OWASP Yerevan
Welcome
Welcome to the Yerevan chapter homepage. Follow chapter news on Twitter or Facebook group.
Meetings
The entrance to events is open and free. Everyone is welcome to join us at our chapter meetings.
Call For Speakers
Call For Speakers is open - if you would like to present a talk on Application Security at future OWASP Yerevan Chapter events - please review and agree with the OWASP Speaker Agreement and send the proposed talk title, abstract and speaker bio to the Chapter Leaders via e-mail:
yerevan-chapter (at) owasp.org
Next Meeting/Event(s)
OWASP Yerevan Chapter meetings are posted on our MeetUp Page:
Please visit OWASP Yerevan MeetUp site for Yerevan Chapter event information.
Updates on Social Media and Mailing List
Please follow OWASP Yerevan Chapter on Twiter, Facebook, MeetUp and Linkedin.
Participation
The Open Worldwide Application Security Project (OWASP) is a nonprofit foundation that works to improve the security of software. All of our projects, tools, documents, forums, and chapters are free and open to anyone interested in improving application security.
Chapters are led by local leaders in accordance with the Chapter Policy. Financial contributions should only be made online using the authorized online donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP Project, independent research, or related software security topic you would like to present.
Everyone is welcome and encouraged to participate in our Projects, Local Chapters, Events, Online Groups, and Community Slack Channel. We especially encourage diversity in all our initiatives. OWASP is a fantastic place to learn about application security, to network, and even to build your reputation as an expert. We also encourage you to be become a member or consider a donation to support our ongoing work.
Events
Wednesday, 27th December 2023
OWASP monthly meetup
AGENDA
- Bootstrappable builds: Samvel Harutyunyan
- New Armenian cyber security law proposal discussion
Hosted at AUA, room 314W - https://goo.gl/maps/p5mr6WxPoaKmx9C98
Meetup link - https://www.meetup.com/owasp-yerevan/events/297976417/
Wednesday, 25th October 2023
OWASP monthly meetup
AGENDA
- Unlocking Barriers - Bypassing Security Checks & SDK Protection: Tigran Avanesyan
Hosted at AUA, room 416W - https://goo.gl/maps/p5mr6WxPoaKmx9C98
Meetup link - https://www.meetup.com/owasp-yerevan/events/296918134/
Slides are available here
Wednesday, 27th September 2023
OWASP monthly meetup
AGENDA
- LLMs and OWASP: Vaagn Toukharian
- From getting interested to having an interview: Norayr Arakelyan, Grigori Hakobyan
Hosted at AUA, room 314W - https://goo.gl/maps/p5mr6WxPoaKmx9C98
Meetup link - https://www.meetup.com/owasp-yerevan/events/296360015
Wednesday, 30th August 2023
OWASP monthly meetup
AGENDA
- Introduction of new chapter leaders: Samvel Martirosyan, Samvel Harutyunyan
- Spyware in Armenia. General steps to be protected: Samvel Martirosyan
- Pegasus/Predator and other spyware detection with free and paid programs, including MVT, iMazing, iVerify: Artur Papyan
Hosted at AUA, room 314W - https://goo.gl/maps/p5mr6WxPoaKmx9C98
Meetup link - https://www.meetup.com/owasp-yerevan/events/295461329
Saturday, 6th May 2023
OWASP monthly meetup
AGENDA
- Narek Jilavyan - Intro to OWASP and OWASP Top 10
Hosted at AUA, room 313W - https://goo.gl/maps/p5mr6WxPoaKmx9C98
Meetup link - https://www.meetup.com/owasp-yerevan/events/293342425/
Slides are available here
Monday, 20th March 2023
OWASP monthly meetup
AGENDA
- Hayk Andriasyan - Vulnerabilities in Java:Spring4Shell
Hosted at CyHub Armenia - https://goo.gl/maps/aBfktrfBsmWT9tW7A
Meetup link - https://www.meetup.com/owasp-yerevan/events/292254413/
TALK ABSTRACT
“Vulnerabilities in Java:Spring4Shell” by Hayk Andriasyan
Hayk Andriasyan is an experienced cybersecurity professional with extensive knowledge in software development and penetration testing. In this talk he took a deep dive into Java and Spring Framework internals to understand what makes the CVE-2022-22965 Spring4Shell attack work. Slides at https://drive.google.com/file/d/….
Friday, 3rd June 2022
OWASP monthly meetup
AGENDA
- Sam Stepanyan - Using OWASP Nettacker for Recon and Vulnerability Scanning
COVID-19 Restrictions
As the event is going to be in-person, there will be in-place symptom checks, and please have your masks on.
Hosted at AUA, room 314W - https://goo.gl/maps/p5mr6WxPoaKmx9C98
Meetup link - https://www.meetup.com/owasp-yerevan/events/286136433/
TALK ABSTRACT
“Using OWASP Nettacker for Recon and Vulnerability Scanning” by Sam Stepanyan
The OWASP Nettacker project was created to automate information gathering, vulnerability scanning, and in general to aid the penetration testing engagements. Nettacker is able to run various scans using a variety of methods and generate scan reports for applications and networks, including services, bugs, vulnerabilities, misconfigurations, default credentials and many other cool features - for example the ability to chain different scan methods. This relatively new (Summer 2017) and a lesser-known OWASP project has generated a huge amount of interest at BlackHat Europe 2018/2019 Arsenal live demo gathering massive crowds of seasoned hackers and penetration testers eager to see this new tool in action. This talk will showcase the OWASP Nettacker project giving an overview of its features and including a live demo of the tool. Overview by Sam - https://youtu.be/Y4ANGdG8NvU, project - https://github.com/OWASP/Nettacker.
Thursday, 19th May 2022
OWASP monthly meetup
AGENDA
- Paul Intrarakha - Scaling Application and Infrastructure Security around Cloud in a Hyper Growth Company
COVID-19 Restrictions
As the event is going to be in-person, there will be in-place symptom checks, and please have your masks on.
Hosted at AUA, room 313W - https://goo.gl/maps/p5mr6WxPoaKmx9C98
Meetup link - https://www.meetup.com/owasp-yerevan/events/285937721/
TALK ABSTRACT
“Scaling Application and Infrastructure Security around Cloud in a Hyper Growth Company” by Paul Intrarakha
Modern web applications are growing ever complex, whether it is operating in a multi-cloud ecosystem, integrating and handling data within a web of 3rd party providers, or engaging with hundreds of software engineers, the pace of web development has only increased. Now imagine this at a hyper growth company! During this talk, Paul shared not only the security practices that have worked and allowed Information Security to scale with the business, but also the challenges to think and look forward to. Paul Intrarakha is the Senior Principal, Application Security Architect at ServiceTitan. His past leadership experience includes services at Green Dot Corporation and The Boeing Company. Slides at https://drive.google.com/file/d/….
Friday, 8th April 2022
OWASP monthly meetup
AGENDA
- Eduard Elbakyan - Cracking OSCP at 18,
- Mane Hambardzumyan - Fishing vs Phishing.
COVID-19 Restrictions
As the event is going to be in-person, there will be in-place symptom checks, and please have your masks on.
Hosted at AUA, room 313W - https://goo.gl/maps/p5mr6WxPoaKmx9C98
Meetup link - https://www.meetup.com/owasp-yerevan/events/284720489/
TALK ABSTRACTS
“Cracking OSCP at 18” by Eduard Elbakyan
Eduard Elbakyan spoke about his experience passing OSCP, prerequisites and preparation for the course and gave general adivices for the folks wanting to start career at InfoSec industry. Slides at https://drive.google.com/file/d/….
“Fishing vs Phishing” by Mane Hambardzumyan
Mane Hambardzumyan broke down categories of phishing, concepts behind those and how it is similar to fishing. Slides at https://drive.google.com/file/d/….
Friday, 24th December 2021
OWASP monthly meetup
AGENDA
- Hayk Andriasyan - Deep Dive into Log4Shell,
- Varik Matevosyan - Exploring JS Prototype Pollution.
COVID-19 Restrictions
As the event is going to be in-person, there will be in-place symptom checks, and please have your masks on.
Hosted at ISTC Foundation - https://goo.gl/maps/LixWapjRw7Xs75Ek9
Meetup link - https://www.meetup.com/owasp-yerevan/events/282801034/
TALK ABSTRACTS
“Deep Dive into Log4Shell” by Hayk Andriasyan
Hayk Andriasyan broke down issues behind CVE-2021-44228, CVE-2021-45046 and CVE-2021-45105, log4j lookups and JNDI injections. Recording at https://youtu.be/Mxa89lfM6Lw, slides at https://drive.google.com/file/d/….
“Exploring JS Prototype Pollution” by Varik Matevosyan
Varik Matevosyan spoke about javascript objects and prototypes, property lookups, and how unsafe object property assignment may result in prototype pollution. Recording at https://youtu.be/Wt-Xm2iY54U, slides at https://drive.google.com/file/d/…, source at https://github.com/var77/proto-pollution-owasp-yerevan.
Wednesday, 15th December 2021
OWASP meetup with a guest speaker
AGENDA
Jeroen van Ringelenstein from VASC Netherlands will present “A more sophisticated approach to test cyber resilience”.
COVID-19 Restrictions
As the event is going to be in-person, there will be in-place symptom checks, and please have your masks on.
Hosted at AUA, room 308E - https://goo.gl/maps/p5mr6WxPoaKmx9C98
Friday, 1st October 2021
OWASP monthly meetup
AGENDA:
- Hayk Aslanyan - BinSide: Static Analysis Framework for Defects Detection in Binary Code,
- Hayk Andriasyan - Deserialization Attacks on Java Applications,
- Hrant Haroyan - OWASP TOP 10 2021 breakdown.
Hosted at ISTC Foundation - https://goo.gl/maps/LixWapjRw7Xs75Ek9
Meetup link - https://www.meetup.com/owasp-yerevan/events/281053655/
TALK ABSTRACTS
“BinSide” by Hayk Aslanyan
Hayk Aslanyan presented BinSide a static analysis framework for defects detection in binary code. Recording at https://youtu.be/VEehB28m2FM, slides at https://drive.google.com/file/d/….
“Deserialization Attacks on Java Applications” by Hayk Andriasyan
Hayk Andriasyan spoke about deserialization attacks on applications built on java and how to prevent those. Recording at https://youtu.be/mZC8PeCq-_k, slides at https://drive.google.com/file/d/….
“OWASP TOP 10 2021 breakdown” by Hrant Haroyan
Hrant Haroyan made a discussion and broke down the new top 10. Recording at https://youtu.be/82ZmF2Mu0vY.
Friday, 3rd September 2021
OWASP monthly meetup
AGENDA:
- “CyberՀայք” - Vaagn Toukharian, Satenik Mnatsakanyan,
- “Bug Bounties: experience from both sides” - Davit Karapetyan,
- “ArmBounty follow-up”.
Hosted at ISTC Foundation - https://goo.gl/maps/LixWapjRw7Xs75Ek9
Meetup link - https://www.meetup.com/owasp-yerevan/events/280461941/
TALK ABSTRACTS
“CyberՀայք” by Vaagn Toukharian and Satenik Mnatsakanyan
Vaagn Toukharian and Satenik Mnatsakanyan spoke about the “CyberՀայք” initiative which strives to spread cybersecurity awareness across Armenian schools.
“Bug Bounties: experience from both sides” by Davit Karapetyan
Davit Karapetyan told about his experience in bug bounties from both the hunter and the company side. Slides are available at https://go.xss.am/bbs-owasp and https://go.xss.am/bbs-owasp.pdf.
“ArmBounty follow-up”
Sona Petrosyan from Chessify and Ruben Manukyan from VXSoft shared their experience from ArmBounty live hacking events as hosts.
Everyone is welcome to join us at OWASP events both as an attendee and as a speaker.