The CTF Cluster is honoured to welcome Jim Manico, a Global Board Member for the OWASP foundation, to join our July meeting.
Jim is the founder of Manicode Security where he trains software developers on secure coding and security engineering. He is also an investor/advisor for Nucleus Security, BitDiscovery, Secure Circle and Inspectiv. Jim is a frequent speaker on secure software practices, is a member of the Java Champion community, and is the author of "Iron-Clad Java: Building Secure Web Applications" from Oracle Press.
Jim also volunteers for the OWASP foundation as the project lead for the OWASP Application Security Verification Standard and the OWASP Cheatsheet Series. For more information, see https://www.linkedin.com/in/jmanico.
Title: Request Forgery on the Web - SSRF, CSRF and Clickjacking
This technical talk on various forms of request forgery is meant for the software developer who needs to build secure software. Cross-Site Request Forgery, or CSRF, will allow an attacker to trick a user into submitting a transaction they never intended to submit. This attack-type requires very specialized defense.
We will discuss various historical CSRF attacks and investigate a wide range of defensive strategies such as nonce tokens, SameSite cookies, and the double-cookie submit pattern. SSFF is a direct attacker category meant to trick your servers into making additional requests than never intended to.
Clickjacking is a way to trick users into taking actions and entering data into one site while another is collecting those events. We will be helping developers stop forgery on the web in this talk!
If you'd like to learn more about this truly inspiring cyber leader then have a listen to this interview with Jim for The Secure Developer Podcast published on HeavyBit. He is described in this interview as "definitely one of the more noise-making well-known figures in the world of application security".
If you'd like a better idea of Jim's courageaous and outspoken approach to cyber security, then have a read of this amazing open letter that Jim wrote to President Obama in 2015!
We are obviously chuffed to bits that Jim is being so supportive of our efforts to provide a welcoming environment for all abilities to come and learn more about cyber. Rather than our usual high-level overviews, this meeting is an opportunity to learn more detailed techniques and approaches from one of our industry's top international educators.
See you all there!
Link to the event - https://global.gotomeeting.com/join/935027925