Venue - HasGeek
Date - 17th January 2015
Apoorva Giri and Shruthi Kamath, two Information security enthusiasts conducted a workshop on Web Application Security and Network Security at the HasGeek house recently.
It was a woman only event held as an initiative to introduce more women to the InfoSec arena. This event was held in association with HasGeek, at the HasGeek house, Bengaluru.
The workshop covered basics of Web App Security and Network Security. The participants worked along with the instructors in the hands-on session alongside Apoorva and Shruthi.
Normally the webinars and the talks that I had attended earlier dived right into hacking, ransack a web app and put the network team to shame in public by showcasing the vulnerabilities. The experience at this workshop was refreshingly different.
The organizers guided the participants in the following activities:
→ downloading and installing Kali Linux and metasploitable on Oracle VM VirtualBox
→ trouble shooting issues encountered when installing the above softwares on different Operating Systems.
This in itself was an enriching experience to the participants who had come from different backgrounds. The participants ranged from - newbies, learners with technical background, software engineers, managers, hackers and a few business owners with no technical background.
The participants were introduced to a plethora of topics in a day’s workshop. The presentation covered topics mentioned below:
- OWASP top ten project
- Nmap Network Scanning Tool
- Metasploit Framework
- Hacking challenges for the participants at the end of the workshop
Other topics which were spoken about at this workshop were:
- Getting started in InfoSec, the education qualifications required for a career and different career options.
- The importance of having such women centric events and the need for it.
- The need to be safe online
- Short descriptions for the different job roles - Computer Forensics Investigator, Malware Analyst, Security Researcher, Security Auditor, Exploit Developer, Secure Developer, CISO
Statistics on Women in Infosec - It was interesting to learn first hand from both about the growth curve we have had in the recent past about women entering the Infosec arena and the audience attendance at HasGeek event was a reflection of this slow but steady growth.
In the technical session, the participants were introduced to important concepts of Network Security using Nmap as a tool. This learning session was followed by a practical DEMO on Metasploit framework to exploit a vulnerable system.
The second half of the workshop covered the OWASP Top Ten Web Vulnerabilities.
The participants used the Vulnerable testing app for hands-on purpose.
The workshop ended by having the participants to put their web app security knowledge to use by solving small hacking challenges. The participants enthusiastically went on to solve exercises presented to them. Solving and having cheered for every solution, helped the participants to proceed with vigour.
Acknowledgements to the host and the co-founder of HasGeek Zainab Bawa for hosting us all with good cheer, the InfoSec girls Apoorva and Shruthi for conducting the workshop which helped the participants to take a step forward in the direction of learning about software security.
HasGeek has a job board of their own hasjob - look out for openings that suit your requirements and matches with that of the recruiter’s here.
HasGeek house provides space for hackathon events, hosts presenters and creates discussion spaces for geeks. To know more about hasgeek, follow them on Twitter.
Their twitter handler @HasGeek
Tweets by @jackerhack, @zainabbawa and the crew.
Tweets by @jackerhack, @zainabbawa and the crew.
Links to the photos taken at the event
About the presenters
Apoorva works as a Security Analyst with iViZ Security (a Cigital company).She has presented a workshop on "Cyber Security and Ethical Hacking for Women" at c0c0n 2014at Kochi, Kerala. Her interests lie in Web Application Security and Mobile Security. She's an active member of null/OWASP Bangalore Chapter. She has been listed on the Barracuda Hall of Fame for finding vulnerabilities on their application. During her free time, she likes to catch up on her reading and travel to new places.
Shruthi works as a Security Analyst at Infosys. She is a Certified Ethical Hacker from EC Council .She has presented a workshop on "Cyber Security and Ethical Hacking for Women" at c0c0n 2014.She has conducted a one day workshop on "OWASP TOP 10" at Null Bangalore chapter. She has presented a paper titled "Secure SDLC" at c0c0n 2013.She has participated at Jailbreak NULLCON 2014. She presented a talk on "Cyber Crimes in India and its Mitigation" at the National Conference for Women Police held at Trivandrum. She's an active member of Null/OWASP Bangalore Chapter. Her area of interest is Web Application Security.
Contact the InfoSec girls for a workshop
Apoorva Giri is @cedricfanapoo on Twitter
Shruthi Kamath is @ShruthiKamath30 on Twitter
You can also visit their website https://infosecgirls.in