OWASP - User contributions [en]

Cryptographic Storage Cheat Sheet

2016-10-11T05:19:45Z

Rajivvishwa: Updated NIST publication link

__NOTOC__
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:Cheatsheets-header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |
Last revision (mm/dd/yy): '''{{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}'''
= Introduction =
__TOC__{{TOC hidden}}

This article provides a simple model to follow when implementing solutions to protect data at rest. 

== Architectural Decision ==

An architectural decision must be made to determine the appropriate method to protect data at rest. There are such wide varieties of products, methods and mechanisms for cryptographic storage. This cheat sheet will only focus on low-level guidelines for developers and architects who are implementing cryptographic solutions. We will not address specific vendor solutions, nor will we address the design of cryptographic algorithms.

= Providing Cryptographic Functionality =

== Secure Cryptographic Storage Design ==

* All protocols and algorithms for authentication and secure communication should be well vetted by the cryptographic community.

* Ensure certificates are properly validated against the hostnames/users ie whom they are meant for.

* Avoid using wildcard certificates unless there is a business need for it

* Maintain a cryptographic standard to ensure that the developer community knows about the approved ciphersuits for network security protocols, algorithms, permitted use, cryptoperiods and Key Management

=== Rule - Only store sensitive data that you need ===

Many eCommerce businesses utilize third party payment providers to store credit card information for recurring billing. This offloads the burden of keeping credit card numbers safe.

=== Rule - Use strong approved Authenticated Encryption ===
E.g. [http://en.wikipedia.org/wiki/CCM_mode CCM] or [http://en.wikipedia.org/wiki/GCM_mode GCM] are approved [http://en.wikipedia.org/wiki/Authenticated_encryption Authenticated Encryption] modes based on [http://en.wikipedia.org/wiki/Advanced_Encryption_Standard AES] algorithm.

==== Rule - Use strong approved cryptographic algorithms ====
Do not implement an existing cryptographic algorithm on your own, no matter how easy it appears. Instead, use widely accepted algorithms and widely accepted implementations.

Only use approved public algorithms such as AES, RSA public key cryptography, and SHA-256 or better for hashing. Do not use weak algorithms, such as MD5 or SHA1. Avoid hashing for password storage, instead use PBKDF2, bcrypt or scrypt. Note that the classification of a "strong" cryptographic algorithm can change over time. See [http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r4.pdf NIST approved algorithms] or ISO TR 14742 “Recommendations on Cryptographic Algorithms and their use” or [http://www.enisa.europa.eu/activities/identity-and-trust/library/deliverables/algorithms-key-size-and-parameters-report-2014/at_download/fullReport Algorithms, key size and parameters report – 2014] from European Union Agency for Network and Information Security.
E.g. [http://en.wikipedia.org/wiki/Advanced_Encryption_Standard AES] 128, [http://en.wikipedia.org/wiki/RSA_(cryptosystem) RSA] 3072, [http://en.wikipedia.org/wiki/Secure_Hash_Algorithm SHA] 256.

Ensure that the implementation has (at minimum) had some cryptography experts involved in its creation. If possible, use an implementation that is FIPS 140-2 certified.

See [http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r4.pdf NIST approved algorithms] Table 2 “Comparable strengths” for the strength (“security bits”) of different algorithms and key lengths, and how they compare to each other.

* In general, where different algorithms are used, they should have comparable strengths e.g. if an AES-128 key is to be encrypted, an AES-128 key or greater, or RSA-3072 or greater could be used to encrypt it.
* In general, hash lengths are twice as long as the security bits offered by the symmetric/asymmetric algorithm  e.g. SHA-224 for 3TDEA (112 security bits) (due to the [http://en.wikipedia.org/wiki/Birthday_attack Birthday Attack])

If a password is being used to protect keys then the [http://en.wikipedia.org/wiki/Password_strength password strength]should be sufficient for the strength of the keys it is protecting.

==== Rule - Use approved cryptographic modes ====
In general, you should not use AES, DES or other symmetric cipher primitives directly. [http://csrc.nist.gov/groups/ST/toolkit/BCM/current_modes.html NIST approved modes] should be used instead.

NOTE: Do not use [http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Electronic_codebook_.28ECB.29 ECB mode] for encrypting lots of data (the other modes are better because they chain the blocks of data together to improve the data security).

==== Rule - Use strong random numbers ====
Ensure that all random numbers, especially those used for cryptographic parameters (keys, IV’s, MAC tags), random file names, random GUIDs, and random strings are generated in a cryptographically strong fashion.

Ensure that random algorithms are seeded with sufficient entropy.

Tools like [http://csrc.nist.gov/groups/ST/toolkit/rng/documentation_software.html NIST RNG Test tool] (as used in PCI PTS Derived Test Requirements) can be used to comprehensively assess the quality of a Random Number Generator by reading e.g. 128MB of data from the RNG source and then assessing its randomness properties with the tool.

==== Rule - Use Authenticated Encryption of data ====
Use ([http://en.wikipedia.org/wiki/Authenticated_encryption AE]) modes under a uniform API. Recommended modes include [http://en.wikipedia.org/wiki/CCM_mode CCM], and [http://en.wikipedia.org/wiki/Galois/Counter_Mode GCM] as these, and only these as of November 2014, are specified in [http://csrc.nist.gov/groups/ST/toolkit/BCM/current_modes.html NIST approved modes], ISO IEC 19772 (2009) "Information technology — Security techniques — Authenticated encryption", and [http://en.wikipedia.org/wiki/IEEE_P1619 IEEE P1619 Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices]

* [http://en.wikipedia.org/wiki/Authenticated_encryption Authenticated Encryption] gives [http://en.wikipedia.org/wiki/Confidentiality confidentiality], [http://en.wikipedia.org/wiki/Data_integrity integrity], and [http://en.wikipedia.org/wiki/Authentication authenticity] (CIA); encryption alone just gives confidentiality. Encryption must always be combined with message integrity and authenticity protection. Otherwise the ciphertext may be vulnerable to manipulation causing changes to the underlying plaintext data, especially if it's being passed over untrusted channels (e.g. in an URL or cookie).
* These modes require only one key. In general, the tag sizes and the IV sizes should be set to maximum values.

If these recommended [http://en.wikipedia.org/wiki/Authenticated_encryption AE] modes are not available

* combine encryption in [http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Cipher-block_chaining_.28CBC.29 cipher-block chaining (CBC) mode] with post-encryption message authentication code, such as [http://en.wikipedia.org/wiki/HMAC HMAC] or [http://en.wikipedia.org/wiki/CMAC CMAC] i.e. Encrypt-then-MAC.
** Note that Integrity and Authenticity are preferable to Integrity alone i.e. a MAC such as HMAC-SHA256 or HMAC-SHA512 is a better choice than SHA-256 or SHA-512.
* Use 2 independent keys for these 2 independent operations.
* Do not use [http://en.wikipedia.org/wiki/CBC-MAC#Security_with_fixed_and_variable-length_messages CBC MAC for variable length data]
* The [http://csrc.nist.gov/groups/STM/cavp/index.html CAVP program] is a good default place to go for validation of cryptographic algorithms when one does not have AES or one of the authenticated encryption modes that provide confidentiality and authenticity (i.e., data origin authentication) such as CCM, EAX, CMAC, etc. For Java, if you are using SunJCE that will be the case. The cipher modes supported in JDK 1.5 and later are CBC, CFB, CFBx, CTR, CTS, ECB, OFB, OFBx, PCBC. None of these cipher modes are authenticated encryption modes. (That's why it is added explicitly.) If you are using an alternate JCE provider such as Bouncy Castle, RSA JSafe, IAIK, etc., then these authenticated encryption modes should be used.

Note: [http://en.wikipedia.org/wiki/Disk_encryption_theory Disk encryption] is a special case of [http://en.wikipedia.org/wiki/Data_at_Rest data at rest] e.g. Encrypted File System on a Hard Disk Drive. [http://csrc.nist.gov/publications/nistpubs/800-38E/nist-sp-800-38E.pdf XTS-AES mode] is optimized for Disk encryption and is one of the [http://csrc.nist.gov/groups/ST/toolkit/BCM/current_modes.html NIST approved modes]<nowiki>; it provides confidentiality and some protection against data manipulation (but not as strong as the </nowiki>[http://en.wikipedia.org/wiki/Authenticated_encryption AE] [http://csrc.nist.gov/groups/ST/toolkit/BCM/current_modes.html NIST approved modes]). It is also specified in [http://en.wikipedia.org/wiki/IEEE_P1619 IEEE P1619 Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices]

=== Rule - Store a one-way and salted value of passwords ===

Use PBKDF2, bcrypt or scrypt for password storage. For more information on password storage, please see the [[Password Storage Cheat Sheet]].

=== Rule - Ensure that the cryptographic protection remains secure even if access controls fail ===

This rule supports the principle of defense in depth. Access controls (usernames, passwords, privileges, etc.) are one layer of protection. Storage encryption should add an additional layer of protection that will continue protecting the data even if an attacker subverts the database access control layer.

=== Rule - Ensure that any secret key is protected from unauthorized access ===

==== Rule - Define a key lifecycle ====

The key lifecycle details the various states that a key will move through during its life. The lifecycle will specify when a key should no longer be used for encryption, when a key should no longer be used for decryption (these are not necessarily coincident), whether data must be rekeyed when a new key is introduced, and when a key should be removed from use all together.

==== Rule - Store unencrypted keys away from the encrypted data ====

If the keys are stored with the data then any compromise of the data will easily compromise the keys as well. Unencrypted keys should never reside on the same machine or cluster as the data.

==== Rule - Use independent keys when multiple keys are required ====

Ensure that key material is independent. That is, do not choose a second key which is easily related to the first (or any preceeding) keys.

==== Rule - Protect keys in a key vault ====

Keys should remain in a protected key vault at all times. In particular, ensure that there is a gap between the threat vectors that have direct access to the data and the threat vectors that have direct access to the keys. This implies that keys should not be stored on the application or web server (assuming that application attackers are part of the relevant threat model).

==== Rule - Document concrete procedures for managing keys through the lifecycle ====

These procedures must be written down and the key custodians must be adequately trained.

==== Rule - Build support for changing algorithms and keys when needed ====

If keys are compromised or an external authority expires them, key changes will be needed. Application polices or emergency needs will force application administrators to rotate keys and potentially rekey data at some point. It's best to be prepared to rapidly handle this need when necessary. Including a key version and encryption algorithm version with the encrypted data is a useful, proactive feature. For instance, including a simple prefix string, such as "<code>{1,1}...</code>", prior to the encrypted data could indicate algorithm version 1, key version 1. This allows for an "online" change to the encryption algorithm and key without re-encrypting all existing data all at once.

==== Rule - Document concrete procedures to handle a key compromise ====

Ensure operations staff have the information they need, readily available, when rotation of encryption keys must be performed. Rotating keys should not require changes to source code or other risky deployment measures, since doing this in the middle of an incident will already place a great deal of stress on these staff.

==== Rule - Limit quantity of data encrypted with one key ====

If the amount of data encrypted grows beyond a '''certain threshold''', a new key should be used. This '''certain threshold''' varies depending on the encryption algorithm used, but is typically 235 bytes (~34 gigabytes) for 64 bit block ciphers (DES, 3DES, Blowfish, RC5, ...) and 268 bytes (~ 295,147,905 terabytes) for 128 bit block ciphers (AES, TwoFish, Serpent). If encrypting with a modern cipher, this threshold is unlikely to be reached, but it should be considered when evaluating algorithms and rotation procedures.

=== Rule - Follow applicable regulations on use of cryptography ===

==== Rule - Under PCI DSS requirement 3, you must protect cardholder data ====

The Payment Card Industry (PCI) Data Security Standard (DSS) was developed to encourage and enhance cardholder data security and facilitate the broad adoption of consistent data security measures globally. The standard was introduced in 2005 and replaced individual compliance standards from Visa, Mastercard, Amex, JCB and Diners. The current version of the standard is 3.1 and was published in April, 2015.

PCI DSS requirement 3 covers secure storage of credit card data. This requirement covers several aspects of secure storage including the data you must never store but we are covering Cryptographic Storage which is covered in requirements 3.4, 3.5 and 3.6 as you can see below:

'''3.4 Render PAN (Primary Account Number), at minimum, unreadable anywhere it is stored'''

Compliance with requirement 3.4 can be met by implementing any of the four types of secure storage described in the standard which includes encrypting and hashing data. These two approaches will often be the most popular choices from the list of options. The standard doesn't refer to any specific algorithms but it mandates the use of '''Strong Cryptography'''. The glossary document from the PCI council defines '''Strong Cryptography''' as:

''Cryptography based on industry-tested and accepted algorithms, along with strong key lengths and proper key-management practices. Cryptography is a method to protect data and includes both encryption (which is reversible) and hashing (which is not reversible, or “one way”). SHA-1 is an example of an industry-tested and accepted hashing algorithm. Examples of industry-tested and accepted standards and algorithms for encryption include AES (128 bits and higher), TDES (minimum double-length keys), RSA (1024 bits and higher), ECC (160 bits and higher), and ElGamal (1024 bits and higher).''

If you have implemented the second rule in this cheat sheet you will have implemented a strong cryptographic algorithm which is compliant with or stronger than the requirements of PCI DSS requirement 3.4. You need to ensure that you identify all locations that card data could be stored including logs and apply the appropriate level of protection. This could range from encrypting the data to replacing the card number in logs.

This requirement can also be met by implementing disk encryption rather than file or column level encryption. The requirements for '''Strong Cryptography''' are the same for disk encryption and backup media. The card data should never be stored in the clear and by following the guidance in this cheat sheet you will be able to securely store your data in a manner which is compliant with PCI DSS requirement 3.4

'''3.5 Protect any keys used to secure cardholder data against disclosure and misuse'''

As the requirement name above indicates, we are required to securely store the encryption keys themselves. This will mean implementing strong access control, auditing and logging for your keys. The keys must be stored in a location which is both secure and "away" from the encrypted data. This means key data shouldn't be stored on web servers, database servers etc

Access to the keys must be restricted to the smallest amount of users possible. This group of users will ideally be users who are highly trusted and trained to perform Key Custodian duties. There will obviously be a requirement for system/service accounts to access the key data to perform encryption/decryption of data.

The keys themselves shouldn't be stored in the clear but encrypted with a KEK (Key Encrypting Key). The KEK must not be stored in the same location as the encryption keys it is encrypting.

'''3.6 Fully document and implement all key-management processes and procedures for cryptographic keys used for encryption of cardholder data'''

Requirement 3.6 mandates that key management processes within a PCI compliant company cover 8 specific key lifecycle steps:

'''3.6.1 Generation of strong cryptographic keys'''

As we have previously described in this cheat sheet we need to use algorithms which offer high levels of data security. We must also generate strong keys so that the security of the data isn't undermined by weak cryptographic keys. A strong key is generated by using a key length which is sufficient for your data security requirements and compliant with the PCI DSS. The key size alone isn't a measure of the strength of a key. The data used to generate the key must be sufficiently random ("sufficient" often being determined by your data security requirements) and the entropy of the key data itself must be high. 

'''3.6.2 Secure cryptographic key distribution'''

The method used to distribute keys must be secure to prevent the theft of keys in transit. The use of a protocol such as Diffie Hellman can help secure the distribution of keys, the use of secure transport such as TLS and SSHv2 can also secure the keys in transit. Older protocols like SSLv3 should not be used. 

'''3.6.3 Secure cryptographic key storage'''

The secure storage of encryption keys including KEK's has been touched on in our description of requirement 3.5 (see above).

'''3.6.4 Periodic cryptographic key changes'''

The PCI DSS standard mandates that keys used for encryption must be rotated at least annually. The key rotation process must remove an old key from the encryption/decryption process and replace it with a new key. All new data entering the system must encrypted with the new key. While it is recommended that existing data be rekeyed with the new key, as per the Rekey data at least every one to three years rule above, it is not clear that the PCI DSS requires this.

'''3.6.5 Retirement or replacement of keys as deemed necessary when the integrity of the key has been weakened or keys are suspected of being compromised'''

The key management processes must cater for archived, retired or compromised keys. The process of securely storing and replacing these keys will more than likely be covered by your processes for requirements 3.6.2, 3.6.3 and 3.6.4

'''3.6.6 Split knowledge and establishment of dual control of cryptographic keys'''

The requirement for split knowledge and/or dual control for key management prevents an individual user performing key management tasks such as key rotation or deletion. The system should require two individual users to perform an action (i.e. entering a value from their own OTP) which creates to separate values which are concatenated to create the final key data.

'''3.6.7 Prevention of unauthorized substitution of cryptographic keys'''

The system put in place to comply with requirement 3.6.6 can go a long way to preventing unauthorised substitution of key data. In addition to the dual control process you should implement strong access control, auditing and logging for key data so that unauthorised access attempts are prevented and logged.

'''3.6.8 Requirement for cryptographic key custodians to sign a form stating that they understand and accept their key-custodian responsibilities '''

To perform the strong key management functions we have seen in requirement 3.6 we must have highly trusted and trained key custodians who understand how to perform key management duties. The key custodians must also sign a form stating they understand the responsibilities that come with this role.

= Related Articles =

OWASP - [[Testing for SSL-TLS (OWASP-CM-001)|Testing for SSL-TLS]], and OWASP [[Guide to Cryptography]]

OWASP – [http://www.owasp.org/index.php/ASVS Application Security Verification Standard (ASVS) – Communication Security Verification Requirements (V10)]

= Authors and Primary Editors =

Kevin Kenan - kevin[at]k2dd.com 
David Rook - david.a.rook[at]gmail.com 
Kevin Wall - kevin.w.wall[at]gmail.com 
Jim Manico - jim[at]owasp.org 
Fred Donovan - fred.donovan(at)owasp.org

== Other Cheatsheets ==

{{Cheatsheet_Navigation_Body}}

|}

[[Category:Cheatsheets]]

Password Storage Cheat Sheet

2016-08-29T01:22:35Z

Rajivvishwa: changed recommended salt size from '32bit' to '32 byte'

Top 10 2013-Top 10

2013-04-18T16:53:16Z

Rajivvishwa: URL for A5 was mapped to A6, fixed it.

{{Top_10_2013:TopTemplate
|usenext=2013NextLink
|next={{Top_10_2010:ByTheNumbers
|1
|year=2013}}
|useprev=2013PrevLink
|prev=Risk
}}

{| cellspacing="1" cellpadding="1" border="0" width="100%;"
|{{Top 10:RoundedBoxLinkBegin|year=2013|risk=1}} A1-Injection
{{Top 10:RoundedBoxLinkEnd|year=2013}}
|{{Top 10:GrayBoxBegin|year=2013}}
Injection flaws, such as SQL, OS, and LDAP injection occur when untrusted data is sent to an interpreter as part of a command or query. The attacker’s hostile data can trick the interpreter into executing unintended commands or accessing unauthorized data.
{{Top 10:GrayBoxEnd|year=2013}}
|-
|{{Top 10:RoundedBoxLinkBegin|year=2013|risk=2}}A2–Broken Authentication and Session Management
{{Top 10:RoundedBoxLinkEnd|year=2013}}
|{{Top 10:GrayBoxBegin|year=2013}}
Application functions related to authentication and session management are often not implemented correctly, allowing attackers to compromise passwords, keys, session tokens, or exploit other implementation flaws to assume other users’ identities.
{{Top 10:GrayBoxEnd|year=2013}}
|-
|{{Top 10:RoundedBoxLinkBegin|year=2013|risk=3}} A3–Cross-Site Scripting (XSS)
{{Top 10:RoundedBoxLinkEnd|year=2013}}
|{{Top 10:GrayBoxBegin|year=2013}}
XSS flaws occur whenever an application takes untrusted data and sends it to a web browser without proper validation or escaping. XSS allows attackers to execute scripts in the victim’s browser which can hijack user sessions, deface web sites, or redirect the user to malicious sites.
{{Top 10:GrayBoxEnd|year=2013}}
|-
|{{Top 10:RoundedBoxLinkBegin|year=2013|risk=4}} A4–Insecure Direct Object References
{{Top 10:RoundedBoxLinkEnd|year=2013}}
|{{Top 10:GrayBoxBegin|year=2013}}
A direct object reference occurs when a developer exposes a reference to an internal implementation object, such as a file, directory, or database key. Without an access control check or other protection, attackers can manipulate these references to access unauthorized data.
{{Top 10:GrayBoxEnd|year=2013}}
|-
|{{Top 10:RoundedBoxLinkBegin|year=2013|risk=5}} A5–Security Misconfiguration
{{Top 10:RoundedBoxLinkEnd|year=2013}}
|{{Top 10:GrayBoxBegin|year=2013}}
Good security requires having a secure configuration defined and deployed for the application, frameworks, application server, web server, database server, and platform. All these settings should be defined, implemented, and maintained as many are not shipped with secure defaults. This includes keeping all software up to date.
{{Top 10:GrayBoxEnd|year=2013}}
|-
|{{Top 10:RoundedBoxLinkBegin|year=2013|risk=6}} A6–Sensitive Data Exposure
{{Top 10:RoundedBoxLinkEnd|year=2013}}
|{{Top 10:GrayBoxBegin|year=2013}}
Many web applications do not properly protect sensitive data, such as credit cards, tax ids, and authentication credentials. Attackers may steal or modify such weakly protected data to conduct identity theft, credit card fraud, or other crimes. Sensitive data deserves extra protection such as encryption at rest or in transit, as well as special precautions when exchanged with the browser.
{{Top 10:GrayBoxEnd|year=2013}}
|-
|{{Top 10:RoundedBoxLinkBegin|year=2013|risk=7}}A7–Missing Function Level Access Control
{{Top 10:RoundedBoxLinkEnd|year=2013}}
|{{Top 10:GrayBoxBegin|year=2013}}
Virtually all web applications verify function level access rights before making that functionality visible in the UI. However, applications need to perform the same access control checks on the server when each function is accessed. If requests are not verified, attackers will be able to forge requests in order to access unauthorized functionality.
{{Top 10:GrayBoxEnd|year=2013}}
|-
|{{Top 10:RoundedBoxLinkBegin|year=2013|risk=8}}A8-Cross-Site Request Forgery (CSRF)
{{Top 10:RoundedBoxLinkEnd|year=2013}}
|{{Top 10:GrayBoxBegin|year=2013}}
A CSRF attack forces a logged-on victim’s browser to send a forged HTTP request, including the victim’s session cookie and any other automatically included authentication information, to a vulnerable web application. This allows the attacker to force the victim’s browser to generate requests the vulnerable application thinks are legitimate requests from the victim.
{{Top 10:GrayBoxEnd|year=2013}}
|-
|{{Top 10:RoundedBoxLinkBegin|year=2013|risk=9}}A9-Using Components with Known Vulnerabilities
{{Top 10:RoundedBoxLinkEnd|year=2013}}
|{{Top 10:GrayBoxBegin|year=2013}}
Vulnerable components, such as libraries, frameworks, and other software modules almost always run with full privilege. So, if exploited, they can cause serious data loss or server takeover. Applications using these vulnerable components may undermine their defenses and enable a range of possible attacks and impacts.
{{Top 10:GrayBoxEnd|year=2013}}
|-
|{{Top 10:RoundedBoxLinkBegin|year=2013|risk=10}}A10–Unvalidated Redirects and Forwards
{{Top 10:RoundedBoxLinkEnd|year=2013}}
|{{Top 10:GrayBoxBegin|year=2013}}
Web applications frequently redirect and forward users to other pages and websites, and use untrusted data to determine the destination pages. Without proper validation, attackers can redirect victims to phishing or malware sites, or use forwards to access unauthorized pages.
{{Top 10:GrayBoxEnd|year=2013}}
|}

{{Top_10_2013:BottomTemplate
|type={{Top_10_2010:StyleTemplate}}
|usenext=2013NextLink
|next={{Top_10_2010:ByTheNumbers
|1
|year=2013}}
|useprev=2013PrevLink
|prev=Risk
}}

Bangalore

2009-06-07T15:33:09Z

Rajivvishwa: /* Next Meeting */

{{Chapter Template|chaptername=Bangalore|extra=The chapter leader is [mailto:hpudipeddi@owasp.org Harinath Pudipeddi]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-bangalore|emailarchives=http://lists.owasp.org/pipermail/owasp-bangalore}}

<paypal>Bangalore</paypal>

=='''Next Meeting'''==

'''Date''' : 5 June 2009 
'''Time''' : 09.00 AM 
'''Venue''' : Not Decided 
'''Presenter''' : Rajiv Vishwa 
'''Agenda''' : Turn Firefox into SecFox (Part II) 

== '''Meeting Venue and Dates'''==

{| class="wikitable"
! No
! Date
! Venue
! Time
|-
| 14
| 07 June 2009
| ICH, Church Street
| 09.00 AM
|-
|-
| 13
| 11 April 2009
| ThoughtWorks Bangalore, ([http://www.devcamp.in/wiki/Main_Page DevCamp2])
| 10.00 AM
|-
| 12
| 07 March 2009
| Yahoo, Embassy Golf Links Business Park
| 11.00 AM
|-
| 11
| 02 February 2009
| India Coffee House, MG Road
| 9.00 AM
|-
| 10
| 11 January 2009
| India Coffee House, MG Road
| 9.00 AM
|-
| 9
| 14 December 2008
| India Coffee House, MG Road
| 9.00 AM
|-
| 8
| 16 November 2008
| India Coffee House, MG Road
| 9.00 AM
|-
| 7
| 13 September 2008
| IIM Bangalore (Part of BarCamp Bangalore-7)
|
|-
| 6
| 09 August 2008
| Microland Office
| 3.00 PM
|-
| 5
| 12 July 2008
| RSA Office (Part of Secure Camp)
| 9.30 AM
|-
| 4
| 29 June 2008
| India Coffee House, MG Road
| 9.30AM
|-
| 3
| 28 June 2007
| (Part of Barcamp Bangalore-4)
|
|-
| 2
| 2006
|
|
|-
| 1
| 2006
|
|
|-
|}

[[Category:India]]

== '''Meeting Summary'''==

===07 Jun 2009===
'''Topic''': Turning Firefox Into Ultimate Hacking Tool(SecFox) 
'''Author''': Rajiv Vishwa 
'''Description''':
Talk on tweaking Firefox with various addons and doing some customizations so that it can be used to perform vulnerability assessments on various websites. 

===07 Mar 2009===
'''Topic''': Hackers Secret 
'''Author''': Sharmishta Gupta 
'''Description''':
Headsup on OWASP top vulnerabilities and introduction to Webgoat application. 

===02 Feb 2009===
'''Attendees''': 13 Members 
'''Topic''': Cracking applications with OllyDbg debugger(Demo) 
'''Author''': Rajiv Vishwa 
'''Description''':
Session on debugging standalone executables to pin point security holes which is otherwise exploited by crackers to patch the pro version to freeware. Couple of tiny applications which requires keys for activation are cracked during the session. 

===14 Dec 2008===
'''Topic''': Access Control Mechanisms 
'''Author''' : Sundar 
'''Description''':
Overview on different types of access control schemes and its usages. 
'''Comments''':
The main agenda for the meet has been a presentation on "Access Controls" by Sundar. It was informative and lead to a good discussion on the topic. The meet lasted for over an hour and has seen good acceptance by members who attended.

==Stay Tuned==
'''Subscribe to Mailing list''' - https://lists.owasp.org/mailman/listinfo/owasp-bangalore

'''Receive SMS Alerts''' - http://labs.google.co.in/smschannels/subscribe/OwaspBangalore

Bangalore

2009-06-07T15:32:51Z

Rajivvishwa: /* Next Meeting */

{{Chapter Template|chaptername=Bangalore|extra=The chapter leader is [mailto:hpudipeddi@owasp.org Harinath Pudipeddi]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-bangalore|emailarchives=http://lists.owasp.org/pipermail/owasp-bangalore}}

<paypal>Bangalore</paypal>

=='''Next Meeting'''==

'''Date''' : 5 June 2009 
'''Time''' : 09.00 AM 
'''Venue''' : India Coffee House, Church Street 
'''Presenter''' : Rajiv Vishwa 
'''Agenda''' : Turn Firefox into SecFox (Part II) 

== '''Meeting Venue and Dates'''==

{| class="wikitable"
! No
! Date
! Venue
! Time
|-
| 14
| 07 June 2009
| ICH, Church Street
| 09.00 AM
|-
|-
| 13
| 11 April 2009
| ThoughtWorks Bangalore, ([http://www.devcamp.in/wiki/Main_Page DevCamp2])
| 10.00 AM
|-
| 12
| 07 March 2009
| Yahoo, Embassy Golf Links Business Park
| 11.00 AM
|-
| 11
| 02 February 2009
| India Coffee House, MG Road
| 9.00 AM
|-
| 10
| 11 January 2009
| India Coffee House, MG Road
| 9.00 AM
|-
| 9
| 14 December 2008
| India Coffee House, MG Road
| 9.00 AM
|-
| 8
| 16 November 2008
| India Coffee House, MG Road
| 9.00 AM
|-
| 7
| 13 September 2008
| IIM Bangalore (Part of BarCamp Bangalore-7)
|
|-
| 6
| 09 August 2008
| Microland Office
| 3.00 PM
|-
| 5
| 12 July 2008
| RSA Office (Part of Secure Camp)
| 9.30 AM
|-
| 4
| 29 June 2008
| India Coffee House, MG Road
| 9.30AM
|-
| 3
| 28 June 2007
| (Part of Barcamp Bangalore-4)
|
|-
| 2
| 2006
|
|
|-
| 1
| 2006
|
|
|-
|}

[[Category:India]]

== '''Meeting Summary'''==

===07 Jun 2009===
'''Topic''': Turning Firefox Into Ultimate Hacking Tool(SecFox) 
'''Author''': Rajiv Vishwa 
'''Description''':
Talk on tweaking Firefox with various addons and doing some customizations so that it can be used to perform vulnerability assessments on various websites. 

===07 Mar 2009===
'''Topic''': Hackers Secret 
'''Author''': Sharmishta Gupta 
'''Description''':
Headsup on OWASP top vulnerabilities and introduction to Webgoat application. 

===02 Feb 2009===
'''Attendees''': 13 Members 
'''Topic''': Cracking applications with OllyDbg debugger(Demo) 
'''Author''': Rajiv Vishwa 
'''Description''':
Session on debugging standalone executables to pin point security holes which is otherwise exploited by crackers to patch the pro version to freeware. Couple of tiny applications which requires keys for activation are cracked during the session. 

===14 Dec 2008===
'''Topic''': Access Control Mechanisms 
'''Author''' : Sundar 
'''Description''':
Overview on different types of access control schemes and its usages. 
'''Comments''':
The main agenda for the meet has been a presentation on "Access Controls" by Sundar. It was informative and lead to a good discussion on the topic. The meet lasted for over an hour and has seen good acceptance by members who attended.

==Stay Tuned==
'''Subscribe to Mailing list''' - https://lists.owasp.org/mailman/listinfo/owasp-bangalore

'''Receive SMS Alerts''' - http://labs.google.co.in/smschannels/subscribe/OwaspBangalore

Bangalore

2009-06-07T15:32:22Z

Rajivvishwa: /* 02 Feb 2009 */

{{Chapter Template|chaptername=Bangalore|extra=The chapter leader is [mailto:hpudipeddi@owasp.org Harinath Pudipeddi]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-bangalore|emailarchives=http://lists.owasp.org/pipermail/owasp-bangalore}}

<paypal>Bangalore</paypal>

=='''Next Meeting'''==

'''Date''' : 7 June 2009 
'''Time''' : 09.00 AM 
'''Venue''' : India Coffee House, Church Street 
'''Presenter''' : Rajiv Vishwa 
'''Agenda''' : Turn Firefox into SecFox (Part I) 

== '''Meeting Venue and Dates'''==

{| class="wikitable"
! No
! Date
! Venue
! Time
|-
| 14
| 07 June 2009
| ICH, Church Street
| 09.00 AM
|-
|-
| 13
| 11 April 2009
| ThoughtWorks Bangalore, ([http://www.devcamp.in/wiki/Main_Page DevCamp2])
| 10.00 AM
|-
| 12
| 07 March 2009
| Yahoo, Embassy Golf Links Business Park
| 11.00 AM
|-
| 11
| 02 February 2009
| India Coffee House, MG Road
| 9.00 AM
|-
| 10
| 11 January 2009
| India Coffee House, MG Road
| 9.00 AM
|-
| 9
| 14 December 2008
| India Coffee House, MG Road
| 9.00 AM
|-
| 8
| 16 November 2008
| India Coffee House, MG Road
| 9.00 AM
|-
| 7
| 13 September 2008
| IIM Bangalore (Part of BarCamp Bangalore-7)
|
|-
| 6
| 09 August 2008
| Microland Office
| 3.00 PM
|-
| 5
| 12 July 2008
| RSA Office (Part of Secure Camp)
| 9.30 AM
|-
| 4
| 29 June 2008
| India Coffee House, MG Road
| 9.30AM
|-
| 3
| 28 June 2007
| (Part of Barcamp Bangalore-4)
|
|-
| 2
| 2006
|
|
|-
| 1
| 2006
|
|
|-
|}

[[Category:India]]

== '''Meeting Summary'''==

===07 Jun 2009===
'''Topic''': Turning Firefox Into Ultimate Hacking Tool(SecFox) 
'''Author''': Rajiv Vishwa 
'''Description''':
Talk on tweaking Firefox with various addons and doing some customizations so that it can be used to perform vulnerability assessments on various websites. 

===07 Mar 2009===
'''Topic''': Hackers Secret 
'''Author''': Sharmishta Gupta 
'''Description''':
Headsup on OWASP top vulnerabilities and introduction to Webgoat application. 

===02 Feb 2009===
'''Attendees''': 13 Members 
'''Topic''': Cracking applications with OllyDbg debugger(Demo) 
'''Author''': Rajiv Vishwa 
'''Description''':
Session on debugging standalone executables to pin point security holes which is otherwise exploited by crackers to patch the pro version to freeware. Couple of tiny applications which requires keys for activation are cracked during the session. 

===14 Dec 2008===
'''Topic''': Access Control Mechanisms 
'''Author''' : Sundar 
'''Description''':
Overview on different types of access control schemes and its usages. 
'''Comments''':
The main agenda for the meet has been a presentation on "Access Controls" by Sundar. It was informative and lead to a good discussion on the topic. The meet lasted for over an hour and has seen good acceptance by members who attended.

==Stay Tuned==
'''Subscribe to Mailing list''' - https://lists.owasp.org/mailman/listinfo/owasp-bangalore

'''Receive SMS Alerts''' - http://labs.google.co.in/smschannels/subscribe/OwaspBangalore

Bangalore

2009-06-07T15:26:27Z

Rajivvishwa: /* Meeting Summary */

{{Chapter Template|chaptername=Bangalore|extra=The chapter leader is [mailto:hpudipeddi@owasp.org Harinath Pudipeddi]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-bangalore|emailarchives=http://lists.owasp.org/pipermail/owasp-bangalore}}

<paypal>Bangalore</paypal>

=='''Next Meeting'''==

'''Date''' : 7 June 2009 
'''Time''' : 09.00 AM 
'''Venue''' : India Coffee House, Church Street 
'''Presenter''' : Rajiv Vishwa 
'''Agenda''' : Turn Firefox into SecFox (Part I) 

== '''Meeting Venue and Dates'''==

{| class="wikitable"
! No
! Date
! Venue
! Time
|-
| 14
| 07 June 2009
| ICH, Church Street
| 09.00 AM
|-
|-
| 13
| 11 April 2009
| ThoughtWorks Bangalore, ([http://www.devcamp.in/wiki/Main_Page DevCamp2])
| 10.00 AM
|-
| 12
| 07 March 2009
| Yahoo, Embassy Golf Links Business Park
| 11.00 AM
|-
| 11
| 02 February 2009
| India Coffee House, MG Road
| 9.00 AM
|-
| 10
| 11 January 2009
| India Coffee House, MG Road
| 9.00 AM
|-
| 9
| 14 December 2008
| India Coffee House, MG Road
| 9.00 AM
|-
| 8
| 16 November 2008
| India Coffee House, MG Road
| 9.00 AM
|-
| 7
| 13 September 2008
| IIM Bangalore (Part of BarCamp Bangalore-7)
|
|-
| 6
| 09 August 2008
| Microland Office
| 3.00 PM
|-
| 5
| 12 July 2008
| RSA Office (Part of Secure Camp)
| 9.30 AM
|-
| 4
| 29 June 2008
| India Coffee House, MG Road
| 9.30AM
|-
| 3
| 28 June 2007
| (Part of Barcamp Bangalore-4)
|
|-
| 2
| 2006
|
|
|-
| 1
| 2006
|
|
|-
|}

[[Category:India]]

== '''Meeting Summary'''==

===07 Jun 2009===
'''Topic''': Turning Firefox Into Ultimate Hacking Tool(SecFox) 
'''Author''': Rajiv Vishwa 
'''Description''':
Talk on tweaking Firefox with various addons and doing some customizations so that it can be used to perform vulnerability assessments on various websites. 

===07 Mar 2009===
'''Topic''': Hackers Secret 
'''Author''': Sharmishta Gupta 
'''Description''':
Headsup on OWASP top vulnerabilities and introduction to Webgoat application. 

===02 Feb 2009===
'''Attendees''': 13 Members 
'''Topic''': Cracking applications with OllyDbg debugger(Demo) 
'''Author''': RajivVishwa 
'''Description''':
Session on debugging standalone executables to pin point security holes which is otherwise exploited by crackers to patch the pro version to freeware. Couple of tiny applications which requires keys for activation are cracked during the session. 

===14 Dec 2008===
'''Topic''': Access Control Mechanisms 
'''Author''' : Sundar 
'''Description''':
Overview on different types of access control schemes and its usages. 
'''Comments''':
The main agenda for the meet has been a presentation on "Access Controls" by Sundar. It was informative and lead to a good discussion on the topic. The meet lasted for over an hour and has seen good acceptance by members who attended.

==Stay Tuned==
'''Subscribe to Mailing list''' - https://lists.owasp.org/mailman/listinfo/owasp-bangalore

'''Receive SMS Alerts''' - http://labs.google.co.in/smschannels/subscribe/OwaspBangalore

Bangalore

2009-06-06T01:44:14Z

Rajivvishwa: /* Meeting Venue and Dates */

{{Chapter Template|chaptername=Bangalore|extra=The chapter leader is [mailto:hpudipeddi@owasp.org Harinath Pudipeddi]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-bangalore|emailarchives=http://lists.owasp.org/pipermail/owasp-bangalore}}

<paypal>Bangalore</paypal>

=='''Next Meeting'''==

'''Date''' : 7 June 2009 
'''Time''' : 09.00 AM 
'''Venue''' : India Coffee House, Church Street 
'''Presenter''' : Rajiv Vishwa 
'''Agenda''' : Turn Firefox into SecFox (Part I) 

== '''Meeting Venue and Dates'''==

{| class="wikitable"
! No
! Date
! Venue
! Time
|-
| 14
| 07 June 2009
| ICH, Church Street
| 09.00 AM
|-
|-
| 13
| 11 April 2009
| ThoughtWorks Bangalore, ([http://www.devcamp.in/wiki/Main_Page DevCamp2])
| 10.00 AM
|-
| 12
| 07 March 2009
| Yahoo, Embassy Golf Links Business Park
| 11.00 AM
|-
| 11
| 02 February 2009
| India Coffee House, MG Road
| 9.00 AM
|-
| 10
| 11 January 2009
| India Coffee House, MG Road
| 9.00 AM
|-
| 9
| 14 December 2008
| India Coffee House, MG Road
| 9.00 AM
|-
| 8
| 16 November 2008
| India Coffee House, MG Road
| 9.00 AM
|-
| 7
| 13 September 2008
| IIM Bangalore (Part of BarCamp Bangalore-7)
|
|-
| 6
| 09 August 2008
| Microland Office
| 3.00 PM
|-
| 5
| 12 July 2008
| RSA Office (Part of Secure Camp)
| 9.30 AM
|-
| 4
| 29 June 2008
| India Coffee House, MG Road
| 9.30AM
|-
| 3
| 28 June 2007
| (Part of Barcamp Bangalore-4)
|
|-
| 2
| 2006
|
|
|-
| 1
| 2006
|
|
|-
|}

[[Category:India]]

== '''Meeting Summary'''==

===07 Mar 2009===
'''Topic''': Hackers Secret 
'''Author''': Sharmishta Gupta 
'''Description''':
Headsup on OWASP top vulnerabilities and introduction to Webgoat application. 

===02 Feb 2009===
'''Attendees''': 13 Members 
'''Topic''': Cracking applications with OllyDbg debugger(Demo) 
'''Author''': RajivVishwa 
'''Description''':
Session on debugging standalone executables to pin point security holes which is otherwise exploited by crackers to patch the pro version to freeware. Couple of tiny applications which requires keys for activation are cracked during the session. 

===14 Dec 2008===
'''Topic''': Access Control Mechanisms 
'''Author''' : Sundar 
'''Description''':
Overview on different types of access control schemes and its usages. 
'''Comments''':
The main agenda for the meet has been a presentation on "Access Controls" by Sundar. It was informative and lead to a good discussion on the topic. The meet lasted for over an hour and has seen good acceptance by members who attended.

==Stay Tuned==
'''Subscribe to Mailing list''' - https://lists.owasp.org/mailman/listinfo/owasp-bangalore

'''Receive SMS Alerts''' - http://labs.google.co.in/smschannels/subscribe/OwaspBangalore

Bangalore

2009-06-06T01:43:38Z

Rajivvishwa: /* Meeting Venue and Dates */

{{Chapter Template|chaptername=Bangalore|extra=The chapter leader is [mailto:hpudipeddi@owasp.org Harinath Pudipeddi]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-bangalore|emailarchives=http://lists.owasp.org/pipermail/owasp-bangalore}}

<paypal>Bangalore</paypal>

=='''Next Meeting'''==

'''Date''' : 7 June 2009 
'''Time''' : 09.00 AM 
'''Venue''' : India Coffee House, Church Street 
'''Presenter''' : Rajiv Vishwa 
'''Agenda''' : Turn Firefox into SecFox (Part I) 

== '''Meeting Venue and Dates'''==

{| class="wikitable"
! No
! Date
! Venue
! Time
|-
| 14
| 06 June 2009
| ICH, Church Street
| 09.00 AM
|-
|-
| 13
| 11 April 2009
| ThoughtWorks Bangalore, ([http://www.devcamp.in/wiki/Main_Page DevCamp2])
| 10.00 AM
|-
| 12
| 07 March 2009
| Yahoo, Embassy Golf Links Business Park
| 11.00 AM
|-
| 11
| 02 February 2009
| India Coffee House, MG Road
| 9.00 AM
|-
| 10
| 11 January 2009
| India Coffee House, MG Road
| 9.00 AM
|-
| 9
| 14 December 2008
| India Coffee House, MG Road
| 9.00 AM
|-
| 8
| 16 November 2008
| India Coffee House, MG Road
| 9.00 AM
|-
| 7
| 13 September 2008
| IIM Bangalore (Part of BarCamp Bangalore-7)
|
|-
| 6
| 09 August 2008
| Microland Office
| 3.00 PM
|-
| 5
| 12 July 2008
| RSA Office (Part of Secure Camp)
| 9.30 AM
|-
| 4
| 29 June 2008
| India Coffee House, MG Road
| 9.30AM
|-
| 3
| 28 June 2007
| (Part of Barcamp Bangalore-4)
|
|-
| 2
| 2006
|
|
|-
| 1
| 2006
|
|
|-
|}

[[Category:India]]

== '''Meeting Summary'''==

===07 Mar 2009===
'''Topic''': Hackers Secret 
'''Author''': Sharmishta Gupta 
'''Description''':
Headsup on OWASP top vulnerabilities and introduction to Webgoat application. 

===02 Feb 2009===
'''Attendees''': 13 Members 
'''Topic''': Cracking applications with OllyDbg debugger(Demo) 
'''Author''': RajivVishwa 
'''Description''':
Session on debugging standalone executables to pin point security holes which is otherwise exploited by crackers to patch the pro version to freeware. Couple of tiny applications which requires keys for activation are cracked during the session. 

===14 Dec 2008===
'''Topic''': Access Control Mechanisms 
'''Author''' : Sundar 
'''Description''':
Overview on different types of access control schemes and its usages. 
'''Comments''':
The main agenda for the meet has been a presentation on "Access Controls" by Sundar. It was informative and lead to a good discussion on the topic. The meet lasted for over an hour and has seen good acceptance by members who attended.

==Stay Tuned==
'''Subscribe to Mailing list''' - https://lists.owasp.org/mailman/listinfo/owasp-bangalore

'''Receive SMS Alerts''' - http://labs.google.co.in/smschannels/subscribe/OwaspBangalore

Bangalore

2009-06-06T01:42:44Z

Rajivvishwa: /* Next Meeting */

{{Chapter Template|chaptername=Bangalore|extra=The chapter leader is [mailto:hpudipeddi@owasp.org Harinath Pudipeddi]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-bangalore|emailarchives=http://lists.owasp.org/pipermail/owasp-bangalore}}

<paypal>Bangalore</paypal>

=='''Next Meeting'''==

'''Date''' : 7 June 2009 
'''Time''' : 09.00 AM 
'''Venue''' : India Coffee House, Church Street 
'''Presenter''' : Rajiv Vishwa 
'''Agenda''' : Turn Firefox into SecFox (Part I) 

== '''Meeting Venue and Dates'''==

{| class="wikitable"
! No
! Date
! Venue
! Time
|-
| 13
| 11 April 2009
| ThoughtWorks Bangalore, ([http://www.devcamp.in/wiki/Main_Page DevCamp2])
| 10.00 AM
|-
| 12
| 07 March 2009
| Yahoo, Embassy Golf Links Business Park
| 11.00 AM
|-
| 11
| 02 February 2009
| India Coffee House, MG Road
| 9.00 AM
|-
| 10
| 11 January 2009
| India Coffee House, MG Road
| 9.00 AM
|-
| 9
| 14 December 2008
| India Coffee House, MG Road
| 9.00 AM
|-
| 8
| 16 November 2008
| India Coffee House, MG Road
| 9.00 AM
|-
| 7
| 13 September 2008
| IIM Bangalore (Part of BarCamp Bangalore-7)
|
|-
| 6
| 09 August 2008
| Microland Office
| 3.00 PM
|-
| 5
| 12 July 2008
| RSA Office (Part of Secure Camp)
| 9.30 AM
|-
| 4
| 29 June 2008
| India Coffee House, MG Road
| 9.30AM
|-
| 3
| 28 June 2007
| (Part of Barcamp Bangalore-4)
|
|-
| 2
| 2006
|
|
|-
| 1
| 2006
|
|
|-
|}

[[Category:India]]

== '''Meeting Summary'''==

===07 Mar 2009===
'''Topic''': Hackers Secret 
'''Author''': Sharmishta Gupta 
'''Description''':
Headsup on OWASP top vulnerabilities and introduction to Webgoat application. 

===02 Feb 2009===
'''Attendees''': 13 Members 
'''Topic''': Cracking applications with OllyDbg debugger(Demo) 
'''Author''': RajivVishwa 
'''Description''':
Session on debugging standalone executables to pin point security holes which is otherwise exploited by crackers to patch the pro version to freeware. Couple of tiny applications which requires keys for activation are cracked during the session. 

===14 Dec 2008===
'''Topic''': Access Control Mechanisms 
'''Author''' : Sundar 
'''Description''':
Overview on different types of access control schemes and its usages. 
'''Comments''':
The main agenda for the meet has been a presentation on "Access Controls" by Sundar. It was informative and lead to a good discussion on the topic. The meet lasted for over an hour and has seen good acceptance by members who attended.

==Stay Tuned==
'''Subscribe to Mailing list''' - https://lists.owasp.org/mailman/listinfo/owasp-bangalore

'''Receive SMS Alerts''' - http://labs.google.co.in/smschannels/subscribe/OwaspBangalore

Bangalore

2009-05-08T10:30:57Z

Rajivvishwa: /* Next Meeting */ 6-Jun-09

{{Chapter Template|chaptername=Bangalore|extra=The chapter leader is [mailto:hpudipeddi@owasp.org Harinath Pudipeddi]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-bangalore|emailarchives=http://lists.owasp.org/pipermail/owasp-bangalore}}

<paypal>Bangalore</paypal>

=='''Next Meeting'''==

'''Date''' : 6-Jun-2009 
'''Time''' : 10.00 AM 
'''Venue''' : Not Decided Yet 
'''Presenter''' : Praveen 
'''Agenda''' : IFrame Injection 

'''''Note:''' Then meeting for 9-May-09 stays canceled due to some unexpected logistical issues.''

== '''Meeting Venue and Dates'''==

{| class="wikitable"
! No
! Date
! Venue
! Time
|-
| 13
| 11 April 2009
| ThoughtWorks Bangalore, ([http://www.devcamp.in/wiki/Main_Page DevCamp2])
| 10.00 AM
|-
| 12
| 07 March 2009
| Yahoo, Embassy Golf Links Business Park
| 11.00 AM
|-
| 11
| 02 February 2009
| India Coffee House, MG Road
| 9.00 AM
|-
| 10
| 11 January 2009
| India Coffee House, MG Road
| 9.00 AM
|-
| 9
| 14 December 2008
| India Coffee House, MG Road
| 9.00 AM
|-
| 8
| 16 November 2008
| India Coffee House, MG Road
| 9.00 AM
|-
| 7
| 13 September 2008
| IIM Bangalore (Part of BarCamp Bangalore-7)
|
|-
| 6
| 09 August 2008
| Microland Office
| 3.00 PM
|-
| 5
| 12 July 2008
| RSA Office (Part of Secure Camp)
| 9.30 AM
|-
| 4
| 29 June 2008
| India Coffee House, MG Road
| 9.30AM
|-
| 3
| 28 June 2007
| (Part of Barcamp Bangalore-4)
|
|-
| 2
| 2006
|
|
|-
| 1
| 2006
|
|
|-
|}

[[Category:India]]

== '''Meeting Summary'''==

===07 Mar 2009===
'''Topic''': Hackers Secret 
'''Author''': Sharmishta Gupta 
'''Description''':
Headsup on OWASP top vulnerabilities and introduction to Webgoat application. 

===02 Feb 2009===
'''Attendees''': 13 Members 
'''Topic''': Cracking applications with OllyDbg debugger(Demo) 
'''Author''': RajivVishwa 
'''Description''':
Session on debugging standalone executables to pin point security holes which is otherwise exploited by crackers to patch the pro version to freeware. Couple of tiny applications which requires keys for activation are cracked during the session. 

===14 Dec 2008===
'''Topic''': Access Control Mechanisms 
'''Author''' : Sundar 
'''Description''':
Overview on different types of access control schemes and its usages. 
'''Comments''':
The main agenda for the meet has been a presentation on "Access Controls" by Sundar. It was informative and lead to a good discussion on the topic. The meet lasted for over an hour and has seen good acceptance by members who attended.

==Stay Tuned==
'''Subscribe to Mailing list''' - https://lists.owasp.org/mailman/listinfo/owasp-bangalore

'''Receive SMS Alerts''' - http://labs.google.co.in/smschannels/subscribe/OwaspBangalore

Bangalore

2009-03-19T16:27:10Z

Rajivvishwa: Added April Meeting

{{Chapter Template|chaptername=Bangalore|extra=The chapter leader is [mailto:hpudipeddi@owasp.org Harinath Pudipeddi]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-bangalore|emailarchives=http://lists.owasp.org/pipermail/owasp-bangalore}}

<paypal>Bangalore</paypal>

=='''Next Meeting'''==

'''Date''' : 11-Apr-2009 
'''Time''' : 10.00 AM 
'''Venue''' : ThoughtWorks Bangalore([http://www.devcamp.in/wiki/Main_Page Part of DevCamp8]) 
'''Presenter''' : Jayesh Mantra 
'''Agenda''' : Securing PHP Applications 

== '''Meeting Venue and Dates'''==

{| class="wikitable"
! No
! Date
! Venue
! Time
|-
| 13
| 11 April 2009
| ThoughtWorks Bangalore, ([http://www.devcamp.in/wiki/Main_Page DevCamp2])
| 10.00 AM
|-
| 12
| 07 March 2009
| Yahoo, Embassy Golf Links Business Park
| 11.00 AM
|-
| 11
| 02 February 2009
| India Coffee House, MG Road
| 9.00 AM
|-
| 10
| 11 January 2009
| India Coffee House, MG Road
| 9.00 AM
|-
| 9
| 14 December 2008
| India Coffee House, MG Road
| 9.00 AM
|-
| 8
| 16 November 2008
| India Coffee House, MG Road
| 9.00 AM
|-
| 7
| 13 September 2008
| IIM Bangalore (Part of BarCamp Bangalore-7)
|
|-
| 6
| 09 August 2008
| Microland Office
| 3.00 PM
|-
| 5
| 12 July 2008
| RSA Office (Part of Secure Camp)
| 9.30 AM
|-
| 4
| 29 June 2008
| India Coffee House, MG Road
| 9.30AM
|-
| 3
| 28 June 2007
| (Part of Barcamp Bangalore-4)
|
|-
| 2
| 2006
|
|
|-
| 1
| 2006
|
|
|-
|}

[[Category:India]]

== '''Meeting Summary'''==

===07 Mar 2009===
'''Topic''': Hackers Secret 
'''Author''': Sharmishta Gupta 
'''Description''':
Headsup on OWASP top vulnerabilities and introduction to Webgoat application. 

===02 Feb 2009===
'''Attendees''': 13 Members 
'''Topic''': Cracking applications with OllyDbg debugger(Demo) 
'''Author''': RajivVishwa 
'''Description''':
Session on debugging standalone executables to pin point security holes which is otherwise exploited by crackers to patch the pro version to freeware. Couple of tiny applications which requires keys for activation are cracked during the session. 

===14 Dec 2008===
'''Topic''': Access Control Mechanisms 
'''Author''' : Sundar 
'''Description''':
Overview on different types of access control schemes and its usages. 
'''Comments''':
The main agenda for the meet has been a presentation on "Access Controls" by Sundar. It was informative and lead to a good discussion on the topic. The meet lasted for over an hour and has seen good acceptance by members who attended.

==Stay Tuned==
'''Subscribe to Mailing list''' - https://lists.owasp.org/mailman/listinfo/owasp-bangalore

'''Receive SMS Alerts''' - http://labs.google.co.in/smschannels/subscribe/OwaspBangalore

Bangalore

2009-03-19T16:25:00Z

Rajivvishwa: Changed the date and time

{{Chapter Template|chaptername=Bangalore|extra=The chapter leader is [mailto:hpudipeddi@owasp.org Harinath Pudipeddi]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-bangalore|emailarchives=http://lists.owasp.org/pipermail/owasp-bangalore}}

<paypal>Bangalore</paypal>

=='''Next Meeting'''==

'''Date''' : 11-Apr-2009 
'''Time''' : 10.00 AM 
'''Venue''' : ThoughtWorks Bangalore([http://www.devcamp.in/wiki/Main_Page Part of DevCamp8]) 
'''Presenter''' : Jayesh Mantra 
'''Agenda''' : Securing PHP Applications 

== '''Meeting Venue and Dates'''==

{| class="wikitable"
! No
! Date
! Venue
! Time
|-
| 12
| 07 March 2009
| Yahoo, Embassy Golf Links Business Park
| 11.00 AM
|-
| 11
| 02 February 2009
| India Coffee House, MG Road
| 9.00 AM
|-
| 10
| 11 January 2009
| India Coffee House, MG Road
| 9.00 AM
|-
| 9
| 14 December 2008
| India Coffee House, MG Road
| 9.00 AM
|-
| 8
| 16 November 2008
| India Coffee House, MG Road
| 9.00 AM
|-
| 7
| 13 September 2008
| IIM Bangalore (Part of BarCamp Bangalore-7)
|
|-
| 6
| 09 August 2008
| Microland Office
| 3.00 PM
|-
| 5
| 12 July 2008
| RSA Office (Part of Secure Camp)
| 9.30 AM
|-
| 4
| 29 June 2008
| India Coffee House, MG Road
| 9.30AM
|-
| 3
| 28 June 2007
| (Part of Barcamp Bangalore-4)
|
|-
| 2
| 2006
|
|
|-
| 1
| 2006
|
|
|-
|}

[[Category:India]]

== '''Meeting Summary'''==

===07 Mar 2009===
'''Topic''': Hackers Secret 
'''Author''': Sharmishta Gupta 
'''Description''':
Headsup on OWASP top vulnerabilities and introduction to Webgoat application. 

===02 Feb 2009===
'''Attendees''': 13 Members 
'''Topic''': Cracking applications with OllyDbg debugger(Demo) 
'''Author''': RajivVishwa 
'''Description''':
Session on debugging standalone executables to pin point security holes which is otherwise exploited by crackers to patch the pro version to freeware. Couple of tiny applications which requires keys for activation are cracked during the session. 

===14 Dec 2008===
'''Topic''': Access Control Mechanisms 
'''Author''' : Sundar 
'''Description''':
Overview on different types of access control schemes and its usages. 
'''Comments''':
The main agenda for the meet has been a presentation on "Access Controls" by Sundar. It was informative and lead to a good discussion on the topic. The meet lasted for over an hour and has seen good acceptance by members who attended.

==Stay Tuned==
'''Subscribe to Mailing list''' - https://lists.owasp.org/mailman/listinfo/owasp-bangalore

'''Receive SMS Alerts''' - http://labs.google.co.in/smschannels/subscribe/OwaspBangalore

Bangalore

2009-03-19T16:24:12Z

Rajivvishwa: Edited the venue, link to DevCamp

{{Chapter Template|chaptername=Bangalore|extra=The chapter leader is [mailto:hpudipeddi@owasp.org Harinath Pudipeddi]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-bangalore|emailarchives=http://lists.owasp.org/pipermail/owasp-bangalore}}

<paypal>Bangalore</paypal>

=='''Next Meeting'''==

'''Date''' : 5-Apr-2009 
'''Time''' : 9.00 AM 
'''Venue''' : ThoughtWorks Bangalore([http://www.devcamp.in/wiki/Main_Page Part of DevCamp8]) 
'''Presenter''' : Jayesh Mantra 
'''Agenda''' : Securing PHP Applications 

== '''Meeting Venue and Dates'''==

{| class="wikitable"
! No
! Date
! Venue
! Time
|-
| 12
| 07 March 2009
| Yahoo, Embassy Golf Links Business Park
| 11.00 AM
|-
| 11
| 02 February 2009
| India Coffee House, MG Road
| 9.00 AM
|-
| 10
| 11 January 2009
| India Coffee House, MG Road
| 9.00 AM
|-
| 9
| 14 December 2008
| India Coffee House, MG Road
| 9.00 AM
|-
| 8
| 16 November 2008
| India Coffee House, MG Road
| 9.00 AM
|-
| 7
| 13 September 2008
| IIM Bangalore (Part of BarCamp Bangalore-7)
|
|-
| 6
| 09 August 2008
| Microland Office
| 3.00 PM
|-
| 5
| 12 July 2008
| RSA Office (Part of Secure Camp)
| 9.30 AM
|-
| 4
| 29 June 2008
| India Coffee House, MG Road
| 9.30AM
|-
| 3
| 28 June 2007
| (Part of Barcamp Bangalore-4)
|
|-
| 2
| 2006
|
|
|-
| 1
| 2006
|
|
|-
|}

[[Category:India]]

== '''Meeting Summary'''==

===07 Mar 2009===
'''Topic''': Hackers Secret 
'''Author''': Sharmishta Gupta 
'''Description''':
Headsup on OWASP top vulnerabilities and introduction to Webgoat application. 

===02 Feb 2009===
'''Attendees''': 13 Members 
'''Topic''': Cracking applications with OllyDbg debugger(Demo) 
'''Author''': RajivVishwa 
'''Description''':
Session on debugging standalone executables to pin point security holes which is otherwise exploited by crackers to patch the pro version to freeware. Couple of tiny applications which requires keys for activation are cracked during the session. 

===14 Dec 2008===
'''Topic''': Access Control Mechanisms 
'''Author''' : Sundar 
'''Description''':
Overview on different types of access control schemes and its usages. 
'''Comments''':
The main agenda for the meet has been a presentation on "Access Controls" by Sundar. It was informative and lead to a good discussion on the topic. The meet lasted for over an hour and has seen good acceptance by members who attended.

==Stay Tuned==
'''Subscribe to Mailing list''' - https://lists.owasp.org/mailman/listinfo/owasp-bangalore

'''Receive SMS Alerts''' - http://labs.google.co.in/smschannels/subscribe/OwaspBangalore

Bangalore

2009-03-17T02:46:38Z

Rajivvishwa: /* Next Meeting */

{{Chapter Template|chaptername=Bangalore|extra=The chapter leader is [mailto:hpudipeddi@owasp.org Harinath Pudipeddi]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-bangalore|emailarchives=http://lists.owasp.org/pipermail/owasp-bangalore}}

<paypal>Bangalore</paypal>

=='''Next Meeting'''==

'''Date''' : 5-Apr-2009 
'''Time''' : 9.00 AM 
'''Venue''' : Indian Coffee House, MG Road(Near Deccan Herald) 
'''Presenter''' : Jayesh Mantra 
'''Agenda''' : Securing PHP Applications 

== '''Meeting Venue and Dates'''==

{| class="wikitable"
! No
! Date
! Venue
! Time
|-
| 12
| 07 March 2009
| Yahoo, Embassy Golf Links Business Park
| 11.00 AM
|-
| 11
| 02 February 2009
| India Coffee House, MG Road
| 9.00 AM
|-
| 10
| 11 January 2009
| India Coffee House, MG Road
| 9.00 AM
|-
| 9
| 14 December 2008
| India Coffee House, MG Road
| 9.00 AM
|-
| 8
| 16 November 2008
| India Coffee House, MG Road
| 9.00 AM
|-
| 7
| 13 September 2008
| IIM Bangalore (Part of BarCamp Bangalore-7)
|
|-
| 6
| 09 August 2008
| Microland Office
| 3.00 PM
|-
| 5
| 12 July 2008
| RSA Office (Part of Secure Camp)
| 9.30 AM
|-
| 4
| 29 June 2008
| India Coffee House, MG Road
| 9.30AM
|-
| 3
| 28 June 2007
| (Part of Barcamp Bangalore-4)
|
|-
| 2
| 2006
|
|
|-
| 1
| 2006
|
|
|-
|}

[[Category:India]]

== '''Meeting Summary'''==

===07 Mar 2009===
'''Topic''': Hackers Secret 
'''Author''': Sharmishta Gupta 
'''Description''':
Headsup on OWASP top vulnerabilities and introduction to Webgoat application. 

===02 Feb 2009===
'''Attendees''': 13 Members 
'''Topic''': Cracking applications with OllyDbg debugger(Demo) 
'''Author''': RajivVishwa 
'''Description''':
Session on debugging standalone executables to pin point security holes which is otherwise exploited by crackers to patch the pro version to freeware. Couple of tiny applications which requires keys for activation are cracked during the session. 

===14 Dec 2008===
'''Topic''': Access Control Mechanisms 
'''Author''' : Sundar 
'''Description''':
Overview on different types of access control schemes and its usages. 
'''Comments''':
The main agenda for the meet has been a presentation on "Access Controls" by Sundar. It was informative and lead to a good discussion on the topic. The meet lasted for over an hour and has seen good acceptance by members who attended.

==Stay Tuned==
'''Subscribe to Mailing list''' - https://lists.owasp.org/mailman/listinfo/owasp-bangalore

'''Receive SMS Alerts''' - http://labs.google.co.in/smschannels/subscribe/OwaspBangalore

Bangalore

2009-03-17T02:45:53Z

Rajivvishwa: /* Next Meeting */

{{Chapter Template|chaptername=Bangalore|extra=The chapter leader is [mailto:hpudipeddi@owasp.org Harinath Pudipeddi]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-bangalore|emailarchives=http://lists.owasp.org/pipermail/owasp-bangalore}}

<paypal>Bangalore</paypal>

==Next Meeting==

'''Date''' : 5-Apr-2009

'''Time''' : 9.00 AM

'''Venue''' : Indian Coffee House, MG Road(Near Deccan Herald)

'''Presenter''' : Jayesh Mantra

'''Agenda''' : Securing PHP Applications

== '''Meeting Venue and Dates'''==

{| class="wikitable"
! No
! Date
! Venue
! Time
|-
| 12
| 07 March 2009
| Yahoo, Embassy Golf Links Business Park
| 11.00 AM
|-
| 11
| 02 February 2009
| India Coffee House, MG Road
| 9.00 AM
|-
| 10
| 11 January 2009
| India Coffee House, MG Road
| 9.00 AM
|-
| 9
| 14 December 2008
| India Coffee House, MG Road
| 9.00 AM
|-
| 8
| 16 November 2008
| India Coffee House, MG Road
| 9.00 AM
|-
| 7
| 13 September 2008
| IIM Bangalore (Part of BarCamp Bangalore-7)
|
|-
| 6
| 09 August 2008
| Microland Office
| 3.00 PM
|-
| 5
| 12 July 2008
| RSA Office (Part of Secure Camp)
| 9.30 AM
|-
| 4
| 29 June 2008
| India Coffee House, MG Road
| 9.30AM
|-
| 3
| 28 June 2007
| (Part of Barcamp Bangalore-4)
|
|-
| 2
| 2006
|
|
|-
| 1
| 2006
|
|
|-
|}

[[Category:India]]

== '''Meeting Summary'''==

===07 Mar 2009===
'''Topic''': Hackers Secret 
'''Author''': Sharmishta Gupta 
'''Description''':
Headsup on OWASP top vulnerabilities and introduction to Webgoat application. 

===02 Feb 2009===
'''Attendees''': 13 Members 
'''Topic''': Cracking applications with OllyDbg debugger(Demo) 
'''Author''': RajivVishwa 
'''Description''':
Session on debugging standalone executables to pin point security holes which is otherwise exploited by crackers to patch the pro version to freeware. Couple of tiny applications which requires keys for activation are cracked during the session. 

===14 Dec 2008===
'''Topic''': Access Control Mechanisms 
'''Author''' : Sundar 
'''Description''':
Overview on different types of access control schemes and its usages. 
'''Comments''':
The main agenda for the meet has been a presentation on "Access Controls" by Sundar. It was informative and lead to a good discussion on the topic. The meet lasted for over an hour and has seen good acceptance by members who attended.

==Stay Tuned==
'''Subscribe to Mailing list''' - https://lists.owasp.org/mailman/listinfo/owasp-bangalore

'''Receive SMS Alerts''' - http://labs.google.co.in/smschannels/subscribe/OwaspBangalore

Bangalore

2009-03-17T02:43:57Z

Rajivvishwa: /* Next Meeting */

{{Chapter Template|chaptername=Bangalore|extra=The chapter leader is [mailto:hpudipeddi@owasp.org Harinath Pudipeddi]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-bangalore|emailarchives=http://lists.owasp.org/pipermail/owasp-bangalore}}

<paypal>Bangalore</paypal>

=='''Next Meeting '''==

Date : 5-Apr-2009
Time : 9.00 AM
Venue : Indian Coffee House,MG Road (Near Deccan Herald)
Presenter : Jayesh Mantra
Agenda: Securing PHP Applications

== '''Meeting Venue and Dates'''==

{| class="wikitable"
! No
! Date
! Venue
! Time
|-
| 12
| 07 March 2009
| Yahoo, Embassy Golf Links Business Park
| 11.00 AM
|-
| 11
| 02 February 2009
| India Coffee House, MG Road
| 9.00 AM
|-
| 10
| 11 January 2009
| India Coffee House, MG Road
| 9.00 AM
|-
| 9
| 14 December 2008
| India Coffee House, MG Road
| 9.00 AM
|-
| 8
| 16 November 2008
| India Coffee House, MG Road
| 9.00 AM
|-
| 7
| 13 September 2008
| IIM Bangalore (Part of BarCamp Bangalore-7)
|
|-
| 6
| 09 August 2008
| Microland Office
| 3.00 PM
|-
| 5
| 12 July 2008
| RSA Office (Part of Secure Camp)
| 9.30 AM
|-
| 4
| 29 June 2008
| India Coffee House, MG Road
| 9.30AM
|-
| 3
| 28 June 2007
| (Part of Barcamp Bangalore-4)
|
|-
| 2
| 2006
|
|
|-
| 1
| 2006
|
|
|-
|}

[[Category:India]]

== '''Meeting Summary'''==

===07 Mar 2009===
'''Topic''': Hackers Secret 
'''Author''': Sharmishta Gupta 
'''Description''':
Headsup on OWASP top vulnerabilities and introduction to Webgoat application. 

===02 Feb 2009===
'''Attendees''': 13 Members 
'''Topic''': Cracking applications with OllyDbg debugger(Demo) 
'''Author''': RajivVishwa 
'''Description''':
Session on debugging standalone executables to pin point security holes which is otherwise exploited by crackers to patch the pro version to freeware. Couple of tiny applications which requires keys for activation are cracked during the session. 

===14 Dec 2008===
'''Topic''': Access Control Mechanisms 
'''Author''' : Sundar 
'''Description''':
Overview on different types of access control schemes and its usages. 
'''Comments''':
The main agenda for the meet has been a presentation on "Access Controls" by Sundar. It was informative and lead to a good discussion on the topic. The meet lasted for over an hour and has seen good acceptance by members who attended.

==Stay Tuned==
'''Subscribe to Mailing list''' - https://lists.owasp.org/mailman/listinfo/owasp-bangalore

'''Receive SMS Alerts''' - http://labs.google.co.in/smschannels/subscribe/OwaspBangalore

Bangalore

2009-03-11T10:07:24Z

Rajivvishwa: /* Next Meeting */

{{Chapter Template|chaptername=Bangalore|extra=The chapter leader is [mailto:hpudipeddi@owasp.org Harinath Pudipeddi]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-bangalore|emailarchives=http://lists.owasp.org/pipermail/owasp-bangalore}}

<paypal>Bangalore</paypal>

=='''Next Meeting '''==

Date : NA

Time : NA

Venue : NA

Agenda: NA

== '''Meeting Venue and Dates'''==

{| class="wikitable"
! No
! Date
! Venue
! Time
|-
| 12
| 07 March 2009
| Yahoo, Embassy Golf Links Business Park
| 11.00 AM
|-
| 11
| 02 February 2009
| India Coffee House, MG Road
| 9.00 AM
|-
| 10
| 11 January 2009
| India Coffee House, MG Road
| 9.00 AM
|-
| 9
| 14 December 2008
| India Coffee House, MG Road
| 9.00 AM
|-
| 8
| 16 November 2008
| India Coffee House, MG Road
| 9.00 AM
|-
| 7
| 13 September 2008
| IIM Bangalore (Part of BarCamp Bangalore-7)
|
|-
| 6
| 09 August 2008
| Microland Office
| 3.00 PM
|-
| 5
| 12 July 2008
| RSA Office (Part of Secure Camp)
| 9.30 AM
|-
| 4
| 29 June 2008
| India Coffee House, MG Road
| 9.30AM
|-
| 3
| 28 June 2007
| (Part of Barcamp Bangalore-4)
|
|-
| 2
| 2006
|
|
|-
| 1
| 2006
|
|
|-
|}

[[Category:India]]

== '''Meeting Summary'''==

===07 Mar 2009===
'''Topic''': Hackers Secret 
'''Author''': Sharmishta Gupta 
'''Description''':
Headsup on OWASP top vulnerabilities and introduction to Webgoat application. 

===02 Feb 2009===
'''Attendees''': 13 Members 
'''Topic''': Cracking applications with OllyDbg debugger(Demo) 
'''Author''': RajivVishwa 
'''Description''':
Session on debugging standalone executables to pin point security holes which is otherwise exploited by crackers to patch the pro version to freeware. Couple of tiny applications which requires keys for activation are cracked during the session. 

===14 Dec 2008===
'''Topic''': Access Control Mechanisms 
'''Author''' : Sundar 
'''Description''':
Overview on different types of access control schemes and its usages. 
'''Comments''':
The main agenda for the meet has been a presentation on "Access Controls" by Sundar. It was informative and lead to a good discussion on the topic. The meet lasted for over an hour and has seen good acceptance by members who attended.

==Stay Tuned==
'''Subscribe to Mailing list''' - https://lists.owasp.org/mailman/listinfo/owasp-bangalore

'''Receive SMS Alerts''' - http://labs.google.co.in/smschannels/subscribe/OwaspBangalore

Bangalore

2009-03-11T10:06:09Z

Rajivvishwa: /* OWASP Bangalore Chapter Meetings */ format table

{{Chapter Template|chaptername=Bangalore|extra=The chapter leader is [mailto:hpudipeddi@owasp.org Harinath Pudipeddi]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-bangalore|emailarchives=http://lists.owasp.org/pipermail/owasp-bangalore}}

<paypal>Bangalore</paypal>

=='''Next Meeting '''==

Date : '''7 March 2009'''

Time : Available slot (Will announce on the mailing list))

Venue : BarCamp Bangalore 8, Yahoo India Center, Bangalore

Agenda: Introduction to OWASP for new members, Presentation by Sharmishtha Gupta

== '''Meeting Venue and Dates'''==

{| class="wikitable"
! No
! Date
! Venue
! Time
|-
| 12
| 07 March 2009
| Yahoo, Embassy Golf Links Business Park
| 11.00 AM
|-
| 11
| 02 February 2009
| India Coffee House, MG Road
| 9.00 AM
|-
| 10
| 11 January 2009
| India Coffee House, MG Road
| 9.00 AM
|-
| 9
| 14 December 2008
| India Coffee House, MG Road
| 9.00 AM
|-
| 8
| 16 November 2008
| India Coffee House, MG Road
| 9.00 AM
|-
| 7
| 13 September 2008
| IIM Bangalore (Part of BarCamp Bangalore-7)
|
|-
| 6
| 09 August 2008
| Microland Office
| 3.00 PM
|-
| 5
| 12 July 2008
| RSA Office (Part of Secure Camp)
| 9.30 AM
|-
| 4
| 29 June 2008
| India Coffee House, MG Road
| 9.30AM
|-
| 3
| 28 June 2007
| (Part of Barcamp Bangalore-4)
|
|-
| 2
| 2006
|
|
|-
| 1
| 2006
|
|
|-
|}

[[Category:India]]

== '''Meeting Summary'''==

===07 Mar 2009===
'''Topic''': Hackers Secret 
'''Author''': Sharmishta Gupta 
'''Description''':
Headsup on OWASP top vulnerabilities and introduction to Webgoat application. 

===02 Feb 2009===
'''Attendees''': 13 Members 
'''Topic''': Cracking applications with OllyDbg debugger(Demo) 
'''Author''': RajivVishwa 
'''Description''':
Session on debugging standalone executables to pin point security holes which is otherwise exploited by crackers to patch the pro version to freeware. Couple of tiny applications which requires keys for activation are cracked during the session. 

===14 Dec 2008===
'''Topic''': Access Control Mechanisms 
'''Author''' : Sundar 
'''Description''':
Overview on different types of access control schemes and its usages. 
'''Comments''':
The main agenda for the meet has been a presentation on "Access Controls" by Sundar. It was informative and lead to a good discussion on the topic. The meet lasted for over an hour and has seen good acceptance by members who attended.

==Stay Tuned==
'''Subscribe to Mailing list''' - https://lists.owasp.org/mailman/listinfo/owasp-bangalore

'''Receive SMS Alerts''' - http://labs.google.co.in/smschannels/subscribe/OwaspBangalore

Bangalore

2009-03-11T09:44:29Z

Rajivvishwa: Formatted the page and added meeting notes

{{Chapter Template|chaptername=Bangalore|extra=The chapter leader is [mailto:hpudipeddi@owasp.org Harinath Pudipeddi]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-bangalore|emailarchives=http://lists.owasp.org/pipermail/owasp-bangalore}}

<paypal>Bangalore</paypal>

=='''Next Meeting '''==

Date : '''7 March 2009'''

Time : Available slot (Will announce on the mailing list))

Venue : BarCamp Bangalore 8, Yahoo India Center, Bangalore

Agenda: Introduction to OWASP for new members, Presentation by Sharmishtha Gupta

== '''OWASP Bangalore Chapter Meetings '''==

1st Meeting - 2006

2nd Meeting - 2006

3rd Meeting - July 28/29, 2007 at BarCamp Bangalore 4

4th Meeting - 29 June 2008, India Coffee House @ 9:30 AM

5th Meeting - 12 July 2008, Security Camp, RSA Office, Bangalore @ 9:30 AM

7th Meeting - 09 August 2008, Microland Office @ 3:00 PM

8th Meeting - 13 September 2008, IIM Bangalore. This meeting will be part of BarCamp Bangalore 7. Please visit http://barcampbangalore.org for more information.

9th Meeting - 16 November 2008, India Coffee House @9 AM, MG Road, Bangalore - 01

10th Meeting - 14 December 2008, India Coffee House @9 AM, MG Road, Beside Deccan Herald Office, Bangalore - 01

11th Meeting - 11 January 2009, India Coffee House @9 AM, MG Road, Beside Deccan Herald Office, Bangalore - 01

12th Meeting - 02 February 2009, India Coffee House @9 AM, MG Road, Beside Deccan Herald Office, Bangalore - 01

[[Category:India]]

== '''Meeting Summary'''==

===07 Mar 2009===
'''Topic''': Hackers Secret 
'''Author''': Sharmishta Gupta 
'''Description''':
Headsup on OWASP top vulnerabilities and introduction to Webgoat application. 

===02 Feb 2009===
'''Attendees''': 13 Members 
'''Topic''': Cracking applications with OllyDbg debugger(Demo) 
'''Author''': RajivVishwa 
'''Description''':
Session on debugging standalone executables to pin point security holes which is otherwise exploited by crackers to patch the pro version to freeware. Couple of tiny applications which requires keys for activation are cracked during the session. 

===14 Dec 2008===
'''Topic''': Access Control Mechanisms 
'''Author''' : Sundar 
'''Description''':
Overview on different types of access control schemes and its usages. 
'''Comments''':
The main agenda for the meet has been a presentation on "Access Controls" by Sundar. It was informative and lead to a good discussion on the topic. The meet lasted for over an hour and has seen good acceptance by members who attended.

==Stay Tuned==
'''Subscribe to Mailing list''' - https://lists.owasp.org/mailman/listinfo/owasp-bangalore

'''Receive SMS Alerts''' - http://labs.google.co.in/smschannels/subscribe/OwaspBangalore