Welcome to the Sacramento OWASP. We are a group of Security, Networking, Technology, Computer, you name it advocates here to share, teach, and learn.
The best way to find our events is to look on Meetup.com. Be sure to join so that you can be notified of new events.
The best way to get in touch is Slack.
- Go to this link.
- Register with your e-mail address.
- When in the Slack, find our channel in the channel list, or simply type:
The Open Web Application Security Project (OWASP) is a nonprofit foundation that works to improve the security of software. All of our projects, tools, documents, forums, and chapters are free and open to anyone interested in improving application security.
Chapters are led by local leaders in accordance with the Chapter Leader Handbook. Financial contributions should only be made online using the authorized online donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP Project, independent research, or related software security topic you would like to present.
Everyone is welcome and encouraged to participate in our Projects, Local Chapters, Events, Online Groups, and on Slack @#chapter-sacramento. We especially encourage diversity in all our initiatives. OWASP is a fantastic place to learn about application security, to network, and even to build your reputation as an expert. We also encourage you to be become a member or consider a donation to support our ongoing work.
This month we covered a simple intro into Threat Modeling. And we conducted this meetup remotely due to the COVID-19 situation.
This month we discussed how a tool like BeEF can reveal the true potential of what Cross Site Scripting (XSS) can lead to. BeEF can be used to leverage the exploitability of the browser to send payloads to unsuspecting victims. Being aware of these attacks and how they work can help developers better prepare and defend against them.
BSides SF is fast approaching! Who’s going?
This month we talked about a number of modern web security patterns. Like how to
add Subresource Integrity (SRI) checking to your external resources. Ways you
can enable Content Security Policies (CSP) and reporting on CSPs. What to expect
from Expect Certificate Transparency (Expect-CT) and Certificate Authorization
Authorities (CAAs). Then we wrapped it up with how to set up a
your site with the securitytxt proposal. There’s also a generator found
Come join us for the inaugural event of the Sacramento OWASP Chapter. We have so much AppSec, NetSec, and InfoSec talent in the Sacramento area that it’s time we form a community for us to share our thoughts, experiences, and best practices.
The Sacramento OWASP chapter has been dormant for a while and it’s time to give it a jump start. This will be our first official meeting. Come by, say hello, put a face to a name, and maybe let us know what you’re interested in learning or even contributing!
Please RSVP by October 15th so we can accommodate seating, snacks, and drinks.