OWASP Albuquerque

Welcome

OWASP Albuquerque is for anyone here in town to discuss software security topics. We have a couple discussion ideas in mind, but we are also eager to hear what you would like to talk about too!

Upcoming Event: Albuquerque Software Social Club

Monthly on Thursday, at 6:00 pm

The Albuquerque Software Social Club meets at O’Neills once a month for tech presentations. This is not an OWASP event, but you are sure to find something interesting at the next tech presentation. Go to their Meetup page to find out more.

Upcoming Event: TechFest

Friday, October 11, 2024, 1:00 pm - 7:00 pm

TechFest is a free conference that may be of interest to OWASP members. Find out more at the Tech Fest Eventbrite page.

Centennial Science and Engineering Library

Centennial Library is located on the University of New Mexico campus, near the corner of University Blvd. and Central Ave.

Public parking is across the stree on University Blvd. Street parking is available south of Central Ave.

map

The entrance is a small building that leads you underground.

A valid government-issued or student picture ID is required to enter the Centennial Science and Engineering Library. Have your photo ID ready to show at the downstairs turnstile.

entrance

Example

Put whatever you like here: news, screenshots, features, supporters, or remove this file and don’t use tabs at all.

OWASP ABQ is headed by two co-leaders. Our chapter year starts in August. In April or May, we should elect two new co-leaders to take over the following August.

What do chapter leaders do?

  • reserve meeting space
  • respond to inquiries
  • update this web site
  • maintain our discord server
  • send reminders for meetings
  • find speakers
  • do presentations

Want to become a co-leader?

In a spring meeting, we’ll take nominations and vote on the new co-leaders. Please come to a meeting to find out more.

Using Fuzzing in Cybersecurity

Tuesday, July 23, 2024, at 4:30 pm

UNM Centennial Library, DEN2

Fuzzing is a technique to test programs with generated data. Its main goal is to detect crashes and non-expected failures. Radamsa is a general-purpose, black-box-oriented mutating fuzzer. In this talk, José will show examples of fuzzing using radamsa from basic command line tools to network services. We will also discuss some applications in cybersecurity of fuzzing involving automation of test cases.

Agenda:

Leadership Elections and Planning

Tuesday, July 16, 2024, at 5:30 pm

Bosque Brewing, 106 Girard Blvd SE, Unit B, Albuquerque, NM 87106

It’s time to plan activities for the next year! We need your ideas for future chapter activities. Please come by to say hello and tell us what you think OWASP ABQ should work on this year.

Interested in a leadership position? We will also elect 2 co-leaders for the next year. Find out more information in the Leadership section.

Agenda:

Minutes:

  • 4 attendees showed up.
  • Everyone urged to come up with event ideas for the next year.
  • Election results: 3 votes for Rose to be co-leader.
  • Talked upcoming events listed above. We are excited about José’s talk next Tuesday!
  • An OWASP participant will be speaking a BSides this Friday. Everyone is interested in attending; some have tickets already.
  • Next OWASP meeting after next Tuesday will be in November or December.

Cross-Site Request Forgery Basics

Tuesday, April 30, 2024, at 5:30 pm

Cesar Chavez Community Center, Meeting Room

Franklin and Althea will discuss the basics of Cross-Site Request Forgery (CSRF), assuming as little knowledge of web development as possible. This will include a review of how web browsers load and render web pages by making HTTP requests to a web server, how cookies are used to authenticate requests, and how authenticated requests are spoofed in a CSRF attack. They will also discuss browser security mechanisms that facilitate CSRF prevention, and what a website designer can do to prevent these attacks. The talk will be followed by a lab exercise from Portswigger.

Please RSVP to [email protected]. If you want to participate in the lab exercise, please bring a personal computer and make an account on the Portswigger website before the event. It is also recommended (but not required) to install either Burp Suite Community Edition, or another web proxy of your choice.

Agenda:

  • Meet and greet
  • Featured presentation “Cross-Site Request Forgery Basics”
  • Elect 2 co-leaders for next year
  • Pitch ideas and recruit volunteers for future presentations

Code Eyeballing

Wednesday, March 27, 2024, at 4 pm

UNM Centennial Library, DEN2

Rose will guide us through a code review of a simple web application. Participants will be invited to eyeball code in the context of their favorite risk from OWASP Top 10; list issues; discuss remediation strategies; and prioritize remediations.

All activities can be completed by looking at code. But you can also test on your machine with Docker: deploy https://github.com/pzzd/docker-lamp and send a request to [email protected] for access to the web application repo.

Our space is limited to 16 people, so please RSVP to [email protected].

Agenda:

  • Greetings and salutations
  • Featured presentation “Code Eyeballing”
  • Pitch ideas and recruit volunteers for future presentations

Basics of SQL injection

Monday, November 27, 2023, at 4 pm

UNM Centennial Library, DEN2

UNM student Franklin Pezzuti Dyer will discuss the basics of how databases might be used for web applications, how a web app can manipulate a database using SQL, and how this can leave an app open for attack if SQL commands are handled unsafely. The meeting will consist of a short introductory talk, followed by a lab session consisting of SQL injection exercises on deliberately vulnerable websites hosted by Portswigger.

If you would like to participate in the lab session, please come prepared with a Portswigger account, and a proxy of your choice installed. You will need this to capture, examine and modify HTTP packets. You could use Burp Suite (software by Portswigger, recommended) or an open-source alternative like mitmproxy.

Our space is limited to 16 people, so please RSVP to [email protected].

Agenda:

  • Say Howdy
  • Featured presentation “Basics of SQL injection”
  • Pitch ideas and recruit volunteers for future presentations

Breaking into websites using misconfigurations

Thursday, October 26, 2023, at 4 pm

UNM Centennial Library, DEN2

Security research student Alex Adams will give a presentation about exploiting misconfigurations of the Google Authentication Toolkit in the wild. Learn about the Google Identity Toolkit API and common ways you might find it misconfigured. This talk will discuss some methods to spot issues with websites in general, common tools used by hackers for web penetration, and then go into a specific example of gaining unauthorized access to a website.

Agenda:

  • Meet and greet
  • Featured presentation “Breaking into websites using misconfigurations”
  • Pitch ideas and recruit volunteers for future presentations

Code injection attacks

Wednesday, August 30, 2023, 3 pm - 6 pm

UNM Centennial Library, DEN2

Agenda:

  • Get to know each other
  • Pitch ideas for future meetings
    • We may have a future talk about network security.
    • Meeting time should be later, starting around 5 or 5:30.
  • Informal presentation and discussion about code injection attacks at 4 pm. If you have thoughts or experience in this area, please come and share!
Watch Star