tmacuk

http://www.owasp.org/index.php/Main_Page

If you had asked just shy of 2 months ago what OWASP was then I wouldn’t have been able to answer you. I now however have attended my first chapter meeting and I am really excited about the next one in around 3 months time I am guessing. OWASP stands for Open-source Web Application Security Project. It is a community of people who are focused on improving security in web applications.

A friend and myself decided to book our train tickets over  a month before the date of the conference. We then managed to rally together another two friends to join us. We received our tickets and were just awaiting the day.

On the day 2 other people off of our course joined us on the expedition to a far and distant land that is Leeds.

When we arrived in Leeds the mission then was to find the Novotel – and believe me the people in Yorkshire on this fine evening were very unhelpful two men completely ignoring me as I tried my hardest to put on my native tongue that is YORKSHIRE. We then found the venue had a cup of tea and went to sit down in the conference room (I am sure that the website said 50 people would be able to come, there must have been about 30 and we were near enough sitting on each others knees).

So the time came, we listened to two amazing speakers – Justin Clarke – www.gdsecurity.com and  Pete Finnigan – www.petefinnigan.com .

Justin Clarke talked about SQLi and how it is being used today as well as the SQLi in the past. He mentioned about asprox and how this was used to get WoW account details, something which apparently can be a very lucrative business. He went on to talk about different ways in which SQLi can be avoided. Overall his presentation was interesting.

Pete Finnigan then went on to talk about Oracle databases. He went through the different checklists that you can use to try and secure your database. He said that the checklists were not there to secure the data, and went on to show a demo in SQLplus on how he goes about finding tables and data within databases. He used a couple of his own SQL functions all of which can be found and downloaded at his website above.

We unfortunately booked early train tickets and had to leave early. Next time we will definitely book later trains. On the way back I fired up Broken Sword 1 – what a legendary game! And that was the end of the night!

To conclude, I have only just started the course, and the knowledge I have is very limited to what I know myself. I however understood around 60% of what was going on at the meeting and understood the concepts of the other 40%.  I would definitely recommend OWASP to anyone who was interested in computer security. I had a really good night and going along with friends and like minded folk definitely made the trip 10 times more worth while.