OWASP Albuquerque

Welcome

OWASP Albuquerque is for anyone here in town to discuss software security topics. We have a couple discussion ideas in mind, but we are also eager to hear what you would like to talk about too!

Next Event: Basics of SQL injection

Monday, November 27, 2023, at 4 pm

UNM Centennial Library, DEN2

UNM student Franklin Pezzuti Dyer will discuss the basics of how databases might be used for web applications, how a web app can manipulate a database using SQL, and how this can leave an app open for attack if SQL commands are handled unsafely. The meeting will consist of a short introductory talk, followed by a lab session consisting of SQL injection exercises on deliberately vulnerable websites hosted by Portswigger.

If you would like to participate in the lab session, please come prepared with a Portswigger account, and a proxy of your choice installed. You will need this to capture, examine and modify HTTP packets. You could use Burp Suite (software by Portswigger, recommended) or an open-source alternative like mitmproxy.

Our space is limited to 16 people, so please RSVP to [email protected].

Agenda:

  • Say Howdy
  • Featured presentation “Basics of SQL injection”
  • Pitch ideas and recruit volunteers for future presentations

Centennial Science and Engineering Library

Centennial Library is located on the University of New Mexico campus, near the corner of University Blvd. and Central Ave.

Public parking is across the stree on University Blvd. Street parking is available south of Central Ave.

map

The entrance is a small building that leads you underground.

A valid government-issued or student picture ID is required to enter the Centennial Science and Engineering Library. Have your photo ID ready to show at the downstairs turnstile.

entrance


Example

Put whatever you like here: news, screenshots, features, supporters, or remove this file and don’t use tabs at all.


Thursday, October 26, 2023, at 4 pm

Breaking into websites using misconfigurations

UNM Centennial Library, DEN2

Security research student Alex Adams will give a presentation about exploiting misconfigurations of the Google Authentication Toolkit in the wild. Learn about the Google Identity Toolkit API and common ways you might find it misconfigured. This talk will discuss some methods to spot issues with websites in general, common tools used by hackers for web penetration, and then go into a specific example of gaining unauthorized access to a website.

Agenda:

  • Meet and greet
  • Featured presentation “Breaking into websites using misconfigurations”
  • Pitch ideas and recruit volunteers for future presentations

Wednesday, August 30, 2023, 3 pm - 6 pm

UNM Centennial Library, DEN2

Agenda:

  • Get to know each other
  • Pitch ideas for future meetings
    • We may have a future talk about network security.
    • Meeting time should be later, starting around 5 or 5:30.
  • Informal presentation and discussion about code injection attacks at 4 pm. If you have thoughts or experience in this area, please come and share!