OWASP Mumbai Chapter

This site contains details on OWASP Mumbai Chapter news and Chapter Meeting presentations.

OWASP Mumbai First Meet [June 24th 2006]

OWASP Mumbai Mailing List

OWASP Mail Archives

OWASP Mumbai Site

OWASP Home

Snaps: OWASP Second Meeting held at Tech Mahindra Ltd.

 

 

Meeting Notes of OWASP 2nd Meet [31st July 2006]

The second OWASP Mumbai Chapter Meet was held at TechMahindra premises in Chandivali. Mr. Richard on behalf of TechMahindra gave a warm welcome to all the delegates of the OWASP Mumbai Local Chapter. Accompanying him, Mr. Dharmesh of Mastek Ltd – Mumbai Chapter Head gave a brief description about the goals of OWASP Mumbai Chapter and the road ahead.

Presentations:

1. Significance of Random Numbers in Application Security: Richard Lewis, e-Security Consultant with Tech Mahindra, started with the practical usage of random numbers. He explained how good random number generation prevents applications from malfunctioning, increases strength of cryptographic operations which in turn increases entropy associated with the key. He went on to explain how random numbers automate otherwise manual tasks and how it increases the security of application. He explained the concepts of entropy and to which level it should be reached in an application. In the end he talked about the various sources of random numbers. He showed developers the simple mathematics required to calculate minimum password lengths, given the security requirements.

Download this presentation.

2. Java Decompilation: Girish Kulkarni, e-Security Consultant with Tech Mahindra went through Java Decompilation utility and techniques to defeat decompilation. Use of obfuscators, byte code encryptor/decryptor and generating executable from source were some of the techniques that he explained.

Download this presentation

3. /GS Security Check in Visual Studio: Chanda Dutta, Divya Makhija, Sugita Kumari, Upma Sharma from Tech Mahindra, presented the usage of /GS security check in Visual Studio. Chanda started the presentation by giving an introduction to /GS Security Check feature of Visual Studio. She explained what is /GS Buffer Security Check, the need of /GS and what it can prevent. Sugita further explained how /GS works and what is canary with process of how to using a canary can prevent buffer overrun. Upma then demonstrated a simulation explaining normal working of buffer overflow and how can it be prevented. Divya explained the various limitations of /GS as how the features of /GS can be exploited and summarized the /GS Buffer Security Check features and functionalities.

Download this presentation

Download Attendance Sheet: This sheet can be used as a proof to claim CPE Credits for CISSP's.