Well folks, its been a while since we’ve had an OWASP meeting and this time we’re planning something a little different. Rather than have very interesting folks talk to you, we’re going to roll our sleeves up and get with breaking web apps.
The next few chapter meetings will comprise educational sessions designed to teach folks how to break web apps with the Zed Attack Proxy (ZAP). We’ll start with an intro to ZAP (http://sourceforge.net/projects/zaproxy/files/docs/ZAPGettingStartedGuide.pdf/download), then after the session we’ll hack some web apps together.
Then in the next session we’ll learn some more advanced features of ZAP, then hack some more web apps together.
Then finally we’ll unleash the beast upon the Mozilla web sites hunting for bugs. You’ll remember from the last chapter meeting that Mozilla run a bug bounty program (https://www.mozilla.org/security/bug-bounty.html). So let’s see who can make some money out of their new found ZAP skills!
This isn’t just for pentesters or developers of buggy code. Its for everyone! So if you know someone that is interested in learning more, then this is their opportunity. Not just because of the usual free pizza and soft drink, but because the presenter of these sessions will be none other than the leader of the ZAP project, Simon Bennetts (aka psiinon)! We’ll be hooking up with Simon in the UK via Skype in a series of interactive sessions. At the beginning of each session we’ll set up the OWASP BWA VM to serve some vulnerable web apps for you to test your skills on. Or, if you already have the skills, just to keep you entertained.
Time: 6-9pm (1hr ZAP session, rest hacking)
Date: Wednesday, 30th July 2014 (yeh, a school nite)
Place: 170 Haydon dr, Bruce, ACT
As always our sponsors (IBM and the CIS) have made this possible by providing us with the two V’s (vittles and venue). There’s no registration or dress code; just turn up, learn and hack.