This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit


Jump to: navigation, search

OWASP Kolkata

Welcome to the Kolkata chapter homepage. The Chapter Mentor is Krishnendu Paul and chapter leaders of OWASP Kolkata are Jitendra Adhikari, Tuhin Roychowdhury and Souvik Chel.


OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.


Btn donate SM.gif to this chapter or become a local chapter supporter. Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG

Chapter News

Everyone is welcome to join us at our chapter meetings every months.

[NEWS] Always Updating :-)

#SillyJENNI - Saturday, March 23, 2019 at 11 AM – 5 PM

*** Why SillyJENNI ?

On 3 April 1996, 19-year-old student Jennifer Kaye Ringley installed a webcam in her Pennsylvania dorm room, and rigged it to broadcast a still photo of whatever she was doing at that moment, every 15 minutes. And so, lifecasting was born.

Today of course, in the always-on era of Periscope, Facebook, Instagram and the like, lifecasting is not just accepted, but almost expected, and certainly hugely popular, but it all started 20 years ago, with JenniCam.

JenniCam was one of the first web sites that continuously presented someone’s private life. The first webcam streamed only black-and-white images of her in the dorm room, but as her popularity grew, Ringley increased the number of webcams to four, they became colour, and the refresh rate increased. Ringley also began offering a ‘premium’ service, charging members $15 a year to get two-minute updates, alongside the free “JenniCam Guests”, who had to settle for updates every 20 minutes.

“You can come to my site for days and never once catch me naked. I'm very aware that sex sells. If I were trying to make money I would certainly do more things to make people come to the site.”

Not surprisingly, security was a problem. Early on in JenniCam’s existence, the site was hacked, with the hackers (teen pranksters as it turned out) demanding that she “show more” in her strip shows. Ringley also received death threats. “I didn't leave my room for three days; I kept all the blinds closed,” Ringley admitted after the incident. “I was scared out of my mind. Now I have an unlisted phone and address, and I have security at the front desk of my apartment.”

  1. Enterprise Networking - Chandresh Gupta
  2. Introduction to Game Reverse Engineering - Souhardya Sardar

#SillyPHOENIX - Saturday, March 23, 2019 at 11 AM – 5 PM

  1. Can we have AI in Security? - by Koustav Chandra
  2. Blockchain - The Nextgen Security - by Sayantan Dutta
  3. DevOps CI/CD & Cloud - by Arghya Das

#SillyWWW - Saturday, February 23, 2019 at 11 AM – 5 PM

Why SillyWWW?


Introduction of first Web Broswer – WorldWideWeb

February 26, 1991

Sir Tim Berners-Lee showed everyone the first web browser and WYSIWYG (What You See Is What You Get) HTML editor. The Browsers’ name was called “WorldWideWeb”, but was later changed to “Nexus”. Berners-Lee ran it on the NeXTSTEP platform and worked with not only the File Transfer Protocol (FTP), but the Hypertext Transfer Protocol (HTTP). Nexus is not in production anymore.

  1. Analytics - The Powerful Weapon to Better Secure Yourself — Rabin Paul (CISSP, Sr. Manager Cyber Security, Bandhan Bank).
  2. Managing Passwords - Most important things you can do for your online security — Mainak R. Chowdhury (Contributor at DuckDuckGo and Mozilla Foundation, Developer at ITC Infotech Infotech).
  3. How I hacked SBI Bank (PoC already shared with official and approved) — Pradipta (Security Analytics, Penetration Tester).
  4. Pentesting New Age Components — Nishant Sharma (Cyber Security Researcher and R&D Manager at SecurityTube).

#SillyEther - Saturday, Nov 24th, 2018 at 11 AM - 5 PM

  1. "Evolution of Vulnerability Management" by Arijit Das (AVP, Information Security, Bandhan Bank).
  2. "Exploit -- Drink -- Sleep -- Repeat" by Prasenjit Kanti Paul (Application Security Engineer, Cognizant).
  3. Career Guidance by #SillyGuruCool - Only 5 Selected Individual can discuss about their career suggestion. Enroll your name with us to show interest.

#SillyPhoenix - Saturday, Oct 27th, 2018 at 11 AM - 5 PM

  1. 'Nothing is Free' - by Chandresh Gupta
  2. 'Giving back to the Community" - by Mainak R. Chowdhury
  3. Talk on a surprise topic by Animesh Roy
  4. Taste Real Time OSINT - How much of your data Facebook disclosing to your contacts by Krishnendu Paul
  5. 'Some advanced topics in Python' - by Koustav Chanda

#Silly-March-On - Saturday, March 24th, 2018 at 11 AM - 5 PM

  1. Get Your Response Matured, Apply Intelligence - by Amiya Dutta
  2. Hack RFID with Live Demo - Tanmoy Khanra
  3. Basic of Windows Privilege Escalation, Learn From The Expert - Souhardya Sardar
  4. Acoustic Denial of Service Attacks on HDDs by Manish Keshri

#SillySanta - Saturday, December 16, 2017 at 11:30 AM

  1. Information Security using Cryptography - by Shibashis Ghosh
  2. Android Hacking - by Animesh Roy
  3. Simplistic IoT- by Tanmoy Khanra
  4. Interested about Binary ? Special Topic - ""Binary exploitation - 0 to 1" by Rajesh Majumdar
  5. Live demo of AWS Cloud & QA session - by Debapriya Biswas

#GetSetF5 -  November 18,2017 at 11 AM - 5 PM

  1. "Introduction to Blockchain Application Development using PHP" by Shibasish Ghosh
  2. NodeJS and MQTT Hands-On by Tanmoy Khanra from NodeJS School Kolkata
  3. "Fun and Profit with #CryptoCurrencies - Part 2" by Krishna Singh

#SillyLights-  October 28,2017 at 11 AM - 5 PM

  1. Linux containers using ZFS - by Saurav Modak.
  2. BlockChain Introduction
  3. Making Fun-n-Profit with Cryptocurrencies - by Krishna Singh.

#SillySaradiya -  September 23,2017 at 11 AM - 4 PM

  1. Discussion on Information Security Controls, it's need and Applicability by Sourav Roychowdhury
  2. Mobile Rooting and How to by Suman Kanrar
  3. "Fire Side Chat" - Shoot your questions about opportunities, career , learning to #GuruCool
  4. Surprise topic on IoT by Tanmoy Khanra

#SillyFreedom -  August 26, 2017 at 12 PM - 5 PM

  1. Introduction to Sillycon and #SillyGurus
  2. NodeJS Basic by Tanmoy Khanra on behalf of NodeJS School
  3. AWS Certified Solution Architect:Associate Exam - My Experience, Study Materials, Practice Tests, Exam Overview by Debapriya Biswas
  4. Defeating ASLR & Stack Canary for fun & profit by Rajesh Majumdar
  5. RF Hijacking - let's hack a FM Station ( controlled environment ) by Krishnendu Paul

#SillyRAIN - June 24, 2017 at 11 AM - 4 PM.

  1. Introduction
  2. Intel Edition Demo by Abhishek Nandy
  3. OpenWRT Live Demo by Chandresh and Aadi
  4. Samrat Mukherji to share his experience at DADAGIRI UNLIMITED event. Also, he is going to share some demo he prepared on #Hacking.
  5. Browser fingerprinting by Chiranjit

#SillyHottie - May 27, 2017 at 11:30 AM - 4 PM.

  1. Introduction
  2. Amazon Solution Architect - Assosiate Exam. An overview by Avijit Tewari .
  3. Architecture of a Private Cloud - by Chandresh Gupta
  4. "Deep Learning - how to start" - by Abhishek Nandy 5) "Interactive discussion - Shadow Brokers + Ransomware: WannaCry, Jaff + Anatomy + Defense + IOC + Yara" by Samit Basu Roy Chowdhury and Amiya Dutta

#Silly-In-Laws - Saturday, April 29, 2017 at 11:30 AM - 4 PM.

  1. Introduction
  2. "Real Life story of an arrest under Cyber Law" ( Names are not disclosed )
  3. "Fireside Chat" with Officials from CID ( Criminal Investigation Department ) India. Clear your doubts. How can you help ?
  4. Releasing "Python Penetration Testing Framework" as Open Source Project ( 8th OSS project from SillyCon ) - by Souhardya Sardar
  5. Face to face Q&A session and discussion with Technology Experts, Lawyers, Law enforcers to build a better ecosystem.

#SillyMemories - Mar 18th, 2017 at 11 PM - 4 PM.

  1. Introduction with new members
  2. Chandresh Gupta Animesh Roy and Sandip Choudhury shared their experience about #ISOCKolkata DNSSec event and #Nullcon event with us.
  3. A Botnet Story by Souhardya Sardar - a new addition to Sillycon Team
  4. Mind Hacking to get the best of you - Veteran Industry Professional DrSudip Sinha
  5. Real life Case Study on SAP hacking and Security by an industry veteran Sinchan Banerjee

#Meeting With Data Security Council of India - Jan 12th, 2017 at 5 PM - 7 PM.

  1. Discussion about partnering and Agenda
  2. Presentation of Data Lake
  3. Discussion with Law Enforcement Agencies
  4. Live hacking Demonstration in a Jailed Environment - by Animesh and Gang

#SillyYearEnd - Dec 17th, 2016 at 1 PM - 5 PM.

  1. Visual Hacking - What is it? by Jitendra Adhikari
  2. SPECIAL ATTRACTION: Quad Copter show, including basic training and hands-on by Edurade !

#Keep Freedom Free, Silly ! - Aug 13th, 2016 at 11 AM - 4 PM.

  1. Encase Forensics by Vishal Dave and JJ Sarkar
  2. Fire-On-The-Stage - We will Pick Random. Get Ready Guys.
  3. We are honored to Have you - One of our most Silent Member without whom Sillycon Events can't be managed seamlessly. We have a surprise for you

#SillyReload - July 30th, 2016 at 11 AM - 4 PM.

  1. JS and IoT - A presentation on Arduino and Javascript by Tanmoy Khanra
  2. "Anatomy of Cyber Threats" by Amiya Dutta
  3. "Share your Experience" - Fireside chat with Officials from Cyber Patrol, West Bengal.
  4. Intro to Encase Forensics by JJ Sarkarr & Vishal Dave

#SillyShanti - OWASP Kolkata April' 2016 Meetup - April 9, 2016 11:00 AM-4:00 PM.

  1. DLL HIjacking - How an innocent Dll can lead to complete pwnage - by Rashid Feroz
  2. Gayab - Blackhat tool for steganography - by Vishal Dave
  3. Hiding OS footprint on Network Scan - by Chiranjit Mukherjee
  4. Oracle Administration, PL/SQL and Security - by our new friend Piyalee Raut
  5. Unlocking Specific type Combination Lock easily with Hands-On by Krishnendu Paul

#Dockerlogy - Introduction with Docker 19th March, 2016 - 10:00 AM-4:00 PM

  1. Red Team Engagement - The Modern World Defensive Cyber Offense and its little secrets - a presentation by Indranil Banerjee
  2. Dockerology - Hands-on Docker workshop by Neependra Khare

#Silly Parade - Show-off show for Elite Arsenals on 21st Feb, 2016 - 11:00 AM-4:00 PM.

  1. Evil USB - A Simple USB Drive can be Dangerious way to infect your PC. even without autorun or you are clicking a single file it can take over the complete network and will lead to total pwnage - Rashid Feroz & Tanmoy Khanra
  2. Android Remote Access Trojan - Keen of trying new apps from playstore ? It can be used to remotely takeover your complete phone functions. - Souvik Hazra & Suman Kar
  3. Infecting PC using Javascript. - Even by just visiting a web page can be the reason of total network takeover. We know it as waterhole attack. Antivirus - that's a joke! - Rashid Feroz & Krishnendu Paul
  4. Take over remote System using PHP based application - Suman Kar & Souvik Hazra

Representative from Govt. and Law Enforcement Agencies also attended the meetup.

#Give Me Chilly, Silly - 16th Jan, 2016 - 12:00 PM-7:00 PM .

  1. Machine Learning with Windows Azure by - Sumantro Rijndael Mukherjee
  2. Tor and Anonymity by by - Saprative Jana
  3. Introduction to Cloud Security by - Rajtilak Majumder
  4. Basic Electronics - by our own Jitendra Adhikari
  5. Formation of Group who is interested to complete CCSK Foundation Certification.

#SillyF5 - Refresh -31st Oct, 2015 - 11:30 AM-7:00 PM .

  1. Python For Pentesters- By our own Rashid Feroz
  2. Introduction to MakerLoft - Meghna Bhutoria
  3. Demystifying Complex Web Attack Vectors - Kirit Sankar Gupta
  4. Introduction to "Cloud Security Alliance" - Kolkata Chapter.
  5. Discussion on NLP ( Natural Language Processing ) - Dr. Dipankar Das - Asst. Professor, Department of Computer Science and Engineering, Jadavpur University (JU)
  6. Disscussion on Social Media Mining - By APARUP KHATUA, Research Scholar. University of Calcutta

#SillyGyan 101 - share "Gyan" and make more "Gyani" on 8th Aug, 2015 - 11:30 AM-7:00 PM .

  1. Forensic Analysis of Facebook Messenger App - Swasti Bhushan Deb​
  2. Next Gen Networking ( SDN ) and Testing - Dibyendu Sikdar​
  3. IoT Fundamentals & it's Risks - Sumantro Rijndael Mukherjee​ & Sukanya Mandal
  4. New Age Red Teaming - Enterprise Infiltration - Shritam Bhowmick​
  5. OWASP VA Audit Mechanism - Surajeet Ghosh
  6. Surprise Topic - Saurav Modak​
#SillyHungama - Raining with Knowldge !! Rainy season ! 
And in between - we started planning for our next meetup, to share "Gyan" and "Spirit of Freedom" on 4th July, 2015 - 2:30 PM-8:00 PM .

1. Forensic Analysis of Facebook Messenger App - Swasti Bhushan Deb​
2. Next Gen Networking ( SDN ) and Testing - Dibyendu Sikdar​
3. IoT Fundamentals & it's Risks - Sumantro Rijndael Mukherjee​ & Sukanya Mandal
4. New Age Red Teaming - Enterprise Infiltration - Shritam Bhowmick​
5. OWASP VA Audit Mechanism - Surajeet Ghosh
6. Surprise Topic - Saurav Modak​

Check our FB page for event photos and discussion.

#SillyHotDog - summer is on !! At morning - pretty hot outside. 
And in between - we started planning for our next meetup, to share "Memories of March". 21th March, 2015 - 3PM-8PM .

1. "Cookie Bookie" - A different approach of using persistent cookies to hack by Rashid Feroz
2. "Local Dropbox encrypted folder forensic" by Swasti Bhushan Deb
3. *HOT* "Playing with EvilDuino" - a demonstration of BadUSB.
4. Inauguration of the new Silly Game - "LIPS" .

Check our FB page for event photos and discussion.

#LoveTheSilly - It's February, Love is on the air. 
Let's meetup and show some love to our passion At Techno India Campus on 21th Feb, 2015 - 3PM-8PM .

1. "Ghost Buster" - A Discussion about Latest Ghost Vulnerability of glibc by Abhijit Chatterjee
2. Mobile App Penetration Testing or Developing Exploit using Python / Ruby Syed Reza Rizvi from TCS
3. PCI-DSS - Mandatory compliance ! But is it really secure ? Is our Credit Card Details really secured on these E-Com Era ? By Krishnendu Paul
4. Demonstration of End-to-End Encrypted Chat Application by Chiranjit Mukherjee and Arup Kumar Das ( The Dynamic Duo )
5. Introduction session with our new partners NASSCOM 10,000 Start-up. Ravi Ranjan from NASSCOM 10k discussed about the Technology Entrepreneurship opportunity with SillyCon members.
Check our FB page for event photos and discussion.

#SillyChilli - First Meetup of OWASP Kolkata 2015 ( 17th Jan, 2015 - 4PM-8PM ) with a Chilling Weather Outside. At Techno India Campus.

Topic Covered:-
1. Complete Anonymity - Are You ? An intro to DNS Proxy - Chiranjit Mukherjee and Arup Kumar Das
2. Shivering facts and story of Sony after getting hacked - Ayan Bhandari
3. Live exploiting to demonstrate Vulnerability on a very well-known Security Site ( 0day ). - Krishnendu Paul
4. Windows 7 UAC bypass by CHM files - Krishnendu Paul
6. Publishing a new Stub Builder as Open Source - coded by Nilan Saha
7. Meeting with few industry veterans on Information Security Domain to know about Future Market.

And a hour long #SillyAdda come discussion session and networking session with some snacks

 Our members Participated at Infocom Hackstar 2.0 on 7th Dec, 2014 and ranked as 2nd runner-up. 

TEAM Members:-
1. Suman Kar
2. Rony Das

Guys - you are rock-star...

#SillyAdda - A pure gossip/meetup/know-each-other for SillyCon Members . On 12th Oct, 2014. For more details - check our Facebook Group.

1. Introduction to the team
2. Future Event Planning
3. Idea Sharing
4. Anything I am missing...

#SillyCloud - An AWS Hands On Workshop. on 9th Aug, 2014. For more details - check our website.

Topics Covered:-
1. Introduction to cloud concepts
2. Cloud advantages
3. Overview ofAWS main comonents : EC2, AMI, EBS, AUtoscaling, cloudwatch, ELB, S3, RDS, VPC, Security groups etc
4. Describe few Use cases
5. Getting hands on with AWS
a) Login in
b) Overview of console
c) Creating first EC2
d) Creating Win and Linux instance and then loggin into it
6. Deploying a LAMP stack from AMI and then use cloudwatch for monitoring and configure autoscaling
7. Security best practices
8. Create a 3 tier architecture in VPC+internet with VPN if possible
9. Talk about Cloud design principles ( If time permits )
a) Scaling
b) Loose couple
c) Elasticity
d) Design for failure
e) Security

#GeekCon - Kolkata Chapter Organized a Meetup cum Conference to build local awareness and membership on Friday the 13th June, 2014. 

Topics Covered:-
1. Anatomy of a Real life Data Breach ( Ayan Bhandari )
2. An introduction to Cryptography ( Kislay Sinha )
3. Who we are - and Why we are ? *Us* - Intro by Krishnendu Paul
4. Cyber Crime and Your Rights ( Shivam Gupta )
5. Questions / Debates / Future Plans / Help session for Students and Wanna be Security Professionals.
7. Meetup with veteran IT Professionals & Entrepreneurs to learn the future prospect of IT Security Industry

1st Kolkata Chapter meeting held on 21st Dec'12

1. OWASP Kolkata Chapter Website finalization.
2. OWASP Kolkata Chapter Domain Booking
3. Event planning for the 2013 Q1
4. Finalization of the probable event sponsors.

Chapter Leaders

Krishnendu Paul ( [email protected] )