OWASP First Meeting [June 24th 2006]

OWASP Mumbai First Meet was held at Mastek on 24th June 2006.                                                   

Home

Download Presentations

I .Secure Coding PPT

II. Threat Modeling PPT

Some Snaps of Event

I .  Anuradha : Mastek Ltd

II. Richard: Tech Mahindra

III. Dharmesh : Mastek Ltd

 IV. Shalini : Paladion Networks

V. Runa : Paladion Networks

 

OWASP Mumbai Chapter First Meeting -June 24th 2006 [09:30 - 12:00]

With the welcome address by Anuradha, the first meeting of Mumbai Chapter embarked at MASTEK premises.  Right from giving a brief introduction about OWASP and its aim, Anuradha explained the focus of OWASP as a voluntary organization aiming at contributing to the knowledge as a part of sharing it. Apart from it, Anuradha briefed about OWASP Top 10 Project and OWASP Guide to building Secure Application.

Richard presented on Secure Coding Fundamentals and elucidated the Cost factor inculcated due to insecure code resulting in Network Cost, Productivity Cost and so on. Further explaining the basic reasons of threat to code, he explained how the mistakes done by the Programmers, I/O, API Abuse, Environment & Configuration and Time & State were responsible for Security flaws in an application. Moving ahead, Richard laid down a few principles to be followed as Secure Coding – General Guidelines for all the languages and specific Secure Coding Guidelines for C & C++, Java and .NET

Richard's Presentation - Download

With Threat Analysis & Modeling Process, Dharmesh explained the steps followed as Threat Modeling Process starting from Defining Application Requirement, Application Architecture, and Modeling Threats looking at CIA feature of Security Basics. The aim covered to look towards gathering the information needed from application development teams in order to mock out the potential threats that are inherit in the software application they build starting from the very inception of the software birth. Giving the demonstration of Threat Analysis and Modeling Tool v2.0 with the basic example of its functionality, Dharmesh presented the Threat Modeling in real scenario.

Dharmesh's Presentation - Download

Shalini and Runa explained how password can be lost or manipulated in a real life scenario and it dealt with the countermeasures to be taken to avoid it. The topics covered under it included Stealing Password using different methods as – Browser’s Refresh, Browser’s Memory, Remember feature, Forget Password feature and last but not the least SQL Injection. The role of Browser’s Viewing Tool available showed a clear picture of how password could be easily cracked.