Archive for the ‘OWASP-Ban​galore’ Category



Read Full Post »


HackIM (Powered by EMC)
EMC Defenders League
Winja (CTF by women for Women)
Hello Ladies!
Are you a security enthusiast? Have you ever wished to be a part of puzzle-solving competition, but never got a chance to participate? Have you ever wanted to test your knowledge by solving hacking simulated challenges? Well then here’s your chance to be a part of Winja!
Get ready to Goa!

What is Winja?
It is an on-site hacking simulated competition at nullcon where individuals attempt to attack and defend computers and networks using certain software and network structures. The duration of the event would be around 2 hours.

The winner takes away:

Exciting Goodies

Introduction: 20 mins
Challenges to solve – 1 hr 40 mins
Feedback – 20 mins
Why be a part of this event?

You can test your hacking skills.
A unique event for Women in Technology and Security.
To learn different attack vectors for various vulnerabilities and have fun while doing it.
7th Feb, 2015 @ nullcon Goa

Rules and Guidelines

The event is free if you have a conference pass (Student, Individual and Corporate).
Women interested in attending this event can be offered 20% discount on all types of passes.
Participants Requirement

Hardware requirements

A laptop with Admin privileges.
At least 20 GB of free space.
Minimum 3GB Ram

Software requirements

Operating System any of the following: OSX, Win 7 and above, Ubuntu 12.0.4
VMware OR Virtual Box 4.x.x installed
About Nullcon Winja Team
Apoorva Giri

Apoorva works as a Security Analyst with iViZ Security (a Cigital company).She has presented a workshop on “Cyber Security and Ethical Hacking for Women” at c0c0n 2014at Kochi, Kerala. Her interests lie in Web Application Security and Mobile Security. She’s an active member of null/OWASP Bangalore Chapter. She has been listed on the Barracuda Hall of Fame for finding vulnerabilities on their application.

Shruthi Kamath

Shruthi works at Infosys Limited. She is a certified Ethical Hacker from EC Council .She has presented a workshop on “Cyber Security and Ethical Hacking for Women” at c0c0n 2014.She has conducted a one day workshop on “OWASP TOP 10” at Null Bangalore chapter. She has presented on “Secure SDLC” at c0c0n Conference 2013.She has participated at Jailbreak nullcon 2014. She presented a talk on “Cybercrimes in India and its Mitigation” at the National Conference for Women Police held at Trivandrum. She’s an active member of null/OWASP Bangalore Chapter. Her area of interest is Web Application Security.

Sneha Rajguru

Sneha works at Payatu Technologies Pvt.Ltd. She is a Certified Ethical Hacker and a Licensed Penetration Tester from EC Council. She’s an active member of null Pune Chapter and has presented talks on various information security related topics during the local null meets(Pune chapter). Her area of interest lies in Web application and mobile application security and fuzzing.

Read Full Post »

We are back for 6th time in Goa. nullcon 666 welcomes you to the
beastly devilish conference.
As nullcon is getting near, we are excited and ready to announce the
registration for HackIM CTF. Details at http://ctf.nullcon.net This
time HackIM is powered by EMC and we have some really exciting prizes
to be won.
But as Mahatma Gandhi wisely said “Glory lies in the attempt to reach
one’s goal and not in reaching it.” so, dust your debuggers, fire your
tools and get ready for some binary action this January.

Top 30 winners (one individual, if playing in a team) get to win
(if they choose to play on-site EMC defenders league at nullcon Goa 2015):
1. One Samsung Gear(Watch)
2. One Arduino Kit
3. One Free nullcon VIP Pass
4. Free 2 Nights shared accommodation at nullcon venue
5. A chance to win INR 500000/- (approx. USD $8000+) by playing EMC
defenders league at nullcon Goa 2015

Dates and Time (UTC):
Start: 9th Jan 2015 12:00 PM
End: 11th Jan 2015 12:00 PM



Read Full Post »

In continuation of the “Top 10 Web Application Security Hazards – For beginners ONLY” humla by Abhinav Sejpal held on 23rd August and on popular demand we are back with Part 2 which will cover the remaining topics from Part 1.

Part 1 covered SQLi and XSS.

Please find below a short description of the humla:

Understand / Learn / Practice OWASP Web Security Vulnerabilities https://www.owasp.org/index.php/Top_10_2013-Top_10

In this session, Attendees will perform hands-on exercises to get a better understanding of the OWASP top ten security threats.

For further details and Registration/RSVP please visit the following URL:

Note; Since, this event is for beginners only, selection will be based on first come first serve.

Registrations closes on 23rd September 23:59.

null Bangalore Chapter

Read Full Post »

Announcing null/OWASP/G4H Bangalore June meet-up on Saturday 14th June 2014.

Please note that all Bangalore null meets are free for anyone to attend. There are absolutely no fees. Just come with an open mind and willingness to share and learn.

You may optionally register for the event on Swachalit

The schedule for this month’s meet is as outlined below:

09:30 – 10:15: OWASP Mobile Top 10 – Part 2 – Anant Shrivastava
We will work on OWASP Mobile Risk M2 : Insecure Data Storage (https://www.owasp.org/index.php/Mobile_Top_10_2014-M2), We will use some sample vulnerable application to understand the cause of the issues as well as what kind of protection can be applied.

10:15 – 10:30: Introductions

10:30 – 11:00: Security NEWS Bytes – Raghavendran
Covers top information security happenings for past one month and also give a glimpse of events happening in upcoming one month.

11:00 – 11:45: Flash based XSS – Abir Banerjee
A talk on ignored or common vulnerabilities found in flash applications like XSS, Cross-Site Flashing, Abusing Cross domain policy, de-compiling for sensitive data & vulnerable functions in use.

11:45 – 12:15: Networking session followed by a break

12:15 – 13:00: BEeF – Prashanth Sivarajan
Will demo some interesting features of BeEF ( browser exploit framework) including the BeEF api and integration with metasploit framework.

13:00 – 13:45: ESAPI – Satish
ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library that makes it easier for programmers to write lower-risk applications. The ESAPI libraries are designed to make it easier for programmers to retrofit security into existing applications. The ESAPI libraries also serve as a solid foundation for new development.

13:45 – 14:00: Feedback and Topic discussion for next month meet

The meet starts at 9:30 AM. This month’s venue is confirmed. Please note that there has been a slight change in the venue this month. The meet will happen on 3rd floor at the main Thoughtworks building just next to Satya’s.


Please note that the meet for this month will happen on the 3rd Floor (Above the Gym).
ThoughtWorks, ACR Mansion,
147/f, 8th Main Road, 3rd Block, Koramangala,
Bangalore – 560034
Google Maps: http://goo.gl/bokSL
Co-ordinates: 12.928715, 77.628897

Landmark : Next to Satya’s Bar and Mercure Hotel
+ If you are coming from From Inner Ring road get on to Ooty Chocolates road and after a small crossroad this will be on the right hand side.
+ If you are coming from the Raheja Residency road then take a left turn at the small crossroad and this will be on your right hand side.
+ If you are coming from Koramanagala BDA complex take a right turn at the small crossroad and this will be on your right hand side.

Rupam Bhattacharya

Read Full Post »

Announcing null workshop on “OWASP Top 10 Vulnerabilities”. Like all null Bangalore workshops, this is free but registration is compulsory. A group of participants will be selected based on the registrations since this workshop is invite only and with prior registration and approval of the workshop champion. Here are the details:

Workshop Title: OWASP Top 10 Vulnerabilities
Workshop Champion: Shruthi Kamath
When: 29th March 2014, 10 AM – 6 PM
Registration form: http://goo.gl/up8ht1


Registrations Close: 26th March 2014 02:00 PM
Workshop Description: This workshop is mainly for beginners in web application security and will cover the basics of discovering the OWASP Top 10 vulnerabilities. This will help you identify OWASP top 10 vulnerabilities in a web application, understand the risks associated with these vulnerabilities, create attack vectors and inputs for testing and the methods that are employed by developers to defend web applications from these threats.

The following is the agenda for the workshop:
Introduction to the OWASP top 10 vulnerabilities: A brief introduction on identifying the most serious risks which can be present in a web application.
Hands on exercises to test a web application to detect vulnerabilities with reference to the OWASP Top 10.
Understanding mitigations: Securing your web applications from these vulnerabilities.

Laptop with WiFi/Ethernet, with minimum 2 GB RAM and minimum 4 GB free disk space.
Install Damn Vulnerable Web Application(DVWA) over XAMPP. If you are not going to use XAMPP, just make sure DVWA is running without any issues before coming in for the session.
Download links for DVWA and XAMPP:
DVWA (http://sourceforge.net/projects/dvwa/)
XAMPP (http://sourceforge.net/projects/xampp/)

Short Bio:
Shruthi Kamath works at Infosys Limited. She is a security enthusiast and is interested in learning new things. She has participated in jailbreak@nullcon 2014 and presented “Secure SDLC” paper at c0c0n.

Read Full Post »

This session will cover a small part of JavaScript security, which is of prime importance nowadays. Today, JavaScript is the only language which runs on every machine by default, owing to the fact that it is the scripting language of the browsers. Due to the not so awesome nature of earlier ECMAScript versions and a very quirky implementation of the Document Object Model (DOM) in the browser, dealing with JavaScript code can become very tricky at times.

If you have ever wondered about the security implications which lies beneath these quirky behaviours, this session is totally for you. Talking about client-side browser security for a whole day would be cool, but how about we make it more relevant to our day to day web applications?

The session would concentrate on
Fixing browser based injection attacks like DOM XSS
Sandboxing the DOM properties
Implications of polluting the global namespace
Thought process of bypassing an XSS filters and then fixing them

Since defending requires a very good understanding of what the attack surface is like, we make sure that the attacking part is completely covered as a primer, before defending something. You don’t need to be a Mutation XSS expert to attend this. As long you know what Javascript is and have written basic web applications, you will find this useful and interesting.

Basic knowledge of JavaScript.
Written a few basic web applications

Bachaav Champion | @skeptic_fx | Nafeez Ahamed

Nafeez Ahamed works as a security engineer solving exciting and new problems in the security space. His areas of expertise include client-side security and network security. Most of his time is spent, trying to find new ways to defend things in the browser. He feels that defending anything is much harder than attacking, especially if you know what the sophisticated attackers are up to.

Important information for attendees

Bachaav sessions are free to attend but only with prior invitation. Participants will be selected based on how they fill the registration form. All applications are evaluated by the Bachaav Champion to select those who the Champion thinks will get the most from the session. Only selected applicants will be emailed further details. Even though we would like to get everyone to attend, sometimes the topic at hand requires extensive knowledge of the subject and this means that the Champion may not feel confident to have an applicant in the session.


Close on 17th Dec 2013 23:59 PM
Link https://docs.google.com/a/null.co.in/forms/d/1H0aaoMYkv0JlLIz5Zhm6sdCZ__LkMTtbh6UFzTNLcU4/viewform

More information about null Bachaav Sessions

Read Full Post »

Older Posts »