OWASP Bay Area
OWASP Bay Area
  • 45
  • 82 923
OWASP WrongSecrets: how to NOT mange your secrets
Hosted By: Swarup Natukula
Title: OWASP WrongSecrets: Project Goals, Under the hood & Where do we go from here?
Abstract:
We all have to store our secrets every now and then. But where do you store them? In this session we will present OWASP WrongSecrets: a vulnerable app filled with challenges on how to NOT mange your secrets.
During this 45 minute session we will explore the project itself, give live demos and talk about the future of the project. Are you interested? See you onine!
Speaker bio:
Jeroen is a typical security jack-of-all-trades. As a hands-on security architect with a knack for (CI/CD) automation and risk management. Jeroen has been involved in various OWASP projects, now focusing on OWASP WrongSecrets. He enjoys a pentest every now and then, while helping organizations to get secure enough. Jeroen is often engaged in knowledge sharing through talks, blogs, projects at Github, and trainings.
มุมมอง: 486

วีดีโอ

Architecting API Security for Adopting Zero Trust Model55:41Architecting API Security for Adopting Zero Trust Model
Architecting API Security for Adopting Zero Trust Model
มุมมอง 6182 ปีที่แล้ว
Hosted by Swarup Natukula An enterprise API ecosystem is usually complex consisting of internal APIs (built and used by enterprise teams, partners and customers) and external APIs (built by third-parties, but used internally for free or commercially). While enterprises adopt the Zero Trust model, architecting API Security could be cumbersome. Even worse, APIs that crisscross across internal and...
OWASP Bay Area Meetup - Nov 20211:33:41OWASP Bay Area Meetup - Nov 2021
OWASP Bay Area Meetup - Nov 2021
มุมมอง 2363 ปีที่แล้ว
Talk#1 From Gates to Guidance: The new face of Application Security. In this talk, I will cover the challenges associated with traditional appsec practices and how they create friction from the modern software development practices. Then I will cover how guidance based approaches can strengthen the secure life cycle development and promote innovation at faster speed. Speaker:- Trupti Shiralkar ...
OWASP Bay Area Meetup - Oct 20211:55:28OWASP Bay Area Meetup - Oct 2021
OWASP Bay Area Meetup - Oct 2021
มุมมอง 1583 ปีที่แล้ว
Talk #1 Using OWASP Nettacker For Recon and Vulnerability Scanning OWASP Nettacker project was created to automate the information gathering, vulnerability scanning and in general to aid the penetration testing engagements. Nettacker is able to run various scans using a variety of methods and generate scan reports for applications and networks, including services, bugs, vulnerabilities, misconf...
OWASP Bay Area Meetup - Sept 20211:27:08OWASP Bay Area Meetup - Sept 2021
OWASP Bay Area Meetup - Sept 2021
มุมมอง 1563 ปีที่แล้ว
Talk 1: A New Class of DNS Vulnerabilities Affecting Many DNS-as-Service Platforms Abstract: We present a novel class of DNS vulnerabilities that affect multiple DNS-as-a-Service (DNSaaS) providers. The vulnerabilities have been proven and successfully exploited on three major cloud providers including AWS Route 53 and may affect many others. Successful exploitation of the vulnerabilities may a...
OWASP Bay Area Meetup - May 20211:44:21OWASP Bay Area Meetup - May 2021
OWASP Bay Area Meetup - May 2021
มุมมอง 3563 ปีที่แล้ว
Talk 1: The Tangled Web and Its Same Origin Policy Same Origin Policy is the Fundamental Security Model of the web, it's been very long that I have been struggling around Same Origin Policy and to overcome this struggle, I did some google and went through some books, watched some boring yet fruitful videos and ended up giving this talk. Having a deep understanding of the Same Origin Policy mode...
Hacker Days: Understanding AWS cloud attacks using CloudGoat56:46Hacker Days: Understanding AWS cloud attacks using CloudGoat
Hacker Days: Understanding AWS cloud attacks using CloudGoat
มุมมอง 2.1K3 ปีที่แล้ว
Enterprises are increasingly running their IT and application infrastructure natively in the cloud. With more workloads running in the cloud, security becomes an important and unavoidable part of your day to day operations. All cloud providers seek to implement the shared responsibility of security with their customers, which means that although the cloud provider is responsible for the hardwar...
BOLA, IDOR, MA, BFLA. Welcome to the OWASP API Top 10!1:03:24BOLA, IDOR, MA, BFLA. Welcome to the OWASP API Top 10!
BOLA, IDOR, MA, BFLA. Welcome to the OWASP API Top 10!
มุมมอง 7K3 ปีที่แล้ว
In this presentation, Adam will introduce the audience to the OWASP API TOP 10 Security Threats. Adam will highlight the unique attack vectors that API Applications face, review specific breach examples, and why OWASP felt it necessary to specifically highlight these vulnerabilities in a new Top 10 list. We will also explore various efforts by the security industry to secure API Applications an...
Get your security dream job2:34:41Get your security dream job
Get your security dream job
มุมมอง 1.4K3 ปีที่แล้ว
There are amazing jobs within security, but getting them can feel daunting! We know firsthand what it feels like to want a dream job but not know how to get it. In this session, co-hosted by the OWASP Bay Area and Vancouver chapters, experts will teach you everything you need to know in 15 minute chunks: - Types of jobs in security (Farshad Abasi, Chief Security Officer - Forward Security) - Ho...
SDKs Behaving Badly59:06SDKs Behaving Badly
SDKs Behaving Badly
มุมมอง 1044 ปีที่แล้ว
Modern software systems are increasingly built from components, many of them from third parties. This saves time and effort, but the developer now doesn't really know what their software is doing - but is still responsible for it. This is especially an issue for privacy compliance, with many apps leaking various kinds of sensitive data. In my ICSI group and at AppCensus, the company commerciali...
Bay Area OWASP: Measuring Security1:36:28Bay Area OWASP: Measuring Security
Bay Area OWASP: Measuring Security
มุมมอง 5494 ปีที่แล้ว
Welcome to OWASP Bay Area's TH-cam! Enjoy these amazing talks from August meetups by OWASP Bay Area. For more details about past and upcoming meetups, visit the Meetup page: www.meetup.com/Bay-Area-OWASP If you would like to contribute to Hacker Thursday as a speaker or would like to host us, drop a DM at @owaspbayarea on Twitter/Instagram! OWASP Bay Area Chapter Member Tad Whitaker will modera...
Hacker Days: Kubernetes Security: From Control Plane to Layer 71:09:10Hacker Days: Kubernetes Security: From Control Plane to Layer 7
Hacker Days: Kubernetes Security: From Control Plane to Layer 7
มุมมอง 4594 ปีที่แล้ว
OWASP Hacker days :- Talk by Jimmy Mesta on Kubernetes Security: From Control Plane to Layer 7
Hacker Days: iOS Application Vulnerabilities and how to find them1:11:25Hacker Days: iOS Application Vulnerabilities and how to find them
Hacker Days: iOS Application Vulnerabilities and how to find them
มุมมอง 27K4 ปีที่แล้ว
Welcome to OWASP Bay Area's TH-cam! Enjoy these amazing talks from August meetups by OWASP Bay Area. For more details about past and upcoming meetups, visit the Meetup page: www.meetup.com/Bay-Area-OWASP If you would like to contribute to Hacker Thursday as a speaker or would like to host us, drop a DM at @owaspbayarea on Twitter/Instagram! Mobile applications, like iOS apps handle a huge amoun...
Hacker Days: Kubernetes Goat58:48Hacker Days: Kubernetes Goat
Hacker Days: Kubernetes Goat
มุมมอง 3.6K4 ปีที่แล้ว
Welcome to OWASP Bay Area's TH-cam! Enjoy these amazing talks from August meetups by OWASP Bay Area. For more details about past and upcoming meetups, visit the Meetup page: www.meetup.com/Bay-Area-OWASP If you would like to contribute to Hacker Thursday as a speaker or would like to host us, drop a DM at @owaspbayarea on Twitter/Instagram! In this session Madhu Akula will give his first public...
OWASP Meetup - SIP June 20201:10:13OWASP Meetup - SIP June 2020
OWASP Meetup - SIP June 2020
มุมมอง 1514 ปีที่แล้ว
Welcome to OWASP Bay Area's TH-cam! Enjoy these amazing talks from August meetups by OWASP Bay Area. For more details about past and upcoming meetups, visit the Meetup page: www.meetup.com/Bay-Area-OWASP If you would like to contribute to Hacker Thursday as a speaker or would like to host us, drop a DM at @owaspbayarea on Twitter/Instagram! Did you miss us?! We missed you! Although we can't get...
Hacker Days: Visualizing the Void of Security Audit Data53:58Hacker Days: Visualizing the Void of Security Audit Data
Hacker Days: Visualizing the Void of Security Audit Data
มุมมอง 1414 ปีที่แล้ว
Hacker Days: Visualizing the Void of Security Audit Data
Kubernetes from a Attacker's Perspective1:16:36Kubernetes from a Attacker's Perspective
Kubernetes from a Attacker's Perspective
มุมมอง 7564 ปีที่แล้ว
Kubernetes from a Attacker's Perspective
Detect complex code patterns using semantic grep51:22Detect complex code patterns using semantic grep
Detect complex code patterns using semantic grep
มุมมอง 5224 ปีที่แล้ว
Detect complex code patterns using semantic grep
OWASP Meetup - South Bay Jan 2020 - Hosted by eBay1:36:21OWASP Meetup - South Bay Jan 2020 - Hosted by eBay
OWASP Meetup - South Bay Jan 2020 - Hosted by eBay
มุมมอง 1.2K4 ปีที่แล้ว
OWASP Meetup - South Bay Jan 2020 - Hosted by eBay
OWASP Meetup - SF November 2019 - Hosted by Okta2:02:51OWASP Meetup - SF November 2019 - Hosted by Okta
OWASP Meetup - SF November 2019 - Hosted by Okta
มุมมอง 1305 ปีที่แล้ว
OWASP Meetup - SF November 2019 - Hosted by Okta
OWASP Meetup - South Bay Oct 2019 - Hosted by Microsoft1:39:26OWASP Meetup - South Bay Oct 2019 - Hosted by Microsoft
OWASP Meetup - South Bay Oct 2019 - Hosted by Microsoft
มุมมอง 2185 ปีที่แล้ว
OWASP Meetup - South Bay Oct 2019 - Hosted by Microsoft
The Pulse of AppSec: 2019 Trends and Insights26:29The Pulse of AppSec: 2019 Trends and Insights
The Pulse of AppSec: 2019 Trends and Insights
มุมมอง 965 ปีที่แล้ว
The Pulse of AppSec: 2019 Trends and Insights
Practical Approach to Automate the Discovery and Eradication of Open-Source Software Vulnerabilities39:24Practical Approach to Automate the Discovery and Eradication of Open-Source Software Vulnerabilities
Practical Approach to Automate the Discovery and Eradication of Open-Source Software Vulnerabilities
มุมมอง 3755 ปีที่แล้ว
Practical Approach to Automate the Discovery and Eradication of Open-Source Software Vulnerabilities
Protecting your web-application from Magecart35:19Protecting your web-application from Magecart
Protecting your web-application from Magecart
มุมมอง 6165 ปีที่แล้ว
Protecting your web-application from Magecart
Application Layer Cryptography23:08Application Layer Cryptography
Application Layer Cryptography
มุมมอง 9845 ปีที่แล้ว
Application Layer Cryptography
Mobile AppSec 10122:12Mobile AppSec 101
Mobile AppSec 101
มุมมอง 13K5 ปีที่แล้ว
Mobile AppSec 101
DNS man-on-the-side (MOTS) for fun and profit16:46DNS man-on-the-side (MOTS) for fun and profit
DNS man-on-the-side (MOTS) for fun and profit
มุมมอง 1315 ปีที่แล้ว
DNS man-on-the-side (MOTS) for fun and profit
Hacker Days: Raining shells in AWS by chaining vulnerabilities2:15:34Hacker Days: Raining shells in AWS by chaining vulnerabilities
Hacker Days: Raining shells in AWS by chaining vulnerabilities
มุมมอง 2655 ปีที่แล้ว
Hacker Days: Raining shells in AWS by chaining vulnerabilities
OWASP Meetup - SF July 20191:55:53OWASP Meetup - SF July 2019
OWASP Meetup - SF July 2019
มุมมอง 3505 ปีที่แล้ว
OWASP Meetup - SF July 2019
OWASP Meetup - South Bay May 20191:58:59OWASP Meetup - South Bay May 2019
OWASP Meetup - South Bay May 2019
มุมมอง 4605 ปีที่แล้ว
OWASP Meetup - South Bay May 2019