OWASP Malaysia was Open Web Application

Security Project for Malaysia Chapter. We like to

share and discuss about security. Feel to join and
participated as community. This is Open Source
Project by OWASP Foundation.
https://www.owasp.org/index.php/Malaysia
Date : 19 January 2015
Venue : Dewan Seminar, Menara Razak, UTM
Jalan Semarak, Kuala Lumpur
Time : 9.00a.m - 1.00p.m
Maps UTM - http://goo.gl/mjbKLD
9.00a.m - 10.00a.m - Arrival Participant
10.00.m - 10.10a.m - Opening Speech by CSM
VVIP
10.10p.m - 10.20a.m - Speech by OWASP Malaysia
Chapter Leader
10.20.am - 11.20a.m - Speech by Saharudin Saat Capturing Web Application Threats - Virtual CMS
Honeypot
11.20p.m - 12.20p.m - Speech by Sandeep Nain Introducing Application Security In Your
Organization Think Like a Developer
12.20p.m - 1.00p.m - Social Network

Title : Capturing Web Application Threats - Virtual

CMS Honeypot
Opensource Content Management System (CMS)
is very popular and widely used by web
administrators around the world nowadays
because of their simplicity for the instant web
application solution. Consequently, web
applications have increasingly been the focus of
attackers because of the unintentional web
vulnerabilities that comes from the newly
introduced functionality. This project aims at
enhancing the level of security for CMS inside the
Universiti Teknologi MARA (UiTM) network by
providing the most extensive way on developing
Virtual CMS Honeypots. The outcome is hoped to
ease the web administrators to monitor any kind
of computer threats such as hackers, worms and
viruses in more comfortable and efficient way. The
results also will provide the administrator some
form of countermeasures for security purposes
and traffic analysis. Using Customize Awstats,
Snort, AcidBase and Proxy will provide a
Honeypot for a rapidly expandable network and
suit for the web administrator
especially at UiTM to monitor webserver traffic
activity and any latest computer threats.
BIO : Saharudin Saat is a System Administrator at
Ministry of Domestic Trade Cooperatives and
Consumerism with over 15 years of computer
experience. Saharudin's expertise in server

technology, network security and cloud

computing. He is also a consultant for open source
software and cloud computing for some
government related agencies.
Winner of the Kaspersky Southeast Asia Cup IT
Security for the next generation 2009.Won third
place in Malaysian Government Open Source
Software Award (MyGOSS) 2012 .Saharudin holds
a Degree in Computer Science (Hons) Data
Communication and Networking from the
Universiti Teknologi MARA Malaysia.

Title: Introducing Application Security in Your

Organization - Think Like a Developer by Sandeep
Nain
To protect your enterprise from application layer
attacks, your application security program needs
to be goal-oriented and should be supported by a
central team of professionals enabled with the
best of the breed technologies; following effective
processes. If you are wondering, how you can
build such an application security program that
effectively leverages secure development
methodologies while being scalable and effective
for a complex organization, this is the session to
attend. In this session Speaker will cover:
1. How to build secure development lifecycle for
development teams using modern software
development methodologies
2. Challenges of enforcing secure development
lifecycle at an enterprise scale

3. Reasons why most application security

programmes fail and how we can collaborate with
development teams for easier enterprise adoption
BIO : Sandeep Nain is Managing Principal in HP
Enterprise Security Products and leads Fortify
Solution Consulting Services. In this role, he is
responsible for the business growth and delivery
of software security solutions for South Pacific and
Asia region. Sandeep and his team help customers
understand their business requirement for
application security programme, assess their
current security maturity state, design solutions
which fit their need and deliver outcomes that
exceed expectations.
Before joining HP, Sandeep was a Managing
Partner at Appsecure, an application security
specialist firm where he built and led the
application security consulting team to provide
enterprise grade application security solutions to
Australian market. Prior to this, Sandeep held
various security consulting positions at Pure
Hacking, Fortify, IBM and Accenture. With an IT
career spanning over 13 years, Sandeep is an
accomplished Application Security Expert. He has
worked alongside many high-profile
national and international organisations, enabling
them to produce secure software. He has
extensive experience with enterprise grade
software languages, software development
frameworks, mobile platforms and security and
risk management frameworks which makes him a
perfect security advisor to our clients.
Sandeep has been actively involved in industry

open source projects such as OWASP and is active

in the development of papers and initiatives
published through the community. Sandeep has
presented on application and database security at
a number of national and international
conferences. Academically, Sandeep holds a
Master of Technology degree in Information
Technology with specialization in Distributed
Computing and several industry certifications
including CISSP, CSSLP and CEH.