[Owasp-New_Zealand] OWASP NZ Meeting - Tue 10th November, 6.30pm @ Auckland: Level 1, Building 2, 12-16 Nicholls Lane, Parnell - Wellington: Level 3, Lumley House - Hunter Street

Roberto Suggi Liverani robertosl at owasp.org
Mon Oct 26 21:03:52 EDT 2009

Hi everyone,

It's time for another OWASP meeting, just before Kiwicon III.

This time we are going to setup a video conference between Auckland
and Wellington.

A note for people in Auckland: the meeting will be held at
Security-Assessment.com offices at 12-16 Nicholls Lane, Parnell.

The meeting will be held at 6.30 pm on the 10th November.

Please confirm your attendance by only replying to myself at robertosl
(at) owasp.org with your first name
and last name.

Wellington people: location remains the same as the previous one and
please reserve your attendance as well.

Blair Strang and Scott Bell are your contacts.

Contact details below:

(Blair Strang 021 229 7231, Scott Bell 021 045 6672).


Speakers will be Nick Freeman, Security Consultant from
Security-Assessment.com and Quintin Russ, Technical Director @

Nick will be speaking about AMF/Flex security testing. Here is the abstract:

"There aren't a great number of AMF/Flex implementations, but if you
haven't seen them before, you're gonna have problems when testing
them. Problems like headaches and sore eyes from looking at lots of

And pretty much every AMF/Flex implementation I've seen has serious
problems of its own. Reliance on security by obscurity means that
these apps are often very pwnable, suffering from problems like SQL
injection which most developers learnt the error of years ago.
So come along and hopefully I will provide solutions to your problems.
I will be presenting on testing Flash applications - specifically
those using Flex and AMF (Action Message Format)."

Quintin will be giving a preview of his Kiwicon III talk "Shared
Ownership", from a web security perspective.

"Shared hosting" is a fairly generic term used to describe hosting
multiple websites, often (but not always) running as a unique system
user on a single virtual or physical machine. They are often poorly set
up, and almost always host vulnerable versions of software.

We'll cover some widely known flaws that exist with a quick demo showing the
risks associated with using a shared service like Shared Hosting.


Food and drinks will be provided as usual.

Meeting co-sponsor: Security-Assessment.com
(Auckland) and Security-Assessment.com (Wellington)

Meeting Locations:

Auckland Venue location:
Level 1, Building 2, 12-16 Nicholls Lane

Wellington Venue location:
3rd Floor Lumley House
Hunter Street

For more information about the current NZ OWASP activities please
visit the following page: http://www.owasp.org/index.php/New_Zealand

Thanks again,

Roberto Suggi Liverani

NOTE TO CISSP people: OWASP Meetings count towards CPE Credits.

Companies who would like to sponsor the event are welcomed to contact
us. This is a not for profit event and sponsorship is inexpensive and
used directly to cover costs.

For further information please contact
Roberto Suggi Liverani - robertosl (AT) owasp.org - (021 928 780) Rob
Munro - rob(at)robmunro.com - 021 677 785 - (Wellington Contact) Blair
Strang (021 229 7231).

Note that:
OWASP NZ Chapter meeting announcements/activities are always published
on the OWASP NZ Mailing-list and on the OWASP NZ page (
http://www.owasp.org/index.php/New_Zealand ) .

More information about the Owasp-newzealand mailing list