Tag: owaspbangalore

Posted on

OWASP AppSec Conf Delhi – Day 2; and more

The pictures of Day 2 are here.

The second day consisted of 6 workshops – 3 before lunch and 3 after. I was confused on choosing between Sheeraj Shah and Mano Paul’s workshops during the first half; and Jason Li’s talk on “Web 2.0  Security” and “Secure Code Review” workshop (originally by Dinis Cruz, but conducted by Gaurav Kumar of Microsoft) on the second half.

Threat Modelling - Mano Paul

Mano Paul

Choosing Mano Paul’s Workshop on Threat Modelling was relatively easier because I am trying to push in Threat Modeling in my company. However, the disappointment of missing Sheeraj’s talk was no less. Although, I must confess Mano Paul is one heck of a presenter. I guess experience always count.

Code Review - Gaurav Kumar

Gaurav Kumar

The decision for the second half was pretty tough. I had finally chosen Secure Code Review talk over Jason Li’s talk, because I’ve a personal interest in Code Review; added by the fact that the workshop was to be conducted by Dinis Cruz. Since we had to pre-select the talks, there was no scope to change it later. Needless to say, I was a bit disappointed initially. However, I must also mention that I don’t regret attending it. It was conducted by Gaurav Kumar, Ace Team, Microsoft. The best part about him, apart from the fact that he knows his stuff, is that he took all the M$ jokes sportingly :).

Bipin with Walter and Jordan

Bipin with Walter and Jordan

I also got to meet Jordan Forssman (Armorize) and Walter Tsai (CTO, Armorize), although I regret not being able to spend enough time and talk some Geeky stuff. Oh and yes, Walter gifted me and Amit the 31337 Armorize T-Shirts :D. I also got to meet a couple of more like minded people, though very briefly. I couldn’t share cards with all of them. Today Lava (whom I met during Gaurav’s workshop), contacted me today via this blog. Feel greats to be in touch with fellow geeks and to be able to share the geekiness. 😉 I’d like to be in touch with others too. Please feel free to buzz me.

I must admit, the hangover remained for quite a few days. It had motivated us to evaluate the possibility of another OWASP conf at Banglore. We’ll be discussing it at the next meet. For now, I have another interesting announcement to make. OWASP Banglore Chapter is starting Open Workshops for developers, students, and anyone interested to learn about Web Security. The first one is on Sept. 7th, at Microland, Bellandur. If you are interested kindly drop me a mail; or even better, joing the OWASP Bangalore mailing list and put up your details.

Posted on

SecurCamp and back.

I spent the first half of the day at SecurCamp -1 (or Security Barcamp). It always great to get together with the community and today was no different. It came a sweet surprise to me that I have quite a few acquaintances in the community. The best part of the whole day, however, was getting together with Lucky after a loooong time. It’s pretty strange that even after being in the same city, we haven’t been able to meet as often as we could have. So I decided to use the opportunity properly. In fact, I am now at his house, using his 1 mbs line while he’s away for his dance class (and hoping he doesn’t keep a sniffer on).

By flickr.com/photos/fortphoto/2563803794/

I presented on “A conceptual Phishing/Fraud IDS”, something I had worked in Jan/Feb, but have been sleeping on in for all this while. Thanks to Johnny’s pestering, I think I’ll write a small paper on it and distribute for review. I just hope the increased official workload is minimized by the new members joining the team. 🙂

We also used the opportunity to announce the OWASP Bangalore chapter revival. I have personally been working on identifying ways to ensure OWASP’s reach to the colleges, and have prepared a list of colleges in Bangalore. Let’s hope that we make it quick on that front too. Just to re-announce, if you are a student in/around Bangalore, drop me a note and we’ll put your college on top-priority. 🙂

I also had a very strange realization today. I have been a member of several communities (security and otherwise) and differences creep-in at some point. However, they are pretty quick (and a little more obvious) in the security communities. Be it mailing lists, blogs or even physical meets, people respond (and then re-respond) pretty loudly. 🙂 Is it because security is pretty demanding field where there isn’t much scope for a mistake, or is it because we all in the field carry a “I CAN’T be wrong” badge, or is it some other reason?

Time to move now. Hancock at 9:45PM 😛

Posted on

Reviving OWASP Bangalore Chapter

Update – Jan’ 13th, 2014: I’m excited to let you know that Bangalore OWASP chapter has been up and running, and growing for the last three years now. I no longer live in Bangalore, but the chapter and its people remain a source of knowledge exchange (read, nerd-talk). For more information, check out the OWASP Bangalore homepage.
If need be, you may contact the chapter leads Akash Mahajan (akash [DOT] mahajan {AT} owasp [DOT] org), and KV Prashant (kvprashant {AT} owasp [DOT] org.)

—–

The OWASP Bangalore Chapter met after almost an year today, and I was priviledged to be a part of it. As happens often with technical groups, including LUGs (Linux User Groups), they tend to loose participation and go to indefinite hibernation mode. OWASP-Bangalore’s fate was no different.

Meeting room stencil graffiti by -- flickr.com/photos/clagnut/252185030/

Anyhoo! The important point is that we finally met today. There were around 12 peole who turned up, and boy, It’s always an honour to meet enthusiastic people from the Security community. Minutes of the meeting will be posted by Hari, Chapter coordinator, pretty soon on the OWASP-Bangalore mailing list. To cut things short, we discussed and decided on a couple of points to revive the Bangalore Chapter. I’ll personally be looking forward to spreading the information to younger audience. So, just in case you are a part of some College around Bangalore, feel free to drop me a note. We’d love to visit your campus and deliver talks, free of charge. 🙂
As for the regular meetings, we’ve decided to meet every fourth Wednesday of the month. Venues will of course, keep changing.

p.s. I love the song “Jaane Kya Baat Hai” from the movie Sunny. But somehow, I am not able to get the other song,”Aur Kya Ahde Wafaa Hote Hain”, out of my mind since morning. Not that I am complaining 😉

Aur Kya Ahede Wafa…
Posted on

SecurityCamp is here, where are you?

Update: OWASP Bangalore Chapter is meeting on 29th June, i.e. Sunday, morning at 9:00 AM at Indian Coffee House. M.G. Road, Bangalore. Join us, if you can.

I feel extremely glad to announce that Security Camp, the first security Barcamp in Bangalore (as far as as I know) is on12th of July. It’s being hosted by RSA.

by flickr.com/photos/place_light/15355970/

Being a FOSS and NGO enthusiast, I am big fan of communities and highly respect the power they can unleash towards the motive. I have always felt that the Security community in India could be a little more organized and visible. Unfortunately, all I have seen till now is a couple of mailing lists (which are really good btw), some hacker gamers (who game all night long 🙂 ), and a couple of small conferences (like Club Hack, OWASP’s Mumbai meet). Although these deserve respect in their own right, but there’s always scope for a lot more, especially the visibility factor. Now, this BarCamp isn’t going change everything overnight (in fact the number of registrations are pretty low), but I am happy to see yet another one popping up. Luckily, Harinath, the chapter lead of OWASP-Bangalore, has called for revival of the chapter. I am hoping that we meet at Security Camp and come up with a survival plan 🙂

But again, firstly I wish I can make it to the Security Camp. We, at office, are expecting some OpenSocial related work in the first week of July, which probably means no Saturdays and no Sundays 😐 I was also hoping to visit the meet with my Geeky-partner Johnny ;), but he’d be out of town. No complaints though, he’d be talking at GUADEC 🙂 (uh, who came up with that acronym?)

I am sincerely hoping to be able to make it (and may be take my team there too). If I do, I’ll probably talk about a small research I did towards Designing a Phishing/Fraud IDS. Apart from the fact that I tried talking about it during DevCamp (where my lappy didn’t work with the projector and I’d to hold it in my hand 🙁 ), I’ve been sleeping on it. Mostly because there’s lot to be done to reduce the false-positives, which is anyways the case with all IDSes.