This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Mumbai"

From OWASP
Jump to: navigation, search
m (Added category:india)
(File Links)
 
(125 intermediate revisions by 7 users not shown)
Line 1: Line 1:
{{Chapter Template|chaptername=Mumbai|extra=The chapter leader is [mailto:[email protected] Dharmesh M Mehta] (91-98670-75327) of  Mastek Ltd.
+
== OWASP Mumbai ==
Join us at our [http://lists.owasp.org/mailman/listinfo/owasp-mumbai mailing list] |mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-mumbai|emailarchives=http://lists.owasp.org/pipermail/owasp-mumbai}}
 
  
<u>The Chapter Mailing Address is:</u><br>
+
Welcome to the OWASP Mumbai chapter homepage. Current Chapter Leaders are Yash Roongta and Anantkumar Joshi. (More information about our leaders available below).
Dharmesh Mehta<br>
 
Mastek Ltd, Unit 183, SDF 6,<br>
 
SEEPZ, Andheri (E), Mumbai 400 096.<br>
 
91-98670-75327<br>
 
  
== Summary of OWASP Mumbai Chapter Meetings Held To-Date ==
+
[[File:OWASP Mumbai Logo YR.png|frameless|502x502px]]
  
'''Topics presented till date:'''
+
== Participation ==
 +
OWASP Foundation ([https://docs.google.com/a/owasp.org/presentation/d/10wi1EWFCPZwCpkB6qZaBNN8mR2XfQs8sLxcj9SCsP6c/edit?usp=sharing Overview Slides]) is a professional association of [[Membership | global members]] and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the [[Chapter_Leader_Handbook]].  As a [[About_OWASP | 501(c)(3)]] non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button.  To be a <b>SPEAKER</b> at ANY OWASP Chapter in the world simply review the [[Speaker_Agreement | speaker agreement]] and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.
  
1. Secure coding fundamentals - '''Richard Lewis''', Tech Mahindra
+
== Sponsorship/Membership  ==
  
2. Threat Analysis and Modeling - '''Dharmesh Mehta''', Mastek
+
'''Venue Sponsor:''' Network Intelligence India Pvt. Ltd.
  
3. 5 ways to lose your user's password - '''Shalini Gupta''', '''Runa Dwibedi''' - Paladion Networks
+
[[File:Network intelligence-01.png|frameless|230x230px]]
  
4. Significance of Random Numbers in Application Security - '''Richard Lewis''', Tech Mahindra
 
  
5. Defeating Java Decompilation - '''Girish Kulkarni''', Tech Mahindra
+
[[Image:Btn_donate_SM.gif|link=https://www.owasp.org/index.php/Local_Chapter_Supporter]] to this chapter or become a local chapter supporter.
 +
Or consider the value of [[Membership | Individual, Corporate, or Academic Supporter membership]]. Ready to become a member? [[Image:Join_Now_BlueIcon.JPG|75px|link=https://www.owasp.org/index.php/Membership]]
  
6. /GS Security Check in Visual Studio - '''Chanda Dutta''' et al, Tech Mahindra
+
[[Category:OWASP Chapter]]
 +
{{#if:{{{region|}}}|
 +
[[Category:{{{region}}}]]
 +
}}
  
7. Black Vector of Web Exploitation - '''Aditya Sood''', Sec Niche
+
== Become a Speaker  ==
[[https://www.owasp.org/images/4/48/Owasp_Live0_Conf_Talk_Aditya_K_Sood_Sec_Niche.pdf Download Presentation]]
 
  
8. End User Privacy Breaches : '''Rishi Narang''', ThirdBrigade
+
Submit your topic to us at the following google form: https://forms.gle/MaxcTgZddb76cb7k7
[[https://www.owasp.org/images/4/4c/OWASP_Day_Rishi_Narang.pdf Download Presentation]]
+
<br>
 +
<br>
 +
= '''Announcements''' =
  
9. Privacy on the Web - The road ahead in the 21st century : '''Yogesh Badwe''', Orange Business Services
+
=== Follow @OWASP_Mumbai for event updates on Twitter ===
[[https://www.owasp.org/images/f/fe/Privacy_0n_the_Web_-_The_Road_Ahead_in_the_21st_Century.pdf Download Presentation]]
 
  
[http://owasp.mumbai.googlepages.com/ Download Rest Presentations here >>]
+
'''[https://twitter.com/OWASP_Mumbai OWASP Mumbai Twitter Account]'''
  
== Roster of OWASP Speakers with Profiles ==
+
=== Links for sharing and easy to remember Wiki Page - '''https://bit.ly/2SMBqDP''' ===
  
1. '''Anuradha Srinivasan''', Technical Analyst with Mastek, is working with the Application Security Assurance Team for the last 1.5 year. She has 2.5 years of experience in Java development. She is currently involved in conducting Security Assessments and trainings for projects across Mastek.
+
* OWASP Mumbai Meetup https://www.meetup.com/OWASP-Mumbai-Chapter/
 +
* OWASP Mumbai Discord Server https://discord.gg/PGsNnDJ
  
2. '''Richard Lewis''', Senior Security Consultant with Tech Mahindra, has 8 years of information security experience. Before joining Tech Mahindra, he worked for Tata Consultancy Services (TCS). Richard works in the e-security group of Tech Mahindra and is building a security fabric for secure software development. Richard has a programming background in C, C++, device drivers and MFC. Richard has led the development of two nation-level PKI deployments (India, UK). He has also led the development of a desktop encryptor, authentication SDK and cryptographic SDK. Richard is married, lives with his wife and daughter in busy Mumbai and loves to read the Bible and engage in church outreach work. Richard maintains a blog on application security at [http://SecureApps.Blogspot.com http://SecureApps.Blogspot.com]
+
= '''Next Meeting''' =
  
3. '''Dharmesh M Mehta''', Technical Analyst with Mastek, has been with the Application Security Assurance Team for more than 3 years. He is involved in conducting security assessments, threat modeling and conducting security workshops for the developer community. He is also a Certified | Ethical Hacker. Dharmesh is the Chapter Leader for OWASP, Mumbai Chapter. You can read Dharmesh's Blog on Smart Security at [http://SmartSecurity.Blogspot.com http://smartsecurity.blogspot.com]
+
=== '''Sessions''' ===
  
4. '''Shalini Gupta''', Associate Security Consultant at Paladion. She completed her MPIT (Network Specialization) from SCIT in 2005. With Paladion she has an experience of more than 1.5 years in the application security field. Among her other contributions in the area of Application Security is a 2-part series on SSL that Shalini wrote for Palisade, the application security journal for developers.
+
'''OWASP Mumbai Meetup - 30th November 2019'''
  
5. '''Runa Dwibedi''', Associate Consultant at Paladion. She is a certified BS7799 Lead Auditor. She completed her MCA from Bangalore University and also holds an MBA degree from SCDL, Pune. She has an experience of 1.5 years in development of security tools and an experience of 1 year in application security field. She is also actively involved in writing and publishing articles for Palisade.
+
'''Session Details:'''
  
6. '''Girish Kulkarni''' has 2.5 years of information security experience. Before joining Tech Mahindra, he was employed with Tata Consultancy Services (TCS). Girish currently works in the Enterprise DRM group as Technical Associate and is part of DRM product development team. Girish has a programming background in JAVA and is also proficient in JAVA swing. He has been involved in a very large PKI deployment for the Indian government.
+
The motto of the OWASP community is to share the knowledge for cyber security, free of cost.
  
7. '''Chanda Dutta, Divya Makhija, Sugita Kumari, Upma Sharma''' – Trainees pursuing PGDM-Software Development and Management from Symbiosis Centre for Information Technology. Upma is pursuing PGDM-Systems from the same institute. They work in the Secure Software Engineering practice at Tech Mahindra.
+
Session Details:
  
8. '''Aditya Sood''' – Independent Security Researcher. He is the founder of SecNiche (www.secniche.org). He has been an active speaker at CERT-IN and XFocus - XCon (China).  
+
Introduction to OWASP Mumbai Chapter.
  
9. '''Rishi Narang''' – Vulnerability Research Analyst, Third Brigade. Before joining Third Brigade, he was employed with iPolicy Networks in Security Research Team responsible for IDS/IPS Signatures’ Development for NIPS. Hee has also worked with XIUS Telecom as Server Administrator for Linux and HP Unix Clusters. Currently, he works in the IDS/IPS Filter Development Team and is involved with Vulnerability Research, Zero day attacks & exploits most of the time.
+
Firmware Analysis by '''Pratik Chotaliya'''
  
10. '''Yogesh M Badwe''' – Senior Security Engineer, Orange Business Services. Yogesh works in the Web Application Vulnerability Assessment Domain for BFSI clients. Apart from being CCNP and ITIL Certified he also holds the cVa [Certified Vulnerability Assessor-DNV] certification. His previous experience was in the domain of Security Management & implementation of Security Event Management Products on Enterprise Networks. He carries out active research in the field of Security Event-Correlation and Next Generation Attack-Pattern Detection and has published a research paper at an international conference on computer security and forensics relating to privacy issues.
+
Report Writing in Cyber Security by '''Ashwini Varadkar'''
  
 +
Attack (Si|Emulation) by '''Chirag Savla'''
  
'''Minutes of Meeting - Monday July 31st 2006 [03:00 PM - 5:00 PM] '''
+
QnA, General Discussion and Feedback.
  
The second OWASP Mumbai Chapter Meet was held at TechMahindra premises in Chandivali. Mr. Richard on behalf of TechMahindra gave a warm welcome to all the delegates to the OWASP Mumbai Local Chapter –II. Accompanying him, Mr. Dharmesh of Mastek Ltd – Mumbai Chapter Head gave a brief description about the goals of OWASP Mumbai Chapter and the road ahead.
+
RSVP Link: https://www.meetup.com/OWASP-Mumbai-Chapter/events/266683098/
  
Presentations:
+
Slides from the Meetup: [[:File:30th November 2019.zip|Download Here]]
  
1. ''Significance of Random Numbers in Application Security'': '''Richard Lewis''', e-Security Consultant with Tech Mahindra, started with the practical usage of random numbers. He explained how good random number generation prevents applications from malfunctioning, increases strength of cryptographic operations which in turn increases entropy associated with the key. He went on to explain how random numbers automate otherwise manual tasks and how it increases the security of application. He explained the concepts of entropy and to which level it should be reached in an application. In the end he talked about the various sources of random numbers. He showed developers the simple mathematics required to calculate minimum password lengths, given the security requirements.
+
= '''Previous Meeting & Archives''' =
  
[http://www.owasp.org/images/1/13/RichardLewis_RandomNumberSignificance.ppt Download Presentation]
+
'''OWASP Mumbai Meetup - 19th October 2019'''
  
2. ''Java Decompilation'': '''Girish Kulkarni''', e-Security Consultant with Tech Mahindra went through Java Decompilation utility and techniques to defeat decompilation. Use of obfuscators, byte code encryptor/decryptor and generating executable from source were some of the techniques that he explained.
+
'''Session Details:'''
  
[http://www.owasp.org/images/3/3e/Girish_LockingDownJavaByteCode.ppt Download Presentation]
+
The motto of the OWASP community is to share the knowledge for cyber security, free of cost.
  
3. ''/GS Security Check in Visual Studio'': '''Chanda Dutta''', '''Divya Makhija''', '''Sugita Kumari''', '''Upma Sharma''' from Tech Mahindra, presented the usage of /GS security check in Visual Studio. Chanda started the presentation by giving an introduction to /GS Security Check feature of Visual Studio. She explained what is /GS Buffer Security Check, the need of /GS and what it can prevent. Sugita further explained how /GS works and what is canary with process of how to using a canary can prevent buffer overrun. Upma then demonstrated a simulation explaining normal working of buffer overflow and how can it be prevented. Divya explained the various limitations of /GS as how the features of /GS can be exploited and summarized the /GS Buffer Security Check features and functionalities.
+
Session Details:
  
[http://www.owasp.org/images/a/ad/GS_Switch_in_Visual_Studio.ppt Download Presentation]
+
Introduction to OWASP Mumbai Chapter.
  
'''Venue and Sponsor Details:'''
+
Field Updates with '''Anantkumar Joshi.'''
  
[http://www.techmahindra.com Tech Mahindra Ltd.].
+
OWASP Top 10 (A1,A2,A3) by '''Rohan Rane.'''
  
Tech Mahindra Limited.
+
OWASP Top 10 (A4,A5,A9) by '''Gurpreet Kaur.'''
Wing 1, Oberoi Estate Gardens,
 
Chandivali, Andheri (E),
 
Mumbai 400 072, Maharashtra, India.
 
  
 +
OWASP Top 10 (A6,A7,A8,A10) by '''Himanshu Sharma.'''
  
'''Minutes of Meeting - First Meeting - Saturday June 24th 2006 [09:30 - 12:00] '''
+
Slides from the Meetup: [[:File:19th October 2019.zip|Download Here]]
  
With the welcome address by Anuradha, the first meeting of Mumbai Chapter embarked. Right from giving a brief introduction about OWASP and its aim, Anuradha explained the focus of OWASP as a voluntary organization aiming at contributing to the knowledge as a part of sharing it. Apart from it, Anuradha briefed about OWASP Top 10 Project and OWASP Guide to building Secure Application.
 
  
Richard presented on Secure Coding Fundamentals and elucidated the Cost factor inculcated due to insecure code resulting in Network Cost, Productivity Cost and so on. Further explaining the basic reasons of threat to code, he explained how the mistakes done by the Programmers, I/O, API Abuse, Environment & Configuration and Time & State were responsible for Security flaws in an application. Moving ahead, Richard laid down a few principles to be followed as Secure Coding – General Guidelines for all the languages and specific Secure Coding Guidelines for C & C++, Java and .NET
+
'''OWASP Mumbai Meetup - 31st August 2019'''
  
Richard's Presentation
+
'''Session Details:'''
[http://www.owasp.org/images/2/28/RichardLewis_SecureCodingFundamentals.ppt Download]
 
  
With Threat Analysis & Modeling Process, Dharmesh explained the steps followed as Threat Modeling Process starting from Defining Application Requirement, Application Architecture, and Modeling Threats looking at CIA feature of Security Basics. The aim covered to look towards gathering the information needed from application development teams in order to mock out the potential threats that are inherit in the software application they build starting from the very inception of the software birth.
+
Introduction to OWASP Mumbai Chapter.
Giving the demonstration of Threat Analysis and Modeling Tool v2.0 with the basic example of its functionality, Dharmesh presented the Threat Modeling in real scenario.  
 
  
Dharmesh's Presentation
+
Secure Coding in Modern C++ by '''Adhokshaj Mishra'''
[http://www.owasp.org/images/6/6c/Dharmesh_Threat_Modeling.ppt Download]
 
  
Shalini and Runa explained how password can be lost or manipulated in a real life scenario and it dealt with the countermeasures to be taken to avoid it. The topics covered under it included Stealing Password using different methods as – Browser’s Refresh, Browser’s Memory, Remember feature, Forget Password feature and last but not the least SQL Injection. The role of Browser’s Viewing Tool available showed a clear picture of how password could be easily cracked.
+
Follow us on Twitter: @OWASP_Mumbai
  
Shalini and Runa's Presentation
+
Slides from the Meetup & Sample Codes: [[:File:OWASP Mumbai Meetup - 31st August 2019.zip|Download Here]].
[http://www.owasp.org/images/2/21/5_ways_to_lose_your_user%27s_password.ppt Download]
 
  
'''CPE Credits for CISSP's '''
+
= '''Chapter Leaders'''=
ISC2 has approved 1 CPE for each hour of an OWASP local chapter meeting.
+
== Current Chapter Leaders ==
  
Chapter leader will have a sign up sheet with at least First Name, Last Name, and the date of the OWASP Meeting. After the meeting, the single sheet will be signed once by a chapter lead as proof of attendance, scanned into a .PDF, and emailed out to the chapter members with the meeting minutes so they have a copy for records and can claim CPE credits.
+
'''<br>'''
----
+
=== Yash Roongta (2019 - Present) ===
  
 +
Pentester / Auditor, learning and researching to be a Red Teamer. Been active in the InfoSec domain for close to 3.5 years.
 +
Eager to learn from everyone.
 +
When I am not researching / studying / learning. You can find me either watching Netflix, or on Dota2 with my friends.
 +
Favorite topics: Penetration Testing, Red Teaming, OSINT and Recon.
 +
 +
Blog:  https://acc3ssp0int.com <br>
 +
 +
 +
Twitter: [https://twitter.com/acc3ssp0int @acc3ssp0int]
 +
 +
=== '''Anantkumar Joshi (2019 - Present)''' ===
 +
Working in the field of Cyber Security from 3 years . Focus areas include AppSec and Source code review.
 +
Look forward to learning more about other areas in security
 +
Favorite topic: Web Application testing,Source Code Review.
 +
In my free time I enjoy reading books (Genre: psychological, mystery)
 +
 +
Twitter: [https://twitter.com/anantjoshi13 @anantjoshi13] <br>
 +
 +
 +
== Current Chapter volunteers  ==
 +
 +
=== Ashwini Varadkar (2019 - Present) ===
 +
 +
Been associated with cyber security for the past 5 years. An avid reader and a professional Kathak dancer, my experience in infosec revolves around technical writing, security assessments, stringent report reviews,and trainings.
 +
I believe, there is nothing more rewarding and fulfilling than being able to accomplish everything that your field of interest demands from you.
 +
Stay curious and give back to the community.
 +
 +
=== Himanshu Sharma (2019 - Present) ===
 +
 +
InfoSec fresher, loves learning and researching about infosec. "Hardcoder" (pun intended). Trying to learn from the infosec community
 +
Key interests include: Network Pentesting and Exploit development.
 +
 +
=== Vaibhav Koli (2019 - Present) ===
 +
 +
Working in the field of information security from last 3 years.
 +
Interesting areas are Web Application security, Red Teaming, APIs
 +
 +
<headertabs></headertabs>
 +
 +
[[Category:OWASP Chapter]]
 
[[Category:India]]
 
[[Category:India]]

Latest revision as of 17:24, 30 November 2019

OWASP Mumbai

Welcome to the OWASP Mumbai chapter homepage. Current Chapter Leaders are Yash Roongta and Anantkumar Joshi. (More information about our leaders available below).

OWASP Mumbai Logo YR.png

Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

Venue Sponsor: Network Intelligence India Pvt. Ltd.

Network intelligence-01.png


Btn donate SM.gif to this chapter or become a local chapter supporter. Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG


Become a Speaker

Submit your topic to us at the following google form: https://forms.gle/MaxcTgZddb76cb7k7

Follow @OWASP_Mumbai for event updates on Twitter

OWASP Mumbai Twitter Account

Links for sharing and easy to remember Wiki Page - https://bit.ly/2SMBqDP

Sessions

OWASP Mumbai Meetup - 30th November 2019

Session Details:

The motto of the OWASP community is to share the knowledge for cyber security, free of cost.

Session Details:

Introduction to OWASP Mumbai Chapter.

Firmware Analysis by Pratik Chotaliya

Report Writing in Cyber Security by Ashwini Varadkar

Attack (Si|Emulation) by Chirag Savla

QnA, General Discussion and Feedback.

RSVP Link: https://www.meetup.com/OWASP-Mumbai-Chapter/events/266683098/

Slides from the Meetup: Download Here

OWASP Mumbai Meetup - 19th October 2019

Session Details:

The motto of the OWASP community is to share the knowledge for cyber security, free of cost.

Session Details:

Introduction to OWASP Mumbai Chapter.

Field Updates with Anantkumar Joshi.

OWASP Top 10 (A1,A2,A3) by Rohan Rane.

OWASP Top 10 (A4,A5,A9) by Gurpreet Kaur.

OWASP Top 10 (A6,A7,A8,A10) by Himanshu Sharma.

Slides from the Meetup: Download Here


OWASP Mumbai Meetup - 31st August 2019

Session Details:

Introduction to OWASP Mumbai Chapter.

Secure Coding in Modern C++ by Adhokshaj Mishra

Follow us on Twitter: @OWASP_Mumbai

Slides from the Meetup & Sample Codes: Download Here.

Current Chapter Leaders


Yash Roongta (2019 - Present)

Pentester / Auditor, learning and researching to be a Red Teamer. Been active in the InfoSec domain for close to 3.5 years. Eager to learn from everyone. When I am not researching / studying / learning. You can find me either watching Netflix, or on Dota2 with my friends. Favorite topics: Penetration Testing, Red Teaming, OSINT and Recon.

Blog: https://acc3ssp0int.com
Contact: [email protected]

Twitter: @acc3ssp0int

Anantkumar Joshi (2019 - Present)

Working in the field of Cyber Security from 3 years . Focus areas include AppSec and Source code review. Look forward to learning more about other areas in security Favorite topic: Web Application testing,Source Code Review. In my free time I enjoy reading books (Genre: psychological, mystery)

Twitter: @anantjoshi13
Contact: [email protected]

Current Chapter volunteers

Ashwini Varadkar (2019 - Present)

Been associated with cyber security for the past 5 years. An avid reader and a professional Kathak dancer, my experience in infosec revolves around technical writing, security assessments, stringent report reviews,and trainings. I believe, there is nothing more rewarding and fulfilling than being able to accomplish everything that your field of interest demands from you. Stay curious and give back to the community.

Himanshu Sharma (2019 - Present)

InfoSec fresher, loves learning and researching about infosec. "Hardcoder" (pun intended). Trying to learn from the infosec community Key interests include: Network Pentesting and Exploit development.

Vaibhav Koli (2019 - Present)

Working in the field of information security from last 3 years. Interesting areas are Web Application security, Red Teaming, APIs