OWASP Yerevan

Welcome

Welcome to the Yerevan chapter homepage. Follow chapter news on Twitter or Facebook group.

Meetings

The entrance to events is open and free. Everyone is welcome to join us at our chapter meetings.

Call For Speakers

Call For Speakers is open - if you would like to present a talk on Application Security at future OWASP Yerevan Chapter events - please review and agree with the OWASP Speaker Agreement and send the proposed talk title, abstract and speaker bio to the Chapter Leaders via e-mail:

yerevan-chapter (at) owasp.org

Next Meeting/Event(s)

OWASP Yerevan Chapter meetings are posted on our MeetUp Page:

Please visit OWASP Yerevan MeetUp site for Yerevan Chapter event information.

Updates on Social Media and Mailing List

Please follow OWASP Yerevan Chapter on Twiter, Facebook, MeetUp and Linkedin.

Participation

The Open Web Application Security Project (OWASP) is a nonprofit foundation that works to improve the security of software. All of our projects ,tools, documents, forums, and chapters are free and open to anyone interested in improving application security.

Chapters are led by local leaders in accordance with the Chapter Policy. Financial contributions should only be made online using the authorized online donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP Project, independent research, or related software security topic you would like to present.

Everyone is welcome and encouraged to participate in our Projects, Local Chapters, Events, Online Groups, and Community Slack Channel. We especially encourage diversity in all our initiatives. OWASP is a fantastic place to learn about application security, to network, and even to build your reputation as an expert. We also encourage you to be become a member or consider a donation to support our ongoing work.


Events


Friday, 24th December 2021

OWASP monthly meetup

AGENDA

COVID-19 Restrictions

As the event is going to be in-person, there will be in-place symptom checks, and please have your masks on.

Hosted at ISTC Foundation - https://goo.gl/maps/LixWapjRw7Xs75Ek9
Meetup link - https://www.meetup.com/owasp-yerevan/events/282801034/

TALK ABSTRACTS


“Deep Dive into Log4Shell” by Hayk Andriasyan
Hayk Andriasyan broke down issues behind CVE-2021-44228, CVE-2021-45046 and CVE-2021-45105, log4j lookups and JNDI injections. Recording at https://youtu.be/Mxa89lfM6Lw, slides at https://tooyn.am/hayk-log4shell.

“Exploring JS Prototype Pollution” by Varik Matevosyan
Varik Matevosyan spoke about javascript objects and prototypes, property lookups, and how unsafe object property assignment may result in prototype pollution. Recording at https://youtu.be/Wt-Xm2iY54U, slides at https://tooyn.am/owasp-proto, source at https://github.com/var77/proto-pollution-owasp-yerevan.




Wednesday, 15th December 2021

OWASP meetup with a guest speaker

AGENDA

Jeroen van Ringelenstein from VASC Netherlands will present “A more sophisticated approach to test cyber resilience”.

COVID-19 Restrictions

As the event is going to be in-person, there will be in-place symptom checks, and please have your masks on.

Hosted at AUA, room 308E - https://goo.gl/maps/p5mr6WxPoaKmx9C98




Friday, 1st October 2021

OWASP monthly meetup

AGENDA:

Hosted at ISTC Foundation - https://goo.gl/maps/LixWapjRw7Xs75Ek9
Meetup link - https://www.meetup.com/owasp-yerevan/events/281053655/

TALK ABSTRACTS


“BinSide” by Hayk Aslanyan
Hayk Aslanyan presented BinSide a static analysis framework for defects detection in binary code. Recording at https://youtu.be/VEehB28m2FM, slides at https://tooyn.am/owasp-bin.

“Deserialization Attacks on Java Applications” by Hayk Andriasyan
Hayk Andriasyan spoke about deserialization attacks on applications built on java and how to prevent those. Recording at https://youtu.be/mZC8PeCq-_k, slides at https://tooyn.am/owasp-des.

“OWASP TOP 10 2021 breakdown” by Hrant Haroyan
Hrant Haroyan made a discussion and broke down the new top 10. Recording at https://youtu.be/82ZmF2Mu0vY.




Friday, 3rd September 2021

OWASP monthly meetup

AGENDA:

  • “CyberՀայք” - Vaagn Toukharian, Satenik Mnatsakanyan,
  • “Bug Bounties: experience from both sides” - Davit Karapetyan,
  • “ArmBounty follow-up”.

Hosted at ISTC Foundation - https://goo.gl/maps/LixWapjRw7Xs75Ek9
Meetup link - https://www.meetup.com/owasp-yerevan/events/280461941/

TALK ABSTRACTS


“CyberՀայք” by Vaagn Toukharian and Satenik Mnatsakanyan
Vaagn Toukharian and Satenik Mnatsakanyan spoke about the “CyberՀայք” initiative which strives to spread cybersecurity awareness across Armenian schools.

“Bug Bounties: experience from both sides” by Davit Karapetyan
Davit Karapetyan told about his experience in bug bounties from both the hunter and the company side. Slides are available at https://go.xss.am/bbs-owasp and https://go.xss.am/bbs-owasp.pdf.

“ArmBounty follow-up”
Sona Petrosyan from Chessify and Ruben Manukyan from VXSoft shared their experience from ArmBounty live hacking events as hosts.


Everyone is welcome to join us at OWASP events both as an attendee and as a speaker.