OWASP Yerevan

Welcome

Welcome to the Yerevan chapter homepage. Follow chapter news on Twitter or Facebook group.

Meetings

The entrance to events is open and free. Everyone is welcome to join us at our chapter meetings.

Call For Speakers

Call For Speakers is open - if you would like to present a talk on Application Security at future OWASP Yerevan Chapter events - please review and agree with the OWASP Speaker Agreement and send the proposed talk title, abstract and speaker bio to the Chapter Leaders via e-mail:

yerevan-chapter (at) owasp.org

Next Meeting/Event(s)

Due to a change in the APIs used to collate this data, this functionality is temporarily offline.

OWASP Yerevan Chapter meetings are posted on our MeetUp Page:

Please visit OWASP Yerevan MeetUp site for Yerevan Chapter event information.

Updates on Social Media and Mailing List

Please follow OWASP Yerevan Chapter on Twiter, Facebook, MeetUp and Linkedin.

Participation

The Open Web Application Security Project (OWASP) is a nonprofit foundation that works to improve the security of software. All of our projects ,tools, documents, forums, and chapters are free and open to anyone interested in improving application security.

Chapters are led by local leaders in accordance with the Chapter Policy. Financial contributions should only be made online using the authorized online donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP Project, independent research, or related software security topic you would like to present.

Everyone is welcome and encouraged to participate in our Projects, Local Chapters, Events, Online Groups, and Community Slack Channel. We especially encourage diversity in all our initiatives. OWASP is a fantastic place to learn about application security, to network, and even to build your reputation as an expert. We also encourage you to be become a member or consider a donation to support our ongoing work.


Events


Friday, 3rd June 2022

OWASP monthly meetup

AGENDA

  • Sam Stepanyan - Using OWASP Nettacker for Recon and Vulnerability Scanning

COVID-19 Restrictions

As the event is going to be in-person, there will be in-place symptom checks, and please have your masks on.

Hosted at AUA, room 314W - https://goo.gl/maps/p5mr6WxPoaKmx9C98
Meetup link - https://www.meetup.com/owasp-yerevan/events/286136433/

TALK ABSTRACT


“Using OWASP Nettacker for Recon and Vulnerability Scanning” by Sam Stepanyan
The OWASP Nettacker project was created to automate information gathering, vulnerability scanning, and in general to aid the penetration testing engagements. Nettacker is able to run various scans using a variety of methods and generate scan reports for applications and networks, including services, bugs, vulnerabilities, misconfigurations, default credentials and many other cool features - for example the ability to chain different scan methods. This relatively new (Summer 2017) and a lesser-known OWASP project has generated a huge amount of interest at BlackHat Europe 2018/2019 Arsenal live demo gathering massive crowds of seasoned hackers and penetration testers eager to see this new tool in action. This talk will showcase the OWASP Nettacker project giving an overview of its features and including a live demo of the tool. Overview by Sam - https://youtu.be/Y4ANGdG8NvU, project - https://github.com/OWASP/Nettacker.




Thursday, 19th May 2022

OWASP monthly meetup

AGENDA

  • Paul Intrarakha - Scaling Application and Infrastructure Security around Cloud in a Hyper Growth Company

COVID-19 Restrictions

As the event is going to be in-person, there will be in-place symptom checks, and please have your masks on.

Hosted at AUA, room 313W - https://goo.gl/maps/p5mr6WxPoaKmx9C98
Meetup link - https://www.meetup.com/owasp-yerevan/events/285937721/

TALK ABSTRACT


“Scaling Application and Infrastructure Security around Cloud in a Hyper Growth Company” by Paul Intrarakha
Modern web applications are growing ever complex, whether it is operating in a multi-cloud ecosystem, integrating and handling data within a web of 3rd party providers, or engaging with hundreds of software engineers, the pace of web development has only increased. Now imagine this at a hyper growth company! During this talk, Paul shared not only the security practices that have worked and allowed Information Security to scale with the business, but also the challenges to think and look forward to. Paul Intrarakha is the Senior Principal, Application Security Architect at ServiceTitan. His past leadership experience includes services at Green Dot Corporation and The Boeing Company. Slides at https://drive.google.com/file/d/….




Friday, 8th April 2022

OWASP monthly meetup

AGENDA

COVID-19 Restrictions

As the event is going to be in-person, there will be in-place symptom checks, and please have your masks on.

Hosted at AUA, room 313W - https://goo.gl/maps/p5mr6WxPoaKmx9C98
Meetup link - https://www.meetup.com/owasp-yerevan/events/284720489/

TALK ABSTRACTS


“Cracking OSCP at 18” by Eduard Elbakyan
Eduard Elbakyan spoke about his experience passing OSCP, prerequisites and preparation for the course and gave general adivices for the folks wanting to start career at InfoSec industry. Slides at https://drive.google.com/file/d/….

“Fishing vs Phishing” by Mane Hambardzumyan
Mane Hambardzumyan broke down categories of phishing, concepts behind those and how it is similar to fishing. Slides at https://drive.google.com/file/d/….




Friday, 24th December 2021

OWASP monthly meetup

AGENDA

COVID-19 Restrictions

As the event is going to be in-person, there will be in-place symptom checks, and please have your masks on.

Hosted at ISTC Foundation - https://goo.gl/maps/LixWapjRw7Xs75Ek9
Meetup link - https://www.meetup.com/owasp-yerevan/events/282801034/

TALK ABSTRACTS


“Deep Dive into Log4Shell” by Hayk Andriasyan
Hayk Andriasyan broke down issues behind CVE-2021-44228, CVE-2021-45046 and CVE-2021-45105, log4j lookups and JNDI injections. Recording at https://youtu.be/Mxa89lfM6Lw, slides at https://drive.google.com/file/d/….

“Exploring JS Prototype Pollution” by Varik Matevosyan
Varik Matevosyan spoke about javascript objects and prototypes, property lookups, and how unsafe object property assignment may result in prototype pollution. Recording at https://youtu.be/Wt-Xm2iY54U, slides at https://drive.google.com/file/d/…, source at https://github.com/var77/proto-pollution-owasp-yerevan.




Wednesday, 15th December 2021

OWASP meetup with a guest speaker

AGENDA

Jeroen van Ringelenstein from VASC Netherlands will present “A more sophisticated approach to test cyber resilience”.

COVID-19 Restrictions

As the event is going to be in-person, there will be in-place symptom checks, and please have your masks on.

Hosted at AUA, room 308E - https://goo.gl/maps/p5mr6WxPoaKmx9C98




Friday, 1st October 2021

OWASP monthly meetup

AGENDA:

Hosted at ISTC Foundation - https://goo.gl/maps/LixWapjRw7Xs75Ek9
Meetup link - https://www.meetup.com/owasp-yerevan/events/281053655/

TALK ABSTRACTS


“BinSide” by Hayk Aslanyan
Hayk Aslanyan presented BinSide a static analysis framework for defects detection in binary code. Recording at https://youtu.be/VEehB28m2FM, slides at https://drive.google.com/file/d/….

“Deserialization Attacks on Java Applications” by Hayk Andriasyan
Hayk Andriasyan spoke about deserialization attacks on applications built on java and how to prevent those. Recording at https://youtu.be/mZC8PeCq-_k, slides at https://drive.google.com/file/d/….

“OWASP TOP 10 2021 breakdown” by Hrant Haroyan
Hrant Haroyan made a discussion and broke down the new top 10. Recording at https://youtu.be/82ZmF2Mu0vY.




Friday, 3rd September 2021

OWASP monthly meetup

AGENDA:

  • “CyberՀայք” - Vaagn Toukharian, Satenik Mnatsakanyan,
  • “Bug Bounties: experience from both sides” - Davit Karapetyan,
  • “ArmBounty follow-up”.

Hosted at ISTC Foundation - https://goo.gl/maps/LixWapjRw7Xs75Ek9
Meetup link - https://www.meetup.com/owasp-yerevan/events/280461941/

TALK ABSTRACTS


“CyberՀայք” by Vaagn Toukharian and Satenik Mnatsakanyan
Vaagn Toukharian and Satenik Mnatsakanyan spoke about the “CyberՀայք” initiative which strives to spread cybersecurity awareness across Armenian schools.

“Bug Bounties: experience from both sides” by Davit Karapetyan
Davit Karapetyan told about his experience in bug bounties from both the hunter and the company side. Slides are available at https://go.xss.am/bbs-owasp and https://go.xss.am/bbs-owasp.pdf.

“ArmBounty follow-up”
Sona Petrosyan from Chessify and Ruben Manukyan from VXSoft shared their experience from ArmBounty live hacking events as hosts.


Everyone is welcome to join us at OWASP events both as an attendee and as a speaker.