2011 11 16 Manchester

Manchester Chapter meeting 2011 November 16th
This was the second Manchester Chapter meeting, and was once again very kindly hosted by KPMG.

'''OWASP Chapter introduction. OWASP values and membership. Chapter information.'''

Simon Bennetts OWASP Manchester board member

Slides: 
 * [[File:OWASP_Manchester_into_11_11_16.pdf]] OK, so due to technical problems these didnt actually work on the night ;)

Talk: Policy is the best honesty

Slides: 
 * [[File:OWASP_Manchester_HonestyIsTheBestPolicy.ppt]]

Technology is rapidly emerging and maturing to enable connectivity and interoperability of a panoply of devices. The right investment relies on addressing workable, realistic policies first. Daniel will tell you about what NCC members are doing to allow staff to 'BYOD' and build pragmatic iPolicies.

Speaker: Dr Daniel Dresner, Head of Information Assurance Practice, National Computing Centre

Talk: Non-alphanumeric code in JavaScript and PHP

Slides: 
 * [[File:OWASP_Manchester_Nonalpha.pdf]]

Understanding how to create non-alpha code leads to a deeper understanding on how the particular language works.

Gareth shall discuss the history of non-alpha JavaScript, the challenges and creativity behind it.

How can you decode: $=~[];$={___:++$,$$$$:(![]+"")[$],__$:++$,$_$_:(![]+"")[$],_$_:++$,$_$$:({}+"")[$],$$_$:($[$]+"") [$],_$$:++$,$$$_:(!""+"")[$],$__:++$,$_$:++$,$$__:({}+"")[$],$$_:++$,$$$:++$,$___:++$,$__$:++$}; $.$_=($.$_=$+"")[$.$_$]+($._$=$.$_[$.__$])+($.$$=($.$+"")[$.__$])+((!$)+"")[$._$$]+($.__=$.$_[$.$$_]) +($.$=(!""+"")[$.__$])+($._=(!""+"")[$._$_])+$.$_[$.$_$]+$.__+$._$+$.$;$.$$=$.$+(!""+"")[$._$$]+ $.__+$._+$.$+$.$$;$.$=($.___)[$.$_][$.$_];$.$($.$($.$$+"\""+$.$_$_+(![]+"")[$._$_]+$.$$$_+"\\"+ $.__$+$.$$_+$._$_+$.__+"("+$.__$+")"+"\"")); Gareth will explain.

Gareth shall also cover how to create this in PHP and what techniques are involved.

'''Speaker: Gareth Heyes is an independent security researcher who specializes in browser and JavaScript research. He has authored many free online tools and sandboxes including Hackvertor and JSReg.'''