Reminder - OWASP Cincy August Meeting - Server Side Request Forgery, presented by CBTS

[Lee Epling]

We're filling up quick! If you want to learn about Server Side Request Forgery with CBTS, sign up soon! 

Reserve your spot now - https://www.eventbrite.com/e/owasp-cincy-august-meeting-server-side-request-forgery-presented-by-cbts-tickets-68287260033

Meeting time - August 28th, 11:30 AM - 1:00 PM

Presentation Abstract:

Server-Side Request Forgery is a type of an attack where a bad actor can modify parameters (e.g. URL’s, metadata, etc) to either create or gain control over requests from a vulnerable machine. While not confirmed, SSRF is suspected to have played a role in the recent Capital One breach and the compromise of credentials used to gain access to the AWS S3 bucket containing Capital One’s data.

CBTS will be deep-diving into the details and techniques surrounding SSRF. We’ll walk away from this talk with a better understanding of the inner workings of the attack and will be better armed to help our organizations prevent against the threat.

Speaker Bio:

Nate Fair - Currently an information security consultant for CBTS Security Services Team. Our team performs security services for 5-man shops and Fortune 5's. Services performed include network and wireless penetration testing, vulnerability assessments, security architecture and program reviews, web application testing, and physical security assessments. Nate also teaches penetration testing at the University of Cincinnati and is part of the team behind BSides Cincinnati, helping create it's CTF competition. 

Ryan Hamrick - While gaining experience in a number of business verticals including manufacturing, finance/banking, and technology consultancy, Ryan Hamrick has performed at a high level in the security industry for the past 11 years. In an IT career spanning 20+ years, Ryan has gained expertise in wide variety of areas spanning software engineering, web application design and deployment, desktop support, security incident response, and security engineering. He is currently applying the knowledge gained through these experiences in order to provide expert level security consulting services for CBTS customers focusing on security policy and procedure design, holistic security architecture review, web application assessments, external and internal penetration testing and vulnerability assessments, social engineering assessments, and cloud security assessments.

Location:

Paycor HQ

4811 Montgomery Road

Norwood, Ohio 45212