This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Malta"

From OWASP
Jump to: navigation, search
m (Upcoming Events)
 
(15 intermediate revisions by the same user not shown)
Line 6: Line 6:
 
==Listing of Upcoming Events==
 
==Listing of Upcoming Events==
  
 +
=== OWASP Malta Chapter Meeting, November, 2019 ===
  
=== OWASP Malta Chapter Meeting, June, 2018 ===
+
'''When:'''
 +
* Date: Wednesday 6th November 2019
 +
* Time: 18:00
  
'''When:'''
 
* Date: Thursday 14th June 2018
 
* Time: 18:30
 
 
'''Where:'''  
 
'''Where:'''  
  
MCAST IICT - MCAST Main Campus,
+
Malta Information Technology Agency
  
Triq Kordin, Paola PLA 9032
+
MITA Data Centre, Triq Il - Ferrovija, Santa Venera
 
 
Map: https://goo.gl/maps/W6gUjDb19xo
 
  
'''Title:''' TBA
+
Map: https://goo.gl/maps/bspHHkT5xkz
  
<blockquote>TBA.</blockquote>
 
  
'''Speaker:''' TBA
+
'''Title:''' Capture The Flag (CTF) tales and adventures
  
'''RSVP:''' TBA
+
Capture The Flag is an information security competition that challenges contestants to solve a variety of tasks ranging from simply finding a piece of information on a web page to performing a hack of a server. This talk gives a complete beginner friendly introduction to CTFs and gives you a path in solving your 1st challenge.
  
 +
'''Speaker:'''  Mindaugas Slusnys / Adam Simuntis
  
 
[[#Upcoming Events|Back to Top]]
 
[[#Upcoming Events|Back to Top]]
  
 +
=Past Meetings and Events=
 +
==Listing of Past Meetings and Events==
 +
[[#2018|2018]] | [[#2017|2017]] | [[#2016|2016]]]
  
=== OWASP Malta Chapter Meeting, August, 2018 ===
+
----
 +
==2018==
  
 +
=== OWASP Malta Chapter Meeting, December, 2018 ===
 
'''When:'''  
 
'''When:'''  
* Date: Thursday 9th August 2018
+
* Date: Wednesday 19th December 2018
 
* Time: 18:30
 
* Time: 18:30
 +
 
'''Where:'''  
 
'''Where:'''  
  
MCAST IICT - MCAST Main Campus,
+
Malta Information Technology Agency
  
Triq Kordin, Paola PLA 9032
+
MITA Data Centre, Triq Il - Ferrovija, Santa Venera
  
Map: https://goo.gl/maps/W6gUjDb19xo
+
Map: https://goo.gl/maps/bspHHkT5xkz
  
'''Title:''' TBA
 
  
<blockquote>TBA.</blockquote>
+
'''Title:''' Reverse proxies & Inconsistency (from ZeroNights 2018)
  
'''Speaker:'''  TBA
+
Modern websites are growing more complex with different reverse proxies and load balancers covering them. They are used for various purposes: request routing, caching, putting additional headers, restricting access. In other words, reverse proxies must both parse incoming requests and modify them in a particular way. However, path parsing may turn out to be quite a challenge due to mismatches in the parsing of different web servers. Moreover, request converting may imply a wide range of different consequences from a information security point of view. I have analyzed different reverse proxies with different configurations, the ways they parse requests, apply rules, and perform caching. In this talk, I will both speak about general processes and the intricacies of proxy operation and demonstrate the examples of bypassing restrictions, expanding access to a web application, and new attacks through the web cache deception and cache poisoning.
 
 
'''RSVP:''' TBA
 
  
 +
'''Speaker:'''  Aleksei ''"GreenDog"'' Tiurin (Senior Security Researcher at Acunetix)
  
 
[[#Upcoming Events|Back to Top]]
 
[[#Upcoming Events|Back to Top]]
  
=== OWASP Malta Chapter Meeting, October, 2018 ===
+
=== OWASP Malta Chapter Meeting, August, 2018 ===
 
 
 
'''When:'''  
 
'''When:'''  
* Date: Thursday 11th October 2018
+
* Date: Wednesday 1st August 2018
* Time: 18:30
+
* Time: From 18:00
 
'''Where:'''  
 
'''Where:'''  
  
MCAST IICT - MCAST Main Campus,
+
Malta Information Technology Agency
  
Triq Kordin, Paola PLA 9032
+
MITA Data Centre, Triq Il - Ferrovija, Santa Venera
  
Map: https://goo.gl/maps/W6gUjDb19xo
+
Map: https://goo.gl/maps/bspHHkT5xkz
  
'''Title:''' TBA
 
  
<blockquote>TBA.</blockquote>
+
'''Title:''' Blockchain Security
  
'''Speaker:'''  TBA
+
Overview of all the areas around blockchain security, including supporting infrastructure, smart contract security, etc.
  
'''RSVP:''' TBA
+
'''Speaker:''' Rodrigo Marcos
  
  
 
[[#Upcoming Events|Back to Top]]
 
[[#Upcoming Events|Back to Top]]
 
+
===OWASP Malta Chapter Meeting, June, 2018 ===
=== OWASP Malta Chapter Meeting, December, 2018 ===
 
  
 
'''When:'''  
 
'''When:'''  
* Date: Thursday 13th December 2018
+
* Date: Thursday 21st June 2018
 
* Time: 18:30
 
* Time: 18:30
 
'''Where:'''  
 
'''Where:'''  
Line 93: Line 92:
 
Map: https://goo.gl/maps/W6gUjDb19xo
 
Map: https://goo.gl/maps/W6gUjDb19xo
  
'''Title:''' TBA
+
'''Title:''' IT SECURITY: A SLIDE FROM THE BOTTOM TO THE TOP
  
<blockquote>TBA.</blockquote>
+
Technological advances shape the way we work and live now and for years to come. Breakthroughs are the order of the day and web applications are created practically on the fly. Combine that with mass distribution and all of a sudden security, best-practice frameworks and even regulations get relegated to the catching-up zone. In this talk Mark Fenech will adopt Information Security principles for the development of web applications, so that management, developers and business stakeholders alike will have a framework within which they can ruminate for more secure web applications.
  
'''Speaker:'''  TBA
+
'''Speaker:'''  Mark Fenech
  
'''RSVP:''' TBA
+
With over 20 years of experience in the IT and Financial Services industry, Mark Fenech heads the IT Audit Team within a local bank. Ranging from technical, less technical and outright non-technical domains, Mark’s skills extend across multiple disciplines required within IT Auditing, IT Risk Management, Cybersecurity and other various IT Management Processes. Mark is a Certified Information Systems Auditor (CISA, ISACA), Certified in Risk and Information System Controls (CRISC, ISACA), holds certifications in Cybersecurity (CSX, ISACA) and in the Governance and Management Framework for Enterprise IT (COBIT, ISACA), is a Member of the Business Continuity Institute (MBCI), holds a Teacher’s Warrant from the Council for the Teaching Profession, and is also a Competent Communicator (CC, Toastmasters International). In addition, Mark holds a BSc in Mathematics and Computer Science from the University of Malta, and an MBA from the Maastricht School of Management. He is also a seasoned Public Speaker and speaks frequently on a variety of topics for educational purposes and for raising awareness within different entities.
  
 
+
[[#Listing of Past Meetings and Events|Back to Top]]
[[#Upcoming Events|Back to Top]]
 
 
 
=Past Meetings and Events=
 
==Listing of Past Meetings and Events==
 
[[#2018|2018]] | [[#2017|2017]] | [[#2016|2016]]]  
 
 
 
----
 
==2018==
 
  
 
=== OWASP Malta Chapter Meeting, April, 2018 ===
 
=== OWASP Malta Chapter Meeting, April, 2018 ===
Line 137: Line 128:
 
[[#Listing of Past Meetings and Events|Back to Top]]
 
[[#Listing of Past Meetings and Events|Back to Top]]
  
 +
=== OWASP Malta Chapter Meeting, October, 2018 ===
 +
'''When:'''
 +
* Date: Friday 19th October 2018
 +
* Time: From 18:00
 +
'''Where:'''
 +
 +
Malta Information Technology Agency
 +
 +
MITA Data Centre, Triq Il - Ferrovija, Santa Venera
 +
 +
Map: https://goo.gl/maps/bspHHkT5xkz
 +
 +
'''Talk 1: Manning Infosec Strategy'''
 +
 +
There are three main factors that influence how information security is dealt with these days - (1) the presumed risk if we don’t do it (or do it badly), (2) the pace at which technologies and business styles change and (3) the lack of a structure behind any infosec activities.
 +
 +
It’s clear to me that these are just some of the challenges infosec teams must deal with nowadays. This talk will open the floor to a discussion of blockers, challenges and drivers discussing the evolution of the roles associated with infosec and later merging best practice recommendations with an infosec strategy to dealing with risks. Finally, once a strategy is adopted, the presentation will present some ideas on how to gauge progress– such that efforts to improve are both meaningful and measurable.
 +
 +
'''Speaker:'''  Donald Tabone
 +
 +
Donald currently manages the Infosec team @ LeoVegas. He teaches the subject at a Masters level with Middlesex University and has worked for many years in the fields of Information Security, IT Auditing and Risk Management. With a career spanning more than 20 years working across Europe and the US, he is a long-standing Gold member of ISACA and also has the honour of working as a Technical Forensic Court Expert for the Courts of Malta.
 +
 +
'''Talk 2: MDR vs SIEM'''
 +
 +
SIEM's are awesome tools and have gained huge traction in past years. While they've without a doubt changed the landscape of cyber security, they leave quite a few holes which most info-sec pro's are unaware of. Jean-Michel will be explaining how both existing and prospective users of SIEM tools can avoid these caveat's and make the most of their technology reach.
 +
 +
'''Speaker''': Jean-Michel Azzopardi
 +
 +
Jean-Michel is the Ceo of Kralanx Cyber Security.  He has experience under IBM as an SAP consultant and has sold cyber security software to Apple, Huawei and countless government organizations around the world. 
 +
 +
 +
[[#Upcoming Events|Back to Top]]
  
 
----
 
----

Latest revision as of 13:42, 25 October 2019

OWASP Malta

Welcome to the Malta chapter homepage. The chapter leader position is Rodrigo Marcos


Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

Btn donate SM.gif to this chapter or become a local chapter supporter. Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG


Listing of Upcoming Events

OWASP Malta Chapter Meeting, November, 2019

When:

  • Date: Wednesday 6th November 2019
  • Time: 18:00

Where:

Malta Information Technology Agency

MITA Data Centre, Triq Il - Ferrovija, Santa Venera

Map: https://goo.gl/maps/bspHHkT5xkz


Title: Capture The Flag (CTF) tales and adventures

Capture The Flag is an information security competition that challenges contestants to solve a variety of tasks ranging from simply finding a piece of information on a web page to performing a hack of a server. This talk gives a complete beginner friendly introduction to CTFs and gives you a path in solving your 1st challenge.

Speaker: Mindaugas Slusnys / Adam Simuntis

Back to Top

Listing of Past Meetings and Events

2018 | 2017 | 2016]


2018

OWASP Malta Chapter Meeting, December, 2018

When:

  • Date: Wednesday 19th December 2018
  • Time: 18:30

Where:

Malta Information Technology Agency

MITA Data Centre, Triq Il - Ferrovija, Santa Venera

Map: https://goo.gl/maps/bspHHkT5xkz


Title: Reverse proxies & Inconsistency (from ZeroNights 2018)

Modern websites are growing more complex with different reverse proxies and load balancers covering them. They are used for various purposes: request routing, caching, putting additional headers, restricting access. In other words, reverse proxies must both parse incoming requests and modify them in a particular way. However, path parsing may turn out to be quite a challenge due to mismatches in the parsing of different web servers. Moreover, request converting may imply a wide range of different consequences from a information security point of view. I have analyzed different reverse proxies with different configurations, the ways they parse requests, apply rules, and perform caching. In this talk, I will both speak about general processes and the intricacies of proxy operation and demonstrate the examples of bypassing restrictions, expanding access to a web application, and new attacks through the web cache deception and cache poisoning.

Speaker: Aleksei "GreenDog" Tiurin (Senior Security Researcher at Acunetix)

Back to Top

OWASP Malta Chapter Meeting, August, 2018

When:

  • Date: Wednesday 1st August 2018
  • Time: From 18:00

Where:

Malta Information Technology Agency

MITA Data Centre, Triq Il - Ferrovija, Santa Venera

Map: https://goo.gl/maps/bspHHkT5xkz


Title: Blockchain Security

Overview of all the areas around blockchain security, including supporting infrastructure, smart contract security, etc.

Speaker: Rodrigo Marcos


Back to Top

OWASP Malta Chapter Meeting, June, 2018

When:

  • Date: Thursday 21st June 2018
  • Time: 18:30

Where:

MCAST IICT - MCAST Main Campus,

Triq Kordin, Paola PLA 9032

Map: https://goo.gl/maps/W6gUjDb19xo

Title: IT SECURITY: A SLIDE FROM THE BOTTOM TO THE TOP

Technological advances shape the way we work and live now and for years to come. Breakthroughs are the order of the day and web applications are created practically on the fly. Combine that with mass distribution and all of a sudden security, best-practice frameworks and even regulations get relegated to the catching-up zone. In this talk Mark Fenech will adopt Information Security principles for the development of web applications, so that management, developers and business stakeholders alike will have a framework within which they can ruminate for more secure web applications.

Speaker: Mark Fenech

With over 20 years of experience in the IT and Financial Services industry, Mark Fenech heads the IT Audit Team within a local bank. Ranging from technical, less technical and outright non-technical domains, Mark’s skills extend across multiple disciplines required within IT Auditing, IT Risk Management, Cybersecurity and other various IT Management Processes. Mark is a Certified Information Systems Auditor (CISA, ISACA), Certified in Risk and Information System Controls (CRISC, ISACA), holds certifications in Cybersecurity (CSX, ISACA) and in the Governance and Management Framework for Enterprise IT (COBIT, ISACA), is a Member of the Business Continuity Institute (MBCI), holds a Teacher’s Warrant from the Council for the Teaching Profession, and is also a Competent Communicator (CC, Toastmasters International). In addition, Mark holds a BSc in Mathematics and Computer Science from the University of Malta, and an MBA from the Maastricht School of Management. He is also a seasoned Public Speaker and speaks frequently on a variety of topics for educational purposes and for raising awareness within different entities.

Back to Top

OWASP Malta Chapter Meeting, April, 2018

When:

  • Date: Thursday 19th April 2018
  • Time: 18:30

Where:

MCAST IICT - MCAST Main Campus,

Triq Kordin, Paola PLA 9032

Map: https://goo.gl/maps/W6gUjDb19xo

Title: Porting a Proof of Concept C code into universal python exploit (OpenSSH).

Summary:

OpenSSH lets you grant SFTP access to users without allowing full command execution using “ForceCommand internal-sftp”. However, if you misconfigure the server and don’t use ChrootDirectory, the user will be able to access all parts of the filesystem that he has access to – including procfs. On modern Linux kernels (>=2.6.39, I think), /proc/self/maps reveals the memory layout and /proc/self/mem lets you write to arbitrary memory positions.

This talk will provide an overview of the exploitation process for the OpenSSH vulnerability and the challenges and techniques used to create an universal exploit for 32 and 64 bit architectures.

Speaker: Adam Simuntis and Mindaugas Slusnys


Back to Top

OWASP Malta Chapter Meeting, October, 2018

When:

  • Date: Friday 19th October 2018
  • Time: From 18:00

Where:

Malta Information Technology Agency

MITA Data Centre, Triq Il - Ferrovija, Santa Venera

Map: https://goo.gl/maps/bspHHkT5xkz

Talk 1: Manning Infosec Strategy

There are three main factors that influence how information security is dealt with these days - (1) the presumed risk if we don’t do it (or do it badly), (2) the pace at which technologies and business styles change and (3) the lack of a structure behind any infosec activities.

It’s clear to me that these are just some of the challenges infosec teams must deal with nowadays. This talk will open the floor to a discussion of blockers, challenges and drivers discussing the evolution of the roles associated with infosec and later merging best practice recommendations with an infosec strategy to dealing with risks. Finally, once a strategy is adopted, the presentation will present some ideas on how to gauge progress– such that efforts to improve are both meaningful and measurable.

Speaker: Donald Tabone

Donald currently manages the Infosec team @ LeoVegas. He teaches the subject at a Masters level with Middlesex University and has worked for many years in the fields of Information Security, IT Auditing and Risk Management. With a career spanning more than 20 years working across Europe and the US, he is a long-standing Gold member of ISACA and also has the honour of working as a Technical Forensic Court Expert for the Courts of Malta.

Talk 2: MDR vs SIEM

SIEM's are awesome tools and have gained huge traction in past years. While they've without a doubt changed the landscape of cyber security, they leave quite a few holes which most info-sec pro's are unaware of. Jean-Michel will be explaining how both existing and prospective users of SIEM tools can avoid these caveat's and make the most of their technology reach.

Speaker: Jean-Michel Azzopardi

Jean-Michel is the Ceo of Kralanx Cyber Security.  He has experience under IBM as an SAP consultant and has sold cyber security software to Apple, Huawei and countless government organizations around the world. 


Back to Top


2016

OWASP Malta Chapter Meeting, December, 2016

When: 9th December @ 18:30 - 20:30

Where: Middlesex University, Triq Alamein, Pembroke, Malta

Title: Introduction to OWASP Malta || Memorable Hacks in the Gaming industry

As one of the key market verticals in Malta is iGaming, we will open the OWASP chapter covering a number of ingenius hacks see through history. Rodrigo will cover a number of interesting scenarios of hacks applied to the gaming sector.

Speaker: Rodrigo Marcos


Back to Top


Our Chapter Leadership

Chapter Leadership Board Member Role Responsibilities Person(s)
Chapter Leader The central point of contact for the Chapter and responsible to the OWASP Board. Serves as Chapter Leader and Chapter board chair. Rodrigo Marcos
Talk / Speaker Coordination Serves as the primary point of contact for speakers who want to participate in the chapter. Rodrigo Marcos

Sponsorship Opportunities with our Chapter

The Malta OWASP Chapter can offer your company several sponsorship opportunities. If you are interested in taking advantage of any of these opportunities, please contact Rodrigo Marocs, the Malta OWASP Chapter Leader.