[Owasp-austin] OWASP Austin: February Chapter meeting and Announcements

Kyle Smith kyle.smith at owasp.org
Tue Feb 4 18:04:40 UTC 2014


Austin OWASPers!

For all brave and hearty folks that survived the ice-pocalypse in the
Austin area, OWASP Austin will be having several events for the month of
February.  OWASP Austin will be rescheduling Joel Scambray's presentation
to another chapter meeting soon, just not this month.

*Upcoming events --*

*Austin Security Professionals Happy Hour* on *February 20th*.  Please note
the different date as the venue has a special event on the normal night...
hint -- Valentine's Day

*Registration: **austin-security-professional-happy-hour-02-2014.eventbrite.com
<http://austin-security-professional-happy-hour-02-2014.eventbrite.com>*

------------------------------

*OWASP Monthly meeting* on February 25th:

Title: *Magical Code Injection Rainbow*

*Registration: owasp-austin-2014-february.eventbrite.com
<http://owasp-austin-2014-february.eventbrite.com>*

*Abstract:*

There are many intentionally vulnerable web applications available for
people to learn how to exploit various types of flaws. Unfortunately, many
of them have only the most basic and easily exploited examples of flaws. In
order to work with a more complex version of a flaw, it's usually necessary
to write your own vulnerable application or modify an existing one.

There is another option! *The Magical Code Injection Rainbow*! MCIR is a
framework for building configurable vulnerable applications. This
presentation will demonstrate the use of the existing MCIR applications
such as SQLol (for SQL injection) and XMLmao (for XML and XPath injection),
teach advanced exploitation techniques in SQL injection; XPath injection;
cross-site scripting; and shell command injection, discuss the exploitation
of insecure cryptosystems and discuss how to use the MCIR framework to
build your own configurable vulnerable application.

*Speaker: *

Daniel (aka "unicornFurnace") is a Senior Security Consultant for Trustwave's
SpiderLabs team. Daniel denies all allegations regarding unicorn smuggling
and questions your character for even suggesting it. Daniel has developed
configurable testbeds such as SQLol and XMLmao for training and research
regarding specific vulnerabilities. Daniel enjoys climbing large rocks.
Daniel has been working in the information security industry since 2004 and
is a frequent speaker at conferences including Black Hat, DEF CON,
Shmoocon, and SOURCE. Daniel does his own charcuterie. Daniel also holds
the title of Baron in the micronation of Sealand.

*Food: *Taco Deli time! Please *RSVP* so we'll be sure to have enough for
all! Only those who RSVP will be eligible for any drawings/giveaways that
may take place!

*Location:* National Instruments, 11500 N. Mopac.Building C

*Streaming/Webcast: *If you are unable to attend in person, please chose
the 'Streaming/Webcast' ticket type.  An update with the link will be
mailed out to only those that have chosen that ticket.
------------------------------

*OWASP Study Group*

As a reminder, the OWASP Study Group is currently covering the book "Web
Application Defender's Cookbook: Battling Hackers and Protecting Users".
 The study group meets on Wednesdays at National Instruments, Building A,
Room 217 from 12:00 to 1:00 PM.  For more details, including any meeting
update notifications, visit the OWASP Austin Study Group Discussions forum
(http://myowasp.ning.com/group/austinowaspstudygroup/forum/topics/study-group-web-application-defender-s-cookbook-modsecurity)
or contact Tiana Chandler - tiana.chandler at owasp.org.
------------------------------

Have fun and be safe!

-kyle smith
OWASP Austin, chapter leader
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-austin/attachments/20140204/91ec9f44/attachment.html>


More information about the Owasp-austin mailing list