BEGIN:VCALENDAR
VERSION:2.0
PRODID:Data::ICal 0.24
BEGIN:VEVENT
DESCRIPTION:   'Title: SCAGoat - Exploiting Damn Vulnerable SCA Application
 \n   When: Friday\, Aug 9\, 14:00 - 15:45 PDT\n   Where: LVCC West/Floor 3
 /W305 - [1]Map\n\n   Description:\n\n   SCAGoat is a deliberately insecure
  web application designed for\n   learning and testing Software Compositio
 n Analysis (SCA) tools. It\n   offers a hands-on environment to explore vu
 lnerabilities in Node.js\n   and Java Springboot applications\, including 
 actively exploitable CVEs\n   like CVE-2023-42282 and CVE-2021-44228 (log4
 j). This application can\n   be utilized to evaluate various SCA and conta
 iner security tools\,\n   assessing their capability to identify vulnerabl
 e packages and code\n   reachability. As part of our independent research\
 , the README includes\n   reports from SCA tools like semgrep\, snyk\, and
  endor labs. Future\n   research plans include incorporating compromised o
 r malicious packages\n   to test SCA tool detection and exploring supply c
 hain attack\n   scenarios.\n\n   Speakers:Hare Krishna Rai\,Prashant Venka
 tesh\n\n   SpeakerBio:  Hare Krishna Rai\, Product Security Engineer\n\n  
  As a Product Security Engineer\, Hare Krishna Rai's passion for\n   cyber
 security drives him to excel in various areas. He specializes in\n   condu
 cting penetration testing\, actively participates in security\n   Capture 
 The Flag (CTF) competitions\, and performs code reviews to\n   ensure secu
 re code development. His expertise extends to leveraging\n   Static Applic
 ation Security Testing (SAST) techniques in languages\n   like Java\, Pyth
 on\, JavaScript\, JSP\, among others.\n\n   SpeakerBio:  Prashant Venkates
 h\, Manager\, Product Security\n\n   Prashant Venkatesh is an information 
 security expert with over 20\n   years of experience. He presently works a
 s Manager\, Product Security\n   at an ecommerce company. Prashant is an e
 nthusiastic participant in\n   the field who consistently coordinates\, re
 views papers\, and presents\n   his work at numerous InfoSec conferences\,
  including Blackhat Nullcon\n   and c0c0n. He is also active through the O
 WASP Bay Area chapter\n   Leadership and is co-founder of the annual Seasi
 des Conference in\n   India.\n\n   '\n\n   1. #LVCCW_Level3_South\n\n\n
DTEND:20240809T224500Z
DTSTART:20240809T210000Z
LOCATION:DL - LVCC West/Floor 3/W305
SUMMARY:SCAGoat - Exploiting Damn Vulnerable SCA Application
END:VEVENT
END:VCALENDAR