://goo.gl/EHqdLM

== Mar - 2018 ==
[[File:Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet.jpg|alt=Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet|thumb|Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet]]
'''Venue: Daspalla Hotel'''
[[File:Daspalla_Hotel_-_Meet.jpg|thumb|Daspalla Hotel Meet - Mar 2018]]

Address: Rd Number 37, CBI Colony, Jubilee Hills, Hyderabad, Telangana 500033, Phone: 040 6654 5678

'''Event Start Time:''' Saturday, 10th Mar, 2018 at 10:00 AM (IST)

'''Agenda:'''

'''1) Does your Pentesting cover all the basis of IT Security ?'''

This talk focuses on how to align the security validation of a web application with the three basic elements of security namely,Confidentiality,Integrity, and Availability (CIA). The test effectiveness can be achieved by analyzing the requirements of each element and identifying the potential breaches that can compromise each element. The efficiency should be built by relating these breaches with the known OWASP Top 10 and other vulnerabilities and, leveraging that knowledge to identify the testing approach - static and dynamic throughout the SDLC.

'''About Speakers:'''

'''Bhushan Gupta''' has over 30 years of experience in software engineering, 23 of which have been in the software industry. Although recognized for his contributions in the areas of software engineering such as agile processes and quality methods and metrics, Bhushan has taken a vigorous interest in web application security and is keen on applying pragmatic software development practices that yield a secure product. He is one of the leaders of the OWASP Portland Chapter. Bhushan has been a speaker, a panelist, and a reviewer for software quality and security organizations. As a change agent, Bhushan volunteers his time and energy for organizations that promote software security and quality. He has a MS degree in Computer Science from New Mexico Institute of Mining and Technology, Socorro, New Mexico, 1985.

'''Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Twitter URL:''' https://twitter.com/owasphyderabad

'''Telegram URL:''' https://goo.gl/EHqdLM

'''Registration URL:''' https://goo.gl/tEXnec

== Feb-2018 ==

=== '''Venue: coMakeIT''' ===
7th Floor, Block-I, My Home Hub, Hitech City, Madhapur, Hyderabad, INDIA

'''Time:''' Saturday, 03rd Feb, 2018 at 10:30 AM (IST)

'''Agenda:'''

1) Mobile Application Pentest & Mobile Application Ransomware

2) Using Static Analyser tools while coding

'''About Speakers:'''

1) '''Spv Reddy''' is an Application Security Analyst at '''IMImobile Pvt Ltd''', member of '''National Technical Committee Member''' at National Cyber Safety and Security Standards

Also a '''Steering Committee Lead''' Member in National Information Security Summit.

2) '''Dathu Rachapudi''' is having 9 years of experience with 6+ years into Application Security only. He is currently working with '''ValueLabs''' as a “Technical Lead-Security”

He likes to teach and a happy a bug hunter during his leisure time.

== Dec-2017 ==
[[File:WhatsApp Image 2017-12-15 at 11.09.39 PM.jpg|thumb]]
'''Time & Venue:'''

@15/Dec/2017

KFC location, Shilparamam, Hi-Tech city, Hyderabad

'''Agenda:'''

1. Planning for Jan 20th 2018 general OWASP meet - '''Done'''

2. Need to clear OWASP mail account - '''Done'''

'''Attendees : Hyderabad OWASP Core Team'''

== Sec-2017 ==
[[File:WhatsApp Image 2017-12-15 at 10.13.27 PM.jpg|thumb]]
'''Time & Venue:'''

@03/Sep/2017

Cafe Coffee day, Road Number 10, Banjara Hills, Hyderabad

'''Below decisions were made after careful discussions'''

1. Uploading of OWASP presentation template, speakers should make use of this template to prepare their presentation

2. Recording the technical demo is mandate for presenters

'''Attendees : Hyderabad OWASP Core Team'''

== July 2017 ==
'''Time & Venue:'''

OpenText Technologies, Building No-14, 3rd Floor, Raheja Mindspace, HITEH City, Hyderabad

Saturday, July 15th, 2017 at 10:30 AM (IST)

'''Agenda:'''

1. Introduction to DevOps and its Tools - Krishna Reddy Pedala

2. API Security Auditing using RESTED Plug-in - Vikas Kumar Pal

'''About the speaker:'''

'''Krishna Reddy Pedala''' is currently working as an Sr.Information Security consultant in financial sector. His previous endeavour was with Microsoft and has 9+ years of experience in Information security domain with expertise in service industry and banking domains.

'''Vikas Kumar Pal''' is an information security professional working with Ceredox Technologies Pvt Ltd, Hyderabad with an interest in research and development in the areas of Application Security, Penetration Testing and Web Application Development.

== Feb 2017 ==

'''Time & Venue:'''

Starbucks, Opp: Cybergateway, HiTech City, Hyderbad

Monday, February 20th, 2017 at 7.30 PM (IST)

'''Agenda:'''

Topic: New Core Team Meeting

Road map for year 2017

Changes in core team members responsibilities

Getting OWASP accounts for core members

Administration of all social accounts of OWASP Hyderabad Chapter

== April 2016 ==
'''Time & Venue:'''

OpenText Technologies, Building No-14, 3rd Floor, Raheja Mindspace, HITEH City, Hyderabad

Saturday, April 2nd, 2016 at 10:30 AM (IST)

'''Agenda:'''

Topic: Mobile application security and testing by Satish Kumar Patnaik

About the speaker - Satish Kumar Patnayak : he is currently working as an Senior Information Security Consultant financial sector and has 5+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. His areas of interest are android security, ios security.

==February 2016==

'''Time & Venue:'''

Saturday, February 27th, 2016 at 10:30 AM (IST)

Location: Pramati Technologies Private Limited, Mid Town 6-3-348 Road No. 1, Banjara Hills, Hyderabad, Telangana, India

'''Agenda:'''

Microsoft Threat Modeling Tool 2016 by Krishna Reddy Padala

Creating DFD STRIDE Model Identifying STRIDE Threats by DFD, Mitigation Techniques and Technologies

'''About the speaker:''' Krishna Reddy Padala, he is currently working as an Senior Information Security Consultant financial sectore and worked with Microsoft and has 8+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. QUALYS GUARD Certified Vulnerability Management Specialist.Certified Ethical Hacker from EC Council.Worked extensively on Web Application Security, Secure Code Reviews in Banking & Financial, Healthcare, Retail, Logistics domains.

== '''Previous Meets:''' ==

==May 11, 2013==

'''Venue:'''

CA Technologies, 115, IT Park Area, Nanakramguda, Gachibowli - (Phone - 040 6687 8000), Hyderabad

'''Agenda:''' Exploiting Java 0-day by Ravindra and Raghuveer, CA Technologies Compliance and Governance by Shalem Raj, Cognizant.

==February 9, 2013==

'''Date & Time: Saturday, February 9, 2013 from 10:00 AM to 1:00 PM '''

'''Venue:'''
CA Technologies 
115, IT Park Area 
Nanakramguda, Gachibowli - (Phone - 040 6687 8000) 
Hyderabad

'''Agenda:'''
IBM Appscan - An automated approach to web app security by Rohit Tamma 
Insecure Storage in iPhone applications by Satish Bommisetty

''' Speakers: '''

'''Rohit Tamma'''
Rohit Tamma has been working in the field of Application Security since 3.5 years. He has experience in Vulnerability Assessments and Penetration Testing of web applications. He is passionate about Mobile security with special interest in Android security. He is currently working with ADP.

'''Satish Bommisetty'''
Satish is an Information Security Professional with 6.5 years of experience in penetration testing of web applications and mobile applications. He is currently working with ADP as a security analyst. He is a Facebook whitehat. He also reported vulnerabilities in Bing, Linkedin and Paypal.

== October 27, 2012 ==

'''Date & Time: Saturday, October 27, 2012 at 11:00 AM (IST) '''.

'''Venue:'''

Invesco private Limited 
15th Floor , North Block, Beside Raidurg Police Station 
DivyaSree Orion SEZ 
Hyderabad, Andhra Pradesh 500032 

'''Agenda:'''

A bird'd eye view of securing Web Applications by Imran Mohammed

SSDLC BSIMM by M S Sripathi

''' Speakers '''

'''Imran Mohammed'''

Mohammed Imran works as Researcher at TCS, Innovation Labs. He also leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Imran is a CEH and his interests include application security assessment, penetration testing and secure code review. When not at work he practices horse riding and marksmanship.

'''Sreepati M S '''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him .

'''Sponsor'''

Invesco Pvt Ltd

== August 11, 2012 ==

'''Date & Time: Saturday, Aug 11, 2012 at 10:30 AM '''.

'''Venue:'''

ADP pvt ltd 
Kothaguda 
Ground floor, Block C Laxmi cyber city Opposite TCS e-park 
Hyderabad, Andhra Pradesh 500081 

'''Agenda:'''

HTML5 Security Part II by Krishna Chaitanya

''' Speakers '''

'''Krishna Chaitanya T'''

Krishna Chaitanya T is a web geek working at Security & Privacy Research Lab, Infosys Labs. He is very much passionate about the web with special interest on Web security and areas such as HTML5, JavaScript, Web browsers, social networking platforms etc. He is a regular blogger and speaker at technical events. For his contributions to technical communities, he has been awarded Microsoft MVP award for 3 consecutive years-ASP.NET MVP(2010) and Internet Explorer MVP (2011, 2012). He is also pursuing M.S by Research at IIIT-Hyd with focus on security aspects of the modern web. When not at work he practices Yoga and plays Chess.

'''Sponsor'''

https://www.owasp.org/images/9/91/Adp.jpg

== May 19, 2012 ==

'''Date & Time: Saturday, May 19, 2012 at 10:30 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

HTML5 Security by Krishna Chaitanya

''' Speakers '''

'''Krishna Chaitanya T'''

Krishna Chaitanya T is a web geek working at Security & Privacy Research Lab, Infosys Labs. He is very much passionate about the web with special interest on Web security and areas such as HTML5, JavaScript, Web browsers, social networking platforms etc. He is a regular blogger and speaker at technical events. For his contributions to technical communities, he has been awarded Microsoft MVP award for 3 consecutive years-ASP.NET MVP(2010) and Internet Explorer MVP (2011, 2012). He is also pursuing M.S by Research at IIIT-Hyd with focus on security aspects of the modern web. When not at work he practices Yoga and plays Chess.

== February 25, 2012 ==

'''Date & Time: Saturday, February 25, 2012 at 11:00 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

How to find zero days in web applications by Imran & Raghunath

''' Speakers '''

'''Mohammed Imran'''

Imran works as Application Security Researcher at Tata consultancy services,leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Apart from his day job he contributes to matriux and Fedora open source projects. Imran is a CEH and his interests include application security assessment, penetration testing and code review.

'''Raghunath'''

Raghunath works as a senior security engineer at entersoft information systems private limited. His interests include web application penetration testing.

== December 17, 2011 ==

'''Date & Time: Saturday, at 10:30 AM '''.

'''Venue: '''

Hotel Sitara Grand 
Road No.12, Road No.12, Banjara Hills 
Hyderabad, Andhra Pradesh 500034, India 

'''Agenda:'''

Cloud Security by Arshad Noor

''' Speakers '''

'''Arshad Noor'''
Chief Technology Officer
StrongAuth, Inc., Sunnyvale, California

Started his great profession as a senior systems designer way back in 1986 at Port Authority of Newyork and New Jersey,- Newyork and worked in Citibank - newyork as Vice President apart from Newyork Life Insurance, BASF Corporation, Sun IT ,Sun Microsystems, INC to name.
Architected and built several Public Key Infrastructure (PKI) assignments for several defense, communication, medical, Banking, e-commerce, life sciences and other industries.

== November 12, 2011==

'''Date & Time: Saturday, at 10:30 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

HP WebInspect by Rohit Tamma

Pentesting Iphone Applications By B Satish

''' Speakers '''

'''Rohit Tamma'''

Rohit Tamma (CEH) has been working as a Application security Analyst in TCS from past 2 years. His job responsibilities include Vulnerability Assessment and Penetration Testing which enabled him to acquire extensive knowledge on HP WebInspect,IBM Rational Appscan Source Edition and HP Assessment Management Platform. Recently he also gave a presentation in Null Hyderabad meet on HP WebInspect.

'''Satish B'''

Satish has been working as a web application penetration tester since 5 years. Pentested over 200 web applications during this period. Recently he got involved in reverse engineering of binaries, WLAN security and mobile application hacking. He also Performed a couple of network assessments and source code reviews. Developed a compiler in the early stage of the career. He has a Bachelor’s Degree in Computer Science from JNTU, Hyderabad.Passionate about hacking and sharing knowledge.

== 20th August 2011 ==

'''Date & Time: Saturady, at 11 AM '''

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

Oracle Padding Attack by B. Satish

Open SAM part II by Sripati MS

''' Speakers '''

'''B Satish'''

I have been working as a web application penetration tester since 5 years. Pentested over 200 web applications during this period. Recently got involved in reverse engineering of binaries, WLAN security and mobile application hacking. Performed a couple of network assessments and source code reviews. Developed a compiler in the early stage of the career. I have a Bachelor’s Degree in Computer Science from JNTU, Hyderabad. Passionate about hacking and sharing knowledge

'''Sreepati M S'''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him

== July 2011 ==

'''Date: 23/07/2011 saturady of at 12:00 Noon '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

Presentation on Burp Suite by Omair Seminar on Open SAM by Sreepati

''' Speakers '''

'''Sreepati M S '''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him

 

'''Omair '''

Omair works as penetration tester in NII consulting, has over 5 years of experience in Penetration testing. His interests include Network Penetration testing, Exploit generation and Reverse engineering

 ''' Facility Sponsor & Refreshment sponsor'''

3i Infotech

[[Image:3i Infotech.png]]

 

== june 2011 ==

'''Meet on:''' 11/06/2011 saturday

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Facility Sponsor & Refreshment sponsor''' 

Cognizant Technology Solutions

 

[[Image:Cognizant.png|273x86px|Cognizant.png]]

 

== May 2011 ==

'''Meet on:''' 07/05/2011 saturday

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

XSS Autopsy and w3af by Imran

''' Speakers '''

'''Mohammed Imran'''

Imran works as Application Security Researcher at Tata consultancy services,leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Apart from his day job he contributes to matriux and Fedora open source projects. Imran is a CEH and his interests include application security assessment, penetration testing and code review.

'''Sponsor''' 

Cognizant Technology Solutions

 

==== Audio/Video/Slides Archive ====

<paypal>Hyderabad</paypal>

__NOTOC__ <headertabs></headertabs>

[[Category:OWASP_Chapter]]
[[Category:Asia/Pacific/Middle East]]
[[Category:India]]
[[Category:Hyderabad]]

Hyderabad

2019-02-16T06:33:18Z

Raj Shalem:

Welcome to the OWASP Hyderabad chapter homepage.

== OWASP - Hyderabad Chapter Board Members ==
Scope of the board is to discuss and approve local activities, meetings and plans.The board meetings will be announced at a later date. 

'''The board currently includes the following members :'''

''Core Team Members - 2017'' [mailto:gshalemraj@gmail.com Shalem Raj - Cognizant Technology Solutions] : Chapter Leader [mailto:rajesh.gopal@owasp.org Rajesh Gopal - Fortune 500 Organisation] [mailto:bhaskar.puppala@owasp.org Bhaskar Puppala - Fortune 500 Organisation] [mailto:sathya.achanta@owasp.org Achanta Sathya Phani Bapi Raju - CSC] [mailto:saikrishna.gobburi@owasp.org Saikrishna Gobburi - Pramati Technologies Pvt Ltd] 

Information about future meets can be seen in the '''''Upcoming Meetings''''' section below.

== '''Location Details''' ==

Hyderabad is the capital of southern India's Telangana state. A major center for the technology industry, it's home to many upscale restaurants and shops. Its historic sites include Golconda Fort, a former diamond-trading center that was once the Qutb Shahi dynastic capital. The Charminar, a 16th-century mosque whose 4 arches support towering minarets, is an old city landmark near the long-standing Laad Bazaar.

[[File:Hydskyline.jpg|Panorama of Hyderabad, as seen from the Hussain Sagar lake. Source: https://en.wikipedia.org/wiki/Hyderabad#/media/File:Hydskyline.jpg|center|1150x1150px]]

More details about Hyderabad location available @https://en.wikipedia.org/wiki/Hyderabad<nowiki/>{{Chapter Template|chaptername=Hyderabad|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-hyderabad|emailarchives=http://lists.owasp.org/pipermail/owasp-hyderabad}}
== Participants ==

OWASP Local Chapter meetings are free and open. Our chapter's meetings are informal and encourage open discussion of all aspects of application security. Anyone in our area interested in web application security is welcome to attend. We encourage attendees to give short presentations about specific topics.

 Stay Updated

'''[https://lists.owasp.org/mailman/listinfo/owasp-hyderabad Click here to join the local chapter mailing list]'''

'''Follow''' OWASP Hyderabad on your favorite social media sites:

[[Image:Twitter mini.png|link=http://twitter.com/OWASPHyderabad]] [[Image:Facebook mini.png|link=https://www.facebook.com/pages/Owasp-Hyderabad/181569591897591]]

'''Share''' OWASP Hyderabad on your favorite social media sites:

Presentations are invited from speakers, Please contacts us at our Telegram Group @https://goo.gl/EHqdLM

(Don't share personal details like contact numbers here, because its an open group, your privacy is our concern)

Presenters are encouraged to use OWASP presentation template for slides preparation.

Follow us at our Telegram, Twitter and Facebook handles to get latest information !

== '''Upcoming Meetings & Events''' ==
''Stay tuned for 2018 updates - Exciting activities are under plan !''

== [[Meeting]] Details: ==

== Mar - 2019 - One-Day Conference ==
'''Organized''' '''by''' : S&P Global and Ness

'''Date :''' 09/Mar/2019

'''Timings :''' 10.00 AM to 05.30 PM IST

'''Venue :''' @Ness Software Engineering Services India ,LLP, 4th Floor, Block 5, East Tower, '''North wing Divyasree NSL Infrastructure Pvt''', ,Sy No.66/1, Raidurgam Village, Serlingampally Mandal, RR Dist, Hyderabad-500032, Telangana, India

'''Registration Link:''' Will be published soon
{| class="wikitable"
|'''Registration & Networking'''
|-
|Welcome and Overview by OWASP Core Team:

''Felicitation to Guest of Honor: '''G Janaki Sharmila, IPS''' - Dy. Commissioner of Police - Crime''

''Welcome note by S&P Global Team''
|-
|'''Authentication in API, Microservices Architecture''' '''and Cloud Security''' – By ''Varun Kumar Srivastava'':

Varun is principal Engineer with 9 + years of experience in developing and securing web applications and expertise in Application Security, Identity and Access management, He is a computer science graduate from IIT
|-
|'''Secure Software Development: Executive Briefing''' – By Satish Kumar Vadlakonda: Satish is Associate Director with 12 + years of broad industry experience in to software design, architecture and development. Specialized in Web and Windows applications development with a strong acquaintance to the best practices of Agile, UX, UI and Information security
|-
|Refreshments / Tea Break
|-
|'''''Panel Discussion''''' ''(Cybersecurity Readiness – Maturity and Capability)''

Dr. Bheemarjuna Reddy Tamma - Associate Professor, IIT Hyderabad

Dr. V. Radha, Associate Professor, Institute for Development and Research in Banking Technology (IDRBT)

Mr. Veeraindhra Dinker, Director Information Security at GSS Infotech Hyderabad
|-
|'''Networking Lunch -'''

'''Registrations for Onsite Hackathon by Secure Code Warrior'''
|-
|'''An Introduction to IOT firmware analysis and Security''' – By ''Vivek Rengarajan:''

Vivek is a cybersecurity team leader in a multinational bank with almost 18 years of experience. He has held varied roles in his career and has been a cyber security enthusiast for a long time. His areas of interest include mobile and ioT security, Malware analysis and reverse engineering and exploit development. He tweets at @vivek_310
|-
|Refreshments / Tea Break
|-
|'''''Onsite Hackathon (CTF) by''''' '''''Secure Code Warrior''': '''(3 Hours)'''''

''Secure Code Warrior is a global security company that makes software development better and more secure: Gamified competitive Developer Quality Assurance platform''

<nowiki>https://securecodewarrior.com</nowiki> , <nowiki>https://insights.securecodewarrior.com/</nowiki>

'''Announcement of the winners and Prize distribution'''
|-
|'''Vote of Thanks'''

Closing: Network Business / Announce Next Meeting – By OWASP Team
|-
|Meeting Concludes: ''Network Social''
|}

== Dec - 2018 ==
[[File:Session Photo.jpg|thumb]]
[[File:Group Photo.jpg|thumb]]
'''Organized''' '''by''' : ThoughtWorks Technologies Private Limited

'''Date :''' 15/Dec/2018

'''Timings :''' 10.00 AM to 1.00 PM IST

'''Venue :''' ThoughtWorks Technologies Private Limited, Hyderabad, Telangana, India

'''Registration Link:''' https://www.eventbrite.com/e/owasp-hyderabad-december-2018-chapter-meet-tickets-53371662078#

'''Agenda:'''

'''1) All about Java Deserialization Vulnerability'''

Java Deserialization of untrusted data has been a security buzzword for the past couple of years with almost every application using native Java serialization framework being vulnerable to Java deserialization attacks. Since it's inception, there have been many scattered attempts to come up with a solution to best address this flaw. In this talk we will focus on Java deserialization vulnerability and mitigation framework provided by Oracle in its latest JDK.

'''About Speakers:''' Venkata Suresh Sanga is a Principle Security Engineer in Oracle having more than 13+ years of experience in Application Development and Security. Currently working on SAST Tools to remediate or mitigate the Application Vulnerabilities. He has Masters in Computer Science (M.Tech) from Andhra University. Linkedin : <nowiki>https://in.linkedin.com/in/svsuresh-appse</nowiki>

'''Our Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Our Twitter URL:''' https://twitter.com/owasphyderabad

'''Our Telegram URL:''' https://goo.gl/EHqdLM

== Sept-2018 - One-Day Conference ==
'''Organized''' '''by''' : S&P Global and Ness

'''Date :''' 01/Sept/2018

'''Timings :''' 10.00 AM to 05.30 PM IST

'''Venue :''' @Ness Software Engineering Services India ,LLP, 4th Floor, Block 5, East Tower, '''North wing Divyasree NSL Infrastructure Pvt''', ,Sy No.66/1, Raidurgam Village, Serlingampally Mandal, RR Dist, Hyderabad-500032, Telangana, India

'''Registration Link:'''

https://www.meraevents.com/event/owasp-hyderabad-september-2018-chapter-meet?ucode=organizer

'''Agenda:'''
{| class="wikitable"
|'''Registration & Networking'''
|-
|Welcome and Overview by OWASP Core Team

Welcome note by S&P Global Team

Welcome & Overview of Meeting by OWASP Network Representative
|-
|'''Running Frida on jailed devices by using Frida and to bypass root/jailbreak detection – By Satish Kumar Patnayak'''

About Speaker : Information Security Consultant with 7+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. His areas of interest are android security, ios security
|-
|Refreshments / Tea Break
|-
|'''SSRF Exploit Development – By Aayush Deo'''

About Speaker : Good industry experience in information security and completed my BE from PUNE University. Have worked with shopclues.com, an eCommerce company in the past and have couple of Hall of Fame’s on ZETA, Paytm etc.
|-
|Networking Lunch
|-
|'''Mobile Vulnerabilities worth Millions - Pentesting and Securing iOS Apps using OWASP iGoat – By Swaroop Deepak Yermalkar'''

About Speaker : works as Sr Security Engineer with a diverse skill set focused on Mobile App Pentest, Web, API and AWS Pentesting. In addition he has authored the popular book “Learning iOS Pentesting” (<nowiki>https://goo.gl/T8jvjJ</nowiki>) and lead an open source project - OWASP iGoat (<nowiki>https://github.com/OWASP/iGoat-Swift</nowiki>) which is developed for mobile security. He is one of the top bug bounty researchers worldwide, working with Cobalt.io (<nowiki>https://app.cobalt.io/swaroopsy</nowiki>), Synack.inc.

He has given talks and workshops at many security conferences including AppSec USA 2017, BruCON, SEC-T, EuropeanSec, Hacks in Taiwan (HITCON), GroundZero, c0c0n, 0x90, GNUnify
|-
|'''OS Command Injection - Observation, Attack & Analysis (A1 - OWASP Top 10 2017) - By Bhaskar Puppala and Saikrishna Gobburi'''

About Speaker: Bhaskar Puppala is an Information Security Professional, working as a consultant for a fortune 500 company and has 8.5 years of experience. He is more interested in application security area and love to share his knowledge when possible. He also has some experience in bug bounty programs and listed on couple of Security Hall of Fames.

For more details please visit : <nowiki>https://in.linkedin.com/in/bhaskar-puppala-3bb11316</nowiki>

About Speaker: Saikrishna Gobburi has around 8.5 years of work experience on QA automation, performance and security testing .Currently he is working as Principal engineer with Pramati technologies. He is also associated as core member with OWASP-Hyderabad.

For more details please visit: <nowiki>https://www.linkedin.com/in/saikrishna-gobburi-b0088118/</nowiki>
|-
|Refreshments / Tea Break
|-
|Panel Discussion – Corporate attack methodology vs Attacks in the wild (Resource pool: Demand vs Supply)
Panel to be announced
|-
|Closing - Network Business / Announce Next Meeting – By OWASP Team
|-
|''Network Social''
|}
'''Sponsor :'''

[[File:SP.png|thumb|168x168px|Sponsor]]

== July - 2018[edit | edit source] ==
'''Time & Venue:'''
[[File:July 2018 Core Team meet.jpg|thumb|July 2018 Core Team Meet]]
@28/July/2018

CCD, Banjara Hills, Hyderabad, Telangana.

'''Agenda:'''

1. Planning for Sep 2018 OWASP meet - '''Done'''

2. Telegraph Group Mentoring - '''Done'''

3. Speakers Finalizing - '''Done'''

'''Attendees : Hyderabad OWASP Core Team'''

[[File:CoMakeIT - June 2018 Meet Pic 2.jpg|thumb|CoMakeIT - June 2018 Meet]]

== June - 2018 ==
[[File:CoMakeIT - June 2018 Meet.jpg|alt=CoMakeIT - June 2018 Meet|thumb|CoMakeIT - June 2018 Meet]]
'''Venue: coMakeIT Software Pvt Ltd'''

Address: 7th Floor, Block-I, My Home Hub, Hitech City, Madhapur, Hyderabad, INDIA

'''Event Start Time:''' Saturday, 23rd June, 2018 at 10:00 AM (IST)

'''Event Registration URL''': https://tinyurl.com/yc9cb6hg

'''Agenda:'''

'''1) Adapting to DevSecOps in Agile World'''

In this talk, speaker will try talk about basics of DevSecOps and its benefits when we integrate it in Agile SDLC space.

'''2) Understanding the internals of 'Server-Side Request Forgery' (SSRF)'''

Here speaker will try to touch the basics about how application communicates with end devices and using the same he will try to explain SSRF issue and criticality of it, if exploited.

'''About Speakers:'''

'''1) Saikrishna Gobburi''' has around 8.5 years of work experience on QA automation, performance and security testing .Currently he is working as Principle engineer with Pramati technologies. He is also associated as core member with OWASP-Hyderabad. For more details please visit: <nowiki>https://www.linkedin.com/in/saikrishna-gobburi-b0088118/</nowiki>

'''2) Bhaskar Puppala''' is an Information Security Professional, working as a consultant for a fortune 500 company and has 8.5 years of experience. He is more interested in application security area and love to share his knowledge when possible. He also has some experience in bug bounty programs and listed on couple of Security Hall of Fames. For more details please visit : <nowiki>https://in.linkedin.com/in/bhaskar-puppala-3bb11316</nowiki>

'''Our Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Our Twitter URL:''' https://twitter.com/owasphyderabad

'''Our Telegram URL:''' https://goo.gl/EHqdLM

== Mar - 2018 ==
[[File:Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet.jpg|alt=Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet|thumb|Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet]]
'''Venue: Daspalla Hotel'''
[[File:Daspalla_Hotel_-_Meet.jpg|thumb|Daspalla Hotel Meet - Mar 2018]]

Address: Rd Number 37, CBI Colony, Jubilee Hills, Hyderabad, Telangana 500033, Phone: 040 6654 5678

'''Event Start Time:''' Saturday, 10th Mar, 2018 at 10:00 AM (IST)

'''Agenda:'''

'''1) Does your Pentesting cover all the basis of IT Security ?'''

This talk focuses on how to align the security validation of a web application with the three basic elements of security namely,Confidentiality,Integrity, and Availability (CIA). The test effectiveness can be achieved by analyzing the requirements of each element and identifying the potential breaches that can compromise each element. The efficiency should be built by relating these breaches with the known OWASP Top 10 and other vulnerabilities and, leveraging that knowledge to identify the testing approach - static and dynamic throughout the SDLC.

'''About Speakers:'''

'''Bhushan Gupta''' has over 30 years of experience in software engineering, 23 of which have been in the software industry. Although recognized for his contributions in the areas of software engineering such as agile processes and quality methods and metrics, Bhushan has taken a vigorous interest in web application security and is keen on applying pragmatic software development practices that yield a secure product. He is one of the leaders of the OWASP Portland Chapter. Bhushan has been a speaker, a panelist, and a reviewer for software quality and security organizations. As a change agent, Bhushan volunteers his time and energy for organizations that promote software security and quality. He has a MS degree in Computer Science from New Mexico Institute of Mining and Technology, Socorro, New Mexico, 1985.

'''Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Twitter URL:''' https://twitter.com/owasphyderabad

'''Telegram URL:''' https://goo.gl/EHqdLM

'''Registration URL:''' https://goo.gl/tEXnec

== Feb-2018 ==

=== '''Venue: coMakeIT''' ===
7th Floor, Block-I, My Home Hub, Hitech City, Madhapur, Hyderabad, INDIA

'''Time:''' Saturday, 03rd Feb, 2018 at 10:30 AM (IST)

'''Agenda:'''

1) Mobile Application Pentest & Mobile Application Ransomware

2) Using Static Analyser tools while coding

'''About Speakers:'''

1) '''Spv Reddy''' is an Application Security Analyst at '''IMImobile Pvt Ltd''', member of '''National Technical Committee Member''' at National Cyber Safety and Security Standards

Also a '''Steering Committee Lead''' Member in National Information Security Summit.

2) '''Dathu Rachapudi''' is having 9 years of experience with 6+ years into Application Security only. He is currently working with '''ValueLabs''' as a “Technical Lead-Security”

He likes to teach and a happy a bug hunter during his leisure time.

== Dec-2017 ==
[[File:WhatsApp Image 2017-12-15 at 11.09.39 PM.jpg|thumb]]
'''Time & Venue:'''

@15/Dec/2017

KFC location, Shilparamam, Hi-Tech city, Hyderabad

'''Agenda:'''

1. Planning for Jan 20th 2018 general OWASP meet - '''Done'''

2. Need to clear OWASP mail account - '''Done'''

'''Attendees : Hyderabad OWASP Core Team'''

== Sec-2017 ==
[[File:WhatsApp Image 2017-12-15 at 10.13.27 PM.jpg|thumb]]
'''Time & Venue:'''

@03/Sep/2017

Cafe Coffee day, Road Number 10, Banjara Hills, Hyderabad

'''Below decisions were made after careful discussions'''

1. Uploading of OWASP presentation template, speakers should make use of this template to prepare their presentation

2. Recording the technical demo is mandate for presenters

'''Attendees : Hyderabad OWASP Core Team'''

== July 2017 ==
'''Time & Venue:'''

OpenText Technologies, Building No-14, 3rd Floor, Raheja Mindspace, HITEH City, Hyderabad

Saturday, July 15th, 2017 at 10:30 AM (IST)

'''Agenda:'''

1. Introduction to DevOps and its Tools - Krishna Reddy Pedala

2. API Security Auditing using RESTED Plug-in - Vikas Kumar Pal

'''About the speaker:'''

'''Krishna Reddy Pedala''' is currently working as an Sr.Information Security consultant in financial sector. His previous endeavour was with Microsoft and has 9+ years of experience in Information security domain with expertise in service industry and banking domains.

'''Vikas Kumar Pal''' is an information security professional working with Ceredox Technologies Pvt Ltd, Hyderabad with an interest in research and development in the areas of Application Security, Penetration Testing and Web Application Development.

== Feb 2017 ==

'''Time & Venue:'''

Starbucks, Opp: Cybergateway, HiTech City, Hyderbad

Monday, February 20th, 2017 at 7.30 PM (IST)

'''Agenda:'''

Topic: New Core Team Meeting

Road map for year 2017

Changes in core team members responsibilities

Getting OWASP accounts for core members

Administration of all social accounts of OWASP Hyderabad Chapter

== April 2016 ==
'''Time & Venue:'''

OpenText Technologies, Building No-14, 3rd Floor, Raheja Mindspace, HITEH City, Hyderabad

Saturday, April 2nd, 2016 at 10:30 AM (IST)

'''Agenda:'''

Topic: Mobile application security and testing by Satish Kumar Patnaik

About the speaker - Satish Kumar Patnayak : he is currently working as an Senior Information Security Consultant financial sector and has 5+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. His areas of interest are android security, ios security.

==February 2016==

'''Time & Venue:'''

Saturday, February 27th, 2016 at 10:30 AM (IST)

Location: Pramati Technologies Private Limited, Mid Town 6-3-348 Road No. 1, Banjara Hills, Hyderabad, Telangana, India

'''Agenda:'''

Microsoft Threat Modeling Tool 2016 by Krishna Reddy Padala

Creating DFD STRIDE Model Identifying STRIDE Threats by DFD, Mitigation Techniques and Technologies

'''About the speaker:''' Krishna Reddy Padala, he is currently working as an Senior Information Security Consultant financial sectore and worked with Microsoft and has 8+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. QUALYS GUARD Certified Vulnerability Management Specialist.Certified Ethical Hacker from EC Council.Worked extensively on Web Application Security, Secure Code Reviews in Banking & Financial, Healthcare, Retail, Logistics domains.

== '''Previous Meets:''' ==

==May 11, 2013==

'''Venue:'''

CA Technologies, 115, IT Park Area, Nanakramguda, Gachibowli - (Phone - 040 6687 8000), Hyderabad

'''Agenda:''' Exploiting Java 0-day by Ravindra and Raghuveer, CA Technologies Compliance and Governance by Shalem Raj, Cognizant.

==February 9, 2013==

'''Date & Time: Saturday, February 9, 2013 from 10:00 AM to 1:00 PM '''

'''Venue:'''
CA Technologies 
115, IT Park Area 
Nanakramguda, Gachibowli - (Phone - 040 6687 8000) 
Hyderabad

'''Agenda:'''
IBM Appscan - An automated approach to web app security by Rohit Tamma 
Insecure Storage in iPhone applications by Satish Bommisetty

''' Speakers: '''

'''Rohit Tamma'''
Rohit Tamma has been working in the field of Application Security since 3.5 years. He has experience in Vulnerability Assessments and Penetration Testing of web applications. He is passionate about Mobile security with special interest in Android security. He is currently working with ADP.

'''Satish Bommisetty'''
Satish is an Information Security Professional with 6.5 years of experience in penetration testing of web applications and mobile applications. He is currently working with ADP as a security analyst. He is a Facebook whitehat. He also reported vulnerabilities in Bing, Linkedin and Paypal.

== October 27, 2012 ==

'''Date & Time: Saturday, October 27, 2012 at 11:00 AM (IST) '''.

'''Venue:'''

Invesco private Limited 
15th Floor , North Block, Beside Raidurg Police Station 
DivyaSree Orion SEZ 
Hyderabad, Andhra Pradesh 500032 

'''Agenda:'''

A bird'd eye view of securing Web Applications by Imran Mohammed

SSDLC BSIMM by M S Sripathi

''' Speakers '''

'''Imran Mohammed'''

Mohammed Imran works as Researcher at TCS, Innovation Labs. He also leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Imran is a CEH and his interests include application security assessment, penetration testing and secure code review. When not at work he practices horse riding and marksmanship.

'''Sreepati M S '''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him .

'''Sponsor'''

Invesco Pvt Ltd

== August 11, 2012 ==

'''Date & Time: Saturday, Aug 11, 2012 at 10:30 AM '''.

'''Venue:'''

ADP pvt ltd 
Kothaguda 
Ground floor, Block C Laxmi cyber city Opposite TCS e-park 
Hyderabad, Andhra Pradesh 500081 

'''Agenda:'''

HTML5 Security Part II by Krishna Chaitanya

''' Speakers '''

'''Krishna Chaitanya T'''

Krishna Chaitanya T is a web geek working at Security & Privacy Research Lab, Infosys Labs. He is very much passionate about the web with special interest on Web security and areas such as HTML5, JavaScript, Web browsers, social networking platforms etc. He is a regular blogger and speaker at technical events. For his contributions to technical communities, he has been awarded Microsoft MVP award for 3 consecutive years-ASP.NET MVP(2010) and Internet Explorer MVP (2011, 2012). He is also pursuing M.S by Research at IIIT-Hyd with focus on security aspects of the modern web. When not at work he practices Yoga and plays Chess.

'''Sponsor'''

https://www.owasp.org/images/9/91/Adp.jpg

== May 19, 2012 ==

'''Date & Time: Saturday, May 19, 2012 at 10:30 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

HTML5 Security by Krishna Chaitanya

''' Speakers '''

'''Krishna Chaitanya T'''

Krishna Chaitanya T is a web geek working at Security & Privacy Research Lab, Infosys Labs. He is very much passionate about the web with special interest on Web security and areas such as HTML5, JavaScript, Web browsers, social networking platforms etc. He is a regular blogger and speaker at technical events. For his contributions to technical communities, he has been awarded Microsoft MVP award for 3 consecutive years-ASP.NET MVP(2010) and Internet Explorer MVP (2011, 2012). He is also pursuing M.S by Research at IIIT-Hyd with focus on security aspects of the modern web. When not at work he practices Yoga and plays Chess.

== February 25, 2012 ==

'''Date & Time: Saturday, February 25, 2012 at 11:00 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

How to find zero days in web applications by Imran & Raghunath

''' Speakers '''

'''Mohammed Imran'''

Imran works as Application Security Researcher at Tata consultancy services,leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Apart from his day job he contributes to matriux and Fedora open source projects. Imran is a CEH and his interests include application security assessment, penetration testing and code review.

'''Raghunath'''

Raghunath works as a senior security engineer at entersoft information systems private limited. His interests include web application penetration testing.

== December 17, 2011 ==

'''Date & Time: Saturday, at 10:30 AM '''.

'''Venue: '''

Hotel Sitara Grand 
Road No.12, Road No.12, Banjara Hills 
Hyderabad, Andhra Pradesh 500034, India 

'''Agenda:'''

Cloud Security by Arshad Noor

''' Speakers '''

'''Arshad Noor'''
Chief Technology Officer
StrongAuth, Inc., Sunnyvale, California

Started his great profession as a senior systems designer way back in 1986 at Port Authority of Newyork and New Jersey,- Newyork and worked in Citibank - newyork as Vice President apart from Newyork Life Insurance, BASF Corporation, Sun IT ,Sun Microsystems, INC to name.
Architected and built several Public Key Infrastructure (PKI) assignments for several defense, communication, medical, Banking, e-commerce, life sciences and other industries.

== November 12, 2011==

'''Date & Time: Saturday, at 10:30 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

HP WebInspect by Rohit Tamma

Pentesting Iphone Applications By B Satish

''' Speakers '''

'''Rohit Tamma'''

Rohit Tamma (CEH) has been working as a Application security Analyst in TCS from past 2 years. His job responsibilities include Vulnerability Assessment and Penetration Testing which enabled him to acquire extensive knowledge on HP WebInspect,IBM Rational Appscan Source Edition and HP Assessment Management Platform. Recently he also gave a presentation in Null Hyderabad meet on HP WebInspect.

'''Satish B'''

Satish has been working as a web application penetration tester since 5 years. Pentested over 200 web applications during this period. Recently he got involved in reverse engineering of binaries, WLAN security and mobile application hacking. He also Performed a couple of network assessments and source code reviews. Developed a compiler in the early stage of the career. He has a Bachelor’s Degree in Computer Science from JNTU, Hyderabad.Passionate about hacking and sharing knowledge.

== 20th August 2011 ==

'''Date & Time: Saturady, at 11 AM '''

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

Oracle Padding Attack by B. Satish

Open SAM part II by Sripati MS

''' Speakers '''

'''B Satish'''

I have been working as a web application penetration tester since 5 years. Pentested over 200 web applications during this period. Recently got involved in reverse engineering of binaries, WLAN security and mobile application hacking. Performed a couple of network assessments and source code reviews. Developed a compiler in the early stage of the career. I have a Bachelor’s Degree in Computer Science from JNTU, Hyderabad. Passionate about hacking and sharing knowledge

'''Sreepati M S'''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him

== July 2011 ==

'''Date: 23/07/2011 saturady of at 12:00 Noon '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

Presentation on Burp Suite by Omair Seminar on Open SAM by Sreepati

''' Speakers '''

'''Sreepati M S '''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him

 

'''Omair '''

Omair works as penetration tester in NII consulting, has over 5 years of experience in Penetration testing. His interests include Network Penetration testing, Exploit generation and Reverse engineering

 ''' Facility Sponsor & Refreshment sponsor'''

3i Infotech

[[Image:3i Infotech.png]]

 

== june 2011 ==

'''Meet on:''' 11/06/2011 saturday

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Facility Sponsor & Refreshment sponsor''' 

Cognizant Technology Solutions

 

[[Image:Cognizant.png|273x86px|Cognizant.png]]

 

== May 2011 ==

'''Meet on:''' 07/05/2011 saturday

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

XSS Autopsy and w3af by Imran

''' Speakers '''

'''Mohammed Imran'''

Imran works as Application Security Researcher at Tata consultancy services,leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Apart from his day job he contributes to matriux and Fedora open source projects. Imran is a CEH and his interests include application security assessment, penetration testing and code review.

'''Sponsor''' 

Cognizant Technology Solutions

 

==== Audio/Video/Slides Archive ====

<paypal>Hyderabad</paypal>

__NOTOC__ <headertabs></headertabs>

[[Category:OWASP_Chapter]]
[[Category:Asia/Pacific/Middle East]]
[[Category:India]]
[[Category:Hyderabad]]

Hyderabad

2019-02-15T10:38:36Z

Raj Shalem: /* Mar - 2019 - One-Day Conference */

Welcome to the OWASP Hyderabad chapter homepage.

== OWASP - Hyderabad Chapter Board Members ==
Scope of the board is to discuss and approve local activities, meetings and plans.The board meetings will be announced at a later date. 

'''The board currently includes the following members :'''

''Core Team Members - Since 2017'' [mailto:gshalemraj@gmail.com Shalem Raj - Cognizant Technology Solutions] : Chapter Leader [mailto:rajesh.gopal@owasp.org Rajesh Gopal - Fortune 500 Organisation] [mailto:bhaskar.puppala@owasp.org Bhaskar Puppala - Fortune 500 Organisation] [mailto:sathya.achanta@owasp.org Achanta Sathya Phani Bapi Raju - CSC] [mailto:saikrishna.gobburi@owasp.org Saikrishna Gobburi - Pramati Technologies Pvt Ltd] 

Information about future meets can be seen in the '''''Upcoming Meetings''''' section below.

== '''Location Details''' ==

Hyderabad is the capital of southern India's Telangana state. A major center for the technology industry, it's home to many upscale restaurants and shops. Its historic sites include Golconda Fort, a former diamond-trading center that was once the Qutb Shahi dynastic capital. The Charminar, a 16th-century mosque whose 4 arches support towering minarets, is an old city landmark near the long-standing Laad Bazaar.

[[File:Hydskyline.jpg|Panorama of Hyderabad, as seen from the Hussain Sagar lake. Source: https://en.wikipedia.org/wiki/Hyderabad#/media/File:Hydskyline.jpg|center|1150x1150px]]

More details about Hyderabad location available @https://en.wikipedia.org/wiki/Hyderabad<nowiki/>{{Chapter Template|chaptername=Hyderabad|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-hyderabad|emailarchives=http://lists.owasp.org/pipermail/owasp-hyderabad}}
== Participants ==

OWASP Local Chapter meetings are free and open. Our chapter's meetings are informal and encourage open discussion of all aspects of application security. Anyone in our area interested in web application security is welcome to attend. We encourage attendees to give short presentations about specific topics.

 Stay Updated

'''[https://lists.owasp.org/mailman/listinfo/owasp-hyderabad Click here to join the local chapter mailing list]'''

'''Follow''' OWASP Hyderabad on your favorite social media sites:

[[Image:Twitter mini.png|link=http://twitter.com/OWASPHyderabad]] [[Image:Facebook mini.png|link=https://www.facebook.com/pages/Owasp-Hyderabad/181569591897591]]

'''Share''' OWASP Hyderabad on your favorite social media sites:

Presentations are invited from speakers, Please contacts us at our Telegram Group @https://goo.gl/EHqdLM

(Don't share personal details like contact numbers here, because its an open group, your privacy is our concern)

Presenters are encouraged to use OWASP presentation template for slides preparation.

Follow us at our Telegram, Twitter and Facebook handles to get latest information !

== '''Upcoming Meetings & Events''' ==
''Stay tuned for 2019 updates - Exciting activities are under plan !''

'''OWASP's [https://www.owasp.org/index.php/Governance/Conference_Policies Conference Policies]'''

== [[Meeting]] Details: ==

== Mar - 2019 - One-Day Conference ==
'''Supported''' '''by''' : S&P Global

'''Date :''' 09/Mar/2019

'''Timings :''' 10.00 AM to 05.30 PM IST

'''Venue :''' @Ness Software Engineering Services India ,LLP, 4th Floor, Block 5, East Tower, '''North wing Divyasree NSL Infrastructure Pvt''', ,Sy No.66/1, Raidurgam Village, Serlingampally Mandal, RR Dist, Hyderabad-500032, Telangana, India

'''Registration Link:''' Will be published soon
{| class="wikitable"
|'''Registration & Networking'''
|-
|Welcome and Overview by OWASP Core Team:

''Felicitation to Guest of Honor: '''G Janaki Sharmila''' - Dy. Commissioner of Police - Crime''

''Welcome note by S&P Global Team''
|-
|'''Authentication in API, Microservices Architecture''' '''and Cloud Security''' – By ''Varun Kumar Srivastava'':

Varun is principal Engineer with 9 + years of experience in developing and securing web applications and expertise in Application Security, Identity and Access management, He is a computer science graduate from IIT
|-
|'''Secure Software Development: Executive Briefing''' – By Satish Kumar Vadlakonda: Satish is Associate Director with 12 + years of broad industry experience in to software design, architecture and development. Specialized in Web and Windows applications development with a strong acquaintance to the best practices of Agile, UX, UI and Information security
|-
|Refreshments / Tea Break
|-
|'''''Panel Discussion''''' ''(Cybersecurity Readiness – Maturity and Capability)''

Dr. Bheemarjuna Reddy Tamma - Associate Professor, IIT Hyderabad

Dr. V. Radha, Associate Professor, Institute for Development and Research in Banking Technology (IDRBT)

Mr. Veeraindhra Dinker, Director Information Security at GSS Infotech Hyderabad
|-
|'''Networking Lunch -'''

'''Registrations for Onsite Hackathon by Secure Code Warrior'''
|-
|'''An Introduction to IOT firmware analysis and Security''' – By ''Vivek Rengarajan:''

Vivek is a cybersecurity team leader in a multinational bank with almost 18 years of experience. He has held varied roles in his career and has been a cyber security enthusiast for a long time. His areas of interest include mobile and ioT security, Malware analysis and reverse engineering and exploit development. He tweets at @vivek_310
|-
|Refreshments / Tea Break
|-
|'''''Onsite Hackathon (CTF) by''''' '''''Secure Code Warrior''': '''(3 Hours)'''''

''Secure Code Warrior is a global security company that makes software development better and more secure: Gamified competitive Developer Quality Assurance platform''

<nowiki>https://securecodewarrior.com</nowiki> , <nowiki>https://insights.securecodewarrior.com/</nowiki>

'''Announcement of the winners and Prize distribution'''
|-
|'''Vote of Thanks'''

Closing: Network Business / Announce Next Meeting – By OWASP Team
|-
|Meeting Concludes: ''Network Social''
|}

== Dec - 2018 ==
[[File:Session Photo.jpg|thumb]][[File:Group Photo.jpg|thumb]]
'''Organized''' '''by''' : ThoughtWorks Technologies Private Limited

'''Date :''' 15/Dec/2018

'''Timings :''' 10.00 AM to 1.00 PM IST

'''Venue :''' ThoughtWorks Technologies Private Limited, Hyderabad, Telangana, India

'''Registration Link:''' https://www.eventbrite.com/e/owasp-hyderabad-december-2018-chapter-meet-tickets-53371662078#

'''Agenda:'''

'''1) All about Java Deserialization Vulnerability'''

Java Deserialization of untrusted data has been a security buzzword for the past couple of years with almost every application using native Java serialization framework being vulnerable to Java deserialization attacks. Since it's inception, there have been many scattered attempts to come up with a solution to best address this flaw. In this talk we will focus on Java deserialization vulnerability and mitigation framework provided by Oracle in its latest JDK.

'''About Speakers:''' Venkata Suresh Sanga is a Principle Security Engineer in Oracle having more than 13+ years of experience in Application Development and Security. Currently working on SAST Tools to remediate or mitigate the Application Vulnerabilities. He has Masters in Computer Science (M.Tech) from Andhra University. Linkedin : <nowiki>https://in.linkedin.com/in/svsuresh-appse</nowiki>

'''Our Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Our Twitter URL:''' https://twitter.com/owasphyderabad

'''Our Telegram URL:''' https://goo.gl/EHqdLM

== Sept-2018 - One-Day Conference ==
'''Organized''' '''by''' : S&P Global and Ness

'''Date :''' 01/Sept/2018

'''Timings :''' 10.00 AM to 05.30 PM IST

'''Venue :''' @Ness Software Engineering Services India ,LLP, 4th Floor, Block 5, East Tower, '''North wing Divyasree NSL Infrastructure Pvt''', ,Sy No.66/1, Raidurgam Village, Serlingampally Mandal, RR Dist, Hyderabad-500032, Telangana, India

'''Registration Link:'''

https://www.meraevents.com/event/owasp-hyderabad-september-2018-chapter-meet?ucode=organizer

'''Agenda:'''
{| class="wikitable"
|'''Registration & Networking'''
|-
|Welcome and Overview by OWASP Core Team

Welcome note by S&P Global Team

Welcome & Overview of Meeting by OWASP Network Representative
|-
|'''Running Frida on jailed devices by using Frida and to bypass root/jailbreak detection – By Satish Kumar Patnayak'''

About Speaker : Information Security Consultant with 7+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. His areas of interest are android security, ios security
|-
|Refreshments / Tea Break
|-
|'''SSRF Exploit Development – By Aayush Deo'''

About Speaker : Good industry experience in information security and completed my BE from PUNE University. Have worked with shopclues.com, an eCommerce company in the past and have couple of Hall of Fame’s on ZETA, Paytm etc.
|-
|Networking Lunch
|-
|'''Mobile Vulnerabilities worth Millions - Pentesting and Securing iOS Apps using OWASP iGoat – By Swaroop Deepak Yermalkar'''

About Speaker : works as Sr Security Engineer with a diverse skill set focused on Mobile App Pentest, Web, API and AWS Pentesting. In addition he has authored the popular book “Learning iOS Pentesting” (<nowiki>https://goo.gl/T8jvjJ</nowiki>) and lead an open source project - OWASP iGoat (<nowiki>https://github.com/OWASP/iGoat-Swift</nowiki>) which is developed for mobile security. He is one of the top bug bounty researchers worldwide, working with Cobalt.io (<nowiki>https://app.cobalt.io/swaroopsy</nowiki>), Synack.inc.

He has given talks and workshops at many security conferences including AppSec USA 2017, BruCON, SEC-T, EuropeanSec, Hacks in Taiwan (HITCON), GroundZero, c0c0n, 0x90, GNUnify
|-
|'''OS Command Injection - Observation, Attack & Analysis (A1 - OWASP Top 10 2017) - By Bhaskar Puppala and Saikrishna Gobburi'''

About Speaker: Bhaskar Puppala is an Information Security Professional, working as a consultant for a fortune 500 company and has 8.5 years of experience. He is more interested in application security area and love to share his knowledge when possible. He also has some experience in bug bounty programs and listed on couple of Security Hall of Fames.

For more details please visit : <nowiki>https://in.linkedin.com/in/bhaskar-puppala-3bb11316</nowiki>

About Speaker: Saikrishna Gobburi has around 8.5 years of work experience on QA automation, performance and security testing .Currently he is working as Principal engineer with Pramati technologies. He is also associated as core member with OWASP-Hyderabad.

For more details please visit: <nowiki>https://www.linkedin.com/in/saikrishna-gobburi-b0088118/</nowiki>
|-
|Refreshments / Tea Break
|-
|Panel Discussion – Corporate attack methodology vs Attacks in the wild (Resource pool: Demand vs Supply)
Panel to be announced
|-
|Closing - Network Business / Announce Next Meeting – By OWASP Team
|-
|''Network Social''
|}
'''Sponsor :'''

[[File:SP.png|thumb|168x168px|Sponsor]]

== July - 2018[edit | edit source] ==
'''Time & Venue:'''
[[File:July 2018 Core Team meet.jpg|thumb|July 2018 Core Team Meet]]
@28/July/2018

CCD, Banjara Hills, Hyderabad, Telangana.

'''Agenda:'''

1. Planning for Sep 2018 OWASP meet - '''Done'''

2. Telegraph Group Mentoring - '''Done'''

3. Speakers Finalizing - '''Done'''

'''Attendees : Hyderabad OWASP Core Team'''

[[File:CoMakeIT - June 2018 Meet Pic 2.jpg|thumb|CoMakeIT - June 2018 Meet]]

== June - 2018 ==
[[File:CoMakeIT - June 2018 Meet.jpg|alt=CoMakeIT - June 2018 Meet|thumb|CoMakeIT - June 2018 Meet]]
'''Venue: coMakeIT Software Pvt Ltd'''

Address: 7th Floor, Block-I, My Home Hub, Hitech City, Madhapur, Hyderabad, INDIA

'''Event Start Time:''' Saturday, 23rd June, 2018 at 10:00 AM (IST)

'''Event Registration URL''': https://tinyurl.com/yc9cb6hg

'''Agenda:'''

'''1) Adapting to DevSecOps in Agile World'''

In this talk, speaker will try talk about basics of DevSecOps and its benefits when we integrate it in Agile SDLC space.

'''2) Understanding the internals of 'Server-Side Request Forgery' (SSRF)'''

Here speaker will try to touch the basics about how application communicates with end devices and using the same he will try to explain SSRF issue and criticality of it, if exploited.

'''About Speakers:'''

'''1) Saikrishna Gobburi''' has around 8.5 years of work experience on QA automation, performance and security testing .Currently he is working as Principle engineer with Pramati technologies. He is also associated as core member with OWASP-Hyderabad. For more details please visit: <nowiki>https://www.linkedin.com/in/saikrishna-gobburi-b0088118/</nowiki>

'''2) Bhaskar Puppala''' is an Information Security Professional, working as a consultant for a fortune 500 company and has 8.5 years of experience. He is more interested in application security area and love to share his knowledge when possible. He also has some experience in bug bounty programs and listed on couple of Security Hall of Fames. For more details please visit : <nowiki>https://in.linkedin.com/in/bhaskar-puppala-3bb11316</nowiki>

'''Our Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Our Twitter URL:''' https://twitter.com/owasphyderabad

'''Our Telegram URL:''' https://goo.gl/EHqdLM

== Mar - 2018 ==
[[File:Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet.jpg|alt=Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet|thumb|Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet]]
'''Venue: Daspalla Hotel'''
[[File:Daspalla_Hotel_-_Meet.jpg|thumb|Daspalla Hotel Meet - Mar 2018]]

Address: Rd Number 37, CBI Colony, Jubilee Hills, Hyderabad, Telangana 500033, Phone: 040 6654 5678

'''Event Start Time:''' Saturday, 10th Mar, 2018 at 10:00 AM (IST)

'''Agenda:'''

'''1) Does your Pentesting cover all the basis of IT Security ?'''

This talk focuses on how to align the security validation of a web application with the three basic elements of security namely,Confidentiality,Integrity, and Availability (CIA). The test effectiveness can be achieved by analyzing the requirements of each element and identifying the potential breaches that can compromise each element. The efficiency should be built by relating these breaches with the known OWASP Top 10 and other vulnerabilities and, leveraging that knowledge to identify the testing approach - static and dynamic throughout the SDLC.

'''About Speakers:'''

'''Bhushan Gupta''' has over 30 years of experience in software engineering, 23 of which have been in the software industry. Although recognized for his contributions in the areas of software engineering such as agile processes and quality methods and metrics, Bhushan has taken a vigorous interest in web application security and is keen on applying pragmatic software development practices that yield a secure product. He is one of the leaders of the OWASP Portland Chapter. Bhushan has been a speaker, a panelist, and a reviewer for software quality and security organizations. As a change agent, Bhushan volunteers his time and energy for organizations that promote software security and quality. He has a MS degree in Computer Science from New Mexico Institute of Mining and Technology, Socorro, New Mexico, 1985.

'''Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Twitter URL:''' https://twitter.com/owasphyderabad

'''Telegram URL:''' https://goo.gl/EHqdLM

'''Registration URL:''' https://goo.gl/tEXnec

== Feb-2018 ==

=== '''Venue: coMakeIT''' ===
7th Floor, Block-I, My Home Hub, Hitech City, Madhapur, Hyderabad, INDIA

'''Time:''' Saturday, 03rd Feb, 2018 at 10:30 AM (IST)

'''Agenda:'''

1) Mobile Application Pentest & Mobile Application Ransomware

2) Using Static Analyser tools while coding

'''About Speakers:'''

1) '''Spv Reddy''' is an Application Security Analyst at '''IMImobile Pvt Ltd''', member of '''National Technical Committee Member''' at National Cyber Safety and Security Standards

Also a '''Steering Committee Lead''' Member in National Information Security Summit.

2) '''Dathu Rachapudi''' is having 9 years of experience with 6+ years into Application Security only. He is currently working with '''ValueLabs''' as a “Technical Lead-Security”

He likes to teach and a happy a bug hunter during his leisure time.

== Dec-2017 ==
[[File:WhatsApp Image 2017-12-15 at 11.09.39 PM.jpg|thumb]]
'''Time & Venue:'''

@15/Dec/2017

KFC location, Shilparamam, Hi-Tech city, Hyderabad

'''Agenda:'''

1. Planning for Jan 20th 2018 general OWASP meet - '''Done'''

2. Need to clear OWASP mail account - '''Done'''

'''Attendees : Hyderabad OWASP Core Team'''

== Sec-2017 ==
[[File:WhatsApp Image 2017-12-15 at 10.13.27 PM.jpg|thumb]]
'''Time & Venue:'''

@03/Sep/2017

Cafe Coffee day, Road Number 10, Banjara Hills, Hyderabad

'''Below decisions were made after careful discussions'''

1. Uploading of OWASP presentation template, speakers should make use of this template to prepare their presentation

2. Recording the technical demo is mandate for presenters

'''Attendees : Hyderabad OWASP Core Team'''

== July 2017 ==
'''Time & Venue:'''

OpenText Technologies, Building No-14, 3rd Floor, Raheja Mindspace, HITEH City, Hyderabad

Saturday, July 15th, 2017 at 10:30 AM (IST)

'''Agenda:'''

1. Introduction to DevOps and its Tools - Krishna Reddy Pedala

2. API Security Auditing using RESTED Plug-in - Vikas Kumar Pal

'''About the speaker:'''

'''Krishna Reddy Pedala''' is currently working as an Sr.Information Security consultant in financial sector. His previous endeavour was with Microsoft and has 9+ years of experience in Information security domain with expertise in service industry and banking domains.

'''Vikas Kumar Pal''' is an information security professional working with Ceredox Technologies Pvt Ltd, Hyderabad with an interest in research and development in the areas of Application Security, Penetration Testing and Web Application Development.

== Feb 2017 ==

'''Time & Venue:'''

Starbucks, Opp: Cybergateway, HiTech City, Hyderbad

Monday, February 20th, 2017 at 7.30 PM (IST)

'''Agenda:'''

Topic: New Core Team Meeting

Road map for year 2017

Changes in core team members responsibilities

Getting OWASP accounts for core members

Administration of all social accounts of OWASP Hyderabad Chapter

== April 2016 ==
'''Time & Venue:'''

OpenText Technologies, Building No-14, 3rd Floor, Raheja Mindspace, HITEH City, Hyderabad

Saturday, April 2nd, 2016 at 10:30 AM (IST)

'''Agenda:'''

Topic: Mobile application security and testing by Satish Kumar Patnaik

About the speaker - Satish Kumar Patnayak : he is currently working as an Senior Information Security Consultant financial sector and has 5+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. His areas of interest are android security, ios security.

==February 2016==

'''Time & Venue:'''

Saturday, February 27th, 2016 at 10:30 AM (IST)

Location: Pramati Technologies Private Limited, Mid Town 6-3-348 Road No. 1, Banjara Hills, Hyderabad, Telangana, India

'''Agenda:'''

Microsoft Threat Modeling Tool 2016 by Krishna Reddy Padala

Creating DFD STRIDE Model Identifying STRIDE Threats by DFD, Mitigation Techniques and Technologies

'''About the speaker:''' Krishna Reddy Padala, he is currently working as an Senior Information Security Consultant financial sectore and worked with Microsoft and has 8+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. QUALYS GUARD Certified Vulnerability Management Specialist.Certified Ethical Hacker from EC Council.Worked extensively on Web Application Security, Secure Code Reviews in Banking & Financial, Healthcare, Retail, Logistics domains.

== '''Previous Meets:''' ==

==May 11, 2013==

'''Venue:'''

CA Technologies, 115, IT Park Area, Nanakramguda, Gachibowli - (Phone - 040 6687 8000), Hyderabad

'''Agenda:''' Exploiting Java 0-day by Ravindra and Raghuveer, CA Technologies Compliance and Governance by Shalem Raj, Cognizant.

==February 9, 2013==

'''Date & Time: Saturday, February 9, 2013 from 10:00 AM to 1:00 PM '''

'''Venue:'''
CA Technologies 
115, IT Park Area 
Nanakramguda, Gachibowli - (Phone - 040 6687 8000) 
Hyderabad

'''Agenda:'''
IBM Appscan - An automated approach to web app security by Rohit Tamma 
Insecure Storage in iPhone applications by Satish Bommisetty

''' Speakers: '''

'''Rohit Tamma'''
Rohit Tamma has been working in the field of Application Security since 3.5 years. He has experience in Vulnerability Assessments and Penetration Testing of web applications. He is passionate about Mobile security with special interest in Android security. He is currently working with ADP.

'''Satish Bommisetty'''
Satish is an Information Security Professional with 6.5 years of experience in penetration testing of web applications and mobile applications. He is currently working with ADP as a security analyst. He is a Facebook whitehat. He also reported vulnerabilities in Bing, Linkedin and Paypal.

== October 27, 2012 ==

'''Date & Time: Saturday, October 27, 2012 at 11:00 AM (IST) '''.

'''Venue:'''

Invesco private Limited 
15th Floor , North Block, Beside Raidurg Police Station 
DivyaSree Orion SEZ 
Hyderabad, Andhra Pradesh 500032 

'''Agenda:'''

A bird'd eye view of securing Web Applications by Imran Mohammed

SSDLC BSIMM by M S Sripathi

''' Speakers '''

'''Imran Mohammed'''

Mohammed Imran works as Researcher at TCS, Innovation Labs. He also leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Imran is a CEH and his interests include application security assessment, penetration testing and secure code review. When not at work he practices horse riding and marksmanship.

'''Sreepati M S '''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him .

'''Sponsor'''

Invesco Pvt Ltd

== August 11, 2012 ==

'''Date & Time: Saturday, Aug 11, 2012 at 10:30 AM '''.

'''Venue:'''

ADP pvt ltd 
Kothaguda 
Ground floor, Block C Laxmi cyber city Opposite TCS e-park 
Hyderabad, Andhra Pradesh 500081 

'''Agenda:'''

HTML5 Security Part II by Krishna Chaitanya

''' Speakers '''

'''Krishna Chaitanya T'''

Krishna Chaitanya T is a web geek working at Security & Privacy Research Lab, Infosys Labs. He is very much passionate about the web with special interest on Web security and areas such as HTML5, JavaScript, Web browsers, social networking platforms etc. He is a regular blogger and speaker at technical events. For his contributions to technical communities, he has been awarded Microsoft MVP award for 3 consecutive years-ASP.NET MVP(2010) and Internet Explorer MVP (2011, 2012). He is also pursuing M.S by Research at IIIT-Hyd with focus on security aspects of the modern web. When not at work he practices Yoga and plays Chess.

'''Sponsor'''

https://www.owasp.org/images/9/91/Adp.jpg

== May 19, 2012 ==

'''Date & Time: Saturday, May 19, 2012 at 10:30 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

HTML5 Security by Krishna Chaitanya

''' Speakers '''

'''Krishna Chaitanya T'''

Krishna Chaitanya T is a web geek working at Security & Privacy Research Lab, Infosys Labs. He is very much passionate about the web with special interest on Web security and areas such as HTML5, JavaScript, Web browsers, social networking platforms etc. He is a regular blogger and speaker at technical events. For his contributions to technical communities, he has been awarded Microsoft MVP award for 3 consecutive years-ASP.NET MVP(2010) and Internet Explorer MVP (2011, 2012). He is also pursuing M.S by Research at IIIT-Hyd with focus on security aspects of the modern web. When not at work he practices Yoga and plays Chess.

== February 25, 2012 ==

'''Date & Time: Saturday, February 25, 2012 at 11:00 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

How to find zero days in web applications by Imran & Raghunath

''' Speakers '''

'''Mohammed Imran'''

Imran works as Application Security Researcher at Tata consultancy services,leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Apart from his day job he contributes to matriux and Fedora open source projects. Imran is a CEH and his interests include application security assessment, penetration testing and code review.

'''Raghunath'''

Raghunath works as a senior security engineer at entersoft information systems private limited. His interests include web application penetration testing.

== December 17, 2011 ==

'''Date & Time: Saturday, at 10:30 AM '''.

'''Venue: '''

Hotel Sitara Grand 
Road No.12, Road No.12, Banjara Hills 
Hyderabad, Andhra Pradesh 500034, India 

'''Agenda:'''

Cloud Security by Arshad Noor

''' Speakers '''

'''Arshad Noor'''
Chief Technology Officer
StrongAuth, Inc., Sunnyvale, California

Started his great profession as a senior systems designer way back in 1986 at Port Authority of Newyork and New Jersey,- Newyork and worked in Citibank - newyork as Vice President apart from Newyork Life Insurance, BASF Corporation, Sun IT ,Sun Microsystems, INC to name.
Architected and built several Public Key Infrastructure (PKI) assignments for several defense, communication, medical, Banking, e-commerce, life sciences and other industries.

== November 12, 2011==

'''Date & Time: Saturday, at 10:30 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

HP WebInspect by Rohit Tamma

Pentesting Iphone Applications By B Satish

''' Speakers '''

'''Rohit Tamma'''

Rohit Tamma (CEH) has been working as a Application security Analyst in TCS from past 2 years. His job responsibilities include Vulnerability Assessment and Penetration Testing which enabled him to acquire extensive knowledge on HP WebInspect,IBM Rational Appscan Source Edition and HP Assessment Management Platform. Recently he also gave a presentation in Null Hyderabad meet on HP WebInspect.

'''Satish B'''

Satish has been working as a web application penetration tester since 5 years. Pentested over 200 web applications during this period. Recently he got involved in reverse engineering of binaries, WLAN security and mobile application hacking. He also Performed a couple of network assessments and source code reviews. Developed a compiler in the early stage of the career. He has a Bachelor’s Degree in Computer Science from JNTU, Hyderabad.Passionate about hacking and sharing knowledge.

== 20th August 2011 ==

'''Date & Time: Saturady, at 11 AM '''

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

Oracle Padding Attack by B. Satish

Open SAM part II by Sripati MS

''' Speakers '''

'''B Satish'''

I have been working as a web application penetration tester since 5 years. Pentested over 200 web applications during this period. Recently got involved in reverse engineering of binaries, WLAN security and mobile application hacking. Performed a couple of network assessments and source code reviews. Developed a compiler in the early stage of the career. I have a Bachelor’s Degree in Computer Science from JNTU, Hyderabad. Passionate about hacking and sharing knowledge

'''Sreepati M S'''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him

== July 2011 ==

'''Date: 23/07/2011 saturady of at 12:00 Noon '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

Presentation on Burp Suite by Omair Seminar on Open SAM by Sreepati

''' Speakers '''

'''Sreepati M S '''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him

 

'''Omair '''

Omair works as penetration tester in NII consulting, has over 5 years of experience in Penetration testing. His interests include Network Penetration testing, Exploit generation and Reverse engineering

 ''' Facility Sponsor & Refreshment sponsor'''

3i Infotech

[[Image:3i Infotech.png]]

 

== june 2011 ==

'''Meet on:''' 11/06/2011 saturday

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Facility Sponsor & Refreshment sponsor''' 

Cognizant Technology Solutions

 

[[Image:Cognizant.png|273x86px|Cognizant.png]]

 

== May 2011 ==

'''Meet on:''' 07/05/2011 saturday

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

XSS Autopsy and w3af by Imran

''' Speakers '''

'''Mohammed Imran'''

Imran works as Application Security Researcher at Tata consultancy services,leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Apart from his day job he contributes to matriux and Fedora open source projects. Imran is a CEH and his interests include application security assessment, penetration testing and code review.

'''Sponsor''' 

Cognizant Technology Solutions

 

==== Audio/Video/Slides Archive ====

<paypal>Hyderabad</paypal>

__NOTOC__ <headertabs></headertabs>

[[Category:OWASP_Chapter]]
[[Category:Asia/Pacific/Middle East]]
[[Category:India]]
[[Category:Hyderabad]]

Hyderabad

2019-02-14T19:27:45Z

Raj Shalem:

Welcome to the OWASP Hyderabad chapter homepage.

== OWASP - Hyderabad Chapter Board Members ==
Scope of the board is to discuss and approve local activities, meetings and plans.The board meetings will be announced at a later date. 

'''The board currently includes the following members :'''

''Core Team Members - Since 2017'' [mailto:gshalemraj@gmail.com Shalem Raj - Cognizant Technology Solutions] : Chapter Leader [mailto:rajesh.gopal@owasp.org Rajesh Gopal - Fortune 500 Organisation] [mailto:bhaskar.puppala@owasp.org Bhaskar Puppala - Fortune 500 Organisation] [mailto:sathya.achanta@owasp.org Achanta Sathya Phani Bapi Raju - CSC] [mailto:saikrishna.gobburi@owasp.org Saikrishna Gobburi - Pramati Technologies Pvt Ltd] 

Information about future meets can be seen in the '''''Upcoming Meetings''''' section below.

== '''Location Details''' ==

Hyderabad is the capital of southern India's Telangana state. A major center for the technology industry, it's home to many upscale restaurants and shops. Its historic sites include Golconda Fort, a former diamond-trading center that was once the Qutb Shahi dynastic capital. The Charminar, a 16th-century mosque whose 4 arches support towering minarets, is an old city landmark near the long-standing Laad Bazaar.

[[File:Hydskyline.jpg|Panorama of Hyderabad, as seen from the Hussain Sagar lake. Source: https://en.wikipedia.org/wiki/Hyderabad#/media/File:Hydskyline.jpg|center|1150x1150px]]

More details about Hyderabad location available @https://en.wikipedia.org/wiki/Hyderabad<nowiki/>{{Chapter Template|chaptername=Hyderabad|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-hyderabad|emailarchives=http://lists.owasp.org/pipermail/owasp-hyderabad}}
== Participants ==

OWASP Local Chapter meetings are free and open. Our chapter's meetings are informal and encourage open discussion of all aspects of application security. Anyone in our area interested in web application security is welcome to attend. We encourage attendees to give short presentations about specific topics.

 Stay Updated

'''[https://lists.owasp.org/mailman/listinfo/owasp-hyderabad Click here to join the local chapter mailing list]'''

'''Follow''' OWASP Hyderabad on your favorite social media sites:

[[Image:Twitter mini.png|link=http://twitter.com/OWASPHyderabad]] [[Image:Facebook mini.png|link=https://www.facebook.com/pages/Owasp-Hyderabad/181569591897591]]

'''Share''' OWASP Hyderabad on your favorite social media sites:

Presentations are invited from speakers, Please contacts us at our Telegram Group @https://goo.gl/EHqdLM

(Don't share personal details like contact numbers here, because its an open group, your privacy is our concern)

Presenters are encouraged to use OWASP presentation template for slides preparation.

Follow us at our Telegram, Twitter and Facebook handles to get latest information !

== '''Upcoming Meetings & Events''' ==
''Stay tuned for 2019 updates - Exciting activities are under plan !''

== [[Meeting]] Details: ==

== Mar - 2019 - One-Day Conference ==
'''Supported''' '''by''' : S&P Global

'''Date :''' 09/Mar/2019

'''Timings :''' 10.00 AM to 05.30 PM IST

'''Venue :''' @Ness Software Engineering Services India ,LLP, 4th Floor, Block 5, East Tower, '''North wing Divyasree NSL Infrastructure Pvt''', ,Sy No.66/1, Raidurgam Village, Serlingampally Mandal, RR Dist, Hyderabad-500032, Telangana, India

'''Registration Link:''' Will be published soon
{| class="wikitable"
|'''Registration & Networking'''
|-
|Welcome and Overview by OWASP Core Team:

''Felicitation to Guest of Honor: '''G Janaki Sharmila''' - Dy. Commissioner of Police - Crime''

''Welcome note by S&P Global Team''
|-
|'''Authentication in API, Microservices Architecture''' '''and Cloud Security''' – By ''Varun Kumar Srivastava'':

Varun is principal Engineer with 9 + years of experience in developing and securing web applications and expertise in Application Security, Identity and Access management, He is a computer science graduate from IIT
|-
|'''Secure Software Development: Executive Briefing''' – By Satish Kumar Vadlakonda: Satish is Associate Director with 12 + years of broad industry experience in to software design, architecture and development. Specialized in Web and Windows applications development with a strong acquaintance to the best practices of Agile, UX, UI and Information security
|-
|Refreshments / Tea Break
|-
|'''''Panel Discussion''''' ''(Cybersecurity Readiness – Maturity and Capability)''

Dr. Bheemarjuna Reddy Tamma - Associate Professor, IIT Hyderabad

Dr. V. Radha, Associate Professor, Institute for Development and Research in Banking Technology (IDRBT)

Mr. Veeraindhra Dinker, Director Information Security at GSS Infotech Hyderabad
|-
|'''Networking Lunch -'''

'''Registrations for Onsite Hackathon by Secure Code Warrior'''
|-
|'''An Introduction to IOT firmware analysis and Security''' – By ''Vivek Rengarajan:''

Vivek is a cybersecurity team leader in a multinational bank with almost 18 years of experience. He has held varied roles in his career and has been a cyber security enthusiast for a long time. His areas of interest include mobile and ioT security, Malware analysis and reverse engineering and exploit development. He tweets at @vivek_310
|-
|Refreshments / Tea Break
|-
|'''''Onsite Hackathon (CTF) by''''' '''''Secure Code Warrior''': '''(3 Hours)'''''

''Secure Code Warrior is a global security company that makes software development better and more secure: Gamified competitive Developer Quality Assurance platform''

<nowiki>https://securecodewarrior.com</nowiki> , <nowiki>https://insights.securecodewarrior.com/</nowiki>

'''Announcement of the winners and Prize distribution'''
|-
|'''Vote of Thanks'''

Closing: Network Business / Announce Next Meeting – By OWASP Team
|-
|Meeting Concludes: ''Network Social''
|}

== Dec - 2018 ==
[[File:Session Photo.jpg|thumb]][[File:Group Photo.jpg|thumb]]
'''Organized''' '''by''' : ThoughtWorks Technologies Private Limited

'''Date :''' 15/Dec/2018

'''Timings :''' 10.00 AM to 1.00 PM IST

'''Venue :''' ThoughtWorks Technologies Private Limited, Hyderabad, Telangana, India

'''Registration Link:''' https://www.eventbrite.com/e/owasp-hyderabad-december-2018-chapter-meet-tickets-53371662078#

'''Agenda:'''

'''1) All about Java Deserialization Vulnerability'''

Java Deserialization of untrusted data has been a security buzzword for the past couple of years with almost every application using native Java serialization framework being vulnerable to Java deserialization attacks. Since it's inception, there have been many scattered attempts to come up with a solution to best address this flaw. In this talk we will focus on Java deserialization vulnerability and mitigation framework provided by Oracle in its latest JDK.

'''About Speakers:''' Venkata Suresh Sanga is a Principle Security Engineer in Oracle having more than 13+ years of experience in Application Development and Security. Currently working on SAST Tools to remediate or mitigate the Application Vulnerabilities. He has Masters in Computer Science (M.Tech) from Andhra University. Linkedin : <nowiki>https://in.linkedin.com/in/svsuresh-appse</nowiki>

'''Our Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Our Twitter URL:''' https://twitter.com/owasphyderabad

'''Our Telegram URL:''' https://goo.gl/EHqdLM

== Sept-2018 - One-Day Conference ==
'''Organized''' '''by''' : S&P Global and Ness

'''Date :''' 01/Sept/2018

'''Timings :''' 10.00 AM to 05.30 PM IST

'''Venue :''' @Ness Software Engineering Services India ,LLP, 4th Floor, Block 5, East Tower, '''North wing Divyasree NSL Infrastructure Pvt''', ,Sy No.66/1, Raidurgam Village, Serlingampally Mandal, RR Dist, Hyderabad-500032, Telangana, India

'''Registration Link:'''

https://www.meraevents.com/event/owasp-hyderabad-september-2018-chapter-meet?ucode=organizer

'''Agenda:'''
{| class="wikitable"
|'''Registration & Networking'''
|-
|Welcome and Overview by OWASP Core Team

Welcome note by S&P Global Team

Welcome & Overview of Meeting by OWASP Network Representative
|-
|'''Running Frida on jailed devices by using Frida and to bypass root/jailbreak detection – By Satish Kumar Patnayak'''

About Speaker : Information Security Consultant with 7+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. His areas of interest are android security, ios security
|-
|Refreshments / Tea Break
|-
|'''SSRF Exploit Development – By Aayush Deo'''

About Speaker : Good industry experience in information security and completed my BE from PUNE University. Have worked with shopclues.com, an eCommerce company in the past and have couple of Hall of Fame’s on ZETA, Paytm etc.
|-
|Networking Lunch
|-
|'''Mobile Vulnerabilities worth Millions - Pentesting and Securing iOS Apps using OWASP iGoat – By Swaroop Deepak Yermalkar'''

About Speaker : works as Sr Security Engineer with a diverse skill set focused on Mobile App Pentest, Web, API and AWS Pentesting. In addition he has authored the popular book “Learning iOS Pentesting” (<nowiki>https://goo.gl/T8jvjJ</nowiki>) and lead an open source project - OWASP iGoat (<nowiki>https://github.com/OWASP/iGoat-Swift</nowiki>) which is developed for mobile security. He is one of the top bug bounty researchers worldwide, working with Cobalt.io (<nowiki>https://app.cobalt.io/swaroopsy</nowiki>), Synack.inc.

He has given talks and workshops at many security conferences including AppSec USA 2017, BruCON, SEC-T, EuropeanSec, Hacks in Taiwan (HITCON), GroundZero, c0c0n, 0x90, GNUnify
|-
|'''OS Command Injection - Observation, Attack & Analysis (A1 - OWASP Top 10 2017) - By Bhaskar Puppala and Saikrishna Gobburi'''

About Speaker: Bhaskar Puppala is an Information Security Professional, working as a consultant for a fortune 500 company and has 8.5 years of experience. He is more interested in application security area and love to share his knowledge when possible. He also has some experience in bug bounty programs and listed on couple of Security Hall of Fames.

For more details please visit : <nowiki>https://in.linkedin.com/in/bhaskar-puppala-3bb11316</nowiki>

About Speaker: Saikrishna Gobburi has around 8.5 years of work experience on QA automation, performance and security testing .Currently he is working as Principal engineer with Pramati technologies. He is also associated as core member with OWASP-Hyderabad.

For more details please visit: <nowiki>https://www.linkedin.com/in/saikrishna-gobburi-b0088118/</nowiki>
|-
|Refreshments / Tea Break
|-
|Panel Discussion – Corporate attack methodology vs Attacks in the wild (Resource pool: Demand vs Supply)
Panel to be announced
|-
|Closing - Network Business / Announce Next Meeting – By OWASP Team
|-
|''Network Social''
|}
'''Sponsor :'''

[[File:SP.png|thumb|168x168px|Sponsor]]

== July - 2018[edit | edit source] ==
'''Time & Venue:'''
[[File:July 2018 Core Team meet.jpg|thumb|July 2018 Core Team Meet]]
@28/July/2018

CCD, Banjara Hills, Hyderabad, Telangana.

'''Agenda:'''

1. Planning for Sep 2018 OWASP meet - '''Done'''

2. Telegraph Group Mentoring - '''Done'''

3. Speakers Finalizing - '''Done'''

'''Attendees : Hyderabad OWASP Core Team'''

[[File:CoMakeIT - June 2018 Meet Pic 2.jpg|thumb|CoMakeIT - June 2018 Meet]]

== June - 2018 ==
[[File:CoMakeIT - June 2018 Meet.jpg|alt=CoMakeIT - June 2018 Meet|thumb|CoMakeIT - June 2018 Meet]]
'''Venue: coMakeIT Software Pvt Ltd'''

Address: 7th Floor, Block-I, My Home Hub, Hitech City, Madhapur, Hyderabad, INDIA

'''Event Start Time:''' Saturday, 23rd June, 2018 at 10:00 AM (IST)

'''Event Registration URL''': https://tinyurl.com/yc9cb6hg

'''Agenda:'''

'''1) Adapting to DevSecOps in Agile World'''

In this talk, speaker will try talk about basics of DevSecOps and its benefits when we integrate it in Agile SDLC space.

'''2) Understanding the internals of 'Server-Side Request Forgery' (SSRF)'''

Here speaker will try to touch the basics about how application communicates with end devices and using the same he will try to explain SSRF issue and criticality of it, if exploited.

'''About Speakers:'''

'''1) Saikrishna Gobburi''' has around 8.5 years of work experience on QA automation, performance and security testing .Currently he is working as Principle engineer with Pramati technologies. He is also associated as core member with OWASP-Hyderabad. For more details please visit: <nowiki>https://www.linkedin.com/in/saikrishna-gobburi-b0088118/</nowiki>

'''2) Bhaskar Puppala''' is an Information Security Professional, working as a consultant for a fortune 500 company and has 8.5 years of experience. He is more interested in application security area and love to share his knowledge when possible. He also has some experience in bug bounty programs and listed on couple of Security Hall of Fames. For more details please visit : <nowiki>https://in.linkedin.com/in/bhaskar-puppala-3bb11316</nowiki>

'''Our Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Our Twitter URL:''' https://twitter.com/owasphyderabad

'''Our Telegram URL:''' https://goo.gl/EHqdLM

== Mar - 2018 ==
[[File:Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet.jpg|alt=Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet|thumb|Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet]]
'''Venue: Daspalla Hotel'''
[[File:Daspalla_Hotel_-_Meet.jpg|thumb|Daspalla Hotel Meet - Mar 2018]]

Address: Rd Number 37, CBI Colony, Jubilee Hills, Hyderabad, Telangana 500033, Phone: 040 6654 5678

'''Event Start Time:''' Saturday, 10th Mar, 2018 at 10:00 AM (IST)

'''Agenda:'''

'''1) Does your Pentesting cover all the basis of IT Security ?'''

This talk focuses on how to align the security validation of a web application with the three basic elements of security namely,Confidentiality,Integrity, and Availability (CIA). The test effectiveness can be achieved by analyzing the requirements of each element and identifying the potential breaches that can compromise each element. The efficiency should be built by relating these breaches with the known OWASP Top 10 and other vulnerabilities and, leveraging that knowledge to identify the testing approach - static and dynamic throughout the SDLC.

'''About Speakers:'''

'''Bhushan Gupta''' has over 30 years of experience in software engineering, 23 of which have been in the software industry. Although recognized for his contributions in the areas of software engineering such as agile processes and quality methods and metrics, Bhushan has taken a vigorous interest in web application security and is keen on applying pragmatic software development practices that yield a secure product. He is one of the leaders of the OWASP Portland Chapter. Bhushan has been a speaker, a panelist, and a reviewer for software quality and security organizations. As a change agent, Bhushan volunteers his time and energy for organizations that promote software security and quality. He has a MS degree in Computer Science from New Mexico Institute of Mining and Technology, Socorro, New Mexico, 1985.

'''Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Twitter URL:''' https://twitter.com/owasphyderabad

'''Telegram URL:''' https://goo.gl/EHqdLM

'''Registration URL:''' https://goo.gl/tEXnec

== Feb-2018 ==

=== '''Venue: coMakeIT''' ===
7th Floor, Block-I, My Home Hub, Hitech City, Madhapur, Hyderabad, INDIA

'''Time:''' Saturday, 03rd Feb, 2018 at 10:30 AM (IST)

'''Agenda:'''

1) Mobile Application Pentest & Mobile Application Ransomware

2) Using Static Analyser tools while coding

'''About Speakers:'''

1) '''Spv Reddy''' is an Application Security Analyst at '''IMImobile Pvt Ltd''', member of '''National Technical Committee Member''' at National Cyber Safety and Security Standards

Also a '''Steering Committee Lead''' Member in National Information Security Summit.

2) '''Dathu Rachapudi''' is having 9 years of experience with 6+ years into Application Security only. He is currently working with '''ValueLabs''' as a “Technical Lead-Security”

He likes to teach and a happy a bug hunter during his leisure time.

== Dec-2017 ==
[[File:WhatsApp Image 2017-12-15 at 11.09.39 PM.jpg|thumb]]
'''Time & Venue:'''

@15/Dec/2017

KFC location, Shilparamam, Hi-Tech city, Hyderabad

'''Agenda:'''

1. Planning for Jan 20th 2018 general OWASP meet - '''Done'''

2. Need to clear OWASP mail account - '''Done'''

'''Attendees : Hyderabad OWASP Core Team'''

== Sec-2017 ==
[[File:WhatsApp Image 2017-12-15 at 10.13.27 PM.jpg|thumb]]
'''Time & Venue:'''

@03/Sep/2017

Cafe Coffee day, Road Number 10, Banjara Hills, Hyderabad

'''Below decisions were made after careful discussions'''

1. Uploading of OWASP presentation template, speakers should make use of this template to prepare their presentation

2. Recording the technical demo is mandate for presenters

'''Attendees : Hyderabad OWASP Core Team'''

== July 2017 ==
'''Time & Venue:'''

OpenText Technologies, Building No-14, 3rd Floor, Raheja Mindspace, HITEH City, Hyderabad

Saturday, July 15th, 2017 at 10:30 AM (IST)

'''Agenda:'''

1. Introduction to DevOps and its Tools - Krishna Reddy Pedala

2. API Security Auditing using RESTED Plug-in - Vikas Kumar Pal

'''About the speaker:'''

'''Krishna Reddy Pedala''' is currently working as an Sr.Information Security consultant in financial sector. His previous endeavour was with Microsoft and has 9+ years of experience in Information security domain with expertise in service industry and banking domains.

'''Vikas Kumar Pal''' is an information security professional working with Ceredox Technologies Pvt Ltd, Hyderabad with an interest in research and development in the areas of Application Security, Penetration Testing and Web Application Development.

== Feb 2017 ==

'''Time & Venue:'''

Starbucks, Opp: Cybergateway, HiTech City, Hyderbad

Monday, February 20th, 2017 at 7.30 PM (IST)

'''Agenda:'''

Topic: New Core Team Meeting

Road map for year 2017

Changes in core team members responsibilities

Getting OWASP accounts for core members

Administration of all social accounts of OWASP Hyderabad Chapter

== April 2016 ==
'''Time & Venue:'''

OpenText Technologies, Building No-14, 3rd Floor, Raheja Mindspace, HITEH City, Hyderabad

Saturday, April 2nd, 2016 at 10:30 AM (IST)

'''Agenda:'''

Topic: Mobile application security and testing by Satish Kumar Patnaik

About the speaker - Satish Kumar Patnayak : he is currently working as an Senior Information Security Consultant financial sector and has 5+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. His areas of interest are android security, ios security.

==February 2016==

'''Time & Venue:'''

Saturday, February 27th, 2016 at 10:30 AM (IST)

Location: Pramati Technologies Private Limited, Mid Town 6-3-348 Road No. 1, Banjara Hills, Hyderabad, Telangana, India

'''Agenda:'''

Microsoft Threat Modeling Tool 2016 by Krishna Reddy Padala

Creating DFD STRIDE Model Identifying STRIDE Threats by DFD, Mitigation Techniques and Technologies

'''About the speaker:''' Krishna Reddy Padala, he is currently working as an Senior Information Security Consultant financial sectore and worked with Microsoft and has 8+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. QUALYS GUARD Certified Vulnerability Management Specialist.Certified Ethical Hacker from EC Council.Worked extensively on Web Application Security, Secure Code Reviews in Banking & Financial, Healthcare, Retail, Logistics domains.

== '''Previous Meets:''' ==

==May 11, 2013==

'''Venue:'''

CA Technologies, 115, IT Park Area, Nanakramguda, Gachibowli - (Phone - 040 6687 8000), Hyderabad

'''Agenda:''' Exploiting Java 0-day by Ravindra and Raghuveer, CA Technologies Compliance and Governance by Shalem Raj, Cognizant.

==February 9, 2013==

'''Date & Time: Saturday, February 9, 2013 from 10:00 AM to 1:00 PM '''

'''Venue:'''
CA Technologies 
115, IT Park Area 
Nanakramguda, Gachibowli - (Phone - 040 6687 8000) 
Hyderabad

'''Agenda:'''
IBM Appscan - An automated approach to web app security by Rohit Tamma 
Insecure Storage in iPhone applications by Satish Bommisetty

''' Speakers: '''

'''Rohit Tamma'''
Rohit Tamma has been working in the field of Application Security since 3.5 years. He has experience in Vulnerability Assessments and Penetration Testing of web applications. He is passionate about Mobile security with special interest in Android security. He is currently working with ADP.

'''Satish Bommisetty'''
Satish is an Information Security Professional with 6.5 years of experience in penetration testing of web applications and mobile applications. He is currently working with ADP as a security analyst. He is a Facebook whitehat. He also reported vulnerabilities in Bing, Linkedin and Paypal.

== October 27, 2012 ==

'''Date & Time: Saturday, October 27, 2012 at 11:00 AM (IST) '''.

'''Venue:'''

Invesco private Limited 
15th Floor , North Block, Beside Raidurg Police Station 
DivyaSree Orion SEZ 
Hyderabad, Andhra Pradesh 500032 

'''Agenda:'''

A bird'd eye view of securing Web Applications by Imran Mohammed

SSDLC BSIMM by M S Sripathi

''' Speakers '''

'''Imran Mohammed'''

Mohammed Imran works as Researcher at TCS, Innovation Labs. He also leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Imran is a CEH and his interests include application security assessment, penetration testing and secure code review. When not at work he practices horse riding and marksmanship.

'''Sreepati M S '''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him .

'''Sponsor'''

Invesco Pvt Ltd

== August 11, 2012 ==

'''Date & Time: Saturday, Aug 11, 2012 at 10:30 AM '''.

'''Venue:'''

ADP pvt ltd 
Kothaguda 
Ground floor, Block C Laxmi cyber city Opposite TCS e-park 
Hyderabad, Andhra Pradesh 500081 

'''Agenda:'''

HTML5 Security Part II by Krishna Chaitanya

''' Speakers '''

'''Krishna Chaitanya T'''

Krishna Chaitanya T is a web geek working at Security & Privacy Research Lab, Infosys Labs. He is very much passionate about the web with special interest on Web security and areas such as HTML5, JavaScript, Web browsers, social networking platforms etc. He is a regular blogger and speaker at technical events. For his contributions to technical communities, he has been awarded Microsoft MVP award for 3 consecutive years-ASP.NET MVP(2010) and Internet Explorer MVP (2011, 2012). He is also pursuing M.S by Research at IIIT-Hyd with focus on security aspects of the modern web. When not at work he practices Yoga and plays Chess.

'''Sponsor'''

https://www.owasp.org/images/9/91/Adp.jpg

== May 19, 2012 ==

'''Date & Time: Saturday, May 19, 2012 at 10:30 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

HTML5 Security by Krishna Chaitanya

''' Speakers '''

'''Krishna Chaitanya T'''

Krishna Chaitanya T is a web geek working at Security & Privacy Research Lab, Infosys Labs. He is very much passionate about the web with special interest on Web security and areas such as HTML5, JavaScript, Web browsers, social networking platforms etc. He is a regular blogger and speaker at technical events. For his contributions to technical communities, he has been awarded Microsoft MVP award for 3 consecutive years-ASP.NET MVP(2010) and Internet Explorer MVP (2011, 2012). He is also pursuing M.S by Research at IIIT-Hyd with focus on security aspects of the modern web. When not at work he practices Yoga and plays Chess.

== February 25, 2012 ==

'''Date & Time: Saturday, February 25, 2012 at 11:00 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

How to find zero days in web applications by Imran & Raghunath

''' Speakers '''

'''Mohammed Imran'''

Imran works as Application Security Researcher at Tata consultancy services,leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Apart from his day job he contributes to matriux and Fedora open source projects. Imran is a CEH and his interests include application security assessment, penetration testing and code review.

'''Raghunath'''

Raghunath works as a senior security engineer at entersoft information systems private limited. His interests include web application penetration testing.

== December 17, 2011 ==

'''Date & Time: Saturday, at 10:30 AM '''.

'''Venue: '''

Hotel Sitara Grand 
Road No.12, Road No.12, Banjara Hills 
Hyderabad, Andhra Pradesh 500034, India 

'''Agenda:'''

Cloud Security by Arshad Noor

''' Speakers '''

'''Arshad Noor'''
Chief Technology Officer
StrongAuth, Inc., Sunnyvale, California

Started his great profession as a senior systems designer way back in 1986 at Port Authority of Newyork and New Jersey,- Newyork and worked in Citibank - newyork as Vice President apart from Newyork Life Insurance, BASF Corporation, Sun IT ,Sun Microsystems, INC to name.
Architected and built several Public Key Infrastructure (PKI) assignments for several defense, communication, medical, Banking, e-commerce, life sciences and other industries.

== November 12, 2011==

'''Date & Time: Saturday, at 10:30 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

HP WebInspect by Rohit Tamma

Pentesting Iphone Applications By B Satish

''' Speakers '''

'''Rohit Tamma'''

Rohit Tamma (CEH) has been working as a Application security Analyst in TCS from past 2 years. His job responsibilities include Vulnerability Assessment and Penetration Testing which enabled him to acquire extensive knowledge on HP WebInspect,IBM Rational Appscan Source Edition and HP Assessment Management Platform. Recently he also gave a presentation in Null Hyderabad meet on HP WebInspect.

'''Satish B'''

Satish has been working as a web application penetration tester since 5 years. Pentested over 200 web applications during this period. Recently he got involved in reverse engineering of binaries, WLAN security and mobile application hacking. He also Performed a couple of network assessments and source code reviews. Developed a compiler in the early stage of the career. He has a Bachelor’s Degree in Computer Science from JNTU, Hyderabad.Passionate about hacking and sharing knowledge.

== 20th August 2011 ==

'''Date & Time: Saturady, at 11 AM '''

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

Oracle Padding Attack by B. Satish

Open SAM part II by Sripati MS

''' Speakers '''

'''B Satish'''

I have been working as a web application penetration tester since 5 years. Pentested over 200 web applications during this period. Recently got involved in reverse engineering of binaries, WLAN security and mobile application hacking. Performed a couple of network assessments and source code reviews. Developed a compiler in the early stage of the career. I have a Bachelor’s Degree in Computer Science from JNTU, Hyderabad. Passionate about hacking and sharing knowledge

'''Sreepati M S'''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him

== July 2011 ==

'''Date: 23/07/2011 saturady of at 12:00 Noon '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

Presentation on Burp Suite by Omair Seminar on Open SAM by Sreepati

''' Speakers '''

'''Sreepati M S '''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him

 

'''Omair '''

Omair works as penetration tester in NII consulting, has over 5 years of experience in Penetration testing. His interests include Network Penetration testing, Exploit generation and Reverse engineering

 ''' Facility Sponsor & Refreshment sponsor'''

3i Infotech

[[Image:3i Infotech.png]]

 

== june 2011 ==

'''Meet on:''' 11/06/2011 saturday

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Facility Sponsor & Refreshment sponsor''' 

Cognizant Technology Solutions

 

[[Image:Cognizant.png|273x86px|Cognizant.png]]

 

== May 2011 ==

'''Meet on:''' 07/05/2011 saturday

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

XSS Autopsy and w3af by Imran

''' Speakers '''

'''Mohammed Imran'''

Imran works as Application Security Researcher at Tata consultancy services,leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Apart from his day job he contributes to matriux and Fedora open source projects. Imran is a CEH and his interests include application security assessment, penetration testing and code review.

'''Sponsor''' 

Cognizant Technology Solutions

 

==== Audio/Video/Slides Archive ====

<paypal>Hyderabad</paypal>

__NOTOC__ <headertabs></headertabs>

[[Category:OWASP_Chapter]]
[[Category:Asia/Pacific/Middle East]]
[[Category:India]]
[[Category:Hyderabad]]

Hyderabad

2019-02-14T19:22:07Z

Raj Shalem: edited content

Welcome to the OWASP Hyderabad chapter homepage.

== OWASP - Hyderabad Chapter Board Members ==
Scope of the board is to discuss and approve local activities, meetings and plans.The board meetings will be announced at a later date. 

'''The board currently includes the following members :'''

''Core Team Members - 2017'' [mailto:gshalemraj@gmail.com Shalem Raj - Cognizant Technology Solutions] : Chapter Leader [mailto:rajesh.gopal@owasp.org Rajesh Gopal - Fortune 500 Organisation] [mailto:bhaskar.puppala@owasp.org Bhaskar Puppala - Fortune 500 Organisation] [mailto:sathya.achanta@owasp.org Achanta Sathya Phani Bapi Raju - CSC] [mailto:saikrishna.gobburi@owasp.org Saikrishna Gobburi - Pramati Technologies Pvt Ltd] 

Information about future meets can be seen in the '''''Upcoming Meetings''''' section below.

== '''Location Details''' ==

Hyderabad is the capital of southern India's Telangana state. A major center for the technology industry, it's home to many upscale restaurants and shops. Its historic sites include Golconda Fort, a former diamond-trading center that was once the Qutb Shahi dynastic capital. The Charminar, a 16th-century mosque whose 4 arches support towering minarets, is an old city landmark near the long-standing Laad Bazaar.

[[File:Hydskyline.jpg|Panorama of Hyderabad, as seen from the Hussain Sagar lake. Source: https://en.wikipedia.org/wiki/Hyderabad#/media/File:Hydskyline.jpg|center|1150x1150px]]

More details about Hyderabad location available @https://en.wikipedia.org/wiki/Hyderabad<nowiki/>{{Chapter Template|chaptername=Hyderabad|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-hyderabad|emailarchives=http://lists.owasp.org/pipermail/owasp-hyderabad}}
== Participants ==

OWASP Local Chapter meetings are free and open. Our chapter's meetings are informal and encourage open discussion of all aspects of application security. Anyone in our area interested in web application security is welcome to attend. We encourage attendees to give short presentations about specific topics.

 Stay Updated

'''[https://lists.owasp.org/mailman/listinfo/owasp-hyderabad Click here to join the local chapter mailing list]'''

'''Follow''' OWASP Hyderabad on your favorite social media sites:

[[Image:Twitter mini.png|link=http://twitter.com/OWASPHyderabad]] [[Image:Facebook mini.png|link=https://www.facebook.com/pages/Owasp-Hyderabad/181569591897591]]

'''Share''' OWASP Hyderabad on your favorite social media sites:

Presentations are invited from speakers, Please contacts us at our Telegram Group @https://goo.gl/EHqdLM

(Don't share personal details like contact numbers here, because its an open group, your privacy is our concern)

Presenters are encouraged to use OWASP presentation template for slides preparation.

Follow us at our Telegram, Twitter and Facebook handles to get latest information !

== '''Upcoming Meetings & Events''' ==
''Stay tuned for 2018 updates - Exciting activities are under plan !''

== [[Meeting]] Details: ==

== Mar - 2019 - One-Day Conference ==
'''Organized''' '''by''' : S&P Global and Ness

'''Date :''' 09/Mar/2019

'''Timings :''' 10.00 AM to 05.30 PM IST

'''Venue :''' @Ness Software Engineering Services India ,LLP, 4th Floor, Block 5, East Tower, '''North wing Divyasree NSL Infrastructure Pvt''', ,Sy No.66/1, Raidurgam Village, Serlingampally Mandal, RR Dist, Hyderabad-500032, Telangana, India

'''Registration Link:''' Will be published soon
{| class="wikitable"
|'''Registration & Networking'''
|-
|Welcome and Overview by OWASP Core Team:

''Felicitation to Guest of Honor: '''G Janaki Sharmila''' - Dy. Commissioner of Police - Crime''

''Welcome note by S&P Global Team''
|-
|'''Authentication in API, Microservices Architecture''' '''and Cloud Security''' – By ''Varun Kumar Srivastava'':

Varun is principal Engineer with 9 + years of experience in developing and securing web applications and expertise in Application Security, Identity and Access management, He is a computer science graduate from IIT
|-
|'''Secure Software Development: Executive Briefing''' – By Satish Kumar Vadlakonda: Satish is Associate Director with 12 + years of broad industry experience in to software design, architecture and development. Specialized in Web and Windows applications development with a strong acquaintance to the best practices of Agile, UX, UI and Information security
|-
|Refreshments / Tea Break
|-
|'''''Panel Discussion''''' ''(Cybersecurity Readiness – Maturity and Capability)''

Dr. Bheemarjuna Reddy Tamma - Associate Professor, IIT Hyderabad

Dr. V. Radha, Associate Professor, Institute for Development and Research in Banking Technology (IDRBT)

Mr. Veeraindhra Dinker, Director Information Security at GSS Infotech Hyderabad
|-
|'''Networking Lunch -'''

'''Registrations for Onsite Hackathon by Secure Code Warrior'''
|-
|'''An Introduction to IOT firmware analysis and Security''' – By ''Vivek Rengarajan:''

Vivek is a cybersecurity team leader in a multinational bank with almost 18 years of experience. He has held varied roles in his career and has been a cyber security enthusiast for a long time. His areas of interest include mobile and ioT security, Malware analysis and reverse engineering and exploit development. He tweets at @vivek_310
|-
|Refreshments / Tea Break
|-
|'''''Onsite Hackathon (CTF) by''''' '''''Secure Code Warrior''': '''(3 Hours)'''''

''Secure Code Warrior is a global security company that makes software development better and more secure: Gamified competitive Developer Quality Assurance platform''

<nowiki>https://securecodewarrior.com</nowiki> , <nowiki>https://insights.securecodewarrior.com/</nowiki>

'''Announcement of the winners and Prize distribution'''
|-
|'''Vote of Thanks'''

Closing: Network Business / Announce Next Meeting – By OWASP Team
|-
|Meeting Concludes: ''Network Social''
|}

== Dec - 2018 ==
[[File:Session Photo.jpg|thumb]][[File:Group Photo.jpg|thumb]]
'''Organized''' '''by''' : ThoughtWorks Technologies Private Limited

'''Date :''' 15/Dec/2018

'''Timings :''' 10.00 AM to 1.00 PM IST

'''Venue :''' ThoughtWorks Technologies Private Limited, Hyderabad, Telangana, India

'''Registration Link:''' https://www.eventbrite.com/e/owasp-hyderabad-december-2018-chapter-meet-tickets-53371662078#

'''Agenda:'''

'''1) All about Java Deserialization Vulnerability'''

Java Deserialization of untrusted data has been a security buzzword for the past couple of years with almost every application using native Java serialization framework being vulnerable to Java deserialization attacks. Since it's inception, there have been many scattered attempts to come up with a solution to best address this flaw. In this talk we will focus on Java deserialization vulnerability and mitigation framework provided by Oracle in its latest JDK.

'''About Speakers:''' Venkata Suresh Sanga is a Principle Security Engineer in Oracle having more than 13+ years of experience in Application Development and Security. Currently working on SAST Tools to remediate or mitigate the Application Vulnerabilities. He has Masters in Computer Science (M.Tech) from Andhra University. Linkedin : <nowiki>https://in.linkedin.com/in/svsuresh-appse</nowiki>

'''Our Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Our Twitter URL:''' https://twitter.com/owasphyderabad

'''Our Telegram URL:''' https://goo.gl/EHqdLM

== Sept-2018 - One-Day Conference ==
'''Organized''' '''by''' : S&P Global and Ness

'''Date :''' 01/Sept/2018

'''Timings :''' 10.00 AM to 05.30 PM IST

'''Venue :''' @Ness Software Engineering Services India ,LLP, 4th Floor, Block 5, East Tower, '''North wing Divyasree NSL Infrastructure Pvt''', ,Sy No.66/1, Raidurgam Village, Serlingampally Mandal, RR Dist, Hyderabad-500032, Telangana, India

'''Registration Link:'''

https://www.meraevents.com/event/owasp-hyderabad-september-2018-chapter-meet?ucode=organizer

'''Agenda:'''
{| class="wikitable"
|'''Registration & Networking'''
|-
|Welcome and Overview by OWASP Core Team

Welcome note by S&P Global Team

Welcome & Overview of Meeting by OWASP Network Representative
|-
|'''Running Frida on jailed devices by using Frida and to bypass root/jailbreak detection – By Satish Kumar Patnayak'''

About Speaker : Information Security Consultant with 7+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. His areas of interest are android security, ios security
|-
|Refreshments / Tea Break
|-
|'''SSRF Exploit Development – By Aayush Deo'''

About Speaker : Good industry experience in information security and completed my BE from PUNE University. Have worked with shopclues.com, an eCommerce company in the past and have couple of Hall of Fame’s on ZETA, Paytm etc.
|-
|Networking Lunch
|-
|'''Mobile Vulnerabilities worth Millions - Pentesting and Securing iOS Apps using OWASP iGoat – By Swaroop Deepak Yermalkar'''

About Speaker : works as Sr Security Engineer with a diverse skill set focused on Mobile App Pentest, Web, API and AWS Pentesting. In addition he has authored the popular book “Learning iOS Pentesting” (<nowiki>https://goo.gl/T8jvjJ</nowiki>) and lead an open source project - OWASP iGoat (<nowiki>https://github.com/OWASP/iGoat-Swift</nowiki>) which is developed for mobile security. He is one of the top bug bounty researchers worldwide, working with Cobalt.io (<nowiki>https://app.cobalt.io/swaroopsy</nowiki>), Synack.inc.

He has given talks and workshops at many security conferences including AppSec USA 2017, BruCON, SEC-T, EuropeanSec, Hacks in Taiwan (HITCON), GroundZero, c0c0n, 0x90, GNUnify
|-
|'''OS Command Injection - Observation, Attack & Analysis (A1 - OWASP Top 10 2017) - By Bhaskar Puppala and Saikrishna Gobburi'''

About Speaker: Bhaskar Puppala is an Information Security Professional, working as a consultant for a fortune 500 company and has 8.5 years of experience. He is more interested in application security area and love to share his knowledge when possible. He also has some experience in bug bounty programs and listed on couple of Security Hall of Fames.

For more details please visit : <nowiki>https://in.linkedin.com/in/bhaskar-puppala-3bb11316</nowiki>

About Speaker: Saikrishna Gobburi has around 8.5 years of work experience on QA automation, performance and security testing .Currently he is working as Principal engineer with Pramati technologies. He is also associated as core member with OWASP-Hyderabad.

For more details please visit: <nowiki>https://www.linkedin.com/in/saikrishna-gobburi-b0088118/</nowiki>
|-
|Refreshments / Tea Break
|-
|Panel Discussion – Corporate attack methodology vs Attacks in the wild (Resource pool: Demand vs Supply)
Panel to be announced
|-
|Closing - Network Business / Announce Next Meeting – By OWASP Team
|-
|''Network Social''
|}
'''Sponsor :'''

[[File:SP.png|thumb|168x168px|Sponsor]]

== July - 2018[edit | edit source] ==
'''Time & Venue:'''
[[File:July 2018 Core Team meet.jpg|thumb|July 2018 Core Team Meet]]
@28/July/2018

CCD, Banjara Hills, Hyderabad, Telangana.

'''Agenda:'''

1. Planning for Sep 2018 OWASP meet - '''Done'''

2. Telegraph Group Mentoring - '''Done'''

3. Speakers Finalizing - '''Done'''

'''Attendees : Hyderabad OWASP Core Team'''

[[File:CoMakeIT - June 2018 Meet Pic 2.jpg|thumb|CoMakeIT - June 2018 Meet]]

== June - 2018 ==
[[File:CoMakeIT - June 2018 Meet.jpg|alt=CoMakeIT - June 2018 Meet|thumb|CoMakeIT - June 2018 Meet]]
'''Venue: coMakeIT Software Pvt Ltd'''

Address: 7th Floor, Block-I, My Home Hub, Hitech City, Madhapur, Hyderabad, INDIA

'''Event Start Time:''' Saturday, 23rd June, 2018 at 10:00 AM (IST)

'''Event Registration URL''': https://tinyurl.com/yc9cb6hg

'''Agenda:'''

'''1) Adapting to DevSecOps in Agile World'''

In this talk, speaker will try talk about basics of DevSecOps and its benefits when we integrate it in Agile SDLC space.

'''2) Understanding the internals of 'Server-Side Request Forgery' (SSRF)'''

Here speaker will try to touch the basics about how application communicates with end devices and using the same he will try to explain SSRF issue and criticality of it, if exploited.

'''About Speakers:'''

'''1) Saikrishna Gobburi''' has around 8.5 years of work experience on QA automation, performance and security testing .Currently he is working as Principle engineer with Pramati technologies. He is also associated as core member with OWASP-Hyderabad. For more details please visit: <nowiki>https://www.linkedin.com/in/saikrishna-gobburi-b0088118/</nowiki>

'''2) Bhaskar Puppala''' is an Information Security Professional, working as a consultant for a fortune 500 company and has 8.5 years of experience. He is more interested in application security area and love to share his knowledge when possible. He also has some experience in bug bounty programs and listed on couple of Security Hall of Fames. For more details please visit : <nowiki>https://in.linkedin.com/in/bhaskar-puppala-3bb11316</nowiki>

'''Our Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Our Twitter URL:''' https://twitter.com/owasphyderabad

'''Our Telegram URL:''' https://goo.gl/EHqdLM

== Mar - 2018 ==
[[File:Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet.jpg|alt=Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet|thumb|Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet]]
'''Venue: Daspalla Hotel'''
[[File:Daspalla_Hotel_-_Meet.jpg|thumb|Daspalla Hotel Meet - Mar 2018]]

Address: Rd Number 37, CBI Colony, Jubilee Hills, Hyderabad, Telangana 500033, Phone: 040 6654 5678

'''Event Start Time:''' Saturday, 10th Mar, 2018 at 10:00 AM (IST)

'''Agenda:'''

'''1) Does your Pentesting cover all the basis of IT Security ?'''

This talk focuses on how to align the security validation of a web application with the three basic elements of security namely,Confidentiality,Integrity, and Availability (CIA). The test effectiveness can be achieved by analyzing the requirements of each element and identifying the potential breaches that can compromise each element. The efficiency should be built by relating these breaches with the known OWASP Top 10 and other vulnerabilities and, leveraging that knowledge to identify the testing approach - static and dynamic throughout the SDLC.

'''About Speakers:'''

'''Bhushan Gupta''' has over 30 years of experience in software engineering, 23 of which have been in the software industry. Although recognized for his contributions in the areas of software engineering such as agile processes and quality methods and metrics, Bhushan has taken a vigorous interest in web application security and is keen on applying pragmatic software development practices that yield a secure product. He is one of the leaders of the OWASP Portland Chapter. Bhushan has been a speaker, a panelist, and a reviewer for software quality and security organizations. As a change agent, Bhushan volunteers his time and energy for organizations that promote software security and quality. He has a MS degree in Computer Science from New Mexico Institute of Mining and Technology, Socorro, New Mexico, 1985.

'''Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Twitter URL:''' https://twitter.com/owasphyderabad

'''Telegram URL:''' https://goo.gl/EHqdLM

'''Registration URL:''' https://goo.gl/tEXnec

== Feb-2018 ==

=== '''Venue: coMakeIT''' ===
7th Floor, Block-I, My Home Hub, Hitech City, Madhapur, Hyderabad, INDIA

'''Time:''' Saturday, 03rd Feb, 2018 at 10:30 AM (IST)

'''Agenda:'''

1) Mobile Application Pentest & Mobile Application Ransomware

2) Using Static Analyser tools while coding

'''About Speakers:'''

1) '''Spv Reddy''' is an Application Security Analyst at '''IMImobile Pvt Ltd''', member of '''National Technical Committee Member''' at National Cyber Safety and Security Standards

Also a '''Steering Committee Lead''' Member in National Information Security Summit.

2) '''Dathu Rachapudi''' is having 9 years of experience with 6+ years into Application Security only. He is currently working with '''ValueLabs''' as a “Technical Lead-Security”

He likes to teach and a happy a bug hunter during his leisure time.

== Dec-2017 ==
[[File:WhatsApp Image 2017-12-15 at 11.09.39 PM.jpg|thumb]]
'''Time & Venue:'''

@15/Dec/2017

KFC location, Shilparamam, Hi-Tech city, Hyderabad

'''Agenda:'''

1. Planning for Jan 20th 2018 general OWASP meet - '''Done'''

2. Need to clear OWASP mail account - '''Done'''

'''Attendees : Hyderabad OWASP Core Team'''

== Sec-2017 ==
[[File:WhatsApp Image 2017-12-15 at 10.13.27 PM.jpg|thumb]]
'''Time & Venue:'''

@03/Sep/2017

Cafe Coffee day, Road Number 10, Banjara Hills, Hyderabad

'''Below decisions were made after careful discussions'''

1. Uploading of OWASP presentation template, speakers should make use of this template to prepare their presentation

2. Recording the technical demo is mandate for presenters

'''Attendees : Hyderabad OWASP Core Team'''

== July 2017 ==
'''Time & Venue:'''

OpenText Technologies, Building No-14, 3rd Floor, Raheja Mindspace, HITEH City, Hyderabad

Saturday, July 15th, 2017 at 10:30 AM (IST)

'''Agenda:'''

1. Introduction to DevOps and its Tools - Krishna Reddy Pedala

2. API Security Auditing using RESTED Plug-in - Vikas Kumar Pal

'''About the speaker:'''

'''Krishna Reddy Pedala''' is currently working as an Sr.Information Security consultant in financial sector. His previous endeavour was with Microsoft and has 9+ years of experience in Information security domain with expertise in service industry and banking domains.

'''Vikas Kumar Pal''' is an information security professional working with Ceredox Technologies Pvt Ltd, Hyderabad with an interest in research and development in the areas of Application Security, Penetration Testing and Web Application Development.

== Feb 2017 ==

'''Time & Venue:'''

Starbucks, Opp: Cybergateway, HiTech City, Hyderbad

Monday, February 20th, 2017 at 7.30 PM (IST)

'''Agenda:'''

Topic: New Core Team Meeting

Road map for year 2017

Changes in core team members responsibilities

Getting OWASP accounts for core members

Administration of all social accounts of OWASP Hyderabad Chapter

== April 2016 ==
'''Time & Venue:'''

OpenText Technologies, Building No-14, 3rd Floor, Raheja Mindspace, HITEH City, Hyderabad

Saturday, April 2nd, 2016 at 10:30 AM (IST)

'''Agenda:'''

Topic: Mobile application security and testing by Satish Kumar Patnaik

About the speaker - Satish Kumar Patnayak : he is currently working as an Senior Information Security Consultant financial sector and has 5+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. His areas of interest are android security, ios security.

==February 2016==

'''Time & Venue:'''

Saturday, February 27th, 2016 at 10:30 AM (IST)

Location: Pramati Technologies Private Limited, Mid Town 6-3-348 Road No. 1, Banjara Hills, Hyderabad, Telangana, India

'''Agenda:'''

Microsoft Threat Modeling Tool 2016 by Krishna Reddy Padala

Creating DFD STRIDE Model Identifying STRIDE Threats by DFD, Mitigation Techniques and Technologies

'''About the speaker:''' Krishna Reddy Padala, he is currently working as an Senior Information Security Consultant financial sectore and worked with Microsoft and has 8+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. QUALYS GUARD Certified Vulnerability Management Specialist.Certified Ethical Hacker from EC Council.Worked extensively on Web Application Security, Secure Code Reviews in Banking & Financial, Healthcare, Retail, Logistics domains.

== '''Previous Meets:''' ==

==May 11, 2013==

'''Venue:'''

CA Technologies, 115, IT Park Area, Nanakramguda, Gachibowli - (Phone - 040 6687 8000), Hyderabad

'''Agenda:''' Exploiting Java 0-day by Ravindra and Raghuveer, CA Technologies Compliance and Governance by Shalem Raj, Cognizant.

==February 9, 2013==

'''Date & Time: Saturday, February 9, 2013 from 10:00 AM to 1:00 PM '''

'''Venue:'''
CA Technologies 
115, IT Park Area 
Nanakramguda, Gachibowli - (Phone - 040 6687 8000) 
Hyderabad

'''Agenda:'''
IBM Appscan - An automated approach to web app security by Rohit Tamma 
Insecure Storage in iPhone applications by Satish Bommisetty

''' Speakers: '''

'''Rohit Tamma'''
Rohit Tamma has been working in the field of Application Security since 3.5 years. He has experience in Vulnerability Assessments and Penetration Testing of web applications. He is passionate about Mobile security with special interest in Android security. He is currently working with ADP.

'''Satish Bommisetty'''
Satish is an Information Security Professional with 6.5 years of experience in penetration testing of web applications and mobile applications. He is currently working with ADP as a security analyst. He is a Facebook whitehat. He also reported vulnerabilities in Bing, Linkedin and Paypal.

== October 27, 2012 ==

'''Date & Time: Saturday, October 27, 2012 at 11:00 AM (IST) '''.

'''Venue:'''

Invesco private Limited 
15th Floor , North Block, Beside Raidurg Police Station 
DivyaSree Orion SEZ 
Hyderabad, Andhra Pradesh 500032 

'''Agenda:'''

A bird'd eye view of securing Web Applications by Imran Mohammed

SSDLC BSIMM by M S Sripathi

''' Speakers '''

'''Imran Mohammed'''

Mohammed Imran works as Researcher at TCS, Innovation Labs. He also leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Imran is a CEH and his interests include application security assessment, penetration testing and secure code review. When not at work he practices horse riding and marksmanship.

'''Sreepati M S '''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him .

'''Sponsor'''

Invesco Pvt Ltd

== August 11, 2012 ==

'''Date & Time: Saturday, Aug 11, 2012 at 10:30 AM '''.

'''Venue:'''

ADP pvt ltd 
Kothaguda 
Ground floor, Block C Laxmi cyber city Opposite TCS e-park 
Hyderabad, Andhra Pradesh 500081 

'''Agenda:'''

HTML5 Security Part II by Krishna Chaitanya

''' Speakers '''

'''Krishna Chaitanya T'''

Krishna Chaitanya T is a web geek working at Security & Privacy Research Lab, Infosys Labs. He is very much passionate about the web with special interest on Web security and areas such as HTML5, JavaScript, Web browsers, social networking platforms etc. He is a regular blogger and speaker at technical events. For his contributions to technical communities, he has been awarded Microsoft MVP award for 3 consecutive years-ASP.NET MVP(2010) and Internet Explorer MVP (2011, 2012). He is also pursuing M.S by Research at IIIT-Hyd with focus on security aspects of the modern web. When not at work he practices Yoga and plays Chess.

'''Sponsor'''

https://www.owasp.org/images/9/91/Adp.jpg

== May 19, 2012 ==

'''Date & Time: Saturday, May 19, 2012 at 10:30 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

HTML5 Security by Krishna Chaitanya

''' Speakers '''

'''Krishna Chaitanya T'''

Krishna Chaitanya T is a web geek working at Security & Privacy Research Lab, Infosys Labs. He is very much passionate about the web with special interest on Web security and areas such as HTML5, JavaScript, Web browsers, social networking platforms etc. He is a regular blogger and speaker at technical events. For his contributions to technical communities, he has been awarded Microsoft MVP award for 3 consecutive years-ASP.NET MVP(2010) and Internet Explorer MVP (2011, 2012). He is also pursuing M.S by Research at IIIT-Hyd with focus on security aspects of the modern web. When not at work he practices Yoga and plays Chess.

== February 25, 2012 ==

'''Date & Time: Saturday, February 25, 2012 at 11:00 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

How to find zero days in web applications by Imran & Raghunath

''' Speakers '''

'''Mohammed Imran'''

Imran works as Application Security Researcher at Tata consultancy services,leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Apart from his day job he contributes to matriux and Fedora open source projects. Imran is a CEH and his interests include application security assessment, penetration testing and code review.

'''Raghunath'''

Raghunath works as a senior security engineer at entersoft information systems private limited. His interests include web application penetration testing.

== December 17, 2011 ==

'''Date & Time: Saturday, at 10:30 AM '''.

'''Venue: '''

Hotel Sitara Grand 
Road No.12, Road No.12, Banjara Hills 
Hyderabad, Andhra Pradesh 500034, India 

'''Agenda:'''

Cloud Security by Arshad Noor

''' Speakers '''

'''Arshad Noor'''
Chief Technology Officer
StrongAuth, Inc., Sunnyvale, California

Started his great profession as a senior systems designer way back in 1986 at Port Authority of Newyork and New Jersey,- Newyork and worked in Citibank - newyork as Vice President apart from Newyork Life Insurance, BASF Corporation, Sun IT ,Sun Microsystems, INC to name.
Architected and built several Public Key Infrastructure (PKI) assignments for several defense, communication, medical, Banking, e-commerce, life sciences and other industries.

== November 12, 2011==

'''Date & Time: Saturday, at 10:30 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

HP WebInspect by Rohit Tamma

Pentesting Iphone Applications By B Satish

''' Speakers '''

'''Rohit Tamma'''

Rohit Tamma (CEH) has been working as a Application security Analyst in TCS from past 2 years. His job responsibilities include Vulnerability Assessment and Penetration Testing which enabled him to acquire extensive knowledge on HP WebInspect,IBM Rational Appscan Source Edition and HP Assessment Management Platform. Recently he also gave a presentation in Null Hyderabad meet on HP WebInspect.

'''Satish B'''

Satish has been working as a web application penetration tester since 5 years. Pentested over 200 web applications during this period. Recently he got involved in reverse engineering of binaries, WLAN security and mobile application hacking. He also Performed a couple of network assessments and source code reviews. Developed a compiler in the early stage of the career. He has a Bachelor’s Degree in Computer Science from JNTU, Hyderabad.Passionate about hacking and sharing knowledge.

== 20th August 2011 ==

'''Date & Time: Saturady, at 11 AM '''

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

Oracle Padding Attack by B. Satish

Open SAM part II by Sripati MS

''' Speakers '''

'''B Satish'''

I have been working as a web application penetration tester since 5 years. Pentested over 200 web applications during this period. Recently got involved in reverse engineering of binaries, WLAN security and mobile application hacking. Performed a couple of network assessments and source code reviews. Developed a compiler in the early stage of the career. I have a Bachelor’s Degree in Computer Science from JNTU, Hyderabad. Passionate about hacking and sharing knowledge

'''Sreepati M S'''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him

== July 2011 ==

'''Date: 23/07/2011 saturady of at 12:00 Noon '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

Presentation on Burp Suite by Omair Seminar on Open SAM by Sreepati

''' Speakers '''

'''Sreepati M S '''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him

 

'''Omair '''

Omair works as penetration tester in NII consulting, has over 5 years of experience in Penetration testing. His interests include Network Penetration testing, Exploit generation and Reverse engineering

 ''' Facility Sponsor & Refreshment sponsor'''

3i Infotech

[[Image:3i Infotech.png]]

 

== june 2011 ==

'''Meet on:''' 11/06/2011 saturday

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Facility Sponsor & Refreshment sponsor''' 

Cognizant Technology Solutions

 

[[Image:Cognizant.png|273x86px|Cognizant.png]]

 

== May 2011 ==

'''Meet on:''' 07/05/2011 saturday

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

XSS Autopsy and w3af by Imran

''' Speakers '''

'''Mohammed Imran'''

Imran works as Application Security Researcher at Tata consultancy services,leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Apart from his day job he contributes to matriux and Fedora open source projects. Imran is a CEH and his interests include application security assessment, penetration testing and code review.

'''Sponsor''' 

Cognizant Technology Solutions

 

==== Audio/Video/Slides Archive ====

<paypal>Hyderabad</paypal>

__NOTOC__ <headertabs></headertabs>

[[Category:OWASP_Chapter]]
[[Category:Asia/Pacific/Middle East]]
[[Category:India]]
[[Category:Hyderabad]]

File:Session Photos2.jpg

2019-02-14T06:19:29Z

Raj Shalem:

Session Photos2

Hyderabad

2019-02-14T06:17:27Z

Raj Shalem:

Welcome to the OWASP Hyderabad chapter homepage.

== OWASP - Hyderabad Chapter Board Members ==
Scope of the board is to discuss and approve local activities, meetings and plans.The board meetings will be announced at a later date. 

'''The board currently includes the following members :'''

''Core Team Members - 2017'' [mailto:gshalemraj@gmail.com Shalem Raj - Cognizant Technology Solutions] : Chapter Leader [mailto:rajesh.gopal@owasp.org Rajesh Gopal - Fortune 500 Organisation] [mailto:bhaskar.puppala@owasp.org Bhaskar Puppala - Fortune 500 Organisation] [mailto:sathya.achanta@owasp.org Achanta Sathya Phani Bapi Raju - CSC] [mailto:saikrishna.gobburi@owasp.org Saikrishna Gobburi - Pramati Technologies Pvt Ltd] 

Information about future meets can be seen in the '''''Upcoming Meetings''''' section below.

== '''Location Details''' ==

Hyderabad is the capital of southern India's Telangana state. A major center for the technology industry, it's home to many upscale restaurants and shops. Its historic sites include Golconda Fort, a former diamond-trading center that was once the Qutb Shahi dynastic capital. The Charminar, a 16th-century mosque whose 4 arches support towering minarets, is an old city landmark near the long-standing Laad Bazaar.

[[File:Hydskyline.jpg|Panorama of Hyderabad, as seen from the Hussain Sagar lake. Source: https://en.wikipedia.org/wiki/Hyderabad#/media/File:Hydskyline.jpg|center|1150x1150px]]

More details about Hyderabad location available @https://en.wikipedia.org/wiki/Hyderabad<nowiki/>{{Chapter Template|chaptername=Hyderabad|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-hyderabad|emailarchives=http://lists.owasp.org/pipermail/owasp-hyderabad}}
== Participants ==

OWASP Local Chapter meetings are free and open. Our chapter's meetings are informal and encourage open discussion of all aspects of application security. Anyone in our area interested in web application security is welcome to attend. We encourage attendees to give short presentations about specific topics.

 Stay Updated

'''[https://lists.owasp.org/mailman/listinfo/owasp-hyderabad Click here to join the local chapter mailing list]'''

'''Follow''' OWASP Hyderabad on your favorite social media sites:

[[Image:Twitter mini.png|link=http://twitter.com/OWASPHyderabad]] [[Image:Facebook mini.png|link=https://www.facebook.com/pages/Owasp-Hyderabad/181569591897591]]

'''Share''' OWASP Hyderabad on your favorite social media sites:

Presentations are invited from speakers, Please contacts us at our Telegram Group @https://goo.gl/EHqdLM

(Don't share personal details like contact numbers here, because its an open group, your privacy is our concern)

Presenters are encouraged to use OWASP presentation template for slides preparation.

Follow us at our Telegram, Twitter and Facebook handles to get latest information !

== '''Upcoming Meetings & Events''' ==
''Stay tuned for 2018 updates - Exciting activities are under plan !''

== [[Meeting]] Details: ==

== Mar - 2019 - One-Day Conference ==
'''Organized''' '''by''' : S&P Global and Ness

'''Date :''' 09/Mar/2019

'''Timings :''' 10.00 AM to 05.30 PM IST

'''Venue :''' @Ness Software Engineering Services India ,LLP, 4th Floor, Block 5, East Tower, '''North wing Divyasree NSL Infrastructure Pvt''', ,Sy No.66/1, Raidurgam Village, Serlingampally Mandal, RR Dist, Hyderabad-500032, Telangana, India

'''Registration Link:''' Will be published soon
{| class="wikitable"
|'''Registration & Networking'''
|-
|Welcome and Overview by OWASP Core Team:

''Felicitation to Guest of Honor: '''G Janaki Sharmila, IPS''' - Dy. Commissioner of Police - Crime''

''Welcome note by S&P Global Team''
|-
|'''Authentication in API, Microservices Architecture''' '''and Cloud Security''' – By ''Varun Kumar Srivastava'':

Varun is principal Engineer with 9 + years of experience in developing and securing web applications and expertise in Application Security, Identity and Access management, He is a computer science graduate from IIT
|-
|'''Secure Software Development: Executive Briefing''' – By Satish Kumar Vadlakonda: Satish is Associate Director with 12 + years of broad industry experience in to software design, architecture and development. Specialized in Web and Windows applications development with a strong acquaintance to the best practices of Agile, UX, UI and Information security
|-
|Refreshments / Tea Break
|-
|'''''Panel Discussion''''' ''(Cybersecurity Readiness – Maturity and Capability)''

Dr. Bheemarjuna Reddy Tamma - Associate Professor, IIT Hyderabad

Dr. V. Radha, Associate Professor, Institute for Development and Research in Banking Technology (IDRBT)

Mr. Veeraindhra Dinker, Director Information Security at GSS Infotech Hyderabad
|-
|'''Networking Lunch -'''

'''Registrations for Onsite Hackathon by Secure Code Warrior'''
|-
|'''An Introduction to IOT firmware analysis and Security''' – By ''Vivek Rengarajan:''

Vivek is a cybersecurity team leader in a multinational bank with almost 18 years of experience. He has held varied roles in his career and has been a cyber security enthusiast for a long time. His areas of interest include mobile and ioT security, Malware analysis and reverse engineering and exploit development. He tweets at @vivek_310
|-
|Refreshments / Tea Break
|-
|'''''Onsite Hackathon (CTF) by''''' '''''Secure Code Warrior''': '''(3 Hours)'''''

''Secure Code Warrior is a global security company that makes software development better and more secure: Gamified competitive Developer Quality Assurance platform''

<nowiki>https://securecodewarrior.com</nowiki> , <nowiki>https://insights.securecodewarrior.com/</nowiki>

'''Announcement of the winners and Prize distribution'''
|-
|'''Vote of Thanks'''

Closing: Network Business / Announce Next Meeting – By OWASP Team
|-
|Meeting Concludes: ''Network Social''
|}

== Dec - 2018 ==
[[File:Session Photo.jpg|thumb]][[File:Group Photo.jpg|thumb]]
'''Organized''' '''by''' : ThoughtWorks Technologies Private Limited

'''Date :''' 15/Dec/2018

'''Timings :''' 10.00 AM to 1.00 PM IST

'''Venue :''' ThoughtWorks Technologies Private Limited, Hyderabad, Telangana, India

'''Registration Link:''' https://www.eventbrite.com/e/owasp-hyderabad-december-2018-chapter-meet-tickets-53371662078#

'''Agenda:'''

'''1) All about Java Deserialization Vulnerability'''

Java Deserialization of untrusted data has been a security buzzword for the past couple of years with almost every application using native Java serialization framework being vulnerable to Java deserialization attacks. Since it's inception, there have been many scattered attempts to come up with a solution to best address this flaw. In this talk we will focus on Java deserialization vulnerability and mitigation framework provided by Oracle in its latest JDK.

'''About Speakers:''' Venkata Suresh Sanga is a Principle Security Engineer in Oracle having more than 13+ years of experience in Application Development and Security. Currently working on SAST Tools to remediate or mitigate the Application Vulnerabilities. He has Masters in Computer Science (M.Tech) from Andhra University. Linkedin : <nowiki>https://in.linkedin.com/in/svsuresh-appse</nowiki>

'''Our Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Our Twitter URL:''' https://twitter.com/owasphyderabad

'''Our Telegram URL:''' https://goo.gl/EHqdLM

== Sept-2018 - One-Day Conference ==
'''Organized''' '''by''' : S&P Global and Ness

'''Date :''' 01/Sept/2018

'''Timings :''' 10.00 AM to 05.30 PM IST

'''Venue :''' @Ness Software Engineering Services India ,LLP, 4th Floor, Block 5, East Tower, '''North wing Divyasree NSL Infrastructure Pvt''', ,Sy No.66/1, Raidurgam Village, Serlingampally Mandal, RR Dist, Hyderabad-500032, Telangana, India

'''Registration Link:'''

https://www.meraevents.com/event/owasp-hyderabad-september-2018-chapter-meet?ucode=organizer

'''Agenda:'''
{| class="wikitable"
|'''Registration & Networking'''
|-
|Welcome and Overview by OWASP Core Team

Welcome note by S&P Global Team

Welcome & Overview of Meeting by OWASP Network Representative
|-
|'''Running Frida on jailed devices by using Frida and to bypass root/jailbreak detection – By Satish Kumar Patnayak'''

About Speaker : Information Security Consultant with 7+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. His areas of interest are android security, ios security
|-
|Refreshments / Tea Break
|-
|'''SSRF Exploit Development – By Aayush Deo'''

About Speaker : Good industry experience in information security and completed my BE from PUNE University. Have worked with shopclues.com, an eCommerce company in the past and have couple of Hall of Fame’s on ZETA, Paytm etc.
|-
|Networking Lunch
|-
|'''Mobile Vulnerabilities worth Millions - Pentesting and Securing iOS Apps using OWASP iGoat – By Swaroop Deepak Yermalkar'''

About Speaker : works as Sr Security Engineer with a diverse skill set focused on Mobile App Pentest, Web, API and AWS Pentesting. In addition he has authored the popular book “Learning iOS Pentesting” (<nowiki>https://goo.gl/T8jvjJ</nowiki>) and lead an open source project - OWASP iGoat (<nowiki>https://github.com/OWASP/iGoat-Swift</nowiki>) which is developed for mobile security. He is one of the top bug bounty researchers worldwide, working with Cobalt.io (<nowiki>https://app.cobalt.io/swaroopsy</nowiki>), Synack.inc.

He has given talks and workshops at many security conferences including AppSec USA 2017, BruCON, SEC-T, EuropeanSec, Hacks in Taiwan (HITCON), GroundZero, c0c0n, 0x90, GNUnify
|-
|'''OS Command Injection - Observation, Attack & Analysis (A1 - OWASP Top 10 2017) - By Bhaskar Puppala and Saikrishna Gobburi'''

About Speaker: Bhaskar Puppala is an Information Security Professional, working as a consultant for a fortune 500 company and has 8.5 years of experience. He is more interested in application security area and love to share his knowledge when possible. He also has some experience in bug bounty programs and listed on couple of Security Hall of Fames.

For more details please visit : <nowiki>https://in.linkedin.com/in/bhaskar-puppala-3bb11316</nowiki>

About Speaker: Saikrishna Gobburi has around 8.5 years of work experience on QA automation, performance and security testing .Currently he is working as Principal engineer with Pramati technologies. He is also associated as core member with OWASP-Hyderabad.

For more details please visit: <nowiki>https://www.linkedin.com/in/saikrishna-gobburi-b0088118/</nowiki>
|-
|Refreshments / Tea Break
|-
|Panel Discussion – Corporate attack methodology vs Attacks in the wild (Resource pool: Demand vs Supply)
Panel to be announced
|-
|Closing - Network Business / Announce Next Meeting – By OWASP Team
|-
|''Network Social''
|}
'''Sponsor :'''

[[File:SP.png|thumb|168x168px|Sponsor]]

== July - 2018[edit | edit source] ==
'''Time & Venue:'''
[[File:July 2018 Core Team meet.jpg|thumb|July 2018 Core Team Meet]]
@28/July/2018

CCD, Banjara Hills, Hyderabad, Telangana.

'''Agenda:'''

1. Planning for Sep 2018 OWASP meet - '''Done'''

2. Telegraph Group Mentoring - '''Done'''

3. Speakers Finalizing - '''Done'''

'''Attendees : Hyderabad OWASP Core Team'''

[[File:CoMakeIT - June 2018 Meet Pic 2.jpg|thumb|CoMakeIT - June 2018 Meet]]

== June - 2018 ==
[[File:CoMakeIT - June 2018 Meet.jpg|alt=CoMakeIT - June 2018 Meet|thumb|CoMakeIT - June 2018 Meet]]
'''Venue: coMakeIT Software Pvt Ltd'''

Address: 7th Floor, Block-I, My Home Hub, Hitech City, Madhapur, Hyderabad, INDIA

'''Event Start Time:''' Saturday, 23rd June, 2018 at 10:00 AM (IST)

'''Event Registration URL''': https://tinyurl.com/yc9cb6hg

'''Agenda:'''

'''1) Adapting to DevSecOps in Agile World'''

In this talk, speaker will try talk about basics of DevSecOps and its benefits when we integrate it in Agile SDLC space.

'''2) Understanding the internals of 'Server-Side Request Forgery' (SSRF)'''

Here speaker will try to touch the basics about how application communicates with end devices and using the same he will try to explain SSRF issue and criticality of it, if exploited.

'''About Speakers:'''

'''1) Saikrishna Gobburi''' has around 8.5 years of work experience on QA automation, performance and security testing .Currently he is working as Principle engineer with Pramati technologies. He is also associated as core member with OWASP-Hyderabad. For more details please visit: <nowiki>https://www.linkedin.com/in/saikrishna-gobburi-b0088118/</nowiki>

'''2) Bhaskar Puppala''' is an Information Security Professional, working as a consultant for a fortune 500 company and has 8.5 years of experience. He is more interested in application security area and love to share his knowledge when possible. He also has some experience in bug bounty programs and listed on couple of Security Hall of Fames. For more details please visit : <nowiki>https://in.linkedin.com/in/bhaskar-puppala-3bb11316</nowiki>

'''Our Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Our Twitter URL:''' https://twitter.com/owasphyderabad

'''Our Telegram URL:''' https://goo.gl/EHqdLM

== Mar - 2018 ==
[[File:Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet.jpg|alt=Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet|thumb|Bhushan Gupta - Speaker Mar 2018 OWASP HYD Meet]]
'''Venue: Daspalla Hotel'''
[[File:Daspalla_Hotel_-_Meet.jpg|thumb|Daspalla Hotel Meet - Mar 2018]]

Address: Rd Number 37, CBI Colony, Jubilee Hills, Hyderabad, Telangana 500033, Phone: 040 6654 5678

'''Event Start Time:''' Saturday, 10th Mar, 2018 at 10:00 AM (IST)

'''Agenda:'''

'''1) Does your Pentesting cover all the basis of IT Security ?'''

This talk focuses on how to align the security validation of a web application with the three basic elements of security namely,Confidentiality,Integrity, and Availability (CIA). The test effectiveness can be achieved by analyzing the requirements of each element and identifying the potential breaches that can compromise each element. The efficiency should be built by relating these breaches with the known OWASP Top 10 and other vulnerabilities and, leveraging that knowledge to identify the testing approach - static and dynamic throughout the SDLC.

'''About Speakers:'''

'''Bhushan Gupta''' has over 30 years of experience in software engineering, 23 of which have been in the software industry. Although recognized for his contributions in the areas of software engineering such as agile processes and quality methods and metrics, Bhushan has taken a vigorous interest in web application security and is keen on applying pragmatic software development practices that yield a secure product. He is one of the leaders of the OWASP Portland Chapter. Bhushan has been a speaker, a panelist, and a reviewer for software quality and security organizations. As a change agent, Bhushan volunteers his time and energy for organizations that promote software security and quality. He has a MS degree in Computer Science from New Mexico Institute of Mining and Technology, Socorro, New Mexico, 1985.

'''Facebook URL:''' [https://www.google.com/url?q=https://www.facebook.com/OWASPHyderabad/&sa=D&source=hangouts&ust=1529162453114000&usg=AFQjCNHOOpm_KlI3QBvCpJdS-mkdHGBmvQ https://www.facebook.com/OWASPHyderabad/]

'''Twitter URL:''' https://twitter.com/owasphyderabad

'''Telegram URL:''' https://goo.gl/EHqdLM

'''Registration URL:''' https://goo.gl/tEXnec

== Feb-2018 ==

=== '''Venue: coMakeIT''' ===
7th Floor, Block-I, My Home Hub, Hitech City, Madhapur, Hyderabad, INDIA

'''Time:''' Saturday, 03rd Feb, 2018 at 10:30 AM (IST)

'''Agenda:'''

1) Mobile Application Pentest & Mobile Application Ransomware

2) Using Static Analyser tools while coding

'''About Speakers:'''

1) '''Spv Reddy''' is an Application Security Analyst at '''IMImobile Pvt Ltd''', member of '''National Technical Committee Member''' at National Cyber Safety and Security Standards

Also a '''Steering Committee Lead''' Member in National Information Security Summit.

2) '''Dathu Rachapudi''' is having 9 years of experience with 6+ years into Application Security only. He is currently working with '''ValueLabs''' as a “Technical Lead-Security”

He likes to teach and a happy a bug hunter during his leisure time.

== Dec-2017 ==
[[File:WhatsApp Image 2017-12-15 at 11.09.39 PM.jpg|thumb]]
'''Time & Venue:'''

@15/Dec/2017

KFC location, Shilparamam, Hi-Tech city, Hyderabad

'''Agenda:'''

1. Planning for Jan 20th 2018 general OWASP meet - '''Done'''

2. Need to clear OWASP mail account - '''Done'''

'''Attendees : Hyderabad OWASP Core Team'''

== Sec-2017 ==
[[File:WhatsApp Image 2017-12-15 at 10.13.27 PM.jpg|thumb]]
'''Time & Venue:'''

@03/Sep/2017

Cafe Coffee day, Road Number 10, Banjara Hills, Hyderabad

'''Below decisions were made after careful discussions'''

1. Uploading of OWASP presentation template, speakers should make use of this template to prepare their presentation

2. Recording the technical demo is mandate for presenters

'''Attendees : Hyderabad OWASP Core Team'''

== July 2017 ==
'''Time & Venue:'''

OpenText Technologies, Building No-14, 3rd Floor, Raheja Mindspace, HITEH City, Hyderabad

Saturday, July 15th, 2017 at 10:30 AM (IST)

'''Agenda:'''

1. Introduction to DevOps and its Tools - Krishna Reddy Pedala

2. API Security Auditing using RESTED Plug-in - Vikas Kumar Pal

'''About the speaker:'''

'''Krishna Reddy Pedala''' is currently working as an Sr.Information Security consultant in financial sector. His previous endeavour was with Microsoft and has 9+ years of experience in Information security domain with expertise in service industry and banking domains.

'''Vikas Kumar Pal''' is an information security professional working with Ceredox Technologies Pvt Ltd, Hyderabad with an interest in research and development in the areas of Application Security, Penetration Testing and Web Application Development.

== Feb 2017 ==

'''Time & Venue:'''

Starbucks, Opp: Cybergateway, HiTech City, Hyderbad

Monday, February 20th, 2017 at 7.30 PM (IST)

'''Agenda:'''

Topic: New Core Team Meeting

Road map for year 2017

Changes in core team members responsibilities

Getting OWASP accounts for core members

Administration of all social accounts of OWASP Hyderabad Chapter

== April 2016 ==
'''Time & Venue:'''

OpenText Technologies, Building No-14, 3rd Floor, Raheja Mindspace, HITEH City, Hyderabad

Saturday, April 2nd, 2016 at 10:30 AM (IST)

'''Agenda:'''

Topic: Mobile application security and testing by Satish Kumar Patnaik

About the speaker - Satish Kumar Patnayak : he is currently working as an Senior Information Security Consultant financial sector and has 5+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. His areas of interest are android security, ios security.

==February 2016==

'''Time & Venue:'''

Saturday, February 27th, 2016 at 10:30 AM (IST)

Location: Pramati Technologies Private Limited, Mid Town 6-3-348 Road No. 1, Banjara Hills, Hyderabad, Telangana, India

'''Agenda:'''

Microsoft Threat Modeling Tool 2016 by Krishna Reddy Padala

Creating DFD STRIDE Model Identifying STRIDE Threats by DFD, Mitigation Techniques and Technologies

'''About the speaker:''' Krishna Reddy Padala, he is currently working as an Senior Information Security Consultant financial sectore and worked with Microsoft and has 8+ years of experience in Information Security domain with different domain expertise in service industry and banking domains. QUALYS GUARD Certified Vulnerability Management Specialist.Certified Ethical Hacker from EC Council.Worked extensively on Web Application Security, Secure Code Reviews in Banking & Financial, Healthcare, Retail, Logistics domains.

== '''Previous Meets:''' ==

==May 11, 2013==

'''Venue:'''

CA Technologies, 115, IT Park Area, Nanakramguda, Gachibowli - (Phone - 040 6687 8000), Hyderabad

'''Agenda:''' Exploiting Java 0-day by Ravindra and Raghuveer, CA Technologies Compliance and Governance by Shalem Raj, Cognizant.

==February 9, 2013==

'''Date & Time: Saturday, February 9, 2013 from 10:00 AM to 1:00 PM '''

'''Venue:'''
CA Technologies 
115, IT Park Area 
Nanakramguda, Gachibowli - (Phone - 040 6687 8000) 
Hyderabad

'''Agenda:'''
IBM Appscan - An automated approach to web app security by Rohit Tamma 
Insecure Storage in iPhone applications by Satish Bommisetty

''' Speakers: '''

'''Rohit Tamma'''
Rohit Tamma has been working in the field of Application Security since 3.5 years. He has experience in Vulnerability Assessments and Penetration Testing of web applications. He is passionate about Mobile security with special interest in Android security. He is currently working with ADP.

'''Satish Bommisetty'''
Satish is an Information Security Professional with 6.5 years of experience in penetration testing of web applications and mobile applications. He is currently working with ADP as a security analyst. He is a Facebook whitehat. He also reported vulnerabilities in Bing, Linkedin and Paypal.

== October 27, 2012 ==

'''Date & Time: Saturday, October 27, 2012 at 11:00 AM (IST) '''.

'''Venue:'''

Invesco private Limited 
15th Floor , North Block, Beside Raidurg Police Station 
DivyaSree Orion SEZ 
Hyderabad, Andhra Pradesh 500032 

'''Agenda:'''

A bird'd eye view of securing Web Applications by Imran Mohammed

SSDLC BSIMM by M S Sripathi

''' Speakers '''

'''Imran Mohammed'''

Mohammed Imran works as Researcher at TCS, Innovation Labs. He also leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Imran is a CEH and his interests include application security assessment, penetration testing and secure code review. When not at work he practices horse riding and marksmanship.

'''Sreepati M S '''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him .

'''Sponsor'''

Invesco Pvt Ltd

== August 11, 2012 ==

'''Date & Time: Saturday, Aug 11, 2012 at 10:30 AM '''.

'''Venue:'''

ADP pvt ltd 
Kothaguda 
Ground floor, Block C Laxmi cyber city Opposite TCS e-park 
Hyderabad, Andhra Pradesh 500081 

'''Agenda:'''

HTML5 Security Part II by Krishna Chaitanya

''' Speakers '''

'''Krishna Chaitanya T'''

Krishna Chaitanya T is a web geek working at Security & Privacy Research Lab, Infosys Labs. He is very much passionate about the web with special interest on Web security and areas such as HTML5, JavaScript, Web browsers, social networking platforms etc. He is a regular blogger and speaker at technical events. For his contributions to technical communities, he has been awarded Microsoft MVP award for 3 consecutive years-ASP.NET MVP(2010) and Internet Explorer MVP (2011, 2012). He is also pursuing M.S by Research at IIIT-Hyd with focus on security aspects of the modern web. When not at work he practices Yoga and plays Chess.

'''Sponsor'''

https://www.owasp.org/images/9/91/Adp.jpg

== May 19, 2012 ==

'''Date & Time: Saturday, May 19, 2012 at 10:30 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

HTML5 Security by Krishna Chaitanya

''' Speakers '''

'''Krishna Chaitanya T'''

Krishna Chaitanya T is a web geek working at Security & Privacy Research Lab, Infosys Labs. He is very much passionate about the web with special interest on Web security and areas such as HTML5, JavaScript, Web browsers, social networking platforms etc. He is a regular blogger and speaker at technical events. For his contributions to technical communities, he has been awarded Microsoft MVP award for 3 consecutive years-ASP.NET MVP(2010) and Internet Explorer MVP (2011, 2012). He is also pursuing M.S by Research at IIIT-Hyd with focus on security aspects of the modern web. When not at work he practices Yoga and plays Chess.

== February 25, 2012 ==

'''Date & Time: Saturday, February 25, 2012 at 11:00 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

How to find zero days in web applications by Imran & Raghunath

''' Speakers '''

'''Mohammed Imran'''

Imran works as Application Security Researcher at Tata consultancy services,leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Apart from his day job he contributes to matriux and Fedora open source projects. Imran is a CEH and his interests include application security assessment, penetration testing and code review.

'''Raghunath'''

Raghunath works as a senior security engineer at entersoft information systems private limited. His interests include web application penetration testing.

== December 17, 2011 ==

'''Date & Time: Saturday, at 10:30 AM '''.

'''Venue: '''

Hotel Sitara Grand 
Road No.12, Road No.12, Banjara Hills 
Hyderabad, Andhra Pradesh 500034, India 

'''Agenda:'''

Cloud Security by Arshad Noor

''' Speakers '''

'''Arshad Noor'''
Chief Technology Officer
StrongAuth, Inc., Sunnyvale, California

Started his great profession as a senior systems designer way back in 1986 at Port Authority of Newyork and New Jersey,- Newyork and worked in Citibank - newyork as Vice President apart from Newyork Life Insurance, BASF Corporation, Sun IT ,Sun Microsystems, INC to name.
Architected and built several Public Key Infrastructure (PKI) assignments for several defense, communication, medical, Banking, e-commerce, life sciences and other industries.

== November 12, 2011==

'''Date & Time: Saturday, at 10:30 AM '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

HP WebInspect by Rohit Tamma

Pentesting Iphone Applications By B Satish

''' Speakers '''

'''Rohit Tamma'''

Rohit Tamma (CEH) has been working as a Application security Analyst in TCS from past 2 years. His job responsibilities include Vulnerability Assessment and Penetration Testing which enabled him to acquire extensive knowledge on HP WebInspect,IBM Rational Appscan Source Edition and HP Assessment Management Platform. Recently he also gave a presentation in Null Hyderabad meet on HP WebInspect.

'''Satish B'''

Satish has been working as a web application penetration tester since 5 years. Pentested over 200 web applications during this period. Recently he got involved in reverse engineering of binaries, WLAN security and mobile application hacking. He also Performed a couple of network assessments and source code reviews. Developed a compiler in the early stage of the career. He has a Bachelor’s Degree in Computer Science from JNTU, Hyderabad.Passionate about hacking and sharing knowledge.

== 20th August 2011 ==

'''Date & Time: Saturady, at 11 AM '''

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

Oracle Padding Attack by B. Satish

Open SAM part II by Sripati MS

''' Speakers '''

'''B Satish'''

I have been working as a web application penetration tester since 5 years. Pentested over 200 web applications during this period. Recently got involved in reverse engineering of binaries, WLAN security and mobile application hacking. Performed a couple of network assessments and source code reviews. Developed a compiler in the early stage of the career. I have a Bachelor’s Degree in Computer Science from JNTU, Hyderabad. Passionate about hacking and sharing knowledge

'''Sreepati M S'''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him

== July 2011 ==

'''Date: 23/07/2011 saturady of at 12:00 Noon '''.

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

Presentation on Burp Suite by Omair Seminar on Open SAM by Sreepati

''' Speakers '''

'''Sreepati M S '''

Sripati (http://www.sripati.info/) has little study, moderate & varied experience (dev-2 yrs., security-4+ yrs.), and lots of aspirations (as far as security goes, at least). He started his career in web-application development, then took a detour towards quality compliance for some time (~6 months) and later moved to security compliance. Still learning the ropes, he believes there is so much to learn and so little time! Interested in web-app security (as if ISMS implementation is not enough), so that says something about his guts! He thinks OWASP is a very good platform for web-app people, and that since he joined OWASP, he has learnt a lot from people around him

 

'''Omair '''

Omair works as penetration tester in NII consulting, has over 5 years of experience in Penetration testing. His interests include Network Penetration testing, Exploit generation and Reverse engineering

 ''' Facility Sponsor & Refreshment sponsor'''

3i Infotech

[[Image:3i Infotech.png]]

 

== june 2011 ==

'''Meet on:''' 11/06/2011 saturday

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Facility Sponsor & Refreshment sponsor''' 

Cognizant Technology Solutions

 

[[Image:Cognizant.png|273x86px|Cognizant.png]]

 

== May 2011 ==

'''Meet on:''' 07/05/2011 saturday

'''Venue:'''

Cognizant Technology Solutions, 3rd floor, Phase 2, DLF Building, APHB Colony,Gachibowli,Hyderabad

'''Agenda:'''

XSS Autopsy and w3af by Imran

''' Speakers '''

'''Mohammed Imran'''

Imran works as Application Security Researcher at Tata consultancy services,leads the Null Hyderabad chapter and is the Board member of OWASP Hyderabad Chapter. Apart from his day job he contributes to matriux and Fedora open source projects. Imran is a CEH and his interests include application security assessment, penetration testing and code review.

'''Sponsor''' 

Cognizant Technology Solutions

 

==== Audio/Video/Slides Archive ====

<paypal>Hyderabad</paypal>

__NOTOC__ <headertabs></headertabs>

[[Category:OWASP_Chapter]]
[[Category:Asia/Pacific/Middle East]]
[[Category:India]]
[[Category:Hyderabad]]

File:Session Photos1.jpg

2019-02-14T06:13:15Z

Raj Shalem:

Session Photos1