This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Cairo"

From OWASP
Jump to: navigation, search
 
(40 intermediate revisions by the same user not shown)
Line 1: Line 1:
{{Chapter Template|chaptername=Cairo|extra=The chapter leader is [mailto:[email protected] Mohamed Alfateh]. Chapter Board Members are:[mailto:[email protected] Adel Abdel Moneim], [mailto:[email protected] Hassan Mourad], [mailto:[email protected] Ahmed Mashaly] and [mailto:[email protected] Fady Othman]. |mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-egypt|emailarchives=http://lists.owasp.org/pipermail/owasp-egypt}}
+
{{Chapter Template|chaptername=Cairo|extra=The chapter leader is [mailto:[email protected] Mohamed Alfateh]. Chapter Board Members are:[mailto:[email protected] Adel Abdel Moneim], [mailto:[email protected] Hassan Mourad], [mailto:[email protected] Ahmed Mashaly], Ahmed Saafan and [mailto:[email protected] Fady Othman]. |mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-egypt|emailarchives=http://lists.owasp.org/pipermail/owasp-egypt}}
  
 
====== Local News ======  
 
====== Local News ======  
 +
-------------------------------------------------------------------------------------------------------------------------------
 +
-------------------------------------------------------------------------------------------------------------------------------
 +
===== Chapter Meeting  =====
 +
[[File:CIT-OWASP.png|thumb|400px]]
 +
 +
 +
'''Y2019 Challenges and the Planning for Y2020 '''<br />
 +
In this meeting we will discuss Y2019 Progress & achievements and the planning for Y2020. <br />
 +
The attendance is open, please join the chapter mailing list or send us an email to confirm your attendance. <br /><br />
 +
To join remotely, please refer to the meeting invitation below <br />
 +
 +
'''Location:'''<br />
 +
Abbas Al-Akkad St., Madinet Nasr, Cairo, Egypt<br />
 +
 +
'''Date:''' <br />
 +
26 December 2019 <br /> <br />
 +
 +
'''Day Sessions: '''<br />
 +
1- OWASP Cairo Chapter Activities in 2019 [By: '''Mohamed Alfateh''' and '''Hassan Morad''']<br /> 17:00 to 17:30<br />
 +
2- Open Discussion for the Y2020 Planning <br /> 17:30 to 18:30<br />
 +
 +
'''To join remotely'''<br />
 +
Topic: OWASP Cairo Chapter Meeting<br />
 +
Time: Dec 26, 2019 04:00 PM Cairo <br />
 +
 +
Join Zoom Meeting <br />
 +
https://zoom.us/j/317320557 <br />
 +
 +
Meeting ID: 317 320 557 <br />
 +
Password: Please refer to the mailing list or just drop us an email <br />
 +
 +
One tap mobile <br />
 +
+19294362866,,317320557# US (New York) <br />
 +
+16699006833,,317320557# US (San Jose) <br />
 +
<br />
 +
Find your local number: https://zoom.us/u/acqCytjmkN <br /><br />
 +
 +
-------------------------------------------------------------------------------------------------------------------------------
 +
-------------------------------------------------------------------------------------------------------------------------------
 +
===== AppSec Africa  =====
 +
Day Two Event announcing pended on foundation review/approval
 +
 +
'''AppSec Africa Day One'''<br />
 +
 +
Day One is open and free.<br />
 +
Event sessions are served in the way of First Come First Served. The event hall has a limited number of seats. If you are interested to attend please try to be there before the session start by a good amount of time and be sure to register for the event.<br />
 +
 +
 +
 +
'''Date:''' <br />
 +
1st September 2019 <br /> Event starts by 5 PM <br />
 +
<br />
 +
 +
'''Location:'''<br />
 +
InterContinental City Stars Cairo - Hambra Ballroom (-2), Nasr City, Cairo, EGYPT<br />
 +
Event Registration link: https://forms.gle/o8PrYk6GCLbG2uAm8<br /><br />
 +
 +
'''Event Agenda: '''<br /><br />
 +
The OWASP Top Ten Proactive Controls 2018<br /> (By: '''Jim Manico''')<br />
 +
 +
Software developers are the foundation of any application. In order to achieve secure software, developers must be supported and helped by the organization they author code for. As software developers author code that makes up a web application, they need to embrace and practice a wide variety of secure coding techniques. The OWASP Top Ten Proactive Controls (2018) is an OWASP documentation project that lists critical security techniques that should be included in every software development project. This document was written by developers for developers to assist those new to secure development.<br />
 +
 +
<br />
 +
Bypassing iOS Security using Enterprise Provisioning Hooks and Enterprise Mobility Management <br /> (By: '''Georgia Weidman''')<br />
 +
 +
This talk demonstrates how features Apple includes in their iOS ecosystem to support corporate enterprise provisioning and management can be used to exploit all iOS devices. We will cover the faculties that Apple includes to allow enterprises and mobile security vendors to remotely provision settings and load applications and how a malicious attacker could take advantage of these vectors.
 +
We will discuss Configuration Profile options with security implications and using the Enterprise Development Program to bypass Apple’s anti-malware app controls. Though Apple considers this a “feature not a bug” and a phishing issue, no anti-phishing training readily available for either consumers or corporations specifically address these phishing attacks. However, according to the Verizon Breach Report over 90% of enterprise compromises came in through endpoints, largely from phishing.
 +
Mobile devices open up a wide range of additional phishing options than the email scenarios. We will demonstrate how penetration testers and red teams can simulate these attacks to raise user awareness and perform impact analysis of a potential breach begun by a compromised iOS device.<br />
 +
 +
<br />
 +
Egypt Cyber and Privacy Security Requirements for Software Developers. <br /> (By: '''Mohamed Alfateh''')<br /><br />
 +
In this session, we will discuss number of Cyber law clauses that should be considered in developing software applications, we will go through the final draft of the executive regulation to highlight the additional controls that should be implemented in the applications, that will add extra layer of security and ensure the compliance with the Cyber law requirements. <br />
 +
 +
<br />
 +
'''Event Speakers '''<br />
 +
'''Jim Manico'''<br />
 +
Jim Manico is the founder of Manicode Security where he trains software developers on secure coding and security engineering. He is also an investor/advisor for KSOC, Nucleus Security, Signal Sciences, Secure Circle and BitDiscovery. Jim is a frequent speaker on secure software practices, is a member of the Java Champion community, and is the author of "Iron-Clad Java: Building Secure Web Applications" from Oracle Press. Jim also volunteers for the OWASP foundation as the project co-lead for the OWASP Application Security Verification Standard and the OWASP Proactive Controls. For more information, see http://www.linkedin.com/in/jmanico.
 +
<br /><br />
 +
'''Georgia Weidman'''<br />
 +
Georgia Weidman is a serial entrepreneur, penetration tester, security researcher, speaker, trainer, and author. She is a member of the CyberWatch Center's National Visiting Committee, on the board of advisors at Cybrary, and an Adjunct Professor at UMUC and Tulane University. She is a New America Cybersecurity Policy Fellow. She has presented or conducted training around the world and is regularly featured internationally in print and on television. She authored Penetration Testing: A Hands-On Introduction to Hacking. Georgia founded the security consulting firm Bulb Security and was awarded a DARPA Cyber Fast Track grant for her work in mobile device security culminating in the release of the Smartphone Pentest Framework. She founded Shevirah whose products assess and manage the risk of mobile devices in the enterprise and is a graduate of the Mach37 cybersecurity accelerator. She was the 2015 Women’s Society of CyberJutsu Pentest Ninja. She holds a MS in computer science and CISSP, CEH, and OSCP certifications.
 +
<br /><br />
 +
 +
'''Mohamed Alfateh'''<br />
 +
Alfateh is the OWASP Cairo chapter leader, he has deep experience in secure SDLC, code review & application threat modeling, DevSecOps and security compliance. Mohamed has many contributions for OWASP, he is the author for the “OWASP application threat modeling cheat sheet” and a board member of OWASP Middle-East. He is currently Sr. Consultant at ZINAD IT, holding GSSP-JAVA, GSNA, GSEC, ISO27001 LA/LI & Lead SCADA Security Professional certificates.
 +
 +
'''Location:'''<br />
 +
Cairo, Egypt (Hotel location will be updated) <br />
 +
 +
 +
'''AppSec Africa Day Two'''<br />
 +
'''Call For Paper'''<br />
 +
 +
 +
[https://docs.google.com/forms/d/e/1FAIpQLSd01JoNAUKNXGvWe7M17T2LTP3a9E3HGVa7xT4E9uetS6rQxg/viewform?vc=0&c=0&w=1 Call For Paper]<br />
 +
 +
'''Call For Event Volunteers'''<br />
 +
This year, OWASP Egypt is planning to host AppSec Africa, the premier application security conference for African developers and security experts.<br />
 +
 +
AppSec Africa will provide attendees with insight into key application security topics and exposure to best practices in cybersecurity.<br />
 +
 +
In OWASP we strongly believe in the power of the community and we rely on the contributions of enthusiastic and talented individuals across the world to advance the state of application security.<br />
 +
 +
As such, we are calling for volunteers to participate in the preparation of the event. We need your support in the following areas:<br />
 +
1. Web/Mobile app development<br />
 +
2. Event facilitation (We will have number of external speakers)<br />
 +
3. Lab/Workshops setup/facilitation<br />
 +
<br />
 +
If you are interested in joining AppSec Africa team, drop us an email and tell us a little bit about yourself, your skills, and the area you would like to volunteer for.<br />
 +
 +
Looking forward to hearing back from you.<br />
 +
 +
'''Event Initial Planned Date:'''<br />
 +
21th of September 2019<br />
 +
'''Location:'''<br />
 +
Intercontinental City Stars, Al saraya Hall, Nasr City, Cairo, EGYPT<br />
 +
 +
-------------------------------------------------------------------------------------------------------------------------------
 +
-------------------------------------------------------------------------------------------------------------------------------
 +
===== OWASP Top 10 Awareness Program  =====
 +
[[File:Iti-egypt-logo-sm.jpg|thumb|400px]]
 +
 +
 +
'''Day 1: OWASP Top 10  - A1 and A2 '''<br />
 +
The OWASP Top 10 is a powerful awareness document for web application security. It represents a broad consensus about the most critical security risks to web applications.<br />
 +
 +
The first day of the awareness program includes four sessions covering the first two of OWASP top 10 risks and Mitigations, <br />
 +
 +
'''Location:'''<br />
 +
ITI Information Technology Institute - Smart Village - Building, B148, - km 28, Cairo-Alexandria Desert Road, Cairo, Egypt<br />
 +
 +
'''Date:''' <br />
 +
16 March 2019 <br /> <br />
 +
 +
'''Day Sessions: '''<br />
 +
1- "A1-Injection" Risk and Attack Demo [By: '''Mohamed Talaat''' and '''Moustafa Gamal''']<br /> 12:00 to 12:45<br />
 +
2- "A1-Injection" Attack Mitigations with Demo [By: '''Mohamed Talaat'''and '''Moustafa Gamal''']<br /> 12:45 to 13:30<br />
 +
3- "A2-Broken Authentication" Risk and Attack Demo [By: '''Amr Elshamy''' and '''Mahmoud Ibrahim'''] <br />13:30 to 14:15<br />
 +
4- "A2-Broken Authentication" Attack Mitigations with Demo [By: '''Amr Elshamy''' and '''Mahmoud Ibrahim''']<br /> 14:15 to 15:00<br /><br />
 +
 +
 +
-------------------------------------------------------------------------------------------------------------------------------
 +
-------------------------------------------------------------------------------------------------------------------------------
 +
===== OWASP Cairo Chapter in the CIT's Anual Cyber Security Event  =====
 +
 +
[[File:CIT-OWASP.png|thumb|400px]]
 +
 +
 +
'''For the forth year, OWASP Cairo chapter is participating in the CIT information Security event'''<br />
 +
Event Agenda http://cit-fei.org/Upload_Admin_Entity_Media_Filename_9f864882903418a8979873ece72e79e8.pdf<br />
 +
 +
Event Registration link: https://goo.gl/BukF6C<br />
 +
Registration is totally free.
 +
 +
'''Location:'''<br />
 +
Intercontinental City Stars, Al saraya Hall, Nasr City, Cairo, EGYPT<br />
 +
 +
'''Date:''' <br />
 +
6 March 2019 <br /> <br />
 +
 +
'''OWASP Session: '''<br />
 +
AppSec Lessons from Battlefield [By: '''Mohamed Alfateh''']<br />
 +
 +
 
-------------------------------------------------------------------------------------------------------------------------------
 
-------------------------------------------------------------------------------------------------------------------------------
 
-------------------------------------------------------------------------------------------------------------------------------
 
-------------------------------------------------------------------------------------------------------------------------------
 
===== Upcomming Events  =====  
 
===== Upcomming Events  =====  
  
 +
===== OWASP Cairo Chapter in Bluekaizen CSCamp  =====
 +
[[File:OWASP_Egypt-Bluekaizen.png|thumb|400px]]
 +
 +
''1- Women CTF Preparation Day'' <br />
 +
 +
These sessions are served in the way of First Come First Served. The room has a limitation of 50 persons only. If you are interested to attend please try to be there before the session start by a good amount of time.<br />
 +
<br />
 +
No need for the event ticket to attend the CTF preparation day(Planned 13 December 2018). For the CSCamp Event (on 14 &15 December 2018); the Attendance will require a conference ticket, please contact us if you coudn't able to get a ticket.<br />
 +
 +
'''Location:'''<br />
 +
Greek Campus, Tahrir Sq., Giza, EGYPT<br />
 +
 +
'''Date:''' <br />
 +
December 13th, 2018<br />
 +
10:00 PM until 04:00 PM<br /> <br />
 +
 +
 +
'''Event Agenda: '''<br />
 +
10:00 to 11:30 -  Web Security Challenges (By: '''Ahmed Saafan''')
 +
<br />
 +
11:30 to 12:00 - Break<br />
 +
 +
12:00 to 13:30 -  Malware Reverse Engineering Challenges (By: '''Fady Othman''')<br />
 +
 +
13:30 to 14:00 - Break<br />
 +
 +
14:00 to 15:30 -  Digital Forensics Challenges (By: '''Mohamed Talaat''')<br />
 +
 +
 +
''2- CSCamp OWASP Cairo Chapter Sessions'' <br />
 +
 +
I- Focus Group: Security Management Problems(By: '''Ahmed Saafan''')<br />
 +
 +
II-PANEL DISCUSSION: Egyptian Cybercrime Law (Panel Moderator: '''Mohamed Alfateh''')<br />(By: '''Dr. Mohamed Hegazy''', '''Dr. Marianne Amir''' and '''Adel Abdulmonim''')<br /><br />
 +
 +
'''Location:'''<br />
 +
Intercontinental City Stars, Al saraya Hall, Nasr City, Cairo, EGYPT<br />
 +
 +
'''Date:''' <br />
 +
Saturday, December 15th, 2018<br /><br />
 +
 +
 +
 +
 +
-------------------------------------------------------------------------------------------------------------------------------
 +
-------------------------------------------------------------------------------------------------------------------------------
 +
 +
 +
 +
===== OWASP Cairo Chapter in the Arab Security Conference 2018 =====
 +
 +
-------------------------------------------------------------------------------------------------------------------------------
 +
 +
Arab Security Conference is an annual cyber security conference held in Cairo, Egypt. It strives to raise Cyber Security Awareness in the Arab world.<br />
 +
Event link: https://www.arabsecurityconference.com<br />
 +
 +
'''Location:'''<br />
 +
The Nile Ritz-Carlton, Cairo, Egypt<br />
 +
 +
'''Date:''' <br />
 +
23 - 24 September 2018 <br /> <br />
 +
 +
'''OWASP Session:'''<br />
 +
Day 2: 03:00 PM - 04:00 PM -  Wargames Hall <br />
 +
Web Application Security Testing using ZAP. (30 min) [By: '''Hassan Mohamed''' and '''Mohamed Alfateh''']<br />
 +
<br />
 +
Note: The OWASP session is free to attend, no need to have event ticket.<br />
 +
-------------------------------------------------------------------------------------------------------------------------------
 +
-------------------------------------------------------------------------------------------------------------------------------
 +
 +
 +
===== OWASP Cairo Chapter in the ITI's Juniors Academy Program =====
 +
 +
-------------------------------------------------------------------------------------------------------------------------------
 +
[[File:Iti-egypt-logo-sm.jpg|thumb|400px]]
 +
 +
 +
Juniors Academy Program link: http://www.iti.gov.eg/Site/Offers/JuniorsAcademy<br />
 +
 +
'''Location:'''<br />
 +
ITI Information Technology Institute - Smart Village - Building, B148, - km 28, Cairo-Alexandria Desert Road, Cairo, Egypt<br />
 +
 +
'''Date:''' <br />
 +
5 - 6 August 2018 <br /> <br />
 +
 +
'''OWASP days:'''<br />
 +
Day 1: Application development basics, introduction to web technologies and OWASP community and projects briefing. <br />
 +
Day 2: Introduction application security and hands on practices on number of OWASP top 10 vulnerabilities.<br />
 +
 +
-------------------------------------------------------------------------------------------------------------------------------
 +
-------------------------------------------------------------------------------------------------------------------------------
 +
 +
 +
-------------------------------------------------------------------------------------------------------------------------------
 +
-------------------------------------------------------------------------------------------------------------------------------
 +
 +
===== OWASP Cairo Chapter in the ITI's Mobile Developer Weekend Event  =====
 +
 +
-------------------------------------------------------------------------------------------------------------------------------
 +
[[File:Iti-egypt-logo-sm.jpg|thumb|400px]]
 +
 +
'''OWASP Cairo chapter is participating in the ITI's Mobile Developer Weekend Event'''<br />
 +
Event Agenda http://www.mobiledeveloperweekend.net/event/agenda.htm<br />
 +
 +
Event Registration link: http://www.mobiledeveloperweekend.net/attendee/registration.htm<br />
 +
 +
'''Location:'''<br />
 +
ITI Information Technology Institute - Smart Village - Building, B148, - km 28, Cairo-Alexandria Desert Road, Cairo, Egypt<br />
 +
 +
'''Date:''' <br />
 +
19 - 21 April 2018 <br /> <br />
 +
 +
'''OWASP Session: '''<br />
 +
Introduction to Block-chain security (30 min) [By: '''Mohamed Alfateh''' and '''Fady Othman''']<br />
 +
What is new with OWASP Top 10 (30 min) [By: '''Mohamed Alfateh''']<br />
 +
 +
-------------------------------------------------------------------------------------------------------------------------------
 +
-------------------------------------------------------------------------------------------------------------------------------
 +
 +
===== OWASP Cairo Chapter in the CIT's Anual Cyber Security Event  =====
 +
 +
[[File:CIT-OWASP.png|thumb|400px]]
 +
 +
 +
'''For the third year, OWASP Cairo chapter is participating in the CIT information Security event'''<br />
 +
Event Agenda http://login.qsend.it/t/r-l-yuflya-dktihhjddj-r/.<br />
 +
 +
Event Registration link: https://goo.gl/wrTw9R<br />
 +
 +
'''Location:'''<br />
 +
Intercontinental City Stars, Al saraya Hall, Nasr City, Cairo, EGYPT<br />
 +
 +
'''Date:''' <br />
 +
6 March 2018 <br /> <br />
 +
 +
'''OWASP Session: '''<br />
 +
OWASP Top 10 new release  (45 min) [By: '''Mohamed Alfateh''' and '''Hassan Morad''']<br />
 +
 +
-------------------------------------------------------------------------------------------------------------------------------
 +
-------------------------------------------------------------------------------------------------------------------------------
 +
 +
 +
-------------------------------------------------------------------------------------------------------------------------------
 +
===== OWASP Top 10 Awareness Program  =====
 +
[[File:Iti-egypt-logo-sm.jpg|thumb|400px]]
 +
 +
 +
'''Day 4: Broken Access Control '''<br />
 +
Restrictions on what authenticated users are allowed to do are not properly enforced. Attackers can exploit these flaws to access unauthorized functionality and/or data, such as access other users' accounts, view sensitive files, modify other users’ data, change access rights, etc.<br />
 +
 +
'''Location:'''<br />
 +
ITI Information Technology Institute - Smart Village - Building, B148, - km 28, Cairo-Alexandria Desert Road, Cairo, Egypt<br />
 +
'''Date:''' <br />
 +
22 December 2017 <br /> <br />
 +
 +
'''Day Sessions: (First Session starts 10 AM)<br />
 +
1- Introduction for OWASP Projects (45 min)<br />
 +
2- Broken Access Control Attacks (45 min) <br />
 +
5- Broken Access Control Attacks Mitigation (30 min) <br />
 +
6- Broken Access Control Attacks and Mitigation Demos (30 min) <br />
  
 +
Sessions speakers: '''<br />[''Hassan Mohammed''' and '''Ahmed Elhady''' ]<br /><br />
  
 
-------------------------------------------------------------------------------------------------------------------------------
 
-------------------------------------------------------------------------------------------------------------------------------
Line 28: Line 352:
  
 
A while ago I stumbled upon an online reverse engineering challenge, I downloaded the challenge and from the beginning it caught my attention. I started reversing and I realized that it was a well designed challenge that is perfect to teach reverse engineering. after solving the challenge I was disappointed when I looked online to see how other people solved it because it was solved in a way that teaches them too little.
 
A while ago I stumbled upon an online reverse engineering challenge, I downloaded the challenge and from the beginning it caught my attention. I started reversing and I realized that it was a well designed challenge that is perfect to teach reverse engineering. after solving the challenge I was disappointed when I looked online to see how other people solved it because it was solved in a way that teaches them too little.
In this workshop I will “diffuse” the “bomb” using multiple methods and multiple tools (hopefully IDA, GDB, EDB, Radare2) to make the most of it and trying to teach something new on the way.<br /><br />
+
In this workshop I will “diffuse” the “bomb” using multiple methods and multiple tools (hopefully IDA, GDB, EDB, Radare2) to make the most of it and trying to teach something new on the way.<br />
  
  
 
Defending Applications by putting them under the Proactive SOC spotlight <br /> (By: '''Mohamed Alfateh''')<br />
 
Defending Applications by putting them under the Proactive SOC spotlight <br /> (By: '''Mohamed Alfateh''')<br />
  
Most companies are trying to shift their Security Operations Center (SOC) from a reactive to a proactive posture. Putting the application layer under a proactive monitoring and analysis is a critical activity to anticipates and pre-empts incidents to prevent their occurrence. In this talk we will discuss different techniques to proactively anticipate web threats and act upon anticipation proactively rather than passively. During the session, we will show how you could use OWASP AppSensor to feed data into SOC and to respond to analysis results. The session will introduce number of corresponding SIEM use cases that could be implemented in deferent SIEM technologies.<br />
+
Most companies are trying to shift their Security Operations Center (SOC) from a reactive to a proactive posture. Putting the application layer under a proactive monitoring and analysis is a critical activity to anticipates and pre-empts incidents to prevent their occurrence. In this talk we will discuss different techniques to proactively anticipate web threats and act upon anticipation proactively rather than passively. During the session, we will show how you could use OWASP AppSensor to feed data into SOC and to respond to analysis results. The session will introduce number of corresponding SIEM use cases that could be implemented in deferent SIEM technologies.<br /><br />
  
 
PANEL DISCUSSION: WHAT’S NEW WITH OWASP TOP 10 <br /> (By: '''Ahmed Saafan, Hassan Morad, Mohamed Alfateh and Fady Othman''')<br />
 
PANEL DISCUSSION: WHAT’S NEW WITH OWASP TOP 10 <br /> (By: '''Ahmed Saafan, Hassan Morad, Mohamed Alfateh and Fady Othman''')<br />

Latest revision as of 13:10, 16 December 2019

OWASP Cairo

Welcome to the Cairo chapter homepage. The chapter leader is Mohamed Alfateh. Chapter Board Members are:Adel Abdel Moneim, Hassan Mourad, Ahmed Mashaly, Ahmed Saafan and Fady Othman.


Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

Btn donate SM.gif to this chapter or become a local chapter supporter. Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG


Local News


Chapter Meeting
CIT-OWASP.png


Y2019 Challenges and the Planning for Y2020
In this meeting we will discuss Y2019 Progress & achievements and the planning for Y2020.
The attendance is open, please join the chapter mailing list or send us an email to confirm your attendance.

To join remotely, please refer to the meeting invitation below

Location:
Abbas Al-Akkad St., Madinet Nasr, Cairo, Egypt

Date:
26 December 2019

Day Sessions:
1- OWASP Cairo Chapter Activities in 2019 [By: Mohamed Alfateh and Hassan Morad]
17:00 to 17:30
2- Open Discussion for the Y2020 Planning
17:30 to 18:30

To join remotely
Topic: OWASP Cairo Chapter Meeting
Time: Dec 26, 2019 04:00 PM Cairo

Join Zoom Meeting
https://zoom.us/j/317320557

Meeting ID: 317 320 557
Password: Please refer to the mailing list or just drop us an email

One tap mobile
+19294362866,,317320557# US (New York)
+16699006833,,317320557# US (San Jose)

Find your local number: https://zoom.us/u/acqCytjmkN



AppSec Africa

Day Two Event announcing pended on foundation review/approval

AppSec Africa Day One

Day One is open and free.
Event sessions are served in the way of First Come First Served. The event hall has a limited number of seats. If you are interested to attend please try to be there before the session start by a good amount of time and be sure to register for the event.


Date:
1st September 2019
Event starts by 5 PM

Location:
InterContinental City Stars Cairo - Hambra Ballroom (-2), Nasr City, Cairo, EGYPT
Event Registration link: https://forms.gle/o8PrYk6GCLbG2uAm8

Event Agenda:

The OWASP Top Ten Proactive Controls 2018
(By: Jim Manico)

Software developers are the foundation of any application. In order to achieve secure software, developers must be supported and helped by the organization they author code for. As software developers author code that makes up a web application, they need to embrace and practice a wide variety of secure coding techniques. The OWASP Top Ten Proactive Controls (2018) is an OWASP documentation project that lists critical security techniques that should be included in every software development project. This document was written by developers for developers to assist those new to secure development.


Bypassing iOS Security using Enterprise Provisioning Hooks and Enterprise Mobility Management
(By: Georgia Weidman)

This talk demonstrates how features Apple includes in their iOS ecosystem to support corporate enterprise provisioning and management can be used to exploit all iOS devices. We will cover the faculties that Apple includes to allow enterprises and mobile security vendors to remotely provision settings and load applications and how a malicious attacker could take advantage of these vectors. We will discuss Configuration Profile options with security implications and using the Enterprise Development Program to bypass Apple’s anti-malware app controls. Though Apple considers this a “feature not a bug” and a phishing issue, no anti-phishing training readily available for either consumers or corporations specifically address these phishing attacks. However, according to the Verizon Breach Report over 90% of enterprise compromises came in through endpoints, largely from phishing. Mobile devices open up a wide range of additional phishing options than the email scenarios. We will demonstrate how penetration testers and red teams can simulate these attacks to raise user awareness and perform impact analysis of a potential breach begun by a compromised iOS device.


Egypt Cyber and Privacy Security Requirements for Software Developers.
(By: Mohamed Alfateh)

In this session, we will discuss number of Cyber law clauses that should be considered in developing software applications, we will go through the final draft of the executive regulation to highlight the additional controls that should be implemented in the applications, that will add extra layer of security and ensure the compliance with the Cyber law requirements.


Event Speakers
Jim Manico
Jim Manico is the founder of Manicode Security where he trains software developers on secure coding and security engineering. He is also an investor/advisor for KSOC, Nucleus Security, Signal Sciences, Secure Circle and BitDiscovery. Jim is a frequent speaker on secure software practices, is a member of the Java Champion community, and is the author of "Iron-Clad Java: Building Secure Web Applications" from Oracle Press. Jim also volunteers for the OWASP foundation as the project co-lead for the OWASP Application Security Verification Standard and the OWASP Proactive Controls. For more information, see http://www.linkedin.com/in/jmanico.

Georgia Weidman
Georgia Weidman is a serial entrepreneur, penetration tester, security researcher, speaker, trainer, and author. She is a member of the CyberWatch Center's National Visiting Committee, on the board of advisors at Cybrary, and an Adjunct Professor at UMUC and Tulane University. She is a New America Cybersecurity Policy Fellow. She has presented or conducted training around the world and is regularly featured internationally in print and on television. She authored Penetration Testing: A Hands-On Introduction to Hacking. Georgia founded the security consulting firm Bulb Security and was awarded a DARPA Cyber Fast Track grant for her work in mobile device security culminating in the release of the Smartphone Pentest Framework. She founded Shevirah whose products assess and manage the risk of mobile devices in the enterprise and is a graduate of the Mach37 cybersecurity accelerator. She was the 2015 Women’s Society of CyberJutsu Pentest Ninja. She holds a MS in computer science and CISSP, CEH, and OSCP certifications.

Mohamed Alfateh
Alfateh is the OWASP Cairo chapter leader, he has deep experience in secure SDLC, code review & application threat modeling, DevSecOps and security compliance. Mohamed has many contributions for OWASP, he is the author for the “OWASP application threat modeling cheat sheet” and a board member of OWASP Middle-East. He is currently Sr. Consultant at ZINAD IT, holding GSSP-JAVA, GSNA, GSEC, ISO27001 LA/LI & Lead SCADA Security Professional certificates.

Location:
Cairo, Egypt (Hotel location will be updated)


AppSec Africa Day Two
Call For Paper


Call For Paper

Call For Event Volunteers
This year, OWASP Egypt is planning to host AppSec Africa, the premier application security conference for African developers and security experts.

AppSec Africa will provide attendees with insight into key application security topics and exposure to best practices in cybersecurity.

In OWASP we strongly believe in the power of the community and we rely on the contributions of enthusiastic and talented individuals across the world to advance the state of application security.

As such, we are calling for volunteers to participate in the preparation of the event. We need your support in the following areas:
1. Web/Mobile app development
2. Event facilitation (We will have number of external speakers)
3. Lab/Workshops setup/facilitation

If you are interested in joining AppSec Africa team, drop us an email and tell us a little bit about yourself, your skills, and the area you would like to volunteer for.

Looking forward to hearing back from you.

Event Initial Planned Date:
21th of September 2019
Location:
Intercontinental City Stars, Al saraya Hall, Nasr City, Cairo, EGYPT



OWASP Top 10 Awareness Program
Iti-egypt-logo-sm.jpg


Day 1: OWASP Top 10 - A1 and A2
The OWASP Top 10 is a powerful awareness document for web application security. It represents a broad consensus about the most critical security risks to web applications.

The first day of the awareness program includes four sessions covering the first two of OWASP top 10 risks and Mitigations,

Location:
ITI Information Technology Institute - Smart Village - Building, B148, - km 28, Cairo-Alexandria Desert Road, Cairo, Egypt

Date:
16 March 2019

Day Sessions:
1- "A1-Injection" Risk and Attack Demo [By: Mohamed Talaat and Moustafa Gamal]
12:00 to 12:45
2- "A1-Injection" Attack Mitigations with Demo [By: Mohamed Talaatand Moustafa Gamal]
12:45 to 13:30
3- "A2-Broken Authentication" Risk and Attack Demo [By: Amr Elshamy and Mahmoud Ibrahim]
13:30 to 14:15
4- "A2-Broken Authentication" Attack Mitigations with Demo [By: Amr Elshamy and Mahmoud Ibrahim]
14:15 to 15:00




OWASP Cairo Chapter in the CIT's Anual Cyber Security Event
CIT-OWASP.png


For the forth year, OWASP Cairo chapter is participating in the CIT information Security event
Event Agenda http://cit-fei.org/Upload_Admin_Entity_Media_Filename_9f864882903418a8979873ece72e79e8.pdf

Event Registration link: https://goo.gl/BukF6C
Registration is totally free.

Location:
Intercontinental City Stars, Al saraya Hall, Nasr City, Cairo, EGYPT

Date:
6 March 2019

OWASP Session:
AppSec Lessons from Battlefield [By: Mohamed Alfateh]




Upcomming Events
OWASP Cairo Chapter in Bluekaizen CSCamp
OWASP Egypt-Bluekaizen.png

1- Women CTF Preparation Day

These sessions are served in the way of First Come First Served. The room has a limitation of 50 persons only. If you are interested to attend please try to be there before the session start by a good amount of time.

No need for the event ticket to attend the CTF preparation day(Planned 13 December 2018). For the CSCamp Event (on 14 &15 December 2018); the Attendance will require a conference ticket, please contact us if you coudn't able to get a ticket.

Location:
Greek Campus, Tahrir Sq., Giza, EGYPT

Date:
December 13th, 2018
10:00 PM until 04:00 PM


Event Agenda:
10:00 to 11:30 - Web Security Challenges (By: Ahmed Saafan)
11:30 to 12:00 - Break

12:00 to 13:30 - Malware Reverse Engineering Challenges (By: Fady Othman)

13:30 to 14:00 - Break

14:00 to 15:30 - Digital Forensics Challenges (By: Mohamed Talaat)


2- CSCamp OWASP Cairo Chapter Sessions

I- Focus Group: Security Management Problems(By: Ahmed Saafan)

II-PANEL DISCUSSION: Egyptian Cybercrime Law (Panel Moderator: Mohamed Alfateh)
(By: Dr. Mohamed Hegazy, Dr. Marianne Amir and Adel Abdulmonim)

Location:
Intercontinental City Stars, Al saraya Hall, Nasr City, Cairo, EGYPT

Date:
Saturday, December 15th, 2018






OWASP Cairo Chapter in the Arab Security Conference 2018

Arab Security Conference is an annual cyber security conference held in Cairo, Egypt. It strives to raise Cyber Security Awareness in the Arab world.
Event link: https://www.arabsecurityconference.com

Location:
The Nile Ritz-Carlton, Cairo, Egypt

Date:
23 - 24 September 2018

OWASP Session:
Day 2: 03:00 PM - 04:00 PM - Wargames Hall
Web Application Security Testing using ZAP. (30 min) [By: Hassan Mohamed and Mohamed Alfateh]

Note: The OWASP session is free to attend, no need to have event ticket.




OWASP Cairo Chapter in the ITI's Juniors Academy Program

Iti-egypt-logo-sm.jpg


Juniors Academy Program link: http://www.iti.gov.eg/Site/Offers/JuniorsAcademy

Location:
ITI Information Technology Institute - Smart Village - Building, B148, - km 28, Cairo-Alexandria Desert Road, Cairo, Egypt

Date:
5 - 6 August 2018

OWASP days:
Day 1: Application development basics, introduction to web technologies and OWASP community and projects briefing.
Day 2: Introduction application security and hands on practices on number of OWASP top 10 vulnerabilities.






OWASP Cairo Chapter in the ITI's Mobile Developer Weekend Event

Iti-egypt-logo-sm.jpg

OWASP Cairo chapter is participating in the ITI's Mobile Developer Weekend Event
Event Agenda http://www.mobiledeveloperweekend.net/event/agenda.htm

Event Registration link: http://www.mobiledeveloperweekend.net/attendee/registration.htm

Location:
ITI Information Technology Institute - Smart Village - Building, B148, - km 28, Cairo-Alexandria Desert Road, Cairo, Egypt

Date:
19 - 21 April 2018

OWASP Session:
Introduction to Block-chain security (30 min) [By: Mohamed Alfateh and Fady Othman]
What is new with OWASP Top 10 (30 min) [By: Mohamed Alfateh]



OWASP Cairo Chapter in the CIT's Anual Cyber Security Event
CIT-OWASP.png


For the third year, OWASP Cairo chapter is participating in the CIT information Security event
Event Agenda http://login.qsend.it/t/r-l-yuflya-dktihhjddj-r/.

Event Registration link: https://goo.gl/wrTw9R

Location:
Intercontinental City Stars, Al saraya Hall, Nasr City, Cairo, EGYPT

Date:
6 March 2018

OWASP Session:
OWASP Top 10 new release (45 min) [By: Mohamed Alfateh and Hassan Morad]





OWASP Top 10 Awareness Program
Iti-egypt-logo-sm.jpg


Day 4: Broken Access Control
Restrictions on what authenticated users are allowed to do are not properly enforced. Attackers can exploit these flaws to access unauthorized functionality and/or data, such as access other users' accounts, view sensitive files, modify other users’ data, change access rights, etc.

Location:
ITI Information Technology Institute - Smart Village - Building, B148, - km 28, Cairo-Alexandria Desert Road, Cairo, Egypt
Date:
22 December 2017

Day Sessions: (First Session starts 10 AM)
1- Introduction for OWASP Projects (45 min)
2- Broken Access Control Attacks (45 min)
5- Broken Access Control Attacks Mitigation (30 min)
6- Broken Access Control Attacks and Mitigation Demos (30 min)

Sessions speakers:
[Hassan Mohammed
and Ahmed Elhady ]



OWASP Cairo Chapter in Bluekaizen CSCamp 15 Dec. 2017
OWASP Egypt-Bluekaizen.png


These sessions are served in the way of First Come First Served. The room has a limitation of 50 persons only. If you are interested to attend please try to be there before the first OWASP session start by a good amount of time.

Location:
Intercontinental City Stars, Al saraya Hall, Nasr City, Cairo, EGYPT

Date:
Friday, December 15th, 2016
04:30 PM until 06:00 PM

Event Agenda:
Diffusing A Bomb With Reverse Engineering
(By: Fady Othman)

A while ago I stumbled upon an online reverse engineering challenge, I downloaded the challenge and from the beginning it caught my attention. I started reversing and I realized that it was a well designed challenge that is perfect to teach reverse engineering. after solving the challenge I was disappointed when I looked online to see how other people solved it because it was solved in a way that teaches them too little. In this workshop I will “diffuse” the “bomb” using multiple methods and multiple tools (hopefully IDA, GDB, EDB, Radare2) to make the most of it and trying to teach something new on the way.


Defending Applications by putting them under the Proactive SOC spotlight
(By: Mohamed Alfateh)

Most companies are trying to shift their Security Operations Center (SOC) from a reactive to a proactive posture. Putting the application layer under a proactive monitoring and analysis is a critical activity to anticipates and pre-empts incidents to prevent their occurrence. In this talk we will discuss different techniques to proactively anticipate web threats and act upon anticipation proactively rather than passively. During the session, we will show how you could use OWASP AppSensor to feed data into SOC and to respond to analysis results. The session will introduce number of corresponding SIEM use cases that could be implemented in deferent SIEM technologies.

PANEL DISCUSSION: WHAT’S NEW WITH OWASP TOP 10
(By: Ahmed Saafan, Hassan Morad, Mohamed Alfateh and Fady Othman)
OWASP released a major update to the OWASP top 10 project. In this session we will look at what is new in the 2017 version. We will discuss the major changes to the top 10 list and whether or not such changes brings better value to application security.






OWASP Top 10 Awareness Program
Iti-egypt-logo-sm.jpg



Day 3: Cross Site Scripting
XSS flaws occur whenever an application includes untrusted data in a new web page without proper validation or escaping, or updates an existing web page with user supplied data using a browser API that can create JavaScript. XSS allows attackers to execute scripts in the victim’s browser which can hijack user sessions, deface web sites, or redirect the user to malicious sites.

Location:
ITI Information Technology Institute - Smart Village - Building, B148, - km 28, Cairo-Alexandria Desert Road, Cairo, Egypt
Date:
28 October 2017

Day Sessions: (First Session starts 10 AM)
1- What is the new in CR2 of OWASP top 10 2017 (45 min) [By: Mohamed Alfateh]
2- Cross Site Scripting Attacks (45 min) [By: Hassan Mohammed]
3- Cross Site Scripting Attacks Demos (30 min) [By: Abdulrahman Nour]
4- BeEF - Browser Exploiatation Framework Demo (45 min) [By: Hassan Mohammed]
5- Cross Site Scripting Attacks Mitigation (30 min) [By: Hassan Mohammed]
6- Cross Site Scripting Attacks Mitigation Demos (30 min) [By: Abdulrahman Nour']


Day 4: Broken Access Control
Restrictions on what authenticated users are allowed to do are not properly enforced. Attackers can exploit these flaws to access unauthorized functionality and/or data, such as access other users' accounts, view sensitive files, modify other users’ data, change access rights, etc.

Location:
ITI Information Technology Institute - Smart Village - Building, B148, - km 28, Cairo-Alexandria Desert Road, Cairo, Egypt
Date:
22 December 2017

Day 5: Security Misconfiguration
Good security requires having a secure configuration defined and deployed for the application, frameworks, application server, web server, database server, platform, etc. Secure settings should be defined, implemented, and maintained, as defaults are often insecure. Additionally, software should be kept up to date.

Location:
ITI Information Technology Institute - Smart Village - Building, B148, - km 28, Cairo-Alexandria Desert Road, Cairo, Egypt
Date:
TBD

Day 6: Sensitive Data Exposure
Many web applications and APIs do not properly protect sensitive data, such as financial, healthcare, and PII. Attackers may steal or modify such weakly protected data to conduct credit card fraud, identity theft, or other crimes. Sensitive data deserves extra protection such as encryption at rest or in transit, as well as special precautions when exchanged with the browser.

Location:
ITI Information Technology Institute - Smart Village - Building, B148, - km 28, Cairo-Alexandria Desert Road, Cairo, Egypt
Date:
TBD



OWASP Cairo Chapter in the ITI's Mobile Developer Weekend Event

Iti-egypt-logo-sm.jpg

OWASP Cairo chapter is participating this year in the ITI's Mobile Developer Weekend Event
Event Agenda http://mobiledeveloperweekend.net/event/agenda.htm

Event Registration link: http://mobiledeveloperweekend.net/attendee/registration.htm

Location:
ITI Information Technology Institute - Smart Village - Building, B148, - km 28, Cairo-Alexandria Desert Road, Cairo, Egypt

Date:
20 April 2017

OWASP Session:
OWASP Top 10 Risks and Mitigation (60 min) [By: Ahmed Saafan]




OWASP Cairo Chapter in the CIT's Second Anual Cyber Security Event

CIT-OWASP.png


For the second year, OWASP Cairo chapter is participating in the CIT information Security event
Event Agenda http://login.qsend.it/t/r-l-yuflya-dktihhjddj-r/.

Event Registration link: http://login.qsend.it/t/r-l-yuflya-dktihhjddj-o/

Location:
Intercontinental City Stars, Al saraya Hall, Nasr City, Cairo, EGYPT

Date:
27 March 2017

OWASP Session:
Web and Mobile applications Advanced User Tracking (45 min) [By: Mohamed Alfateh]




OWASP Top 10 Awareness Program

Iti-egypt-logo-sm.jpg


Day 2: Broken Authentication and Session Management
Application functions related to authentication and session management are often not implemented correctly, allowing attackers to compromise passwords, keys, or session tokens, or to exploit other implementation flaws to assume other users’ identities. The "Broken Authentication and Session Management" day includes three sessions covering the relevent web attacks and attacks mitigation.

Location:
ITI Information Technology Institute - Smart Village - Building, B148, - km 28, Cairo-Alexandria Desert Road, Cairo, Egypt

Date:
24 December 2016

Day Sessions:
1- Introduction to OWASP top 10 (45 min) [By: Mohamed Alfateh]
2- Broken Authentication and Session Management Attacks (45 min) [By: Ahmed Alaa]
3- Broken Authentication and Session Management Attacks Demos (30 min) [By: Ahmed Alaa]
4- Broken Authentication and Session Management Attacks Mitigation (45 min) [By: Mohamed Alfateh]




OWASP Cairo Chapter in Bluekaizen CSCamp 18 Nov. 2016
OWASP Egypt-Bluekaizen.png


These sessions are served in the way of First Come First Served. The room has a limitation of 50 persons only. If you are interested to attend please try to be there before the first OWASP session start by a good amount of time.

Location:
Intercontinental City Stars, Al saraya Hall, Nasr City, Cairo, EGYPT

Date:
Friday, November 18th, 2016
05:00 PM until 07:00 PM

Event Agenda:
The Hidden Venom : Dangerous Formats
(By: Fady Othman)

In the past years, we have seen the development of client-side attacks and how hackers became smarter and smarter. We came to a realization that you don't really need a zero day or advanced exploit to spread a malware or ransomware. all what you need is a good social engineering trick and the knowledge of how to abuse a legitimate file format. In this talk, we will have a look at seemingly non-harmful file formats and how they can be abused to spread malware.

Exploiting PHP Serialized Objects for Authentication bypass
(By: Ebrahim Hegazy)
In this session, I will talk about PHP Serialized Objects as following: 1- What is PHP Serialized/Unserialize Objects and how it works, 2- Demo Code on PHP Serialized Objects, 3- Exploitation scenarios for Serialized Objects, 4- Practical example of exploiting Serialized Objects for Authentication bypass & Privilege Escalation.

The Hidden Venom : Detecting APTs at web application layer
(By: Mohamed Alfateh)

Detecting and defending against Multi - Stage Advanced Persistent Threats (APT) Attacks is a challenge for mechanisms that are static in its nature and are based on blacklisting and malware signature techniques. The comprehensive analysis and correlation can discover behavior indicative of APT-related attacks and data exfiltration. In the web application layer, other techniques are used to detect the sophisticated web attacks. In this presentation, we will discuss some techniques that could be used to deal with the APTs in the web application layer.




OWASP Cairo Chapter in FIRST Regional Symposium for Arab and African Regions, November 2nd 2016


OWASP Cairo chapter will be a main contributor to FIRST regional symposium for Arab and African Regions that will be held in Egypt on the 2nd and 3rd of November in the city of Sharm ElSheikh.
https://www.first.org/events/symposium/egypt2016



OWASP Top 10 Awareness Program
CIT-OWASP.png



For those of you who missed our OWASP top 10 injection day, you get a second chance to attend it.

We will be running the sessions again as a webinar next Thursday (1/9/2016) at 6 pm Cairo time.

The registration link for the webinar is

https://attendee.gotowebinar.com/register/4323912316534772740

Hope to see you then. Have a great day



Day 1: Injection Day
Injection is an entire class of attacks that rely on injecting data into a web application in order to facilitate the execution or interpretation of malicious data in an unexpected manner. Examples of attacks within this class include Cross-Site Scripting (XSS), SQL Injection, Header Injection, Log Injection and Full Path Disclosure. I’m scratching the surface here.

This class of attacks is every programmer’s bogeyman. They are the most common and successful attacks on the internet due to their numerous types, large attack surface, and the complexity sometimes needed to protect against them. The injection day includes three sessions covering the Injection Attacks and Mitigations,

Location:
Abbas Al-Akkad St., Madinet Nasr, Cairo, Egypt

Date:
20 August 2016

Day Sessions:
1- Introduction to Injection Attacks (45 min) [By: Hassan Mohamed]
2- Advanced Techniques for Injection Attacks (45 min) [By: Fady Othman]
1- Injection Attacks Mitigations (45 min) [By: Ahmed Saafan]




OWASP Cairo Chapter in the CIT's Second Anual Cyber Security Event
CIT-OWASP.png

Event Presentations:
Hunting for the bad guys
Software Security Assurance

Registration Details:
The registration is not mandatory, please visit the event website for more details: http://cit-fei.org/en/Page/sc/security-conference
The Attendance will be free of charge without need for conference ticket,

These sessions are served in the way of First Come First Served. The room has a limitation of 100 persons only. If you are interested to attend please try to be there before the session start by a good amount of time.

Location:
Fairmont Hotel, Heliopolis, El Orouba Street, 11736, Cairo, EGYPT

Date:
Monday, May 30, 2016 at 7:00 PM
Tuesday, May 31, 2016 at 10:00 PM


Event Agenda:
Software Security Assurance
(By: Nadim Barsoum)

Implementing a software security assurance program can be a daunting task that can leave program managers and consultants equally overwhelmed. In this talk we discuss the main building blocks of a software security assurance program and suggest light-weight methods for jump-starting your program with a focus on assurance activities and their relating governance aspects.

BIO:

Nadim Barsoum is a senior software security consultant who has worked for 13 years in the software industry, focused on the IT compliance needs of governmental institutions, private sector enterprises and banks. Nadim has helped organisations around the globe to plan, resource and initiate their Software Security Assurance programs, enabling them to realize the full potential of a structured, measurable approach to risk management and mitigation. By drawing upon a vast set of experiences in a variety of industries and environments, he has custom-tailored programs to meet the specific needs of clients, ensuring they realise the optimum return on their investments.

Hunting for the bad guys
(By: Hassan Mourad)

Recently, a new breed of security solutions appeared in the market, Sandbox based Antimalware solutions, promissing to be the answer to advanced malware and APTs.

Yet, as always, there are ways to circumvent any control. In this presentation we will examin a new technique to bypass sandbox based solutions, allowing malware to avoid detection and giving it a free pass to your network.




OWASP Cairo Chapter in IEEE MSB Event 29-30 Aprl 2016
OWASP ieee Monofia 3.png

Location:
Moustafa Elnaggar Streat - Shebin Elkom، Monofia, EGYPT

Date:
Friday, April 29th, 2016 and
Saturday, April 30th, 2016
09:00 AM until 05:00 PM

OWASP Sessions:
1- Game Development (90 min)
2- Exploit Writing Fundamental (90 min)





Application security Training for ITI Cyber security students
Iti-egypt-logo-sm.jpg

Location:
ITI building - Smart Village، Giza, EGYPT

Date:
Wednesday, March 16th, 2016 and
Friday, March 18th, 2016

09:00 AM until 07:00 PM




OWASP Application security event in Ain Shams University [Event Postponed]
ASU logo.gif

Registration Details:
Will be opened soon,
It is free and we don't have limitation for the number of attendees

Location:
Ain Shams University Khalifa El-Maamon St، Cairo,‬ 11566 , EGYPT

Date:
Saturday, April 9th, 2016
10:00 AM until 02:00 PM

Event Agenda:
1- Introduction to application security and OWASP academic program (30 min)
2- OWASP top 10 in details (45 min)
3- OWASP AppSec Projects, how could students contributes and how to get support from Egyptian OWASP members (45 min)
4- Open Discussion panel

Detailed agenda will be updated soon




OWASP Cairo Chapter in Bluekaizen CSCamp 20 Sep. 2015
OWASP Egypt-Bluekaizen.png

Registration Details:
The Attendance will be free of charge without need for conference ticket,

These sessions are served in the way of First Come First Served. The room has a limitation of 50 persons only. If you are interested to attend please try to be there before the session start by a good amount of time.

Location:
Intercontinental City Stars, Al saraya Hall, Nasr City, Cairo, EGYPT

Date:
Saturday, September 20th, 2015
02:00 AM until 05:00 PM

Event Agenda:
Software Security Assurance
(By: Nadim Barsoum)

Implementing a software security assurance program can be a daunting task that can leave program managers and consultants equally overwhelmed. In this talk we discuss the main building blocks of a software security assurance program and suggest light-weight methods for jump-starting your program with a focus on assurance activities and their relating governance aspects.

Mobile Application Security
(By: Hassan Elhadary)

Nowadays web applications are being transformed into mobile applications allowing users to perform security critical functions such as money transfers and bill payments from their mobile devices. Newly added features on mobile applications expose new attack surface for hackers and thus increase the challenges for developers to defend their mobile applications. This talk will focus on latest techniques utilized by attackers to conduct security attacks on mobile applications. It will include real life stories and demos inspired from professional experience and research in bug bounty programs. Finally, recommendations will be outlined to help developers mitigate most common attacks affecting mobile applications.

Application Threat Modeling
(By: Mohamed Alfateh)

According to the US Computer Emergency Readiness Team (US-CERT), most successful cyber-attacks result from targeting and exploiting software vulnerabilities. Threat Modeling is a critical activity for identifying such vulnerabilities early in the development stages. In this talk, we will discuss application threat modeling process, how to perform threat modeling in systematic way and how to integrate threat modeling in your software development life-cycle.



OWASP Cairo Chapter Event (May 2015)
Logo OWASP Nile.png
LogoBKlogo.png

Registration Portal: Click Here

Meeting Agenda:

10:00 – 10:30 Registration
10:30 – 11:30 Standards of Information Security, Privacy and Governance in Enterprise Application Security
(By: Adel Abdel Moneim)
11:30 – 12:30 ZAP Project, New Release, New Features
(By: Mohamed Alfateh)
12:30 – 01:00 Break 01:00 – 02:00 HTML5 security
(By: Hassan Mohammed)
02:00 – 03:00 WAF Evasion Techniques and Thoughts of Secure Coding
(By: Ahmed Alaa)


Location:
Nile University Juhayna Square - Sheikh Zayed, Giza,

Date:
Saturday, May 9, 2015
10:00 AM until 3:30 PM

Chapter Facebook Page: https://www.facebook.com/OWASPCairo




OWASP Cairo Chapter in Bluekaizen CSCamp 2014
OWASP Egypt-Bluekaizen.png

Registration Details:
The Attendance will be free of charge without need for conference ticket,

These sessions are served in the way of First Come First Served. The room has a limitation of 50 persons only. If you are interested to attend please try to be there before the session start by a good amount of time.

Location:
Nile University, New Campus, Sheikh Zayed District, 6th of October, Giza, EGYPT

Date:
Saturday, November 29th, 2014
02:30 AM until 05:30 PM

Event Agenda:
Advanced XSS Filter Evasion and Post Exploitation
(By: Ahmed Saafan)
Hands-on Reverse Engineering Android Malware
(By: Anwar Mohamed)
Introduction to web crawling (build a smart web crawler)
(By: Ayman Mohamed)





Chapter Meeting (14 June 2014)
EBI-Partner.png

Registration Portal: Click Here

Meeting Agenda:

10:00 – 10:30 Registration
10:30 – 11:15 US AppSec Conference 2013 – Brief about some Interesting Topics
(By: Mostafa Siraj)
11:15 – 12:00 Sleeping your way out of the sandbox
(By: Hassan Mourad)
12:00 – 12:30 Pwning the skiddies using the anonymity weapon
(By: Ahmed Sultan)
12:30 – 01:15 HTML5 security
(By: Hassan Mohammed)
01:15 – 02:00 Break
02:00 – 02:45 Anti "Anti-Crawling" Techniques
(By: Ayman Mohammed)
02:45 – 03:30 Cloud Security Risks - Pain & Relief
(By: Moataz Abd El Khalek)
03:30 – 04:15 Mobile Application hacking and forensics
(By: Adel Abdel Moneim)


Location:
56 Gamaet El Dewal El Arabeya St - Al-Mohandiseen Building - In front of Moustafa mahmoud's mosque

Date:
Saturday, June 14th, 2014
10:00 AM until 4:00 PM

Chapter Facebook Page: https://www.facebook.com/OWASPCairo


Sessions Description


Pwning the skiddies using the anonymity weapon
Proxy services and vpn servers are used widely all over the world But , can you really depend on them as secure way to surf the WWW? We gonna demonstrate how the such services are invisibly used to take over thousands of PCs every single hour.

Sleeping your way out of the sandbox
Recently, a new breed of security solutions appeared in the market, Sandbox based Antimalware solutions, promising to be the answer to advanced malware and APTs.

Yet, as always, there are ways to circumvent any control. In this presentation we will examine a new technique to bypass sandbox based solutions, allowing malware to avoid detection and giving it a free pass to your network.

HTML5 security
HTML5 was specially designed to deliver rich content without the need for additional plugins. The current version delivers everything from animation to graphics, music to movies, and can also be used to build complicated web applications. Through introducing these new features new vulnerabilities are introduced as well.

This talk will give an introduction about HTML5 and its new features. Then will select a number of examples to demonstrate the positive, and negative impact of these features for web application security.


Event gifts sponsored by SecurityMeter and ZINAD



Chapter Strategic Meeting (6 May 2014)

This meeting will focus on preparing the chapter activities plan. (2 hours meeting with no educational sessions)
The meeting will be limited for Egyptian AppSec experts only
During this meeting, we will discus (in details) the chapter participation in the application security awareness program (determine the joined resources, selecting workshops materials ..... )

If anyone is interested, please contact the chapter leader Mohamed Alfateh



Event Logo.png

OWASP-Egypt Event (12 April 2014)

Event Presentations

Eg-CERT Cyber security Awareness Team [Ahmed Mashaly]
Living at 21 programmers’ st. Pitfalls in code review [Fady Othman]
OWASP SRDF Project [Anwar Mohamed]
Yahoo Zero Day Vulnerability - Code Point of View [Ebrahim Hegazy]
OWASP Lab Projects Overview [Ahmed Saafan]
OWASP Flagship Projects Overview [Hassan Elhadary]
OWASP Egypt Chapter - Introduction [Mohamed Alfateh]



This event will focus on introducing OWASP to our local community, organizing the chapter contribution and planning the 2014 chapter activities.
The event will be hold on the second Saturday of April (12/4/2014) at EBI (Egyptian Banking Institute)
Meeting Agenda

10:00 – 10: 30 OWASP Egypt Chapter - Introduction (By: Mohamed Alfateh)
10:30 – 11:00 Egypt Cert Application Security Awareness Program (By: Ahmed Mashaly)
11:00 – 11:30 US AppSec Conference 2013 – Brief about some Interesting Topics(By: Mostafa Siraj)
11:30 – 12:00 OWASP Security Research and Development Framework(By: Anwar Mohamed)
12:00 – 12:30 Break
12:30 – 01:00 Effective Bug Hunting for Open Source Applications (By: Fady Othman)
01:00 – 01:30 Yahoo Zero-Day Vulnerability - Code Point of View(By: Ibrahim Hegazy)
01:30 – 02:45 OWASP Projects - Overview(By: Ahmed Saafan, Hassan Alhadary and Mohamed Alfateh)
02:45 – 04:00 Panel Discussion: Information Security Challenges, from Individual Privacy to National Security. (Session moderator: Adel Abdel Moneim)





WELCOME MANSOURA!
As of 11 September 2011, there is now a new OWASP Chapter in Mansoura, Egypt. The chapter leader is Ahmed Neil. Click here to learn more about what is going on in Mansoura! OR Click here to view or subscribe to the Mansoura mailing list.


You can Download the OWASP LiveCD presentation HERE ( Presented @ OWASP - Alexandria Meeting and QCERT Event ) January 2009

Chapter Meetings

OWASP-Egypt Presents on the OWASP Live CD

Qatar,January 27th , OWASP Egypt Presented a live DEMO of the OWASP Live CD During the Qatar Chapter Meetings, More than 60 Copies of the Live CD were distributed to the delegates of Carnegie Mellon Qatar and Qatar University Press Release , A copy of the Presentation Can be Found HERE.


OWASP-Egypt Presents on the OWASP Initiatives

Alexandria,Egypt 12th of February 2009, OWASP Egypt presented (Introduction to OWASP Initiatives ) to the IT staff of 2 prominent Oil&Gas Companies


OWASP-Egypt Holds a Presentation in Qatar

Doha,Qatar 24th of February 2008 , OWASP-Egypt participated in a web security awareness session held in Qatar Sponsored by the country's national CERT team.

the delegates were briefed on OWASP and its objectives, the role OWASP-Egypt chapter is playing in promoting web security best practices in the local IT community and our personal experience on how Qatar can start its very own OWASP chapter.

With the amount of enthusiasm we felt we are expecting a new chapter in the region very soon !

Egypt OWASP Chapter Leaders

The Alexandria Chapter Leader is Tamer Elzayyat.

The Cairo chapter leader is Mohamed Alfateh.

The Mansoura chapter leader is Ahmed Neil.

The Sohag chapter leader position is open. Please visit the Volunteer Page to request a chapter restart.