Galileo - Web Application Audit Framework

Continue reading

1. Pentest Keys
2. How To Pentest A Network
3. Hacker Typer
4. Hackintosh
5. Pentest Uk
6. Pentest Plus

HOW TO BOOST UP BROWSING SPEED?

Internet speed is the most cared factor when you buy an internet connection. What if still, you face a slow speed browsing problem? No worries, as I came with a solution to this problem. I will let you know how to boost up browsing speed. It's very simple to follow.

SO, HOW TO BOOST UP BROWSING SPEED?

There can be many ways you can get a speedy browsing whether you use paid service or free hacks. I am going to share this free speed hack with you.

STEPS TO FOLLOW

1. Navigate to Control Panel > Network and Internet Options > Network and Sharing Center.
2. Now look for the active internet connection to which you're currently connected to.
3. Open up Connection Properties of your active connection.
4. Click on IPv4 and open its Properties.
5. Here you will notice your DNS, you just need to change your DNS address with the following DNS.
   Preferred DNS server: 208.67.222.222
   Alternate DNS server: 208.67.220.220
6. Once done, save it and no configure it for IPv6. Just change the IPv6 DNS with the following DNS.
   Preferred DNS server: 2620:0:ccc::2
   Alternate DNS server: 2620:0:CCD::2
7. Finally, save and you're done with it.

That's all. You have successfully learned how to boost up browsing speed. Hope it will work for you. Enjoy speedy internet..!

More articles

1. Hacker Language
2. Pentest Network
3. Hacking Linux
4. Is Hacking Illegal
5. How To Pentest A Website With Kali
6. Pentest Smtp
7. Hacker Typer

BurpSuite Introduction & Installation

What is BurpSuite?
Burp Suite is a Java based Web Penetration Testing framework. It has become an industry standard suite of tools used by information security professionals. Burp Suite helps you identify vulnerabilities and verify attack vectors that are affecting web applications. Because of its popularity and breadth as well as depth of features, we have created this useful page as a collection of Burp Suite knowledge and information.

In its simplest form, Burp Suite can be classified as an Interception Proxy. While browsing their target application, a penetration tester can configure their internet browser to route traffic through the Burp Suite proxy server. Burp Suite then acts as a (sort of) Man In The Middle by capturing and analyzing each request to and from the target web application so that they can be analyzed.

Everyone has their favorite security tools, but when it comes to mobile and web applications I've always found myself looking BurpSuite . It always seems to have everything I need and for folks just getting started with web application testing it can be a challenge putting all of the pieces together. I'm just going to go through the installation to paint a good picture of how to get it up quickly.

BurpSuite is freely available with everything you need to get started and when you're ready to cut the leash, the professional version has some handy tools that can make the whole process a little bit easier. I'll also go through how to install FoxyProxy which makes it much easier to change your proxy setup, but we'll get into that a little later.

Requirements and assumptions:

Mozilla Firefox 3.1 or Later Knowledge of Firefox Add-ons and installation The Java Runtime Environment installed

Download BurpSuite from http://portswigger.net/burp/download.htmland make a note of where you save it.

on for Firefox from   https://addons.mozilla.org/en-US/firefox/addon/foxyproxy-standard/


If this is your first time running the JAR file, it may take a minute or two to load, so be patient and wait.


Video for setup and installation.

You need to install compatible version of java , So that you can run BurpSuite.

Related articles

• Pentest Hardware
• Pentest Owasp Top 10
• Pentest Windows
• Hacking Browser
• Pentester Academy
• Hacking Websites
• Pentestmonkey Sql Injection
• Pentest Active Directory
• Hacking The Art Of Exploitation
• Pentest Documentation
• Pentestmonkey
• Hacking Lab
• Pentest Stages
• Hacking Growth
• How To Pentest A Network
• Pentest Basics
• Pentest Tools Free
• Hacking Box
• Hacking 3Ds

Printer Security

Printers belong arguably to the most common devices we use. They are available in every household, office, company, governmental, medical, or education institution.

From a security point of view, these machines are quite interesting since they are located in internal networks and have direct access to sensitive information like confidential reports, contracts or patient recipes.

TL;DR: In this blog post we give an overview of attack scenarios based on network printers, and show the possibilities of an attacker who has access to a vulnerable printer. We present our evaluation of 20 different printer models and show that each of these is vulnerable to multiple attacks. We release an open-source tool that supported our analysis: PRinter Exploitation Toolkit (PRET) https://github.com/RUB-NDS/PRET

Full results are available in the master thesis of Jens Müller and our paper.

Furthermore, we have set up a wiki (http://hacking-printers.net/) to share knowledge on printer (in)security.
The highlights of the entire survey will be presented by Jens Müller for the first time at RuhrSec in Bochum.

Background

There are many cool protocols and languages you can use to control your printer or your print jobs. We assume you have never heard of at least half of them. An overview is depicted in the following figure and described below.

 

Device control

This set of languages is used to control the printer device. With a device control language it is possible to retrieve the printer name or status. One of the most common languages is the Simple Network Management Protocol (SNMP). SNMP is a UDP based protocol designed to manage various network components beyond printers as well, e.g. routers and servers.

Printing channel

The most common network printing protocols supported by printer devices are the Internet Printing Protocol (IPP), Line Printer Daemon (LPD), Server Message Block (SMB), and raw port 9100 printing. Each protocol has specific features like print job queue management or accounting. In our work, we used these protocols to transport malicious documents to the printers.

 

Job control language

This is where it gets very interesting (for our attacks). A job control language manages printer settings like output trays or paper size. A de-facto standard for print job control is PJL. From a security perspective it is very useful that PJL is not limited to the current print job as some settings can be made permanent. It can further be used to change the printer's display or read/write files on the device.

 

Page description language

A page description language specifies the appearance of the actual document. One of the most common 'standard' page description languages is PostScript. While PostScript has lost popularity in desktop publishing and as a document exchange format (we use PDF now), it is still the preferred page description language for laser printers. PostScript is a stack-based, Turing-complete programming language consisting of about 400 instructions/operators. As a security aware researcher you probable know that some of them could be useful. Technically spoken, access to a PostScript interpreter can already be classified as code execution.

 

Attacks

Even though printers are an important attack target, security threats and scenarios for printers are discussed in very few research papers or technical reports. Our first step was therefore to perform a comprehensive analysis of all reported and published attacks in CVEs and security blogs. We then used this summary to systematize the known issues, to develop new attacks and to find a generic approach to apply them to different printers. We estimated that the best targets are the PostScript and PJL interpreters processing the actual print jobs since they can be exploited by a remote attacker with only the ability to 'print' documents, independent of the printing channel supported by the device.

We put the printer attacks into four categories.

 

Denial-of-service (DoS)

Executing a DoS attack is as simple as sending these two lines of PostScript code to the printer which lead to the execution of an infinite loop:

Denial-of-service

%!
{} loop

Other attacks include:

• Offline mode. The PJL standard defines the OPMSG command which 'prompts the printer to display a specified message and go offline'.
• Physical damage. By continuously setting the long-term values for PJL variables, it is possible to physically destroy the printer's NVRAM which only survives a limited number of write cycles.
• Showpage redefinition. The PostScript 'showpage' operator is used in every document to print the page. An attacker can simply redefine this operator to do nothing.

Protection Bypass

Resetting a printer device to factory defaults is the best method to bypass protection mechanisms. This task is trivial for an attacker with local access to the printer, since all tested devices have documented procedures to perform a cold reset by pressing certain key combinations.
However, a factory reset can be performed also by a remote attacker, for example using SNMP if the device complies with RFC1759 (Printer MIB):

Protection Bypass

# snmpset -v1 -c public [printer] 1.3.6.1.2.1.43.5.1.1.3.1 i 6

Other languages like HP's PML, Kyocera's PRESCRIBE or even PostScript offer similar functionalities.

Furthermore, our work shows techniques to bypass print job accounting on popular print servers like CUPS or LPRng.

Print Job Manipulation

Some page description languages allow permanent modifications of themselves which leads to interesting attacks, like manipulating other users' print jobs. For example, it is possible to overlay arbitrary graphics on all further documents to be printed or even to replace text in them by redefining the 'showpage' and 'show' PostScript operators.

Information Disclosure

Printing over port 9100 provides a bidirectional channel, which can be used to leak sensitive information. For example, Brother based printers have a documented feature to read from or write to a certain NVRAM address using PJL:

Information Disclosure

@PJL RNVRAM ADDRESS = X

Our prototype implementation simply increments this value to dump the whole NVRAM, which contains passwords for the printer itself but also for user-defined POP3/SMTP as well as for FTP and Active Directory profiles. This way an attacker can escalate her way into a network, using the printer device as a starting point.
Other attacks include:

• File system access. Both, the standards for PostScript and PJL specify functionality to access the printers file system. As it seems, some manufacturers have not limited this feature to a certain directory, which leads to the disclosure of sensitive information like passwords.
  
• Print job capture. If PostScript is used as a printer driver, printed documents can be captured. This is made possible by two interesting features of the PostScript language: First, permanently redefining operators allows an attacker to 'hook' into other users' print jobs and secondly, PostScript's capability to read its own code as data allows to easily store documents instead of executing them.
  

• Credential disclosure. PJL passwords, if set, can easily retrieved through brute-force attacks due to their limited key space (1..65535). PostScript passwords, on the other hand, can be cracked extremely fast (up to 100,000 password verifications per second) thanks to the performant PostScript interpreters.
  

PRET

To automate the introduced attacks, we wrote a prototype software entitled PRET. The main idea of PRET is to facilitate the communication between the end-user and the printer. Thus, by entering a UNIX-like command PRET translates it to PostScript or PJL, sends it to the printer, and evaluates the result. For example, PRET converts a UNIX command ls to the following PJL request:

Information Disclosure

@PJL FSDIRLIST NAME="0:\" ENTRY=1 COUNT=65535

It then collects the printer output and translates it to a user friendly output.

PRET implements the following list of commands for file system access on a printer device:

Evaluation

As a highly motivated security researcher with a deep understanding of systematic analysis, you would probably obtain a list of about 20 - 30 well-used printers from the most important manufacturers, and perform an extensive security analysis using these printers.
However, this was not our case. To overcome the financial obstacles, we collected printers from various university chairs and facilities. While our actual goal was to assemble a pool of printers containing at least one model for each of the top ten manufacturers, we practically took what we could get. The result is depicted in the following figure:

The assembled devices were not brand-new anymore and some of them were not even completely functional. Three printers had physically broken printing functionality so it was not possible to evaluate all the presented attacks. Nevertheless, these devices represent a good mix of printers used in a typical university or office environment.

Before performing the attacks, we of course installed the newest firmware on each of the devices. The results of our evaluation show that we could find multiple attacks against each printer. For example, simple DoS attacks with malicious PostScript files containing infinite loops are applicable to each printer. Only the HP LaserJet M2727nf had a watchdog mechanism and restarted itself after about ten minutes. Physical damage could be caused to about half of the tested device within 24 hours of NVRAM stressing. For a majority of devices, print jobs could be manipulated or captured.

PostScript, PJL and PML based attacks can even be exploited by a web attacker using advanced cross-site printing techniques. In the scope of our research, we discovered a novel approach – 'CORS spoofing' – to leak information like captured print jobs from a printer device given only a victim's browser as carrier.
A proof-of-concept implementation demonstrating that advanced cross-site printing attacks are practical and a real-world threat to companies and institutions is available at http://hacking-printers.net/xsp/.

Our next post will be on adapting PostScript based attacks to websites.

Authors of this Post

Jens Müller
Juraj Somorovsky

Vladislav Mladenov

Continue reading

1. Pentest Magazine
2. Hacking Jailbreak
3. Hacking Browser
4. Hacking Simulator
5. Hackerrank Sql
6. Hacker Lab
7. Hacker Typer
8. Pentest Cyber Security
9. Hacking Process
10. Pentest Documentation
11. Hacking Growth
12. Hacking Link

Ophcrack

" Ophcrack is an open source (GPL license) program that cracks Windows LM hashes using rainbow tables. The program includes the ability to import the hashes from a variety of formats, including dumping directly from the SAM files of Windows. There is also a Live CD version which automates the retrieval, decryption, and cracking of passwords from a Windows system. Rainbow tables for LM hashes of alphanumeric passwords are provided for free by the developers. These tables can crack 99.9% of alphanumeric passwords of up to 14 characters in usually a few seconds, and at most a few minutes. Larger rainbow tables (for LM hashes of passwords with all printable characters, including symbols and space) are available for purchase from Objectif Securité. Starting with version 2.3, Ophcrack also cracks NT hashes. This is necessary if generation of the LM hash is disabled (this is default on Windows Vista), or if the password is longer than 14 characters (in which case the LM hash is not stored)." read more...

Website: http://ophcrack.sourceforge.net

Read more

• Hacking Programs
• How To Pentest A Network
• Hacking Simulator
• Hacking With Raspberry Pi
• Pentest Keys
• Pentest Process
• Hacking Gif
• Pentest Os
• Pentest Android App
• Hacker Keyboard
• Pentest+ Vs Oscp
• Pentest Bootcamp
• Pentest Practice
• Hacker Lab
• Hacking The Art Of Exploitation

CEH: System Hacking, Cracking A Password, Understanding The LAN Manager Hash, NetBIOS DoS Attacks

Passwords are the key element of information require to access the system. Similarly, the first step is to access the system is that you should know how to crack the password of the target system. There is a fact that users selects passwords that are easy to guess. Once a password is guessed or cracked, it can be the launching point for escalating privileges, executing applications, hiding files, and covering tracks. If guessing a password fails, then passwords may be cracked manually or with automated tools such as a dictionary or brute-force method.

Cracking a Password

Passwords are stored in the Security Accounts Manager (SAM) file on a Windows system and in a password shadow file on a Linux system.

Manual password cracking involves attempting to log on with different passwords. The hacker follows these steps:

1. Find a valid user account (such as Administrator or Guest).
2. Create a list of possible passwords.
3. Rank the passwords from high to low probability.
4. Key in each password.
5. Try again until a successful password is found.

A hacker can also create a script file that tries each password in a list. This is still considered manual cracking, but it's time consuming and not usually effective.

A more efficient way of cracking a password is to gain access to the password file on a system. Most systems hash (one-way encrypt) a password for storage on a system. During the logon process, the password entered by the user is hashed using the same algorithm and then compared to the hashed passwords stored in the file. A hacker can attempt to gain access to the hashing algorithm stored on the server instead of trying to guess or otherwise identify the password. If the hacker is successful, they can decrypt the passwords stored on the server.

Understanding the LAN Manager Hash

Windows 2000 uses NT LAN Manager (NTLM) hashing to secure passwords in transit on the network. Depending on the password, NTLM hashing can be weak and easy to break. For example, let's say that the password is 123456abcdef . When this password is encrypted with the NTLM algorithm, it's first converted to all uppercase: 123456ABCDEF . The password is padded with null (blank) characters to make it 14 characters long: 123456ABCDEF__ . Before the password is encrypted, the 14-character string is split in half: 123456A and
BCDEF__ . Each string is individually encrypted, and the results are concatenated:

123456A = 6BF11E04AFAB197F
BCDEF__ = F1E9FFDCC75575B15

The hash is 6BF11E04AFAB197FF1E9FFDCC75575B15 .

Cracking Windows 2000 Passwords

The SAM file in Windows contains the usernames and hashed passwords. It's located in the Windows\system32\config directory. The file is locked when the operating system is running so that a hacker can't attempt to copy the file while the machine is booted to Windows.

One option for copying the SAM file is to boot to an alternate operating system such as DOS or Linux with a boot CD. Alternately, the file can be copied from the repair directory. If a system administrator uses the RDISK feature of Windows to back up the system, then a compressed copy of the SAM file called SAM._ is created in C:\windows\repair . To expand this file, use the following command at the command prompt:

C:\>expand sam._ sam

After the file is uncompressed, a dictionary, hybrid, or brute-force attack can be run against the SAM file using a tool like L0phtCrack. A similar tool to L0phtcrack is Ophcrack.

Download and install ophcrack from http://ophcrack.sourceforge.net/

Redirecting the SMB Logon to the Attacker

Another way to discover passwords on a network is to redirect the Server Message Block (SMB) logon to an attacker's computer so that the passwords are sent to the hacker. In order to do this, the hacker must sniff the NTLM responses from the authentication server and trick the victim into attempting Windows authentication with the attacker's computer.

A common technique is to send the victim an email message with an embedded link to a fraudulent SMB server. When the link is clicked, the user unwittingly sends their credentials over the network.

SMBRelay

An SMB server that captures usernames and password hashes from incoming
SMB traffic. SMBRelay can also perform man-in-the-middle (MITM) attacks.

SMBRelay2

Similar to SMBRelay but uses NetBIOS names instead of IP addresses to capture usernames and passwords.

pwdump2

A program that extracts the password hashes from a SAM file on a Windows system. The extracted password hashes can then be run through L0phtCrack to break the passwords.

Samdump

Another program that extracts NTLM hashed passwords from a SAM file.

C2MYAZZ

A spyware program that makes Windows clients send their passwords as clear text. It displays usernames and their passwords as users attach to server resources.

NetBIOS DoS Attacks

A NetBIOS denial-of-service (DoS) attack sends a NetBIOS Name Release message to the NetBIOS Name Service on a target Windows systems and forces the system to place its name in conflict so that the name can no longer be used. This essentially blocks the client from participating in the NetBIOS network and creates a network DoS for that system.

1. Start with a memorable phrase, such as "Maryhadalittlelamb"
2. Change every other character to uppercase, resulting in "MaRyHaDaLiTtLeLaMb"
3. Change a to @ and i to 1 to yield "M@RyH@D@L1TtLeL@Mb"
4. Drop every other pair to result in a secure repeatable password or "M@H@L1LeMb"

Now you have a password that meets all the requirements, yet can be "remade" if necessary.

More articles

1. Hacking Page
2. Pentest Book
3. Hacker Kevin Mitnick
4. Hacking Typer
5. Pentest Vs Ceh
6. Hacking Script
7. Pentest Enumeration
8. Pentest Security
9. Pentest Jobs
10. Hacking Apps
11. Pentest Certification
12. Pentest Wifi
13. Hacker On Computer
14. Hacker Box
15. Pentest Linux
16. Hackerone
17. Hacking The Art Of Exploitation

OpenVAS

"OpenVAS stands for Open Vulnerability Assessment System and is a network security scanner with associated tools like a graphical user front-end. The core is a server component with a set of network vulnerability tests (NVTs) to detect security problems in remote systems and applications." read more...

Website: http://www.openvas.org

More articles

1. Hacking Simulator
2. Pentesterlab
3. Hacker Google
4. Pentest Security
5. Pentest Cyber Security
6. Hacker Software
7. Hacking The System
8. Pentest Active Directory
9. Pentest Windows 7
10. Hacking Jacket
11. Pentest Aws
12. Pentest Tools
13. Pentest Software
14. Pentest Tools Free

Freefloat FTP Server 1.0 | Remote Buffer Overflow | Exploit

Related posts

• Pentest Usb
• Pentest Tutorial
• Pentest Open Source
• Hacking Site
• Pentest Iso
• Hacking Hardware
• Hacking Hardware
• Pentest Report
• Pentestmonkey Cheat Sheet
• Pentest Linux
• Hacking Websites
• Pentestgeek
• What Hacking Is
• Hacker News

July 2019 Connector

*|MC_PREVIEW_TEXT|*

OWASP Connector   July 2019 Communications | Projects | Events | Community | Membership COMMUNICATIONS Letter from the Vice-Chairman: Since the last Connector, the Foundation has seen an extremely positive response to hosting a Global AppSec conference in Tel Aviv. The event was well attended with great speakers and training, furthering our mission to improving software security on a global level. Next up we have a Global AppSec conference in both Amsterdam and Washington DC. We have migrated away from the regional naming convention so in previous years these events would have been Europe and US. Planning for both events is well underway with some excellent keynotes being lined up. We hope you can join us at these conferences. As part of our community outreach, the Board and volunteers will be at BlackHat and DEFCON in Las Vegas next month. The Board will have a two-day workshop two days before the conference, but during the conference will look to talk to and collaborate with as many of the community as possible. We are really looking forward to this. It is that time of the year again, the global Board of Directors nominations are now open. There are four seats up for re-election: mine (Owen), Ofer, Sherif, and Chenxi. I would ask those who would like to help drive the strategic direction of the Foundation to step forward. If you are not interested in running, why not submit questions to those who are running. Recently the Executive Director has put forward a new initiative to change the way in which we utilize our funds in achieving our mission. The aim here is to have one pot of money where there will be fewer restrictions to chapter expenses. Funds will be provided to all, albeit as long as they are reasonable. The Board sees this as a positive step in our community outreach. Finally, I would like to ask those who are interested in supporting the Foundation, reach out to each Board member about assisting in  one of the following strategic goals, as set out by the board at the start of the year: Marketing the OWASP brand  Membership benefits Developer outreach Improve benefits  Decrease the possibility of OWASP losing relevance Reaching out to management and Risk levels Increase involvement in new tech/ ways of doing things – dev-ops Project focus  Get Universities involved Practicum sponsored ideas Internships  Improve finances Improve OWASP/ Board of Directors Perception Process improvement Get consistent Executive Director support Community empowerment Thanks and best wishes, Owen Pendlebury, Vice Chair   DC Registration Now Open                 Sponsorship Available - Registration Opens Soon UPDATE FROM THE EXECUTIVE DIRECTOR: Change: If we change nothing, how could we expect to be in a different place a year from now? It has been truly a pleasure these first six months as your Interim Executive Director and I look forward to many years to come. Everyone has done a great job helping me see our opportunities and challenges. And the challenges are real - both internally and our position in the infosec community. I'm biased toward action. My first task has been to redesign and optimize our operations. This will help staff to be more responsive while also saving the funds donated to the Foundation for our work on projects and chapters. This will also mean changes for you too. Communities work better when everyone always assumes we are all operating with the best of intentions. I can assure you that is the case of our Board, leaders, and staff. Evaluate our changes through this view and we'll save time and our collective sanity. One big project that is coming to life is our new website. We will soon be entering our 20th year and we needed to not just refresh the look but completely retool it for the next 20 years. We are rebuilding it from the ground up and we can't wait to share our progress. Over the next month or so we will be sharing more information on that project. Stay tuned! Mike McCamon, Interim Executive Director OWASP FOUNDATION UPDATE FROM EVENTS DIRECTOR: OWASP is pleased to announce our newest staff member, Sibah Poede will be joining us as the Events Coordinator and will begin full-time on 1 July. Sibah is a graduate of London South Bank University where she received a BA (Hons) Marketing Management. Prior to that, she gained a diploma in Market & Economics at the Copenhagen Business School, Neil's Brock, Denmark. After graduation, she launched her career in London working with Hilton International hotels at the Conference and Events department. She eventually moved on to work with Kaplan International Colleges in the marketing department. Later, she joined Polyglobe Group, and then Uniglobe within the travel sector, where she was involved in global exhibitions and events, account management and sales. She has lived in Denmark, Nigeria, Switzerland, and currently lives in London. In her spare time, she enjoys traveling and learning new cultures. She is also part of the Soup Kitchen Muswell Hill, a charity organization involved in feeding the homeless. Please join us in welcoming Sibah to the team. Emily Berman Events Director As many of you are aware, the OWASP Foundation has a Meetup Pro account.  We are requesting that all Chapters, Projects, Committees, and any other OWASP Meetup pages be transferred to the OWASP Foundation account. OWASP Foundation will be the Organizer of the Group and all Leaders/Administrators will be Co-Organizers with the same edit rights.   Once the Meetup page is transferred to our account, the Foundation will be funding the cost of the Meetup page.  If you do not want to continue being charged for your Meetup subscription account, you should then cancel it. Thereafter no Chapter, Project, etc. will be billed for Meetup.  Going forward the Foundation will no longer approve any reimbursement requests for Meetup.   For instructions on how to move your Meetup group to the OWASP Foundation account please see https://www.owasp.org/index.php/OWASP_Meetup_Information OWASP Members visit our website for $200 savings on Briefing passes for BlackHat USA 2019. EVENTS  You may also be interested in one of our other affiliated events: REGIONAL AND LOCAL EVENTS Event Date Location OWASP Auckland Training Day 2019 August 10, 2019 Auckland, New Zealand OWASP security.ac.nc-Wellington Day 2019 August 24, 2019 Wellington , New Zealand OWASP Portland Training Day September 25, 2019 Portland, OR OWASP Italy Day Udine 2019 September 27, 2019 Udine, Italy OWASP Portland Day October 16,2019 Wroclaw, Poland BASC 2019 (Boston Application Security Conference) October 19,2019 Burlington, MA LASCON X October 24-25,2019 Austin, TX OWASP AppSec Day 2019 Oct 30 - Nov 1, 2019 Melbourne, Australia German OWASP Day 2019 December 9-10, 2019 Karlsruhe, Germany PARTNER AND PROMOTIONAL EVENTS Event Date Location BlackHat USA 2019 August 3-8,2019 Las Vegas, Nevada DefCon 27 August 8-11,2019 Las Vegas, Nevada it-sa-IT Security Expo and Congress October 8-10, 2019 Germany PROJECTS Project Reviews from Global AppSec Tel Aviv 2019 are still being worked on.  Thank you to the reviewers that helped with it.  If you have time to help finalize the reviews, please contact me (harold.blankenship@owasp.com) and let me know. We continue to push forward with Google Summer of Code.  First and student evaluations are past and we are in our third work period.  Final evaluations are due 19th August! The Project Showcase at Global AppSec DC 2019 is shaping up to be a fantastic track.  Please note the following schedule.     Schedule Time Thursday, September 12 10:30 Secure Medical Device Deployment Standard Christopher Frenz 11:30 Secure Coding Dojo Paul Ionescu 1:00 p.m. Lunch Break 15:30 API Security Project Erez Yalon 16:30 Defect Dojo Matt Tesauro Time Friday, September 13 10:30 Dependency Check Jeremy Long 11:30 SAMM John Ellingsworth, Hardik Parekh 1:00 p.m. Lunch Break 15:30 SEDATED Dennis Kennedy 16:30 <open>   New Release of ESAPI # 2.2.0.0:  On June 25, a new ESAPI release, the first in over 3 years, was uploaded to Maven Central. The release # is 2.2.0.0. The release includes over 100 closed GitHub Issues and over 2600 additional unit tests. For more details, see the release notes at: https://github.com/ESAPI/esapi-java-legacy/blob/esapi-2.2.0.0/documentation/esapi4java-core-2.2.0.0-release-notes.txt A special shout out to project co-leader Matt Seil, and major contributors Jeremiah Stacey and Dave Wichers for their ongoing invaluable assistance in this effort. -- Kevin Wall, ESAPI project co-lead OWASP ESAPI wiki page and the GitHub project page. COMMUNITY   Welcome New OWASP Chapters Indore, India Panama City, Panama Medellin, Colombia Cartagena, Colombia Aarhus, Denmark Dhaka, Bangladesh Edmonton, Canada Lincoln, Nebraska Sanaa, Yemen Noida, India Mumbai, India MEMBERSHIP   We would like to welcome the following Premier and Contributor Corporate Members.  Contributor Corporate Members Join us Donate Our mailing address is: OWASP Foundation 1200-C Agora Drive, # 232 Bel Air, MD 21014   Contact Us Unsubscribe

This email was sent to *|EMAIL|* why did I get this?    unsubscribe from this list    update subscription preferences *|LIST:ADDRESSLINE|*