This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Toronto"

From OWASP
Jump to: navigation, search
(Updated OWASP Toronto chapter leads)
(Updating upcoming OWASP toronto sessions!)
Line 53: Line 53:
  
 
= Upcoming Sessions =
 
= Upcoming Sessions =
 +
 +
'''Date/Time''': September 18, 2019, 6:30 PM to 8:30 PM EDT
 +
 +
'''Location''': Room 128 (on the first floor near the library), St. James Campus - Building A, George Brown College, 200 King Street East, Toronto, ON, M5A 3W8
 +
 +
'''Presentation summary:'''
 +
 +
'''Attacking OAuth and SAML'''
 +
 +
OAuth 2.0 and SAML are well-known protocols used for authorization and authentication. From major applications like Facebook, Github to enterprise apps these protocols are commonly seen. OAuth 2 provides authorization flows for web and mobile apps and SAML is majorly used to enable Single Sign On. These protocols if implemented well could really be helpful, but considering the complexity involved with these protocols, developers may neglect certain security best practices which could lead to serious flaws.
 +
 +
This talk is to discuss the various known attacks against OAuth and SAML in-depth, but before we dive into vulnerabilities we will spend some time to understand how these protocols helping us understand the attack vectors better. We will also look at open-source tools which are available which can aid in assessments when we encounter these protocols.
 +
 +
'''Presenter bio:'''
 +
 +
Harish Ramadoss is a Senior Security Consultant with Trustwave Spiderlabs and has recently moved from UAE where he was Security Assurance Manager for Etihad Airways. Mostly involved in offensive security space focusing on application & infrastructure security, social engineering, and red team engagements.
 +
 +
He is also the co-author of DejaVU deception platform and has presented at a few global conferences including Blackhat and Defcon. Harish also holds a Master's degree in Cyber Laws and Information Security.
 +
----
 +
 +
= Previous Sessions =
  
 
'''Date/Time''': August 21, 2019, 6:30 PM to 8:30 PM EDT
 
'''Date/Time''': August 21, 2019, 6:30 PM to 8:30 PM EDT
Line 68: Line 89:
 
Roy is an architect/developer, multi-disciplined in solutions such as architecture, advisory, technology leadership, developer team lead, project coordination, systems performance, infrastructure, security and systems architecture. He executes on multiple roles to deliver a projects at high performance and has deep expertise with SharePoint, .NET, JavaScript, BI development and Azure cloud services.
 
Roy is an architect/developer, multi-disciplined in solutions such as architecture, advisory, technology leadership, developer team lead, project coordination, systems performance, infrastructure, security and systems architecture. He executes on multiple roles to deliver a projects at high performance and has deep expertise with SharePoint, .NET, JavaScript, BI development and Azure cloud services.
 
----
 
----
 
= Previous Sessions =
 
  
 
'''Date/Time''': July 17, 2019, 6:30 PM to 8:30 PM EDT
 
'''Date/Time''': July 17, 2019, 6:30 PM to 8:30 PM EDT

Revision as of 23:08, 27 August 2019

OWASP Toronto Chapter.jpg


OWASP Toronto

Welcome to the Toronto chapter homepage. The chapter is managed by Yuk Fai Chan, Opheliar Chan, Adam Greenhill, and Jack Enders.


Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

Btn donate SM.gif to this chapter or become a local chapter supporter. Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG


Our chapter's Google Group can be found here.

The mailing list archive can be accessed from here.

Our chapter's Meetup.com page is can be accessed here.

Chapter Supporters

We would like to thank the following organizations for their support and contribution to the local Toronto chapter!

Gold Local Chapter Supporter


Hewlett Packard Enterprise


Global Contributing Corporate Member & Silver Local Chapter Supporter


Checkmarx


Global Contributing Corporate Member & Local Event Supporter


Security Compass


Sonatype


Security Innovation


Local Event Supporter


Amazon


Shopify




Date/Time: September 18, 2019, 6:30 PM to 8:30 PM EDT

Location: Room 128 (on the first floor near the library), St. James Campus - Building A, George Brown College, 200 King Street East, Toronto, ON, M5A 3W8

Presentation summary:

Attacking OAuth and SAML

OAuth 2.0 and SAML are well-known protocols used for authorization and authentication. From major applications like Facebook, Github to enterprise apps these protocols are commonly seen. OAuth 2 provides authorization flows for web and mobile apps and SAML is majorly used to enable Single Sign On. These protocols if implemented well could really be helpful, but considering the complexity involved with these protocols, developers may neglect certain security best practices which could lead to serious flaws.

This talk is to discuss the various known attacks against OAuth and SAML in-depth, but before we dive into vulnerabilities we will spend some time to understand how these protocols helping us understand the attack vectors better. We will also look at open-source tools which are available which can aid in assessments when we encounter these protocols.

Presenter bio:

Harish Ramadoss is a Senior Security Consultant with Trustwave Spiderlabs and has recently moved from UAE where he was Security Assurance Manager for Etihad Airways. Mostly involved in offensive security space focusing on application & infrastructure security, social engineering, and red team engagements.

He is also the co-author of DejaVU deception platform and has presented at a few global conferences including Blackhat and Defcon. Harish also holds a Master's degree in Cyber Laws and Information Security.