May Capital Area Cyber Security User Group Meeting
May Meeting - Web Application Security
In this session we will go over the most common vulnerabilities found in web applications as listed by the OWASP Top Ten covering what they are and strategies on how to mitigate them. In the hands on labs section we will be using tools from Samurai Web Testing Framework we will exploit several vulnerabilities of different web applications contained on the OWASP Broken Web Applications VM.
April Meeting - Target System Penetration
April Meeting - Target System Penetration
Target System Penetration:
Using People, Process, and Technology to hack into systems.
March Meeting - Active Information Gathering
March Meeting - Active Information Gathering
The largest success factor for cyber attacks is possessing detailed information about the target. In this meeting you will learn how to use ping, nmap, nessus and other tools to find information about targets.
Active Information Gathering:
-Identify live systems
-Map the network
-Types of operating systems, databases, servers, protocols, and programming languages used (in-depth)
-Identify system vulnerabilities
Nine Reasons to join Capital Area Cyber Security
- Learn offensive knowledge to better defend computer networks
- Hands-on security training to compliment theory, put theories into practice
- Knowledge sharing: the power of group learning
- Increase experience with a multitude of security aspects
- Network with other security-minded professionals
- Play in a safe lab environment not offered at work or home
- Earn CPEs to maintain certifications without high costs for CISSP
- Preparing and presenting 2 hour presentation = 8 CPEs
- Participating 1 hour = 1 CPE
- Updating existing presentation (see ISC2 chart for specifics)
- Have your questions answered, bring hard issues that require
solutions - Improve public speaking and training skills
February Meeting - Passive Information Gathering
February Meeting - Passive Information Gathering
Agenda:
- Passive Information Gathering
- Goals
- Key Employee Identification
- Wireless Access Point Identification
- Website and Web Page Code Analysis
- Electronic Dumpster Diving
- Google Hacking
- Domain Ownership
- Lab Exercises
