This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Mumbai"
Dharmeshmm (talk | contribs) (→Local News) |
|||
| Line 2: | Line 2: | ||
== Local News == | == Local News == | ||
| + | '''Minutes of Meeting - Monday July 31st 2006 [03:00 PM - 5:00 PM] ''' | ||
| + | |||
| + | The second OWASP Mumbai Chapter Meet was held at TechMahindra premises in Chandivali. Mr. Richard on behalf of TechMahindra gave a warm welcome to all the delegates to the OWASP Mumbai Local Chapter –II. Accompanying him, Mr. Dharmesh of Mastek Ltd – Mumbai Chapter Head gave a brief description about the goals of OWASP Mumbai Chapter and the road ahead. | ||
| + | |||
| + | Presentations: | ||
| + | |||
| + | 1. Randomness: Mr. Richard Lewis, e-Security Consultant with TechMahindra, started with the practical usage of Randomness. He explained how good random number generation prevents application malfunctioning, increase strength of cryptographic operation which in turn increases entropy associated with the key, it automates otherwise manual tasks and lastly it increases the security of application. Then he went on to explain what is entropy and to which level should it be produced in an application. In the end he talked about the various sources of random number. | ||
| + | |||
| + | 2. Java Decompilation: Mr. Girish, e-Security Consultant with TechMahindra went through Java Decompilation utility and techniques to defeat decompilation. Use obfuscators, Use of byte code encrypter/decrypter and Generating executable from source were techniques he explained. | ||
| + | |||
| + | 3. /GS Security Check in Visual Studio: Ms. Chanda Dutta, Ms. Divya Makhija, Ms. Sugita Kumari, Ms. Upma Sharma from SCIT Pune, presented the usage of /GS security check in Visual Studio. Chanda started the presentation by giving an introduction to /GS Security Check feature of Visual Studio. She explained what is /GS Buffer Security Check, the need of /GS and what it can prevent. Sugita further explained how /GS works and what is canary with process of how to using a canary can prevent buffer overrun. Upma then demonstrated a simulation explaining normal working of buffer overflow and how can it be prevented. Divya explained the various limitations of /GS as how the features of /GS can be exploited and summarized the /GS Buffer Security Check features and functionalities. | ||
| + | |||
| + | The attendees will be receiving the pdf document of attendance noted at the meeting. | ||
| + | |||
'''Next Meeting - Monday July 31st 2006 [03:00 PM - 5:00 PM] ''' | '''Next Meeting - Monday July 31st 2006 [03:00 PM - 5:00 PM] ''' | ||
Revision as of 18:30, 2 August 2006
OWASP Mumbai
Welcome to the Mumbai chapter homepage. The chapter leader is Dharmesh M Mehta
Participation
OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.
Sponsorship/Membership
to this chapter or become a local chapter supporter.
Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? 
Local News
Minutes of Meeting - Monday July 31st 2006 [03:00 PM - 5:00 PM]
The second OWASP Mumbai Chapter Meet was held at TechMahindra premises in Chandivali. Mr. Richard on behalf of TechMahindra gave a warm welcome to all the delegates to the OWASP Mumbai Local Chapter –II. Accompanying him, Mr. Dharmesh of Mastek Ltd – Mumbai Chapter Head gave a brief description about the goals of OWASP Mumbai Chapter and the road ahead.
Presentations:
1. Randomness: Mr. Richard Lewis, e-Security Consultant with TechMahindra, started with the practical usage of Randomness. He explained how good random number generation prevents application malfunctioning, increase strength of cryptographic operation which in turn increases entropy associated with the key, it automates otherwise manual tasks and lastly it increases the security of application. Then he went on to explain what is entropy and to which level should it be produced in an application. In the end he talked about the various sources of random number.
2. Java Decompilation: Mr. Girish, e-Security Consultant with TechMahindra went through Java Decompilation utility and techniques to defeat decompilation. Use obfuscators, Use of byte code encrypter/decrypter and Generating executable from source were techniques he explained.
3. /GS Security Check in Visual Studio: Ms. Chanda Dutta, Ms. Divya Makhija, Ms. Sugita Kumari, Ms. Upma Sharma from SCIT Pune, presented the usage of /GS security check in Visual Studio. Chanda started the presentation by giving an introduction to /GS Security Check feature of Visual Studio. She explained what is /GS Buffer Security Check, the need of /GS and what it can prevent. Sugita further explained how /GS works and what is canary with process of how to using a canary can prevent buffer overrun. Upma then demonstrated a simulation explaining normal working of buffer overflow and how can it be prevented. Divya explained the various limitations of /GS as how the features of /GS can be exploited and summarized the /GS Buffer Security Check features and functionalities.
The attendees will be receiving the pdf document of attendance noted at the meeting.
Next Meeting - Monday July 31st 2006 [03:00 PM - 5:00 PM]
Registrations for the event are free. If you are willing to attend, just send a mail to [email protected] as a confirmation.
If you would like to speak at the event or sponsor, contact me ASAP.
Theme of Meeting: Securing Web Services
The meeting is scheduled on Monday, 31st July 2006 from 3:00 to 5:00 PM.
Venue and Sponsor Details:
Tech Mahindra Limited. Wing 1, Oberoi Estate Gardens, Chandivali, Andheri (E), Mumbai 400 072, Maharashtra, India.
If you would like to speak, please drop in a mail at [email protected]
CPE Credits for CISSP's
ISC2 has approved 1 CPE for each hour of an OWASP local chapter meeting.
Chapter leader will have a sign up sheet with at least First Name, Last Name, and the date of the OWASP Meeting. After the meeting, the single sheet will be signed once by a chapter lead as proof of attendance, scanned into a .PDF, and emailed out to the chapter members with the meeting minutes so they have a copy for records and can claim CPE credits.
Minutes of Meeting - First Meeting - Saturday June 24th 2006 [09:30 - 12:00]
With the welcome address by Anuradha, the first meeting of Mumbai Chapter embarked. Right from giving a brief introduction about OWASP and its aim, Anuradha explained the focus of OWASP as a voluntary organization aiming at contributing to the knowledge as a part of sharing it. Apart from it, Anuradha briefed about OWASP Top 10 Project and OWASP Guide to building Secure Application.
Richard presented on Secure Coding Fundamentals and elucidated the Cost factor inculcated due to insecure code resulting in Network Cost, Productivity Cost and so on. Further explaining the basic reasons of threat to code, he explained how the mistakes done by the Programmers, I/O, API Abuse, Environment & Configuration and Time & State were responsible for Security flaws in an application. Moving ahead, Richard laid down a few principles to be followed as Secure Coding – General Guidelines for all the languages and specific Secure Coding Guidelines for C & C++, Java and .NET
Richard's Presentation [[1]]
With Threat Analysis & Modeling Process, Dharmesh explained the steps followed as Threat Modeling Process starting from Defining Application Requirement, Application Architecture, and Modeling Threats looking at CIA feature of Security Basics. The aim covered to look towards gathering the information needed from application development teams in order to mock out the potential threats that are inherit in the software application they build starting from the very inception of the software birth. Giving the demonstration of Threat Analysis and Modeling Tool v2.0 with the basic example of its functionality, Dharmesh presented the Threat Modeling in real scenario.
Shalini and Runa explained how password can be lost or manipulated in a real life scenario and it dealt with the countermeasures to be taken to avoid it. The topics covered under it included Stealing Password using different methods as – Browser’s Refresh, Browser’s Memory, Remember feature, Forget Password feature and last but not the least SQL Injection. The role of Browser’s Viewing Tool available showed a clear picture of how password could be easily cracked.
Mumbai Chapter - First Meeting - Saturday June 24th 2006 [09:30 - 12:00]
Everyone is welcome to join us at our regular chapter meetings.
Time: 9:30 AM - 12:00 PM
If you have any items you want added to the agenda, post your ideas to our mailing list.
If you would like to speak at the event or sponsor, contact Dharmesh M Mehta before 20th June.
Current Agenda
1. 09:30 - 09:45 Introduction
Anuradha Srinivasan, Software Engineer with Mastek, is working with the Application Security Assurance Team for the last 6 months. She has 2 and a half years of experience in Java development. She is currently involved in conducting Security Assessments and trainings for projects across Mastek
2. 09:45 - 10:30 Secure Coding Fundamentals
Richard Lewis, Security Consultant with TechMahindra, has 8 years of information security experience. Before joining Tech Mahindra, he was employed with Tata Consultancy Services (TCS). Richard currently works in the e-security consulting group of Tech Mahindra and is working on building a security fabric for secure software development. Richard has a programming background in C, C++ and MFC. A MS Windows guy, he has a flair for secure software development.
10:30 - 11:00 Food and Beverages
3. 11:00 - 11:30 Threat Modeling
Dharmesh M Mehta, Software Engineer with Mastek, has been with the Application Security Assurance Team for around 2 years. He is involved in conducting security assessments and conducting security workshops for the developer community. He is also a Certified Ethical Hacker.
4. 11:30 - 12:00 5 ways to lose your user's password
Shalini Gupta and Runa Dwibedi are Associate Security Consultants in Paladion Networks. They are also authors of a monthly online magazine Palisade (focused on Application security). They will be speaking on the ways to lose a user’s password.
Venue and Sponsor Details:
Mastek Millennium Center, A-7 Sec-I Millennium Business Park,
Mahape, Navi Mumbai - 400 710.
Please contact Dharmesh M Mehta before 23th June if you are attending the meeting.
OWASP Moves to MediaWiki Portal - 11:23, 20 May 2006 (EDT)
OWASP is pleased to announce the arrival of OWASP 2.0!
OWASP 2.0 utilizes the MediaWiki portal to manage and provide the latest OWASP related information. Enjoy!
