Nigeria

OWASP Top 10 2017 Video Call - The Most Critical Web Application Security Risks Today

Insecure software places critical infrastructure at risk inseveral sectors such as finance, healthcare, e-commerce, government, and thelist goes on. That places all users of such systems at risks like data theft,account impersonation, fraud etc.

The OWASP top ten is a de facto application securitystandard that outlines the ten most critical web application security risks.

The pace of change in technology has accelerated over thepast four years, and as such the OWASP top 10 has been completely refactored tocater to the latest web development technologies.

Please join us as we explore the top web applicationsecurity risks relevant to today's application developer, software engineer, orsystem administrator.

Venue Address: Co-creation hub, 6th Floor, 294 Herbert Macaulay Rd, Lagos, Nigeria
Venue Map: Google Maps
(Registration. Register here)

Sponsors:

OWASP Top 10 Workshop Series - Understanding SQL Injection and XSS

Please join us for the first workshop of our OWASP Top 10 series. In this exciting series, we will explore the top web application security vulnerabilities, and how to prevent them.

The OWASP Top 10 is a list of the most pertinent security issues that affect web applications today.

In this workshop, we will cover:

1. OWASP Top 10 A1 (Injection): Injection flaws, such as SQL, OS, and LDAP injection occur when untrusted data is sent to an interpreter as part of a command or query. The attacker’s hostile data can trick the interpreter into executing unintended commands or accessing data without proper authorization.
2. OWASP Top 10 A3 (Cross-Site Scripting, XSS): XSS flaws occur whenever an application takes untrusted data and sends it to a web browser without proper validation or escaping. XSS allows attackers to execute scripts in the victim’s browser which can hijack user sessions, deface web sites, or redirect the user to malicious sites.

Please try to arrive 15 - 30 minutes early.

Venue Address: Co-creation hub, 6th Floor, 294 Herbert Macaulay Rd, Lagos, Nigeria
Venue Map: Google Maps
(Registration. Register here)

Sponsors:     

The inaugural OWASP Lagos, Nigeria meeting is taking place on Saturday February 16 at CC-HUB from 12:00PM - 5:00PM.

Hope to see you there.

There are three talks lined up including an Intro of OWASP and the chapter leaders:

Intro: Chapter leads - our background, how we got into security, stuff we're exploring or hope to learn and what we hope to achieve in starting OWASP Lagos. About OWASP: A look at OWASP, her objectives, some flagship projects (tools, guidelines, cheat sheets)

Talk 1: Introduction to OWASP ZAP

The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. This talk will describe the tool and how to use it for validating web application security.

Talk 2: Exploiting a Vulnerable website to steal user credentials and gain root

This talk will describe how user authentication credentials can hijacked on a vulnerable website, using a practical demo. It will also demonstrate the compromise of a webserver hosting a vulnerble web application.

Talk 3: The OWASP Web Security Shepherd

The OWASP Security Shepherd project is a web and mobile application security training platform. Security Shepherd has been designed to foster and improve security awareness among a varied skill-set demographic. In this session we'll introduce the security shepherd and use it to learn SQL Injection . PLEASE BRING YOUR LAPTOPS.