This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Malaysia"

From OWASP
Jump to: navigation, search
(Community)
 
(353 intermediate revisions by 9 users not shown)
Line 1: Line 1:
{{Chapter Template|chaptername=Malaysia|leaderemail=dawud@myseq.com|leadername=Muhd Dawud|mailinglistsite=http://lists.sourceforge.net/lists/listinfo/owasp-malaysia/}}
+
{{Chapter Template|chaptername=Malaysia|extra=The chapter leader is [mailto:fazli@owasp.org Mohd Fazli Azran]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-Malaysia|emailarchives=http://lists.owasp.org/pipermail/owasp-Malaysia}}  
  
== Local News ==
+
<paypal>Malaysia</paypal>
 +
[[File:Owaspmy.jpg]]
  
'''OWASP Moves to MediaWiki Portal - 11:20, 20 May 2006 (EDT)'''
+
'''''OWASP Malaysia &amp; MySecurity Community'''''  
  
OWASP is pleased to announce the arrival of OWASP 2.0!
+
OWASP Malaysia Project now officially handle and organize by MySecurity Community. It was non-profit organization. We are pleasure and welcome to all Malaysian to join us and share the knowledge, skill, idea and related to make OWASP Malaysia Project are benefit to everybody. OWASP Malaysia Project as well are the pioneer project for Web Security Application and we tied with Malaysia Government Security Agency &amp; Organization to promote and give awareness to Malaysian specially to government,university and public. Any private sector want to contribute and sponsor are welcome.  
  
OWASP 2.0 utilizes the MediaWiki portal to manage and provide
+
[http://www.facebook.com/OWASP.Malaysia '''Join the local Malaysia chapter Facebook Page''']
the latest OWASP related information. Enjoy!
+
 
 +
[https://www.facebook.com/groups/owaspmy/ '''Join the local Malaysia Chapter Discussion Facebook Group''']
 +
 
 +
[http://www.twitter.com/owaspmy '''Follow our twitter OWASP Malaysia #owaspmy ''']
 +
 
 +
[http://http://www.linkedin.com/groups?mostPopular=&gid=3605996 '''OWASP Malaysia Linkedin Group''']
 +
 
 +
[https://telegram.me/joinchat/Cbi6Nzx6zuP9b1i7hCh9nA '''OWASP Malaysia Official Telegram Group''']
 +
 
 +
[https://spreadsheets.google.com/ccc?key=0AheZPLJPYa-_dEl4SXRkOTVmX2RFaXRyS1ZQTU9aaHc&hl=en '''OWASP Malaysia Meetup Planning Schedule''']
 +
 
 +
OWASP Malaysia Translation Project ([http://www.owasp.my OMTP]) We need any volunteer for our translation project from English - Malay Please free to contact any of our BOM for update the Project
 +
 
 +
OWASP Malaysia Slack - [http://owaspmy.slack.com '''OWASP Malaysia Slack '''] Interest to join Please [mailto:[email protected] Email] us your legitimate email for registration
 +
 
 +
'''NOTE: OWASP now promote for who want to become Official Members for Malaysia Chapter. You can get special rate and discount and get email @owasp.org with 25GB space. Please register at here as individual([https://www.owasp.org/index.php/Membership Memberships]) and to see the example how to ([http://blog.e1.my/2011/07/owasp-malaysia-membership-promotion.html REGISTER]) OWASP Memberships'''
 +
 
 +
__NOTOC__
 +
 
 +
=News=
 +
For all new members and existing member please free to contribute to OWASP Malaysia Chapter and if you are commitment to help OWASP Malaysia please subscribe OWASP Membership for individual. For Corporate sponsor OWASP Malaysia please contact OWASP Admin.
 +
 
 +
We are welcome to join our conversation. If any query don't hesitate to contact [mailto:[email protected] OWASP Admin]. Everyone is welcome to join us at our chapter meetings.
 +
 
 +
Related Security Events for this years.
 +
==2018==
 +
=== NanoSec Conference 2018 ([https://www.nanosec.asia NanoSec2018]) 10 October 2018 ===
 +
 
 +
==2017==
 +
===  Durian Conference 2016 ([http://durian.ml/ Durian Conference]) 8 April 2017    ===
 +
===  Malaysia Open Source Conference 2017 ([http://www.mosc.my/ MOSC2017]) 17 - 18 May 2017  ===
 +
 
 +
==2016==
 +
===  OWASP DAY KL 2016 ([https://www.owasp.org/index.php/OWASP_Day_KL_2016 OWASPKL2016]) 15 - 17 November 2016    ===
 +
===  Black Hat Asia 2016 ([https://www.blackhat.com/asia-16/ BHAsia2016]) 29 March - 1 April 2016    ===
 +
===  MOSCMY 2016 ([https://www.mosc.my MOSCMY2016]) 25 - 27 May 2016  ===
 +
 
 +
==2015==
 +
===  Black Hat Asia 2015 ([https://www.blackhat.com/asia-15/ BHAsia2015]) 24-27 March 2015    ===
 +
===  Info Security Malaysia Conference 2015 ([http://www.questexevent.com/InfoSecurityConference/2015kl/ InfoSec2015]) 12 August 2015    ===
 +
===  International Conference On Library  2015 ([http://library.eng.usm.my/icol2015/ ICOL2015)] 25-26 August 2015  ===
 +
 
 +
==2014==
 +
===  OWASP AppSec AsiaPac 2014 ([https://appsecapac.org/2014/ AppSecAsiaPac2014]) 17-20 March 2014    ===
 +
===    Info Security Malaysia Conference 2014 ([http://www.questexevent.com/InfoSecurityConference/2014KL/ InfoSec2014]) 12 August 2014    ===
 +
===  Malaysia Open Source Conference 2014 ([http://www.mosc.my MOSC2014]) 24-25 September 2014    ===
 +
===  Hack In The Box 2014 ([http://conference.hitb.org/hitbsecconf2014kul/ HITBSecConf2014]) 13-16 October 2014    ===
 +
===  OWASP Asia Tour 2014 ([https://www.owasp.org/index.php/AsiaTour2014#tab=Kuala_Lumpur Asia Tour 2014]) 4 November 2014  ===
 +
 
 +
==2013==
 +
===  OWASP AppSec AsiaPac 2013 ([https://www.owasp.org/index.php/AppSecAsiaPac2013 AppSecAsiaPac2013]) 19-22 February 2013    ===
 +
===  ZebraCon 2013 ([http://zebra-con.com/home/ ZebraCon2013]) 27-28 August 2013    ===
 +
===  Malaysia Open Source Conference 2013 ([http://www.mosc.my MOSC2013]) 10-11 September 2013    ===
 +
===  HITBSecConf 2013 ([http://http://conference.hitb.org/hitbsecconf2013kul/ HITBSecConf2013]) 14-17 October 2013 ===
 +
 +
==2012==
 +
===  OWASP Global AppSec AsiaPac 2012 ([https://www.owasp.org/index.php/AppSecAsiaPac2012 AppSecAsiaPac2012])11-14 April 2012  ===
 +
===  FUDCon AsiaPac KL 2012 ([http://fedoraproject.org/wiki/FUDCon:KualaLumpur_2012 FUDConKL2012]) 18-20 May 2012  ===
 +
===  EPF ISSS Quarterly Services Status Meeting and Technology Presentation Update 14 June 2012 (Closed Invitation)  ===
 +
===  Cyber Security, Cyber Warfare and Digital Forencis ([http://www.sdiwc.net/CyberSec2012/page.php?id=2 CyberSec12]) 26-28 June 2012  ===
 +
===  Malaysia Open Source Conference 2012 ([http://www.mosc.my MOSC2012])8-10 July 2012  ===
 +
===  Hack In The Box ([http://conference.hackinthebox.org/hitbsecconf2012kul/ HITBSecConf2012]) 8-11 October 2012  ===
 +
===  Hacker Halted AsiaPac 2012 ([http://http://hackerhaltedapac.org/apac/ HHAPAC2012])19-22 November 2012===
 +
 
 +
==2011==
 +
===KL GreenHAT Challange 2011 ([http://www.greenhat.my KLGHC 2011]) 9-10 February 2011  ===
 +
===OWASP Summit 2011 ([http://www.owasp.org/index.php/Summit_2011 OWASP Summit 2011]) 8-11 February 2011  ===
 +
===Counter eCrime Operation Summit V 2011 ([http://www.antiphishing.org/events/2011_opSummit.html CECOSv 2011]) 27-29 April 2011  ===
 +
===Info Security Conference 2011 ([http://infosecurity.questexevents.net INFOSEC 2011]) 12 May 2011  ===
 +
===Malaysia Open Source Conference 2011 ([http://www.mosc.my MOSC2011]) 3-5 July 2011    ===
 +
===OWASP Day KL 2011 ([http://www.owasp.org/index.php/OWASP_Day_KL_2011 OWASP Day KL 2011]) 20-21 September 2011  ===
 +
===Hack In The Box ([http://conference.hackinthebox.org/hitbsecconf2011kul/ HITBSecConf2011]) 10-13 October 2011  ===
 +
===Security Black Belt Day 2011 ([http://www.microsoft.com/malaysia/techdays/default.aspx SBBD2011]) 3 November 2011  ===
 +
===Mozilla AsiaCamp 2011 ([https://wiki.mozilla.org/AsiaCamp2011 MozCamp Asia 2011]) 18-20 November 2011  ===
 +
===Hacker Halted APAC ([http://www.hackerhaltedapac.org HHAPAC2011]) 15-17 November 2011  ===
 +
===Malaysia Government Open Source Conference 2011 ([http://mygosscon.oscc.org.my/2011/ MyGOSSCON2011]) 29-30 November 2011  ===
 +
===Computer Security Day 2011 ([http://goo.gl/hjD5c CSD2011]) 30 November 2011===
 +
 
 +
==2010==
 +
===Malaysia Open Source Conference 2010 ([http://conf.oss.my MOSC2010]) 29/30 June - 1 July 2010  ===
 +
===Advanced Identify Management &amp; Security 2010 ([http://iconiq.com.sg/advanced-identity-management-and-security-2010/ AIMS 2010]) 20-21 September 2010 ===
 +
===Next Generation Broadband Wireless Architecture Masterclass ([http://www.unistrategic.com/index.php?option=com_eventlist&Itemid=4&func=details&did=511 NGBWAM 2010]) 28-29 September 2010 ===
 +
===Gartner Security Local Briefing 2010 ([https://www.eiseverywhere.com/ehome/index.php?eventid=12143&tabid=12829& GartnerSec 2010]) 15 July 2010 ===
 +
===Hack In The Box 2010 ([https://conference.hackinthebox.org/hitbsecconf2010kul/ HITBSecconf 2010]) - 4-14 October 2010 ===
 +
===OSS Day KPM 2010 ([http://www.moe.gov.my/ossday2010/ OSS KPM 2010]) - 12-13 October 2010 ===
 +
===KL Green Hat 2010 ([http://www.unikl.edu.my KLGH 2010]) - 19-20 October 2010 ===
 +
===CyberSecurity Malaysia Conference &amp; Exhibition 2010 ([http://www.cybersecurity.my/en/events/2010/main/detail/1837/index.html CSMCE 2010])- 25-28 October 2010 ===
 +
===Malaysia Government Open Source Conference 2010 ([http://mygosscon.oscc.org.my/2010/ MyGOSSCON 2010])2-3 November 2010  ===
 +
===Hacker Halted Asia Pacific 2010 ([http://hackerhaltedapac.org/HH/ HHAPAC2010])- 9-11 November 2010    ===
 +
===AMDI-USM OSS Day ([http://www.mosc.my/events/amdi-usm-oss-day AMDIOSS]) 23 December 2010===
 +
 
 +
=Webinar=
 +
==2012==
 +
===[http://www.aujas.com/webinar/ Secure Mobile App Development: Differences from Traditional Approach] - 31 January 2012 10.00p.m PST=== 
 +
===[https://imperva.webex.com/cmp0306ld/webcomponents/widget/detect.do?siteurl=imperva&LID=1&RID=2&TID=11&rnd=4722116800&DT=480&DL=en-GB&isDetected=true&backUrl=%2Fmw0306ld%2Fmywebex%2Fdefault.do%3Fnomenu%3Dtrue%26siteurl%3Dimperva%26service%3D6%26rnd%3D0.9596241132700924%26main_url%3Dhttps%253A%252F%252Fimperva.webex.com%252Fec0605ld%252Feventcenter%252Fevent%252FeventAction.do%253FtheAction%253Ddetail%2526confViewID%253D874774068%2526%2526%2526%2526siteurl%253Dimperva Automated Hacking Tools - Meet the New Rock Stars in the Cyber Underground]  27 June 2012 9.00a.m GMT===
 +
 
 +
=Board Of Members=
 +
'''Chapter Leader''' - [mailto:fazli(at)owasp.my Mohd Fazli Azran]
 +
 
 +
<br> '''Board Of Members 2010'''
 +
 
 +
*'''University Representative''' - [mailto:nurhizam.safie(at)aeu.edu.my Dr. Nurhizam Safie] ([http://www.aeu.edu.my Asia eUniversity])
 +
*'''Government Representative''' - [mailto:naim.ibrahim(at)moha.gov.my Mohd Naim Mohd Ibrahim] ([http://www.moha.gov.my Ministry Of Home Affairs])
 +
*'''Community Representative''' - [mailto:noc(at)ipx.noc.net.my Wan Adnan Wan Jaafar] ([http://unixman.noc.net.my NOC IPX])
 +
*'''Private Sector Representative''' - [mailto:shahriman(at)scan-associates.net Muhammad Shahriman Samsudin]([http://www.scan-associates.net Scan Associates])
 +
*'''Sec. Professional Representative''' - [mailto:adli(at)cybersecurity.my Adli Wahid] ([http://www.mycert.org.my MyCERT CyberSecurity])
 +
 
 +
'''Advisor''' - [mailto:amir(at)mysecurity.my Amir Haris] ([http://www.domainregistry.my MyNIC Berhad])
 +
 
 +
'''Observer''' - [mailto:info(at)mysecurity.my MySecurity Community] ([http://www.mysecurity.my MySecurity])
 +
<br>
 +
 
 +
=Meeting Chapter=
 +
 
 +
==1st OWASP Meetup 2018==
 +
OWASP Malaysia is Open Web Application Security Project for Malaysia Chapter. We like to share and discuss about security. Feel to join and participate as community. This is Open Source Project by OWASP Foundation.
 +
 
 +
*Topic : 1st OWASP Malaysia Meetup 2018
 +
*Date : 5 April 2018 (Thursday)
 +
*Time : 8.00a.m - 2.00p.m
 +
*Venue : Hall Level 7, CyberSecurity Malaysia
 +
[[File:csm1.jpg|100x50px]][[File:mycert.jpg|100x50px]]
 +
*Event Program:
 +
 
 +
8.00a.m - 8.45a.m&nbsp; - Arrival Participant & Registration
 +
8.45a.m - 9.00a.m&nbsp; - CEO,CTO & SVP Arrival
 +
9.00a.m - 9.05a.m&nbsp; - Negaraku
 +
9.05a.m - 9.10a.m&nbsp; - Doa recitation
 +
9.10a.m - 9.15a.m&nbsp; - Speech by OWASP Malaysia Chapter Leader
 +
9.15a.m - 9.20a.m&nbsp; - Keynote Speech by CEO CSM
 +
9.20a.m - 9.30a.m&nbsp; - Refreshment
 +
9.30a.m - 10.05a.m&nbsp; - Speech By Kamarul Baharin - Mobile Apps Analysis (My Experience)
 +
10.05a.m - 10.40a.m&nbsp; - Speech By Adnan Shukor - Traffic Distribution System
 +
10.40a.m - 11.15p.m&nbsp; - Speech By Ahmad Ramadhan - Responsible Disclosure
 +
11.15a.m - 11.50p.m&nbsp; - Speech By Mr. Khairul Nadzmi - rawSEC: Empowering Local Security Community
 +
11.50p.m - 2.00p.m&nbsp; - Lunch Sponsor by CSM & Network Session
 +
 
 +
==OWASP Meetup Q2 2017==
 +
OWASP Malaysia is Open Web Application Security Project for Malaysia Chapter. We like to share and discuss about security. Feel to join and participate as community. This is Open Source Project by OWASP Foundation.
 +
 
 +
*Topic : OWASP Malaysia Meetup Q2 2017
 +
*Date : 18 July 2017 (Tuesday)
 +
*Time : 8.00a.m - 2.00p.m
 +
*Venue : Auditorium Hall, Microsoft Malaysia, Level 26, Petronas Tower 3, KLCC
 +
[[File:microsoft.jpg|228x228px]]
 +
*Event Program:
 +
 
 +
8.00a.m - 9.00a.m&nbsp; - Arrival Participant
 +
9.00a.m - 9.10a.m&nbsp; - Official Launch & Opening Speech by Microsoft Malaysia
 +
9.10a.m - 9.20a.m&nbsp; - Speech by OWASP Malaysia Chapter Leader
 +
9.20a.m - 9.35a.m&nbsp; - Keynote Speech by Datuk Wira Dr. Abu Bakar Mohamad Diah
 +
9.35a.m - 10.00a.m&nbsp; - Breakfast
 +
10.00a.m - 10.35a.m&nbsp; - Speech By Sanjay WS - The Security Problem & The Security Solution
 +
10.35a.m - 11.10a.m&nbsp; - Speech By Walter Wong - Consumer Security Impact with Cloud and Machine Learning
 +
11.10a.m - 11.45p.m&nbsp; - Speech By Razwan Mokhtar - Dealing with HealthCare Internet of Things security
 +
11.45a.m - 12.20p.m&nbsp; - Speech By Hasnan Hasim - Introduction Rimau WAF
 +
12.20p.m - 1.00p.m&nbsp; - Speech By Sina Manavi- Cyber-Crime as a Service and Quick Win Strategy to Tackle Them
 +
1.00p.m - 2.00p.m&nbsp; - Pre Lunch by Microsoft
 +
 
 +
*Topic - The Security Problem and The Security Solution
 +
Sanjay WS is a CTO of Astiotech Sdn Bhd and MVP Entreprise Security. In this session, I would like to share the security problems that are still plaguing Windows users until we see a worldwide pandemic security fear recently on ransomware. We walkthrough the historical security journey of Windows users and what Microsoft has done to address them. In Windows 10, Microsoft claims to have a silver bullet approach alongside other security primers in Windows 10, will it make the cut? You decide. I also hope to present a custom compromise in Windows that can easily be exploited in any version of Windows and let’s turn on this security solution and see if it survives.
 +
 
 +
[[File:jayws.jpg|165x165px]]
 +
 
 +
*Topic - Rimau WAF
 +
Hasnan Hasim holds a bachelor's degree in computer science (information technology) form ukm. With more than 15 years of experience handling Linux server and security device such as firewall, ips, ida and snort rules, ICT operations, training And system development In government sector. Main programming language using php, Java script. His presentation will show next generation WAF using mod_security with modern web UI for easy management.
 +
 
 +
[[File:Nan.jpg|165x165px]]
 +
 
 +
*Topic - Consumer Security Impact with Cloud and Machine Learning
 +
Walter Wong is a technical lead in Gain Secure, a Malaysian-based company. The company specialized for providing secure application development and user experience (UX) consultation services to customers. Walter is a Microsoft MVP for developer security and Microsoft Azure. Research on application development security is Walter's personal interest. He also successfully discovered many websites vulnerabilities including some high traffic websites over the past few years. Walter often speaks at technical conferences such as Visual Studio 2010 Launch, TechEd SEA, Security Symposium, TechNet/MSDN, Tech Insights and more. Hosting the application in the cloud infrastructure does not guaranty your application and data security by default. It’s developer responsibility to ensure the application developed, configured and hosted is secure by default. Come and join Walter in his demo packed rollercoaster ride to understand more about Microsoft Azure security features. If you looking forward for a demo how to break the application hosted in Azure, this is the session you don’t want to miss.
 +
 
 +
[[File:Walter.jpg|165x165px]]
 +
 
 +
*Topic - Cyber-Crime as a Service and Quick Win Strategy to Tackle Them
 +
Sina is an Iranian Senior Information Security Consultant working in banking industry as a CISO advisor helping the banks to design, develop and implement IT Security Blueprint, Project Monitoring, Risk and Compliances, Threatlandscape analysis. He has over 8 years expericen in IT Security area from Application Security, Secure Coding, Vulnerability Management and Penetration Testing in Mobile and  Web Applications, SAP systems and Network. He has also experience in Security Posture assessment, Risk and Compliances and regulations in financial industry.
 +
 
 +
[[File:Sina2.jpg|286x286px]]
 +
 
 +
*Topic - Dealing with HealthCare Internet of Things security
 +
Razwan Mokhtar is a system consultant and overseas system engineer for iDataMap Corporation from Adelaide, Australia. The company is developing new products to bridge the gap in personal health care communications, it’s stored encrypted patient data for ready access by clinicians and is especially useful for DICOM images.
 +
For the last 4 years he is very active integrating medical devices & internet of things in hospitals around Asia.
 +
Previously in Malaysia, Razwan Mokhtar was experience in the malware analysts focusing in botnet, development, implementation and management of complex Information Security for Department of Defense, Royal Malaysia Police, Royal Malaysian Navy and International Banks.
 +
 
 +
[[File:wansen.jpg|165x165px]]
 +
 
 +
Registration are now open for all. Please download the apps name "OWASP Malaysia Meetup 2017" from Play Store (Android) & App Store (iOS) Please bear in mind this meetup have limited seat only 100ppl. Please register now to book your seat.
 +
 
 +
==OWASP Meetup Q3 2016==
 +
 
 +
OWASP Malaysia is Open Web Application Security Project for Malaysia Chapter. We like to share and discuss about security. Feel to join and participate as community. This is Open Source Project by OWASP Foundation. 
 +
 
 +
*Topic : OWASP Malaysia Meetup Q3 2016
 +
*Date : 22 September 2016 (Thursday)
 +
*Time : 8.00a.m - 2.00p.m
 +
*Venue : Hall Level 7, CyberSecurity Malaysia
 +
[[File:csm1.jpg|100x50px]][[File:mycert.jpg|100x50px]]
 +
*Event Program:
 +
 
 +
8.00a.m - 9.00a.m&nbsp; - Arrival Participant
 +
9.00a.m - 9.10a.m&nbsp; - Official Launch & Opening Speech by CEO CyberSecurity Malaysia
 +
9.10a.m - 9.20a.m&nbsp; - Speech by OWASP Malaysia Chapter Leader
 +
9.20a.m - 10.00a.m&nbsp; - Breakfast
 +
10.00a.m - 10.35a.m&nbsp; - Speech By Melvin Lim (Infoblox) - Data Exfiltration over DNS
 +
10.35a.m - 11.10a.m&nbsp; - Speech By Mohamed Fadzlee Sulaiman (CSM) - CyberDEF: Uncovering Future Threats
 +
11.10a.m - 11.45p.m&nbsp; - Speech By Ahmad Ashraff bin Ahmad (ISC) - Security Through Obscurity : Good or Bad?
 +
11.45a.m - 12.20p.m&nbsp; - Speech By Azril Rahim (ISC) - A Practical Low Cost Cyber Threat Intelligence for SME
 +
12.20p.m - 1.00p.m&nbsp; - Speech by Jay Chow (Rapid7) - Application Assessment for the Modern World
 +
1.00p.m - 2.00p.m&nbsp; - Pre Lunch by CSM
 +
 
 +
*Topic - Security Through Obscurity : Good or Bad?
 +
Ahmad Ashraff bin Ahmad will share on his 6 years experience conducting penetration testing and bug bounty hunting related to the 'Security Through Obscurity'. Is it the right choice to depend on security appliance? Is it bad to leave the code vulnerable while being protected by these 'obscurity'? What's the impact to the community?. Ahmad Ashraff was a chemical engineering student from UTP. Choose to be in the ITsec because of his believe in 'following your passion' will lead to the right path. 6 years as a pentester. Have been with multiple security companies to learn the strong,weakness,gaps that is currently missing in ITsec MY. Active in bug bounty, 1st place in Malaysia. 1st place in Bugcrowd.Currently working as a IT Security Specialist.
 +
 
 +
[[File:ahmadashraff.jpg]]
 +
 
 +
 
 +
*Topic - Data Exfiltration over DNS
 +
Started off as Solutions Specialist, Melvin carries with him over 13 years of security focus experiences working with leading companies like Bluecoat, McAfee, Akamai and Infoblox. With cyber defense always at the the top of his mind, he provided threat briefing, network security assessment workshops for many organisations in ASEAN, reviewed their network security posture for vulnerabilities, . In a few occasions, Melvin was called back by the organization when the security gaps he highlighted were subsequently exploited by the attackers. In Infoblox, Melvin focuses on data leakage over DNS, defense in depth against DNS DDoS and exploits, which are some of the least addressed security gaps in many organizations today.
 +
 
 +
[[File:melvinlim.jpg]]
 +
 
 +
 
 +
*Topic - Application Assessment for the Modern World
 +
 
 +
Jay Chow brings with him more than 10 years of experience in the areas of network and security consulting, implementation, and support. Jay Chow has been on the ground designing, consulting and leading several key government and MNC security projects. Bearing deep practical and strong technical understanding on various security technologies in the market, Jay has been a valuable resource in providing security insights. In his role with Rapid7, Jay focuses on assisting mid-to-large enterprises engineer better security across the South Asia region by visualizing, contextualizing and extracting more insights on their current risk and security exposure.
 +
 
 +
[[File:jaychow.jpg]]
 +
 
 +
*Topic - A Practical Low Cost Cyber Threat Intelligence for SME
 +
 
 +
Azril Rahim is a passionate cyber security expert with over 13 years of experiance. He is also an advocate for open source software where he also developed codes for computer security as well network and general purpose tools. His interest on computer security focuses on vulnerability assessment, pen-test, computer and network forensics, cyber threats intelligence, PKI and secure communication & network programming. He is also has won several awards from the Malaysian government for his work contribution in computer security. He is also hold several international certifications in computer security. Most of his cyber security work are proven hands on and validated via research papers, written & presented technical presentations, hands on work and also computer codes codings. More information about Azril work on computer security & programming can be obtain at his website at http://azrilrahim.site88.net
 +
 
 +
[[File:azril1.jpg]]
 +
 
 +
Mohamed Fadzlee Bin Sulaiman is currently leading CyberDEF unit under Digital Forensics Department, CyberSecurity Malaysia. Eight years of experience in digital forensics has emphasized his credibility in solving criminal
 +
and civil cases in major fields including Computer Forensics, Network Forensics, Mobile Phone and Video Forensics. With CyberDEF he has been assisting organization and corporate companies by providing comprehensive cyber security solution especially for Critical National Information Infrastructure (CNII) sectors. Based on the prosecution necessity, he has also experienced as an expert witness to provide testimonial for various cases in court. To date, Mr. Fadzlee has conducted and handled analysis for more than hundred digital forensic cases including hacking, financial crimes, harassment, seditious,bribery, IP theft and etc. Occasionally, he is invited as a speaker and trainer at Government Linked Companies (GLC), local and foreign Law Enforcement Agencies.
 +
 
 +
[[File:fadzlee.jpg]]
 +
 
 +
==OWASP Meetup Q3 2015==
 +
 
 +
OWASP Malaysia is Open Web Application Security Project for Malaysia Chapter. We like to share and discuss about security. Feel to join and participate as community. This is Open Source Project by OWASP Foundation. 
 +
 
 +
*Topic : OWASP Malaysia Meetup Q3 2015
 +
*Date : 14 September 2015 (Monday)
 +
*Time : 9.00a.m - 2.00p.m
 +
*Venue : Banquet Hall, Level 29, UniKL MIIT, Jln Sultan Ismail, KL
 +
[[File:unikl.jpg|100x50px]]
 +
*Event Program:
 +
 
 +
9.00a.m - 10.00a.m&nbsp; - Arrival Participant
 +
10.00a.m - 10.10a.m&nbsp; - Official Launch & Opening Speech by
 +
10.10a.m - 10.20a.m&nbsp; - Speech by OWASP Malaysia Chapter Leader
 +
10.20a.m - 10.30a.m&nbsp; - Breakfast
 +
10.30a.m - 11.05a.m&nbsp; - Speech By  Adnan Mohd Shukor (BlueCoat) - Attacker Toolkit and Strategic Web Compromise
 +
11.05a.m - 11.40a.m&nbsp; - Speech By Sina Manavi (Kaapagam Technologies) -
 +
11.40a.m - 12.15p.m&nbsp; - Speech By Farhan Faisal - Network Threat Visibility
 +
12.15p.m - 1.00p.m&nbsp; - Speech By Adli Wahid (APNIC) -  Establishing Security Response Capabilities
 +
1.00p.m - 2.00p.m&nbsp; - Social Network (Refreshment)
 +
 
 +
*Topic - Attacker Toolkit and Strategic Web Compromise
 +
Adnan Mohd Shukor or (@xanda) is a Threat Analyst at BlueCoat System. He detects, analyzes, and blocks web threats and one of his areas of expertise is in exploit kit detection. He also contributed codes and patches to several open source projects and communities before, and most of them are in IT security related projects. Prior to joining BlueCoat System, he was the Senior Analyst at Malaysia CERT, CyberSecurity Malaysia
 +
 
 +
[[Image:adnanshukor.jpg|300x200px]]
 +
 
 +
*Topic -
 +
Sina Manavi s a security enthusiast interested in penetration testing and digital forensics investgation. He has a master`s degree in computer science in the field of digital forensic investigation, and also certificate holder of CEH and CHFL. He has conducted many security talks and practical workshops and training on web/network/mobole penetration testing in Malaysia. His main interest is in mobile app penetration testing. He started his IT career as a software and database developer, and later joined the software database designing field. Currently, he works as professional trainer and information security consultant for Kaapagam Technologies Sdn Bhd in Malaysia.
 +
 
 +
[[Image:sinamanavi.jpg|300x200px]]
 +
 
 +
*Topic - Network Threat Visibility
 +
Farhan Faisal He started his way in system administration, exposed to the real threats every day,gaining real experience from live system. Got GPEN, CCNA, and work experience in MyCERT allows him to work on real customer's network and various environment. He have done Network Forensic, Incident Management, Penetration Testing, and Security Monitoring for various organization and government agencies. He runs his company Scan Insight Sdn Bhd, and right now building External Threat Monitoring
 +
 
 +
[[Image:farhanfaisal.jpg|300x200px]]
 +
 
 +
*Topic - Establishing Security Response Capabilities
 +
Adli Wahid (@adliwahid) is a Security Specialist at the Asia Pacific Network Information Centre (APNIC) in Brisbane, Australia. He does a lot of engagement with network operators, CERTs/CSIRTs, Law Enforcement and Inter-Government Agencies. He is also a member on the Board of Directors of the Forum of Incident Response and Security Teams (FIRST). Prior to joining APNIC he was the Head of Malaysia CERT at CyberSecurity Malaysia and a member of MUFG-CERT (Bank of Tokyo-Mitsubishi UFJ) You can read some of his activities at APNIC’s blog https://blog.apnic.net/
 +
 
 +
[[Image:adliwahid.jpg|300x200px]]
 +
 
 +
==OWASP Meetup Q2 2015==
 +
 
 +
OWASP Malaysia is Open Web Application Security Project for Malaysia Chapter. We like to share and discuss about security. Feel to join and participate as community. This is Open Source Project by OWASP Foundation. 
 +
 
 +
*Topic : OWASP Malaysia Meetup Q2 2015
 +
*Date : 12 June 2015 (Friday)
 +
*Time : 8.00a.m - 2.00p.m
 +
*Venue : Theater Room, Level 7, CyberSecurity Malaysia, Seri Kembangan, Selangor
 +
[[File:csm1.jpg|100x50px]][[File:mycert.jpg|100x50px]]
 +
*Event Program:
 +
 
 +
8.30a.m - 9.00a.m&nbsp; - Arrival Participant
 +
9.00a.m - 9.10a.m&nbsp; - Official Launch & Opening Speech by Dr. Amirudin Abdul Wahab CEO CyberSecurity Malaysia (CSM)
 +
9.10a.m - 9.20a.m&nbsp; - Speech by OWASP Malaysia Chapter Leader
 +
9.20.a.m - 9.50a.m&nbsp; - Speech By Fatah Al-Farihin (CSM) - Zero day malware detection/prevention using open source software - Proof of Concept
 +
9.50a.m - 10.20a.m&nbsp; - Speech By Dick Bussiere (Tenable Security)- The increasing importance of Continuous Network Monitoring in today’s Cyberworld
 +
10.20a.m - 10.35a.m&nbsp; - Rest
 +
10.35a.m - 11.05a.m&nbsp; - Talk by Walter Wong (GainSecure) - Security Awareness for .Net Developers
 +
11.05a.m - 11.45a.m&nbsp; - Speech by Azril Aari (Infoblox) - Advance Financial Malware: GameOver Zeus - The art of espionage, data ex-filtration and network disruption
 +
11.45a.m - 12.15a.m&nbsp; - Speech By Ken Too (Vectra Network) - An Analysis of Recent Cyber Attacks
 +
12.15p.m - 2.00p.m&nbsp; - Social Network (Friday Pray)
 +
 
 +
Abstract: Zero day malware detection/prevention using open source software - Proof of Concept
 +
Today, as computer attacks tend to be malware-centric, the cyber criminals have introduced sophistication in their attack techniques that makes the traditional way of protecting the enterprise with firewalls, intrusion detection systems and antivirus software at the network perimeter ineffective. While maintaining Honeypot technology to collect malware information from the Internet & internal organizations, we would like to present a proof on concept on mitigating zero day malware using several combination of open source projects involving malware collection from network traffic, ssl interception, sandboxing. evading anti-vm, network ids/ips, process flow, etc. From the idea, we are welcoming contributions & collaboration from the public & education sector.
 +
 
 +
Bio:
 +
Mr Fatah is currently a Senior Analyst under Malware Research Centre, MyCERT Department. He has already worked in information security domain for almost 10 years in most domain in security posture assessment (penetration testing, source code audit, wireless assessment, web assessment, database assessment, etc.), software development, geographical information system, managed security services, and others. He holds information security professional certification such as GWAPT, OSWiSP, HP ArcSight Certified Professional, ITILv3, CNE6, etc.
 +
 
 +
[[Image:fatah.jpg|300x200px]]
 +
 
 +
Abstract: The increasing importance of Continuous Network Monitoring in today’s Cyberworld
 +
 
 +
Bio :
 +
Mr. Dick Bussiere is Tenable Network Security’s Principal Architect for the Asia Pacific Region. In this multifaceted role, Mr. Bussiere is responsible for evangelizing the criticality of vulnerability assessment, vulnerability management, and thorough security monitoring as part of an organizations enhanced security posture. Mr. Bussiere is a frequent public speaker on these and other security and networking mattersMr. Bussiere frequently assists Financial Services Organizations, Governments, and Managed Security Service Providers in adopting a regimen of pro-active vulnerability management to help them reduce their vulnerability footprint.
 +
 
 +
Prior to Tenable, Mr. Bussiere was Arbor Network’s Solution Architect for Asia Pacific. In this role, Mr. Bussiere assisted organizations in assessing their risk exposure to Distributed Denial of Service attacks. He has advised several regulatory bodies on recommended legislation to protect critical infrastructure against DDoS attacks. Mr. Bussiere is a seasoned technical architect with over 20 years of experience in ICT security, computer networking, and engineering. Mr. Bussiere has a strong background in Research and Development, including both software and hardware engineering. 
 +
 
 +
Mr. Bussiere was a principle in an ICT security consulting firm and provided consulting services to numerous business, academic and government organizations. Activities included developing network security architectures with an emphasis on intrusion detection and prevention techniques, as well as the development of comprehensive organizational security policies. Additionally, Mr. Bussiere was an active contributor to the IEEE P1901 Power Line Communication security architecture and specification. Mr. Bussiere is the holder of five patents related to computer networking. He was also an active participant in the IEEE and IETF working groups.
 +
 
 +
[[Image:Dick.jpg|300x200px]]
 +
 
 +
Abstract: Security Awareness for .Net Developers
 +
Design and code carefully can protect today's complicated business application. With the rising of cyber–attacks in recent years, developer security become an important aspects for all software business. If you are .Net developer, this session will show you the tips and tricks of secure your applications, understand security threat, tools and others.
 +
 
 +
Bio:
 +
Walter is the founder for Gain Secure based in Malaysia. The company specialized for providing secure application development and user experience (UX) consultation services to customers. Walter is a Microsoft MVP for developer security. Research on application development security is Walter's personal interest. He also successfully discovered many websites vulnerabilities including some high traffic websites over the past few years. Walter often speaks at technical conferences such as TechDays Hong Kong, TechEd SEA, Security Symposium, TechNet/MSDN, Tech Insights and more.
 +
 
 +
[[Image:walter.jpg|300x200px]]
 +
 
 +
Abstract: Advance Financial Malware: GameOver Zeus - The art of espionage, data ex-filtration and network disruption
 +
GameOver ZeuS (GoZ) is the most sophisticated & the most researched malware to date. Since the released of the 2nd version of the original gruesome ZeuS malware, the new variant so-called “gameover” comes with a different strength and capabilities. It is more resilient, stealthy and deadly. It has cause the lost of millions of dollars and there are no specific methods to stop it. This has forced the FBI to put a bounty head for its creator.
 +
 
 +
Without any leading leaked source codes on its new capabilities & strength, most leading knowledge on GoZ is based on a 2 years of  “assumption” from various threat intelligence's collected share data around the globe. The assumption date were derived from analyzing its network behavior and some reverse-engineered dumped codes since 2013.
 +
 
 +
This presentation contents will be based on the collaborate data that has been collected by Infoblox's Threat Intelligence
 +
group. The focus will be in discussing GoZ capabilities, how to detect & mitigate it.
 +
 
 +
Bio:
 +
Mr Azril is currently a core security researcher with Infoblox's Threat Intelligence Group based in Santa Clara, California USA. He has already worked in information security domain for almost 12 years with interest in computer forensics, PKI, trusted computing, virtualization, secure programming, penetration testing and malware analysis. He has been an active speaker
 +
at international industry conferences since 2005. He has authored several technical papers and developed award
 +
winning open source software particularly in computer forensics, trusted computing & virtualization. Graduated with 2 degrees in computer science and operation management from the University of Missouri, he also holds information security professional certifications such as GCFA, CEI, ECSP and CEH.
 +
 
 +
[[Image:Azril1.jpg|300x200px]]
 +
 
 +
Abstract: An Analysis of Recent Cyber Attacks
 +
Over the past year, cyber attacks have gone from being a worst-case scenario for security teams to a real-world certainty. Yet for all the recent investment and focus on cyber security, attackers continue to succeed at stealing or destroying our most valued assets. In this discussion, we will deconstruct recent cyber attacks to see what is working in security and where the industry still has gaps. Then we will go beyond the search for simplistic silver bullets, and propose new models of defense-in-depth that can apply generically to detecting today's most sophisticated attacks.
 +
 +
This session will cover:
 +
-          An analysis of recent cyber attacks and what they have in common
 +
-          Understanding the inherent advantages attackers enjoy today, and how we can turn the tables
 +
-          Proposing a repeatable methodology for automating the detection of breaches and APTs
 +
 
 +
Bio: Ken Too
 +
Ken Too is a Technical Director for Datapath Networks Sdn Bhd, focused on solutions using machine learning and data science that provide protection beyond the perimeter. Ken has a long history in security and had been working with HP & CSC. His discussion will deconstruct recent cyber attacks and how they are unfolding globally with a goal to propose repeatable and generic solutions to prevent damage to valuable assets.
 +
 
 +
[[Image:Kentoo.jpg|300x200px]]
 +
 
 +
*Please register here:
 +
https://docs.google.com/forms/d/1UQb-EYR4oXh0qmelrM1SB7Abyj7R4LFdZi_kLtIbU4E/viewform
 +
 
 +
This events will covered by local newspaper and media by
 +
 
 +
[[Image:Awani.jpg|300x200px]] [[Image:Bh.png|300x200px]]
 +
 
 +
==OWASP Meetup Q1 2015==
 +
We welcome all the people that have interest to join this mini events and it open to everybody. Meetup with all hacker around Malaysian and Open Discussion with CyberSecurity Malaysia
 +
 
 +
*Date : 19 January 2015
 +
*Avenue: Dewan Seminar, Menara Razak, UTM Jalan Semarak, Kuala Lumpur
 +
{{MemberLinks|link=http://www.ais.utm.my|logo=utm-ais.jpg}}
 +
 
 +
 
 +
*Schedule
 +
*Time : 9.00a.m - 1.00p.m
 +
 
 +
*Event Program:
 +
 
 +
9.00a.m - 10.00a.m&nbsp;  - Arrival Participant
 +
10.00a.m - 10.10a.m&nbsp; - Opening Speech by CSM VVIP
 +
10.10a.m - 10.20a.m&nbsp; - Speech by OWASP Malaysia Chapter Leader
 +
10.20a.m - 11.20a.m&nbsp; - Speech By Saharudin Saat - Capturing Web Application Threats Virtual CMS Honeypot
 +
11.20a.m - 12.20p.m&nbsp; - Speech by Sandeep Nain - Introducing Application Security In Your Organization Think Like a Developer
 +
12.20p.m - 1.00p.m&nbsp;  - Social Network
 +
1.00p.m - 2.00p.m&nbsp;  - Refreshment
 +
 
 +
*Please register here :
 +
 
 +
https://docs.google.com/forms/d/1UQb-EYR4oXh0qmelrM1SB7Abyj7R4LFdZi_kLtIbU4E/viewform
 +
 +
* Required registration at (https://docs.google.com/a/owasp.org/forms/d/1b5I0n2KyvuyqmsNb68PCs-w7mNruWpLXIbY74qVcf2o Click Here])
 +
 
 +
University Technology Malaysia  ([http://goo.gl/mjbKLD Maps])
 +
 
 +
Facebook Event https://www.facebook.com/events/381598735333730/
 +
 
 +
Title : Capturing Web Application Threats - Virtual CMS Honeypot by Saharudin Saat
 +
 
 +
Opensource Content Management System (CMS) is very popular and widely used by web administrators around the world nowadays because of their simplicity for the instant web application solution. Consequently, web applications have increasingly been the focus of attackers because of the unintentional web vulnerabilities that comes from the newly introduced functionality. This project aims at enhancing the level of security for CMS inside the Universiti Teknologi MARA (UiTM) network by providing the most extensive way on developing Virtual CMS Honeypots. The outcome is hoped to ease the web administrators to monitor any kind of computer threats such as hackers, worms and viruses in more comfortable and efficient way. The results also will provide the administrator some form of countermeasures for security purposes and traffic analysis. Using Customize Awstats, Snort, AcidBase and Proxy will provide a Honeypot for a rapidly expandable network and suit for the web administrator
 +
especially at UiTM to monitor webserver traffic activity and any latest computer threats.
 +
 
 +
BIO : Saharudin Saat is a System Administrator at Ministry of Domestic Trade Cooperatives and Consumerism with over 15 years of computer experience. Saharudin's expertise in server technology, network security and cloud computing. He is also a consultant for open source software and cloud computing for some government related agencies.
 +
 
 +
Winner of the Kaspersky Southeast Asia Cup IT Security for the next generation 2009.Won third place in Malaysian Government Open Source Software Award (MyGOSS) 2012 .Saharudin holds a Degree in Computer Science (Hons) Data Communication and Networking from the Universiti Teknologi MARA Malaysia.
 +
 
 +
[[Image:saharudin.jpg|300x200px]]
 +
 
 +
Title: Introducing Application Security in Your Organization - Think Like a Developer by Sandeep Nain
 +
 
 +
To protect your enterprise from application layer attacks, your application security program needs to be goal-oriented and should be supported by a central team of professionals enabled with the best of the breed technologies; following effective processes. If you are wondering, how you can build such an application security program that effectively leverages secure development methodologies while being scalable and effective for a complex organization, this is the session to attend. In this session Speaker will cover:
 +
 
 +
*1. How to build secure development lifecycle for development teams using modern software development methodologies
 +
*2. Challenges of enforcing secure development lifecycle at an enterprise scale
 +
*3. Reasons why most application security programmes fail and how we can collaborate with development teams for easier enterprise adoption
 +
 
 +
BIO : Sandeep Nain is Managing Principal in HP Enterprise Security Products and leads Fortify Solution Consulting Services. In this role, he is responsible for the business growth and delivery of software security solutions for South Pacific and Asia region.
 +
Sandeep and his team help customers understand their business requirement for application security programme, assess their current security maturity state, design solutions which fit their need and deliver outcomes that exceed expectations.
 +
 
 +
Before joining HP, Sandeep was a Managing Partner at Appsecure, an application security specialist firm where he built and led the application security consulting team to provide enterprise grade application security solutions to Australian market. Prior to this, Sandeep held various security consulting positions at Pure Hacking, Fortify, IBM and Accenture. With an IT career spanning over 13 years, Sandeep is an accomplished Application Security Expert. He has worked alongside many high-profile
 +
national and international organisations, enabling them to produce secure software. He has extensive experience with enterprise grade software languages, software development frameworks, mobile platforms and security and risk management frameworks which makes him a perfect security advisor to our clients.
 +
 
 +
Sandeep has been actively involved in industry open source projects such as OWASP (Australia) and is active in the development of papers and initiatives published through the community. Sandeep has presented on application and database security at a number of national and international conferences. Academically, Sandeep holds a Master of Technology degree in Information
 +
Technology with specialization in Distributed Computing and several industry certifications including CISSP, CSSLP and CEH.
 +
 
 +
[[Image:sandeep.jpg|300x200px]]
 +
 
 +
* Required
 +
 
 +
==OWASP Meetup Q4 2014==
 +
*Date : 4 November 2014 (Tuesday)
 +
*Time : 8.00a.m - 1.00p.m
 +
*Veneu: Dewan Seminar, Menara Razak, UTM, Jalan Semarak
 +
{{MemberLinks|link=http://www.ais.utm.my|logo=utm-ais.jpg}}
 +
 
 +
Event Program:
 +
 
 +
Agenda
 +
8.00a.m - 9.00a.m&nbsp; - Arriving all OWASPrians
 +
9.00a.m - 9.15a.m&nbsp; - Opening Speech By OWASP Malaysia
 +
9.15a.m - 10.15a.m&nbsp; - Opening Ceremony by Prof. Dr. Shamsul bin Sahibuddin (Dean of Advanced Informatics School, UTM)
 +
9.45a.m - 10.15a.m&nbsp; - Social Activity
 +
10.15.a.m - 11.15a.m&nbsp; Tobias Gondrom (OWASP Foundation)
 +
10.15 .m - 10.45a.m&nbsp; - Wann Senn (Regal Paradigm)
 +
1.45a.m - 12.15p.m&nbsp; - Amir Haris Ahmad (Localhost)
 +
12.15p.m - 1.00p.m&nbsp; - Megat Muazzam Abdul Mutalib (CyberSecurity Malaysia)
 +
1.00p.m&nbsp; - Networking & End
 +
 
 +
This events is FOC to all OWASPrian and Non-OWASPrian
 +
 
 +
Please Register and confirm your attendant here:
 +
 
 +
https://docs.google.com/forms/d/1J05m6wonvb6BYvAgK90JXN40PFkIWLX1XqR-dXlKs64/viewform
 +
 
 +
Our Speaker:
 +
[[File:wannsen.jpg|300x200px]]
 +
[[File:amir.jpg|300x200px]]
 +
[[File:tobias.jpg|300x200px]]
 +
[[File:Megat.jpg|300x200px]]
 +
 
 +
==OWASP Meetup Q1 2014==
 +
*Date : 17 March 2014 (Monday)
 +
*Time : 10.00a.m - 12.00p.m
 +
*Venue: Nexperts Academy Sdn Bhd
 +
        C-3A-03, Block c, Level 3A,
 +
        Phileo Damansara 1, No. 9,
 +
        Jalan 16/11 off Jalan Damansara,
 +
        46350,Petaling Jaya, Selangor, Malaysia.
 +
*[[Image:nexpert.png]]
 +
 
 +
Event Program:
 +
 
 +
9.30a.m - 10.00a.m&nbsp; - Arrival Participant
 +
10.00a.m - 10.10a.m&nbsp; - Opening Speech by OWASP Malaysia Chapter Leader
 +
9.10a.m - 9.20a.m&nbsp; - Speech by Mr. Aatif Khan (Hack Defense)
 +
9.20.a.m - 12.00a.m&nbsp; - Web Security 2.0 Threat - Aatif Khan
 +
                          - Hacking Windows 7/8 wit USB - Aatif Khan
 +
12.50p.m - 1.00p.m&nbsp; - Social Network
 +
 
 +
BIO: Aatif Khan
 +
 
 +
[[Image:aatifkhan.jpg|300x200px]]
 +
 
 +
Speaker Profile: Aatif Khan, Application Security Evangelist, has delivered highly technical security training for conferences, universities, and corporate clients like Bank of America, Verizon,Amazon, Google, Yahoo, etc. to excellent reviews. He is also one of the main founding member of HDCRB (Hack Defense Certification Review Board). Aatif consults for application security, and is having specialization in security assessments/penetration testing, infosec training's, and reverse engineering/malware analysis.
 +
Apart from his stupendous exposure in application security consulting from several years, he has also worked with Defense Personnel, Cyber Crime Police Officials and has also delivered over more than 2000 hours of Information Security training to IT Security Professional's & Government Agencies. He has authored Books entitled "Ethical Hacking", "Advance Penetration Testing", "Backtrack Starter Manual" published by Packt Publications, UK.
 +
He is popularly known for designing the most advance course on "Advance Penetration Testing" with his Lab Book & Lab Exam, and has received stupendous feedback from top notch security experts. You can find more about him here - facebook.com/thenapsterkhan
 +
 
 +
 
 +
Please register here :
 +
 
 +
https://docs.google.com/a/bio-xcell.my/forms/d/1kpxanFk4SeM5bwB9PbBdpKj1ZT9LWVxbpBqZowcGuSo/viewform
 +
 
 +
==OWASP Meetup Q2 2013==
 +
*Date : 16 July 2013 (Tuesday)
 +
*Time : 9.00a.m - 1.00p.m
 +
*Venue: IMATEC, INTAN, Bukit Kiara
 +
*[[Image:INTAN.gif|300x200px]]
 +
 
 +
Event Program:
 +
 
 +
8.30a.m - 9.00a.m&nbsp; - Arrival Participant
 +
9.00a.m - 9.10a.m&nbsp; - Opening Speech by INTAN VVIP
 +
9.10a.m - 9.20a.m&nbsp; - Speech by OWASP Malaysia Chapter Leader
 +
9.20.a.m - 10.20a.m&nbsp; - Speech By Tobias Gordon - CISO for Manager
 +
10.20a.m - 10.35a.m&nbsp; - Rest
 +
10.35a.m - 10.50a.m&nbsp; - Talk by INTAN (TBA)
 +
10.50a.m - 11.50a.m&nbsp; - Speech by Drew William - Governance, Risk and Compliance
 +
11.50a.m - 12.50a.m&nbsp; - Speech By Tobias Gordon - Secure Coding
 +
12.50p.m - 1.00p.m&nbsp; - Social Network
 +
 
 +
BIO: Tobias Gondrom
 +
 
 +
[[Image:tobias.jpg|300x200px]]
 +
 
 +
"Tobias Gondrom is CEO at Thames Stanley, a boutique Global CISO and Information Security & Risk Management Advisory based in Hong Kong, United Kingdom and Germany.
 +
 
 +
He has 15 yrs of experience in software development, application security, cryptography, electronic signatures and global standardization organizations working for independent software vendors and large global corporations in the financial, technology and government sector.
 +
 
 +
Over the years, he has trained and advised dozens of CISOs and senior information security leaders around the globe. Since 2003 he is the chair of working groups of the IETF (www.ietf.org), a member of the IETF security directorate, and since 2010 chair of the web security WG at the IETF. He has been in a number of project and chapter leadership roles for OWASP since 2007. Currently, he is a board member of the OWASP London and the CSA Hong Kong and Macau chapters and leads the OWASP CISO Report and Survey project. He is an ISC2 CSSLP and CISSP Instructor. Tobias has authored the Internet standards RFC 4998 and RFC 6283, also co-authored the books „Secure Electronic Archiving“ and the OWASP CISO Guide and is a frequent presenter at conferences and publication of articles (e.g. AppSec, IETF, ISSE, ...).
 +
 
 +
BIO: Drew Williams
 +
 
 +
[[Image:Drew.jpg|300x200px]]
 +
 
 +
Drew Williams has a pedigree in information management and security that began more than 30 years ago while serving as a journalist and public affairs liaison in the U.S. Navy, participating in key military missions that included the U.S. counter-deterrent against the Soviet invasion of Afghanistan in 1979, and the attempted hostage rescue operation in Tehran in 1980.
 +
 
 +
On matters of State, Drew served on the President’s Partnership for Critical Infrastructure Security (a precursor to the Department of Homeland Security), and was one of a handful of original drafters of the 1996 Health Information Portability and Accountability Act (HIPAA) Security Policy guidelines for the U.S. government, the 1998 Common Vulnerabilities Enumeration (CVE) reporting model for how viruses and security risks are reported, and was a founding member of the Intrusion Detection Consortium (1999), and worked on the early stages of Common Criteria parameters for infosec product development. In 2004, Drew established the Center for Policy and Compliance for Configuresoft/VM-Ware, and lectures annually in Southeast Asia on IT security trends and best practices, and was named by a security consortium in Australia as “One of the top 20 most influential people in IT security in the Pacific” in 2010.
 +
 
 +
Please register here :
 +
 
 +
https://docs.google.com/a/owasp.org/forms/d/1KvFM22I3PkMaG087vNgB6m-DHHfOZyR3VRXgkexYxHY/viewform
 +
 
 +
==OWASP Meetup Q1 2013==
 +
 
 +
We welcome all the people that have interest to join this mini events and it open to everybody. Meetup with all hacker around Malaysian and Open Discussion with CyberSecurity Malaysia
 +
 
 +
*Date : 3 April 2013
 +
*Avenue: Theater Room, Level 7, Bangunan Sapura@Mines, Seri Kembangan, Selangor
 +
[[File:csm1.jpg]][[File:mycert.jpg]]
 +
*Schedule
 +
 
 +
12.30p.m&nbsp; - Lunch (Provided by CSM)
 +
1.00p.m&nbsp; - Registration
 +
2.00p.m&nbsp; - Opening Speech by CSM VVIP
 +
2.10p.m&nbsp; - Welcome Remark by Mohd Fazli Azran (OWASP Malaysia)
 +
2.20p.m&nbsp; - Speech by MyCERT - Activity Hacking & Report 2012 
 +
2.45p.m&nbsp; - Speech by Jim Manico - Top 10 Web Security Defense
 +
3.45p.m&nbsp; - Tea Break
 +
4.10p.m&nbsp; - Q&A with the presenter (MyCERT, Jim & OWASP)
 +
4.45p.m&nbsp; - Social Network
 +
5.00p.m&nbsp; - Dismiss
 +
 
 +
* Required registration at (https://docs.google.com/a/owasp.org/forms/d/1jS_17ppypXiX3fEtScjWimktGy4eBx0EdsyQoJ-H7h0/viewform?pli=1 Click Here])
 +
 
 +
CyberSecurity Malaysia ([http://www.cybersecurity.my/data/content_files/26/200.pdf Maps])
 +
 
 +
Facebook Event https://www.facebook.com/events/575425859134709/
 +
 
 +
Title: Top Ten Web Security Defenses
 +
 
 +
We cannot “firewall” or “patch” our way to secure websites. In the past, security professionals thought firewalls, Secure Sockets Layer (SSL), patching, and privacy policies were enough. Today, however, these methods are outdated and ineffective, as attacks on prominent, well-protected websites are occurring every day. Citigroup, PBS, Sega, Nintendo, Gawker, AT&T, the CIA, the US Senate, NASA, Nasdaq, the NYSE, Zynga, and thousands of others have something in common – all have had websites compromised in the last year. No company or industry is immune. Programmers need to learn to build websites differently. This talk will review the top coding techniques developers need to master in order to build a low-risk, high-security web application.
 +
 
 +
[[Image:jim.jpg|300x200px]]
 +
 
 +
BIO: Jim Manico is the VP of Security Architecture for WhiteHat
 +
Security, a web security firm. He authors and delivers developer
 +
security awareness training for WhiteHat Security and has a background as a software developer and architect. Jim is also a global board member for the OWASP foundation. He manages and participates in several OWASP projects, including the OWASP cheat sheet series and the OWASP podcast
 +
series.
 +
 
 +
* Required
 +
 
 +
==OWASP Meetup Q2 2013==
 +
 
 +
We welcome all the people that have interest to join this mini events and it open to everybody. Meetup with all hacker around Malaysian and Open Discussion with CyberSecurity Malaysia
 +
 
 +
*Date : 3 April 2013
 +
*Avenue: Theater Room, Level 7, Bangunan Sapura@Mines, Seri Kembangan, Selangor
 +
[[File:csm1.jpg]][[File:mycert.jpg]]
 +
*Schedule
 +
 
 +
12.30p.m&nbsp; - Lunch (Provided by CSM)
 +
1.00p.m&nbsp; - Registration
 +
2.00p.m&nbsp; - Opening Speech by CSM VVIP
 +
2.10p.m&nbsp; - Welcome Remark by Mohd Fazli Azran (OWASP Malaysia)
 +
2.20p.m&nbsp; - Speech by MyCERT - Activity Hacking & Report 2012 
 +
2.45p.m&nbsp; - Speech by Jim Manico - Top 10 Web Security Defense
 +
3.45p.m&nbsp; - Tea Break
 +
4.10p.m&nbsp; - Q&A with the presenter (MyCERT, Jim & OWASP)
 +
4.45p.m&nbsp; - Social Network
 +
5.00p.m&nbsp; - Dismiss
 +
 
 +
* Required registration at (https://docs.google.com/a/owasp.org/forms/d/1jS_17ppypXiX3fEtScjWimktGy4eBx0EdsyQoJ-H7h0/viewform?pli=1 Click Here])
 +
 
 +
CyberSecurity Malaysia ([http://www.cybersecurity.my/data/content_files/26/200.pdf Maps])
 +
 
 +
Facebook Event https://www.facebook.com/events/575425859134709/
 +
 
 +
Title: Top Ten Web Security Defenses
 +
 
 +
We cannot “firewall” or “patch” our way to secure websites. In the past, security professionals thought firewalls, Secure Sockets Layer (SSL), patching, and privacy policies were enough. Today, however, these methods are outdated and ineffective, as attacks on prominent, well-protected websites are occurring every day. Citigroup, PBS, Sega, Nintendo, Gawker, AT&T, the CIA, the US Senate, NASA, Nasdaq, the NYSE, Zynga, and thousands of others have something in common – all have had websites compromised in the last year. No company or industry is immune. Programmers need to learn to build websites differently. This talk will review the top coding techniques developers need to master in order to build a low-risk, high-security web application.
 +
 
 +
[[Image:jim.jpg|300x200px]]
 +
 
 +
BIO: Jim Manico is the VP of Security Architecture for WhiteHat
 +
Security, a web security firm. He authors and delivers developer
 +
security awareness training for WhiteHat Security and has a background as a software developer and architect. Jim is also a global board member for the OWASP foundation. He manages and participates in several OWASP projects, including the OWASP cheat sheet series and the OWASP podcast
 +
series.
 +
 
 +
* Required
 +
 
 +
==Computer Security Day 2011==
 +
 
 +
We welcome all the people that have interest to join the mini events and it open to everybody. Meetup with all hacker around Malaysian and Open Discussion with CyberSecurity Malaysia
 +
 
 +
*Date : 30 November 2011
 +
*Avenue: Theater Room, Level 7, Bangunan Sapura@Mines, Seri Kembangan, Selangor
 +
[[File:csm1.jpg]][[File:mycert.jpg]]
 +
*Schedule
 +
 
 +
1.00p.m&nbsp; - 2.00p.m&nbsp; - Registration (Lunch Provided)
 +
2.00p.m&nbsp; - Arrival Lt Col. (R) Prof Dato' Husin Bin Jazri
 +
2.05p.m&nbsp; - Opening Speech by MC 2.10p.m - Doa
 +
2.15p.m&nbsp; - Opening Speech by Mohd Fazli Azran (OWASP Malaysia)
 +
2.20p.m&nbsp; - Introduction by the participant
 +
2.50p.m&nbsp; - Presentation about CSM & activity CSM for 2012-2013 - Corporate Video - MyCERT Introduction by Adli Wahid Vice President Responsive Service CSM Dialogue
 +
3.15p.m&nbsp; - Speech by CEO CyberSecurity Malaysia Lt Col. (R) Prof Dato' Husin Bin Jazri
 +
3.40p.m&nbsp; - Q & A session
 +
4.20p.m&nbsp; - Tea Break and Networking
 +
4.50p.m&nbsp; - Dismiss
 +
 
 +
* Required registration at ([https://docs.google.com/spreadsheet/viewform?hl=en_US&formkey=dGlUeUtWS2tRQVhnUlFYNEZLaXMwV2c6MQ#gid=0 Click Here])
 +
 
 +
CyberSecurity Malaysia ([http://www.cybersecurity.my/data/content_files/26/200.pdf Maps])
 +
 
 +
Facebook Event https://www.facebook.com/events/147779481990578/
 +
* Required
 +
==AMDI-USM OSS Day 2010==
 +
 
 +
*Date&nbsp;: 23 December 2010 Thurday
 +
*Time&nbsp;: 8.00a.m - 5.00p.m
 +
*Avenue&nbsp;: Hotel Seri Malaysia, Kepala Batas, Pulau Pinang Malaysia
 +
 
 +
AMDI USM OSS DAY will show a variety of interactive mix of activities that consistent with the objective to promote and bring awareness about Open Source Software in general:
 +
 
 +
Seminar: 9 talks related to the awareness of Open Source will be held consisting of activists, consumers, application developers or experienced specialists who also come from the Open Source industry itself.
 +
 
 +
Demonstration: as with any conference, AMDI USM OSS DAY will be holding a demonstration open to visitors who present at the event square. The demonstration is consist by activists, community and society where will provide an opportunity for visitors to know and see more closely what is open source and proprietary technology. We also promote activities in the demonstration area to enliven the program.
 +
 
 +
To register please click at here  AMDI-USM ([http://www.mosc.my/events/amdi-usm-oss-day AMDI-USM OSS Day 2010])
 +
 
 +
==OWASP 4th Meeting Malaysia Chapter==
 +
 
 +
*Date&nbsp;: 23 November 2010 Tuesday
 +
*Time&nbsp;: 2.00p.m - 5.00p.m
 +
*Avenue&nbsp;: Malaysian Computer Emergency Response Team (MyCERT), CyberSecurity Malaysia, Level 7, SAPURA@MINES, Jln Tasik, Mines Resort City, Seri Kembangan, Selangor
 +
[[File:csm1.jpg]][[File:mycert.jpg]]
 +
 
 +
*Agenda
 +
 
 +
2.00&nbsp;: Arrival participant
 +
2.10&nbsp;: Offensive Security - Muhammad Muslim Mansor
 +
3.40&nbsp;: Web Application Firewalls: What are we really getting into? - Alex Tan
 +
5.10&nbsp;: Refreshment
 +
 
 +
*Web : www.owasp.my
 +
*Twitter : @owaspmy #owaspmy
 +
*Facebook : http://www.facebook.com/OWASP.Malaysia to RSVP
 +
 
 +
==OWASP 3rd Meeting Malaysia Chapter==
 +
 
 +
*Date&nbsp;: 19 October 2010 Tuesday
 +
*Time&nbsp;: 2.00p.m - 5.00p.m
 +
*Avenue&nbsp;: Malaysian Computer Emergency Response Team (MyCERT), CyberSecurity Malaysia, Level 7, SAPURA@MINES, Jln Tasik, Mines Resort City, Seri Kembangan, Selangor
 +
[[File:csm1.jpg]][[File:mycert.jpg]]
 +
 
 +
*Agenda
 +
 
 +
2.00&nbsp;: Arrival participant
 +
3.00&nbsp;: Opening Speech
 +
3.05&nbsp;: Brian Ritchie - Topic TBA
 +
4.05&nbsp;: Adnan Mohd Syukor - Topic TBA
 +
5.05&nbsp;: Refreshment
 +
 
 +
*Web : www.owasp.my
 +
*Twitter : @owaspmy #owaspmy
 +
*Facebook : http://www.facebook.com/OWASP.Malaysia to RSVP
 +
 
 +
==OWASP 2nd Meeting Malaysia Chapter==
 +
 
 +
*Date&nbsp;: 15 May 2010 Saturday
 +
*Time&nbsp;: 3.00p.m - 5.00p.m
 +
*Avenue&nbsp;: City University College Of Science Technology (CUCST)
 +
 
 +
[[Image:City.png]] Map: [http://www.city.edu.my/cityuc_malay/images/map_large.jpg City University]
 +
 
 +
Topic&nbsp;:
 +
 
 +
        1) Outbound Monitoring - the Forgotten Child in Infosec (1 hour)
 +
      2) Introduction to the new and highly lethal HTTP DDOS attack technique.(1 hour)
 +
 
 +
Registration Fee&nbsp;: FOC
 +
 
 +
Parking Fee&nbsp;: FOC (More Parking)
 +
 
 +
Registration&nbsp;: http://www.facebook.com/event.php?eid=123844360964411&amp;index=1
 +
 
 +
Speaker&nbsp;: Wong Onn Chee <br> Background&nbsp;:
 +
 
 +
Wong Onn Chee&nbsp;: Chief Tehnology Office, Resolvo System, Singapore
 +
 
 +
[[Image:Onnchee.jpg]]
 +
 
 +
Onn Chee is currently working as the Chief Technology Officer in Resolvo Systems, a leading information leakage expert in Asia. He has led numerous large-scale projects, primarily in the government and defence sectors. His areas of expertise include information leakage protection, web security and security strategy. Onn Chee is a founding member and the first Vice-President of the Information Systems Security Association (ISSA), Singapore Chapter, the largest international, not-for-profit association for security professionals. He was also a former member of the Center of Internet Security (US) which provides well-recognised security benchmarks for various systems which are commonly used by US Federal Government and private organisations. Onn Chee is also the current Singapore chapter lead of Open Web Application Security Project (OWASP) which publishes the widely respected OWASP Top 10 web vulnerabilities. Other than being a information security professional, Onn Chee is also trained in BS 7799/ISO 17799, ISO 9000 and ITIL. He is also a certified Project Management Professional (PMP) and certified PRINCE2 Practitioner. In 2007, Onn Chee was appointed as the President of International Association of Software Architect (IASA), Singapore Chapter.
 +
 
 +
For more detail please contact:
 +
Mobile&nbsp;: 013-2048672
 +
Email&nbsp;: [email protected]
 +
 
 +
<br>
 +
 
 +
<br>
 +
 
 +
==OWASP 1st Official Meeting Malaysia Chapter==
 +
 
 +
*Date&nbsp;: 31 March 2010 Wednesday
 +
*Time&nbsp;: 2.30p.m - 5.00p.m
 +
*Avenue&nbsp;: CyberSecurity Malaysia (Sapura Building), Level 7, Jln Tasik, Mines Resort City, Seri Kembangan, Selangor
 +
 
 +
*Agenda
 +
 
 +
2.30&nbsp;: Arrival participant
 +
3.00&nbsp;: Opening Speech
 +
3.15&nbsp;: Introduction of OWASP
 +
3.30&nbsp;: Introduction of CyberSecurity Malaysia, Summary Report and Incident of Web in Malaysia
 +
4.00&nbsp;: Meeting Start - Chair Meeting&nbsp;: OWASP Malaysia Chapter Leader
 +
    &nbsp;:                Comittee Members - CyberSecurity Malaysia, MySecurity Community
 +
 
 +
*OWASP Board Of Members election.
 +
 
 +
BOM - University Representative
 +
BOM - Government Representative
 +
BOM - Community Representative
 +
BOM - Security Professional Representative
 +
BOM - Private Sector Representative
 +
 
 +
*OWASP activities
 +
 
 +
1) Workshop
 +
2) Events
 +
 
 +
*Register Here&nbsp;: It FOC this is meeting not Workshop/Training/Seminar
 +
 
 +
http://www.facebook.com/event.php?eid=357732261091&amp;index=1
 +
 
 +
=Conference=
 +
==OWASP Conference==
 +
 
 +
===Cyber Range Academy Conference 2018 ([https://www.owasp.org/index.php/CRAC2018 CRAC2018]) 7-8 October 2018===
 +
===World CyberSecurity Day 2018 ([https://www.owasp.org/index.php/WCSD2018 WCSD2018]) 21-22 April 2018===
 +
===I@Secure Cyber Campaign 2018 ([https://www.owasp.org/index.php/ISCC2018 ISCC2018]) 18 April 2018===
 +
===Cyber Range Academy Conference 2017 ([https://www.owasp.org/index.php/CRAC2017 CRAC2017]) 26-27 September 2017===
 +
===OWASP Day KL 2016 ([https://www.owasp.org/index.php/OWASP_Day_KL_2016 OWASP Day KL 2016]) 15-17 November 2016===
 +
===OWASP Day KL 2011 ([http://www.owasp.org/index.php/OWASP_Day_KL_2011 OWASP Day KL 2011]) 20-21 September 2011===
 +
 
 +
=Workshop=
 +
==Bengkel Asas Keselamatan 2015 ([http://comp.utm.my/iasrg/2015/09/06/bengkel-asas-keselamatan-server-daripada-ancaman-penggodam/ Bengkel Asas Keselamatan Server Dari Ancaman Penggodam 2015]) 21 September 2015==
 +
 
 +
=Supporter=
 +
==Government Agency==
 +
{{MemberLinks|link=http://www.cybersecurity.my|logo=csm1.jpg}}
 +
{{MemberLinks|link=http://www.intanbk.intan.my|logo=INTAN.jpg}}
 +
 
 +
==University==
 +
{{MemberLinks|link=http://www.unikl.my|logo=unikl.jpg}}
 +
{{MemberLinks|link=http://www.ais.utm.my|logo=utm-ais.jpg}}
 +
{{MemberLinks|link=http://www.pmj.edu.my|logo=politek.png}}
 +
 
 +
==Corporate==
 +
{{MemberLinks|link=https://www.microsoft.com/en-my|logo=microsoft1.jpg}}
 +
 
 +
==Community==
 +
{{MemberLinks|link=http://www.osdc.my|logo=osdcmy.jpg}}
 +
{{MemberLinks|link=http://www.tbd.my|logo=tbdmy.png}}
 +
{{MemberLinks|link=http://www.hitb.org|logo=hitb.jpg}}
 +
{{MemberLinks|link=https://www.rawsec.com/|logo=Rawsec.jpg}}
 +
 
 +
=Sponsors=
 +
 
 +
=Members=
 +
 
 +
==Here our Official OWASP Members list 2017:==
 +
*1)Raihan Ahmad
 +
*2)Azlina Ahmad
 +
*3)Mohd Sufian Ahmad
 +
*4)Norzaidi Baharudin
 +
*5)Rene FBernard
 +
*6)Mohd Sofian Akasah
 +
*7)Ahmad Maher Che Mohd Adib
 +
*8)Mohamed Ashraf Husni Zai
 +
*9)Aldi Johari Shaqis
 +
*10)Mohd Hafiz Kamaruzaman
 +
*11)Khalid Zulazly
 +
*12)Mohd Dawi Mohd Haritih
 +
*13)Shazil Imri Mohd Hizam (Individual Lifetime)
 +
*14)Tajul Azhar Mohd Tajul Ariffin
 +
*15)Mohd Hanafiah Muhamad
 +
*16)Muhammad Hamizi Jaminan
 +
*17)NORAZLAN NORDEN
 +
*18)Rajivarnan Raveendradasan
 +
*19)Aalim Rozli
 +
*20)Ahmad Aizuddin Aizat Tajul Arif
 +
*21)James Tan
 +
*22)Adli Wahid
 +
*23)Yong Kian Chong
 +
*24)Shazri Azizan
 +
 
 +
==Here our Official OWASP Members list 2016:==
 +
*1) Adli Wahid
 +
*2) Lim Soo Kok
 +
*3) Gurdip Singh
 +
*4) Rajivarnan Raveendradasan
 +
*5) Krishna Rajagopal
 +
*6) Mohd Rahim Muhamad
 +
*7) Mohd Hanafiah
 +
*8) Norazlan Norden
 +
*9) Shazil Imri Mohd Hizam
 +
*10) Khairul Marjan
 +
*11) Zulazly Khalid
 +
*12) Mohamad Hamizi Jamaludin
 +
*13) Mohamed Ashraf Husni Zai
 +
*14) Anthony Hing Kheong
 +
*15) Hidzuan Hashim
 +
*16) Razif Hashim
 +
*17) Wati Darma
 +
*18) Matlan Dahari
 +
*19) Ahmad Aizuddin Aizat Tajul Arif
 +
*20) Amir Osman
 +
*21) Muhammad Zuhair Abd Rahman
 +
*22) Norzaidi Baharudin
 +
*23) Mohd Sufian Ahmad
 +
*24) Azlina Ahmad
 +
*25) Raihan Ahmad
 +
*26) Ahmad Amran Ahmad
 +
*27) Mohammad Zahir Mat Salleh
 +
*28) Mohd Khairuddin Che Ibrahim
 +
*29) Muhammad Najmi Ahmad Zabidi
 +
*30) Sofian Akasah
 +
*31) Mohd Shahril Hussin
 +
 
 +
==Here our Official OWASP Members list 2015:==
 +
*1) Mohd Azri Abdullah
 +
*2) Ahmad Amran Ahmad
 +
*3) Mohd Sufian Ahmad
 +
*4) Norzaidi Baharudin
 +
*5) Ahmad Aizuddin Aizat Tajul Arif
 +
*6) Arif Fahmi Fisal
 +
*7) Ab Malek Idris
 +
*8) Mohamad Hamizi Jamaludin
 +
*9) Chien Shing Kuan
 +
*10) Shaifullnizam Mohamad
 +
*11) Simon Lim
 +
*12) Charles Loh
 +
*13) Shazil Imri Mohd Hizam
 +
*14) Mohd Firdaus Ramlan
 +
*15) Bharanidharan Shanmugam
 +
*16) Kam Yim Siew
 +
*17) James Tan
 +
*18) Choong Tan Fook
 +
*19) Adli Wahid
 +
*20) Kiang Chong Yong
 +
*21) Lillian Nasharitah Boney Abdullah
 +
*22) Hidzuan Hashim
 +
*23) Neo Wong Wei Zhen
 +
*24) Harisfazillah Jamel
 +
*25) Yong Kiang Chong
 +
*26) Kamal Tam
 +
*27) Jalani Sidek
 +
*28) Hafidz Nasruddin
 +
*29) Tajul Azhar Mohd Tajul Ariffin
 +
*30) Mohammed Mirza
 +
*31) Hafiz Ismail
 +
 
 +
==Here our Official OWASP Members list 2014:==
 +
*1) James Tan
 +
*2) Mohd Syazwan Mohd Shafie
 +
*3) Willie Poh
 +
*4) Bharanidharan Shanmugam
 +
*5) Shaiffulnizam Mohamad
 +
*6) Fakrul Adli Mohd Zaki
 +
*7) Hidzuan Hashim
 +
*8) Kenneth Lau
 +
*9) Adzmely Mansor
 +
*10) Amir Osman
 +
*11) Ahmad Kiambang
 +
*12) Mohammed Mirza
 +
*13) Samad Mayang
 +
*14) Rahmat Tuah
 +
*15) Sabariah Kesuma
 +
*16) Mohd Som
 +
*17) Kamal Tam
 +
*18) Razif Hashim
 +
*19) Mohd Rahim
 +
*20) Hafiz Ratnasari
 +
*21) Jalani Sidek
 +
*22) Choong Tan Fook
 +
*23) Matlan Dahari
 +
*24) Yew Seng Ong
 +
*25) Mokhtar Azman Mohamed
 +
*26) Wati Darma
 +
*27) Khairul Marjan
 +
*28) Ling Koh Yew
 +
*29) Lim Soo Kok
 +
*30) Chuan Kian Tan
 +
*31) Anthony Hing Kheong
 +
*32) Kiang Chong Yong
 +
*33) Adli Wahid
 +
*34) Norzaidi Baharudin
 +
 
 +
<headertabs></headertabs>
 +
 
 +
[[Category:OWASP_Chapter]]
 +
[[Category:Malaysia]]
 +
[[Category:Asia]]

Latest revision as of 17:42, 19 October 2018

OWASP Malaysia

Welcome to the Malaysia chapter homepage. The chapter leader is Mohd Fazli Azran


Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

Btn donate SM.gif to this chapter or become a local chapter supporter. Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG


<paypal>Malaysia</paypal> Owaspmy.jpg

OWASP Malaysia & MySecurity Community

OWASP Malaysia Project now officially handle and organize by MySecurity Community. It was non-profit organization. We are pleasure and welcome to all Malaysian to join us and share the knowledge, skill, idea and related to make OWASP Malaysia Project are benefit to everybody. OWASP Malaysia Project as well are the pioneer project for Web Security Application and we tied with Malaysia Government Security Agency & Organization to promote and give awareness to Malaysian specially to government,university and public. Any private sector want to contribute and sponsor are welcome.

Join the local Malaysia chapter Facebook Page

Join the local Malaysia Chapter Discussion Facebook Group

Follow our twitter OWASP Malaysia #owaspmy

OWASP Malaysia Linkedin Group

OWASP Malaysia Official Telegram Group

OWASP Malaysia Meetup Planning Schedule

OWASP Malaysia Translation Project (OMTP) We need any volunteer for our translation project from English - Malay Please free to contact any of our BOM for update the Project

OWASP Malaysia Slack - OWASP Malaysia Slack Interest to join Please Email us your legitimate email for registration

NOTE: OWASP now promote for who want to become Official Members for Malaysia Chapter. You can get special rate and discount and get email @owasp.org with 25GB space. Please register at here as individual(Memberships) and to see the example how to (REGISTER) OWASP Memberships


For all new members and existing member please free to contribute to OWASP Malaysia Chapter and if you are commitment to help OWASP Malaysia please subscribe OWASP Membership for individual. For Corporate sponsor OWASP Malaysia please contact OWASP Admin.

We are welcome to join our conversation. If any query don't hesitate to contact OWASP Admin. Everyone is welcome to join us at our chapter meetings.

Related Security Events for this years.

2018

NanoSec Conference 2018 (NanoSec2018) 10 October 2018

2017

Durian Conference 2016 (Durian Conference) 8 April 2017

Malaysia Open Source Conference 2017 (MOSC2017) 17 - 18 May 2017

2016

OWASP DAY KL 2016 (OWASPKL2016) 15 - 17 November 2016

Black Hat Asia 2016 (BHAsia2016) 29 March - 1 April 2016

MOSCMY 2016 (MOSCMY2016) 25 - 27 May 2016

2015

Black Hat Asia 2015 (BHAsia2015) 24-27 March 2015

Info Security Malaysia Conference 2015 (InfoSec2015) 12 August 2015

International Conference On Library 2015 (ICOL2015) 25-26 August 2015

2014

OWASP AppSec AsiaPac 2014 (AppSecAsiaPac2014) 17-20 March 2014

Info Security Malaysia Conference 2014 (InfoSec2014) 12 August 2014

Malaysia Open Source Conference 2014 (MOSC2014) 24-25 September 2014

Hack In The Box 2014 (HITBSecConf2014) 13-16 October 2014

OWASP Asia Tour 2014 (Asia Tour 2014) 4 November 2014

2013

OWASP AppSec AsiaPac 2013 (AppSecAsiaPac2013) 19-22 February 2013

ZebraCon 2013 (ZebraCon2013) 27-28 August 2013

Malaysia Open Source Conference 2013 (MOSC2013) 10-11 September 2013

HITBSecConf 2013 (HITBSecConf2013) 14-17 October 2013

2012

OWASP Global AppSec AsiaPac 2012 (AppSecAsiaPac2012)11-14 April 2012

FUDCon AsiaPac KL 2012 (FUDConKL2012) 18-20 May 2012

EPF ISSS Quarterly Services Status Meeting and Technology Presentation Update 14 June 2012 (Closed Invitation)

Cyber Security, Cyber Warfare and Digital Forencis (CyberSec12) 26-28 June 2012

Malaysia Open Source Conference 2012 (MOSC2012)8-10 July 2012

Hack In The Box (HITBSecConf2012) 8-11 October 2012

Hacker Halted AsiaPac 2012 (HHAPAC2012)19-22 November 2012

2011

KL GreenHAT Challange 2011 (KLGHC 2011) 9-10 February 2011

OWASP Summit 2011 (OWASP Summit 2011) 8-11 February 2011

Counter eCrime Operation Summit V 2011 (CECOSv 2011) 27-29 April 2011

Info Security Conference 2011 (INFOSEC 2011) 12 May 2011

Malaysia Open Source Conference 2011 (MOSC2011) 3-5 July 2011

OWASP Day KL 2011 (OWASP Day KL 2011) 20-21 September 2011

Hack In The Box (HITBSecConf2011) 10-13 October 2011

Security Black Belt Day 2011 (SBBD2011) 3 November 2011

Mozilla AsiaCamp 2011 (MozCamp Asia 2011) 18-20 November 2011

Hacker Halted APAC (HHAPAC2011) 15-17 November 2011

Malaysia Government Open Source Conference 2011 (MyGOSSCON2011) 29-30 November 2011

Computer Security Day 2011 (CSD2011) 30 November 2011

2010

Malaysia Open Source Conference 2010 (MOSC2010) 29/30 June - 1 July 2010

Advanced Identify Management & Security 2010 (AIMS 2010) 20-21 September 2010

Next Generation Broadband Wireless Architecture Masterclass (NGBWAM 2010) 28-29 September 2010

Gartner Security Local Briefing 2010 (GartnerSec 2010) 15 July 2010

Hack In The Box 2010 (HITBSecconf 2010) - 4-14 October 2010

OSS Day KPM 2010 (OSS KPM 2010) - 12-13 October 2010

KL Green Hat 2010 (KLGH 2010) - 19-20 October 2010

CyberSecurity Malaysia Conference & Exhibition 2010 (CSMCE 2010)- 25-28 October 2010

Malaysia Government Open Source Conference 2010 (MyGOSSCON 2010)2-3 November 2010

Hacker Halted Asia Pacific 2010 (HHAPAC2010)- 9-11 November 2010

AMDI-USM OSS Day (AMDIOSS) 23 December 2010

Chapter Leader - Mohd Fazli Azran


Board Of Members 2010

Advisor - Amir Haris (MyNIC Berhad)

Observer - MySecurity Community (MySecurity)

1st OWASP Meetup 2018

OWASP Malaysia is Open Web Application Security Project for Malaysia Chapter. We like to share and discuss about security. Feel to join and participate as community. This is Open Source Project by OWASP Foundation.

  • Topic : 1st OWASP Malaysia Meetup 2018
  • Date : 5 April 2018 (Thursday)
  • Time : 8.00a.m - 2.00p.m
  • Venue : Hall Level 7, CyberSecurity Malaysia

Csm1.jpgMycert.jpg

  • Event Program:
8.00a.m - 8.45a.m  - Arrival Participant & Registration
8.45a.m - 9.00a.m  - CEO,CTO & SVP Arrival
9.00a.m - 9.05a.m  - Negaraku
9.05a.m - 9.10a.m  - Doa recitation
9.10a.m - 9.15a.m  - Speech by OWASP Malaysia Chapter Leader
9.15a.m - 9.20a.m  - Keynote Speech by CEO CSM
9.20a.m - 9.30a.m  - Refreshment
9.30a.m - 10.05a.m  - Speech By Kamarul Baharin - Mobile Apps Analysis (My Experience)
10.05a.m - 10.40a.m  - Speech By Adnan Shukor - Traffic Distribution System
10.40a.m - 11.15p.m  - Speech By Ahmad Ramadhan - Responsible Disclosure
11.15a.m - 11.50p.m  - Speech By Mr. Khairul Nadzmi - rawSEC: Empowering Local Security Community
11.50p.m - 2.00p.m  - Lunch Sponsor by CSM & Network Session

OWASP Meetup Q2 2017

OWASP Malaysia is Open Web Application Security Project for Malaysia Chapter. We like to share and discuss about security. Feel to join and participate as community. This is Open Source Project by OWASP Foundation.

  • Topic : OWASP Malaysia Meetup Q2 2017
  • Date : 18 July 2017 (Tuesday)
  • Time : 8.00a.m - 2.00p.m
  • Venue : Auditorium Hall, Microsoft Malaysia, Level 26, Petronas Tower 3, KLCC

Microsoft.jpg

  • Event Program:
8.00a.m - 9.00a.m  - Arrival Participant
9.00a.m - 9.10a.m  - Official Launch & Opening Speech by Microsoft Malaysia
9.10a.m - 9.20a.m  - Speech by OWASP Malaysia Chapter Leader
9.20a.m - 9.35a.m  - Keynote Speech by Datuk Wira Dr. Abu Bakar Mohamad Diah
9.35a.m - 10.00a.m  - Breakfast
10.00a.m - 10.35a.m  - Speech By Sanjay WS - The Security Problem & The Security Solution
10.35a.m - 11.10a.m  - Speech By Walter Wong - Consumer Security Impact with Cloud and Machine Learning
11.10a.m - 11.45p.m  - Speech By Razwan Mokhtar - Dealing with HealthCare Internet of Things security
11.45a.m - 12.20p.m  - Speech By Hasnan Hasim - Introduction Rimau WAF
12.20p.m - 1.00p.m  - Speech By Sina Manavi- Cyber-Crime as a Service and Quick Win Strategy to Tackle Them
1.00p.m - 2.00p.m  - Pre Lunch by Microsoft
  • Topic - The Security Problem and The Security Solution

Sanjay WS is a CTO of Astiotech Sdn Bhd and MVP Entreprise Security. In this session, I would like to share the security problems that are still plaguing Windows users until we see a worldwide pandemic security fear recently on ransomware. We walkthrough the historical security journey of Windows users and what Microsoft has done to address them. In Windows 10, Microsoft claims to have a silver bullet approach alongside other security primers in Windows 10, will it make the cut? You decide. I also hope to present a custom compromise in Windows that can easily be exploited in any version of Windows and let’s turn on this security solution and see if it survives.

Jayws.jpg

  • Topic - Rimau WAF

Hasnan Hasim holds a bachelor's degree in computer science (information technology) form ukm. With more than 15 years of experience handling Linux server and security device such as firewall, ips, ida and snort rules, ICT operations, training And system development In government sector. Main programming language using php, Java script. His presentation will show next generation WAF using mod_security with modern web UI for easy management.

Nan.jpg

  • Topic - Consumer Security Impact with Cloud and Machine Learning

Walter Wong is a technical lead in Gain Secure, a Malaysian-based company. The company specialized for providing secure application development and user experience (UX) consultation services to customers. Walter is a Microsoft MVP for developer security and Microsoft Azure. Research on application development security is Walter's personal interest. He also successfully discovered many websites vulnerabilities including some high traffic websites over the past few years. Walter often speaks at technical conferences such as Visual Studio 2010 Launch, TechEd SEA, Security Symposium, TechNet/MSDN, Tech Insights and more. Hosting the application in the cloud infrastructure does not guaranty your application and data security by default. It’s developer responsibility to ensure the application developed, configured and hosted is secure by default. Come and join Walter in his demo packed rollercoaster ride to understand more about Microsoft Azure security features. If you looking forward for a demo how to break the application hosted in Azure, this is the session you don’t want to miss.

Walter.jpg

  • Topic - Cyber-Crime as a Service and Quick Win Strategy to Tackle Them

Sina is an Iranian Senior Information Security Consultant working in banking industry as a CISO advisor helping the banks to design, develop and implement IT Security Blueprint, Project Monitoring, Risk and Compliances, Threatlandscape analysis. He has over 8 years expericen in IT Security area from Application Security, Secure Coding, Vulnerability Management and Penetration Testing in Mobile and Web Applications, SAP systems and Network. He has also experience in Security Posture assessment, Risk and Compliances and regulations in financial industry.

Sina2.jpg

  • Topic - Dealing with HealthCare Internet of Things security

Razwan Mokhtar is a system consultant and overseas system engineer for iDataMap Corporation from Adelaide, Australia. The company is developing new products to bridge the gap in personal health care communications, it’s stored encrypted patient data for ready access by clinicians and is especially useful for DICOM images. For the last 4 years he is very active integrating medical devices & internet of things in hospitals around Asia. Previously in Malaysia, Razwan Mokhtar was experience in the malware analysts focusing in botnet, development, implementation and management of complex Information Security for Department of Defense, Royal Malaysia Police, Royal Malaysian Navy and International Banks.

Wansen.jpg

Registration are now open for all. Please download the apps name "OWASP Malaysia Meetup 2017" from Play Store (Android) & App Store (iOS) Please bear in mind this meetup have limited seat only 100ppl. Please register now to book your seat.

OWASP Meetup Q3 2016

OWASP Malaysia is Open Web Application Security Project for Malaysia Chapter. We like to share and discuss about security. Feel to join and participate as community. This is Open Source Project by OWASP Foundation.

  • Topic : OWASP Malaysia Meetup Q3 2016
  • Date : 22 September 2016 (Thursday)
  • Time : 8.00a.m - 2.00p.m
  • Venue : Hall Level 7, CyberSecurity Malaysia

Csm1.jpgMycert.jpg

  • Event Program:
8.00a.m - 9.00a.m  - Arrival Participant
9.00a.m - 9.10a.m  - Official Launch & Opening Speech by CEO CyberSecurity Malaysia
9.10a.m - 9.20a.m  - Speech by OWASP Malaysia Chapter Leader
9.20a.m - 10.00a.m  - Breakfast
10.00a.m - 10.35a.m  - Speech By Melvin Lim (Infoblox) - Data Exfiltration over DNS
10.35a.m - 11.10a.m  - Speech By Mohamed Fadzlee Sulaiman (CSM) - CyberDEF: Uncovering Future Threats
11.10a.m - 11.45p.m  - Speech By Ahmad Ashraff bin Ahmad (ISC) - Security Through Obscurity : Good or Bad?
11.45a.m - 12.20p.m  - Speech By Azril Rahim (ISC) - A Practical Low Cost Cyber Threat Intelligence for SME
12.20p.m - 1.00p.m  - Speech by Jay Chow (Rapid7) - Application Assessment for the Modern World
1.00p.m - 2.00p.m  - Pre Lunch by CSM
  • Topic - Security Through Obscurity : Good or Bad?

Ahmad Ashraff bin Ahmad will share on his 6 years experience conducting penetration testing and bug bounty hunting related to the 'Security Through Obscurity'. Is it the right choice to depend on security appliance? Is it bad to leave the code vulnerable while being protected by these 'obscurity'? What's the impact to the community?. Ahmad Ashraff was a chemical engineering student from UTP. Choose to be in the ITsec because of his believe in 'following your passion' will lead to the right path. 6 years as a pentester. Have been with multiple security companies to learn the strong,weakness,gaps that is currently missing in ITsec MY. Active in bug bounty, 1st place in Malaysia. 1st place in Bugcrowd.Currently working as a IT Security Specialist.

Ahmadashraff.jpg


  • Topic - Data Exfiltration over DNS

Started off as Solutions Specialist, Melvin carries with him over 13 years of security focus experiences working with leading companies like Bluecoat, McAfee, Akamai and Infoblox. With cyber defense always at the the top of his mind, he provided threat briefing, network security assessment workshops for many organisations in ASEAN, reviewed their network security posture for vulnerabilities, . In a few occasions, Melvin was called back by the organization when the security gaps he highlighted were subsequently exploited by the attackers. In Infoblox, Melvin focuses on data leakage over DNS, defense in depth against DNS DDoS and exploits, which are some of the least addressed security gaps in many organizations today.

Melvinlim.jpg


  • Topic - Application Assessment for the Modern World

Jay Chow brings with him more than 10 years of experience in the areas of network and security consulting, implementation, and support. Jay Chow has been on the ground designing, consulting and leading several key government and MNC security projects. Bearing deep practical and strong technical understanding on various security technologies in the market, Jay has been a valuable resource in providing security insights. In his role with Rapid7, Jay focuses on assisting mid-to-large enterprises engineer better security across the South Asia region by visualizing, contextualizing and extracting more insights on their current risk and security exposure.

Jaychow.jpg

  • Topic - A Practical Low Cost Cyber Threat Intelligence for SME

Azril Rahim is a passionate cyber security expert with over 13 years of experiance. He is also an advocate for open source software where he also developed codes for computer security as well network and general purpose tools. His interest on computer security focuses on vulnerability assessment, pen-test, computer and network forensics, cyber threats intelligence, PKI and secure communication & network programming. He is also has won several awards from the Malaysian government for his work contribution in computer security. He is also hold several international certifications in computer security. Most of his cyber security work are proven hands on and validated via research papers, written & presented technical presentations, hands on work and also computer codes codings. More information about Azril work on computer security & programming can be obtain at his website at http://azrilrahim.site88.net

Azril1.jpg

Mohamed Fadzlee Bin Sulaiman is currently leading CyberDEF unit under Digital Forensics Department, CyberSecurity Malaysia. Eight years of experience in digital forensics has emphasized his credibility in solving criminal and civil cases in major fields including Computer Forensics, Network Forensics, Mobile Phone and Video Forensics. With CyberDEF he has been assisting organization and corporate companies by providing comprehensive cyber security solution especially for Critical National Information Infrastructure (CNII) sectors. Based on the prosecution necessity, he has also experienced as an expert witness to provide testimonial for various cases in court. To date, Mr. Fadzlee has conducted and handled analysis for more than hundred digital forensic cases including hacking, financial crimes, harassment, seditious,bribery, IP theft and etc. Occasionally, he is invited as a speaker and trainer at Government Linked Companies (GLC), local and foreign Law Enforcement Agencies.

Fadzlee.jpg

OWASP Meetup Q3 2015

OWASP Malaysia is Open Web Application Security Project for Malaysia Chapter. We like to share and discuss about security. Feel to join and participate as community. This is Open Source Project by OWASP Foundation.

  • Topic : OWASP Malaysia Meetup Q3 2015
  • Date : 14 September 2015 (Monday)
  • Time : 9.00a.m - 2.00p.m
  • Venue : Banquet Hall, Level 29, UniKL MIIT, Jln Sultan Ismail, KL

Unikl.jpg

  • Event Program:
9.00a.m - 10.00a.m  - Arrival Participant
10.00a.m - 10.10a.m  - Official Launch & Opening Speech by 
10.10a.m - 10.20a.m  - Speech by OWASP Malaysia Chapter Leader
10.20a.m - 10.30a.m  - Breakfast
10.30a.m - 11.05a.m  - Speech By  Adnan Mohd Shukor (BlueCoat) - Attacker Toolkit and Strategic Web Compromise
11.05a.m - 11.40a.m  - Speech By Sina Manavi (Kaapagam Technologies) -
11.40a.m - 12.15p.m  - Speech By Farhan Faisal - Network Threat Visibility
12.15p.m - 1.00p.m  - Speech By Adli Wahid (APNIC) -  Establishing Security Response Capabilities
1.00p.m - 2.00p.m  - Social Network (Refreshment)
  • Topic - Attacker Toolkit and Strategic Web Compromise

Adnan Mohd Shukor or (@xanda) is a Threat Analyst at BlueCoat System. He detects, analyzes, and blocks web threats and one of his areas of expertise is in exploit kit detection. He also contributed codes and patches to several open source projects and communities before, and most of them are in IT security related projects. Prior to joining BlueCoat System, he was the Senior Analyst at Malaysia CERT, CyberSecurity Malaysia

Adnanshukor.jpg

  • Topic -

Sina Manavi s a security enthusiast interested in penetration testing and digital forensics investgation. He has a master`s degree in computer science in the field of digital forensic investigation, and also certificate holder of CEH and CHFL. He has conducted many security talks and practical workshops and training on web/network/mobole penetration testing in Malaysia. His main interest is in mobile app penetration testing. He started his IT career as a software and database developer, and later joined the software database designing field. Currently, he works as professional trainer and information security consultant for Kaapagam Technologies Sdn Bhd in Malaysia.

Sinamanavi.jpg

  • Topic - Network Threat Visibility

Farhan Faisal He started his way in system administration, exposed to the real threats every day,gaining real experience from live system. Got GPEN, CCNA, and work experience in MyCERT allows him to work on real customer's network and various environment. He have done Network Forensic, Incident Management, Penetration Testing, and Security Monitoring for various organization and government agencies. He runs his company Scan Insight Sdn Bhd, and right now building External Threat Monitoring

Farhanfaisal.jpg

  • Topic - Establishing Security Response Capabilities

Adli Wahid (@adliwahid) is a Security Specialist at the Asia Pacific Network Information Centre (APNIC) in Brisbane, Australia. He does a lot of engagement with network operators, CERTs/CSIRTs, Law Enforcement and Inter-Government Agencies. He is also a member on the Board of Directors of the Forum of Incident Response and Security Teams (FIRST). Prior to joining APNIC he was the Head of Malaysia CERT at CyberSecurity Malaysia and a member of MUFG-CERT (Bank of Tokyo-Mitsubishi UFJ) You can read some of his activities at APNIC’s blog https://blog.apnic.net/

Adliwahid.jpg

OWASP Meetup Q2 2015

OWASP Malaysia is Open Web Application Security Project for Malaysia Chapter. We like to share and discuss about security. Feel to join and participate as community. This is Open Source Project by OWASP Foundation.

  • Topic : OWASP Malaysia Meetup Q2 2015
  • Date : 12 June 2015 (Friday)
  • Time : 8.00a.m - 2.00p.m
  • Venue : Theater Room, Level 7, CyberSecurity Malaysia, Seri Kembangan, Selangor

Csm1.jpgMycert.jpg

  • Event Program:
8.30a.m - 9.00a.m  - Arrival Participant
9.00a.m - 9.10a.m  - Official Launch & Opening Speech by Dr. Amirudin Abdul Wahab CEO CyberSecurity Malaysia (CSM)
9.10a.m - 9.20a.m  - Speech by OWASP Malaysia Chapter Leader
9.20.a.m - 9.50a.m  - Speech By Fatah Al-Farihin (CSM) - Zero day malware detection/prevention using open source software - Proof of Concept
9.50a.m - 10.20a.m  - Speech By Dick Bussiere (Tenable Security)- The increasing importance of Continuous Network Monitoring in today’s Cyberworld
10.20a.m - 10.35a.m  - Rest
10.35a.m - 11.05a.m  - Talk by Walter Wong (GainSecure) - Security Awareness for .Net Developers
11.05a.m - 11.45a.m  - Speech by Azril Aari (Infoblox) - Advance Financial Malware: GameOver Zeus - The art of espionage, data ex-filtration and network disruption
11.45a.m - 12.15a.m  - Speech By Ken Too (Vectra Network) - An Analysis of Recent Cyber Attacks
12.15p.m - 2.00p.m  - Social Network (Friday Pray)

Abstract: Zero day malware detection/prevention using open source software - Proof of Concept Today, as computer attacks tend to be malware-centric, the cyber criminals have introduced sophistication in their attack techniques that makes the traditional way of protecting the enterprise with firewalls, intrusion detection systems and antivirus software at the network perimeter ineffective. While maintaining Honeypot technology to collect malware information from the Internet & internal organizations, we would like to present a proof on concept on mitigating zero day malware using several combination of open source projects involving malware collection from network traffic, ssl interception, sandboxing. evading anti-vm, network ids/ips, process flow, etc. From the idea, we are welcoming contributions & collaboration from the public & education sector.

Bio: Mr Fatah is currently a Senior Analyst under Malware Research Centre, MyCERT Department. He has already worked in information security domain for almost 10 years in most domain in security posture assessment (penetration testing, source code audit, wireless assessment, web assessment, database assessment, etc.), software development, geographical information system, managed security services, and others. He holds information security professional certification such as GWAPT, OSWiSP, HP ArcSight Certified Professional, ITILv3, CNE6, etc.

Fatah.jpg

Abstract: The increasing importance of Continuous Network Monitoring in today’s Cyberworld

Bio : Mr. Dick Bussiere is Tenable Network Security’s Principal Architect for the Asia Pacific Region. In this multifaceted role, Mr. Bussiere is responsible for evangelizing the criticality of vulnerability assessment, vulnerability management, and thorough security monitoring as part of an organizations enhanced security posture. Mr. Bussiere is a frequent public speaker on these and other security and networking mattersMr. Bussiere frequently assists Financial Services Organizations, Governments, and Managed Security Service Providers in adopting a regimen of pro-active vulnerability management to help them reduce their vulnerability footprint.

Prior to Tenable, Mr. Bussiere was Arbor Network’s Solution Architect for Asia Pacific. In this role, Mr. Bussiere assisted organizations in assessing their risk exposure to Distributed Denial of Service attacks. He has advised several regulatory bodies on recommended legislation to protect critical infrastructure against DDoS attacks. Mr. Bussiere is a seasoned technical architect with over 20 years of experience in ICT security, computer networking, and engineering. Mr. Bussiere has a strong background in Research and Development, including both software and hardware engineering.

Mr. Bussiere was a principle in an ICT security consulting firm and provided consulting services to numerous business, academic and government organizations. Activities included developing network security architectures with an emphasis on intrusion detection and prevention techniques, as well as the development of comprehensive organizational security policies. Additionally, Mr. Bussiere was an active contributor to the IEEE P1901 Power Line Communication security architecture and specification. Mr. Bussiere is the holder of five patents related to computer networking. He was also an active participant in the IEEE and IETF working groups.

Dick.jpg

Abstract: Security Awareness for .Net Developers Design and code carefully can protect today's complicated business application. With the rising of cyber–attacks in recent years, developer security become an important aspects for all software business. If you are .Net developer, this session will show you the tips and tricks of secure your applications, understand security threat, tools and others.

Bio: Walter is the founder for Gain Secure based in Malaysia. The company specialized for providing secure application development and user experience (UX) consultation services to customers. Walter is a Microsoft MVP for developer security. Research on application development security is Walter's personal interest. He also successfully discovered many websites vulnerabilities including some high traffic websites over the past few years. Walter often speaks at technical conferences such as TechDays Hong Kong, TechEd SEA, Security Symposium, TechNet/MSDN, Tech Insights and more.

Walter.jpg

Abstract: Advance Financial Malware: GameOver Zeus - The art of espionage, data ex-filtration and network disruption GameOver ZeuS (GoZ) is the most sophisticated & the most researched malware to date. Since the released of the 2nd version of the original gruesome ZeuS malware, the new variant so-called “gameover” comes with a different strength and capabilities. It is more resilient, stealthy and deadly. It has cause the lost of millions of dollars and there are no specific methods to stop it. This has forced the FBI to put a bounty head for its creator.

Without any leading leaked source codes on its new capabilities & strength, most leading knowledge on GoZ is based on a 2 years of “assumption” from various threat intelligence's collected share data around the globe. The assumption date were derived from analyzing its network behavior and some reverse-engineered dumped codes since 2013.

This presentation contents will be based on the collaborate data that has been collected by Infoblox's Threat Intelligence group. The focus will be in discussing GoZ capabilities, how to detect & mitigate it.

Bio: Mr Azril is currently a core security researcher with Infoblox's Threat Intelligence Group based in Santa Clara, California USA. He has already worked in information security domain for almost 12 years with interest in computer forensics, PKI, trusted computing, virtualization, secure programming, penetration testing and malware analysis. He has been an active speaker at international industry conferences since 2005. He has authored several technical papers and developed award winning open source software particularly in computer forensics, trusted computing & virtualization. Graduated with 2 degrees in computer science and operation management from the University of Missouri, he also holds information security professional certifications such as GCFA, CEI, ECSP and CEH.

Azril1.jpg

Abstract: An Analysis of Recent Cyber Attacks Over the past year, cyber attacks have gone from being a worst-case scenario for security teams to a real-world certainty. Yet for all the recent investment and focus on cyber security, attackers continue to succeed at stealing or destroying our most valued assets. In this discussion, we will deconstruct recent cyber attacks to see what is working in security and where the industry still has gaps. Then we will go beyond the search for simplistic silver bullets, and propose new models of defense-in-depth that can apply generically to detecting today's most sophisticated attacks.

This session will cover: - An analysis of recent cyber attacks and what they have in common - Understanding the inherent advantages attackers enjoy today, and how we can turn the tables - Proposing a repeatable methodology for automating the detection of breaches and APTs

Bio: Ken Too Ken Too is a Technical Director for Datapath Networks Sdn Bhd, focused on solutions using machine learning and data science that provide protection beyond the perimeter. Ken has a long history in security and had been working with HP & CSC. His discussion will deconstruct recent cyber attacks and how they are unfolding globally with a goal to propose repeatable and generic solutions to prevent damage to valuable assets.

Kentoo.jpg

  • Please register here:

https://docs.google.com/forms/d/1UQb-EYR4oXh0qmelrM1SB7Abyj7R4LFdZi_kLtIbU4E/viewform

This events will covered by local newspaper and media by

Awani.jpg Bh.png

OWASP Meetup Q1 2015

We welcome all the people that have interest to join this mini events and it open to everybody. Meetup with all hacker around Malaysian and Open Discussion with CyberSecurity Malaysia

  • Date : 19 January 2015
  • Avenue: Dewan Seminar, Menara Razak, UTM Jalan Semarak, Kuala Lumpur

Utm-ais.jpg       


  • Schedule
  • Time : 9.00a.m - 1.00p.m
  • Event Program:
9.00a.m - 10.00a.m   - Arrival Participant
10.00a.m - 10.10a.m  - Opening Speech by CSM VVIP
10.10a.m - 10.20a.m  - Speech by OWASP Malaysia Chapter Leader
10.20a.m - 11.20a.m  - Speech By Saharudin Saat - Capturing Web Application Threats Virtual CMS Honeypot
11.20a.m - 12.20p.m  - Speech by Sandeep Nain - Introducing Application Security In Your Organization Think Like a Developer
12.20p.m - 1.00p.m   - Social Network
1.00p.m - 2.00p.m    - Refreshment
  • Please register here :

https://docs.google.com/forms/d/1UQb-EYR4oXh0qmelrM1SB7Abyj7R4LFdZi_kLtIbU4E/viewform

University Technology Malaysia (Maps)

Facebook Event https://www.facebook.com/events/381598735333730/

Title : Capturing Web Application Threats - Virtual CMS Honeypot by Saharudin Saat

Opensource Content Management System (CMS) is very popular and widely used by web administrators around the world nowadays because of their simplicity for the instant web application solution. Consequently, web applications have increasingly been the focus of attackers because of the unintentional web vulnerabilities that comes from the newly introduced functionality. This project aims at enhancing the level of security for CMS inside the Universiti Teknologi MARA (UiTM) network by providing the most extensive way on developing Virtual CMS Honeypots. The outcome is hoped to ease the web administrators to monitor any kind of computer threats such as hackers, worms and viruses in more comfortable and efficient way. The results also will provide the administrator some form of countermeasures for security purposes and traffic analysis. Using Customize Awstats, Snort, AcidBase and Proxy will provide a Honeypot for a rapidly expandable network and suit for the web administrator especially at UiTM to monitor webserver traffic activity and any latest computer threats.

BIO : Saharudin Saat is a System Administrator at Ministry of Domestic Trade Cooperatives and Consumerism with over 15 years of computer experience. Saharudin's expertise in server technology, network security and cloud computing. He is also a consultant for open source software and cloud computing for some government related agencies.

Winner of the Kaspersky Southeast Asia Cup IT Security for the next generation 2009.Won third place in Malaysian Government Open Source Software Award (MyGOSS) 2012 .Saharudin holds a Degree in Computer Science (Hons) Data Communication and Networking from the Universiti Teknologi MARA Malaysia.

Saharudin.jpg

Title: Introducing Application Security in Your Organization - Think Like a Developer by Sandeep Nain

To protect your enterprise from application layer attacks, your application security program needs to be goal-oriented and should be supported by a central team of professionals enabled with the best of the breed technologies; following effective processes. If you are wondering, how you can build such an application security program that effectively leverages secure development methodologies while being scalable and effective for a complex organization, this is the session to attend. In this session Speaker will cover:

  • 1. How to build secure development lifecycle for development teams using modern software development methodologies
  • 2. Challenges of enforcing secure development lifecycle at an enterprise scale
  • 3. Reasons why most application security programmes fail and how we can collaborate with development teams for easier enterprise adoption

BIO : Sandeep Nain is Managing Principal in HP Enterprise Security Products and leads Fortify Solution Consulting Services. In this role, he is responsible for the business growth and delivery of software security solutions for South Pacific and Asia region. Sandeep and his team help customers understand their business requirement for application security programme, assess their current security maturity state, design solutions which fit their need and deliver outcomes that exceed expectations.

Before joining HP, Sandeep was a Managing Partner at Appsecure, an application security specialist firm where he built and led the application security consulting team to provide enterprise grade application security solutions to Australian market. Prior to this, Sandeep held various security consulting positions at Pure Hacking, Fortify, IBM and Accenture. With an IT career spanning over 13 years, Sandeep is an accomplished Application Security Expert. He has worked alongside many high-profile national and international organisations, enabling them to produce secure software. He has extensive experience with enterprise grade software languages, software development frameworks, mobile platforms and security and risk management frameworks which makes him a perfect security advisor to our clients.

Sandeep has been actively involved in industry open source projects such as OWASP (Australia) and is active in the development of papers and initiatives published through the community. Sandeep has presented on application and database security at a number of national and international conferences. Academically, Sandeep holds a Master of Technology degree in Information Technology with specialization in Distributed Computing and several industry certifications including CISSP, CSSLP and CEH.

Sandeep.jpg

  • Required

OWASP Meetup Q4 2014

  • Date : 4 November 2014 (Tuesday)
  • Time : 8.00a.m - 1.00p.m
  • Veneu: Dewan Seminar, Menara Razak, UTM, Jalan Semarak

Utm-ais.jpg       

Event Program:

Agenda

8.00a.m - 9.00a.m  - Arriving all OWASPrians
9.00a.m - 9.15a.m  - Opening Speech By OWASP Malaysia
9.15a.m - 10.15a.m  - Opening Ceremony by Prof. Dr. Shamsul bin Sahibuddin (Dean of Advanced Informatics School, UTM)
9.45a.m - 10.15a.m  - Social Activity 
10.15.a.m - 11.15a.m  Tobias Gondrom (OWASP Foundation)
10.15 .m - 10.45a.m  - Wann Senn (Regal Paradigm)
1.45a.m - 12.15p.m  - Amir Haris Ahmad (Localhost)
12.15p.m - 1.00p.m  - Megat Muazzam Abdul Mutalib (CyberSecurity Malaysia)
1.00p.m  - Networking & End 

This events is FOC to all OWASPrian and Non-OWASPrian

Please Register and confirm your attendant here:

https://docs.google.com/forms/d/1J05m6wonvb6BYvAgK90JXN40PFkIWLX1XqR-dXlKs64/viewform

Our Speaker: Wannsen.jpg Amir.jpg Tobias.jpg Megat.jpg

OWASP Meetup Q1 2014

  • Date : 17 March 2014 (Monday)
  • Time : 10.00a.m - 12.00p.m
  • Venue: Nexperts Academy Sdn Bhd
       C-3A-03, Block c, Level 3A,
       Phileo Damansara 1, No. 9, 
       Jalan 16/11 off Jalan Damansara,
       46350,Petaling Jaya, Selangor, Malaysia.
  • Nexpert.png

Event Program:

9.30a.m - 10.00a.m  - Arrival Participant
10.00a.m - 10.10a.m  - Opening Speech by OWASP Malaysia Chapter Leader
9.10a.m - 9.20a.m  - Speech by Mr. Aatif Khan (Hack Defense)
9.20.a.m - 12.00a.m  - Web Security 2.0 Threat - Aatif Khan
                          - Hacking Windows 7/8 wit USB - Aatif Khan
12.50p.m - 1.00p.m  - Social Network

BIO: Aatif Khan

Aatifkhan.jpg

Speaker Profile: Aatif Khan, Application Security Evangelist, has delivered highly technical security training for conferences, universities, and corporate clients like Bank of America, Verizon,Amazon, Google, Yahoo, etc. to excellent reviews. He is also one of the main founding member of HDCRB (Hack Defense Certification Review Board). Aatif consults for application security, and is having specialization in security assessments/penetration testing, infosec training's, and reverse engineering/malware analysis. Apart from his stupendous exposure in application security consulting from several years, he has also worked with Defense Personnel, Cyber Crime Police Officials and has also delivered over more than 2000 hours of Information Security training to IT Security Professional's & Government Agencies. He has authored Books entitled "Ethical Hacking", "Advance Penetration Testing", "Backtrack Starter Manual" published by Packt Publications, UK. He is popularly known for designing the most advance course on "Advance Penetration Testing" with his Lab Book & Lab Exam, and has received stupendous feedback from top notch security experts. You can find more about him here - facebook.com/thenapsterkhan


Please register here :

https://docs.google.com/a/bio-xcell.my/forms/d/1kpxanFk4SeM5bwB9PbBdpKj1ZT9LWVxbpBqZowcGuSo/viewform

OWASP Meetup Q2 2013

  • Date : 16 July 2013 (Tuesday)
  • Time : 9.00a.m - 1.00p.m
  • Venue: IMATEC, INTAN, Bukit Kiara
  • INTAN.gif

Event Program:

8.30a.m - 9.00a.m  - Arrival Participant
9.00a.m - 9.10a.m  - Opening Speech by INTAN VVIP
9.10a.m - 9.20a.m  - Speech by OWASP Malaysia Chapter Leader
9.20.a.m - 10.20a.m  - Speech By Tobias Gordon - CISO for Manager
10.20a.m - 10.35a.m  - Rest
10.35a.m - 10.50a.m  - Talk by INTAN (TBA)
10.50a.m - 11.50a.m  - Speech by Drew William - Governance, Risk and Compliance
11.50a.m - 12.50a.m  - Speech By Tobias Gordon - Secure Coding
12.50p.m - 1.00p.m  - Social Network

BIO: Tobias Gondrom

Tobias.jpg

"Tobias Gondrom is CEO at Thames Stanley, a boutique Global CISO and Information Security & Risk Management Advisory based in Hong Kong, United Kingdom and Germany.

He has 15 yrs of experience in software development, application security, cryptography, electronic signatures and global standardization organizations working for independent software vendors and large global corporations in the financial, technology and government sector.

Over the years, he has trained and advised dozens of CISOs and senior information security leaders around the globe. Since 2003 he is the chair of working groups of the IETF (www.ietf.org), a member of the IETF security directorate, and since 2010 chair of the web security WG at the IETF. He has been in a number of project and chapter leadership roles for OWASP since 2007. Currently, he is a board member of the OWASP London and the CSA Hong Kong and Macau chapters and leads the OWASP CISO Report and Survey project. He is an ISC2 CSSLP and CISSP Instructor. Tobias has authored the Internet standards RFC 4998 and RFC 6283, also co-authored the books „Secure Electronic Archiving“ and the OWASP CISO Guide and is a frequent presenter at conferences and publication of articles (e.g. AppSec, IETF, ISSE, ...).

BIO: Drew Williams

Drew.jpg

Drew Williams has a pedigree in information management and security that began more than 30 years ago while serving as a journalist and public affairs liaison in the U.S. Navy, participating in key military missions that included the U.S. counter-deterrent against the Soviet invasion of Afghanistan in 1979, and the attempted hostage rescue operation in Tehran in 1980.

On matters of State, Drew served on the President’s Partnership for Critical Infrastructure Security (a precursor to the Department of Homeland Security), and was one of a handful of original drafters of the 1996 Health Information Portability and Accountability Act (HIPAA) Security Policy guidelines for the U.S. government, the 1998 Common Vulnerabilities Enumeration (CVE) reporting model for how viruses and security risks are reported, and was a founding member of the Intrusion Detection Consortium (1999), and worked on the early stages of Common Criteria parameters for infosec product development. In 2004, Drew established the Center for Policy and Compliance for Configuresoft/VM-Ware, and lectures annually in Southeast Asia on IT security trends and best practices, and was named by a security consortium in Australia as “One of the top 20 most influential people in IT security in the Pacific” in 2010.

Please register here :

https://docs.google.com/a/owasp.org/forms/d/1KvFM22I3PkMaG087vNgB6m-DHHfOZyR3VRXgkexYxHY/viewform

OWASP Meetup Q1 2013

We welcome all the people that have interest to join this mini events and it open to everybody. Meetup with all hacker around Malaysian and Open Discussion with CyberSecurity Malaysia

  • Date : 3 April 2013
  • Avenue: Theater Room, Level 7, Bangunan Sapura@Mines, Seri Kembangan, Selangor

Csm1.jpgMycert.jpg

  • Schedule
12.30p.m  - Lunch (Provided by CSM) 
1.00p.m  - Registration 
2.00p.m  - Opening Speech by CSM VVIP 
2.10p.m  - Welcome Remark by Mohd Fazli Azran (OWASP Malaysia) 
2.20p.m  - Speech by MyCERT - Activity Hacking & Report 2012  
2.45p.m  - Speech by Jim Manico - Top 10 Web Security Defense 
3.45p.m  - Tea Break 
4.10p.m  - Q&A with the presenter (MyCERT, Jim & OWASP) 
4.45p.m  - Social Network
5.00p.m  - Dismiss 

CyberSecurity Malaysia (Maps)

Facebook Event https://www.facebook.com/events/575425859134709/

Title: Top Ten Web Security Defenses

We cannot “firewall” or “patch” our way to secure websites. In the past, security professionals thought firewalls, Secure Sockets Layer (SSL), patching, and privacy policies were enough. Today, however, these methods are outdated and ineffective, as attacks on prominent, well-protected websites are occurring every day. Citigroup, PBS, Sega, Nintendo, Gawker, AT&T, the CIA, the US Senate, NASA, Nasdaq, the NYSE, Zynga, and thousands of others have something in common – all have had websites compromised in the last year. No company or industry is immune. Programmers need to learn to build websites differently. This talk will review the top coding techniques developers need to master in order to build a low-risk, high-security web application.

Jim.jpg

BIO: Jim Manico is the VP of Security Architecture for WhiteHat Security, a web security firm. He authors and delivers developer security awareness training for WhiteHat Security and has a background as a software developer and architect. Jim is also a global board member for the OWASP foundation. He manages and participates in several OWASP projects, including the OWASP cheat sheet series and the OWASP podcast series.

  • Required

OWASP Meetup Q2 2013

We welcome all the people that have interest to join this mini events and it open to everybody. Meetup with all hacker around Malaysian and Open Discussion with CyberSecurity Malaysia

  • Date : 3 April 2013
  • Avenue: Theater Room, Level 7, Bangunan Sapura@Mines, Seri Kembangan, Selangor

Csm1.jpgMycert.jpg

  • Schedule
12.30p.m  - Lunch (Provided by CSM) 
1.00p.m  - Registration 
2.00p.m  - Opening Speech by CSM VVIP 
2.10p.m  - Welcome Remark by Mohd Fazli Azran (OWASP Malaysia) 
2.20p.m  - Speech by MyCERT - Activity Hacking & Report 2012  
2.45p.m  - Speech by Jim Manico - Top 10 Web Security Defense 
3.45p.m  - Tea Break 
4.10p.m  - Q&A with the presenter (MyCERT, Jim & OWASP) 
4.45p.m  - Social Network
5.00p.m  - Dismiss 

CyberSecurity Malaysia (Maps)

Facebook Event https://www.facebook.com/events/575425859134709/

Title: Top Ten Web Security Defenses

We cannot “firewall” or “patch” our way to secure websites. In the past, security professionals thought firewalls, Secure Sockets Layer (SSL), patching, and privacy policies were enough. Today, however, these methods are outdated and ineffective, as attacks on prominent, well-protected websites are occurring every day. Citigroup, PBS, Sega, Nintendo, Gawker, AT&T, the CIA, the US Senate, NASA, Nasdaq, the NYSE, Zynga, and thousands of others have something in common – all have had websites compromised in the last year. No company or industry is immune. Programmers need to learn to build websites differently. This talk will review the top coding techniques developers need to master in order to build a low-risk, high-security web application.

Jim.jpg

BIO: Jim Manico is the VP of Security Architecture for WhiteHat Security, a web security firm. He authors and delivers developer security awareness training for WhiteHat Security and has a background as a software developer and architect. Jim is also a global board member for the OWASP foundation. He manages and participates in several OWASP projects, including the OWASP cheat sheet series and the OWASP podcast series.

  • Required

Computer Security Day 2011

We welcome all the people that have interest to join the mini events and it open to everybody. Meetup with all hacker around Malaysian and Open Discussion with CyberSecurity Malaysia

  • Date : 30 November 2011
  • Avenue: Theater Room, Level 7, Bangunan Sapura@Mines, Seri Kembangan, Selangor

Csm1.jpgMycert.jpg

  • Schedule
1.00p.m  - 2.00p.m  - Registration (Lunch Provided) 
2.00p.m  - Arrival Lt Col. (R) Prof Dato' Husin Bin Jazri 
2.05p.m  - Opening Speech by MC 2.10p.m - Doa 
2.15p.m  - Opening Speech by Mohd Fazli Azran (OWASP Malaysia) 
2.20p.m  - Introduction by the participant 
2.50p.m  - Presentation about CSM & activity CSM for 2012-2013 - Corporate Video - MyCERT Introduction by Adli Wahid Vice President Responsive Service CSM Dialogue 
3.15p.m  - Speech by CEO CyberSecurity Malaysia Lt Col. (R) Prof Dato' Husin Bin Jazri 
3.40p.m  - Q & A session 
4.20p.m  - Tea Break and Networking 
4.50p.m  - Dismiss 

CyberSecurity Malaysia (Maps)

Facebook Event https://www.facebook.com/events/147779481990578/

  • Required

AMDI-USM OSS Day 2010

  • Date : 23 December 2010 Thurday
  • Time : 8.00a.m - 5.00p.m
  • Avenue : Hotel Seri Malaysia, Kepala Batas, Pulau Pinang Malaysia

AMDI USM OSS DAY will show a variety of interactive mix of activities that consistent with the objective to promote and bring awareness about Open Source Software in general:

Seminar: 9 talks related to the awareness of Open Source will be held consisting of activists, consumers, application developers or experienced specialists who also come from the Open Source industry itself.

Demonstration: as with any conference, AMDI USM OSS DAY will be holding a demonstration open to visitors who present at the event square. The demonstration is consist by activists, community and society where will provide an opportunity for visitors to know and see more closely what is open source and proprietary technology. We also promote activities in the demonstration area to enliven the program.

To register please click at here AMDI-USM (AMDI-USM OSS Day 2010)

OWASP 4th Meeting Malaysia Chapter

  • Date : 23 November 2010 Tuesday
  • Time : 2.00p.m - 5.00p.m
  • Avenue : Malaysian Computer Emergency Response Team (MyCERT), CyberSecurity Malaysia, Level 7, SAPURA@MINES, Jln Tasik, Mines Resort City, Seri Kembangan, Selangor

Csm1.jpgMycert.jpg

  • Agenda
2.00 : Arrival participant
2.10 : Offensive Security - Muhammad Muslim Mansor
3.40 : Web Application Firewalls: What are we really getting into? - Alex Tan
5.10 : Refreshment

OWASP 3rd Meeting Malaysia Chapter

  • Date : 19 October 2010 Tuesday
  • Time : 2.00p.m - 5.00p.m
  • Avenue : Malaysian Computer Emergency Response Team (MyCERT), CyberSecurity Malaysia, Level 7, SAPURA@MINES, Jln Tasik, Mines Resort City, Seri Kembangan, Selangor

Csm1.jpgMycert.jpg

  • Agenda
2.00 : Arrival participant
3.00 : Opening Speech
3.05 : Brian Ritchie - Topic TBA
4.05 : Adnan Mohd Syukor - Topic TBA
5.05 : Refreshment

OWASP 2nd Meeting Malaysia Chapter

  • Date : 15 May 2010 Saturday
  • Time : 3.00p.m - 5.00p.m
  • Avenue : City University College Of Science Technology (CUCST)

City.png Map: City University

Topic :

       1) Outbound Monitoring - the Forgotten Child in Infosec (1 hour)
     2) Introduction to the new and highly lethal HTTP DDOS attack technique.(1 hour)

Registration Fee : FOC

Parking Fee : FOC (More Parking)

Registration : http://www.facebook.com/event.php?eid=123844360964411&index=1

Speaker : Wong Onn Chee
Background :

Wong Onn Chee : Chief Tehnology Office, Resolvo System, Singapore

Onnchee.jpg

Onn Chee is currently working as the Chief Technology Officer in Resolvo Systems, a leading information leakage expert in Asia. He has led numerous large-scale projects, primarily in the government and defence sectors. His areas of expertise include information leakage protection, web security and security strategy. Onn Chee is a founding member and the first Vice-President of the Information Systems Security Association (ISSA), Singapore Chapter, the largest international, not-for-profit association for security professionals. He was also a former member of the Center of Internet Security (US) which provides well-recognised security benchmarks for various systems which are commonly used by US Federal Government and private organisations. Onn Chee is also the current Singapore chapter lead of Open Web Application Security Project (OWASP) which publishes the widely respected OWASP Top 10 web vulnerabilities. Other than being a information security professional, Onn Chee is also trained in BS 7799/ISO 17799, ISO 9000 and ITIL. He is also a certified Project Management Professional (PMP) and certified PRINCE2 Practitioner. In 2007, Onn Chee was appointed as the President of International Association of Software Architect (IASA), Singapore Chapter.

For more detail please contact: Mobile : 013-2048672 Email : [email protected]



OWASP 1st Official Meeting Malaysia Chapter

  • Date : 31 March 2010 Wednesday
  • Time : 2.30p.m - 5.00p.m
  • Avenue : CyberSecurity Malaysia (Sapura Building), Level 7, Jln Tasik, Mines Resort City, Seri Kembangan, Selangor
  • Agenda
2.30 : Arrival participant
3.00 : Opening Speech
3.15 : Introduction of OWASP
3.30 : Introduction of CyberSecurity Malaysia, Summary Report and Incident of Web in Malaysia
4.00 : Meeting Start - Chair Meeting : OWASP Malaysia Chapter Leader 
    :                 Comittee Members - CyberSecurity Malaysia, MySecurity Community
  • OWASP Board Of Members election.
BOM - University Representative
BOM - Government Representative
BOM - Community Representative
BOM - Security Professional Representative
BOM - Private Sector Representative
  • OWASP activities
1) Workshop
2) Events
  • Register Here : It FOC this is meeting not Workshop/Training/Seminar
http://www.facebook.com/event.php?eid=357732261091&index=1

OWASP Conference

Cyber Range Academy Conference 2018 (CRAC2018) 7-8 October 2018

World CyberSecurity Day 2018 (WCSD2018) 21-22 April 2018

I@Secure Cyber Campaign 2018 (ISCC2018) 18 April 2018

Cyber Range Academy Conference 2017 (CRAC2017) 26-27 September 2017

OWASP Day KL 2016 (OWASP Day KL 2016) 15-17 November 2016

OWASP Day KL 2011 (OWASP Day KL 2011) 20-21 September 2011

Bengkel Asas Keselamatan 2015 (Bengkel Asas Keselamatan Server Dari Ancaman Penggodam 2015) 21 September 2015

Government Agency

Csm1.jpg        INTAN.jpg       

University

Unikl.jpg        Utm-ais.jpg        Politek.png       

Corporate

Microsoft1.jpg       

Community

Osdcmy.jpg        Tbdmy.png        Hitb.jpg        Rawsec.jpg       

Here our Official OWASP Members list 2017:

  • 1)Raihan Ahmad
  • 2)Azlina Ahmad
  • 3)Mohd Sufian Ahmad
  • 4)Norzaidi Baharudin
  • 5)Rene FBernard
  • 6)Mohd Sofian Akasah
  • 7)Ahmad Maher Che Mohd Adib
  • 8)Mohamed Ashraf Husni Zai
  • 9)Aldi Johari Shaqis
  • 10)Mohd Hafiz Kamaruzaman
  • 11)Khalid Zulazly
  • 12)Mohd Dawi Mohd Haritih
  • 13)Shazil Imri Mohd Hizam (Individual Lifetime)
  • 14)Tajul Azhar Mohd Tajul Ariffin
  • 15)Mohd Hanafiah Muhamad
  • 16)Muhammad Hamizi Jaminan
  • 17)NORAZLAN NORDEN
  • 18)Rajivarnan Raveendradasan
  • 19)Aalim Rozli
  • 20)Ahmad Aizuddin Aizat Tajul Arif
  • 21)James Tan
  • 22)Adli Wahid
  • 23)Yong Kian Chong
  • 24)Shazri Azizan

Here our Official OWASP Members list 2016:

  • 1) Adli Wahid
  • 2) Lim Soo Kok
  • 3) Gurdip Singh
  • 4) Rajivarnan Raveendradasan
  • 5) Krishna Rajagopal
  • 6) Mohd Rahim Muhamad
  • 7) Mohd Hanafiah
  • 8) Norazlan Norden
  • 9) Shazil Imri Mohd Hizam
  • 10) Khairul Marjan
  • 11) Zulazly Khalid
  • 12) Mohamad Hamizi Jamaludin
  • 13) Mohamed Ashraf Husni Zai
  • 14) Anthony Hing Kheong
  • 15) Hidzuan Hashim
  • 16) Razif Hashim
  • 17) Wati Darma
  • 18) Matlan Dahari
  • 19) Ahmad Aizuddin Aizat Tajul Arif
  • 20) Amir Osman
  • 21) Muhammad Zuhair Abd Rahman
  • 22) Norzaidi Baharudin
  • 23) Mohd Sufian Ahmad
  • 24) Azlina Ahmad
  • 25) Raihan Ahmad
  • 26) Ahmad Amran Ahmad
  • 27) Mohammad Zahir Mat Salleh
  • 28) Mohd Khairuddin Che Ibrahim
  • 29) Muhammad Najmi Ahmad Zabidi
  • 30) Sofian Akasah
  • 31) Mohd Shahril Hussin

Here our Official OWASP Members list 2015:

  • 1) Mohd Azri Abdullah
  • 2) Ahmad Amran Ahmad
  • 3) Mohd Sufian Ahmad
  • 4) Norzaidi Baharudin
  • 5) Ahmad Aizuddin Aizat Tajul Arif
  • 6) Arif Fahmi Fisal
  • 7) Ab Malek Idris
  • 8) Mohamad Hamizi Jamaludin
  • 9) Chien Shing Kuan
  • 10) Shaifullnizam Mohamad
  • 11) Simon Lim
  • 12) Charles Loh
  • 13) Shazil Imri Mohd Hizam
  • 14) Mohd Firdaus Ramlan
  • 15) Bharanidharan Shanmugam
  • 16) Kam Yim Siew
  • 17) James Tan
  • 18) Choong Tan Fook
  • 19) Adli Wahid
  • 20) Kiang Chong Yong
  • 21) Lillian Nasharitah Boney Abdullah
  • 22) Hidzuan Hashim
  • 23) Neo Wong Wei Zhen
  • 24) Harisfazillah Jamel
  • 25) Yong Kiang Chong
  • 26) Kamal Tam
  • 27) Jalani Sidek
  • 28) Hafidz Nasruddin
  • 29) Tajul Azhar Mohd Tajul Ariffin
  • 30) Mohammed Mirza
  • 31) Hafiz Ismail

Here our Official OWASP Members list 2014:

  • 1) James Tan
  • 2) Mohd Syazwan Mohd Shafie
  • 3) Willie Poh
  • 4) Bharanidharan Shanmugam
  • 5) Shaiffulnizam Mohamad
  • 6) Fakrul Adli Mohd Zaki
  • 7) Hidzuan Hashim
  • 8) Kenneth Lau
  • 9) Adzmely Mansor
  • 10) Amir Osman
  • 11) Ahmad Kiambang
  • 12) Mohammed Mirza
  • 13) Samad Mayang
  • 14) Rahmat Tuah
  • 15) Sabariah Kesuma
  • 16) Mohd Som
  • 17) Kamal Tam
  • 18) Razif Hashim
  • 19) Mohd Rahim
  • 20) Hafiz Ratnasari
  • 21) Jalani Sidek
  • 22) Choong Tan Fook
  • 23) Matlan Dahari
  • 24) Yew Seng Ong
  • 25) Mokhtar Azman Mohamed
  • 26) Wati Darma
  • 27) Khairul Marjan
  • 28) Ling Koh Yew
  • 29) Lim Soo Kok
  • 30) Chuan Kian Tan
  • 31) Anthony Hing Kheong
  • 32) Kiang Chong Yong
  • 33) Adli Wahid
  • 34) Norzaidi Baharudin