https://wiki.owasp.org/api.php?action=feedcontributions&feedformat=atom&user=TarekOWASP - User contributions [en]2026-04-30T10:36:41ZUser contributionsMediaWiki 1.27.2https://wiki.owasp.org/index.php?title=Dubai&diff=227338Dubai2017-03-14T05:40:41Z<p>Tarek: </p>
<hr />
<div>{{Chapter Template|chaptername=Dubai|extra=The chapter leaders are [mailto:amro@owasp.org Amro AlOlaqi] and [mailto:tarek@owasp.org Tarek Naja]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-dubai|emailarchives=http://lists.owasp.org/pipermail/owasp-dubai}} <br />
<br />
=== OWASP Middle East Partners with MISTI Europe ===<br />
----<br />
[[File:CISO_ME.png]]<br />
<br />
Returning to the [http://habtoor-grand-beach-resort-spa.hotels-in-dubai.org/en/ Habtoor Grand Resort], 27-29 March 2017, the 9th annual [http://www.cisomiddleeast.misti.com/?_ga=1.114765698.486057116.1487900262 CISO Middle East Conference & Roundtable] has new topics, revised sessions and world-class speakers that will leave you on the edge of your seat. With the agenda focusing on burning issues such as phishing attacks, how digital transformation is changing the threat landscape and security/privacy challenges of IoT, we are certain there is something for everyone. If you haven't secured your spot yet, now is the time!<br />
<br />
'''You can get a 20% off by using the follow code: OWASP17'''<br />
<br />
Book now, attend the conference, and you'll automatically be entered into the prize drawer to win one of three Amazon Echo Dots! (Please note, delegates can only win once, and you must be present on the day to win).<br>Now while we know you don't have the voice service that powers Echo, Alexa, to assist you quite yet in planning your time at the event, you can still download a copy of the [http://training.misti.com/acton/form/10465/004e:d-0001/0/-/-/-/-/index.htminteractive event brochure here]. <br />
<br>If you have any inquiries regarding the event or would like to register, please get in touch with [mailto:cclarke@misti.com Chris Clarke] directly.<br />
<br />
== Local News ==<br />
<br />
'''OWASP Moves to MediaWiki Portal - 11:15, 20 May 2006 (EDT)'''<br />
<br />
== Past Events ==<br />
'''7th of Feb 2017 at 12:30pm'''<br />
Abu Dhabi Cyber Resilience & InfoSeC <br />
<br />
Topics:<br />
; Cracking Passwords for Security's Sake <br />
: Speaker: [http://ae.linkedin.com/in/tareknaja Tarek Naja]<br />
: Bio: Tarek is the OWASP UAE chapter leader. He currently the head of information security at a major middle east organization.<br />
----<br />
<br />
'''27th of August 2014 at 6:30pm'''<br />
Nakheel Sales Office [https://maps.google.com/maps?q=Nakheel+Sales+Center+-+Al+Sufouh+-+Dubai+-+United+Arab+Emirates&hl=en&ll=25.104759,55.156517&spn=0.038589,0.066047&sll=31.128199,-72.773437&sspn=71.247495,135.263672&oq=Nakheel&dirflg=r&ttype=now&noexp=0&noal=0&sort=def&hq=Nakheel+Sales+Center+-&hnear=Al+Sufouh+-+Dubai+-+United+Arab+Emirates&t=m&z=15 MAP]<br />
Al Sufouh Road,<br />
Jumeirah - Dubai<br />
United Arab Emirates<br />
<br />
Topics:<br />
; OWASP Top 10 A2 - Broken Authentication and session management <br />
: Speaker: [http://ae.linkedin.com/in/tareknaja Tarek Naja]<br />
: Bio: Tarek is the OWASP UAE chapter leader. He is a seasoned security consultant who focuses on penetration testing.<br />
<br />
; OWASP Top 10 A3 - Cross site scripting (XSS)<br />
: Speaker: [http://ae.linkedin.com/in/mhendrickx Michael Hendrickx]<br />
: Bio: Michael is an experienced IT security professional with strong, deep technical knowledge on wide variety of applications. <br />
<br />
----<br />
'''28th of May, 2014. 6:30pm'''<br />
Nakheel Sales Office [https://maps.google.com/maps?q=Nakheel+Sales+Center+-+Al+Sufouh+-+Dubai+-+United+Arab+Emirates&hl=en&ll=25.104759,55.156517&spn=0.038589,0.066047&sll=31.128199,-72.773437&sspn=71.247495,135.263672&oq=Nakheel&dirflg=r&ttype=now&noexp=0&noal=0&sort=def&hq=Nakheel+Sales+Center+-&hnear=Al+Sufouh+-+Dubai+-+United+Arab+Emirates&t=m&z=15 MAP]<br />
Al Sufouh Road,<br />
Jumeirah - Dubai<br />
United Arab Emirates<br />
<br />
We're honored to have our guest speak [http://ae.linkedin.com/pub/ammar-almarzooqi/30/b11/b86 Ammar Almarzooqi] - Chief Information Security Officer at Abu Dhabi Department of Economic Development.<br />
<br />
Ammar will be talking about seamless implementation of security controls. If you're dealing with some elements that are inherently secure, such as an application that cannot be modified, how would you be able to secure your environment? Ammar will be addressing this question and discussing a real case scenario from his organization.<br />
<br />
<br /><br />
Our other presenter is [http://ae.linkedin.com/in/tareknaja Tarek Naja] - Senior Security Consultant. <br />
Tarek will be answering questions about the vulnerability you all heard about recently: Heart Bleed. Tarek specializes in penetration testing, mainly web application and mobile application penetration testing.<br />
<br />
----<br />
'''19th of Feb 2014 at 8pm'''<br />
Cafe Rider [http://cafe-rider.com/styled-4/index.html MAP]<br />
Close to Mall of the Emirates<br />
Al Quoz Industrial - Dubai<br />
United Arab Emirates<br />
<br />
Topics:<br />
; Managing Web & Application Security with OWASP – bringing it all together<br />
: Setting up, managing and improving your global information security organisation using mature OWASP projects and tools. Achieving cost-effective application security and bringing it all together on the management level. A journey through different organisational stages and how OWASP tools help organisations moving forward improving their web and application security. This talk will discuss a number of quick wins and how to effectively manage global security initiatives and use OWASP tools inside your organisation<br />
<br />
; Application Security for managers: OWASP CISO Guide and CISO Survey<br />
: The OWASP CISO guide and CISO report 2013. This talk will present two new OWASP projects, the CISO guide and the newly released results of the OWASP CISO Survey report 2013. Their main goal is to provide guidance on application and web security for senior managers and to introduce Chief Information Security Officers (CISO) to the OWASP Application Security Guide and the results of the CISO Survey. Over the last years, we noticed that application security risks and threats have been on the rise and OWASP has started the CISO survey project to gather intelligence and provide it to CISOs and senior managers in order to improve their security strategies, assess their priorities and learn from their peers about what works best protecting web and application security in organizations across various industries.<br />
<br />
Speaker: [http://hk.linkedin.com/in/gondrom Tobias Gondrom]<br />
<br />
Tobias Gondrom is a global board member of OWASP (Open Web Application Security Project) and CEO at Thames Stanley, a boutique Global CISO and Information Security & Risk Management Advisory based in Hong Kong, United Kingdom and Germany.<br />
<br />
----<br />
'''14th of Dec 2013 at 6-8pm.'''<br />
<br />
MAKE Business Hub [https://maps.google.com/maps?ie=UTF8&q=MAKE+Business+Hub+Cafe&fb=1&hq=make+business+hub&cid=1882949530944650280&hnear=&ll=25.079127,55.136797&spn=0.011816,0.021136&t=m&z=16&vpsrc=0&iwloc=A MAP]<br />
Al Fattan Tower - Dubai<br />
United Arab Emirates<br />
+971 4 392 9216<br />
Speaker: Peter Dowley <br />
Topic: Security Architecture for Applications, titled "What's the difference between a security bug and a security flaw?"<br />
<br />
Speaker bio : Peter has been working in computer security for over 10 years, after<br />
another decade in other areas of IT - System & infrastructure architecture,<br />
Windows desktop & server design & management, database modelling & design,<br />
programming. He has strong expertise in security architecture (especially<br />
for banking systems) and how this relates to risk and fraud management. He<br />
is a senior security consultant with Hewlett-Packard (HP) in Dubai and has<br />
been based in the Gulf region for 5 years.<br />
<br />
'''Download the presentation:''' [https://www.owasp.org/index.php/File:Security_Bugs_vs_Flaws.pptx "What's the difference between a security bug and a security flaw"]<br />
<br />
----<br />
'''Casual OWASP meetup'''<br />
This will be our first meeting in a while. It will be an opportunity to get introduced to the other members of the OWASP UAE Chapter and discuss the type of events you'd like to see in the future.<br />
<br />
This will be a casual meeting at a Caribou Coffee at DIFC<br />
<br />
http://www.mealadvisors.com/uae/dubai/restaurant/map/branch_id/1294<br />
<br />
Gathering agenda will be:<br />
<br />
Meeting on Saturday the 9th of November 2013 at 6pm.<br />
Introductions<br />
Intro to OWASP<br />
Open discussion about Dubai chapter<br />
Networking<br />
Conclude at 8pm<br />
<br />
----<br />
<br />
'''IDC's IT Security Roadshow 2013 - Dubai '''<br />
<br />
Date and Time : Wednesday, April 3, 2013<br />
Venue: Mina A' Salam Hotel (Madinat Jumeirah)<br />
Web Application Security "Think like a hacker"<br />
Speaker: Amro Alolaqi<br />
<br />
Reference: http://idc-cema.com/eng/events/50679-idc-s-it-security-roadshow-2013/11-speakers <br />
<br />
----<br />
<br />
'''Cyber Security Summit 2012- DUBAI'''<br />
<br />
Date and Time : 2nd & 3rd of October 2012 - 9:00 AM to 4:00 PM<br />
Venue: Grand Hayat - Dubai <br />
Web Application Critical Vulnerabilities (OWASP top ten)<br />
Speaker: Amro AlOlaqi<br />
<br />
http://we-initiative.com/wp-content/uploads/2012/07/Cyber-Security-UAE-2012-EM12.pdf <br />
----<br />
<br />
'''ISACA UAE - ISAFE conference 2011 - Dubai'''<br />
<br />
Date and Time : 18th - 9:00 AM to 4:00 PM<br />
Venue: The Address Hotel - Dubai Mall<br />
Web Application Critical Vulnerabilities and Threat Modeling <br />
Speaker: Amro AlOlaqi<br />
<br />
http://www.isacauae.org/isafe2011/doc/isafe2011brochure.pdf<br />
<br />
https://plus.google.com/photos/117947441088827793360/albums/5712379217298867441?banner=pwa <br />
<br />
<br />
----<br />
<br />
'''IT For Government 2011- DUBAI'''<br />
<br />
''Location:&nbsp;Dusit Thani Hotel - 133, Sheikh Zayed Road <br>'' <br />
<br />
''Date: 4/Oct/2011'' <br />
<br />
''Registration 8:00 AM'' <br />
<br />
''NAUGURAL KEYNOTE PRESENTATION BY His Excellency Salem Khamis Al Shair Al Suwaidi Emirates e-Government Director General''<br />
<br />
OWASP's session: 11:20 PM <br />
Speaker: Amro AlOlaqi <br />
Subject: The Ten Web Application Critical Risks <br />
<br />
For more information about the event, please visit http://www.fleminggulf.com/cms/uploads/conference/downloads/Postshow_report_DBTC15.pdf <br />
<br />
[[Category:United Arab Emirates]]</div>Tarekhttps://wiki.owasp.org/index.php?title=Dubai&diff=227284Dubai2017-03-12T10:22:13Z<p>Tarek: </p>
<hr />
<div>{{Chapter Template|chaptername=Dubai|extra=The chapter leaders are [mailto:amro@owasp.org Amro AlOlaqi] and [mailto:tarek@owasp.org Tarek Naja]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-dubai|emailarchives=http://lists.owasp.org/pipermail/owasp-dubai}} <br />
<br />
=== OWASP Middle East Partners with MISTI Europe ===<br />
----<br />
[[File:CISO_ME.png]]<br />
<br />
Returning to the [http://habtoor-grand-beach-resort-spa.hotels-in-dubai.org/en/ Habtoor Grand Resort], 27-29 March 2017, the 9th annual [http://www.cisomiddleeast.misti.com/?_ga=1.114765698.486057116.1487900262 CISO Middle East Conference & Roundtable] has new topics, revised sessions and world-class speakers that will leave you on the edge of your seat. With the agenda focusing on burning issues such as phishing attacks, how digital transformation is changing the threat landscape and security/privacy challenges of IoT, we are certain there is something for everyone. If you haven't secured your spot yet, now is the time!<br />
<br />
Book now, attend the conference, and you'll automatically be entered into the prize drawer to win one of three Amazon Echo Dots! (Please note, delegates can only win once, and you must be present on the day to win).<br />
<br><br />
<br />
Now while we know you don't have the voice service that powers Echo, Alexa, to assist you quite yet in planning your time at the event, you can still download a copy of the [http://training.misti.com/acton/form/10465/004e:d-0001/0/-/-/-/-/index.htminteractive event brochure here]. <br />
<br><br />
<br />
If you have any inquiries regarding the event or would like to register, please get in touch with [mailto:cclarke@misti.com Chris Clarke] directly.<br />
<br />
== Local News ==<br />
<br />
'''OWASP Moves to MediaWiki Portal - 11:15, 20 May 2006 (EDT)'''<br />
<br />
== Past Events ==<br />
'''7th of Feb 2017 at 12:30pm'''<br />
Abu Dhabi Cyber Resilience & InfoSeC <br />
<br />
Topics:<br />
; Cracking Passwords for Security's Sake <br />
: Speaker: [http://ae.linkedin.com/in/tareknaja Tarek Naja]<br />
: Bio: Tarek is the OWASP UAE chapter leader. He currently the head of information security at a major middle east organization.<br />
----<br />
<br />
'''27th of August 2014 at 6:30pm'''<br />
Nakheel Sales Office [https://maps.google.com/maps?q=Nakheel+Sales+Center+-+Al+Sufouh+-+Dubai+-+United+Arab+Emirates&hl=en&ll=25.104759,55.156517&spn=0.038589,0.066047&sll=31.128199,-72.773437&sspn=71.247495,135.263672&oq=Nakheel&dirflg=r&ttype=now&noexp=0&noal=0&sort=def&hq=Nakheel+Sales+Center+-&hnear=Al+Sufouh+-+Dubai+-+United+Arab+Emirates&t=m&z=15 MAP]<br />
Al Sufouh Road,<br />
Jumeirah - Dubai<br />
United Arab Emirates<br />
<br />
Topics:<br />
; OWASP Top 10 A2 - Broken Authentication and session management <br />
: Speaker: [http://ae.linkedin.com/in/tareknaja Tarek Naja]<br />
: Bio: Tarek is the OWASP UAE chapter leader. He is a seasoned security consultant who focuses on penetration testing.<br />
<br />
; OWASP Top 10 A3 - Cross site scripting (XSS)<br />
: Speaker: [http://ae.linkedin.com/in/mhendrickx Michael Hendrickx]<br />
: Bio: Michael is an experienced IT security professional with strong, deep technical knowledge on wide variety of applications. <br />
<br />
----<br />
'''28th of May, 2014. 6:30pm'''<br />
Nakheel Sales Office [https://maps.google.com/maps?q=Nakheel+Sales+Center+-+Al+Sufouh+-+Dubai+-+United+Arab+Emirates&hl=en&ll=25.104759,55.156517&spn=0.038589,0.066047&sll=31.128199,-72.773437&sspn=71.247495,135.263672&oq=Nakheel&dirflg=r&ttype=now&noexp=0&noal=0&sort=def&hq=Nakheel+Sales+Center+-&hnear=Al+Sufouh+-+Dubai+-+United+Arab+Emirates&t=m&z=15 MAP]<br />
Al Sufouh Road,<br />
Jumeirah - Dubai<br />
United Arab Emirates<br />
<br />
We're honored to have our guest speak [http://ae.linkedin.com/pub/ammar-almarzooqi/30/b11/b86 Ammar Almarzooqi] - Chief Information Security Officer at Abu Dhabi Department of Economic Development.<br />
<br />
Ammar will be talking about seamless implementation of security controls. If you're dealing with some elements that are inherently secure, such as an application that cannot be modified, how would you be able to secure your environment? Ammar will be addressing this question and discussing a real case scenario from his organization.<br />
<br />
<br /><br />
Our other presenter is [http://ae.linkedin.com/in/tareknaja Tarek Naja] - Senior Security Consultant. <br />
Tarek will be answering questions about the vulnerability you all heard about recently: Heart Bleed. Tarek specializes in penetration testing, mainly web application and mobile application penetration testing.<br />
<br />
----<br />
'''19th of Feb 2014 at 8pm'''<br />
Cafe Rider [http://cafe-rider.com/styled-4/index.html MAP]<br />
Close to Mall of the Emirates<br />
Al Quoz Industrial - Dubai<br />
United Arab Emirates<br />
<br />
Topics:<br />
; Managing Web & Application Security with OWASP – bringing it all together<br />
: Setting up, managing and improving your global information security organisation using mature OWASP projects and tools. Achieving cost-effective application security and bringing it all together on the management level. A journey through different organisational stages and how OWASP tools help organisations moving forward improving their web and application security. This talk will discuss a number of quick wins and how to effectively manage global security initiatives and use OWASP tools inside your organisation<br />
<br />
; Application Security for managers: OWASP CISO Guide and CISO Survey<br />
: The OWASP CISO guide and CISO report 2013. This talk will present two new OWASP projects, the CISO guide and the newly released results of the OWASP CISO Survey report 2013. Their main goal is to provide guidance on application and web security for senior managers and to introduce Chief Information Security Officers (CISO) to the OWASP Application Security Guide and the results of the CISO Survey. Over the last years, we noticed that application security risks and threats have been on the rise and OWASP has started the CISO survey project to gather intelligence and provide it to CISOs and senior managers in order to improve their security strategies, assess their priorities and learn from their peers about what works best protecting web and application security in organizations across various industries.<br />
<br />
Speaker: [http://hk.linkedin.com/in/gondrom Tobias Gondrom]<br />
<br />
Tobias Gondrom is a global board member of OWASP (Open Web Application Security Project) and CEO at Thames Stanley, a boutique Global CISO and Information Security & Risk Management Advisory based in Hong Kong, United Kingdom and Germany.<br />
<br />
----<br />
'''14th of Dec 2013 at 6-8pm.'''<br />
<br />
MAKE Business Hub [https://maps.google.com/maps?ie=UTF8&q=MAKE+Business+Hub+Cafe&fb=1&hq=make+business+hub&cid=1882949530944650280&hnear=&ll=25.079127,55.136797&spn=0.011816,0.021136&t=m&z=16&vpsrc=0&iwloc=A MAP]<br />
Al Fattan Tower - Dubai<br />
United Arab Emirates<br />
+971 4 392 9216<br />
Speaker: Peter Dowley <br />
Topic: Security Architecture for Applications, titled "What's the difference between a security bug and a security flaw?"<br />
<br />
Speaker bio : Peter has been working in computer security for over 10 years, after<br />
another decade in other areas of IT - System & infrastructure architecture,<br />
Windows desktop & server design & management, database modelling & design,<br />
programming. He has strong expertise in security architecture (especially<br />
for banking systems) and how this relates to risk and fraud management. He<br />
is a senior security consultant with Hewlett-Packard (HP) in Dubai and has<br />
been based in the Gulf region for 5 years.<br />
<br />
'''Download the presentation:''' [https://www.owasp.org/index.php/File:Security_Bugs_vs_Flaws.pptx "What's the difference between a security bug and a security flaw"]<br />
<br />
----<br />
'''Casual OWASP meetup'''<br />
This will be our first meeting in a while. It will be an opportunity to get introduced to the other members of the OWASP UAE Chapter and discuss the type of events you'd like to see in the future.<br />
<br />
This will be a casual meeting at a Caribou Coffee at DIFC<br />
<br />
http://www.mealadvisors.com/uae/dubai/restaurant/map/branch_id/1294<br />
<br />
Gathering agenda will be:<br />
<br />
Meeting on Saturday the 9th of November 2013 at 6pm.<br />
Introductions<br />
Intro to OWASP<br />
Open discussion about Dubai chapter<br />
Networking<br />
Conclude at 8pm<br />
<br />
----<br />
<br />
'''IDC's IT Security Roadshow 2013 - Dubai '''<br />
<br />
Date and Time : Wednesday, April 3, 2013<br />
Venue: Mina A' Salam Hotel (Madinat Jumeirah)<br />
Web Application Security "Think like a hacker"<br />
Speaker: Amro Alolaqi<br />
<br />
Reference: http://idc-cema.com/eng/events/50679-idc-s-it-security-roadshow-2013/11-speakers <br />
<br />
----<br />
<br />
'''Cyber Security Summit 2012- DUBAI'''<br />
<br />
Date and Time : 2nd & 3rd of October 2012 - 9:00 AM to 4:00 PM<br />
Venue: Grand Hayat - Dubai <br />
Web Application Critical Vulnerabilities (OWASP top ten)<br />
Speaker: Amro AlOlaqi<br />
<br />
http://we-initiative.com/wp-content/uploads/2012/07/Cyber-Security-UAE-2012-EM12.pdf <br />
----<br />
<br />
'''ISACA UAE - ISAFE conference 2011 - Dubai'''<br />
<br />
Date and Time : 18th - 9:00 AM to 4:00 PM<br />
Venue: The Address Hotel - Dubai Mall<br />
Web Application Critical Vulnerabilities and Threat Modeling <br />
Speaker: Amro AlOlaqi<br />
<br />
http://www.isacauae.org/isafe2011/doc/isafe2011brochure.pdf<br />
<br />
https://plus.google.com/photos/117947441088827793360/albums/5712379217298867441?banner=pwa <br />
<br />
<br />
----<br />
<br />
'''IT For Government 2011- DUBAI'''<br />
<br />
''Location:&nbsp;Dusit Thani Hotel - 133, Sheikh Zayed Road <br>'' <br />
<br />
''Date: 4/Oct/2011'' <br />
<br />
''Registration 8:00 AM'' <br />
<br />
''NAUGURAL KEYNOTE PRESENTATION BY His Excellency Salem Khamis Al Shair Al Suwaidi Emirates e-Government Director General''<br />
<br />
OWASP's session: 11:20 PM <br />
Speaker: Amro AlOlaqi <br />
Subject: The Ten Web Application Critical Risks <br />
<br />
For more information about the event, please visit http://www.fleminggulf.com/cms/uploads/conference/downloads/Postshow_report_DBTC15.pdf <br />
<br />
[[Category:United Arab Emirates]]</div>Tarekhttps://wiki.owasp.org/index.php?title=Dubai&diff=227283Dubai2017-03-12T10:19:18Z<p>Tarek: </p>
<hr />
<div>{{Chapter Template|chaptername=Dubai|extra=The chapter leaders are [mailto:amro@owasp.org Amro AlOlaqi] and [mailto:tarek@owasp.org Tarek Naja]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-dubai|emailarchives=http://lists.owasp.org/pipermail/owasp-dubai}} <br />
<br />
=== OWASP Middle East Partners with MISTI Europe ===<br />
----<br />
'''<code><nowiki>[[File:CISO_ME.png]]</nowiki></code>'''<br />
<br />
Returning to the [http://habtoor-grand-beach-resort-spa.hotels-in-dubai.org/en/ Habtoor Grand Resort], 27-29 March 2017, the 9th annual [http://www.cisomiddleeast.misti.com/?_ga=1.114765698.486057116.1487900262 CISO Middle East Conference & Roundtable] has new topics, revised sessions and world-class speakers that will leave you on the edge of your seat. With the agenda focusing on burning issues such as phishing attacks, how digital transformation is changing the threat landscape and security/privacy challenges of IoT, we are certain there is something for everyone. If you haven't secured your spot yet, now is the time!<br />
<br />
Book now, attend the conference, and you'll automatically be entered into the prize drawer to win one of three Amazon Echo Dots! (Please note, delegates can only win once, and you must be present on the day to win).<br />
<br><br />
<br />
Now while we know you don't have the voice service that powers Echo, Alexa, to assist you quite yet in planning your time at the event, you can still download a copy of the [http://training.misti.com/acton/form/10465/004e:d-0001/0/-/-/-/-/index.htminteractive event brochure here]. <br />
<br><br />
<br />
If you have any inquiries regarding the event or would like to register, please get in touch with [mailto:cclarke@misti.com Chris Clarke] directly.<br />
<br />
== Local News ==<br />
<br />
'''OWASP Moves to MediaWiki Portal - 11:15, 20 May 2006 (EDT)'''<br />
<br />
== Past Events ==<br />
'''7th of Feb 2017 at 12:30pm'''<br />
Abu Dhabi Cyber Resilience & InfoSeC <br />
<br />
Topics:<br />
; Cracking Passwords for Security's Sake <br />
: Speaker: [http://ae.linkedin.com/in/tareknaja Tarek Naja]<br />
: Bio: Tarek is the OWASP UAE chapter leader. He currently the head of information security at a major middle east organization.<br />
----<br />
<br />
'''27th of August 2014 at 6:30pm'''<br />
Nakheel Sales Office [https://maps.google.com/maps?q=Nakheel+Sales+Center+-+Al+Sufouh+-+Dubai+-+United+Arab+Emirates&hl=en&ll=25.104759,55.156517&spn=0.038589,0.066047&sll=31.128199,-72.773437&sspn=71.247495,135.263672&oq=Nakheel&dirflg=r&ttype=now&noexp=0&noal=0&sort=def&hq=Nakheel+Sales+Center+-&hnear=Al+Sufouh+-+Dubai+-+United+Arab+Emirates&t=m&z=15 MAP]<br />
Al Sufouh Road,<br />
Jumeirah - Dubai<br />
United Arab Emirates<br />
<br />
Topics:<br />
; OWASP Top 10 A2 - Broken Authentication and session management <br />
: Speaker: [http://ae.linkedin.com/in/tareknaja Tarek Naja]<br />
: Bio: Tarek is the OWASP UAE chapter leader. He is a seasoned security consultant who focuses on penetration testing.<br />
<br />
; OWASP Top 10 A3 - Cross site scripting (XSS)<br />
: Speaker: [http://ae.linkedin.com/in/mhendrickx Michael Hendrickx]<br />
: Bio: Michael is an experienced IT security professional with strong, deep technical knowledge on wide variety of applications. <br />
<br />
----<br />
'''28th of May, 2014. 6:30pm'''<br />
Nakheel Sales Office [https://maps.google.com/maps?q=Nakheel+Sales+Center+-+Al+Sufouh+-+Dubai+-+United+Arab+Emirates&hl=en&ll=25.104759,55.156517&spn=0.038589,0.066047&sll=31.128199,-72.773437&sspn=71.247495,135.263672&oq=Nakheel&dirflg=r&ttype=now&noexp=0&noal=0&sort=def&hq=Nakheel+Sales+Center+-&hnear=Al+Sufouh+-+Dubai+-+United+Arab+Emirates&t=m&z=15 MAP]<br />
Al Sufouh Road,<br />
Jumeirah - Dubai<br />
United Arab Emirates<br />
<br />
We're honored to have our guest speak [http://ae.linkedin.com/pub/ammar-almarzooqi/30/b11/b86 Ammar Almarzooqi] - Chief Information Security Officer at Abu Dhabi Department of Economic Development.<br />
<br />
Ammar will be talking about seamless implementation of security controls. If you're dealing with some elements that are inherently secure, such as an application that cannot be modified, how would you be able to secure your environment? Ammar will be addressing this question and discussing a real case scenario from his organization.<br />
<br />
<br /><br />
Our other presenter is [http://ae.linkedin.com/in/tareknaja Tarek Naja] - Senior Security Consultant. <br />
Tarek will be answering questions about the vulnerability you all heard about recently: Heart Bleed. Tarek specializes in penetration testing, mainly web application and mobile application penetration testing.<br />
<br />
----<br />
'''19th of Feb 2014 at 8pm'''<br />
Cafe Rider [http://cafe-rider.com/styled-4/index.html MAP]<br />
Close to Mall of the Emirates<br />
Al Quoz Industrial - Dubai<br />
United Arab Emirates<br />
<br />
Topics:<br />
; Managing Web & Application Security with OWASP – bringing it all together<br />
: Setting up, managing and improving your global information security organisation using mature OWASP projects and tools. Achieving cost-effective application security and bringing it all together on the management level. A journey through different organisational stages and how OWASP tools help organisations moving forward improving their web and application security. This talk will discuss a number of quick wins and how to effectively manage global security initiatives and use OWASP tools inside your organisation<br />
<br />
; Application Security for managers: OWASP CISO Guide and CISO Survey<br />
: The OWASP CISO guide and CISO report 2013. This talk will present two new OWASP projects, the CISO guide and the newly released results of the OWASP CISO Survey report 2013. Their main goal is to provide guidance on application and web security for senior managers and to introduce Chief Information Security Officers (CISO) to the OWASP Application Security Guide and the results of the CISO Survey. Over the last years, we noticed that application security risks and threats have been on the rise and OWASP has started the CISO survey project to gather intelligence and provide it to CISOs and senior managers in order to improve their security strategies, assess their priorities and learn from their peers about what works best protecting web and application security in organizations across various industries.<br />
<br />
Speaker: [http://hk.linkedin.com/in/gondrom Tobias Gondrom]<br />
<br />
Tobias Gondrom is a global board member of OWASP (Open Web Application Security Project) and CEO at Thames Stanley, a boutique Global CISO and Information Security & Risk Management Advisory based in Hong Kong, United Kingdom and Germany.<br />
<br />
----<br />
'''14th of Dec 2013 at 6-8pm.'''<br />
<br />
MAKE Business Hub [https://maps.google.com/maps?ie=UTF8&q=MAKE+Business+Hub+Cafe&fb=1&hq=make+business+hub&cid=1882949530944650280&hnear=&ll=25.079127,55.136797&spn=0.011816,0.021136&t=m&z=16&vpsrc=0&iwloc=A MAP]<br />
Al Fattan Tower - Dubai<br />
United Arab Emirates<br />
+971 4 392 9216<br />
Speaker: Peter Dowley <br />
Topic: Security Architecture for Applications, titled "What's the difference between a security bug and a security flaw?"<br />
<br />
Speaker bio : Peter has been working in computer security for over 10 years, after<br />
another decade in other areas of IT - System & infrastructure architecture,<br />
Windows desktop & server design & management, database modelling & design,<br />
programming. He has strong expertise in security architecture (especially<br />
for banking systems) and how this relates to risk and fraud management. He<br />
is a senior security consultant with Hewlett-Packard (HP) in Dubai and has<br />
been based in the Gulf region for 5 years.<br />
<br />
'''Download the presentation:''' [https://www.owasp.org/index.php/File:Security_Bugs_vs_Flaws.pptx "What's the difference between a security bug and a security flaw"]<br />
<br />
----<br />
'''Casual OWASP meetup'''<br />
This will be our first meeting in a while. It will be an opportunity to get introduced to the other members of the OWASP UAE Chapter and discuss the type of events you'd like to see in the future.<br />
<br />
This will be a casual meeting at a Caribou Coffee at DIFC<br />
<br />
http://www.mealadvisors.com/uae/dubai/restaurant/map/branch_id/1294<br />
<br />
Gathering agenda will be:<br />
<br />
Meeting on Saturday the 9th of November 2013 at 6pm.<br />
Introductions<br />
Intro to OWASP<br />
Open discussion about Dubai chapter<br />
Networking<br />
Conclude at 8pm<br />
<br />
----<br />
<br />
'''IDC's IT Security Roadshow 2013 - Dubai '''<br />
<br />
Date and Time : Wednesday, April 3, 2013<br />
Venue: Mina A' Salam Hotel (Madinat Jumeirah)<br />
Web Application Security "Think like a hacker"<br />
Speaker: Amro Alolaqi<br />
<br />
Reference: http://idc-cema.com/eng/events/50679-idc-s-it-security-roadshow-2013/11-speakers <br />
<br />
----<br />
<br />
'''Cyber Security Summit 2012- DUBAI'''<br />
<br />
Date and Time : 2nd & 3rd of October 2012 - 9:00 AM to 4:00 PM<br />
Venue: Grand Hayat - Dubai <br />
Web Application Critical Vulnerabilities (OWASP top ten)<br />
Speaker: Amro AlOlaqi<br />
<br />
http://we-initiative.com/wp-content/uploads/2012/07/Cyber-Security-UAE-2012-EM12.pdf <br />
----<br />
<br />
'''ISACA UAE - ISAFE conference 2011 - Dubai'''<br />
<br />
Date and Time : 18th - 9:00 AM to 4:00 PM<br />
Venue: The Address Hotel - Dubai Mall<br />
Web Application Critical Vulnerabilities and Threat Modeling <br />
Speaker: Amro AlOlaqi<br />
<br />
http://www.isacauae.org/isafe2011/doc/isafe2011brochure.pdf<br />
<br />
https://plus.google.com/photos/117947441088827793360/albums/5712379217298867441?banner=pwa <br />
<br />
<br />
----<br />
<br />
'''IT For Government 2011- DUBAI'''<br />
<br />
''Location:&nbsp;Dusit Thani Hotel - 133, Sheikh Zayed Road <br>'' <br />
<br />
''Date: 4/Oct/2011'' <br />
<br />
''Registration 8:00 AM'' <br />
<br />
''NAUGURAL KEYNOTE PRESENTATION BY His Excellency Salem Khamis Al Shair Al Suwaidi Emirates e-Government Director General''<br />
<br />
OWASP's session: 11:20 PM <br />
Speaker: Amro AlOlaqi <br />
Subject: The Ten Web Application Critical Risks <br />
<br />
For more information about the event, please visit http://www.fleminggulf.com/cms/uploads/conference/downloads/Postshow_report_DBTC15.pdf <br />
<br />
[[Category:United Arab Emirates]]</div>Tarekhttps://wiki.owasp.org/index.php?title=Dubai&diff=227282Dubai2017-03-12T10:17:53Z<p>Tarek: </p>
<hr />
<div>{{Chapter Template|chaptername=Dubai|extra=The chapter leaders are [mailto:amro@owasp.org Amro AlOlaqi] and [mailto:tarek@owasp.org Tarek Naja]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-dubai|emailarchives=http://lists.owasp.org/pipermail/owasp-dubai}} <br />
<br />
=== OWASP Middle East Partners with MISTI Europe ===<br />
----<br />
'''<code>[http://www.cisomiddleeast.misti.com/ <nowiki>[[File:CISO_ME.png]]</nowiki>]</code>'''<br />
<br />
Returning to the [http://habtoor-grand-beach-resort-spa.hotels-in-dubai.org/en/ Habtoor Grand Resort], 27-29 March 2017, the 9th annual [http://www.cisomiddleeast.misti.com/?_ga=1.114765698.486057116.1487900262 CISO Middle East Conference & Roundtable] has new topics, revised sessions and world-class speakers that will leave you on the edge of your seat. With the agenda focusing on burning issues such as phishing attacks, how digital transformation is changing the threat landscape and security/privacy challenges of IoT, we are certain there is something for everyone. If you haven't secured your spot yet, now is the time!<br />
<br />
Book now, attend the conference, and you'll automatically be entered into the prize drawer to win one of three Amazon Echo Dots! (Please note, delegates can only win once, and you must be present on the day to win).<br />
<br><br />
<br />
Now while we know you don't have the voice service that powers Echo, Alexa, to assist you quite yet in planning your time at the event, you can still download a copy of the [http://training.misti.com/acton/form/10465/004e:d-0001/0/-/-/-/-/index.htminteractive event brochure here]. <br />
<br><br />
<br />
If you have any inquiries regarding the event or would like to register, please get in touch with [mailto:cclarke@misti.com Chris Clarke] directly.<br />
<br />
== Local News ==<br />
<br />
'''OWASP Moves to MediaWiki Portal - 11:15, 20 May 2006 (EDT)'''<br />
<br />
== Past Events ==<br />
'''7th of Feb 2017 at 12:30pm'''<br />
Abu Dhabi Cyber Resilience & InfoSeC <br />
<br />
Topics:<br />
; Cracking Passwords for Security's Sake <br />
: Speaker: [http://ae.linkedin.com/in/tareknaja Tarek Naja]<br />
: Bio: Tarek is the OWASP UAE chapter leader. He currently the head of information security at a major middle east organization.<br />
----<br />
<br />
'''27th of August 2014 at 6:30pm'''<br />
Nakheel Sales Office [https://maps.google.com/maps?q=Nakheel+Sales+Center+-+Al+Sufouh+-+Dubai+-+United+Arab+Emirates&hl=en&ll=25.104759,55.156517&spn=0.038589,0.066047&sll=31.128199,-72.773437&sspn=71.247495,135.263672&oq=Nakheel&dirflg=r&ttype=now&noexp=0&noal=0&sort=def&hq=Nakheel+Sales+Center+-&hnear=Al+Sufouh+-+Dubai+-+United+Arab+Emirates&t=m&z=15 MAP]<br />
Al Sufouh Road,<br />
Jumeirah - Dubai<br />
United Arab Emirates<br />
<br />
Topics:<br />
; OWASP Top 10 A2 - Broken Authentication and session management <br />
: Speaker: [http://ae.linkedin.com/in/tareknaja Tarek Naja]<br />
: Bio: Tarek is the OWASP UAE chapter leader. He is a seasoned security consultant who focuses on penetration testing.<br />
<br />
; OWASP Top 10 A3 - Cross site scripting (XSS)<br />
: Speaker: [http://ae.linkedin.com/in/mhendrickx Michael Hendrickx]<br />
: Bio: Michael is an experienced IT security professional with strong, deep technical knowledge on wide variety of applications. <br />
<br />
----<br />
'''28th of May, 2014. 6:30pm'''<br />
Nakheel Sales Office [https://maps.google.com/maps?q=Nakheel+Sales+Center+-+Al+Sufouh+-+Dubai+-+United+Arab+Emirates&hl=en&ll=25.104759,55.156517&spn=0.038589,0.066047&sll=31.128199,-72.773437&sspn=71.247495,135.263672&oq=Nakheel&dirflg=r&ttype=now&noexp=0&noal=0&sort=def&hq=Nakheel+Sales+Center+-&hnear=Al+Sufouh+-+Dubai+-+United+Arab+Emirates&t=m&z=15 MAP]<br />
Al Sufouh Road,<br />
Jumeirah - Dubai<br />
United Arab Emirates<br />
<br />
We're honored to have our guest speak [http://ae.linkedin.com/pub/ammar-almarzooqi/30/b11/b86 Ammar Almarzooqi] - Chief Information Security Officer at Abu Dhabi Department of Economic Development.<br />
<br />
Ammar will be talking about seamless implementation of security controls. If you're dealing with some elements that are inherently secure, such as an application that cannot be modified, how would you be able to secure your environment? Ammar will be addressing this question and discussing a real case scenario from his organization.<br />
<br />
<br /><br />
Our other presenter is [http://ae.linkedin.com/in/tareknaja Tarek Naja] - Senior Security Consultant. <br />
Tarek will be answering questions about the vulnerability you all heard about recently: Heart Bleed. Tarek specializes in penetration testing, mainly web application and mobile application penetration testing.<br />
<br />
----<br />
'''19th of Feb 2014 at 8pm'''<br />
Cafe Rider [http://cafe-rider.com/styled-4/index.html MAP]<br />
Close to Mall of the Emirates<br />
Al Quoz Industrial - Dubai<br />
United Arab Emirates<br />
<br />
Topics:<br />
; Managing Web & Application Security with OWASP – bringing it all together<br />
: Setting up, managing and improving your global information security organisation using mature OWASP projects and tools. Achieving cost-effective application security and bringing it all together on the management level. A journey through different organisational stages and how OWASP tools help organisations moving forward improving their web and application security. This talk will discuss a number of quick wins and how to effectively manage global security initiatives and use OWASP tools inside your organisation<br />
<br />
; Application Security for managers: OWASP CISO Guide and CISO Survey<br />
: The OWASP CISO guide and CISO report 2013. This talk will present two new OWASP projects, the CISO guide and the newly released results of the OWASP CISO Survey report 2013. Their main goal is to provide guidance on application and web security for senior managers and to introduce Chief Information Security Officers (CISO) to the OWASP Application Security Guide and the results of the CISO Survey. Over the last years, we noticed that application security risks and threats have been on the rise and OWASP has started the CISO survey project to gather intelligence and provide it to CISOs and senior managers in order to improve their security strategies, assess their priorities and learn from their peers about what works best protecting web and application security in organizations across various industries.<br />
<br />
Speaker: [http://hk.linkedin.com/in/gondrom Tobias Gondrom]<br />
<br />
Tobias Gondrom is a global board member of OWASP (Open Web Application Security Project) and CEO at Thames Stanley, a boutique Global CISO and Information Security & Risk Management Advisory based in Hong Kong, United Kingdom and Germany.<br />
<br />
----<br />
'''14th of Dec 2013 at 6-8pm.'''<br />
<br />
MAKE Business Hub [https://maps.google.com/maps?ie=UTF8&q=MAKE+Business+Hub+Cafe&fb=1&hq=make+business+hub&cid=1882949530944650280&hnear=&ll=25.079127,55.136797&spn=0.011816,0.021136&t=m&z=16&vpsrc=0&iwloc=A MAP]<br />
Al Fattan Tower - Dubai<br />
United Arab Emirates<br />
+971 4 392 9216<br />
Speaker: Peter Dowley <br />
Topic: Security Architecture for Applications, titled "What's the difference between a security bug and a security flaw?"<br />
<br />
Speaker bio : Peter has been working in computer security for over 10 years, after<br />
another decade in other areas of IT - System & infrastructure architecture,<br />
Windows desktop & server design & management, database modelling & design,<br />
programming. He has strong expertise in security architecture (especially<br />
for banking systems) and how this relates to risk and fraud management. He<br />
is a senior security consultant with Hewlett-Packard (HP) in Dubai and has<br />
been based in the Gulf region for 5 years.<br />
<br />
'''Download the presentation:''' [https://www.owasp.org/index.php/File:Security_Bugs_vs_Flaws.pptx "What's the difference between a security bug and a security flaw"]<br />
<br />
----<br />
'''Casual OWASP meetup'''<br />
This will be our first meeting in a while. It will be an opportunity to get introduced to the other members of the OWASP UAE Chapter and discuss the type of events you'd like to see in the future.<br />
<br />
This will be a casual meeting at a Caribou Coffee at DIFC<br />
<br />
http://www.mealadvisors.com/uae/dubai/restaurant/map/branch_id/1294<br />
<br />
Gathering agenda will be:<br />
<br />
Meeting on Saturday the 9th of November 2013 at 6pm.<br />
Introductions<br />
Intro to OWASP<br />
Open discussion about Dubai chapter<br />
Networking<br />
Conclude at 8pm<br />
<br />
----<br />
<br />
'''IDC's IT Security Roadshow 2013 - Dubai '''<br />
<br />
Date and Time : Wednesday, April 3, 2013<br />
Venue: Mina A' Salam Hotel (Madinat Jumeirah)<br />
Web Application Security "Think like a hacker"<br />
Speaker: Amro Alolaqi<br />
<br />
Reference: http://idc-cema.com/eng/events/50679-idc-s-it-security-roadshow-2013/11-speakers <br />
<br />
----<br />
<br />
'''Cyber Security Summit 2012- DUBAI'''<br />
<br />
Date and Time : 2nd & 3rd of October 2012 - 9:00 AM to 4:00 PM<br />
Venue: Grand Hayat - Dubai <br />
Web Application Critical Vulnerabilities (OWASP top ten)<br />
Speaker: Amro AlOlaqi<br />
<br />
http://we-initiative.com/wp-content/uploads/2012/07/Cyber-Security-UAE-2012-EM12.pdf <br />
----<br />
<br />
'''ISACA UAE - ISAFE conference 2011 - Dubai'''<br />
<br />
Date and Time : 18th - 9:00 AM to 4:00 PM<br />
Venue: The Address Hotel - Dubai Mall<br />
Web Application Critical Vulnerabilities and Threat Modeling <br />
Speaker: Amro AlOlaqi<br />
<br />
http://www.isacauae.org/isafe2011/doc/isafe2011brochure.pdf<br />
<br />
https://plus.google.com/photos/117947441088827793360/albums/5712379217298867441?banner=pwa <br />
<br />
<br />
----<br />
<br />
'''IT For Government 2011- DUBAI'''<br />
<br />
''Location:&nbsp;Dusit Thani Hotel - 133, Sheikh Zayed Road <br>'' <br />
<br />
''Date: 4/Oct/2011'' <br />
<br />
''Registration 8:00 AM'' <br />
<br />
''NAUGURAL KEYNOTE PRESENTATION BY His Excellency Salem Khamis Al Shair Al Suwaidi Emirates e-Government Director General''<br />
<br />
OWASP's session: 11:20 PM <br />
Speaker: Amro AlOlaqi <br />
Subject: The Ten Web Application Critical Risks <br />
<br />
For more information about the event, please visit http://www.fleminggulf.com/cms/uploads/conference/downloads/Postshow_report_DBTC15.pdf <br />
<br />
[[Category:United Arab Emirates]]</div>Tarekhttps://wiki.owasp.org/index.php?title=File:CISO_ME.png&diff=227281File:CISO ME.png2017-03-12T10:15:41Z<p>Tarek: </p>
<hr />
<div></div>Tarekhttps://wiki.owasp.org/index.php?title=Dubai&diff=227280Dubai2017-03-12T05:42:38Z<p>Tarek: </p>
<hr />
<div>{{Chapter Template|chaptername=Dubai|extra=The chapter leaders are [mailto:amro@owasp.org Amro AlOlaqi] and [mailto:tarek@owasp.org Tarek Naja]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-dubai|emailarchives=http://lists.owasp.org/pipermail/owasp-dubai}} <br />
<br />
=== OWASP Middle East Partners with MISTI Europe ===<br />
----<br />
Returning to the [http://habtoor-grand-beach-resort-spa.hotels-in-dubai.org/en/ Habtoor Grand Resort], 27-29 March 2017, the 9th annual [http://www.cisomiddleeast.misti.com/?_ga=1.114765698.486057116.1487900262 CISO Middle East Conference & Roundtable] has new topics, revised sessions and world-class speakers that will leave you on the edge of your seat. With the agenda focusing on burning issues such as phishing attacks, how digital transformation is changing the threat landscape and security/privacy challenges of IoT, we are certain there is something for everyone. If you haven't secured your spot yet, now is the time!<br />
<br><br />
Book now, attend the conference, and you'll automatically be entered into the prize drawer to win one of three Amazon Echo Dots! (Please note, delegates can only win once, and you must be present on the day to win).<br />
<br><br />
Now while we know you don't have the voice service that powers Echo, Alexa, to assist you quite yet in planning your time at the event, you can still download a copy of the [http://training.misti.com/acton/form/10465/004e:d-0001/0/-/-/-/-/index.htminteractive event brochure here]. <br />
<br><br />
If you have any inquiries regarding the event or would like to register, please get in touch with [mailto:cclarke@misti.com Chris Clarke] directly.<br />
<br />
== Local News ==<br />
<br />
'''OWASP Moves to MediaWiki Portal - 11:15, 20 May 2006 (EDT)'''<br />
<br />
== Past Events ==<br />
'''7th of Feb 2017 at 12:30pm'''<br />
Abu Dhabi Cyber Resilience & InfoSeC <br />
<br />
Topics:<br />
; Cracking Passwords for Security's Sake <br />
: Speaker: [http://ae.linkedin.com/in/tareknaja Tarek Naja]<br />
: Bio: Tarek is the OWASP UAE chapter leader. He currently the head of information security at a major middle east organization.<br />
----<br />
<br />
'''27th of August 2014 at 6:30pm'''<br />
Nakheel Sales Office [https://maps.google.com/maps?q=Nakheel+Sales+Center+-+Al+Sufouh+-+Dubai+-+United+Arab+Emirates&hl=en&ll=25.104759,55.156517&spn=0.038589,0.066047&sll=31.128199,-72.773437&sspn=71.247495,135.263672&oq=Nakheel&dirflg=r&ttype=now&noexp=0&noal=0&sort=def&hq=Nakheel+Sales+Center+-&hnear=Al+Sufouh+-+Dubai+-+United+Arab+Emirates&t=m&z=15 MAP]<br />
Al Sufouh Road,<br />
Jumeirah - Dubai<br />
United Arab Emirates<br />
<br />
Topics:<br />
; OWASP Top 10 A2 - Broken Authentication and session management <br />
: Speaker: [http://ae.linkedin.com/in/tareknaja Tarek Naja]<br />
: Bio: Tarek is the OWASP UAE chapter leader. He is a seasoned security consultant who focuses on penetration testing.<br />
<br />
; OWASP Top 10 A3 - Cross site scripting (XSS)<br />
: Speaker: [http://ae.linkedin.com/in/mhendrickx Michael Hendrickx]<br />
: Bio: Michael is an experienced IT security professional with strong, deep technical knowledge on wide variety of applications. <br />
<br />
----<br />
'''28th of May, 2014. 6:30pm'''<br />
Nakheel Sales Office [https://maps.google.com/maps?q=Nakheel+Sales+Center+-+Al+Sufouh+-+Dubai+-+United+Arab+Emirates&hl=en&ll=25.104759,55.156517&spn=0.038589,0.066047&sll=31.128199,-72.773437&sspn=71.247495,135.263672&oq=Nakheel&dirflg=r&ttype=now&noexp=0&noal=0&sort=def&hq=Nakheel+Sales+Center+-&hnear=Al+Sufouh+-+Dubai+-+United+Arab+Emirates&t=m&z=15 MAP]<br />
Al Sufouh Road,<br />
Jumeirah - Dubai<br />
United Arab Emirates<br />
<br />
We're honored to have our guest speak [http://ae.linkedin.com/pub/ammar-almarzooqi/30/b11/b86 Ammar Almarzooqi] - Chief Information Security Officer at Abu Dhabi Department of Economic Development.<br />
<br />
Ammar will be talking about seamless implementation of security controls. If you're dealing with some elements that are inherently secure, such as an application that cannot be modified, how would you be able to secure your environment? Ammar will be addressing this question and discussing a real case scenario from his organization.<br />
<br />
<br/><br />
Our other presenter is [http://ae.linkedin.com/in/tareknaja Tarek Naja] - Senior Security Consultant. <br />
Tarek will be answering questions about the vulnerability you all heard about recently: Heart Bleed. Tarek specializes in penetration testing, mainly web application and mobile application penetration testing.<br />
<br />
----<br />
'''19th of Feb 2014 at 8pm'''<br />
Cafe Rider [http://cafe-rider.com/styled-4/index.html MAP]<br />
Close to Mall of the Emirates<br />
Al Quoz Industrial - Dubai<br />
United Arab Emirates<br />
<br />
Topics:<br />
; Managing Web & Application Security with OWASP – bringing it all together<br />
: Setting up, managing and improving your global information security organisation using mature OWASP projects and tools. Achieving cost-effective application security and bringing it all together on the management level. A journey through different organisational stages and how OWASP tools help organisations moving forward improving their web and application security. This talk will discuss a number of quick wins and how to effectively manage global security initiatives and use OWASP tools inside your organisation<br />
<br />
; Application Security for managers: OWASP CISO Guide and CISO Survey<br />
: The OWASP CISO guide and CISO report 2013. This talk will present two new OWASP projects, the CISO guide and the newly released results of the OWASP CISO Survey report 2013. Their main goal is to provide guidance on application and web security for senior managers and to introduce Chief Information Security Officers (CISO) to the OWASP Application Security Guide and the results of the CISO Survey. Over the last years, we noticed that application security risks and threats have been on the rise and OWASP has started the CISO survey project to gather intelligence and provide it to CISOs and senior managers in order to improve their security strategies, assess their priorities and learn from their peers about what works best protecting web and application security in organizations across various industries.<br />
<br />
Speaker: [http://hk.linkedin.com/in/gondrom Tobias Gondrom]<br />
<br />
Tobias Gondrom is a global board member of OWASP (Open Web Application Security Project) and CEO at Thames Stanley, a boutique Global CISO and Information Security & Risk Management Advisory based in Hong Kong, United Kingdom and Germany.<br />
<br />
----<br />
'''14th of Dec 2013 at 6-8pm.'''<br />
<br />
MAKE Business Hub [https://maps.google.com/maps?ie=UTF8&q=MAKE+Business+Hub+Cafe&fb=1&hq=make+business+hub&cid=1882949530944650280&hnear=&ll=25.079127,55.136797&spn=0.011816,0.021136&t=m&z=16&vpsrc=0&iwloc=A MAP ]<br />
Al Fattan Tower - Dubai<br />
United Arab Emirates<br />
+971 4 392 9216<br />
Speaker: Peter Dowley <br />
Topic: Security Architecture for Applications, titled "What's the difference between a security bug and a security flaw?"<br />
<br />
Speaker bio : Peter has been working in computer security for over 10 years, after<br />
another decade in other areas of IT - System & infrastructure architecture,<br />
Windows desktop & server design & management, database modelling & design,<br />
programming. He has strong expertise in security architecture (especially<br />
for banking systems) and how this relates to risk and fraud management. He<br />
is a senior security consultant with Hewlett-Packard (HP) in Dubai and has<br />
been based in the Gulf region for 5 years.<br />
<br />
'''Download the presentation:''' [https://www.owasp.org/index.php/File:Security_Bugs_vs_Flaws.pptx "What's the difference between a security bug and a security flaw"]<br />
<br />
----<br />
'''Casual OWASP meetup'''<br />
This will be our first meeting in a while. It will be an opportunity to get introduced to the other members of the OWASP UAE Chapter and discuss the type of events you'd like to see in the future.<br />
<br />
This will be a casual meeting at a Caribou Coffee at DIFC<br />
<br />
http://www.mealadvisors.com/uae/dubai/restaurant/map/branch_id/1294<br />
<br />
Gathering agenda will be:<br />
<br />
Meeting on Saturday the 9th of November 2013 at 6pm.<br />
Introductions<br />
Intro to OWASP<br />
Open discussion about Dubai chapter<br />
Networking<br />
Conclude at 8pm<br />
<br />
----<br />
<br />
'''IDC's IT Security Roadshow 2013 - Dubai '''<br />
<br />
Date and Time : Wednesday, April 3, 2013<br />
Venue: Mina A' Salam Hotel (Madinat Jumeirah)<br />
Web Application Security "Think like a hacker"<br />
Speaker: Amro Alolaqi<br />
<br />
Reference: http://idc-cema.com/eng/events/50679-idc-s-it-security-roadshow-2013/11-speakers <br />
<br />
----<br />
<br />
'''Cyber Security Summit 2012- DUBAI'''<br />
<br />
Date and Time : 2nd & 3rd of October 2012 - 9:00 AM to 4:00 PM<br />
Venue: Grand Hayat - Dubai <br />
Web Application Critical Vulnerabilities (OWASP top ten)<br />
Speaker: Amro AlOlaqi<br />
<br />
http://we-initiative.com/wp-content/uploads/2012/07/Cyber-Security-UAE-2012-EM12.pdf <br />
----<br />
<br />
'''ISACA UAE - ISAFE conference 2011 - Dubai'''<br />
<br />
Date and Time : 18th - 9:00 AM to 4:00 PM<br />
Venue: The Address Hotel - Dubai Mall<br />
Web Application Critical Vulnerabilities and Threat Modeling <br />
Speaker: Amro AlOlaqi<br />
<br />
http://www.isacauae.org/isafe2011/doc/isafe2011brochure.pdf<br />
<br />
https://plus.google.com/photos/117947441088827793360/albums/5712379217298867441?banner=pwa <br />
<br />
<br />
----<br />
<br />
'''IT For Government 2011- DUBAI'''<br />
<br />
''Location:&nbsp;Dusit Thani Hotel - 133, Sheikh Zayed Road <br>'' <br />
<br />
''Date: 4/Oct/2011'' <br />
<br />
''Registration 8:00 AM'' <br />
<br />
''NAUGURAL KEYNOTE PRESENTATION BY His Excellency Salem Khamis Al Shair Al Suwaidi Emirates e-Government Director General''<br />
<br />
OWASP's session: 11:20 PM <br />
Speaker: Amro AlOlaqi <br />
Subject: The Ten Web Application Critical Risks <br />
<br />
For more information about the event, please visit http://www.fleminggulf.com/cms/uploads/conference/downloads/Postshow_report_DBTC15.pdf <br />
<br />
[[Category:United Arab Emirates]]</div>Tarekhttps://wiki.owasp.org/index.php?title=Dubai&diff=227279Dubai2017-03-12T05:41:07Z<p>Tarek: </p>
<hr />
<div>{{Chapter Template|chaptername=Dubai|extra=The chapter leaders are [mailto:amro@owasp.org Amro AlOlaqi] and [mailto:tarek@owasp.org Tarek Naja]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-dubai|emailarchives=http://lists.owasp.org/pipermail/owasp-dubai}} <br />
<br />
=== OWASP Middle East Partners with MISTI Europe ===<br />
Returning to the [http://habtoor-grand-beach-resort-spa.hotels-in-dubai.org/en/ Habtoor Grand Resort], 27-29 March 2017, the 9th annual [http://www.cisomiddleeast.misti.com/?_ga=1.114765698.486057116.1487900262 CISO Middle East Conference & Roundtable] has new topics, revised sessions and world-class speakers that will leave you on the edge of your seat. With the agenda focusing on burning issues such as phishing attacks, how digital transformation is changing the threat landscape and security/privacy challenges of IoT, we are certain there is something for everyone. If you haven't secured your spot yet, now is the time!<br />
<br><br />
Book now, attend the conference, and you'll automatically be entered into the prize drawer to win one of three Amazon Echo Dots! (Please note, delegates can only win once, and you must be present on the day to win).<br />
<br><br />
Now while we know you don't have the voice service that powers Echo, Alexa, to assist you quite yet in planning your time at the event, you can still download a copy of the [http://training.misti.com/acton/form/10465/004e:d-0001/0/-/-/-/-/index.htminteractive event brochure here]. <br />
<br><br />
If you have any inquiries regarding the event or would like to register, please get in touch with [mailto:cclarke@misti.com Chris Clarke] directly.<br />
<br />
== Local News ==<br />
<br />
'''OWASP Moves to MediaWiki Portal - 11:15, 20 May 2006 (EDT)'''<br />
<br />
== Past Events ==<br />
'''7th of Feb 2017 at 12:30pm'''<br />
Abu Dhabi Cyber Resilience & InfoSeC <br />
<br />
Topics:<br />
; Cracking Passwords for Security's Sake <br />
: Speaker: [http://ae.linkedin.com/in/tareknaja Tarek Naja]<br />
: Bio: Tarek is the OWASP UAE chapter leader. He currently the head of information security at a major middle east organization.<br />
----<br />
<br />
'''27th of August 2014 at 6:30pm'''<br />
Nakheel Sales Office [https://maps.google.com/maps?q=Nakheel+Sales+Center+-+Al+Sufouh+-+Dubai+-+United+Arab+Emirates&hl=en&ll=25.104759,55.156517&spn=0.038589,0.066047&sll=31.128199,-72.773437&sspn=71.247495,135.263672&oq=Nakheel&dirflg=r&ttype=now&noexp=0&noal=0&sort=def&hq=Nakheel+Sales+Center+-&hnear=Al+Sufouh+-+Dubai+-+United+Arab+Emirates&t=m&z=15 MAP]<br />
Al Sufouh Road,<br />
Jumeirah - Dubai<br />
United Arab Emirates<br />
<br />
Topics:<br />
; OWASP Top 10 A2 - Broken Authentication and session management <br />
: Speaker: [http://ae.linkedin.com/in/tareknaja Tarek Naja]<br />
: Bio: Tarek is the OWASP UAE chapter leader. He is a seasoned security consultant who focuses on penetration testing.<br />
<br />
; OWASP Top 10 A3 - Cross site scripting (XSS)<br />
: Speaker: [http://ae.linkedin.com/in/mhendrickx Michael Hendrickx]<br />
: Bio: Michael is an experienced IT security professional with strong, deep technical knowledge on wide variety of applications. <br />
<br />
----<br />
'''28th of May, 2014. 6:30pm'''<br />
Nakheel Sales Office [https://maps.google.com/maps?q=Nakheel+Sales+Center+-+Al+Sufouh+-+Dubai+-+United+Arab+Emirates&hl=en&ll=25.104759,55.156517&spn=0.038589,0.066047&sll=31.128199,-72.773437&sspn=71.247495,135.263672&oq=Nakheel&dirflg=r&ttype=now&noexp=0&noal=0&sort=def&hq=Nakheel+Sales+Center+-&hnear=Al+Sufouh+-+Dubai+-+United+Arab+Emirates&t=m&z=15 MAP]<br />
Al Sufouh Road,<br />
Jumeirah - Dubai<br />
United Arab Emirates<br />
<br />
We're honored to have our guest speak [http://ae.linkedin.com/pub/ammar-almarzooqi/30/b11/b86 Ammar Almarzooqi] - Chief Information Security Officer at Abu Dhabi Department of Economic Development.<br />
<br />
Ammar will be talking about seamless implementation of security controls. If you're dealing with some elements that are inherently secure, such as an application that cannot be modified, how would you be able to secure your environment? Ammar will be addressing this question and discussing a real case scenario from his organization.<br />
<br />
<br/><br />
Our other presenter is [http://ae.linkedin.com/in/tareknaja Tarek Naja] - Senior Security Consultant. <br />
Tarek will be answering questions about the vulnerability you all heard about recently: Heart Bleed. Tarek specializes in penetration testing, mainly web application and mobile application penetration testing.<br />
<br />
----<br />
'''19th of Feb 2014 at 8pm'''<br />
Cafe Rider [http://cafe-rider.com/styled-4/index.html MAP]<br />
Close to Mall of the Emirates<br />
Al Quoz Industrial - Dubai<br />
United Arab Emirates<br />
<br />
Topics:<br />
; Managing Web & Application Security with OWASP – bringing it all together<br />
: Setting up, managing and improving your global information security organisation using mature OWASP projects and tools. Achieving cost-effective application security and bringing it all together on the management level. A journey through different organisational stages and how OWASP tools help organisations moving forward improving their web and application security. This talk will discuss a number of quick wins and how to effectively manage global security initiatives and use OWASP tools inside your organisation<br />
<br />
; Application Security for managers: OWASP CISO Guide and CISO Survey<br />
: The OWASP CISO guide and CISO report 2013. This talk will present two new OWASP projects, the CISO guide and the newly released results of the OWASP CISO Survey report 2013. Their main goal is to provide guidance on application and web security for senior managers and to introduce Chief Information Security Officers (CISO) to the OWASP Application Security Guide and the results of the CISO Survey. Over the last years, we noticed that application security risks and threats have been on the rise and OWASP has started the CISO survey project to gather intelligence and provide it to CISOs and senior managers in order to improve their security strategies, assess their priorities and learn from their peers about what works best protecting web and application security in organizations across various industries.<br />
<br />
Speaker: [http://hk.linkedin.com/in/gondrom Tobias Gondrom]<br />
<br />
Tobias Gondrom is a global board member of OWASP (Open Web Application Security Project) and CEO at Thames Stanley, a boutique Global CISO and Information Security & Risk Management Advisory based in Hong Kong, United Kingdom and Germany.<br />
<br />
----<br />
'''14th of Dec 2013 at 6-8pm.'''<br />
<br />
MAKE Business Hub [https://maps.google.com/maps?ie=UTF8&q=MAKE+Business+Hub+Cafe&fb=1&hq=make+business+hub&cid=1882949530944650280&hnear=&ll=25.079127,55.136797&spn=0.011816,0.021136&t=m&z=16&vpsrc=0&iwloc=A MAP ]<br />
Al Fattan Tower - Dubai<br />
United Arab Emirates<br />
+971 4 392 9216<br />
Speaker: Peter Dowley <br />
Topic: Security Architecture for Applications, titled "What's the difference between a security bug and a security flaw?"<br />
<br />
Speaker bio : Peter has been working in computer security for over 10 years, after<br />
another decade in other areas of IT - System & infrastructure architecture,<br />
Windows desktop & server design & management, database modelling & design,<br />
programming. He has strong expertise in security architecture (especially<br />
for banking systems) and how this relates to risk and fraud management. He<br />
is a senior security consultant with Hewlett-Packard (HP) in Dubai and has<br />
been based in the Gulf region for 5 years.<br />
<br />
'''Download the presentation:''' [https://www.owasp.org/index.php/File:Security_Bugs_vs_Flaws.pptx "What's the difference between a security bug and a security flaw"]<br />
<br />
----<br />
'''Casual OWASP meetup'''<br />
This will be our first meeting in a while. It will be an opportunity to get introduced to the other members of the OWASP UAE Chapter and discuss the type of events you'd like to see in the future.<br />
<br />
This will be a casual meeting at a Caribou Coffee at DIFC<br />
<br />
http://www.mealadvisors.com/uae/dubai/restaurant/map/branch_id/1294<br />
<br />
Gathering agenda will be:<br />
<br />
Meeting on Saturday the 9th of November 2013 at 6pm.<br />
Introductions<br />
Intro to OWASP<br />
Open discussion about Dubai chapter<br />
Networking<br />
Conclude at 8pm<br />
<br />
----<br />
<br />
'''IDC's IT Security Roadshow 2013 - Dubai '''<br />
<br />
Date and Time : Wednesday, April 3, 2013<br />
Venue: Mina A' Salam Hotel (Madinat Jumeirah)<br />
Web Application Security "Think like a hacker"<br />
Speaker: Amro Alolaqi<br />
<br />
Reference: http://idc-cema.com/eng/events/50679-idc-s-it-security-roadshow-2013/11-speakers <br />
<br />
----<br />
<br />
'''Cyber Security Summit 2012- DUBAI'''<br />
<br />
Date and Time : 2nd & 3rd of October 2012 - 9:00 AM to 4:00 PM<br />
Venue: Grand Hayat - Dubai <br />
Web Application Critical Vulnerabilities (OWASP top ten)<br />
Speaker: Amro AlOlaqi<br />
<br />
http://we-initiative.com/wp-content/uploads/2012/07/Cyber-Security-UAE-2012-EM12.pdf <br />
----<br />
<br />
'''ISACA UAE - ISAFE conference 2011 - Dubai'''<br />
<br />
Date and Time : 18th - 9:00 AM to 4:00 PM<br />
Venue: The Address Hotel - Dubai Mall<br />
Web Application Critical Vulnerabilities and Threat Modeling <br />
Speaker: Amro AlOlaqi<br />
<br />
http://www.isacauae.org/isafe2011/doc/isafe2011brochure.pdf<br />
<br />
https://plus.google.com/photos/117947441088827793360/albums/5712379217298867441?banner=pwa <br />
<br />
<br />
----<br />
<br />
'''IT For Government 2011- DUBAI'''<br />
<br />
''Location:&nbsp;Dusit Thani Hotel - 133, Sheikh Zayed Road <br>'' <br />
<br />
''Date: 4/Oct/2011'' <br />
<br />
''Registration 8:00 AM'' <br />
<br />
''NAUGURAL KEYNOTE PRESENTATION BY His Excellency Salem Khamis Al Shair Al Suwaidi Emirates e-Government Director General''<br />
<br />
OWASP's session: 11:20 PM <br />
Speaker: Amro AlOlaqi <br />
Subject: The Ten Web Application Critical Risks <br />
<br />
For more information about the event, please visit http://www.fleminggulf.com/cms/uploads/conference/downloads/Postshow_report_DBTC15.pdf <br />
<br />
[[Category:United Arab Emirates]]</div>Tarekhttps://wiki.owasp.org/index.php?title=Dubai&diff=227278Dubai2017-03-12T05:32:27Z<p>Tarek: </p>
<hr />
<div>{{Chapter Template|chaptername=Dubai|extra=The chapter leaders are [mailto:amro@owasp.org Amro AlOlaqi] and [mailto:tarek@owasp.org Tarek Naja]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-dubai|emailarchives=http://lists.owasp.org/pipermail/owasp-dubai}} <br />
<br />
== OWASP Middle East Partners with MISTI Europe ==<br />
<br />
'''Returning to the [http://habtoor-grand-beach-resort-spa.hotels-in-dubai.org/en/ Habtoor Grand Resort], 27-29 March 2017, the 9th annual [http://www.cisomiddleeast.misti.com/?_ga=1.114765698.486057116.1487900262 CISO Middle East Conference & Roundtable] has new topics, revised sessions and world-class speakers that will leave you on the edge of your seat. With the agenda focusing on burning issues such as phishing attacks, how digital transformation is changing the threat landscape and security/privacy challenges of IoT, we are certain there is something for everyone. If you haven't secured your spot yet, now is the time!'''<br />
<br />
Book now, attend the conference, and you'll automatically be entered into the prize drawer to win one of three Amazon Echo Dots! (Please note, delegates can only win once, and you must be present on the day to win).<br />
<br />
Now while we know you don't have the voice service that powers Echo, Alexa, to assist you quite yet in planning your time at the event, you can still download a copy of the [http://training.misti.com/acton/form/10465/004e:d-0001/0/-/-/-/-/index.htminteractive event brochure here]. <br />
<br />
If you have any inquiries regarding the event or would like to register, please get in touch with [mailto:cclarke@misti.com Chris Clarke] directly.'''<br />
<br />
== Local News ==<br />
<br />
'''OWASP Moves to MediaWiki Portal - 11:15, 20 May 2006 (EDT)'''<br />
<br />
== Past Events ==<br />
'''7th of Feb 2017 at 12:30pm'''<br />
Abu Dhabi Cyber Resilience & InfoSeC <br />
<br />
Topics:<br />
; Cracking Passwords for Security's Sake <br />
: Speaker: [http://ae.linkedin.com/in/tareknaja Tarek Naja]<br />
: Bio: Tarek is the OWASP UAE chapter leader. He currently the head of information security at a major middle east organization.<br />
----<br />
<br />
'''27th of August 2014 at 6:30pm'''<br />
Nakheel Sales Office [https://maps.google.com/maps?q=Nakheel+Sales+Center+-+Al+Sufouh+-+Dubai+-+United+Arab+Emirates&hl=en&ll=25.104759,55.156517&spn=0.038589,0.066047&sll=31.128199,-72.773437&sspn=71.247495,135.263672&oq=Nakheel&dirflg=r&ttype=now&noexp=0&noal=0&sort=def&hq=Nakheel+Sales+Center+-&hnear=Al+Sufouh+-+Dubai+-+United+Arab+Emirates&t=m&z=15 MAP]<br />
Al Sufouh Road,<br />
Jumeirah - Dubai<br />
United Arab Emirates<br />
<br />
Topics:<br />
; OWASP Top 10 A2 - Broken Authentication and session management <br />
: Speaker: [http://ae.linkedin.com/in/tareknaja Tarek Naja]<br />
: Bio: Tarek is the OWASP UAE chapter leader. He is a seasoned security consultant who focuses on penetration testing.<br />
<br />
; OWASP Top 10 A3 - Cross site scripting (XSS)<br />
: Speaker: [http://ae.linkedin.com/in/mhendrickx Michael Hendrickx]<br />
: Bio: Michael is an experienced IT security professional with strong, deep technical knowledge on wide variety of applications. <br />
<br />
----<br />
'''28th of May, 2014. 6:30pm'''<br />
Nakheel Sales Office [https://maps.google.com/maps?q=Nakheel+Sales+Center+-+Al+Sufouh+-+Dubai+-+United+Arab+Emirates&hl=en&ll=25.104759,55.156517&spn=0.038589,0.066047&sll=31.128199,-72.773437&sspn=71.247495,135.263672&oq=Nakheel&dirflg=r&ttype=now&noexp=0&noal=0&sort=def&hq=Nakheel+Sales+Center+-&hnear=Al+Sufouh+-+Dubai+-+United+Arab+Emirates&t=m&z=15 MAP]<br />
Al Sufouh Road,<br />
Jumeirah - Dubai<br />
United Arab Emirates<br />
<br />
We're honored to have our guest speak [http://ae.linkedin.com/pub/ammar-almarzooqi/30/b11/b86 Ammar Almarzooqi] - Chief Information Security Officer at Abu Dhabi Department of Economic Development.<br />
<br />
Ammar will be talking about seamless implementation of security controls. If you're dealing with some elements that are inherently secure, such as an application that cannot be modified, how would you be able to secure your environment? Ammar will be addressing this question and discussing a real case scenario from his organization.<br />
<br />
<br/><br />
Our other presenter is [http://ae.linkedin.com/in/tareknaja Tarek Naja] - Senior Security Consultant. <br />
Tarek will be answering questions about the vulnerability you all heard about recently: Heart Bleed. Tarek specializes in penetration testing, mainly web application and mobile application penetration testing.<br />
<br />
----<br />
'''19th of Feb 2014 at 8pm'''<br />
Cafe Rider [http://cafe-rider.com/styled-4/index.html MAP]<br />
Close to Mall of the Emirates<br />
Al Quoz Industrial - Dubai<br />
United Arab Emirates<br />
<br />
Topics:<br />
; Managing Web & Application Security with OWASP – bringing it all together<br />
: Setting up, managing and improving your global information security organisation using mature OWASP projects and tools. Achieving cost-effective application security and bringing it all together on the management level. A journey through different organisational stages and how OWASP tools help organisations moving forward improving their web and application security. This talk will discuss a number of quick wins and how to effectively manage global security initiatives and use OWASP tools inside your organisation<br />
<br />
; Application Security for managers: OWASP CISO Guide and CISO Survey<br />
: The OWASP CISO guide and CISO report 2013. This talk will present two new OWASP projects, the CISO guide and the newly released results of the OWASP CISO Survey report 2013. Their main goal is to provide guidance on application and web security for senior managers and to introduce Chief Information Security Officers (CISO) to the OWASP Application Security Guide and the results of the CISO Survey. Over the last years, we noticed that application security risks and threats have been on the rise and OWASP has started the CISO survey project to gather intelligence and provide it to CISOs and senior managers in order to improve their security strategies, assess their priorities and learn from their peers about what works best protecting web and application security in organizations across various industries.<br />
<br />
Speaker: [http://hk.linkedin.com/in/gondrom Tobias Gondrom]<br />
<br />
Tobias Gondrom is a global board member of OWASP (Open Web Application Security Project) and CEO at Thames Stanley, a boutique Global CISO and Information Security & Risk Management Advisory based in Hong Kong, United Kingdom and Germany.<br />
<br />
----<br />
'''14th of Dec 2013 at 6-8pm.'''<br />
<br />
MAKE Business Hub [https://maps.google.com/maps?ie=UTF8&q=MAKE+Business+Hub+Cafe&fb=1&hq=make+business+hub&cid=1882949530944650280&hnear=&ll=25.079127,55.136797&spn=0.011816,0.021136&t=m&z=16&vpsrc=0&iwloc=A MAP ]<br />
Al Fattan Tower - Dubai<br />
United Arab Emirates<br />
+971 4 392 9216<br />
Speaker: Peter Dowley <br />
Topic: Security Architecture for Applications, titled "What's the difference between a security bug and a security flaw?"<br />
<br />
Speaker bio : Peter has been working in computer security for over 10 years, after<br />
another decade in other areas of IT - System & infrastructure architecture,<br />
Windows desktop & server design & management, database modelling & design,<br />
programming. He has strong expertise in security architecture (especially<br />
for banking systems) and how this relates to risk and fraud management. He<br />
is a senior security consultant with Hewlett-Packard (HP) in Dubai and has<br />
been based in the Gulf region for 5 years.<br />
<br />
'''Download the presentation:''' [https://www.owasp.org/index.php/File:Security_Bugs_vs_Flaws.pptx "What's the difference between a security bug and a security flaw"]<br />
<br />
----<br />
'''Casual OWASP meetup'''<br />
This will be our first meeting in a while. It will be an opportunity to get introduced to the other members of the OWASP UAE Chapter and discuss the type of events you'd like to see in the future.<br />
<br />
This will be a casual meeting at a Caribou Coffee at DIFC<br />
<br />
http://www.mealadvisors.com/uae/dubai/restaurant/map/branch_id/1294<br />
<br />
Gathering agenda will be:<br />
<br />
Meeting on Saturday the 9th of November 2013 at 6pm.<br />
Introductions<br />
Intro to OWASP<br />
Open discussion about Dubai chapter<br />
Networking<br />
Conclude at 8pm<br />
<br />
----<br />
<br />
'''IDC's IT Security Roadshow 2013 - Dubai '''<br />
<br />
Date and Time : Wednesday, April 3, 2013<br />
Venue: Mina A' Salam Hotel (Madinat Jumeirah)<br />
Web Application Security "Think like a hacker"<br />
Speaker: Amro Alolaqi<br />
<br />
Reference: http://idc-cema.com/eng/events/50679-idc-s-it-security-roadshow-2013/11-speakers <br />
<br />
----<br />
<br />
'''Cyber Security Summit 2012- DUBAI'''<br />
<br />
Date and Time : 2nd & 3rd of October 2012 - 9:00 AM to 4:00 PM<br />
Venue: Grand Hayat - Dubai <br />
Web Application Critical Vulnerabilities (OWASP top ten)<br />
Speaker: Amro AlOlaqi<br />
<br />
http://we-initiative.com/wp-content/uploads/2012/07/Cyber-Security-UAE-2012-EM12.pdf <br />
----<br />
<br />
'''ISACA UAE - ISAFE conference 2011 - Dubai'''<br />
<br />
Date and Time : 18th - 9:00 AM to 4:00 PM<br />
Venue: The Address Hotel - Dubai Mall<br />
Web Application Critical Vulnerabilities and Threat Modeling <br />
Speaker: Amro AlOlaqi<br />
<br />
http://www.isacauae.org/isafe2011/doc/isafe2011brochure.pdf<br />
<br />
https://plus.google.com/photos/117947441088827793360/albums/5712379217298867441?banner=pwa <br />
<br />
<br />
----<br />
<br />
'''IT For Government 2011- DUBAI'''<br />
<br />
''Location:&nbsp;Dusit Thani Hotel - 133, Sheikh Zayed Road <br>'' <br />
<br />
''Date: 4/Oct/2011'' <br />
<br />
''Registration 8:00 AM'' <br />
<br />
''NAUGURAL KEYNOTE PRESENTATION BY His Excellency Salem Khamis Al Shair Al Suwaidi Emirates e-Government Director General''<br />
<br />
OWASP's session: 11:20 PM <br />
Speaker: Amro AlOlaqi <br />
Subject: The Ten Web Application Critical Risks <br />
<br />
For more information about the event, please visit http://www.fleminggulf.com/cms/uploads/conference/downloads/Postshow_report_DBTC15.pdf <br />
<br />
[[Category:United Arab Emirates]]</div>Tarekhttps://wiki.owasp.org/index.php?title=Dubai&diff=226798Dubai2017-02-27T09:46:29Z<p>Tarek: </p>
<hr />
<div>{{Chapter Template|chaptername=Dubai|extra=The chapter leaders are [mailto:amro@owasp.org Amro AlOlaqi] and [mailto:tarek@owasp.org Tarek Naja]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-dubai|emailarchives=http://lists.owasp.org/pipermail/owasp-dubai}} <br />
<br />
<br> <br />
<br />
== Local News ==<br />
<br />
'''OWASP Moves to MediaWiki Portal - 11:15, 20 May 2006 (EDT)'''<br />
<br />
<br />
== Past Events ==<br />
'''7th of Feb 2017 at 12:30pm'''<br />
Abu Dhabi Cyber Resilience & InfoSeC <br />
<br />
Topics:<br />
; Cracking Passwords for Security's Sake <br />
: Speaker: [http://ae.linkedin.com/in/tareknaja Tarek Naja]<br />
: Bio: Tarek is the OWASP UAE chapter leader. He currently the head of information security at a major middle east organization.<br />
----<br />
<br />
'''27th of August 2014 at 6:30pm'''<br />
Nakheel Sales Office [https://maps.google.com/maps?q=Nakheel+Sales+Center+-+Al+Sufouh+-+Dubai+-+United+Arab+Emirates&hl=en&ll=25.104759,55.156517&spn=0.038589,0.066047&sll=31.128199,-72.773437&sspn=71.247495,135.263672&oq=Nakheel&dirflg=r&ttype=now&noexp=0&noal=0&sort=def&hq=Nakheel+Sales+Center+-&hnear=Al+Sufouh+-+Dubai+-+United+Arab+Emirates&t=m&z=15 MAP]<br />
Al Sufouh Road,<br />
Jumeirah - Dubai<br />
United Arab Emirates<br />
<br />
Topics:<br />
; OWASP Top 10 A2 - Broken Authentication and session management <br />
: Speaker: [http://ae.linkedin.com/in/tareknaja Tarek Naja]<br />
: Bio: Tarek is the OWASP UAE chapter leader. He is a seasoned security consultant who focuses on penetration testing.<br />
<br />
; OWASP Top 10 A3 - Cross site scripting (XSS)<br />
: Speaker: [http://ae.linkedin.com/in/mhendrickx Michael Hendrickx]<br />
: Bio: Michael is an experienced IT security professional with strong, deep technical knowledge on wide variety of applications. <br />
<br />
----<br />
'''28th of May, 2014. 6:30pm'''<br />
Nakheel Sales Office [https://maps.google.com/maps?q=Nakheel+Sales+Center+-+Al+Sufouh+-+Dubai+-+United+Arab+Emirates&hl=en&ll=25.104759,55.156517&spn=0.038589,0.066047&sll=31.128199,-72.773437&sspn=71.247495,135.263672&oq=Nakheel&dirflg=r&ttype=now&noexp=0&noal=0&sort=def&hq=Nakheel+Sales+Center+-&hnear=Al+Sufouh+-+Dubai+-+United+Arab+Emirates&t=m&z=15 MAP]<br />
Al Sufouh Road,<br />
Jumeirah - Dubai<br />
United Arab Emirates<br />
<br />
We're honored to have our guest speak [http://ae.linkedin.com/pub/ammar-almarzooqi/30/b11/b86 Ammar Almarzooqi] - Chief Information Security Officer at Abu Dhabi Department of Economic Development.<br />
<br />
Ammar will be talking about seamless implementation of security controls. If you're dealing with some elements that are inherently secure, such as an application that cannot be modified, how would you be able to secure your environment? Ammar will be addressing this question and discussing a real case scenario from his organization.<br />
<br />
<br/><br />
Our other presenter is [http://ae.linkedin.com/in/tareknaja Tarek Naja] - Senior Security Consultant. <br />
Tarek will be answering questions about the vulnerability you all heard about recently: Heart Bleed. Tarek specializes in penetration testing, mainly web application and mobile application penetration testing.<br />
<br />
----<br />
'''19th of Feb 2014 at 8pm'''<br />
Cafe Rider [http://cafe-rider.com/styled-4/index.html MAP]<br />
Close to Mall of the Emirates<br />
Al Quoz Industrial - Dubai<br />
United Arab Emirates<br />
<br />
Topics:<br />
; Managing Web & Application Security with OWASP – bringing it all together<br />
: Setting up, managing and improving your global information security organisation using mature OWASP projects and tools. Achieving cost-effective application security and bringing it all together on the management level. A journey through different organisational stages and how OWASP tools help organisations moving forward improving their web and application security. This talk will discuss a number of quick wins and how to effectively manage global security initiatives and use OWASP tools inside your organisation<br />
<br />
; Application Security for managers: OWASP CISO Guide and CISO Survey<br />
: The OWASP CISO guide and CISO report 2013. This talk will present two new OWASP projects, the CISO guide and the newly released results of the OWASP CISO Survey report 2013. Their main goal is to provide guidance on application and web security for senior managers and to introduce Chief Information Security Officers (CISO) to the OWASP Application Security Guide and the results of the CISO Survey. Over the last years, we noticed that application security risks and threats have been on the rise and OWASP has started the CISO survey project to gather intelligence and provide it to CISOs and senior managers in order to improve their security strategies, assess their priorities and learn from their peers about what works best protecting web and application security in organizations across various industries.<br />
<br />
Speaker: [http://hk.linkedin.com/in/gondrom Tobias Gondrom]<br />
<br />
Tobias Gondrom is a global board member of OWASP (Open Web Application Security Project) and CEO at Thames Stanley, a boutique Global CISO and Information Security & Risk Management Advisory based in Hong Kong, United Kingdom and Germany.<br />
<br />
----<br />
'''14th of Dec 2013 at 6-8pm.'''<br />
<br />
MAKE Business Hub [https://maps.google.com/maps?ie=UTF8&q=MAKE+Business+Hub+Cafe&fb=1&hq=make+business+hub&cid=1882949530944650280&hnear=&ll=25.079127,55.136797&spn=0.011816,0.021136&t=m&z=16&vpsrc=0&iwloc=A MAP ]<br />
Al Fattan Tower - Dubai<br />
United Arab Emirates<br />
+971 4 392 9216<br />
Speaker: Peter Dowley <br />
Topic: Security Architecture for Applications, titled "What's the difference between a security bug and a security flaw?"<br />
<br />
Speaker bio : Peter has been working in computer security for over 10 years, after<br />
another decade in other areas of IT - System & infrastructure architecture,<br />
Windows desktop & server design & management, database modelling & design,<br />
programming. He has strong expertise in security architecture (especially<br />
for banking systems) and how this relates to risk and fraud management. He<br />
is a senior security consultant with Hewlett-Packard (HP) in Dubai and has<br />
been based in the Gulf region for 5 years.<br />
<br />
'''Download the presentation:''' [https://www.owasp.org/index.php/File:Security_Bugs_vs_Flaws.pptx "What's the difference between a security bug and a security flaw"]<br />
<br />
----<br />
'''Casual OWASP meetup'''<br />
This will be our first meeting in a while. It will be an opportunity to get introduced to the other members of the OWASP UAE Chapter and discuss the type of events you'd like to see in the future.<br />
<br />
This will be a casual meeting at a Caribou Coffee at DIFC<br />
<br />
http://www.mealadvisors.com/uae/dubai/restaurant/map/branch_id/1294<br />
<br />
Gathering agenda will be:<br />
<br />
Meeting on Saturday the 9th of November 2013 at 6pm.<br />
Introductions<br />
Intro to OWASP<br />
Open discussion about Dubai chapter<br />
Networking<br />
Conclude at 8pm<br />
<br />
----<br />
<br />
'''IDC's IT Security Roadshow 2013 - Dubai '''<br />
<br />
Date and Time : Wednesday, April 3, 2013<br />
Venue: Mina A' Salam Hotel (Madinat Jumeirah)<br />
Web Application Security "Think like a hacker"<br />
Speaker: Amro Alolaqi<br />
<br />
Reference: http://idc-cema.com/eng/events/50679-idc-s-it-security-roadshow-2013/11-speakers <br />
<br />
----<br />
<br />
'''Cyber Security Summit 2012- DUBAI'''<br />
<br />
Date and Time : 2nd & 3rd of October 2012 - 9:00 AM to 4:00 PM<br />
Venue: Grand Hayat - Dubai <br />
Web Application Critical Vulnerabilities (OWASP top ten)<br />
Speaker: Amro AlOlaqi<br />
<br />
http://we-initiative.com/wp-content/uploads/2012/07/Cyber-Security-UAE-2012-EM12.pdf <br />
----<br />
<br />
'''ISACA UAE - ISAFE conference 2011 - Dubai'''<br />
<br />
Date and Time : 18th - 9:00 AM to 4:00 PM<br />
Venue: The Address Hotel - Dubai Mall<br />
Web Application Critical Vulnerabilities and Threat Modeling <br />
Speaker: Amro AlOlaqi<br />
<br />
http://www.isacauae.org/isafe2011/doc/isafe2011brochure.pdf<br />
<br />
https://plus.google.com/photos/117947441088827793360/albums/5712379217298867441?banner=pwa <br />
<br />
<br />
----<br />
<br />
'''IT For Government 2011- DUBAI'''<br />
<br />
''Location:&nbsp;Dusit Thani Hotel - 133, Sheikh Zayed Road <br>'' <br />
<br />
''Date: 4/Oct/2011'' <br />
<br />
''Registration 8:00 AM'' <br />
<br />
''NAUGURAL KEYNOTE PRESENTATION BY His Excellency Salem Khamis Al Shair Al Suwaidi Emirates e-Government Director General''<br />
<br />
OWASP's session: 11:20 PM <br />
Speaker: Amro AlOlaqi <br />
Subject: The Ten Web Application Critical Risks <br />
<br />
For more information about the event, please visit http://www.fleminggulf.com/cms/uploads/conference/downloads/Postshow_report_DBTC15.pdf <br />
<br />
[[Category:United Arab Emirates]]</div>Tarekhttps://wiki.owasp.org/index.php?title=Dubai&diff=226797Dubai2017-02-27T09:44:34Z<p>Tarek: </p>
<hr />
<div>{{Chapter Template|chaptername=Dubai|extra=The chapter leaders are [mailto:amro@owasp.org Amro AlOlaqi] and [mailto:tarek@owasp.org Tarek Naja]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-dubai|emailarchives=http://lists.owasp.org/pipermail/owasp-dubai}} <br />
<br />
<br> <br />
<br />
== Local News ==<br />
<br />
'''OWASP Moves to MediaWiki Portal - 11:15, 20 May 2006 (EDT)'''<br />
<br />
<br />
== Past Events ==<br />
'''7th of Feb 2017 at 12:30pm'''<br />
Abu Dhabi Cyber Resilience & InfoSeC <br />
<br />
Topics:<br />
; Cracking Passwords for Security's Sake <br />
: Speaker: [http://ae.linkedin.com/in/tareknaja Tarek Naja]<br />
: Bio: Tarek is the OWASP UAE chapter leader. He currently the head of information security at a major middle east organization.<br />
<br />
<br />
'''27th of August 2014 at 6:30pm'''<br />
Nakheel Sales Office [https://maps.google.com/maps?q=Nakheel+Sales+Center+-+Al+Sufouh+-+Dubai+-+United+Arab+Emirates&hl=en&ll=25.104759,55.156517&spn=0.038589,0.066047&sll=31.128199,-72.773437&sspn=71.247495,135.263672&oq=Nakheel&dirflg=r&ttype=now&noexp=0&noal=0&sort=def&hq=Nakheel+Sales+Center+-&hnear=Al+Sufouh+-+Dubai+-+United+Arab+Emirates&t=m&z=15 MAP]<br />
Al Sufouh Road,<br />
Jumeirah - Dubai<br />
United Arab Emirates<br />
<br />
Topics:<br />
; OWASP Top 10 A2 - Broken Authentication and session management <br />
: Speaker: [http://ae.linkedin.com/in/tareknaja Tarek Naja]<br />
: Bio: Tarek is the OWASP UAE chapter leader. He is a seasoned security consultant who focuses on penetration testing.<br />
<br />
; OWASP Top 10 A3 - Cross site scripting (XSS)<br />
: Speaker: [http://ae.linkedin.com/in/mhendrickx Michael Hendrickx]<br />
: Bio: Michael is an experienced IT security professional with strong, deep technical knowledge on wide variety of applications. <br />
<br />
----<br />
'''28th of May, 2014. 6:30pm'''<br />
Nakheel Sales Office [https://maps.google.com/maps?q=Nakheel+Sales+Center+-+Al+Sufouh+-+Dubai+-+United+Arab+Emirates&hl=en&ll=25.104759,55.156517&spn=0.038589,0.066047&sll=31.128199,-72.773437&sspn=71.247495,135.263672&oq=Nakheel&dirflg=r&ttype=now&noexp=0&noal=0&sort=def&hq=Nakheel+Sales+Center+-&hnear=Al+Sufouh+-+Dubai+-+United+Arab+Emirates&t=m&z=15 MAP]<br />
Al Sufouh Road,<br />
Jumeirah - Dubai<br />
United Arab Emirates<br />
<br />
We're honored to have our guest speak [http://ae.linkedin.com/pub/ammar-almarzooqi/30/b11/b86 Ammar Almarzooqi] - Chief Information Security Officer at Abu Dhabi Department of Economic Development.<br />
<br />
Ammar will be talking about seamless implementation of security controls. If you're dealing with some elements that are inherently secure, such as an application that cannot be modified, how would you be able to secure your environment? Ammar will be addressing this question and discussing a real case scenario from his organization.<br />
<br />
<br/><br />
Our other presenter is [http://ae.linkedin.com/in/tareknaja Tarek Naja] - Senior Security Consultant. <br />
Tarek will be answering questions about the vulnerability you all heard about recently: Heart Bleed. Tarek specializes in penetration testing, mainly web application and mobile application penetration testing.<br />
<br />
----<br />
'''19th of Feb 2014 at 8pm'''<br />
Cafe Rider [http://cafe-rider.com/styled-4/index.html MAP]<br />
Close to Mall of the Emirates<br />
Al Quoz Industrial - Dubai<br />
United Arab Emirates<br />
<br />
Topics:<br />
; Managing Web & Application Security with OWASP – bringing it all together<br />
: Setting up, managing and improving your global information security organisation using mature OWASP projects and tools. Achieving cost-effective application security and bringing it all together on the management level. A journey through different organisational stages and how OWASP tools help organisations moving forward improving their web and application security. This talk will discuss a number of quick wins and how to effectively manage global security initiatives and use OWASP tools inside your organisation<br />
<br />
; Application Security for managers: OWASP CISO Guide and CISO Survey<br />
: The OWASP CISO guide and CISO report 2013. This talk will present two new OWASP projects, the CISO guide and the newly released results of the OWASP CISO Survey report 2013. Their main goal is to provide guidance on application and web security for senior managers and to introduce Chief Information Security Officers (CISO) to the OWASP Application Security Guide and the results of the CISO Survey. Over the last years, we noticed that application security risks and threats have been on the rise and OWASP has started the CISO survey project to gather intelligence and provide it to CISOs and senior managers in order to improve their security strategies, assess their priorities and learn from their peers about what works best protecting web and application security in organizations across various industries.<br />
<br />
Speaker: [http://hk.linkedin.com/in/gondrom Tobias Gondrom]<br />
<br />
Tobias Gondrom is a global board member of OWASP (Open Web Application Security Project) and CEO at Thames Stanley, a boutique Global CISO and Information Security & Risk Management Advisory based in Hong Kong, United Kingdom and Germany.<br />
<br />
----<br />
'''14th of Dec 2013 at 6-8pm.'''<br />
<br />
MAKE Business Hub [https://maps.google.com/maps?ie=UTF8&q=MAKE+Business+Hub+Cafe&fb=1&hq=make+business+hub&cid=1882949530944650280&hnear=&ll=25.079127,55.136797&spn=0.011816,0.021136&t=m&z=16&vpsrc=0&iwloc=A MAP ]<br />
Al Fattan Tower - Dubai<br />
United Arab Emirates<br />
+971 4 392 9216<br />
Speaker: Peter Dowley <br />
Topic: Security Architecture for Applications, titled "What's the difference between a security bug and a security flaw?"<br />
<br />
Speaker bio : Peter has been working in computer security for over 10 years, after<br />
another decade in other areas of IT - System & infrastructure architecture,<br />
Windows desktop & server design & management, database modelling & design,<br />
programming. He has strong expertise in security architecture (especially<br />
for banking systems) and how this relates to risk and fraud management. He<br />
is a senior security consultant with Hewlett-Packard (HP) in Dubai and has<br />
been based in the Gulf region for 5 years.<br />
<br />
'''Download the presentation:''' [https://www.owasp.org/index.php/File:Security_Bugs_vs_Flaws.pptx "What's the difference between a security bug and a security flaw"]<br />
<br />
----<br />
'''Casual OWASP meetup'''<br />
This will be our first meeting in a while. It will be an opportunity to get introduced to the other members of the OWASP UAE Chapter and discuss the type of events you'd like to see in the future.<br />
<br />
This will be a casual meeting at a Caribou Coffee at DIFC<br />
<br />
http://www.mealadvisors.com/uae/dubai/restaurant/map/branch_id/1294<br />
<br />
Gathering agenda will be:<br />
<br />
Meeting on Saturday the 9th of November 2013 at 6pm.<br />
Introductions<br />
Intro to OWASP<br />
Open discussion about Dubai chapter<br />
Networking<br />
Conclude at 8pm<br />
<br />
----<br />
<br />
'''IDC's IT Security Roadshow 2013 - Dubai '''<br />
<br />
Date and Time : Wednesday, April 3, 2013<br />
Venue: Mina A' Salam Hotel (Madinat Jumeirah)<br />
Web Application Security "Think like a hacker"<br />
Speaker: Amro Alolaqi<br />
<br />
Reference: http://idc-cema.com/eng/events/50679-idc-s-it-security-roadshow-2013/11-speakers <br />
<br />
----<br />
<br />
'''Cyber Security Summit 2012- DUBAI'''<br />
<br />
Date and Time : 2nd & 3rd of October 2012 - 9:00 AM to 4:00 PM<br />
Venue: Grand Hayat - Dubai <br />
Web Application Critical Vulnerabilities (OWASP top ten)<br />
Speaker: Amro AlOlaqi<br />
<br />
http://we-initiative.com/wp-content/uploads/2012/07/Cyber-Security-UAE-2012-EM12.pdf <br />
----<br />
<br />
'''ISACA UAE - ISAFE conference 2011 - Dubai'''<br />
<br />
Date and Time : 18th - 9:00 AM to 4:00 PM<br />
Venue: The Address Hotel - Dubai Mall<br />
Web Application Critical Vulnerabilities and Threat Modeling <br />
Speaker: Amro AlOlaqi<br />
<br />
http://www.isacauae.org/isafe2011/doc/isafe2011brochure.pdf<br />
<br />
https://plus.google.com/photos/117947441088827793360/albums/5712379217298867441?banner=pwa <br />
<br />
<br />
----<br />
<br />
'''IT For Government 2011- DUBAI'''<br />
<br />
''Location:&nbsp;Dusit Thani Hotel - 133, Sheikh Zayed Road <br>'' <br />
<br />
''Date: 4/Oct/2011'' <br />
<br />
''Registration 8:00 AM'' <br />
<br />
''NAUGURAL KEYNOTE PRESENTATION BY His Excellency Salem Khamis Al Shair Al Suwaidi Emirates e-Government Director General''<br />
<br />
OWASP's session: 11:20 PM <br />
Speaker: Amro AlOlaqi <br />
Subject: The Ten Web Application Critical Risks <br />
<br />
For more information about the event, please visit http://www.fleminggulf.com/cms/uploads/conference/downloads/Postshow_report_DBTC15.pdf <br />
<br />
[[Category:United Arab Emirates]]</div>Tarekhttps://wiki.owasp.org/index.php?title=Dubai&diff=226796Dubai2017-02-27T09:44:13Z<p>Tarek: </p>
<hr />
<div>{{Chapter Template|chaptername=Dubai|extra=The chapter leaders are [mailto:amro@owasp.org Amro AlOlaqi] and [mailto:tarek@owasp.org Tarek Naja]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-dubai|emailarchives=http://lists.owasp.org/pipermail/owasp-dubai}} <br />
<br />
<br> <br />
<br />
== Local News ==<br />
<br />
'''OWASP Moves to MediaWiki Portal - 11:15, 20 May 2006 (EDT)'''<br />
<br />
<br />
== Past Events ==<br />
'''77th of Feb 2017 at 12:30pm'''<br />
Abu Dhabi Cyber Resilience & InfoSeC <br />
<br />
Topics:<br />
; Cracking Passwords for Security's Sake <br />
: Speaker: [http://ae.linkedin.com/in/tareknaja Tarek Naja]<br />
: Bio: Tarek is the OWASP UAE chapter leader. He currently the head of information security at a major middle east organization.<br />
<br />
<br />
'''27th of August 2014 at 6:30pm'''<br />
Nakheel Sales Office [https://maps.google.com/maps?q=Nakheel+Sales+Center+-+Al+Sufouh+-+Dubai+-+United+Arab+Emirates&hl=en&ll=25.104759,55.156517&spn=0.038589,0.066047&sll=31.128199,-72.773437&sspn=71.247495,135.263672&oq=Nakheel&dirflg=r&ttype=now&noexp=0&noal=0&sort=def&hq=Nakheel+Sales+Center+-&hnear=Al+Sufouh+-+Dubai+-+United+Arab+Emirates&t=m&z=15 MAP]<br />
Al Sufouh Road,<br />
Jumeirah - Dubai<br />
United Arab Emirates<br />
<br />
Topics:<br />
; OWASP Top 10 A2 - Broken Authentication and session management <br />
: Speaker: [http://ae.linkedin.com/in/tareknaja Tarek Naja]<br />
: Bio: Tarek is the OWASP UAE chapter leader. He is a seasoned security consultant who focuses on penetration testing.<br />
<br />
; OWASP Top 10 A3 - Cross site scripting (XSS)<br />
: Speaker: [http://ae.linkedin.com/in/mhendrickx Michael Hendrickx]<br />
: Bio: Michael is an experienced IT security professional with strong, deep technical knowledge on wide variety of applications. <br />
<br />
----<br />
'''28th of May, 2014. 6:30pm'''<br />
Nakheel Sales Office [https://maps.google.com/maps?q=Nakheel+Sales+Center+-+Al+Sufouh+-+Dubai+-+United+Arab+Emirates&hl=en&ll=25.104759,55.156517&spn=0.038589,0.066047&sll=31.128199,-72.773437&sspn=71.247495,135.263672&oq=Nakheel&dirflg=r&ttype=now&noexp=0&noal=0&sort=def&hq=Nakheel+Sales+Center+-&hnear=Al+Sufouh+-+Dubai+-+United+Arab+Emirates&t=m&z=15 MAP]<br />
Al Sufouh Road,<br />
Jumeirah - Dubai<br />
United Arab Emirates<br />
<br />
We're honored to have our guest speak [http://ae.linkedin.com/pub/ammar-almarzooqi/30/b11/b86 Ammar Almarzooqi] - Chief Information Security Officer at Abu Dhabi Department of Economic Development.<br />
<br />
Ammar will be talking about seamless implementation of security controls. If you're dealing with some elements that are inherently secure, such as an application that cannot be modified, how would you be able to secure your environment? Ammar will be addressing this question and discussing a real case scenario from his organization.<br />
<br />
<br/><br />
Our other presenter is [http://ae.linkedin.com/in/tareknaja Tarek Naja] - Senior Security Consultant. <br />
Tarek will be answering questions about the vulnerability you all heard about recently: Heart Bleed. Tarek specializes in penetration testing, mainly web application and mobile application penetration testing.<br />
<br />
----<br />
'''19th of Feb 2014 at 8pm'''<br />
Cafe Rider [http://cafe-rider.com/styled-4/index.html MAP]<br />
Close to Mall of the Emirates<br />
Al Quoz Industrial - Dubai<br />
United Arab Emirates<br />
<br />
Topics:<br />
; Managing Web & Application Security with OWASP – bringing it all together<br />
: Setting up, managing and improving your global information security organisation using mature OWASP projects and tools. Achieving cost-effective application security and bringing it all together on the management level. A journey through different organisational stages and how OWASP tools help organisations moving forward improving their web and application security. This talk will discuss a number of quick wins and how to effectively manage global security initiatives and use OWASP tools inside your organisation<br />
<br />
; Application Security for managers: OWASP CISO Guide and CISO Survey<br />
: The OWASP CISO guide and CISO report 2013. This talk will present two new OWASP projects, the CISO guide and the newly released results of the OWASP CISO Survey report 2013. Their main goal is to provide guidance on application and web security for senior managers and to introduce Chief Information Security Officers (CISO) to the OWASP Application Security Guide and the results of the CISO Survey. Over the last years, we noticed that application security risks and threats have been on the rise and OWASP has started the CISO survey project to gather intelligence and provide it to CISOs and senior managers in order to improve their security strategies, assess their priorities and learn from their peers about what works best protecting web and application security in organizations across various industries.<br />
<br />
Speaker: [http://hk.linkedin.com/in/gondrom Tobias Gondrom]<br />
<br />
Tobias Gondrom is a global board member of OWASP (Open Web Application Security Project) and CEO at Thames Stanley, a boutique Global CISO and Information Security & Risk Management Advisory based in Hong Kong, United Kingdom and Germany.<br />
<br />
----<br />
'''14th of Dec 2013 at 6-8pm.'''<br />
<br />
MAKE Business Hub [https://maps.google.com/maps?ie=UTF8&q=MAKE+Business+Hub+Cafe&fb=1&hq=make+business+hub&cid=1882949530944650280&hnear=&ll=25.079127,55.136797&spn=0.011816,0.021136&t=m&z=16&vpsrc=0&iwloc=A MAP ]<br />
Al Fattan Tower - Dubai<br />
United Arab Emirates<br />
+971 4 392 9216<br />
Speaker: Peter Dowley <br />
Topic: Security Architecture for Applications, titled "What's the difference between a security bug and a security flaw?"<br />
<br />
Speaker bio : Peter has been working in computer security for over 10 years, after<br />
another decade in other areas of IT - System & infrastructure architecture,<br />
Windows desktop & server design & management, database modelling & design,<br />
programming. He has strong expertise in security architecture (especially<br />
for banking systems) and how this relates to risk and fraud management. He<br />
is a senior security consultant with Hewlett-Packard (HP) in Dubai and has<br />
been based in the Gulf region for 5 years.<br />
<br />
'''Download the presentation:''' [https://www.owasp.org/index.php/File:Security_Bugs_vs_Flaws.pptx "What's the difference between a security bug and a security flaw"]<br />
<br />
----<br />
'''Casual OWASP meetup'''<br />
This will be our first meeting in a while. It will be an opportunity to get introduced to the other members of the OWASP UAE Chapter and discuss the type of events you'd like to see in the future.<br />
<br />
This will be a casual meeting at a Caribou Coffee at DIFC<br />
<br />
http://www.mealadvisors.com/uae/dubai/restaurant/map/branch_id/1294<br />
<br />
Gathering agenda will be:<br />
<br />
Meeting on Saturday the 9th of November 2013 at 6pm.<br />
Introductions<br />
Intro to OWASP<br />
Open discussion about Dubai chapter<br />
Networking<br />
Conclude at 8pm<br />
<br />
----<br />
<br />
'''IDC's IT Security Roadshow 2013 - Dubai '''<br />
<br />
Date and Time : Wednesday, April 3, 2013<br />
Venue: Mina A' Salam Hotel (Madinat Jumeirah)<br />
Web Application Security "Think like a hacker"<br />
Speaker: Amro Alolaqi<br />
<br />
Reference: http://idc-cema.com/eng/events/50679-idc-s-it-security-roadshow-2013/11-speakers <br />
<br />
----<br />
<br />
'''Cyber Security Summit 2012- DUBAI'''<br />
<br />
Date and Time : 2nd & 3rd of October 2012 - 9:00 AM to 4:00 PM<br />
Venue: Grand Hayat - Dubai <br />
Web Application Critical Vulnerabilities (OWASP top ten)<br />
Speaker: Amro AlOlaqi<br />
<br />
http://we-initiative.com/wp-content/uploads/2012/07/Cyber-Security-UAE-2012-EM12.pdf <br />
----<br />
<br />
'''ISACA UAE - ISAFE conference 2011 - Dubai'''<br />
<br />
Date and Time : 18th - 9:00 AM to 4:00 PM<br />
Venue: The Address Hotel - Dubai Mall<br />
Web Application Critical Vulnerabilities and Threat Modeling <br />
Speaker: Amro AlOlaqi<br />
<br />
http://www.isacauae.org/isafe2011/doc/isafe2011brochure.pdf<br />
<br />
https://plus.google.com/photos/117947441088827793360/albums/5712379217298867441?banner=pwa <br />
<br />
<br />
----<br />
<br />
'''IT For Government 2011- DUBAI'''<br />
<br />
''Location:&nbsp;Dusit Thani Hotel - 133, Sheikh Zayed Road <br>'' <br />
<br />
''Date: 4/Oct/2011'' <br />
<br />
''Registration 8:00 AM'' <br />
<br />
''NAUGURAL KEYNOTE PRESENTATION BY His Excellency Salem Khamis Al Shair Al Suwaidi Emirates e-Government Director General''<br />
<br />
OWASP's session: 11:20 PM <br />
Speaker: Amro AlOlaqi <br />
Subject: The Ten Web Application Critical Risks <br />
<br />
For more information about the event, please visit http://www.fleminggulf.com/cms/uploads/conference/downloads/Postshow_report_DBTC15.pdf <br />
<br />
[[Category:United Arab Emirates]]</div>Tarekhttps://wiki.owasp.org/index.php?title=File:Santoku.png&diff=153109File:Santoku.png2013-06-07T10:56:05Z<p>Tarek: uploaded a new version of &quot;File:Santoku.png&quot;: Reverted to version as of 11:58, 6 June 2013</p>
<hr />
<div>santoku screenshot</div>Tarekhttps://wiki.owasp.org/index.php?title=File:Santoku.png&diff=153108File:Santoku.png2013-06-07T10:55:36Z<p>Tarek: uploaded a new version of &quot;File:Santoku.png&quot;</p>
<hr />
<div>santoku screenshot</div>Tarekhttps://wiki.owasp.org/index.php?title=SettingupMobileTestingLab&diff=153107SettingupMobileTestingLab2013-06-07T10:52:18Z<p>Tarek: </p>
<hr />
<div>This document details how to set up an Android lab so you can perform mobile app assessments without the need for a physical mobile phone. It will discuss some of the common and useful tools, what their purposes are and how they can be used.<br />
<br />
The prerequisites are simple: Java and an OS.<br />
<br />
URL: http://java.com/en/download/index.jsp<br />
<br />
<br />
<br />
== Install Android Software Development Kit (SDK) ==<br />
<br />
“The Android SDK provides you the API libraries and developer tools necessary to build, test, and debug apps for Android”. There are two parts to SDK. The SDK manager where you can install the tools and the Android versions of your choice. And the AVD (android virtual device) manager (we'll get to that in a minute). That's what creates the emulator that we'll be playing around with.<br />
<br />
URL: http://developer.android.com/sdk/index.html<br />
<br />
<br />
== Install tools ==<br />
<br />
Install the tools and the Android OS. At a minimum you'll want the SDK tools and SDK platform tools which we'll use later on. Then choose an Android version. There's a long list of Android versions and other extras. It's a straight forward install process but it might take a while.<br />
<br />
[[File:1-_sdk_manager.png]]<br />
<br />
== Emulator ==<br />
<br />
Step three is to set up an Android emulator. You do this using the AVD manager which is part of the SDK tool. AVD stands for Android Virtual Device and it looks like the picture below.<br />
<br />
[[File:install emulator.png]]<br />
<br />
Once the installation is complete you'll need to create a new AVD simply by clicking on New on the Android Virtual Device Manager<br />
<br />
[[File:andoird avd new.png]]<br />
<br />
== Create AVD ==<br />
<br />
Enter a name for your virtualized Android, and select the version of Android you want to use from the drop-down menu if you've installed different versions. Enter a size under the SD Card entry; this is a virtual SD card that’s actually an IMG file that Android will use to store your settings and files in.<br />
<br />
[[File:create avd.png]]<br />
<br />
== Start Emulator ==<br />
<br />
By now you'll have a fully functioning emulator that you can use just like your phone. One thing you'll notice missing is the Android market or play store which you usually use to download and install applications. The good news is that we don't need it... for now.<br />
<br />
[[File:working emulator.png]]<br />
<br />
== Install apk ==<br />
<br />
without the need of the android market we can install the application directly if we have the .apk file. This is the Android Application Package (APK) file. In reality it's a zipped file based on JAR format which will come in handy when we try to reverse the application later.<br />
<br />
[[File:apk.png]]<br />
<br />
== ADB ==<br />
<br />
To install apk file we use the Android Debugging Bridge. The ADB tool part of the platform-tools we installed with the SDK manager at the beginning. It's got a lot of uses one of which is to install and uninstall app. We do this by typing going to the platform-tools directory and lunching adb with the install command while the emulator is running<br />
<br />
[[File:adb install.png]]<br />
<br />
== Proxy ==<br />
<br />
Start up the emulator using the proxy command to tell it to tunnel traffic through your local proxy. In this current setup you'll also be able to test https website but you'll not be able to authenticate if there's a login page because of certificate errors. There seems to be a lot of ways documented to overcome this. One my favorite is using Mallory.<br />
<br />
[[File:proxy command.png]]<br />
<br />
== Mallory ==<br />
<br />
What if the application you're testing that doesn't use standard http/s but instead uses some proprietary protocol? There's a tool for that called Mallory. It's a very effective transparent TCP/UDP proxy. Setting it up is a bit tedious but the process is well documented online.<br />
<br />
[[File:mallory.png]]<br />
<br />
== Decompiling app (jd-gui) ==<br />
<br />
Apart from treating the application as a regular application there are a few other things to do. One is trying to decompile the application. We already mentioned that the .apk is a compressed JAR format and so it can easily be decompiled using numerous tools.<br />
<br />
<br />
== Shell ==<br />
<br />
We can browse the application directory using the adb tool. By issuing the shell command we can browse to the /data/data folder where the packages are installed. We can then look for interesting information such as encryption keys in xml files<br />
<br />
[[File:shell.png]]<br />
<br />
== Memory ==<br />
<br />
Android ships with a debugging tool called the Dalvik Debug Monitor Server (DDMS). This is part of the Eclipse tool suite so obviously we need to install Eclipe. We can use this to obtain a memory dump of the application during runtime. This hopefully will yield some good information.<br />
<br />
[[File:ddms.png]]<br />
<br />
== Memory Analyzer ==<br />
<br />
Once we create a dump we can analyze it using a tool called the (can any one guess) Memory Analyzer which is part of Eclipse. However before we can do that we need to convert the dump to the proper hprof format using hprof-conv in sdk<br />
<br />
[[File:mem analyzer.png]]<br />
<br />
== Santoku ==<br />
<br />
Now if all this sounds like a lot of work luckily there's a ready made Linux distro called Santoku that has all the tools preinstalled.<br />
<br />
[[File:Santoku.png]]</div>Tarekhttps://wiki.owasp.org/index.php?title=File:Santoku.png&diff=153028File:Santoku.png2013-06-06T11:58:08Z<p>Tarek: santoku screenshot</p>
<hr />
<div>santoku screenshot</div>Tarekhttps://wiki.owasp.org/index.php?title=File:Mem_analyzer.png&diff=153027File:Mem analyzer.png2013-06-06T11:57:15Z<p>Tarek: eclipse memory analyze screenshot</p>
<hr />
<div>eclipse memory analyze screenshot</div>Tarekhttps://wiki.owasp.org/index.php?title=File:Ddms.png&diff=153026File:Ddms.png2013-06-06T11:56:32Z<p>Tarek: Dalvik Debug Monitor Server (DDMS) screenshot</p>
<hr />
<div>Dalvik Debug Monitor Server (DDMS) screenshot</div>Tarekhttps://wiki.owasp.org/index.php?title=File:Shell.png&diff=153025File:Shell.png2013-06-06T11:55:33Z<p>Tarek: android emulator shell command</p>
<hr />
<div>android emulator shell command</div>Tarekhttps://wiki.owasp.org/index.php?title=File:Mallory.png&diff=153024File:Mallory.png2013-06-06T11:55:09Z<p>Tarek: mallory proxy logo</p>
<hr />
<div>mallory proxy logo</div>Tarekhttps://wiki.owasp.org/index.php?title=File:Proxy_command.png&diff=153021File:Proxy command.png2013-06-06T11:54:16Z<p>Tarek: android emulator http proxy command</p>
<hr />
<div>android emulator http proxy command</div>Tarekhttps://wiki.owasp.org/index.php?title=File:Adb_install.png&diff=153020File:Adb install.png2013-06-06T11:53:57Z<p>Tarek: install Android Debugging Bridge (adb) command</p>
<hr />
<div>install Android Debugging Bridge (adb) command</div>Tarekhttps://wiki.owasp.org/index.php?title=File:Apk.png&diff=153018File:Apk.png2013-06-06T11:53:19Z<p>Tarek: android package (apk) screenshot</p>
<hr />
<div>android package (apk) screenshot</div>Tarekhttps://wiki.owasp.org/index.php?title=SettingupMobileTestingLab&diff=153016SettingupMobileTestingLab2013-06-06T11:52:42Z<p>Tarek: </p>
<hr />
<div>This document details how to set up an Android lab so you can perform mobile app assessments without the need for a physical mobile phone. It will discuss some of the common and useful tools, what their purposes are and how they can be used.<br />
<br />
The prerequisites are simple: Java and an OS.<br />
<br />
URL: http://java.com/en/download/index.jsp<br />
<br />
<br />
<br />
== Install Android Software Development Kit (SDK) ==<br />
<br />
“The Android SDK provides you the API libraries and developer tools necessary to build, test, and debug apps for Android”. There are two parts to SDK. The SDK manager where you can install the tools and the Android versions of your choice. And the AVD (android virtual device) manager (we'll get to that in a minute). That's what creates the emulator that we'll be playing around with.<br />
<br />
URL: http://developer.android.com/sdk/index.html<br />
<br />
<br />
== Install tools ==<br />
<br />
Install the tools and the Android OS. At a minimum you'll want the SDK tools and SDK platform tools which we'll use later on. Then choose an Android version. There's a long list of Android versions and other extras. It's a straight forward install process but it might take a while.<br />
<br />
[[File:1-_sdk_manager.png]]<br />
<br />
== Emulator ==<br />
<br />
Step three is to set up an Android emulator. You do this using the AVD manager which is part of the SDK tool. AVD stands for Android Virtual Device and it looks like the picture below.<br />
<br />
[[File:install emulator.png]]<br />
<br />
Once the installation is complete you'll need to create a new AVD simply by clicking on New on the Android Virtual Device Manager<br />
<br />
[[File:andoird avd new.png]]<br />
<br />
== Create AVD ==<br />
<br />
Enter a name for your virtualized Android, and select the version of Android you want to use from the drop-down menu if you've installed different versions. Enter a size under the SD Card entry; this is a virtual SD card that’s actually an IMG file that Android will use to store your settings and files in.<br />
<br />
[[File:create avd.png]]<br />
<br />
== Start Emulator ==<br />
<br />
By now you'll have a fully functioning emulator that you can use just like your phone. One thing you'll notice missing is the Android market or play store which you usually use to download and install applications. The good news is that we don't need it... for now.<br />
<br />
[[File:working emulator.png]]<br />
<br />
== Install apk ==<br />
<br />
without the need of the android market we can install the application directly if we have the .apk file. This is the Android Application Package (APK) file. In reality it's a zipped file based on JAR format which will come in handy when we try to reverse the application later.<br />
<br />
[[File:apk.png]]<br />
<br />
== ADB ==<br />
<br />
To install apk file we use the Android Debugging Bridge. The ADB tool part of the platform-tools we installed with the SDK manager at the beginning. It's got a lot of uses one of which is to install and uninstall app. We do this by typing going to the platform-tools directory and lunching adb with the install command while the emulator is running<br />
<br />
[[File:adb install.png]]<br />
<br />
== Proxy ==<br />
<br />
Start up the emulator using the proxy command to tell it to tunnel traffic through your local proxy. In this current setup you'll also be able to test https website but you'll not be able to authenticate if there's a login page because of certificate errors. There seems to be a lot of ways documented to overcome this. One my favorite is using Mallory.<br />
<br />
[[File:proxy command.png]]<br />
<br />
== Mallory ==<br />
<br />
What if the application you're testing that doesn't use standard http/s but instead uses some proprietary protocol? There's a tool for that called Mallory. It's a very effective transparent TCP/UDP proxy. Setting it up is a bit tedious but the process is well documented online.<br />
<br />
[[File:mallory.png]]<br />
<br />
== Decompiling app (jd-gui) ==<br />
<br />
Apart from treating the application as a regular application there are a few other things to do. One is trying to decompile the application. We already mentioned that the .apk is a compressed JAR format and so it can easily be decompiled using numerous tools.<br />
<br />
<br />
== Shell ==<br />
<br />
We can browse the application directory using the adb tool. By issuing the shell command we can browse to the /data/data folder where the packages are installed. We can then look for interesting information such as encryption keys in xml files<br />
<br />
[[File:shell.png]]<br />
<br />
== Memory ==<br />
<br />
Android ships with a debugging tool called the Dalvik Debug Monitor Server (DDMS). This is part of the Eclipse tool suite so obviously we need to install Eclipe. We can use this to obtain a memory dump of the application during runtime. This hopefully will yield some good information.<br />
<br />
[[File:ddms.png]]<br />
<br />
== Memory Analyzer ==<br />
<br />
Once we create a dump we can analyze it using a tool called the (can any one guess) Memory Analyzer which is part of Eclipse. However before we can do that we need to convert the dump to the proper hprof format using hprof-conv in sdk<br />
<br />
[[File:mem analyzer.png]]<br />
<br />
== Santoku ==<br />
<br />
Now if all this sounds like a lot of work luckily the good guys at OWASP has saved us a lot of trouble. OWASPhas created a backtrack like OSfor mobile testing called Santoku.<br />
<br />
[[File:Santoku.png]]</div>Tarekhttps://wiki.owasp.org/index.php?title=File:Working_emulator.png&diff=153015File:Working emulator.png2013-06-06T11:52:30Z<p>Tarek: android emulator screenshot</p>
<hr />
<div>android emulator screenshot</div>Tarekhttps://wiki.owasp.org/index.php?title=File:Create_avd.png&diff=153014File:Create avd.png2013-06-06T11:51:52Z<p>Tarek: create android virtual device (avd)</p>
<hr />
<div>create android virtual device (avd)</div>Tarekhttps://wiki.owasp.org/index.php?title=File:Andoird_avd_new.png&diff=153012File:Andoird avd new.png2013-06-06T11:51:13Z<p>Tarek: create new android emulator screenshot</p>
<hr />
<div>create new android emulator screenshot</div>Tarekhttps://wiki.owasp.org/index.php?title=SettingupMobileTestingLab&diff=153011SettingupMobileTestingLab2013-06-06T11:50:36Z<p>Tarek: </p>
<hr />
<div>This document details how to set up an Android lab so you can perform mobile app assessments without the need for a physical mobile phone. It will discuss some of the common and useful tools, what their purposes are and how they can be used.<br />
<br />
The prerequisites are simple: Java and an OS.<br />
<br />
URL: http://java.com/en/download/index.jsp<br />
<br />
<br />
<br />
== Install Android Software Development Kit (SDK) ==<br />
<br />
“The Android SDK provides you the API libraries and developer tools necessary to build, test, and debug apps for Android”. There are two parts to SDK. The SDK manager where you can install the tools and the Android versions of your choice. And the AVD (android virtual device) manager (we'll get to that in a minute). That's what creates the emulator that we'll be playing around with.<br />
<br />
URL: http://developer.android.com/sdk/index.html<br />
<br />
<br />
== Install tools ==<br />
<br />
Install the tools and the Android OS. At a minimum you'll want the SDK tools and SDK platform tools which we'll use later on. Then choose an Android version. There's a long list of Android versions and other extras. It's a straight forward install process but it might take a while.<br />
<br />
[[File:1-_sdk_manager.png]]<br />
<br />
== Emulator ==<br />
<br />
Step three is to set up an Android emulator. You do this using the AVD manager which is part of the SDK tool. AVD stands for Android Virtual Device and it looks like the picture below.<br />
<br />
[[File:install emulator.png]]<br />
<br />
Once the installation is complete you'll need to create a new AVD simply by clicking on New on the Android Virtual Device Manager<br />
<br />
[[File:andoird avd new.png]]<br />
<br />
== Create AVD ==<br />
<br />
Enter a name for your virtualized Android, and select the version of Android you want to use from the drop-down menu if you've installed different versions. Enter a size under the SD Card entry; this is a virtual SD card that’s actually an IMG file that Android will use to store your settings and files in.<br />
<br />
[[File:create avd.png]]<br />
<br />
== Start Emulator ==<br />
<br />
By now you'll have a fully functioning emulator that you can use just like your phone. One thing you'll notice missing is the Android market or play store which you usually use to download and install applications. The good news is that we don't need it... for now.<br />
<br />
[[File:working emulator.png]]<br />
<br />
== Install apk ==<br />
<br />
without the need of the android market we can install the application directly if we have the .apk file. This is the Android Application Package (APK) file. In reality it's a zipped file based on JAR format which will come in handy when we try to reverse the application later.<br />
<br />
[[File:apk.pgn]]<br />
<br />
== ADB ==<br />
<br />
To install apk file we use the Android Debugging Bridge. The ADB tool part of the platform-tools we installed with the SDK manager at the beginning. It's got a lot of uses one of which is to install and uninstall app. We do this by typing going to the platform-tools directory and lunching adb with the install command while the emulator is running<br />
<br />
[[File:adb install.png]]<br />
<br />
== Proxy ==<br />
<br />
Start up the emulator using the proxy command to tell it to tunnel traffic through your local proxy. In this current setup you'll also be able to test https website but you'll not be able to authenticate if there's a login page because of certificate errors. There seems to be a lot of ways documented to overcome this. One my favorite is using Mallory.<br />
<br />
[[File:proxy command.png]]<br />
<br />
== Mallory ==<br />
<br />
What if the application you're testing that doesn't use standard http/s but instead uses some proprietary protocol? There's a tool for that called Mallory. It's a very effective transparent TCP/UDP proxy. Setting it up is a bit tedious but the process is well documented online.<br />
<br />
[[File:mallory.png]]<br />
<br />
== Decompiling app (jd-gui) ==<br />
<br />
Apart from treating the application as a regular application there are a few other things to do. One is trying to decompile the application. We already mentioned that the .apk is a compressed JAR format and so it can easily be decompiled using numerous tools.<br />
<br />
<br />
== Shell ==<br />
<br />
We can browse the application directory using the adb tool. By issuing the shell command we can browse to the /data/data folder where the packages are installed. We can then look for interesting information such as encryption keys in xml files<br />
<br />
[[File:shell.png]]<br />
<br />
== Memory ==<br />
<br />
Android ships with a debugging tool called the Dalvik Debug Monitor Server (DDMS). This is part of the Eclipse tool suite so obviously we need to install Eclipe. We can use this to obtain a memory dump of the application during runtime. This hopefully will yield some good information.<br />
<br />
[[File:ddms.png]]<br />
<br />
== Memory Analyzer ==<br />
<br />
Once we create a dump we can analyze it using a tool called the (can any one guess) Memory Analyzer which is part of Eclipse. However before we can do that we need to convert the dump to the proper hprof format using hprof-conv in sdk<br />
<br />
[[File:mem analyzer.png]]<br />
<br />
== Santoku ==<br />
<br />
Now if all this sounds like a lot of work luckily the good guys at OWASP has saved us a lot of trouble. OWASPhas created a backtrack like OSfor mobile testing called Santoku.<br />
<br />
[[File:Santoku.png]]</div>Tarekhttps://wiki.owasp.org/index.php?title=SettingupMobileTestingLab&diff=153009SettingupMobileTestingLab2013-06-06T11:50:12Z<p>Tarek: </p>
<hr />
<div>This document details how to set up an Android lab so you can perform mobile app assessments without the need for a physical mobile phone. It will discuss some of the common and useful tools, what their purposes are and how they can be used.<br />
<br />
The prerequisites are simple: Java and an OS.<br />
<br />
URL: http://java.com/en/download/index.jsp<br />
<br />
<br />
<br />
== Install Android Software Development Kit (SDK) ==<br />
<br />
“The Android SDK provides you the API libraries and developer tools necessary to build, test, and debug apps for Android”. There are two parts to SDK. The SDK manager where you can install the tools and the Android versions of your choice. And the AVD (android virtual device) manager (we'll get to that in a minute). That's what creates the emulator that we'll be playing around with.<br />
<br />
URL: http://developer.android.com/sdk/index.html<br />
<br />
<br />
== Install tools ==<br />
<br />
Install the tools and the Android OS. At a minimum you'll want the SDK tools and SDK platform tools which we'll use later on. Then choose an Android version. There's a long list of Android versions and other extras. It's a straight forward install process but it might take a while.<br />
<br />
[[File:1-_sdk_manager.png]]<br />
<br />
== Emulator ==<br />
<br />
Step three is to set up an Android emulator. You do this using the AVD manager which is part of the SDK tool. AVD stands for Android Virtual Device and it looks like the picture below.<br />
<br />
[[File:install emulator.png]]<br />
<br />
Once the installation is complete you'll need to create a new AVD simply by clicking on New on the Android Virtual Device Manager<br />
<br />
[[File:andoird avd new.pgn]]<br />
<br />
== Create AVD ==<br />
<br />
Enter a name for your virtualized Android, and select the version of Android you want to use from the drop-down menu if you've installed different versions. Enter a size under the SD Card entry; this is a virtual SD card that’s actually an IMG file that Android will use to store your settings and files in.<br />
<br />
[[File:create avd.png]]<br />
<br />
== Start Emulator ==<br />
<br />
By now you'll have a fully functioning emulator that you can use just like your phone. One thing you'll notice missing is the Android market or play store which you usually use to download and install applications. The good news is that we don't need it... for now.<br />
<br />
[[File:working emulator.png]]<br />
<br />
== Install apk ==<br />
<br />
without the need of the android market we can install the application directly if we have the .apk file. This is the Android Application Package (APK) file. In reality it's a zipped file based on JAR format which will come in handy when we try to reverse the application later.<br />
<br />
[[File:apk.pgn]]<br />
<br />
== ADB ==<br />
<br />
To install apk file we use the Android Debugging Bridge. The ADB tool part of the platform-tools we installed with the SDK manager at the beginning. It's got a lot of uses one of which is to install and uninstall app. We do this by typing going to the platform-tools directory and lunching adb with the install command while the emulator is running<br />
<br />
[[File:adb install.png]]<br />
<br />
== Proxy ==<br />
<br />
Start up the emulator using the proxy command to tell it to tunnel traffic through your local proxy. In this current setup you'll also be able to test https website but you'll not be able to authenticate if there's a login page because of certificate errors. There seems to be a lot of ways documented to overcome this. One my favorite is using Mallory.<br />
<br />
[[File:proxy command.png]]<br />
<br />
== Mallory ==<br />
<br />
What if the application you're testing that doesn't use standard http/s but instead uses some proprietary protocol? There's a tool for that called Mallory. It's a very effective transparent TCP/UDP proxy. Setting it up is a bit tedious but the process is well documented online.<br />
<br />
[[File:mallory.png]]<br />
<br />
== Decompiling app (jd-gui) ==<br />
<br />
Apart from treating the application as a regular application there are a few other things to do. One is trying to decompile the application. We already mentioned that the .apk is a compressed JAR format and so it can easily be decompiled using numerous tools.<br />
<br />
<br />
== Shell ==<br />
<br />
We can browse the application directory using the adb tool. By issuing the shell command we can browse to the /data/data folder where the packages are installed. We can then look for interesting information such as encryption keys in xml files<br />
<br />
[[File:shell.png]]<br />
<br />
== Memory ==<br />
<br />
Android ships with a debugging tool called the Dalvik Debug Monitor Server (DDMS). This is part of the Eclipse tool suite so obviously we need to install Eclipe. We can use this to obtain a memory dump of the application during runtime. This hopefully will yield some good information.<br />
<br />
[[File:ddms.png]]<br />
<br />
== Memory Analyzer ==<br />
<br />
Once we create a dump we can analyze it using a tool called the (can any one guess) Memory Analyzer which is part of Eclipse. However before we can do that we need to convert the dump to the proper hprof format using hprof-conv in sdk<br />
<br />
[[File:mem analyzer.png]]<br />
<br />
== Santoku ==<br />
<br />
Now if all this sounds like a lot of work luckily the good guys at OWASP has saved us a lot of trouble. OWASPhas created a backtrack like OSfor mobile testing called Santoku.<br />
<br />
[[File:Santoku.png]]</div>Tarekhttps://wiki.owasp.org/index.php?title=File:Install_emulator.png&diff=153007File:Install emulator.png2013-06-06T11:47:01Z<p>Tarek: install android emulator screenshot</p>
<hr />
<div>install android emulator screenshot</div>Tarekhttps://wiki.owasp.org/index.php?title=SettingupMobileTestingLab&diff=153006SettingupMobileTestingLab2013-06-06T11:46:20Z<p>Tarek: </p>
<hr />
<div>This document details how to set up an Android lab so you can perform mobile app assessments without the need for a physical mobile phone. It will discuss some of the common and useful tools, what their purposes are and how they can be used.<br />
<br />
The prerequisites are simple: Java and an OS.<br />
<br />
URL: http://java.com/en/download/index.jsp<br />
<br />
<br />
<br />
== Install Android Software Development Kit (SDK) ==<br />
<br />
“The Android SDK provides you the API libraries and developer tools necessary to build, test, and debug apps for Android”. There are two parts to SDK. The SDK manager where you can install the tools and the Android versions of your choice. And the AVD (android virtual device) manager (we'll get to that in a minute). That's what creates the emulator that we'll be playing around with.<br />
<br />
URL: http://developer.android.com/sdk/index.html<br />
<br />
<br />
== Install tools ==<br />
<br />
Install the tools and the Android OS. At a minimum you'll want the SDK tools and SDK platform tools which we'll use later on. Then choose an Android version. There's a long list of Android versions and other extras. It's a straight forward install process but it might take a while.<br />
<br />
[[File:1-_sdk_manager.png]]<br />
<br />
== Emulator ==<br />
<br />
Step three is to set up an Android emulator. You do this using the AVD manager which is part of the SDK tool. AVD stands for Android Virtual Device and it looks like the picture below. You click on New and here's what these options mean.<br />
<br />
[[File:install emulator.png]]<br />
<br />
== Create AVD ==<br />
<br />
Enter a name for your virtualized Android, and select the version of Android you want to use from the drop-down menu if you've installed different versions. Enter a size under the SD Card entry; this is a virtual SD card that’s actually an IMG file that Android will use to store your settings and files in.<br />
<br />
[[File:create avd.png]]<br />
<br />
== Start Emulator ==<br />
<br />
By now you'll have a fully functioning emulator that you can use just like your phone. One thing you'll notice missing is the Android market or play store which you usually use to download and install applications. The good news is that we don't need it... for now.<br />
<br />
[[File:working emulator.png]]<br />
<br />
== Install apk ==<br />
<br />
without the need of the android market we can install the application directly if we have the .apk file. This is the Android Application Package (APK) file. In reality it's a zipped file based on JAR format which will come in handy when we try to reverse the application later.<br />
<br />
[[File:apk.pgn]]<br />
<br />
== ADB ==<br />
<br />
To install apk file we use the Android Debugging Bridge. The ADB tool part of the platform-tools we installed with the SDK manager at the beginning. It's got a lot of uses one of which is to install and uninstall app. We do this by typing going to the platform-tools directory and lunching adb with the install command while the emulator is running<br />
<br />
[[File:adb install.png]]<br />
<br />
== Proxy ==<br />
<br />
Start up the emulator using the proxy command to tell it to tunnel traffic through your local proxy. In this current setup you'll also be able to test https website but you'll not be able to authenticate if there's a login page because of certificate errors. There seems to be a lot of ways documented to overcome this. One my favorite is using Mallory.<br />
<br />
[[File:proxy command.png]]<br />
<br />
== Mallory ==<br />
<br />
What if the application you're testing that doesn't use standard http/s but instead uses some proprietary protocol? There's a tool for that called Mallory. It's a very effective transparent TCP/UDP proxy. Setting it up is a bit tedious but the process is well documented online.<br />
<br />
[[File:mallory.png]]<br />
<br />
== Decompiling app (jd-gui) ==<br />
<br />
Apart from treating the application as a regular application there are a few other things to do. One is trying to decompile the application. We already mentioned that the .apk is a compressed JAR format and so it can easily be decompiled using numerous tools.<br />
<br />
<br />
== Shell ==<br />
<br />
We can browse the application directory using the adb tool. By issuing the shell command we can browse to the /data/data folder where the packages are installed. We can then look for interesting information such as encryption keys in xml files<br />
<br />
[[File:shell.png]]<br />
<br />
== Memory ==<br />
<br />
Android ships with a debugging tool called the Dalvik Debug Monitor Server (DDMS). This is part of the Eclipse tool suite so obviously we need to install Eclipe. We can use this to obtain a memory dump of the application during runtime. This hopefully will yield some good information.<br />
<br />
[[File:ddms.png]]<br />
<br />
== Memory Analyzer ==<br />
<br />
Once we create a dump we can analyze it using a tool called the (can any one guess) Memory Analyzer which is part of Eclipse. However before we can do that we need to convert the dump to the proper hprof format using hprof-conv in sdk<br />
<br />
[[File:mem analyzer.png]]<br />
<br />
== Santoku ==<br />
<br />
Now if all this sounds like a lot of work luckily the good guys at OWASP has saved us a lot of trouble. OWASPhas created a backtrack like OSfor mobile testing called Santoku.<br />
<br />
[[File:Santoku.png]]</div>Tarekhttps://wiki.owasp.org/index.php?title=SettingupMobileTestingLab&diff=153005SettingupMobileTestingLab2013-06-06T11:44:58Z<p>Tarek: </p>
<hr />
<div>This document details how to set up an Android lab so you can perform mobile app assessments without the need for a physical mobile phone. It will discuss some of the common and useful tools, what their purposes are and how they can be used.<br />
<br />
The prerequisites are simple: Java and an OS.<br />
<br />
URL: http://java.com/en/download/index.jsp<br />
<br />
<br />
<br />
== Install Android Software Development Kit (SDK) ==<br />
<br />
“The Android SDK provides you the API libraries and developer tools necessary to build, test, and debug apps for Android”. There are two parts to SDK. The SDK manager where you can install the tools and the Android versions of your choice. And the AVD (android virtual device) manager (we'll get to that in a minute). That's what creates the emulator that we'll be playing around with.<br />
<br />
URL: http://developer.android.com/sdk/index.html<br />
<br />
<br />
== Install tools ==<br />
<br />
Install the tools and the Android OS. At a minimum you'll want the SDK tools and SDK platform tools which we'll use later on. Then choose an Android version. There's a long list of Android versions and other extras. It's a straight forward install process but it might take a while.<br />
<br />
[[File:sdk manager.png]]<br />
<br />
== Emulator ==<br />
<br />
Step three is to set up an Android emulator. You do this using the AVD manager which is part of the SDK tool. AVD stands for Android Virtual Device and it looks like the picture below. You click on New and here's what these options mean.<br />
<br />
[[File:install emulator.png]]<br />
<br />
== Create AVD ==<br />
<br />
Enter a name for your virtualized Android, and select the version of Android you want to use from the drop-down menu if you've installed different versions. Enter a size under the SD Card entry; this is a virtual SD card that’s actually an IMG file that Android will use to store your settings and files in.<br />
<br />
[[File:create avd.png]]<br />
<br />
== Start Emulator ==<br />
<br />
By now you'll have a fully functioning emulator that you can use just like your phone. One thing you'll notice missing is the Android market or play store which you usually use to download and install applications. The good news is that we don't need it... for now.<br />
<br />
[[File:working emulator.png]]<br />
<br />
== Install apk ==<br />
<br />
without the need of the android market we can install the application directly if we have the .apk file. This is the Android Application Package (APK) file. In reality it's a zipped file based on JAR format which will come in handy when we try to reverse the application later.<br />
<br />
[[File:apk.pgn]]<br />
<br />
== ADB ==<br />
<br />
To install apk file we use the Android Debugging Bridge. The ADB tool part of the platform-tools we installed with the SDK manager at the beginning. It's got a lot of uses one of which is to install and uninstall app. We do this by typing going to the platform-tools directory and lunching adb with the install command while the emulator is running<br />
<br />
[[File:adb install.png]]<br />
<br />
== Proxy ==<br />
<br />
Start up the emulator using the proxy command to tell it to tunnel traffic through your local proxy. In this current setup you'll also be able to test https website but you'll not be able to authenticate if there's a login page because of certificate errors. There seems to be a lot of ways documented to overcome this. One my favorite is using Mallory.<br />
<br />
[[File:proxy command.png]]<br />
<br />
== Mallory ==<br />
<br />
What if the application you're testing that doesn't use standard http/s but instead uses some proprietary protocol? There's a tool for that called Mallory. It's a very effective transparent TCP/UDP proxy. Setting it up is a bit tedious but the process is well documented online.<br />
<br />
[[File:mallory.png]]<br />
<br />
== Decompiling app (jd-gui) ==<br />
<br />
Apart from treating the application as a regular application there are a few other things to do. One is trying to decompile the application. We already mentioned that the .apk is a compressed JAR format and so it can easily be decompiled using numerous tools.<br />
<br />
<br />
== Shell ==<br />
<br />
We can browse the application directory using the adb tool. By issuing the shell command we can browse to the /data/data folder where the packages are installed. We can then look for interesting information such as encryption keys in xml files<br />
<br />
[[File:shell.png]]<br />
<br />
== Memory ==<br />
<br />
Android ships with a debugging tool called the Dalvik Debug Monitor Server (DDMS). This is part of the Eclipse tool suite so obviously we need to install Eclipe. We can use this to obtain a memory dump of the application during runtime. This hopefully will yield some good information.<br />
<br />
[[File:ddms.png]]<br />
<br />
== Memory Analyzer ==<br />
<br />
Once we create a dump we can analyze it using a tool called the (can any one guess) Memory Analyzer which is part of Eclipse. However before we can do that we need to convert the dump to the proper hprof format using hprof-conv in sdk<br />
<br />
[[File:mem analyzer.png]]<br />
<br />
== Santoku ==<br />
<br />
Now if all this sounds like a lot of work luckily the good guys at OWASP has saved us a lot of trouble. OWASPhas created a backtrack like OSfor mobile testing called Santoku.<br />
<br />
[[File:Santoku.png]]</div>Tarekhttps://wiki.owasp.org/index.php?title=File:1-_sdk_manager.png&diff=153004File:1- sdk manager.png2013-06-06T11:38:10Z<p>Tarek: </p>
<hr />
<div></div>Tarekhttps://wiki.owasp.org/index.php?title=SettingupMobileTestingLab&diff=153003SettingupMobileTestingLab2013-06-06T11:32:55Z<p>Tarek: </p>
<hr />
<div>This document details how to set up an Android lab so you can perform mobile app assessments without the need for a physical mobile phone. It will discuss some of the common and useful tools, what their purposes are and how they can be used.<br />
<br />
The prerequisites are simple: Java and an OS.<br />
<br />
URL: http://java.com/en/download/index.jsp<br />
<br />
<br />
<br />
== Install Android Software Development Kit (SDK) ==<br />
<br />
“The Android SDK provides you the API libraries and developer tools necessary to build, test, and debug apps for Android”. There are two parts to SDK. The SDK manager where you can install the tools and the Android versions of your choice. And the AVD (android virtual device) manager (we'll get to that in a minute). That's what creates the emulator that we'll be playing around with.<br />
<br />
URL: http://developer.android.com/sdk/index.html<br />
<br />
<br />
<br />
== Install tools ==<br />
<br />
Install the tools and the Android OS. At a minimum you'll want the SDK tools and SDK platform tools which we'll use later on. Then choose an Android version. There's a long list of Android versions and other extras. It's a straight forward install process but it might take a while.<br />
<br />
[[File:Example.jpg]]<br />
<br />
== Emulator ==<br />
<br />
Step three is to set up an Android emulator. You do this using the AVD manager which is part of the SDK tool. AVD stands for Android Virtual Device and it looks like the picture below. You click on New and here's what these options mean.<br />
<br />
[[File:Example.jpg]]<br />
<br />
== Create AVD ==<br />
<br />
Enter a name for your virtualized Android, and select the version of Android you want to use from the drop-down menu if you've installed different versions. Enter a size under the SD Card entry; this is a virtual SD card that’s actually an IMG file that Android will use to store your settings and files in.<br />
<br />
[[File:Example.jpg]]<br />
<br />
== Start Emulator ==<br />
<br />
By now you'll have a fully functioning emulator that you can use just like your phone. One thing you'll notice missing is the Android market or play store which you usually use to download and install applications. The good news is that we don't need it... for now.<br />
<br />
[[File:Example.jpg]]<br />
<br />
== Install apk ==<br />
<br />
without the need of the android market we can install the application directly if we have the .apk file. This is the Android Application Package (APK) file. In reality it's a zipped file based on JAR format which will come in handy when we try to reverse the application later.<br />
<br />
[[File:Example.jpg]]<br />
<br />
== ADB ==<br />
<br />
To install apk file we use the Android Debugging Bridge. The ADB tool part of the platform-tools we installed with the SDK manager at the beginning. It's got a lot of uses one of which is to install and uninstall app. We do this by typing going to the platform-tools directory and lunching adb with the install command while the emulator is running<br />
<br />
[[File:Example.jpg]]<br />
<br />
== Proxy ==<br />
<br />
Start up the emulator using the proxy command to tell it to tunnel traffic through your local proxy. In this current setup you'll also be able to test https website but you'll not be able to authenticate if there's a login page because of certificate errors. There seems to be a lot of ways documented to overcome this. One my favorite is using Mallory.<br />
<br />
[[File:Example.jpg]]<br />
<br />
== Mallory ==<br />
<br />
What if the application you're testing that doesn't use standard http/s but instead uses some proprietary protocol? There's a tool for that called Mallory. It's a very effective transparent TCP/UDP proxy. Setting it up is a bit tedious but the process is well documented online.<br />
<br />
[[File:Example.jpg]]<br />
<br />
== Decompiling app (jd-gui) ==<br />
<br />
Apart from treating the application as a regular WAVA there are a few other things to do. One is trying to decompile the application. We already mentioned that the .apk is a compressed JAR format and so it can easily be decompiled using numerous tools. Here's an example of a class Adel found the encryption key in.<br />
<br />
<br />
== Shell ==<br />
<br />
We can browse the application directory using the adb tool. By issuing the shell command we can browse to the /data/data folder where the packages are installed. We can then look for interesting information such as encryption keys in xml files<br />
<br />
== Memory ==<br />
<br />
Android ships with a debugging tool called the Dalvik Debug Monitor Server (DDMS). This is part of the Eclipse tool suite so obviously we need to install Eclipe. We can use this to obtain a memory dump of the application during runtime. This hopefully will yield some good information.<br />
<br />
== Memory Analyzer ==<br />
<br />
Once we create a dump we can analyze it using a tool called the (can any one guess) Memory Analyzer which is part of Eclipse. However before we can do that we need to convert the dump to the proper hprof format using hprof-conv in sdk<br />
<br />
== Santoku ==<br />
<br />
Now if all this sounds like a lot of work luckily the good guys at OWASP has saved us a lot of trouble. OWASPhas created a backtrack like OSfor mobile testing called Santoku.</div>Tarekhttps://wiki.owasp.org/index.php?title=SettingupMobileTestingLab&diff=153002SettingupMobileTestingLab2013-06-06T11:26:55Z<p>Tarek: </p>
<hr />
<div>This document details how to set up an Android lab so you can do mobile app assessments without the need for a physical mobile phone. It will discuss some of the common and useful tools, what their purposes are and how they can be used.<br />
<br />
The prerequisites are simple: Java and an OS.<br />
<br />
URL: http://java.com/en/download/index.jsp<br />
<br />
<br />
<br />
== Install Android Software Development Kit (SDK) ==<br />
<br />
“The Android SDK provides you the API libraries and developer tools necessary to build, test, and debug apps for Android”. There are two parts to SDK. The SDK manager where you can install the tools and the Android versions of your choice. And the AVD (android virtual device) manager (we'll get to that in a minute). That's what creates the emulator that we'll be playing around with.<br />
<br />
URL: http://developer.android.com/sdk/index.html<br />
<br />
<br />
<br />
== Install tools ==<br />
<br />
Install the tools and the Android OS. At a minimum you'll want the SDK tools and SDK platform tools which we'll use later on. Then choose an Android version. There's a long list of Android versions and other extras. I usually go with the latest version. It's a straight forward next install process but it might take a while.<br />
<br />
<br />
== Emulator ==<br />
<br />
Step three is to set up an Android emulator. You do this using the AVD manager which is part of the SDK tool. AVD stands for Android Virtual Device and it looks something like this. You click on New and here's what these options mean.<br />
<br />
<br />
<br />
== Create AVD ==<br />
<br />
Enter a name for your virtualized Android, and select the version of Android you want to use from the drop-down menu if you've installed different versions. Enter a size under the SD Card entry; this is a virtual SD card that’s actually an IMG file that Android will use to store your settings and files in.<br />
<br />
Diff between Android and Google API?<br />
<br />
<br />
== Start Emulator ==<br />
<br />
By now you'll have a fully functioning emulator that you can use just like your phone. One thing you'll notice missing is the Android market or play store which you usually use to download and install applications. The good news is that we don't need it... for now.<br />
<br />
<br />
<br />
== Install apk ==<br />
<br />
without the need of the android market we can install the application directly if we have the .apk file. This is the Android Application Package (APK) file. It sounds fancy but it's really a zipped file based on JAR format which will come in handy when we try to reverse the application later. Usually the client will provide this file.<br />
<br />
<br />
<br />
== ADB ==<br />
<br />
To install apk file we use the Android Debugging Bridge. The ADB tool part of the paltform-tools we installed with the SDK manager at the beginning. It's got a lot of uses one of which is to install and uninstall app. We do this by typing going to the platform-tools directory and lunching adb with the install command while the emulator is running<br />
<br />
<br />
<br />
== Proxy ==<br />
<br />
Start up the emulator using the proxy command to tell it to tunnel traffic through your local proxy. In this current setup you'll also be able to test https website but you'll not be able to authenticate if there's a login page because of certificate errors. There seems a lot of ways to documented to overcome this but non has worked for me. So if anyone has any tips or solutions please do share hem with me.<br />
<br />
<br />
== Mallory ==<br />
<br />
What if the application you're testing that doesn't use standard http/s but instead uses some proprietary protocol? There's a tool for that called mallory. It's a very effective transparent TCP/UDP proxy. Setting it up is a bit of pain but the process is well documented online. If you need the resources let me know and I'll send them over.<br />
<br />
<br />
== Decompiling app (jd-gui) ==<br />
<br />
Apart from treating the application as a regular WAVA there are a few other things to do. One is trying to decompile the application. We already mentioned that the .apk is a compressed JAR format and so it can easily be decompiled using numerous tools. Here's an example of a class Adel found the encryption key in.<br />
<br />
<br />
== Shell ==<br />
<br />
We can browse the application directory using the adb tool. By issuing the shell command we can browse to the /data/data folder where the packages are installed. We can then look for interesting information such as encryption keys in xml files<br />
<br />
<br />
<br />
== Memory ==<br />
<br />
Android ships with a debugging tool called the Dalvik Debug Monitor Server (DDMS). This is part of the Eclipse tool suite so obviously we need to install Eclipe. We can use this to obtain a memory dump of the application during runtime. This hopefully will yield some good information.<br />
<br />
<br />
== Memory Analyzer ==<br />
<br />
Once we create a dump we can analyze it using a tool called the (can any one guess) Memory Analyzer which is part of Eclipse. However before we can do that we need to convert the dump to the proper hprof format using hprof-conv in sdk<br />
<br />
<br />
== Santoku ==<br />
<br />
Now if all this sounds like a lot of work luckily the good guys at owasp and our french t&v team has saved us a lot of trouble. Owasp has created a backtrack like os for mobile testing called santoku. And the good guys in our french team namely alaeddin and adel have created working vms and avds to save us all some time. So feel free to reach out for them and ask them for those</div>Tarekhttps://wiki.owasp.org/index.php?title=SettingupMobileTestingLab&diff=153001SettingupMobileTestingLab2013-06-06T11:25:41Z<p>Tarek: Created page with "This document details how to set up an Android lab so you can do mobile app assessments without the need for a physical mobile phone. It will discuss some of the common and us..."</p>
<hr />
<div>This document details how to set up an Android lab so you can do mobile app assessments without the need for a physical mobile phone. It will discuss some of the common and useful tools, what their purposes are and how they can be used.<br />
<br />
The prerequisites are simple: Java and an OS.<br />
<br />
URL: http://java.com/en/download/index.jsp<br />
<br />
<br />
<br />
<br />
== 1- Install Android Software Development Kit (SDK) ==<br />
<br />
“The Android SDK provides you the API libraries and developer tools necessary to build, test, and debug apps for Android”. There are two parts to SDK. The SDK manager where you can install the tools and the Android versions of your choice. And the AVD (android virtual device) manager (we'll get to that in a minute). That's what creates the emulator that we'll be playing around with.<br />
<br />
URL: http://developer.android.com/sdk/index.html<br />
<br />
<br />
<br />
== 2- Install tools ==<br />
<br />
Install the tools and the Android OS. At a minimum you'll want the SDK tools and SDK platform tools which we'll use later on. Then choose an Android version. There's a long list of Android versions and other extras. I usually go with the latest version. It's a straight forward next install process but it might take a while.<br />
<br />
<br />
== 3- Emulator ==<br />
<br />
Step three is to set up an Android emulator. You do this using the AVD manager which is part of the SDK tool. AVD stands for Android Virtual Device and it looks something like this. You click on New and here's what these options mean.<br />
<br />
<br />
<br />
== 4- Creat AVD ==<br />
<br />
Enter a name for your virtualized Android, and select the version of Android you want to use from the drop-down menu if you've installed different versions. Enter a size under the SD Card entry; this is a virtual SD card that’s actually an IMG file that Android will use to store your settings and files in.<br />
<br />
Diff between Android and Google API?<br />
<br />
<br />
== 5- Start Emulator ==<br />
<br />
By now you'll have a fully functioning emulator that you can use just like your phone. One thing you'll notice missing is the Android market or play store which you usually use to download and install applications. The good news is that we don't need it... for now.<br />
<br />
<br />
<br />
== 6- Install apk ==<br />
<br />
without the need of the android market we can install the application directly if we have the .apk file. This is the Android Application Package (APK) file. It sounds fancy but it's really a zipped file based on JAR format which will come in handy when we try to reverse the application later. Usually the client will provide this file.<br />
<br />
<br />
<br />
== 7- ADB ==<br />
<br />
To install apk file we use the Android Debugging Bridge. The ADB tool part of the paltform-tools we installed with the SDK manager at the beginning. It's got a lot of uses one of which is to install and uninstall app. We do this by typing going to the platform-tools directory and lunching adb with the install command while the emulator is running<br />
<br />
<br />
<br />
== 8- Proxy ==<br />
<br />
Start up the emulator using the proxy command to tell it to tunnel traffic through your local proxy. In this current setup you'll also be able to test https website but you'll not be able to authenticate if there's a login page because of certificate errors. There seems a lot of ways to documented to overcome this but non has worked for me. So if anyone has any tips or solutions please do share hem with me.<br />
<br />
<br />
== 9- Mallory ==<br />
<br />
What if the application you're testing that doesn't use standard http/s but instead uses some proprietary protocol? There's a tool for that called mallory. It's a very effective transparent TCP/UDP proxy. Setting it up is a bit of pain but the process is well documented online. If you need the resources let me know and I'll send them over.<br />
<br />
<br />
== 10- Decompiling app (jd-gui) ==<br />
<br />
Apart from treating the application as a regular WAVA there are a few other things to do. One is trying to decompile the application. We already mentioned that the .apk is a compressed JAR format and so it can easily be decompiled using numerous tools. Here's an example of a class Adel found the encryption key in.<br />
<br />
<br />
== 11- Shell ==<br />
<br />
We can browse the application directory using the adb tool. By issuing the shell command we can browse to the /data/data folder where the packages are installed. We can then look for interesting information such as encryption keys in xml files<br />
<br />
<br />
<br />
== 12- Memory ==<br />
<br />
Android ships with a debugging tool called the Dalvik Debug Monitor Server (DDMS). This is part of the Eclipse tool suite so obviously we need to install Eclipe. We can use this to obtain a memory dump of the application during runtime. This hopefully will yield some good information.<br />
<br />
<br />
== 13-Memory Analyzer ==<br />
<br />
Once we create a dump we can analyze it using a tool called the (can any one guess) Memory Analyzer which is part of Eclipse. However before we can do that we need to convert the dump to the proper hprof format using hprof-conv in sdk<br />
<br />
<br />
== 14- Santoku ==<br />
<br />
Now if all this sounds like a lot of work luckily the good guys at owasp and our french t&v team has saved us a lot of trouble. Owasp has created a backtrack like os for mobile testing called santoku. And the good guys in our french team namely alaeddin and adel have created working vms and avds to save us all some time. So feel free to reach out for them and ask them for those</div>Tarek