This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Malaysia"
(→OWASP Meetup Q3 2016) |
(→Community) |
||
(66 intermediate revisions by the same user not shown) | |||
Line 16: | Line 16: | ||
[http://http://www.linkedin.com/groups?mostPopular=&gid=3605996 '''OWASP Malaysia Linkedin Group'''] | [http://http://www.linkedin.com/groups?mostPopular=&gid=3605996 '''OWASP Malaysia Linkedin Group'''] | ||
− | [https://spreadsheets.google.com/ccc?key=0AheZPLJPYa-_dEl4SXRkOTVmX2RFaXRyS1ZQTU9aaHc&hl=en '''OWASP Malaysia Meetup Planning Schedule] | + | [https://telegram.me/joinchat/Cbi6Nzx6zuP9b1i7hCh9nA '''OWASP Malaysia Official Telegram Group'''] |
+ | |||
+ | [https://spreadsheets.google.com/ccc?key=0AheZPLJPYa-_dEl4SXRkOTVmX2RFaXRyS1ZQTU9aaHc&hl=en '''OWASP Malaysia Meetup Planning Schedule'''] | ||
OWASP Malaysia Translation Project ([http://www.owasp.my OMTP]) We need any volunteer for our translation project from English - Malay Please free to contact any of our BOM for update the Project | OWASP Malaysia Translation Project ([http://www.owasp.my OMTP]) We need any volunteer for our translation project from English - Malay Please free to contact any of our BOM for update the Project | ||
+ | |||
+ | OWASP Malaysia Slack - [http://owaspmy.slack.com '''OWASP Malaysia Slack '''] Interest to join Please [mailto:[email protected] Email] us your legitimate email for registration | ||
'''NOTE: OWASP now promote for who want to become Official Members for Malaysia Chapter. You can get special rate and discount and get email @owasp.org with 25GB space. Please register at here as individual([https://www.owasp.org/index.php/Membership Memberships]) and to see the example how to ([http://blog.e1.my/2011/07/owasp-malaysia-membership-promotion.html REGISTER]) OWASP Memberships''' | '''NOTE: OWASP now promote for who want to become Official Members for Malaysia Chapter. You can get special rate and discount and get email @owasp.org with 25GB space. Please register at here as individual([https://www.owasp.org/index.php/Membership Memberships]) and to see the example how to ([http://blog.e1.my/2011/07/owasp-malaysia-membership-promotion.html REGISTER]) OWASP Memberships''' | ||
Line 30: | Line 34: | ||
Related Security Events for this years. | Related Security Events for this years. | ||
+ | ==2018== | ||
+ | === NanoSec Conference 2018 ([https://www.nanosec.asia NanoSec2018]) 10 October 2018 === | ||
+ | |||
+ | ==2017== | ||
+ | === Durian Conference 2016 ([http://durian.ml/ Durian Conference]) 8 April 2017 === | ||
+ | === Malaysia Open Source Conference 2017 ([http://www.mosc.my/ MOSC2017]) 17 - 18 May 2017 === | ||
+ | |||
==2016== | ==2016== | ||
− | === | + | === OWASP DAY KL 2016 ([https://www.owasp.org/index.php/OWASP_Day_KL_2016 OWASPKL2016]) 15 - 17 November 2016 === |
+ | === Black Hat Asia 2016 ([https://www.blackhat.com/asia-16/ BHAsia2016]) 29 March - 1 April 2016 === | ||
+ | === MOSCMY 2016 ([https://www.mosc.my MOSCMY2016]) 25 - 27 May 2016 === | ||
==2015== | ==2015== | ||
− | === | + | === Black Hat Asia 2015 ([https://www.blackhat.com/asia-15/ BHAsia2015]) 24-27 March 2015 === |
+ | === Info Security Malaysia Conference 2015 ([http://www.questexevent.com/InfoSecurityConference/2015kl/ InfoSec2015]) 12 August 2015 === | ||
+ | === International Conference On Library 2015 ([http://library.eng.usm.my/icol2015/ ICOL2015)] 25-26 August 2015 === | ||
==2014== | ==2014== | ||
− | === | + | === OWASP AppSec AsiaPac 2014 ([https://appsecapac.org/2014/ AppSecAsiaPac2014]) 17-20 March 2014 === |
+ | === Info Security Malaysia Conference 2014 ([http://www.questexevent.com/InfoSecurityConference/2014KL/ InfoSec2014]) 12 August 2014 === | ||
+ | === Malaysia Open Source Conference 2014 ([http://www.mosc.my MOSC2014]) 24-25 September 2014 === | ||
+ | === Hack In The Box 2014 ([http://conference.hitb.org/hitbsecconf2014kul/ HITBSecConf2014]) 13-16 October 2014 === | ||
+ | === OWASP Asia Tour 2014 ([https://www.owasp.org/index.php/AsiaTour2014#tab=Kuala_Lumpur Asia Tour 2014]) 4 November 2014 === | ||
==2013== | ==2013== | ||
− | === | + | === OWASP AppSec AsiaPac 2013 ([https://www.owasp.org/index.php/AppSecAsiaPac2013 AppSecAsiaPac2013]) 19-22 February 2013 === |
+ | === ZebraCon 2013 ([http://zebra-con.com/home/ ZebraCon2013]) 27-28 August 2013 === | ||
+ | === Malaysia Open Source Conference 2013 ([http://www.mosc.my MOSC2013]) 10-11 September 2013 === | ||
+ | === HITBSecConf 2013 ([http://http://conference.hitb.org/hitbsecconf2013kul/ HITBSecConf2013]) 14-17 October 2013 === | ||
==2012== | ==2012== | ||
− | === | + | === OWASP Global AppSec AsiaPac 2012 ([https://www.owasp.org/index.php/AppSecAsiaPac2012 AppSecAsiaPac2012])11-14 April 2012 === |
+ | === FUDCon AsiaPac KL 2012 ([http://fedoraproject.org/wiki/FUDCon:KualaLumpur_2012 FUDConKL2012]) 18-20 May 2012 === | ||
+ | === EPF ISSS Quarterly Services Status Meeting and Technology Presentation Update 14 June 2012 (Closed Invitation) === | ||
+ | === Cyber Security, Cyber Warfare and Digital Forencis ([http://www.sdiwc.net/CyberSec2012/page.php?id=2 CyberSec12]) 26-28 June 2012 === | ||
+ | === Malaysia Open Source Conference 2012 ([http://www.mosc.my MOSC2012])8-10 July 2012 === | ||
+ | === Hack In The Box ([http://conference.hackinthebox.org/hitbsecconf2012kul/ HITBSecConf2012]) 8-11 October 2012 === | ||
+ | === Hacker Halted AsiaPac 2012 ([http://http://hackerhaltedapac.org/apac/ HHAPAC2012])19-22 November 2012=== | ||
==2011== | ==2011== | ||
− | ===KL GreenHAT Challange 2011 ([http://www.greenhat.my KLGHC 2011]) 9-10 February 2011 | + | ===KL GreenHAT Challange 2011 ([http://www.greenhat.my KLGHC 2011]) 9-10 February 2011 === |
+ | ===OWASP Summit 2011 ([http://www.owasp.org/index.php/Summit_2011 OWASP Summit 2011]) 8-11 February 2011 === | ||
+ | ===Counter eCrime Operation Summit V 2011 ([http://www.antiphishing.org/events/2011_opSummit.html CECOSv 2011]) 27-29 April 2011 === | ||
+ | ===Info Security Conference 2011 ([http://infosecurity.questexevents.net INFOSEC 2011]) 12 May 2011 === | ||
+ | ===Malaysia Open Source Conference 2011 ([http://www.mosc.my MOSC2011]) 3-5 July 2011 === | ||
+ | ===OWASP Day KL 2011 ([http://www.owasp.org/index.php/OWASP_Day_KL_2011 OWASP Day KL 2011]) 20-21 September 2011 === | ||
+ | ===Hack In The Box ([http://conference.hackinthebox.org/hitbsecconf2011kul/ HITBSecConf2011]) 10-13 October 2011 === | ||
+ | ===Security Black Belt Day 2011 ([http://www.microsoft.com/malaysia/techdays/default.aspx SBBD2011]) 3 November 2011 === | ||
+ | ===Mozilla AsiaCamp 2011 ([https://wiki.mozilla.org/AsiaCamp2011 MozCamp Asia 2011]) 18-20 November 2011 === | ||
+ | ===Hacker Halted APAC ([http://www.hackerhaltedapac.org HHAPAC2011]) 15-17 November 2011 === | ||
+ | ===Malaysia Government Open Source Conference 2011 ([http://mygosscon.oscc.org.my/2011/ MyGOSSCON2011]) 29-30 November 2011 === | ||
+ | ===Computer Security Day 2011 ([http://goo.gl/hjD5c CSD2011]) 30 November 2011=== | ||
==2010== | ==2010== | ||
− | ===Malaysia Open Source Conference 2010 ([http://conf.oss.my MOSC2010]) 29/30 June - 1 July 2010 | + | ===Malaysia Open Source Conference 2010 ([http://conf.oss.my MOSC2010]) 29/30 June - 1 July 2010 === |
+ | ===Advanced Identify Management & Security 2010 ([http://iconiq.com.sg/advanced-identity-management-and-security-2010/ AIMS 2010]) 20-21 September 2010 === | ||
+ | ===Next Generation Broadband Wireless Architecture Masterclass ([http://www.unistrategic.com/index.php?option=com_eventlist&Itemid=4&func=details&did=511 NGBWAM 2010]) 28-29 September 2010 === | ||
+ | ===Gartner Security Local Briefing 2010 ([https://www.eiseverywhere.com/ehome/index.php?eventid=12143&tabid=12829& GartnerSec 2010]) 15 July 2010 === | ||
+ | ===Hack In The Box 2010 ([https://conference.hackinthebox.org/hitbsecconf2010kul/ HITBSecconf 2010]) - 4-14 October 2010 === | ||
+ | ===OSS Day KPM 2010 ([http://www.moe.gov.my/ossday2010/ OSS KPM 2010]) - 12-13 October 2010 === | ||
+ | ===KL Green Hat 2010 ([http://www.unikl.edu.my KLGH 2010]) - 19-20 October 2010 === | ||
+ | ===CyberSecurity Malaysia Conference & Exhibition 2010 ([http://www.cybersecurity.my/en/events/2010/main/detail/1837/index.html CSMCE 2010])- 25-28 October 2010 === | ||
+ | ===Malaysia Government Open Source Conference 2010 ([http://mygosscon.oscc.org.my/2010/ MyGOSSCON 2010])2-3 November 2010 === | ||
+ | ===Hacker Halted Asia Pacific 2010 ([http://hackerhaltedapac.org/HH/ HHAPAC2010])- 9-11 November 2010 === | ||
+ | ===AMDI-USM OSS Day ([http://www.mosc.my/events/amdi-usm-oss-day AMDIOSS]) 23 December 2010=== | ||
=Webinar= | =Webinar= | ||
==2012== | ==2012== | ||
− | ===[http://www.aujas.com/webinar/ Secure Mobile App Development: Differences from Traditional Approach] - 31 January 2012 10.00p.m PST | + | ===[http://www.aujas.com/webinar/ Secure Mobile App Development: Differences from Traditional Approach] - 31 January 2012 10.00p.m PST=== |
+ | ===[https://imperva.webex.com/cmp0306ld/webcomponents/widget/detect.do?siteurl=imperva&LID=1&RID=2&TID=11&rnd=4722116800&DT=480&DL=en-GB&isDetected=true&backUrl=%2Fmw0306ld%2Fmywebex%2Fdefault.do%3Fnomenu%3Dtrue%26siteurl%3Dimperva%26service%3D6%26rnd%3D0.9596241132700924%26main_url%3Dhttps%253A%252F%252Fimperva.webex.com%252Fec0605ld%252Feventcenter%252Fevent%252FeventAction.do%253FtheAction%253Ddetail%2526confViewID%253D874774068%2526%2526%2526%2526siteurl%253Dimperva Automated Hacking Tools - Meet the New Rock Stars in the Cyber Underground] 27 June 2012 9.00a.m GMT=== | ||
+ | |||
=Board Of Members= | =Board Of Members= | ||
'''Chapter Leader''' - [mailto:fazli(at)owasp.my Mohd Fazli Azran] | '''Chapter Leader''' - [mailto:fazli(at)owasp.my Mohd Fazli Azran] | ||
Line 71: | Line 122: | ||
=Meeting Chapter= | =Meeting Chapter= | ||
+ | |||
+ | ==1st OWASP Meetup 2018== | ||
+ | OWASP Malaysia is Open Web Application Security Project for Malaysia Chapter. We like to share and discuss about security. Feel to join and participate as community. This is Open Source Project by OWASP Foundation. | ||
+ | |||
+ | *Topic : 1st OWASP Malaysia Meetup 2018 | ||
+ | *Date : 5 April 2018 (Thursday) | ||
+ | *Time : 8.00a.m - 2.00p.m | ||
+ | *Venue : Hall Level 7, CyberSecurity Malaysia | ||
+ | [[File:csm1.jpg|100x50px]][[File:mycert.jpg|100x50px]] | ||
+ | *Event Program: | ||
+ | |||
+ | 8.00a.m - 8.45a.m - Arrival Participant & Registration | ||
+ | 8.45a.m - 9.00a.m - CEO,CTO & SVP Arrival | ||
+ | 9.00a.m - 9.05a.m - Negaraku | ||
+ | 9.05a.m - 9.10a.m - Doa recitation | ||
+ | 9.10a.m - 9.15a.m - Speech by OWASP Malaysia Chapter Leader | ||
+ | 9.15a.m - 9.20a.m - Keynote Speech by CEO CSM | ||
+ | 9.20a.m - 9.30a.m - Refreshment | ||
+ | 9.30a.m - 10.05a.m - Speech By Kamarul Baharin - Mobile Apps Analysis (My Experience) | ||
+ | 10.05a.m - 10.40a.m - Speech By Adnan Shukor - Traffic Distribution System | ||
+ | 10.40a.m - 11.15p.m - Speech By Ahmad Ramadhan - Responsible Disclosure | ||
+ | 11.15a.m - 11.50p.m - Speech By Mr. Khairul Nadzmi - rawSEC: Empowering Local Security Community | ||
+ | 11.50p.m - 2.00p.m - Lunch Sponsor by CSM & Network Session | ||
+ | |||
+ | ==OWASP Meetup Q2 2017== | ||
+ | OWASP Malaysia is Open Web Application Security Project for Malaysia Chapter. We like to share and discuss about security. Feel to join and participate as community. This is Open Source Project by OWASP Foundation. | ||
+ | |||
+ | *Topic : OWASP Malaysia Meetup Q2 2017 | ||
+ | *Date : 18 July 2017 (Tuesday) | ||
+ | *Time : 8.00a.m - 2.00p.m | ||
+ | *Venue : Auditorium Hall, Microsoft Malaysia, Level 26, Petronas Tower 3, KLCC | ||
+ | [[File:microsoft.jpg|228x228px]] | ||
+ | *Event Program: | ||
+ | |||
+ | 8.00a.m - 9.00a.m - Arrival Participant | ||
+ | 9.00a.m - 9.10a.m - Official Launch & Opening Speech by Microsoft Malaysia | ||
+ | 9.10a.m - 9.20a.m - Speech by OWASP Malaysia Chapter Leader | ||
+ | 9.20a.m - 9.35a.m - Keynote Speech by Datuk Wira Dr. Abu Bakar Mohamad Diah | ||
+ | 9.35a.m - 10.00a.m - Breakfast | ||
+ | 10.00a.m - 10.35a.m - Speech By Sanjay WS - The Security Problem & The Security Solution | ||
+ | 10.35a.m - 11.10a.m - Speech By Walter Wong - Consumer Security Impact with Cloud and Machine Learning | ||
+ | 11.10a.m - 11.45p.m - Speech By Razwan Mokhtar - Dealing with HealthCare Internet of Things security | ||
+ | 11.45a.m - 12.20p.m - Speech By Hasnan Hasim - Introduction Rimau WAF | ||
+ | 12.20p.m - 1.00p.m - Speech By Sina Manavi- Cyber-Crime as a Service and Quick Win Strategy to Tackle Them | ||
+ | 1.00p.m - 2.00p.m - Pre Lunch by Microsoft | ||
+ | |||
+ | *Topic - The Security Problem and The Security Solution | ||
+ | Sanjay WS is a CTO of Astiotech Sdn Bhd and MVP Entreprise Security. In this session, I would like to share the security problems that are still plaguing Windows users until we see a worldwide pandemic security fear recently on ransomware. We walkthrough the historical security journey of Windows users and what Microsoft has done to address them. In Windows 10, Microsoft claims to have a silver bullet approach alongside other security primers in Windows 10, will it make the cut? You decide. I also hope to present a custom compromise in Windows that can easily be exploited in any version of Windows and let’s turn on this security solution and see if it survives. | ||
+ | |||
+ | [[File:jayws.jpg|165x165px]] | ||
+ | |||
+ | *Topic - Rimau WAF | ||
+ | Hasnan Hasim holds a bachelor's degree in computer science (information technology) form ukm. With more than 15 years of experience handling Linux server and security device such as firewall, ips, ida and snort rules, ICT operations, training And system development In government sector. Main programming language using php, Java script. His presentation will show next generation WAF using mod_security with modern web UI for easy management. | ||
+ | |||
+ | [[File:Nan.jpg|165x165px]] | ||
+ | |||
+ | *Topic - Consumer Security Impact with Cloud and Machine Learning | ||
+ | Walter Wong is a technical lead in Gain Secure, a Malaysian-based company. The company specialized for providing secure application development and user experience (UX) consultation services to customers. Walter is a Microsoft MVP for developer security and Microsoft Azure. Research on application development security is Walter's personal interest. He also successfully discovered many websites vulnerabilities including some high traffic websites over the past few years. Walter often speaks at technical conferences such as Visual Studio 2010 Launch, TechEd SEA, Security Symposium, TechNet/MSDN, Tech Insights and more. Hosting the application in the cloud infrastructure does not guaranty your application and data security by default. It’s developer responsibility to ensure the application developed, configured and hosted is secure by default. Come and join Walter in his demo packed rollercoaster ride to understand more about Microsoft Azure security features. If you looking forward for a demo how to break the application hosted in Azure, this is the session you don’t want to miss. | ||
+ | |||
+ | [[File:Walter.jpg|165x165px]] | ||
+ | |||
+ | *Topic - Cyber-Crime as a Service and Quick Win Strategy to Tackle Them | ||
+ | Sina is an Iranian Senior Information Security Consultant working in banking industry as a CISO advisor helping the banks to design, develop and implement IT Security Blueprint, Project Monitoring, Risk and Compliances, Threatlandscape analysis. He has over 8 years expericen in IT Security area from Application Security, Secure Coding, Vulnerability Management and Penetration Testing in Mobile and Web Applications, SAP systems and Network. He has also experience in Security Posture assessment, Risk and Compliances and regulations in financial industry. | ||
+ | |||
+ | [[File:Sina2.jpg|286x286px]] | ||
+ | |||
+ | *Topic - Dealing with HealthCare Internet of Things security | ||
+ | Razwan Mokhtar is a system consultant and overseas system engineer for iDataMap Corporation from Adelaide, Australia. The company is developing new products to bridge the gap in personal health care communications, it’s stored encrypted patient data for ready access by clinicians and is especially useful for DICOM images. | ||
+ | For the last 4 years he is very active integrating medical devices & internet of things in hospitals around Asia. | ||
+ | Previously in Malaysia, Razwan Mokhtar was experience in the malware analysts focusing in botnet, development, implementation and management of complex Information Security for Department of Defense, Royal Malaysia Police, Royal Malaysian Navy and International Banks. | ||
+ | |||
+ | [[File:wansen.jpg|165x165px]] | ||
+ | |||
+ | Registration are now open for all. Please download the apps name "OWASP Malaysia Meetup 2017" from Play Store (Android) & App Store (iOS) Please bear in mind this meetup have limited seat only 100ppl. Please register now to book your seat. | ||
==OWASP Meetup Q3 2016== | ==OWASP Meetup Q3 2016== | ||
Line 77: | Line 202: | ||
*Topic : OWASP Malaysia Meetup Q3 2016 | *Topic : OWASP Malaysia Meetup Q3 2016 | ||
− | *Date : 22 September 2016 ( | + | *Date : 22 September 2016 (Thursday) |
*Time : 8.00a.m - 2.00p.m | *Time : 8.00a.m - 2.00p.m | ||
*Venue : Hall Level 7, CyberSecurity Malaysia | *Venue : Hall Level 7, CyberSecurity Malaysia | ||
Line 84: | Line 209: | ||
8.00a.m - 9.00a.m - Arrival Participant | 8.00a.m - 9.00a.m - Arrival Participant | ||
− | 9.00a.m - 9.10a.m - Official Launch & Opening Speech by | + | 9.00a.m - 9.10a.m - Official Launch & Opening Speech by CEO CyberSecurity Malaysia |
9.10a.m - 9.20a.m - Speech by OWASP Malaysia Chapter Leader | 9.10a.m - 9.20a.m - Speech by OWASP Malaysia Chapter Leader | ||
9.20a.m - 10.00a.m - Breakfast | 9.20a.m - 10.00a.m - Breakfast | ||
10.00a.m - 10.35a.m - Speech By Melvin Lim (Infoblox) - Data Exfiltration over DNS | 10.00a.m - 10.35a.m - Speech By Melvin Lim (Infoblox) - Data Exfiltration over DNS | ||
− | 10.35a.m - 11.10a.m - Speech By Mohamed Fadzlee Sulaiman (CSM) - | + | 10.35a.m - 11.10a.m - Speech By Mohamed Fadzlee Sulaiman (CSM) - CyberDEF: Uncovering Future Threats |
11.10a.m - 11.45p.m - Speech By Ahmad Ashraff bin Ahmad (ISC) - Security Through Obscurity : Good or Bad? | 11.10a.m - 11.45p.m - Speech By Ahmad Ashraff bin Ahmad (ISC) - Security Through Obscurity : Good or Bad? | ||
11.45a.m - 12.20p.m - Speech By Azril Rahim (ISC) - A Practical Low Cost Cyber Threat Intelligence for SME | 11.45a.m - 12.20p.m - Speech By Azril Rahim (ISC) - A Practical Low Cost Cyber Threat Intelligence for SME | ||
− | 12.20p.m - 1.00p.m - Speech by Jay Chow (Rapid7) - | + | 12.20p.m - 1.00p.m - Speech by Jay Chow (Rapid7) - Application Assessment for the Modern World |
1.00p.m - 2.00p.m - Pre Lunch by CSM | 1.00p.m - 2.00p.m - Pre Lunch by CSM | ||
Line 98: | Line 223: | ||
[[File:ahmadashraff.jpg]] | [[File:ahmadashraff.jpg]] | ||
+ | |||
*Topic - Data Exfiltration over DNS | *Topic - Data Exfiltration over DNS | ||
Line 104: | Line 230: | ||
[[File:melvinlim.jpg]] | [[File:melvinlim.jpg]] | ||
− | *Topic - | + | |
+ | *Topic - Application Assessment for the Modern World | ||
Jay Chow brings with him more than 10 years of experience in the areas of network and security consulting, implementation, and support. Jay Chow has been on the ground designing, consulting and leading several key government and MNC security projects. Bearing deep practical and strong technical understanding on various security technologies in the market, Jay has been a valuable resource in providing security insights. In his role with Rapid7, Jay focuses on assisting mid-to-large enterprises engineer better security across the South Asia region by visualizing, contextualizing and extracting more insights on their current risk and security exposure. | Jay Chow brings with him more than 10 years of experience in the areas of network and security consulting, implementation, and support. Jay Chow has been on the ground designing, consulting and leading several key government and MNC security projects. Bearing deep practical and strong technical understanding on various security technologies in the market, Jay has been a valuable resource in providing security insights. In his role with Rapid7, Jay focuses on assisting mid-to-large enterprises engineer better security across the South Asia region by visualizing, contextualizing and extracting more insights on their current risk and security exposure. | ||
[[File:jaychow.jpg]] | [[File:jaychow.jpg]] | ||
+ | |||
+ | *Topic - A Practical Low Cost Cyber Threat Intelligence for SME | ||
+ | |||
+ | Azril Rahim is a passionate cyber security expert with over 13 years of experiance. He is also an advocate for open source software where he also developed codes for computer security as well network and general purpose tools. His interest on computer security focuses on vulnerability assessment, pen-test, computer and network forensics, cyber threats intelligence, PKI and secure communication & network programming. He is also has won several awards from the Malaysian government for his work contribution in computer security. He is also hold several international certifications in computer security. Most of his cyber security work are proven hands on and validated via research papers, written & presented technical presentations, hands on work and also computer codes codings. More information about Azril work on computer security & programming can be obtain at his website at http://azrilrahim.site88.net | ||
+ | |||
+ | [[File:azril1.jpg]] | ||
+ | |||
+ | Mohamed Fadzlee Bin Sulaiman is currently leading CyberDEF unit under Digital Forensics Department, CyberSecurity Malaysia. Eight years of experience in digital forensics has emphasized his credibility in solving criminal | ||
+ | and civil cases in major fields including Computer Forensics, Network Forensics, Mobile Phone and Video Forensics. With CyberDEF he has been assisting organization and corporate companies by providing comprehensive cyber security solution especially for Critical National Information Infrastructure (CNII) sectors. Based on the prosecution necessity, he has also experienced as an expert witness to provide testimonial for various cases in court. To date, Mr. Fadzlee has conducted and handled analysis for more than hundred digital forensic cases including hacking, financial crimes, harassment, seditious,bribery, IP theft and etc. Occasionally, he is invited as a speaker and trainer at Government Linked Companies (GLC), local and foreign Law Enforcement Agencies. | ||
+ | |||
+ | [[File:fadzlee.jpg]] | ||
==OWASP Meetup Q3 2015== | ==OWASP Meetup Q3 2015== | ||
Line 624: | Line 762: | ||
=Conference= | =Conference= | ||
− | ==OWASP Day | + | ==OWASP Conference== |
− | ==OWASP Day KL 2016 ([https://www.owasp.org/index.php/OWASP_Day_KL_2016 OWASP Day KL 2016]) 15-17 November 2016== | + | |
+ | ===Cyber Range Academy Conference 2018 ([https://www.owasp.org/index.php/CRAC2018 CRAC2018]) 7-8 October 2018=== | ||
+ | ===World CyberSecurity Day 2018 ([https://www.owasp.org/index.php/WCSD2018 WCSD2018]) 21-22 April 2018=== | ||
+ | ===I@Secure Cyber Campaign 2018 ([https://www.owasp.org/index.php/ISCC2018 ISCC2018]) 18 April 2018=== | ||
+ | ===Cyber Range Academy Conference 2017 ([https://www.owasp.org/index.php/CRAC2017 CRAC2017]) 26-27 September 2017=== | ||
+ | ===OWASP Day KL 2016 ([https://www.owasp.org/index.php/OWASP_Day_KL_2016 OWASP Day KL 2016]) 15-17 November 2016=== | ||
+ | ===OWASP Day KL 2011 ([http://www.owasp.org/index.php/OWASP_Day_KL_2011 OWASP Day KL 2011]) 20-21 September 2011=== | ||
=Workshop= | =Workshop= | ||
Line 638: | Line 782: | ||
{{MemberLinks|link=http://www.unikl.my|logo=unikl.jpg}} | {{MemberLinks|link=http://www.unikl.my|logo=unikl.jpg}} | ||
{{MemberLinks|link=http://www.ais.utm.my|logo=utm-ais.jpg}} | {{MemberLinks|link=http://www.ais.utm.my|logo=utm-ais.jpg}} | ||
+ | {{MemberLinks|link=http://www.pmj.edu.my|logo=politek.png}} | ||
==Corporate== | ==Corporate== | ||
+ | {{MemberLinks|link=https://www.microsoft.com/en-my|logo=microsoft1.jpg}} | ||
==Community== | ==Community== | ||
Line 645: | Line 791: | ||
{{MemberLinks|link=http://www.tbd.my|logo=tbdmy.png}} | {{MemberLinks|link=http://www.tbd.my|logo=tbdmy.png}} | ||
{{MemberLinks|link=http://www.hitb.org|logo=hitb.jpg}} | {{MemberLinks|link=http://www.hitb.org|logo=hitb.jpg}} | ||
+ | {{MemberLinks|link=https://www.rawsec.com/|logo=Rawsec.jpg}} | ||
=Sponsors= | =Sponsors= | ||
=Members= | =Members= | ||
+ | |||
+ | ==Here our Official OWASP Members list 2017:== | ||
+ | *1)Raihan Ahmad | ||
+ | *2)Azlina Ahmad | ||
+ | *3)Mohd Sufian Ahmad | ||
+ | *4)Norzaidi Baharudin | ||
+ | *5)Rene FBernard | ||
+ | *6)Mohd Sofian Akasah | ||
+ | *7)Ahmad Maher Che Mohd Adib | ||
+ | *8)Mohamed Ashraf Husni Zai | ||
+ | *9)Aldi Johari Shaqis | ||
+ | *10)Mohd Hafiz Kamaruzaman | ||
+ | *11)Khalid Zulazly | ||
+ | *12)Mohd Dawi Mohd Haritih | ||
+ | *13)Shazil Imri Mohd Hizam (Individual Lifetime) | ||
+ | *14)Tajul Azhar Mohd Tajul Ariffin | ||
+ | *15)Mohd Hanafiah Muhamad | ||
+ | *16)Muhammad Hamizi Jaminan | ||
+ | *17)NORAZLAN NORDEN | ||
+ | *18)Rajivarnan Raveendradasan | ||
+ | *19)Aalim Rozli | ||
+ | *20)Ahmad Aizuddin Aizat Tajul Arif | ||
+ | *21)James Tan | ||
+ | *22)Adli Wahid | ||
+ | *23)Yong Kian Chong | ||
+ | *24)Shazri Azizan | ||
+ | |||
+ | ==Here our Official OWASP Members list 2016:== | ||
+ | *1) Adli Wahid | ||
+ | *2) Lim Soo Kok | ||
+ | *3) Gurdip Singh | ||
+ | *4) Rajivarnan Raveendradasan | ||
+ | *5) Krishna Rajagopal | ||
+ | *6) Mohd Rahim Muhamad | ||
+ | *7) Mohd Hanafiah | ||
+ | *8) Norazlan Norden | ||
+ | *9) Shazil Imri Mohd Hizam | ||
+ | *10) Khairul Marjan | ||
+ | *11) Zulazly Khalid | ||
+ | *12) Mohamad Hamizi Jamaludin | ||
+ | *13) Mohamed Ashraf Husni Zai | ||
+ | *14) Anthony Hing Kheong | ||
+ | *15) Hidzuan Hashim | ||
+ | *16) Razif Hashim | ||
+ | *17) Wati Darma | ||
+ | *18) Matlan Dahari | ||
+ | *19) Ahmad Aizuddin Aizat Tajul Arif | ||
+ | *20) Amir Osman | ||
+ | *21) Muhammad Zuhair Abd Rahman | ||
+ | *22) Norzaidi Baharudin | ||
+ | *23) Mohd Sufian Ahmad | ||
+ | *24) Azlina Ahmad | ||
+ | *25) Raihan Ahmad | ||
+ | *26) Ahmad Amran Ahmad | ||
+ | *27) Mohammad Zahir Mat Salleh | ||
+ | *28) Mohd Khairuddin Che Ibrahim | ||
+ | *29) Muhammad Najmi Ahmad Zabidi | ||
+ | *30) Sofian Akasah | ||
+ | *31) Mohd Shahril Hussin | ||
==Here our Official OWASP Members list 2015:== | ==Here our Official OWASP Members list 2015:== | ||
− | |||
*1) Mohd Azri Abdullah | *1) Mohd Azri Abdullah | ||
*2) Ahmad Amran Ahmad | *2) Ahmad Amran Ahmad | ||
Line 685: | Line 890: | ||
==Here our Official OWASP Members list 2014:== | ==Here our Official OWASP Members list 2014:== | ||
− | |||
*1) James Tan | *1) James Tan | ||
*2) Mohd Syazwan Mohd Shafie | *2) Mohd Syazwan Mohd Shafie | ||
Line 721: | Line 925: | ||
*34) Norzaidi Baharudin | *34) Norzaidi Baharudin | ||
− | + | <headertabs></headertabs> | |
− | |||
− | <headertabs /> | ||
[[Category:OWASP_Chapter]] | [[Category:OWASP_Chapter]] | ||
[[Category:Malaysia]] | [[Category:Malaysia]] | ||
[[Category:Asia]] | [[Category:Asia]] |
Latest revision as of 17:42, 19 October 2018
OWASP Malaysia
Welcome to the Malaysia chapter homepage. The chapter leader is Mohd Fazli Azran
Participation
OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.
Sponsorship/Membership
to this chapter or become a local chapter supporter. Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member?
OWASP Malaysia & MySecurity Community
OWASP Malaysia Project now officially handle and organize by MySecurity Community. It was non-profit organization. We are pleasure and welcome to all Malaysian to join us and share the knowledge, skill, idea and related to make OWASP Malaysia Project are benefit to everybody. OWASP Malaysia Project as well are the pioneer project for Web Security Application and we tied with Malaysia Government Security Agency & Organization to promote and give awareness to Malaysian specially to government,university and public. Any private sector want to contribute and sponsor are welcome.
Join the local Malaysia chapter Facebook Page
Join the local Malaysia Chapter Discussion Facebook Group
Follow our twitter OWASP Malaysia #owaspmy
OWASP Malaysia Official Telegram Group
OWASP Malaysia Meetup Planning Schedule
OWASP Malaysia Translation Project (OMTP) We need any volunteer for our translation project from English - Malay Please free to contact any of our BOM for update the Project
OWASP Malaysia Slack - OWASP Malaysia Slack Interest to join Please Email us your legitimate email for registration
NOTE: OWASP now promote for who want to become Official Members for Malaysia Chapter. You can get special rate and discount and get email @owasp.org with 25GB space. Please register at here as individual(Memberships) and to see the example how to (REGISTER) OWASP Memberships
For all new members and existing member please free to contribute to OWASP Malaysia Chapter and if you are commitment to help OWASP Malaysia please subscribe OWASP Membership for individual. For Corporate sponsor OWASP Malaysia please contact OWASP Admin.
We are welcome to join our conversation. If any query don't hesitate to contact OWASP Admin. Everyone is welcome to join us at our chapter meetings.
Related Security Events for this years.
2018
NanoSec Conference 2018 (NanoSec2018) 10 October 2018
2017
Durian Conference 2016 (Durian Conference) 8 April 2017
Malaysia Open Source Conference 2017 (MOSC2017) 17 - 18 May 2017
2016
OWASP DAY KL 2016 (OWASPKL2016) 15 - 17 November 2016
Black Hat Asia 2016 (BHAsia2016) 29 March - 1 April 2016
MOSCMY 2016 (MOSCMY2016) 25 - 27 May 2016
2015
Black Hat Asia 2015 (BHAsia2015) 24-27 March 2015
Info Security Malaysia Conference 2015 (InfoSec2015) 12 August 2015
International Conference On Library 2015 (ICOL2015) 25-26 August 2015
2014
OWASP AppSec AsiaPac 2014 (AppSecAsiaPac2014) 17-20 March 2014
Info Security Malaysia Conference 2014 (InfoSec2014) 12 August 2014
Malaysia Open Source Conference 2014 (MOSC2014) 24-25 September 2014
Hack In The Box 2014 (HITBSecConf2014) 13-16 October 2014
OWASP Asia Tour 2014 (Asia Tour 2014) 4 November 2014
2013
OWASP AppSec AsiaPac 2013 (AppSecAsiaPac2013) 19-22 February 2013
ZebraCon 2013 (ZebraCon2013) 27-28 August 2013
Malaysia Open Source Conference 2013 (MOSC2013) 10-11 September 2013
HITBSecConf 2013 (HITBSecConf2013) 14-17 October 2013
2012
OWASP Global AppSec AsiaPac 2012 (AppSecAsiaPac2012)11-14 April 2012
FUDCon AsiaPac KL 2012 (FUDConKL2012) 18-20 May 2012
EPF ISSS Quarterly Services Status Meeting and Technology Presentation Update 14 June 2012 (Closed Invitation)
Cyber Security, Cyber Warfare and Digital Forencis (CyberSec12) 26-28 June 2012
Malaysia Open Source Conference 2012 (MOSC2012)8-10 July 2012
Hack In The Box (HITBSecConf2012) 8-11 October 2012
Hacker Halted AsiaPac 2012 (HHAPAC2012)19-22 November 2012
2011
KL GreenHAT Challange 2011 (KLGHC 2011) 9-10 February 2011
OWASP Summit 2011 (OWASP Summit 2011) 8-11 February 2011
Counter eCrime Operation Summit V 2011 (CECOSv 2011) 27-29 April 2011
Info Security Conference 2011 (INFOSEC 2011) 12 May 2011
Malaysia Open Source Conference 2011 (MOSC2011) 3-5 July 2011
OWASP Day KL 2011 (OWASP Day KL 2011) 20-21 September 2011
Hack In The Box (HITBSecConf2011) 10-13 October 2011
Security Black Belt Day 2011 (SBBD2011) 3 November 2011
Mozilla AsiaCamp 2011 (MozCamp Asia 2011) 18-20 November 2011
Hacker Halted APAC (HHAPAC2011) 15-17 November 2011
Malaysia Government Open Source Conference 2011 (MyGOSSCON2011) 29-30 November 2011
Computer Security Day 2011 (CSD2011) 30 November 2011
2010
Malaysia Open Source Conference 2010 (MOSC2010) 29/30 June - 1 July 2010
Advanced Identify Management & Security 2010 (AIMS 2010) 20-21 September 2010
Next Generation Broadband Wireless Architecture Masterclass (NGBWAM 2010) 28-29 September 2010
Gartner Security Local Briefing 2010 (GartnerSec 2010) 15 July 2010
Hack In The Box 2010 (HITBSecconf 2010) - 4-14 October 2010
OSS Day KPM 2010 (OSS KPM 2010) - 12-13 October 2010
KL Green Hat 2010 (KLGH 2010) - 19-20 October 2010
CyberSecurity Malaysia Conference & Exhibition 2010 (CSMCE 2010)- 25-28 October 2010
Malaysia Government Open Source Conference 2010 (MyGOSSCON 2010)2-3 November 2010
Hacker Halted Asia Pacific 2010 (HHAPAC2010)- 9-11 November 2010
AMDI-USM OSS Day (AMDIOSS) 23 December 2010
2012
Secure Mobile App Development: Differences from Traditional Approach - 31 January 2012 10.00p.m PST
Automated Hacking Tools - Meet the New Rock Stars in the Cyber Underground 27 June 2012 9.00a.m GMT
Chapter Leader - Mohd Fazli Azran
Board Of Members 2010
- University Representative - Dr. Nurhizam Safie (Asia eUniversity)
- Government Representative - Mohd Naim Mohd Ibrahim (Ministry Of Home Affairs)
- Community Representative - Wan Adnan Wan Jaafar (NOC IPX)
- Private Sector Representative - Muhammad Shahriman Samsudin(Scan Associates)
- Sec. Professional Representative - Adli Wahid (MyCERT CyberSecurity)
Advisor - Amir Haris (MyNIC Berhad)
Observer - MySecurity Community (MySecurity)
1st OWASP Meetup 2018
OWASP Malaysia is Open Web Application Security Project for Malaysia Chapter. We like to share and discuss about security. Feel to join and participate as community. This is Open Source Project by OWASP Foundation.
- Topic : 1st OWASP Malaysia Meetup 2018
- Date : 5 April 2018 (Thursday)
- Time : 8.00a.m - 2.00p.m
- Venue : Hall Level 7, CyberSecurity Malaysia
- Event Program:
8.00a.m - 8.45a.m - Arrival Participant & Registration 8.45a.m - 9.00a.m - CEO,CTO & SVP Arrival 9.00a.m - 9.05a.m - Negaraku 9.05a.m - 9.10a.m - Doa recitation 9.10a.m - 9.15a.m - Speech by OWASP Malaysia Chapter Leader 9.15a.m - 9.20a.m - Keynote Speech by CEO CSM 9.20a.m - 9.30a.m - Refreshment 9.30a.m - 10.05a.m - Speech By Kamarul Baharin - Mobile Apps Analysis (My Experience) 10.05a.m - 10.40a.m - Speech By Adnan Shukor - Traffic Distribution System 10.40a.m - 11.15p.m - Speech By Ahmad Ramadhan - Responsible Disclosure 11.15a.m - 11.50p.m - Speech By Mr. Khairul Nadzmi - rawSEC: Empowering Local Security Community 11.50p.m - 2.00p.m - Lunch Sponsor by CSM & Network Session
OWASP Meetup Q2 2017
OWASP Malaysia is Open Web Application Security Project for Malaysia Chapter. We like to share and discuss about security. Feel to join and participate as community. This is Open Source Project by OWASP Foundation.
- Topic : OWASP Malaysia Meetup Q2 2017
- Date : 18 July 2017 (Tuesday)
- Time : 8.00a.m - 2.00p.m
- Venue : Auditorium Hall, Microsoft Malaysia, Level 26, Petronas Tower 3, KLCC
- Event Program:
8.00a.m - 9.00a.m - Arrival Participant 9.00a.m - 9.10a.m - Official Launch & Opening Speech by Microsoft Malaysia 9.10a.m - 9.20a.m - Speech by OWASP Malaysia Chapter Leader 9.20a.m - 9.35a.m - Keynote Speech by Datuk Wira Dr. Abu Bakar Mohamad Diah 9.35a.m - 10.00a.m - Breakfast 10.00a.m - 10.35a.m - Speech By Sanjay WS - The Security Problem & The Security Solution 10.35a.m - 11.10a.m - Speech By Walter Wong - Consumer Security Impact with Cloud and Machine Learning 11.10a.m - 11.45p.m - Speech By Razwan Mokhtar - Dealing with HealthCare Internet of Things security 11.45a.m - 12.20p.m - Speech By Hasnan Hasim - Introduction Rimau WAF 12.20p.m - 1.00p.m - Speech By Sina Manavi- Cyber-Crime as a Service and Quick Win Strategy to Tackle Them 1.00p.m - 2.00p.m - Pre Lunch by Microsoft
- Topic - The Security Problem and The Security Solution
Sanjay WS is a CTO of Astiotech Sdn Bhd and MVP Entreprise Security. In this session, I would like to share the security problems that are still plaguing Windows users until we see a worldwide pandemic security fear recently on ransomware. We walkthrough the historical security journey of Windows users and what Microsoft has done to address them. In Windows 10, Microsoft claims to have a silver bullet approach alongside other security primers in Windows 10, will it make the cut? You decide. I also hope to present a custom compromise in Windows that can easily be exploited in any version of Windows and let’s turn on this security solution and see if it survives.
- Topic - Rimau WAF
Hasnan Hasim holds a bachelor's degree in computer science (information technology) form ukm. With more than 15 years of experience handling Linux server and security device such as firewall, ips, ida and snort rules, ICT operations, training And system development In government sector. Main programming language using php, Java script. His presentation will show next generation WAF using mod_security with modern web UI for easy management.
- Topic - Consumer Security Impact with Cloud and Machine Learning
Walter Wong is a technical lead in Gain Secure, a Malaysian-based company. The company specialized for providing secure application development and user experience (UX) consultation services to customers. Walter is a Microsoft MVP for developer security and Microsoft Azure. Research on application development security is Walter's personal interest. He also successfully discovered many websites vulnerabilities including some high traffic websites over the past few years. Walter often speaks at technical conferences such as Visual Studio 2010 Launch, TechEd SEA, Security Symposium, TechNet/MSDN, Tech Insights and more. Hosting the application in the cloud infrastructure does not guaranty your application and data security by default. It’s developer responsibility to ensure the application developed, configured and hosted is secure by default. Come and join Walter in his demo packed rollercoaster ride to understand more about Microsoft Azure security features. If you looking forward for a demo how to break the application hosted in Azure, this is the session you don’t want to miss.
- Topic - Cyber-Crime as a Service and Quick Win Strategy to Tackle Them
Sina is an Iranian Senior Information Security Consultant working in banking industry as a CISO advisor helping the banks to design, develop and implement IT Security Blueprint, Project Monitoring, Risk and Compliances, Threatlandscape analysis. He has over 8 years expericen in IT Security area from Application Security, Secure Coding, Vulnerability Management and Penetration Testing in Mobile and Web Applications, SAP systems and Network. He has also experience in Security Posture assessment, Risk and Compliances and regulations in financial industry.
- Topic - Dealing with HealthCare Internet of Things security
Razwan Mokhtar is a system consultant and overseas system engineer for iDataMap Corporation from Adelaide, Australia. The company is developing new products to bridge the gap in personal health care communications, it’s stored encrypted patient data for ready access by clinicians and is especially useful for DICOM images. For the last 4 years he is very active integrating medical devices & internet of things in hospitals around Asia. Previously in Malaysia, Razwan Mokhtar was experience in the malware analysts focusing in botnet, development, implementation and management of complex Information Security for Department of Defense, Royal Malaysia Police, Royal Malaysian Navy and International Banks.
Registration are now open for all. Please download the apps name "OWASP Malaysia Meetup 2017" from Play Store (Android) & App Store (iOS) Please bear in mind this meetup have limited seat only 100ppl. Please register now to book your seat.
OWASP Meetup Q3 2016
OWASP Malaysia is Open Web Application Security Project for Malaysia Chapter. We like to share and discuss about security. Feel to join and participate as community. This is Open Source Project by OWASP Foundation.
- Topic : OWASP Malaysia Meetup Q3 2016
- Date : 22 September 2016 (Thursday)
- Time : 8.00a.m - 2.00p.m
- Venue : Hall Level 7, CyberSecurity Malaysia
- Event Program:
8.00a.m - 9.00a.m - Arrival Participant 9.00a.m - 9.10a.m - Official Launch & Opening Speech by CEO CyberSecurity Malaysia 9.10a.m - 9.20a.m - Speech by OWASP Malaysia Chapter Leader 9.20a.m - 10.00a.m - Breakfast 10.00a.m - 10.35a.m - Speech By Melvin Lim (Infoblox) - Data Exfiltration over DNS 10.35a.m - 11.10a.m - Speech By Mohamed Fadzlee Sulaiman (CSM) - CyberDEF: Uncovering Future Threats 11.10a.m - 11.45p.m - Speech By Ahmad Ashraff bin Ahmad (ISC) - Security Through Obscurity : Good or Bad? 11.45a.m - 12.20p.m - Speech By Azril Rahim (ISC) - A Practical Low Cost Cyber Threat Intelligence for SME 12.20p.m - 1.00p.m - Speech by Jay Chow (Rapid7) - Application Assessment for the Modern World 1.00p.m - 2.00p.m - Pre Lunch by CSM
- Topic - Security Through Obscurity : Good or Bad?
Ahmad Ashraff bin Ahmad will share on his 6 years experience conducting penetration testing and bug bounty hunting related to the 'Security Through Obscurity'. Is it the right choice to depend on security appliance? Is it bad to leave the code vulnerable while being protected by these 'obscurity'? What's the impact to the community?. Ahmad Ashraff was a chemical engineering student from UTP. Choose to be in the ITsec because of his believe in 'following your passion' will lead to the right path. 6 years as a pentester. Have been with multiple security companies to learn the strong,weakness,gaps that is currently missing in ITsec MY. Active in bug bounty, 1st place in Malaysia. 1st place in Bugcrowd.Currently working as a IT Security Specialist.
- Topic - Data Exfiltration over DNS
Started off as Solutions Specialist, Melvin carries with him over 13 years of security focus experiences working with leading companies like Bluecoat, McAfee, Akamai and Infoblox. With cyber defense always at the the top of his mind, he provided threat briefing, network security assessment workshops for many organisations in ASEAN, reviewed their network security posture for vulnerabilities, . In a few occasions, Melvin was called back by the organization when the security gaps he highlighted were subsequently exploited by the attackers. In Infoblox, Melvin focuses on data leakage over DNS, defense in depth against DNS DDoS and exploits, which are some of the least addressed security gaps in many organizations today.
- Topic - Application Assessment for the Modern World
Jay Chow brings with him more than 10 years of experience in the areas of network and security consulting, implementation, and support. Jay Chow has been on the ground designing, consulting and leading several key government and MNC security projects. Bearing deep practical and strong technical understanding on various security technologies in the market, Jay has been a valuable resource in providing security insights. In his role with Rapid7, Jay focuses on assisting mid-to-large enterprises engineer better security across the South Asia region by visualizing, contextualizing and extracting more insights on their current risk and security exposure.
- Topic - A Practical Low Cost Cyber Threat Intelligence for SME
Azril Rahim is a passionate cyber security expert with over 13 years of experiance. He is also an advocate for open source software where he also developed codes for computer security as well network and general purpose tools. His interest on computer security focuses on vulnerability assessment, pen-test, computer and network forensics, cyber threats intelligence, PKI and secure communication & network programming. He is also has won several awards from the Malaysian government for his work contribution in computer security. He is also hold several international certifications in computer security. Most of his cyber security work are proven hands on and validated via research papers, written & presented technical presentations, hands on work and also computer codes codings. More information about Azril work on computer security & programming can be obtain at his website at http://azrilrahim.site88.net
Mohamed Fadzlee Bin Sulaiman is currently leading CyberDEF unit under Digital Forensics Department, CyberSecurity Malaysia. Eight years of experience in digital forensics has emphasized his credibility in solving criminal and civil cases in major fields including Computer Forensics, Network Forensics, Mobile Phone and Video Forensics. With CyberDEF he has been assisting organization and corporate companies by providing comprehensive cyber security solution especially for Critical National Information Infrastructure (CNII) sectors. Based on the prosecution necessity, he has also experienced as an expert witness to provide testimonial for various cases in court. To date, Mr. Fadzlee has conducted and handled analysis for more than hundred digital forensic cases including hacking, financial crimes, harassment, seditious,bribery, IP theft and etc. Occasionally, he is invited as a speaker and trainer at Government Linked Companies (GLC), local and foreign Law Enforcement Agencies.
OWASP Meetup Q3 2015
OWASP Malaysia is Open Web Application Security Project for Malaysia Chapter. We like to share and discuss about security. Feel to join and participate as community. This is Open Source Project by OWASP Foundation.
- Topic : OWASP Malaysia Meetup Q3 2015
- Date : 14 September 2015 (Monday)
- Time : 9.00a.m - 2.00p.m
- Venue : Banquet Hall, Level 29, UniKL MIIT, Jln Sultan Ismail, KL
- Event Program:
9.00a.m - 10.00a.m - Arrival Participant 10.00a.m - 10.10a.m - Official Launch & Opening Speech by 10.10a.m - 10.20a.m - Speech by OWASP Malaysia Chapter Leader 10.20a.m - 10.30a.m - Breakfast 10.30a.m - 11.05a.m - Speech By Adnan Mohd Shukor (BlueCoat) - Attacker Toolkit and Strategic Web Compromise 11.05a.m - 11.40a.m - Speech By Sina Manavi (Kaapagam Technologies) - 11.40a.m - 12.15p.m - Speech By Farhan Faisal - Network Threat Visibility 12.15p.m - 1.00p.m - Speech By Adli Wahid (APNIC) - Establishing Security Response Capabilities 1.00p.m - 2.00p.m - Social Network (Refreshment)
- Topic - Attacker Toolkit and Strategic Web Compromise
Adnan Mohd Shukor or (@xanda) is a Threat Analyst at BlueCoat System. He detects, analyzes, and blocks web threats and one of his areas of expertise is in exploit kit detection. He also contributed codes and patches to several open source projects and communities before, and most of them are in IT security related projects. Prior to joining BlueCoat System, he was the Senior Analyst at Malaysia CERT, CyberSecurity Malaysia
- Topic -
Sina Manavi s a security enthusiast interested in penetration testing and digital forensics investgation. He has a master`s degree in computer science in the field of digital forensic investigation, and also certificate holder of CEH and CHFL. He has conducted many security talks and practical workshops and training on web/network/mobole penetration testing in Malaysia. His main interest is in mobile app penetration testing. He started his IT career as a software and database developer, and later joined the software database designing field. Currently, he works as professional trainer and information security consultant for Kaapagam Technologies Sdn Bhd in Malaysia.
- Topic - Network Threat Visibility
Farhan Faisal He started his way in system administration, exposed to the real threats every day,gaining real experience from live system. Got GPEN, CCNA, and work experience in MyCERT allows him to work on real customer's network and various environment. He have done Network Forensic, Incident Management, Penetration Testing, and Security Monitoring for various organization and government agencies. He runs his company Scan Insight Sdn Bhd, and right now building External Threat Monitoring
- Topic - Establishing Security Response Capabilities
Adli Wahid (@adliwahid) is a Security Specialist at the Asia Pacific Network Information Centre (APNIC) in Brisbane, Australia. He does a lot of engagement with network operators, CERTs/CSIRTs, Law Enforcement and Inter-Government Agencies. He is also a member on the Board of Directors of the Forum of Incident Response and Security Teams (FIRST). Prior to joining APNIC he was the Head of Malaysia CERT at CyberSecurity Malaysia and a member of MUFG-CERT (Bank of Tokyo-Mitsubishi UFJ) You can read some of his activities at APNIC’s blog https://blog.apnic.net/
OWASP Meetup Q2 2015
OWASP Malaysia is Open Web Application Security Project for Malaysia Chapter. We like to share and discuss about security. Feel to join and participate as community. This is Open Source Project by OWASP Foundation.
- Topic : OWASP Malaysia Meetup Q2 2015
- Date : 12 June 2015 (Friday)
- Time : 8.00a.m - 2.00p.m
- Venue : Theater Room, Level 7, CyberSecurity Malaysia, Seri Kembangan, Selangor
- Event Program:
8.30a.m - 9.00a.m - Arrival Participant 9.00a.m - 9.10a.m - Official Launch & Opening Speech by Dr. Amirudin Abdul Wahab CEO CyberSecurity Malaysia (CSM) 9.10a.m - 9.20a.m - Speech by OWASP Malaysia Chapter Leader 9.20.a.m - 9.50a.m - Speech By Fatah Al-Farihin (CSM) - Zero day malware detection/prevention using open source software - Proof of Concept 9.50a.m - 10.20a.m - Speech By Dick Bussiere (Tenable Security)- The increasing importance of Continuous Network Monitoring in today’s Cyberworld 10.20a.m - 10.35a.m - Rest 10.35a.m - 11.05a.m - Talk by Walter Wong (GainSecure) - Security Awareness for .Net Developers 11.05a.m - 11.45a.m - Speech by Azril Aari (Infoblox) - Advance Financial Malware: GameOver Zeus - The art of espionage, data ex-filtration and network disruption 11.45a.m - 12.15a.m - Speech By Ken Too (Vectra Network) - An Analysis of Recent Cyber Attacks 12.15p.m - 2.00p.m - Social Network (Friday Pray)
Abstract: Zero day malware detection/prevention using open source software - Proof of Concept Today, as computer attacks tend to be malware-centric, the cyber criminals have introduced sophistication in their attack techniques that makes the traditional way of protecting the enterprise with firewalls, intrusion detection systems and antivirus software at the network perimeter ineffective. While maintaining Honeypot technology to collect malware information from the Internet & internal organizations, we would like to present a proof on concept on mitigating zero day malware using several combination of open source projects involving malware collection from network traffic, ssl interception, sandboxing. evading anti-vm, network ids/ips, process flow, etc. From the idea, we are welcoming contributions & collaboration from the public & education sector.
Bio: Mr Fatah is currently a Senior Analyst under Malware Research Centre, MyCERT Department. He has already worked in information security domain for almost 10 years in most domain in security posture assessment (penetration testing, source code audit, wireless assessment, web assessment, database assessment, etc.), software development, geographical information system, managed security services, and others. He holds information security professional certification such as GWAPT, OSWiSP, HP ArcSight Certified Professional, ITILv3, CNE6, etc.
Abstract: The increasing importance of Continuous Network Monitoring in today’s Cyberworld
Bio : Mr. Dick Bussiere is Tenable Network Security’s Principal Architect for the Asia Pacific Region. In this multifaceted role, Mr. Bussiere is responsible for evangelizing the criticality of vulnerability assessment, vulnerability management, and thorough security monitoring as part of an organizations enhanced security posture. Mr. Bussiere is a frequent public speaker on these and other security and networking mattersMr. Bussiere frequently assists Financial Services Organizations, Governments, and Managed Security Service Providers in adopting a regimen of pro-active vulnerability management to help them reduce their vulnerability footprint.
Prior to Tenable, Mr. Bussiere was Arbor Network’s Solution Architect for Asia Pacific. In this role, Mr. Bussiere assisted organizations in assessing their risk exposure to Distributed Denial of Service attacks. He has advised several regulatory bodies on recommended legislation to protect critical infrastructure against DDoS attacks. Mr. Bussiere is a seasoned technical architect with over 20 years of experience in ICT security, computer networking, and engineering. Mr. Bussiere has a strong background in Research and Development, including both software and hardware engineering.
Mr. Bussiere was a principle in an ICT security consulting firm and provided consulting services to numerous business, academic and government organizations. Activities included developing network security architectures with an emphasis on intrusion detection and prevention techniques, as well as the development of comprehensive organizational security policies. Additionally, Mr. Bussiere was an active contributor to the IEEE P1901 Power Line Communication security architecture and specification. Mr. Bussiere is the holder of five patents related to computer networking. He was also an active participant in the IEEE and IETF working groups.
Abstract: Security Awareness for .Net Developers Design and code carefully can protect today's complicated business application. With the rising of cyber–attacks in recent years, developer security become an important aspects for all software business. If you are .Net developer, this session will show you the tips and tricks of secure your applications, understand security threat, tools and others.
Bio: Walter is the founder for Gain Secure based in Malaysia. The company specialized for providing secure application development and user experience (UX) consultation services to customers. Walter is a Microsoft MVP for developer security. Research on application development security is Walter's personal interest. He also successfully discovered many websites vulnerabilities including some high traffic websites over the past few years. Walter often speaks at technical conferences such as TechDays Hong Kong, TechEd SEA, Security Symposium, TechNet/MSDN, Tech Insights and more.
Abstract: Advance Financial Malware: GameOver Zeus - The art of espionage, data ex-filtration and network disruption GameOver ZeuS (GoZ) is the most sophisticated & the most researched malware to date. Since the released of the 2nd version of the original gruesome ZeuS malware, the new variant so-called “gameover” comes with a different strength and capabilities. It is more resilient, stealthy and deadly. It has cause the lost of millions of dollars and there are no specific methods to stop it. This has forced the FBI to put a bounty head for its creator.
Without any leading leaked source codes on its new capabilities & strength, most leading knowledge on GoZ is based on a 2 years of “assumption” from various threat intelligence's collected share data around the globe. The assumption date were derived from analyzing its network behavior and some reverse-engineered dumped codes since 2013.
This presentation contents will be based on the collaborate data that has been collected by Infoblox's Threat Intelligence group. The focus will be in discussing GoZ capabilities, how to detect & mitigate it.
Bio: Mr Azril is currently a core security researcher with Infoblox's Threat Intelligence Group based in Santa Clara, California USA. He has already worked in information security domain for almost 12 years with interest in computer forensics, PKI, trusted computing, virtualization, secure programming, penetration testing and malware analysis. He has been an active speaker at international industry conferences since 2005. He has authored several technical papers and developed award winning open source software particularly in computer forensics, trusted computing & virtualization. Graduated with 2 degrees in computer science and operation management from the University of Missouri, he also holds information security professional certifications such as GCFA, CEI, ECSP and CEH.
Abstract: An Analysis of Recent Cyber Attacks Over the past year, cyber attacks have gone from being a worst-case scenario for security teams to a real-world certainty. Yet for all the recent investment and focus on cyber security, attackers continue to succeed at stealing or destroying our most valued assets. In this discussion, we will deconstruct recent cyber attacks to see what is working in security and where the industry still has gaps. Then we will go beyond the search for simplistic silver bullets, and propose new models of defense-in-depth that can apply generically to detecting today's most sophisticated attacks.
This session will cover: - An analysis of recent cyber attacks and what they have in common - Understanding the inherent advantages attackers enjoy today, and how we can turn the tables - Proposing a repeatable methodology for automating the detection of breaches and APTs
Bio: Ken Too Ken Too is a Technical Director for Datapath Networks Sdn Bhd, focused on solutions using machine learning and data science that provide protection beyond the perimeter. Ken has a long history in security and had been working with HP & CSC. His discussion will deconstruct recent cyber attacks and how they are unfolding globally with a goal to propose repeatable and generic solutions to prevent damage to valuable assets.
- Please register here:
https://docs.google.com/forms/d/1UQb-EYR4oXh0qmelrM1SB7Abyj7R4LFdZi_kLtIbU4E/viewform
This events will covered by local newspaper and media by
OWASP Meetup Q1 2015
We welcome all the people that have interest to join this mini events and it open to everybody. Meetup with all hacker around Malaysian and Open Discussion with CyberSecurity Malaysia
- Date : 19 January 2015
- Avenue: Dewan Seminar, Menara Razak, UTM Jalan Semarak, Kuala Lumpur
- Schedule
- Time : 9.00a.m - 1.00p.m
- Event Program:
9.00a.m - 10.00a.m - Arrival Participant 10.00a.m - 10.10a.m - Opening Speech by CSM VVIP 10.10a.m - 10.20a.m - Speech by OWASP Malaysia Chapter Leader 10.20a.m - 11.20a.m - Speech By Saharudin Saat - Capturing Web Application Threats Virtual CMS Honeypot 11.20a.m - 12.20p.m - Speech by Sandeep Nain - Introducing Application Security In Your Organization Think Like a Developer 12.20p.m - 1.00p.m - Social Network 1.00p.m - 2.00p.m - Refreshment
- Please register here :
https://docs.google.com/forms/d/1UQb-EYR4oXh0qmelrM1SB7Abyj7R4LFdZi_kLtIbU4E/viewform
- Required registration at (https://docs.google.com/a/owasp.org/forms/d/1b5I0n2KyvuyqmsNb68PCs-w7mNruWpLXIbY74qVcf2o Click Here])
University Technology Malaysia (Maps)
Facebook Event https://www.facebook.com/events/381598735333730/
Title : Capturing Web Application Threats - Virtual CMS Honeypot by Saharudin Saat
Opensource Content Management System (CMS) is very popular and widely used by web administrators around the world nowadays because of their simplicity for the instant web application solution. Consequently, web applications have increasingly been the focus of attackers because of the unintentional web vulnerabilities that comes from the newly introduced functionality. This project aims at enhancing the level of security for CMS inside the Universiti Teknologi MARA (UiTM) network by providing the most extensive way on developing Virtual CMS Honeypots. The outcome is hoped to ease the web administrators to monitor any kind of computer threats such as hackers, worms and viruses in more comfortable and efficient way. The results also will provide the administrator some form of countermeasures for security purposes and traffic analysis. Using Customize Awstats, Snort, AcidBase and Proxy will provide a Honeypot for a rapidly expandable network and suit for the web administrator especially at UiTM to monitor webserver traffic activity and any latest computer threats.
BIO : Saharudin Saat is a System Administrator at Ministry of Domestic Trade Cooperatives and Consumerism with over 15 years of computer experience. Saharudin's expertise in server technology, network security and cloud computing. He is also a consultant for open source software and cloud computing for some government related agencies.
Winner of the Kaspersky Southeast Asia Cup IT Security for the next generation 2009.Won third place in Malaysian Government Open Source Software Award (MyGOSS) 2012 .Saharudin holds a Degree in Computer Science (Hons) Data Communication and Networking from the Universiti Teknologi MARA Malaysia.
Title: Introducing Application Security in Your Organization - Think Like a Developer by Sandeep Nain
To protect your enterprise from application layer attacks, your application security program needs to be goal-oriented and should be supported by a central team of professionals enabled with the best of the breed technologies; following effective processes. If you are wondering, how you can build such an application security program that effectively leverages secure development methodologies while being scalable and effective for a complex organization, this is the session to attend. In this session Speaker will cover:
- 1. How to build secure development lifecycle for development teams using modern software development methodologies
- 2. Challenges of enforcing secure development lifecycle at an enterprise scale
- 3. Reasons why most application security programmes fail and how we can collaborate with development teams for easier enterprise adoption
BIO : Sandeep Nain is Managing Principal in HP Enterprise Security Products and leads Fortify Solution Consulting Services. In this role, he is responsible for the business growth and delivery of software security solutions for South Pacific and Asia region. Sandeep and his team help customers understand their business requirement for application security programme, assess their current security maturity state, design solutions which fit their need and deliver outcomes that exceed expectations.
Before joining HP, Sandeep was a Managing Partner at Appsecure, an application security specialist firm where he built and led the application security consulting team to provide enterprise grade application security solutions to Australian market. Prior to this, Sandeep held various security consulting positions at Pure Hacking, Fortify, IBM and Accenture. With an IT career spanning over 13 years, Sandeep is an accomplished Application Security Expert. He has worked alongside many high-profile national and international organisations, enabling them to produce secure software. He has extensive experience with enterprise grade software languages, software development frameworks, mobile platforms and security and risk management frameworks which makes him a perfect security advisor to our clients.
Sandeep has been actively involved in industry open source projects such as OWASP (Australia) and is active in the development of papers and initiatives published through the community. Sandeep has presented on application and database security at a number of national and international conferences. Academically, Sandeep holds a Master of Technology degree in Information Technology with specialization in Distributed Computing and several industry certifications including CISSP, CSSLP and CEH.
- Required
OWASP Meetup Q4 2014
- Date : 4 November 2014 (Tuesday)
- Time : 8.00a.m - 1.00p.m
- Veneu: Dewan Seminar, Menara Razak, UTM, Jalan Semarak
Event Program:
Agenda
8.00a.m - 9.00a.m - Arriving all OWASPrians 9.00a.m - 9.15a.m - Opening Speech By OWASP Malaysia 9.15a.m - 10.15a.m - Opening Ceremony by Prof. Dr. Shamsul bin Sahibuddin (Dean of Advanced Informatics School, UTM) 9.45a.m - 10.15a.m - Social Activity 10.15.a.m - 11.15a.m Tobias Gondrom (OWASP Foundation) 10.15 .m - 10.45a.m - Wann Senn (Regal Paradigm) 1.45a.m - 12.15p.m - Amir Haris Ahmad (Localhost) 12.15p.m - 1.00p.m - Megat Muazzam Abdul Mutalib (CyberSecurity Malaysia) 1.00p.m - Networking & End
This events is FOC to all OWASPrian and Non-OWASPrian
Please Register and confirm your attendant here:
https://docs.google.com/forms/d/1J05m6wonvb6BYvAgK90JXN40PFkIWLX1XqR-dXlKs64/viewform
OWASP Meetup Q1 2014
- Date : 17 March 2014 (Monday)
- Time : 10.00a.m - 12.00p.m
- Venue: Nexperts Academy Sdn Bhd
C-3A-03, Block c, Level 3A, Phileo Damansara 1, No. 9, Jalan 16/11 off Jalan Damansara, 46350,Petaling Jaya, Selangor, Malaysia.
Event Program:
9.30a.m - 10.00a.m - Arrival Participant 10.00a.m - 10.10a.m - Opening Speech by OWASP Malaysia Chapter Leader 9.10a.m - 9.20a.m - Speech by Mr. Aatif Khan (Hack Defense) 9.20.a.m - 12.00a.m - Web Security 2.0 Threat - Aatif Khan - Hacking Windows 7/8 wit USB - Aatif Khan 12.50p.m - 1.00p.m - Social Network
BIO: Aatif Khan
Speaker Profile: Aatif Khan, Application Security Evangelist, has delivered highly technical security training for conferences, universities, and corporate clients like Bank of America, Verizon,Amazon, Google, Yahoo, etc. to excellent reviews. He is also one of the main founding member of HDCRB (Hack Defense Certification Review Board). Aatif consults for application security, and is having specialization in security assessments/penetration testing, infosec training's, and reverse engineering/malware analysis. Apart from his stupendous exposure in application security consulting from several years, he has also worked with Defense Personnel, Cyber Crime Police Officials and has also delivered over more than 2000 hours of Information Security training to IT Security Professional's & Government Agencies. He has authored Books entitled "Ethical Hacking", "Advance Penetration Testing", "Backtrack Starter Manual" published by Packt Publications, UK. He is popularly known for designing the most advance course on "Advance Penetration Testing" with his Lab Book & Lab Exam, and has received stupendous feedback from top notch security experts. You can find more about him here - facebook.com/thenapsterkhan
Please register here :
https://docs.google.com/a/bio-xcell.my/forms/d/1kpxanFk4SeM5bwB9PbBdpKj1ZT9LWVxbpBqZowcGuSo/viewform
OWASP Meetup Q2 2013
Event Program:
8.30a.m - 9.00a.m - Arrival Participant 9.00a.m - 9.10a.m - Opening Speech by INTAN VVIP 9.10a.m - 9.20a.m - Speech by OWASP Malaysia Chapter Leader 9.20.a.m - 10.20a.m - Speech By Tobias Gordon - CISO for Manager 10.20a.m - 10.35a.m - Rest 10.35a.m - 10.50a.m - Talk by INTAN (TBA) 10.50a.m - 11.50a.m - Speech by Drew William - Governance, Risk and Compliance 11.50a.m - 12.50a.m - Speech By Tobias Gordon - Secure Coding 12.50p.m - 1.00p.m - Social Network
BIO: Tobias Gondrom
"Tobias Gondrom is CEO at Thames Stanley, a boutique Global CISO and Information Security & Risk Management Advisory based in Hong Kong, United Kingdom and Germany.
He has 15 yrs of experience in software development, application security, cryptography, electronic signatures and global standardization organizations working for independent software vendors and large global corporations in the financial, technology and government sector.
Over the years, he has trained and advised dozens of CISOs and senior information security leaders around the globe. Since 2003 he is the chair of working groups of the IETF (www.ietf.org), a member of the IETF security directorate, and since 2010 chair of the web security WG at the IETF. He has been in a number of project and chapter leadership roles for OWASP since 2007. Currently, he is a board member of the OWASP London and the CSA Hong Kong and Macau chapters and leads the OWASP CISO Report and Survey project. He is an ISC2 CSSLP and CISSP Instructor. Tobias has authored the Internet standards RFC 4998 and RFC 6283, also co-authored the books „Secure Electronic Archiving“ and the OWASP CISO Guide and is a frequent presenter at conferences and publication of articles (e.g. AppSec, IETF, ISSE, ...).
BIO: Drew Williams
Drew Williams has a pedigree in information management and security that began more than 30 years ago while serving as a journalist and public affairs liaison in the U.S. Navy, participating in key military missions that included the U.S. counter-deterrent against the Soviet invasion of Afghanistan in 1979, and the attempted hostage rescue operation in Tehran in 1980.
On matters of State, Drew served on the President’s Partnership for Critical Infrastructure Security (a precursor to the Department of Homeland Security), and was one of a handful of original drafters of the 1996 Health Information Portability and Accountability Act (HIPAA) Security Policy guidelines for the U.S. government, the 1998 Common Vulnerabilities Enumeration (CVE) reporting model for how viruses and security risks are reported, and was a founding member of the Intrusion Detection Consortium (1999), and worked on the early stages of Common Criteria parameters for infosec product development. In 2004, Drew established the Center for Policy and Compliance for Configuresoft/VM-Ware, and lectures annually in Southeast Asia on IT security trends and best practices, and was named by a security consortium in Australia as “One of the top 20 most influential people in IT security in the Pacific” in 2010.
Please register here :
https://docs.google.com/a/owasp.org/forms/d/1KvFM22I3PkMaG087vNgB6m-DHHfOZyR3VRXgkexYxHY/viewform
OWASP Meetup Q1 2013
We welcome all the people that have interest to join this mini events and it open to everybody. Meetup with all hacker around Malaysian and Open Discussion with CyberSecurity Malaysia
- Date : 3 April 2013
- Avenue: Theater Room, Level 7, Bangunan Sapura@Mines, Seri Kembangan, Selangor
- Schedule
12.30p.m - Lunch (Provided by CSM) 1.00p.m - Registration 2.00p.m - Opening Speech by CSM VVIP 2.10p.m - Welcome Remark by Mohd Fazli Azran (OWASP Malaysia) 2.20p.m - Speech by MyCERT - Activity Hacking & Report 2012 2.45p.m - Speech by Jim Manico - Top 10 Web Security Defense 3.45p.m - Tea Break 4.10p.m - Q&A with the presenter (MyCERT, Jim & OWASP) 4.45p.m - Social Network 5.00p.m - Dismiss
- Required registration at (https://docs.google.com/a/owasp.org/forms/d/1jS_17ppypXiX3fEtScjWimktGy4eBx0EdsyQoJ-H7h0/viewform?pli=1 Click Here])
CyberSecurity Malaysia (Maps)
Facebook Event https://www.facebook.com/events/575425859134709/
Title: Top Ten Web Security Defenses
We cannot “firewall” or “patch” our way to secure websites. In the past, security professionals thought firewalls, Secure Sockets Layer (SSL), patching, and privacy policies were enough. Today, however, these methods are outdated and ineffective, as attacks on prominent, well-protected websites are occurring every day. Citigroup, PBS, Sega, Nintendo, Gawker, AT&T, the CIA, the US Senate, NASA, Nasdaq, the NYSE, Zynga, and thousands of others have something in common – all have had websites compromised in the last year. No company or industry is immune. Programmers need to learn to build websites differently. This talk will review the top coding techniques developers need to master in order to build a low-risk, high-security web application.
BIO: Jim Manico is the VP of Security Architecture for WhiteHat Security, a web security firm. He authors and delivers developer security awareness training for WhiteHat Security and has a background as a software developer and architect. Jim is also a global board member for the OWASP foundation. He manages and participates in several OWASP projects, including the OWASP cheat sheet series and the OWASP podcast series.
- Required
OWASP Meetup Q2 2013
We welcome all the people that have interest to join this mini events and it open to everybody. Meetup with all hacker around Malaysian and Open Discussion with CyberSecurity Malaysia
- Date : 3 April 2013
- Avenue: Theater Room, Level 7, Bangunan Sapura@Mines, Seri Kembangan, Selangor
- Schedule
12.30p.m - Lunch (Provided by CSM) 1.00p.m - Registration 2.00p.m - Opening Speech by CSM VVIP 2.10p.m - Welcome Remark by Mohd Fazli Azran (OWASP Malaysia) 2.20p.m - Speech by MyCERT - Activity Hacking & Report 2012 2.45p.m - Speech by Jim Manico - Top 10 Web Security Defense 3.45p.m - Tea Break 4.10p.m - Q&A with the presenter (MyCERT, Jim & OWASP) 4.45p.m - Social Network 5.00p.m - Dismiss
- Required registration at (https://docs.google.com/a/owasp.org/forms/d/1jS_17ppypXiX3fEtScjWimktGy4eBx0EdsyQoJ-H7h0/viewform?pli=1 Click Here])
CyberSecurity Malaysia (Maps)
Facebook Event https://www.facebook.com/events/575425859134709/
Title: Top Ten Web Security Defenses
We cannot “firewall” or “patch” our way to secure websites. In the past, security professionals thought firewalls, Secure Sockets Layer (SSL), patching, and privacy policies were enough. Today, however, these methods are outdated and ineffective, as attacks on prominent, well-protected websites are occurring every day. Citigroup, PBS, Sega, Nintendo, Gawker, AT&T, the CIA, the US Senate, NASA, Nasdaq, the NYSE, Zynga, and thousands of others have something in common – all have had websites compromised in the last year. No company or industry is immune. Programmers need to learn to build websites differently. This talk will review the top coding techniques developers need to master in order to build a low-risk, high-security web application.
BIO: Jim Manico is the VP of Security Architecture for WhiteHat Security, a web security firm. He authors and delivers developer security awareness training for WhiteHat Security and has a background as a software developer and architect. Jim is also a global board member for the OWASP foundation. He manages and participates in several OWASP projects, including the OWASP cheat sheet series and the OWASP podcast series.
- Required
Computer Security Day 2011
We welcome all the people that have interest to join the mini events and it open to everybody. Meetup with all hacker around Malaysian and Open Discussion with CyberSecurity Malaysia
- Date : 30 November 2011
- Avenue: Theater Room, Level 7, Bangunan Sapura@Mines, Seri Kembangan, Selangor
- Schedule
1.00p.m - 2.00p.m - Registration (Lunch Provided) 2.00p.m - Arrival Lt Col. (R) Prof Dato' Husin Bin Jazri 2.05p.m - Opening Speech by MC 2.10p.m - Doa 2.15p.m - Opening Speech by Mohd Fazli Azran (OWASP Malaysia) 2.20p.m - Introduction by the participant 2.50p.m - Presentation about CSM & activity CSM for 2012-2013 - Corporate Video - MyCERT Introduction by Adli Wahid Vice President Responsive Service CSM Dialogue 3.15p.m - Speech by CEO CyberSecurity Malaysia Lt Col. (R) Prof Dato' Husin Bin Jazri 3.40p.m - Q & A session 4.20p.m - Tea Break and Networking 4.50p.m - Dismiss
- Required registration at (Click Here)
CyberSecurity Malaysia (Maps)
Facebook Event https://www.facebook.com/events/147779481990578/
- Required
AMDI-USM OSS Day 2010
- Date : 23 December 2010 Thurday
- Time : 8.00a.m - 5.00p.m
- Avenue : Hotel Seri Malaysia, Kepala Batas, Pulau Pinang Malaysia
AMDI USM OSS DAY will show a variety of interactive mix of activities that consistent with the objective to promote and bring awareness about Open Source Software in general:
Seminar: 9 talks related to the awareness of Open Source will be held consisting of activists, consumers, application developers or experienced specialists who also come from the Open Source industry itself.
Demonstration: as with any conference, AMDI USM OSS DAY will be holding a demonstration open to visitors who present at the event square. The demonstration is consist by activists, community and society where will provide an opportunity for visitors to know and see more closely what is open source and proprietary technology. We also promote activities in the demonstration area to enliven the program.
To register please click at here AMDI-USM (AMDI-USM OSS Day 2010)
OWASP 4th Meeting Malaysia Chapter
- Date : 23 November 2010 Tuesday
- Time : 2.00p.m - 5.00p.m
- Avenue : Malaysian Computer Emergency Response Team (MyCERT), CyberSecurity Malaysia, Level 7, SAPURA@MINES, Jln Tasik, Mines Resort City, Seri Kembangan, Selangor
- Agenda
2.00 : Arrival participant 2.10 : Offensive Security - Muhammad Muslim Mansor 3.40 : Web Application Firewalls: What are we really getting into? - Alex Tan 5.10 : Refreshment
- Web : www.owasp.my
- Twitter : @owaspmy #owaspmy
- Facebook : http://www.facebook.com/OWASP.Malaysia to RSVP
OWASP 3rd Meeting Malaysia Chapter
- Date : 19 October 2010 Tuesday
- Time : 2.00p.m - 5.00p.m
- Avenue : Malaysian Computer Emergency Response Team (MyCERT), CyberSecurity Malaysia, Level 7, SAPURA@MINES, Jln Tasik, Mines Resort City, Seri Kembangan, Selangor
- Agenda
2.00 : Arrival participant 3.00 : Opening Speech 3.05 : Brian Ritchie - Topic TBA 4.05 : Adnan Mohd Syukor - Topic TBA 5.05 : Refreshment
- Web : www.owasp.my
- Twitter : @owaspmy #owaspmy
- Facebook : http://www.facebook.com/OWASP.Malaysia to RSVP
OWASP 2nd Meeting Malaysia Chapter
- Date : 15 May 2010 Saturday
- Time : 3.00p.m - 5.00p.m
- Avenue : City University College Of Science Technology (CUCST)
Map: City University
Topic :
1) Outbound Monitoring - the Forgotten Child in Infosec (1 hour) 2) Introduction to the new and highly lethal HTTP DDOS attack technique.(1 hour)
Registration Fee : FOC
Parking Fee : FOC (More Parking)
Registration : http://www.facebook.com/event.php?eid=123844360964411&index=1
Speaker : Wong Onn Chee
Background :
Wong Onn Chee : Chief Tehnology Office, Resolvo System, Singapore
Onn Chee is currently working as the Chief Technology Officer in Resolvo Systems, a leading information leakage expert in Asia. He has led numerous large-scale projects, primarily in the government and defence sectors. His areas of expertise include information leakage protection, web security and security strategy. Onn Chee is a founding member and the first Vice-President of the Information Systems Security Association (ISSA), Singapore Chapter, the largest international, not-for-profit association for security professionals. He was also a former member of the Center of Internet Security (US) which provides well-recognised security benchmarks for various systems which are commonly used by US Federal Government and private organisations. Onn Chee is also the current Singapore chapter lead of Open Web Application Security Project (OWASP) which publishes the widely respected OWASP Top 10 web vulnerabilities. Other than being a information security professional, Onn Chee is also trained in BS 7799/ISO 17799, ISO 9000 and ITIL. He is also a certified Project Management Professional (PMP) and certified PRINCE2 Practitioner. In 2007, Onn Chee was appointed as the President of International Association of Software Architect (IASA), Singapore Chapter.
For more detail please contact: Mobile : 013-2048672 Email : [email protected]
OWASP 1st Official Meeting Malaysia Chapter
- Date : 31 March 2010 Wednesday
- Time : 2.30p.m - 5.00p.m
- Avenue : CyberSecurity Malaysia (Sapura Building), Level 7, Jln Tasik, Mines Resort City, Seri Kembangan, Selangor
- Agenda
2.30 : Arrival participant 3.00 : Opening Speech 3.15 : Introduction of OWASP 3.30 : Introduction of CyberSecurity Malaysia, Summary Report and Incident of Web in Malaysia 4.00 : Meeting Start - Chair Meeting : OWASP Malaysia Chapter Leader : Comittee Members - CyberSecurity Malaysia, MySecurity Community
- OWASP Board Of Members election.
BOM - University Representative BOM - Government Representative BOM - Community Representative BOM - Security Professional Representative BOM - Private Sector Representative
- OWASP activities
1) Workshop 2) Events
- Register Here : It FOC this is meeting not Workshop/Training/Seminar
http://www.facebook.com/event.php?eid=357732261091&index=1
OWASP Conference
Cyber Range Academy Conference 2018 (CRAC2018) 7-8 October 2018
World CyberSecurity Day 2018 (WCSD2018) 21-22 April 2018
I@Secure Cyber Campaign 2018 (ISCC2018) 18 April 2018
Cyber Range Academy Conference 2017 (CRAC2017) 26-27 September 2017
OWASP Day KL 2016 (OWASP Day KL 2016) 15-17 November 2016
OWASP Day KL 2011 (OWASP Day KL 2011) 20-21 September 2011
Bengkel Asas Keselamatan 2015 (Bengkel Asas Keselamatan Server Dari Ancaman Penggodam 2015) 21 September 2015
Here our Official OWASP Members list 2017:
- 1)Raihan Ahmad
- 2)Azlina Ahmad
- 3)Mohd Sufian Ahmad
- 4)Norzaidi Baharudin
- 5)Rene FBernard
- 6)Mohd Sofian Akasah
- 7)Ahmad Maher Che Mohd Adib
- 8)Mohamed Ashraf Husni Zai
- 9)Aldi Johari Shaqis
- 10)Mohd Hafiz Kamaruzaman
- 11)Khalid Zulazly
- 12)Mohd Dawi Mohd Haritih
- 13)Shazil Imri Mohd Hizam (Individual Lifetime)
- 14)Tajul Azhar Mohd Tajul Ariffin
- 15)Mohd Hanafiah Muhamad
- 16)Muhammad Hamizi Jaminan
- 17)NORAZLAN NORDEN
- 18)Rajivarnan Raveendradasan
- 19)Aalim Rozli
- 20)Ahmad Aizuddin Aizat Tajul Arif
- 21)James Tan
- 22)Adli Wahid
- 23)Yong Kian Chong
- 24)Shazri Azizan
Here our Official OWASP Members list 2016:
- 1) Adli Wahid
- 2) Lim Soo Kok
- 3) Gurdip Singh
- 4) Rajivarnan Raveendradasan
- 5) Krishna Rajagopal
- 6) Mohd Rahim Muhamad
- 7) Mohd Hanafiah
- 8) Norazlan Norden
- 9) Shazil Imri Mohd Hizam
- 10) Khairul Marjan
- 11) Zulazly Khalid
- 12) Mohamad Hamizi Jamaludin
- 13) Mohamed Ashraf Husni Zai
- 14) Anthony Hing Kheong
- 15) Hidzuan Hashim
- 16) Razif Hashim
- 17) Wati Darma
- 18) Matlan Dahari
- 19) Ahmad Aizuddin Aizat Tajul Arif
- 20) Amir Osman
- 21) Muhammad Zuhair Abd Rahman
- 22) Norzaidi Baharudin
- 23) Mohd Sufian Ahmad
- 24) Azlina Ahmad
- 25) Raihan Ahmad
- 26) Ahmad Amran Ahmad
- 27) Mohammad Zahir Mat Salleh
- 28) Mohd Khairuddin Che Ibrahim
- 29) Muhammad Najmi Ahmad Zabidi
- 30) Sofian Akasah
- 31) Mohd Shahril Hussin
Here our Official OWASP Members list 2015:
- 1) Mohd Azri Abdullah
- 2) Ahmad Amran Ahmad
- 3) Mohd Sufian Ahmad
- 4) Norzaidi Baharudin
- 5) Ahmad Aizuddin Aizat Tajul Arif
- 6) Arif Fahmi Fisal
- 7) Ab Malek Idris
- 8) Mohamad Hamizi Jamaludin
- 9) Chien Shing Kuan
- 10) Shaifullnizam Mohamad
- 11) Simon Lim
- 12) Charles Loh
- 13) Shazil Imri Mohd Hizam
- 14) Mohd Firdaus Ramlan
- 15) Bharanidharan Shanmugam
- 16) Kam Yim Siew
- 17) James Tan
- 18) Choong Tan Fook
- 19) Adli Wahid
- 20) Kiang Chong Yong
- 21) Lillian Nasharitah Boney Abdullah
- 22) Hidzuan Hashim
- 23) Neo Wong Wei Zhen
- 24) Harisfazillah Jamel
- 25) Yong Kiang Chong
- 26) Kamal Tam
- 27) Jalani Sidek
- 28) Hafidz Nasruddin
- 29) Tajul Azhar Mohd Tajul Ariffin
- 30) Mohammed Mirza
- 31) Hafiz Ismail
Here our Official OWASP Members list 2014:
- 1) James Tan
- 2) Mohd Syazwan Mohd Shafie
- 3) Willie Poh
- 4) Bharanidharan Shanmugam
- 5) Shaiffulnizam Mohamad
- 6) Fakrul Adli Mohd Zaki
- 7) Hidzuan Hashim
- 8) Kenneth Lau
- 9) Adzmely Mansor
- 10) Amir Osman
- 11) Ahmad Kiambang
- 12) Mohammed Mirza
- 13) Samad Mayang
- 14) Rahmat Tuah
- 15) Sabariah Kesuma
- 16) Mohd Som
- 17) Kamal Tam
- 18) Razif Hashim
- 19) Mohd Rahim
- 20) Hafiz Ratnasari
- 21) Jalani Sidek
- 22) Choong Tan Fook
- 23) Matlan Dahari
- 24) Yew Seng Ong
- 25) Mokhtar Azman Mohamed
- 26) Wati Darma
- 27) Khairul Marjan
- 28) Ling Koh Yew
- 29) Lim Soo Kok
- 30) Chuan Kian Tan
- 31) Anthony Hing Kheong
- 32) Kiang Chong Yong
- 33) Adli Wahid
- 34) Norzaidi Baharudin