This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Iran"

From OWASP
Jump to: navigation, search
(fixed right to left on persian text)
(OWASP JoomScan Project)
 
(41 intermediate revisions by 4 users not shown)
Line 1: Line 1:
 
= Chapter Information =
 
= Chapter Information =
{{Chapter Template|chaptername=Iran|extra=The chapter leader is [mailto:abbas.naderi@owasp.org Mr. Abbas Naderi].|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-iran|emailarchives=http://lists.owasp.org/pipermail/owasp-iran}}
+
{{Chapter Template|chaptername=Iran|extra=The chapter leaders are [mailto:[email protected].org Abbas Naderi], [mailto:Ali.Razmjoo@owasp.org Ali Ramjoo] and [mailto:Reza.[email protected] MohammadReza Espargham].|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-iran|emailarchives=http://lists.owasp.org/pipermail/owasp-iran}}
 
 
 
CAUTION: If you can not use the global OWASP donation/membership process, there's a separate process specific to Iranians. Check the [https://owasp.org/index.php/Iran#Membership Membership] tab.
 
  
 +
== Incoming Events ==
 +
OWASP Iran Chapter Meeting (Public Meeting) 2018 - (Details will be published soon)
  
 
=Membership=
 
=Membership=
This section is in Persian. If you're an Iranian but can not read Persian, contact the chapter leader.
+
== Sponsorship/Membership  ==
<div dir='rtl'>
 
فرآیند جدید عضویت در اواسپ بعد از ماه‌ها تلاش سرپرست بخش تصویب شد.
 
در فرآیند جدید، دو نوع عضویت وجود دارد:
 
  
== عضویت عادی ==
+
[[Image:Btn_donate_SM.gif|link=http://www.regonline.com/donation_1044369]] to this chapter or become a local chapter supporter.
از آنجایی که تحریم‌ها علیه ایران انتقال وجه از و به ایران را ممنوع ساخته است، و به دلیل بالا رفتن قیمت دلار آزاد در بازار، تخفیف ویژه گرفته شد و هزینه عضویت به جای ۵۰ دلار معمول در سال
 
به
 
'''تنها ۲۰ دلار در سال'''
 
کاهش یافت. برای پرداخت مبلغ و عضویت، می‌توانید مبلغ مورد نظر را به صورت دلاری به مسئول بخش تحویل داده و رسید بگیرید یا اینکه معادل ریالی آنرا به مسئول بخش تحویل دهید تا پرداخت را به صورت دلاری برای شما انجام دهد.
 
برای اطلاعات بیشتر با مسئول بخش تماس بگیرید.
 
  
== عضویت افتخاری ==
+
Or consider the value of [[Membership | Individual, Corporate, or Academic Supporter membership]]. Ready to become a member? [[Image:Join_Now_BlueIcon.JPG|75px|link=https://myowasp.force.com/]]
همچنین پس از رایزنی‌ها، امکان عضویت افتخاری نیز محیا شد. برای عضویت افتخاری، شما باید در فعالیت‌های بخش ایران (یا کل موسسه اواسپ)
 
همکاری نمایید و پس از اینکه میزان همکاری‌های شما به حد قابل قبولی رسید، مسئول بخش درخواست عضویت شما را به کمیته اصلی ارسال می‌کند و عضویت افتخاری شما تایید می‌شود.
 
  
  
== مزایای عضویت ==
 
با عضویت در اواسپ، نام شما در لیست اعضا درج می‌شود، امکان شرکت در انتخابات اواسپ را خواهید داشت، امکان شرکت در نظرسنجی‌های تاثیرگذار در استانداردها را خواهید داشت، از جدیدترین اخبار و دستاوردهای امنیتی بهره‌مند خواهید شد،
 
در اکثر کنفرانس‌های امنیتی می‌توانید با تخفیف شرکت کنید و علاوه بر همه اینها
 
'''یک ایمیل اختصاصی @owasp.org'''
 
به شما اختصاص می‌یابد.
 
تمام عضویت‌ها سالانه است.
 
 
</div>
 
 
= Chapter News =
 
= Chapter News =
  
==New Membership Process==
+
==Sponsorship/Membership==
 
After months of exhaustive work, a new membership approach is available for Iranians. Check the membership tab.
 
After months of exhaustive work, a new membership approach is available for Iranians. Check the membership tab.
  
Line 43: Line 24:
  
 
= Active Projects =
 
= Active Projects =
== OWASP ASVS Persian ==
+
== OWASP Nettacker ==
A draft version of OWASP ASVS in Persian is available on the [https://www.owasp.org/index.php/Category:OWASP_Application_Security_Verification_Standard_Project ASVS Download page] but needs review. Please contact chapter leadership to sign up.
+
'''[https://www.owasp.org/index.php/OWASP_Nettacker OWASP Nettacker]''' project is created to automate information gathering, vulnerability scanning and eventually generating a report for networks, including services, bugs, vulnerabilities, misconfigurations, and other information. This software will utilize TCP SYN, ACK, ICMP and many other protocols in order to detect and bypass Firewall/IDS/IPS devices. By leveraging a unique method in OWASP Nettacker for discovering protected services and devices such as SCADA. It would make a competitive edge compared to other scanner making it one of the bests.
 +
 
 +
== OWASP JoomScan Project ==
 +
'''[https://github.com/rezasp/joomscan OWASP JoomScan]''' (short for [Joom]la Vulnerability [Scan]ner) is an open source project, developed with the aim of automating the task of vulnerability detection and reliability assurance in Joomla CMS deployments. Implemented in Perl, this tool enables seamless and effortless scanning of Joomla installations, while leaving a minimal footprint with its lightweight and modular architecture. It not only detects known offensive vulnerabilities, but also is able to detect many misconfigurations and admin-level shortcomings that can be exploited by adversaries to compromise the system. Furthermore, OWASP JoomScan provides a user-friendly interface and compiles the final reports in both text and HTML formats for ease of use and minimization of reporting overheads. <br>
 +
OWASP JoomScan is included in Kali Linux distributions.
  
 +
== OWASP VBScan Project ==
  
 +
'''[https://www.owasp.org/index.php/OWASP_VBScan_Project OWASP VBScan]''' is an opensource project in Perl programming language to detect VBulletin CMS vulnerabilities and analyses them.
  
 +
== OWASP ZSC Project ==
 +
'''[https://www.owasp.org/index.php/OWASP_ZSC_Tool_Project OWASP ZSC]''' is an open source software in python language which lets you generate customized shellcodes and convert scripts to an obfuscated script.
  
 
= Past Events =
 
= Past Events =
'''the First National Web Application Security Conference'''
+
 
 +
=== OWASP Iran Chapter Meeting July 2018 ===
 +
OWASP Nettacker, OWASP JoomScan, OWASP VBScan, OWASP ZSC, OWASP Honeypot, OWASP PHP Security, OWASP WebgoatPHP, OWASP RBAC and etc presented in the small meeting, and we decided to organize a public meeting at the end of 2018.
 +
 
 +
=== OWASP Nettacker ICS Section will be presented in KasperSky Industrial Cybersecurity ===
 +
OWASP Nettacker ICS Section will be presented in KasperSky Industrial Cybersecurity: Opportunities and challenges in Digital Transformation 2018 by Mohammad Reza Zamiri
 +
( [https://github.com/zdresearch/OWASP-Nettacker/tree/master/lib/payload/scanner/ics_honeypot 1] )  ( [https://ics.kaspersky.com/conference/ 2] )
 +
 
 +
=== OWASP JoomScan at Blackhat Arsenal - USA 2018 ===
 +
OWASP JoomScan at OWASP Blackhat Arsenal - Las Vegas 2018.  This project will present on 8 August 10am to 11:20am by Mohammad Reza Espargham, Babak Amin Azad, Vahid Behzadan.
 +
( [https://www.blackhat.com/us-18/arsenal/schedule/index.html#owasp-joomscan-project-10824 1] )  ( [https://www.blackhat.com/us-18/arsenal.html#owasp-joomscan-project 2] )
 +
 
 +
 
 +
=== OWASP Nettacker in OWASP Bay Area meetup 2018 ===
 +
OWASP Nettacker Tutorial by at OWASP Bay Area meetup.  Thanks to Vahid Behzadan for the presentation and OWASP Bay Area for hosting and sponsoring us.
 +
( [https://www.youtube.com/watch?v=4pu4hJMk6m8 1] )
 +
 
 +
 
 +
=== OWASP JoomScan at Blackhat Arsenal - Asia 2018 ===
 +
OWASP JoomScan at OWASP Blackhat Arsenal - Singapore 2018.  Presented by Mohammad Reza Espargham, Esmaeil Rahimian. and Blackhat for hosting.
 +
( [http://lists.owasp.org/pipermail/owasp-leaders/2018-March/019076.html Experiences and Pictures] )  ( [https://www.blackhat.com/asia-18/arsenal.html#mohammad-reza-espargham 1] )  ( [https://www.blackhat.com/asia-18/arsenal/schedule/index.html#owasp-joomscan-project-9875 1] )
 +
 
 +
 
 +
=== OWASP Nettacker Accepted for Google Summer of Code 2018 ===
 +
( [https://www.owasp.org/index.php/GSOC2018_Ideas 1] )  ( [https://summerofcode.withgoogle.com/organizations/6664778743808000/ 2] ) <br>
 +
OWASP Nettacker Video Conference/Webinar for GSoC Team 1 May 2018 - Vahid Behzadan - ML/AI in CyberSecurity  ( [https://www.youtube.com/watch?v=7RQH8oECSyg 1] )
 +
 
 +
 
 +
=== OWASP Nettacker in OFFSECONF 2017 ===
 +
OWASP Nettacker was introduced in OFFSECONF 2017. ([https://groups.google.com/forum/#!topic/owasp-nettacker/3gscDww2sf4 Experiences and Pictures])
 +
 
 +
 
 +
=== OWASP VBScan in OFFSECONF 2017 ===
 +
OWASP VBScan presented in OFFSECONF 2017. Click [https://www.owasp.org/index.php/OWASP_VBScan_Project here] for additional information.
 +
 
 +
 
 +
=== OWASP ZSC in OFFSECONF 2016 ===
 +
OWASP ZSC project presented in OFFSECONF 2016 K. N. Toosi University of Technology in Tehran ([https://groups.google.com/forum/#!topic/owasp-zsc/t12M2fxn78k Experiences and Pictures])
 +
 
 +
 
 +
=== the First National Web Application Security Conference ===
 
[http://wasc.ir WASC.ir]
 
[http://wasc.ir WASC.ir]
 
April 2011, Shahid Beheshti University
 
April 2011, Shahid Beheshti University
Line 80: Line 109:
  
 
=== Software security vulnerabilities and defense ===
 
=== Software security vulnerabilities and defense ===
  seminar presented in YAZD University by Hamid kashfi (26 June 2008). ([http://strcpy.persiangig.com/Attacking_Software.ppt download link ])  
+
  seminar presented in YAZD University by Hamid kashfi (26 June 2008). ([http://strcpy.persiangig.com/Attacking_Software.ppt download link] )  
  
 +
= Volunteer Events =
 +
از کسانی که دوست دارند داوطلبانه پروژه های این بنیاد را ارائه دارند دعوت میشود، جهت هماهنگی به یکی از مدیران ایرانی پیغام دهند. متشکرم.
  
 +
*  '''[[http://bostandoust.ir/wp-content/uploads/2018/07/0853.pdf 1]] نشست امنیت نرم افزار های وب'''
 +
این نشست در دانشگاه فنی مهندسی شیراز با همکاری لاگ شیراز مورخ 4 تیر 97 تشکیل شد و آسیب پذیری های پی اچ پی توسط سعید بستان دوست ارائه گردیده.
  
 
= Resources =
 
= Resources =
Line 91: Line 124:
  
  
 
+
  <headertabs></headertabs>  
 
 
  <headertabs />  
 
  
 
[[Category:OWASP_Chapter]]
 
[[Category:OWASP_Chapter]]
 
[[Category:Middle East]]
 
[[Category:Middle East]]
 
[[Category:Asia/Pacific/Middle East]]
 
[[Category:Asia/Pacific/Middle East]]

Latest revision as of 22:51, 17 August 2018

OWASP Iran

Welcome to the Iran chapter homepage. The chapter leaders are Abbas Naderi, Ali Ramjoo and MohammadReza Espargham.


Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

Btn donate SM.gif to this chapter or become a local chapter supporter. Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG


Incoming Events

OWASP Iran Chapter Meeting (Public Meeting) 2018 - (Details will be published soon)

Sponsorship/Membership

Btn donate SM.gif to this chapter or become a local chapter supporter.

Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG


Sponsorship/Membership

After months of exhaustive work, a new membership approach is available for Iranians. Check the membership tab.

Chapter Meeting

The next chapter meeting would be in upcoming month. More information in the mailing list and here alter.


OWASP Nettacker

OWASP Nettacker project is created to automate information gathering, vulnerability scanning and eventually generating a report for networks, including services, bugs, vulnerabilities, misconfigurations, and other information. This software will utilize TCP SYN, ACK, ICMP and many other protocols in order to detect and bypass Firewall/IDS/IPS devices. By leveraging a unique method in OWASP Nettacker for discovering protected services and devices such as SCADA. It would make a competitive edge compared to other scanner making it one of the bests.

OWASP JoomScan Project

OWASP JoomScan (short for [Joom]la Vulnerability [Scan]ner) is an open source project, developed with the aim of automating the task of vulnerability detection and reliability assurance in Joomla CMS deployments. Implemented in Perl, this tool enables seamless and effortless scanning of Joomla installations, while leaving a minimal footprint with its lightweight and modular architecture. It not only detects known offensive vulnerabilities, but also is able to detect many misconfigurations and admin-level shortcomings that can be exploited by adversaries to compromise the system. Furthermore, OWASP JoomScan provides a user-friendly interface and compiles the final reports in both text and HTML formats for ease of use and minimization of reporting overheads.
OWASP JoomScan is included in Kali Linux distributions.

OWASP VBScan Project

OWASP VBScan is an opensource project in Perl programming language to detect VBulletin CMS vulnerabilities and analyses them.

OWASP ZSC Project

OWASP ZSC is an open source software in python language which lets you generate customized shellcodes and convert scripts to an obfuscated script.

OWASP Iran Chapter Meeting July 2018

OWASP Nettacker, OWASP JoomScan, OWASP VBScan, OWASP ZSC, OWASP Honeypot, OWASP PHP Security, OWASP WebgoatPHP, OWASP RBAC and etc presented in the small meeting, and we decided to organize a public meeting at the end of 2018.

OWASP Nettacker ICS Section will be presented in KasperSky Industrial Cybersecurity

OWASP Nettacker ICS Section will be presented in KasperSky Industrial Cybersecurity: Opportunities and challenges in Digital Transformation 2018 by Mohammad Reza Zamiri ( 1 ) ( 2 )

OWASP JoomScan at Blackhat Arsenal - USA 2018

OWASP JoomScan at OWASP Blackhat Arsenal - Las Vegas 2018. This project will present on 8 August 10am to 11:20am by Mohammad Reza Espargham, Babak Amin Azad, Vahid Behzadan. ( 1 ) ( 2 )


OWASP Nettacker in OWASP Bay Area meetup 2018

OWASP Nettacker Tutorial by at OWASP Bay Area meetup. Thanks to Vahid Behzadan for the presentation and OWASP Bay Area for hosting and sponsoring us. ( 1 )


OWASP JoomScan at Blackhat Arsenal - Asia 2018

OWASP JoomScan at OWASP Blackhat Arsenal - Singapore 2018. Presented by Mohammad Reza Espargham, Esmaeil Rahimian. and Blackhat for hosting. ( Experiences and Pictures ) ( 1 ) ( 1 )


OWASP Nettacker Accepted for Google Summer of Code 2018

( 1 ) ( 2 )
OWASP Nettacker Video Conference/Webinar for GSoC Team 1 May 2018 - Vahid Behzadan - ML/AI in CyberSecurity ( 1 )


OWASP Nettacker in OFFSECONF 2017

OWASP Nettacker was introduced in OFFSECONF 2017. (Experiences and Pictures)


OWASP VBScan in OFFSECONF 2017

OWASP VBScan presented in OFFSECONF 2017. Click here for additional information.


OWASP ZSC in OFFSECONF 2016

OWASP ZSC project presented in OFFSECONF 2016 K. N. Toosi University of Technology in Tehran (Experiences and Pictures)


the First National Web Application Security Conference

WASC.ir April 2011, Shahid Beheshti University


4th Intl. Digital Media Fair

Tehran, Great Mosalla of Imam Khomeini, October 7th-16th Two workshops by Abbas Naderi (aka) AbiusX :

  • Common Web Security for People (including Social Engineering issues)
  • Cryptography and Cryptanalysis

Both being held at October 9th


3rd Intl. Digital Media Fair

Tehran , Great Mosalla of Imam Khomeini, October 01st-8th

سومین نمایشگاه بین‌المللی رسانه‌های دیجیتال، ۸ الی ۱۵، مصلی امام خمینی

Two security related presentations by Abbas Naderi (aka AbiusX):

  • OWASP Top Ten in Persian for common web developers (2 Oct, 19-21 local time) (download link)
  • General Security and Privacy for the public (3 Oct, 19-21 local time) (download link)
(Powerpoint and OpenOffice slides would be uploaded asap.)
  • ۱۰ خطر اصلی در نرم افزارهای تحت وب - برای توسعه دهندگان وب
  • امنیت عمومی در وب، حفاظت از اطلاعات شخصی برای عموم مردم

Attendance is free of charge.


Software security vulnerabilities and defense

seminar presented in YAZD University by Hamid kashfi (26 June 2008). (download link ) 

از کسانی که دوست دارند داوطلبانه پروژه های این بنیاد را ارائه دارند دعوت میشود، جهت هماهنگی به یکی از مدیران ایرانی پیغام دهند. متشکرم.

  • [1] نشست امنیت نرم افزار های وب

این نشست در دانشگاه فنی مهندسی شیراز با همکاری لاگ شیراز مورخ 4 تیر 97 تشکیل شد و آسیب پذیری های پی اچ پی توسط سعید بستان دوست ارائه گردیده.

OWASP Top 10 Persian

(24/09/2009) Persian translation of OWASP TOP 10 Project is published by "Mitra Moosavi" and "Anahita Taheri". (download link)

لطفا پيشنهادات يا اصلاحات احتمالی را از طريق ايميل به تهيه کنندگان اين سند ارسال نماييد