This event has ended

OWASP London Chapter Meeting - March 2014

OWASP London Chapter

Thursday, 20 March 2014 from 18:30 to 20:30 (GMT)

London, United Kingdom

OWASP London Chapter Meeting - March 2014

Ticket Information

Type End     Quantity
RSVP   more info Ended Free  

Who's Going

Loading your connections...

Share OWASP London Chapter Meeting - March 2014

Event Details

Talks

  • Using Tunna (HTTP Tunnel) for penetration testing - Nikos Vassakis and Rodrigo Marcos
    Once a web application is compromised and command execution is achieved, the attacker faces a number of hurdles. Network filtering is one of the key defensive techniques used to prevent attackers from creating further communication channels. This is usually an effective technique to limit the attacking avenues. Tunna is a tool designed to bypass firewall restrictions on remote web servers. It consists of a local application (supporting Ruby and Python) and a web application (supporting ASP.NET, Java and PHP). This presentation will cover all the steps required to effectively bypass firewalls protecting web applications, bind TCP ports on the compromised host and access other hosts in the DMZ.
  • OWASP WebSpa - Yiannis Pavlosoglou
    The OWASP WebSpa project is a tool implementing the novel idea of web knocking. The term web knocking stems from port knocking, If port knocking is defined as "a form of host-to-host communication in which information flows across closed ports" then we define web knocking a form of host-to-host communication in which information flows across erroneous URLs. In this talk we introduce web knocking and WebSpa: A tool for single HTTP/S authorisation requests. Similarly to traditional network port-knocking schemes, WebSpa aims to create a covert channel of communication for Operating System (O/S) commands, over the web application layer. Within this presentation the applicability, as well as the hurdles crossed while developing WebSpa will be discussed. The presentation will conclude with a video demo illustrating how a specially crafted URL will be responsible for allowing access to a previous closed TCP port 22 and other services.

[edit]Speakers

  • Nikos Vassakis
    Nikos is a security consultant at SECFORCE. He holds a BSc in Computer Science and an MSc in Information Security, and has 2 years of security related working experience. When not working breaking one technology or another, he drinks beer, socialises and when time permits works on research projects. Current research activities focus mainly on post-exploitation network traffic tunnelling techniques and trying to take over the world.
  • Rodrigo Marcos
    Rodrigo is a security CREST consultant at SECFORCE, with 10 years of experience in the penetration testing industry. His interests cover a wide range of areas, such as network protocol fuzzing, programming and "high-protein" web hacking - trying to minimise the gap between web application and infrastructure testing to achieve his ultimate goal: World domination, one IP address at a time.
  • Yiannis Pavlosoglou
    There is a world of numbers, hiding behind letters, inside computers, this is what stimulates my work. I am currently employed in IT risk management within the financial industry, running a team of technical risk assessors. Prior to this, I spent 5 years in the world of professional penetration testing. I focused my career evolution on assisting large scale projects actually implement secure development practices. This included teaching developers how to write secure code. For OWASP, I was the project leader for JBroFuzz and used to chair the Global Industry Committee. I am on the Application Security Advisory Board of the (ISC)2. My academic qualifications include a PhD in information security, designing routing protocols for ad-hoc networks. I am a certified scrum master and hold the CISSP certification.
Do you have questions about OWASP London Chapter Meeting - March 2014? Contact OWASP London Chapter

When & Where



Skype
2 Waterhouse Square
140 Holborn
London
EC1N 2ST

United Kingdom

Thursday, 20 March 2014 from 18:30 to 20:30 (GMT)


  Add to my calendar

Please log in or sign up

In order to purchase these tickets in installments, you'll need an Eventbrite account. Log in or sign up for a free account to continue.