[OWASP-Bangalore] Fwd: Null + OWASP Bangalore Meeting on 5th September 2009 - An Update

Sundar N suntracks at gmail.com
Mon Sep 7 09:47:32 EDT 2009


Forwarding the minutes of OWASP NULL Meet .


---------- Forwarded message ----------
From: Akash <akashmahajan at gmail.com>
Date: 2009/9/7
Subject: Null Bangalore Meeting on 5th September 2009 - An Update
To: null-co-in at googlegroups.com


Hi all,

A blog entry of this email here
http://null.co.in/2009/09/07/null-bangalore-meeting-on-5th-september-2009-an-update/

We had a combined NULL + OWASP meeting this time. The response was
very encouraging with over 20 people showing up.

TALKS

We had two informative talks
1. Cookie Replay Attacks by Ravi Gopal
2. Cloud Security by Shashidhar

In the cookie replay attacks talk and demo, Ravi demonstrated how
trivial it is to sniff an ethernet network to find google cookies and
then replay them to gain access to the gmail accounts. His research
has indicated that only the GX cookie value is enough to do this. The
attack is mitigated by using secure HTTP for your entire gmail
session. His blog entry about this is
http://ravigopalt.blogspot.com/2009/09/gmail-account-hacking-through-gx-cookie.html

In the the Cloud Security talk Shashidhar explained from the basics of
what is the historical background for cloud computing and took it all
the way to explain 15 domains people should be aware of before taking
their apps/businesses to the cloud. Interesting arguments were put
forth in support of and against what he presented. This also led to
Simran proposing the next meeting's topic.

One of the members was concerned that if all the sysadmin/security
related functions move to the cloud what will happen to his job.
Shashidhar assured him that there will be plenty of work going around
in the 15 domains he spoke about. Due to paucity of time he wasn't
able to cover all the points in the presentation he will surely
respond to any questions you might have after going through the
presentation.

MISC

1. We had a lucky draw to giveaway one NULL t-shirt. Gursev was the
one who won that.
2. Shashidhar suggested that in case the number of attendees becomes
more than 40 we can use the ISACA office for holding our meetings.

ATTACHMENTS
1. Cookie replay attacks presentation
2. Cloud Security presentation

NEXT MEETING on 19th SEPTEMBER 2009 - 10 AM

The following talks are scheduled

1. Practical Aspects of Taking your Application to the Cloud - Simran
Gambhir
2. Discussion on security incidents in the past - Led by Gursev
3. Demonstration of a tool - Amit Parekh

VENUE DETAILS

Venue : Praxeva India Services Pvt. Ltd, Atrium Business Center,
66/1 2nd Floor, Coles Road, Frazer Town, Bangalore-560005

Map Location : http://www.praxeva.com/contact_us.html

* End of mosque road there is a CCD, from there, if you look diagonally
opposite (onto coles road), you will see a pizza hut (approx 100 meters).
The
office is on the 3rd floor of the pizza hut building.

Simran's number in case you have trouble finding the place is: +91 9741 39
1086


--
warm regards,
Akash Mahajan
----------------------------------------------------------
Security Consultant, (Web / Networks /
Servers / IT/ Virtualization)
Founder Headstart Network Foundation
----------------------------------------------------------
http://www.linkedin.com/in/akashm
http://network.headstart.in
----------------------------------------------------------



--
warm regards,
Akash Mahajan
----------------------------------------------------------
Security Consultant, (Web / Networks /
Servers / IT/ Virtualization)
Founder Headstart Network Foundation
----------------------------------------------------------
http://www.linkedin.com/in/akashm
http://network.headstart.in
----------------------------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-bangalore/attachments/20090907/6aec20f4/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Cookie Replay.ppt
Type: application/vnd.ms-powerpoint
Size: 898048 bytes
Desc: not available
Url : https://lists.owasp.org/pipermail/owasp-bangalore/attachments/20090907/6aec20f4/attachment-0001.ppt 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Cloud Security-Null Blr-050909.pdf
Type: application/pdf
Size: 479775 bytes
Desc: not available
Url : https://lists.owasp.org/pipermail/owasp-bangalore/attachments/20090907/6aec20f4/attachment-0001.pdf 


More information about the OWASP-Bangalore mailing list