OWASP Colorado Springs

Coloarado Springs Chapter Logo

Welcome to the OWASP Colorado Springs Chapter! A welcoming community of technology professionals interested in the world of Application Security.

About OWASP COS

We hope to be a community built chapter and want to explore locations around the city. We regularly meet at the National Cybersecurity Center (NCC), however some meetup locations may vary! Our meetups consist of workshops, speakers, and other technical infosec opportunities. Technical knowledge is NOT required and all who are interested are welcome to attend our meetups. Join our Slack server to stay up to date!

Upcoming Meetings

OWASP Colorado Springs Next Chapter Meeting is Thursday, September 26th, 2024 @ 6:00PM
We recommend following our Meetup Group to stay up to date on our chapter meetups!
Colorado Springs Meetup Group Next Meeting:


Our meetings are open to the public, and you do not need to be a member to attend.
Please do consider joining OWASP if you find our community, projects, and meetings valuable, or sponsoring this chapter.

Call for Volunteers and Support

If you are interested in supporting our Chapter, please reach out to Marc Sanchez or James Smith. Your support helps us run bigger and better meetups by providing food, drinks, securing venues, and help speakers who are traveling.

Call for Speakers

Please make sure you read the speaker agreement.
Email (Marc Sanchez or James Smith).

Past Events Previous meetup slides can be found on our chapter LinkedIn Page

John Mocuta - August 29, 2024

Finding a 0-Day & Getting a CVE

Summary

Context
John, a red-team specialist in network, web app, and hardware security, discovered a 0-day vulnerability in a client's 
Robotic Process Automation (RPA) code, which had never been reviewed. John was also disappointed that RPAs had nothing
to do with actual robots.
Process

Submit a form at cve.mitre.org with product and version details. John’s Submission: CVE-2022-29856

Key Concepts

Options for Disclosure:

  • No disclosure
    • Keep the vulnerability private–i.e. not discloused to anyone.
  • Full disclosure (public)
    • Release (possibly immediately) the details of the vulnerability to the public, without notifying the vendor first.
  • Coordinated/Responsible disclosure (report to vendor first)
    • Report the vulnerability to the vendor first, allowing them time to fix it before publicly disclosing it.

Safe Harbor

  • Protection from legal repercussions when reporting vulnerabilities.

Reporting Hierarchy:

  1. PR
  2. Legal
  3. InfoSec

Austin Harbor Association

  • Allows anonymous reporting of vulnerabilities.

Jason Haddix - The Bug Hunters Methodology: Recon

October 27, 2022 National Cybersecurity Center (NCC)

OWASP COS Kick-Off

August 25, 2022 National Cybersecurity Center (NCC)

Watch Star