This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
2011 11 16 Manchester
Manchester Chapter meeting 2011 November 16th
This was the second Manchester Chapter meeting, and was once again very kindly hosted by KPMG.
OWASP Chapter introduction. OWASP values and membership. Chapter information.
Simon Bennetts OWASP Manchester board member
Slides:
- File:OWASP Manchester into 11 11 16.pdf OK, so due to technical problems these didnt actually work on the night ;)
Talk: Policy is the best honesty
Slides:
Technology is rapidly emerging and maturing to enable connectivity and interoperability of a panoply of devices. The right investment relies on addressing workable, realistic policies first. Daniel will tell you about what NCC members are doing to allow staff to 'BYOD' and build pragmatic iPolicies.
Speaker: Dr Daniel Dresner, Head of Information Assurance Practice, National Computing Centre
Talk: Non-alphanumeric code in JavaScript and PHP
Slides:
Understanding how to create non-alpha code leads to a deeper understanding on how the particular language works.
Gareth shall discuss the history of non-alpha JavaScript, the challenges and creativity behind it.
How can you decode:
$=~[];$={___:++$,$$$$:(![]+"")[$],__$:++$,$_$_:(![]+"")[$],_$_:++$,$_$$:({}+"")[$],$$_$:($[$]+"")
[$],_$$:++$,$$$_:(!""+"")[$],$__:++$,$_$:++$,$$__:({}+"")[$],$$_:++$,$$$:++$,$___:++$,$__$:++$};
$.$_=($.$_=$+"")[$.$_$]+($._$=$.$_[$.__$])+($.$$=($.$+"")[$.__$])+((!$)+"")[$._$$]+($.__=$.$_[$.$$_])
+($.$=(!""+"")[$.__$])+($._=(!""+"")[$._$_])+$.$_[$.$_$]+$.__+$._$+$.$;$.$$=$.$+(!""+"")[$._$$]+
$.__+$._+$.$+$.$$;$.$=($.___)[$.$_][$.$_];$.$($.$($.$$+"\""+$.$_$_+(![]+"")[$._$_]+$.$$$_+"\\"+
$.__$+$.$$_+$._$_+$.__+"("+$.__$+")"+"\"")())();
Gareth will explain.
Gareth shall also cover how to create this in PHP and what techniques are involved.
Speaker: Gareth Heyes is an independent security researcher who specializes in browser and JavaScript research. He has authored many free online tools and sandboxes including Hackvertor and JSReg.
