= Mario Heiderich =

== Bio ==
Dr. Mario Heiderich, handsome heart-breaker, bon-vivant and (as he loves to call himself) "security researcher" is from Berlin, likes everything between lesser- and greater-than.

He leads the small yet exquisite pen-test company called Cure53 and pesters peaceful attendees on various 5th tier conferences with his hastily assembled PowerPoint-slides and a lot of FUD.

The closest Mario ever was to visiting 日本(Japan) was a wild ride between ESC$B and ESC(B so it's about time to pay a visit!)

== Title ==
An Abusive Relationship with AngularJS – About the Security Adventures with the "Super-Hero" Framework

== Abstract ==
Some voices claim that "Angular is what HTML would have been if it had been designed for building web applications". While this statement may or may not be true, is certainly accounts as one of the bolder ones a JavaScript web framework can ever issue. And where boldness is glistening like a German Bratwurst sausage in the evening sun, a critical review from a grumpy old security person shouldn’t be too far away. This talk will have a stern, very stern look at AngularJS in particular and shed light on the security aspects of this ever-popular tool. Did the super-hero framework do everything right and follow its own super-heroic principles? Does AngularJS increase or rather decrease the attack surface of a web application? How does AngularJS play along with the Content Security Policy, and was it a good idea to combine this kind of security with futuristic feature creep? And what about AngularJS version 2.0? Beware that we won’t stop at glancing at the code itself, investigating security best practices, and verifying compatibility and other common things that contribute to robust security (or lack thereof). We will cross the moral border and see if the AngularJS team could notice rogue bug tickets. A pivotal question that everyone is wondering about is: Have they successfully kept evil minds like yours truly speaker here from introducing new security bugs into the code base? This talk is a reckoning with a modern JavaScript framework that promises a lot and keeps even more, not necessarily for the best for developers and users. We will conclude in deriving a general lesson learnt and hopefully agree that progress doesn't invariably mean an enhancement.

= Michele Orrú =

== Bio ==
Michele Orru a.k.a. antisnatchor is the lead core developer and
smart-minds-recruiter for the BeEF project. Michele is also the
co-author of the "Browser Hacker's Handbook." He has a deep knowledge
of programming in multiple languages and paradigms, and is excited to
apply this knowledge while reading and hacking code written by others.
Michele loves lateral thinking, black metal, and the communist utopia
(there is still hope!). He also enjoys speaking and drinking at a
multitude of hacking conferences, including CONFidence, DeepSec,
Hacktivity, SecurityByte, AthCon, HackPra AllStars, OWASP AppSec USA,
44Con, EUSecWest, Ruxcon, InsomniHack, PXE, BlackHat and more we just
cant disclose. Besides having a grim passion for hacking and
programming, he enjoys leaving his Mac alone, while fishing on
saltwater and praying for Kubricks resurrection.

== Title ==
Dark FairyTales from a Phisherman (Vol. III)

== Abstract ==
Phishing and client-side exploitation DevOps for all
your needs. Combine BeEF, PhishingFrenzy and your fishy business to
automate most of the usual phishing workflow while minimizing human
interaction. Multiple real-life phishing engagements will be discussed,
together with the shiny new BeEF Autorun Rule Engine.

= Marie Moe =

== Bio ==
Marie Moe is passionate about incident handling and information sharing, she cares about public safety and securing systems that may impact human lives, this is why she has joined the grassroots organisation “I Am The Cavalry”. Marie is a research scientist at SINTEF ICT, and has a Ph. D. in information security. She has experience as a team leader at NorCERT, the Norwegian national CERT. Marie also teaches a class on incident management and contingency planning at Gjøvik University College in Norway. Marie loves to break crypto protocols, but gets angry when its in her own body.

== Title ==
Unpatchable - Living with a Vulnerable Implanted Device

== Abstract ==
My life depends on the functioning of a medical device, a pacemaker that generates each and every beat of my heart. This computer inside of me may fail due to hardware and software issues, due to misconfigurations or network-connectivity.

Yes, you read that correctly. The pacemaker has a wireless interface for remote monitoring and I am forced to become a human part of the Internet-of-Things. As a seasoned security-professional I am worried about my heart’s attack surface.

This talk will be focused on the problem that we have these life critical devices with vulnerabilities that can’t easily be patched without performing surgery on patients, my personal experience with being the host of such a device, and how the hacker community can proceed to work with the vendors to secure the devices.

= Sean Duggan =

== Bio ==
Seán is currently working as an InfoSec Analyst and studying for a Masters in Security and Forensics. He is also the Mobile Dev Lead for the Security Shepherd Project. During college he started making vulnerable Android Apps for the OWASP Security Shepherd project, which he continues to this day. He is always looking for new ways to make vulnerable Mobile Apps. Speaker at AppSec EU 2014, Attendee at Project summit in AppSec EU 2015, Speaker at DaggerCon 2015.

== Title ==
OWASP Security Shepherd - Workshop

== Abstract ==
How do you know a web site is secure? How do you know your credentials are safe online? What makes a web site safe? Do you even know the questions to ask to help determine this? HTTPs is not the answer and trust is no longer a solution. The only way to be sure is to perform ethical hacking on the web application using a combination of manual and automated pentesting techniques. These skills are in high demand in the market place right now - but how can one get them? Well that's easy... if you take the right first step!

Join Sean Duggan for a 3 hour hands on workshop that will bring attendees up to speed on all the latest and greatest security testing techniques that are a concern in the market today. Compete against other attendees to solve increasingly complex security puzzles derived from real world security threats. Workshop attendees will leave with a real familiarity of web and mobile security testing best practice, terminology, workflows, and commonly used tool kits.

Bring an open mind and your laptop

= Martin Johns =

== Bio ==
Dr. Martin Johns is a research expert in the Security and Trust group within SAP SE, where he leads the Web application security team. Before joining SAP, Martin studied Mathematics and Computer Science at the Universities of Hamburg, Santa Cruz (CA), and Passau. During the 1990s and the early years of the new millennium he earned his living as a software engineer in German companies. He is board member of the German OWASP chapter, holds a Diploma in Computer Science from University of Hamburg and a Doctorate from the University of Passau. Martin is a regular speaker at international security conferences, incl. Black Hat, the OWASP AppSec series, ACSAC, ESORICS, PacSec, HackInTheBox, RSA Europe, or the CCC Congress.

== Title ==
Your Scripts in My Page - What Could Possibly Go Wrong?

== Abstract ==
When it comes to web security, there is the one policy to rule them all: The Same-origin Policy. Thanks to this policy, sites hosted on disjunct origins are nice and cleanly separated, thus preventing the leakage of sensitive information into the hands of unauthorized parties. Unfortunately, HTML predates the Same-origin Policy and, thus, was not designed with the origin-based security model in mind. In consequence, HTML tags can freely reference cross-domain locations and include cross-domain content in their hosting web pages.

In this talk, we will present an attack, resulting from this circumstance, that has been widely overlooked in the past but affects a surprisingly high number of Web sites: Information leakage via cross-domain script inclusion.

Modern web sites frequently generate JavaScript on-the-fly via server-side scripting, incorporating personalized user data in the process. Thanks to HTML's general ignorance of the Same-origin Policy, an attacker is able to include such dynamic scripts into web pages under his control using script-tags pointing to the vulnerable site. This, in turn, allows him to learn many of the secrets contained in these scripts, through the scripts interaction with the page it is included in. In our experiments, we were able to obtain personal information such as name & address of the logged-in user, leak CSRF tokens, read the users emails, and occasionally fully compromise the user's account. All possible by simply including a script-URL into one of our web pages.

To systematically investigate the issue, we conducted a study on its prevalence in a set of 150 top-ranked domains, in which we observed that a third of the examined sites utilize dynamic JavaScript. Using our attack techniques, we able to leak sensitive data from more than 80% of these sites via remote script inclusion. In the talk we will present the study in general, and the most interesting cases in detail, showing the wide range of possible attack variations along with a bag of tricks how the including page can be prepared to efficiently leak a script's secrets. Furthermore, we present an efficient detection mechanism, in the form of a browser extension, as well as defensive measure, which enable robust protection.

= Rikard Bodforss =

== Bio ==
<TBA>

== Workshop ==
Forensics - Workshop

== Abstract ==
<TBA>

OGD15 Speakers

2015-11-23T19:33:20Z

Mjidhage: /* Abstract */

= Mario Heiderich =

== Bio ==
Dr. Mario Heiderich, handsome heart-breaker, bon-vivant and (as he loves to call himself) "security researcher" is from Berlin, likes everything between lesser- and greater-than.

He leads the small yet exquisite pen-test company called Cure53 and pesters peaceful attendees on various 5th tier conferences with his hastily assembled PowerPoint-slides and a lot of FUD.

The closest Mario ever was to visiting 日本(Japan) was a wild ride between ESC$B and ESC(B so it's about time to pay a visit!)

== Title ==
An Abusive Relationship with AngularJS – About the Security Adventures with the "Super-Hero" Framework

== Abstract ==
Some voices claim that "Angular is what HTML would have been if it had been designed for building web applications". While this statement may or may not be true, is certainly accounts as one of the bolder ones a JavaScript web framework can ever issue. And where boldness is glistening like a German Bratwurst sausage in the evening sun, a critical review from a grumpy old security person shouldn’t be too far away. This talk will have a stern, very stern look at AngularJS in particular and shed light on the security aspects of this ever-popular tool. Did the super-hero framework do everything right and follow its own super-heroic principles? Does AngularJS increase or rather decrease the attack surface of a web application? How does AngularJS play along with the Content Security Policy, and was it a good idea to combine this kind of security with futuristic feature creep? And what about AngularJS version 2.0? Beware that we won’t stop at glancing at the code itself, investigating security best practices, and verifying compatibility and other common things that contribute to robust security (or lack thereof). We will cross the moral border and see if the AngularJS team could notice rogue bug tickets. A pivotal question that everyone is wondering about is: Have they successfully kept evil minds like yours truly speaker here from introducing new security bugs into the code base? This talk is a reckoning with a modern JavaScript framework that promises a lot and keeps even more, not necessarily for the best for developers and users. We will conclude in deriving a general lesson learnt and hopefully agree that progress doesn't invariably mean an enhancement.

= Michele Orrú =

== Bio ==
Michele Orru a.k.a. antisnatchor is the lead core developer and
smart-minds-recruiter for the BeEF project. Michele is also the
co-author of the "Browser Hacker's Handbook." He has a deep knowledge
of programming in multiple languages and paradigms, and is excited to
apply this knowledge while reading and hacking code written by others.
Michele loves lateral thinking, black metal, and the communist utopia
(there is still hope!). He also enjoys speaking and drinking at a
multitude of hacking conferences, including CONFidence, DeepSec,
Hacktivity, SecurityByte, AthCon, HackPra AllStars, OWASP AppSec USA,
44Con, EUSecWest, Ruxcon, InsomniHack, PXE, BlackHat and more we just
cant disclose. Besides having a grim passion for hacking and
programming, he enjoys leaving his Mac alone, while fishing on
saltwater and praying for Kubricks resurrection.

== Title ==
Dark FairyTales from a Phisherman (Vol. III)

== Abstract ==
Phishing and client-side exploitation DevOps for all
your needs. Combine BeEF, PhishingFrenzy and your fishy business to
automate most of the usual phishing workflow while minimizing human
interaction. Multiple real-life phishing engagements will be discussed,
together with the shiny new BeEF Autorun Rule Engine.

= Marie Moe =

== Bio ==
Marie Moe is passionate about incident handling and information sharing, she cares about public safety and securing systems that may impact human lives, this is why she has joined the grassroots organisation “I Am The Cavalry”. Marie is a research scientist at SINTEF ICT, and has a Ph. D. in information security. She has experience as a team leader at NorCERT, the Norwegian national CERT. Marie also teaches a class on incident management and contingency planning at Gjøvik University College in Norway. Marie loves to break crypto protocols, but gets angry when its in her own body.

== Title ==
Unpatchable - Living with a Vulnerable Implanted Device

== Abstract ==
My life depends on the functioning of a medical device, a pacemaker that generates each and every beat of my heart. This computer inside of me may fail due to hardware and software issues, due to misconfigurations or network-connectivity.

Yes, you read that correctly. The pacemaker has a wireless interface for remote monitoring and I am forced to become a human part of the Internet-of-Things. As a seasoned security-professional I am worried about my heart’s attack surface.

This talk will be focused on the problem that we have these life critical devices with vulnerabilities that can’t easily be patched without performing surgery on patients, my personal experience with being the host of such a device, and how the hacker community can proceed to work with the vendors to secure the devices.

= Sean Duggan =

== Bio ==
Seán is currently working as an InfoSec Analyst and studying for a Masters in Security and Forensics. He is also the Mobile Dev Lead for the Security Shepherd Project. During college he started making vulnerable Android Apps for the OWASP Security Shepherd project, which he continues to this day. He is always looking for new ways to make vulnerable Mobile Apps. Speaker at AppSec EU 2014, Attendee at Project summit in AppSec EU 2015, Speaker at DaggerCon 2015.

== Title ==
OWASP Security Shepherd - Workshop

== Abstract ==
How do you know a web site is secure? How do you know your credentials are safe online? What makes a web site safe? Do you even know the questions to ask to help determine this? HTTPs is not the answer and trust is no longer a solution. The only way to be sure is to perform ethical hacking on the web application using a combination of manual and automated pentesting techniques. These skills are in high demand in the market place right now - but how can one get them? Well that's easy... if you take the right first step!

Join Sean Duggan for a 3 hour hands on workshop that will bring attendees up to speed on all the latest and greatest security testing techniques that are a concern in the market today. Compete against other attendees to solve increasingly complex security puzzles derived from real world security threats. Workshop attendees will leave with a real familiarity of web and mobile security testing best practice, terminology, workflows, and commonly used tool kits.

Bring an open mind and your laptop

= Martin Johns =

== Bio ==
<TBA>

== Title ==
Your Scripts in My Page - What Could Possibly Go Wrong?

== Abstract ==
When it comes to web security, there is the one policy to rule them all: The Same-origin Policy. Thanks to this policy, sites hosted on disjunct origins are nice and cleanly separated, thus preventing the leakage of sensitive information into the hands of unauthorized parties. Unfortunately, HTML predates the Same-origin Policy and, thus, was not designed with the origin-based security model in mind. In consequence, HTML tags can freely reference cross-domain locations and include cross-domain content in their hosting web pages.

In this talk, we will present an attack, resulting from this circumstance, that has been widely overlooked in the past but affects a surprisingly high number of Web sites: Information leakage via cross-domain script inclusion.

Modern web sites frequently generate JavaScript on-the-fly via server-side scripting, incorporating personalized user data in the process. Thanks to HTML's general ignorance of the Same-origin Policy, an attacker is able to include such dynamic scripts into web pages under his control using script-tags pointing to the vulnerable site. This, in turn, allows him to learn many of the secrets contained in these scripts, through the scripts interaction with the page it is included in. In our experiments, we were able to obtain personal information such as name & address of the logged-in user, leak CSRF tokens, read the users emails, and occasionally fully compromise the user's account. All possible by simply including a script-URL into one of our web pages.

To systematically investigate the issue, we conducted a study on its prevalence in a set of 150 top-ranked domains, in which we observed that a third of the examined sites utilize dynamic JavaScript. Using our attack techniques, we able to leak sensitive data from more than 80% of these sites via remote script inclusion. In the talk we will present the study in general, and the most interesting cases in detail, showing the wide range of possible attack variations along with a bag of tricks how the including page can be prepared to efficiently leak a script's secrets. Furthermore, we present an efficient detection mechanism, in the form of a browser extension, as well as defensive measure, which enable robust protection.

= Rikard Bodforss =

== Bio ==
<TBA>

== Workshop ==
Forensics - Workshop

== Abstract ==
<TBA>

OGD15 Speakers

2015-11-23T19:32:12Z

Mjidhage: /* Jenny Radcliffe */

OGD15 Speakers

2015-11-23T19:31:22Z

Mjidhage: /* Title */

= Mario Heiderich =

== Bio ==
Dr. Mario Heiderich, handsome heart-breaker, bon-vivant and (as he loves to call himself) "security researcher" is from Berlin, likes everything between lesser- and greater-than.

He leads the small yet exquisite pen-test company called Cure53 and pesters peaceful attendees on various 5th tier conferences with his hastily assembled PowerPoint-slides and a lot of FUD.

The closest Mario ever was to visiting 日本(Japan) was a wild ride between ESC$B and ESC(B so it's about time to pay a visit!)

== Title ==
An Abusive Relationship with AngularJS – About the Security Adventures with the "Super-Hero" Framework

== Abstract ==
Some voices claim that "Angular is what HTML would have been if it had been designed for building web applications". While this statement may or may not be true, is certainly accounts as one of the bolder ones a JavaScript web framework can ever issue. And where boldness is glistening like a German Bratwurst sausage in the evening sun, a critical review from a grumpy old security person shouldn’t be too far away. This talk will have a stern, very stern look at AngularJS in particular and shed light on the security aspects of this ever-popular tool. Did the super-hero framework do everything right and follow its own super-heroic principles? Does AngularJS increase or rather decrease the attack surface of a web application? How does AngularJS play along with the Content Security Policy, and was it a good idea to combine this kind of security with futuristic feature creep? And what about AngularJS version 2.0? Beware that we won’t stop at glancing at the code itself, investigating security best practices, and verifying compatibility and other common things that contribute to robust security (or lack thereof). We will cross the moral border and see if the AngularJS team could notice rogue bug tickets. A pivotal question that everyone is wondering about is: Have they successfully kept evil minds like yours truly speaker here from introducing new security bugs into the code base? This talk is a reckoning with a modern JavaScript framework that promises a lot and keeps even more, not necessarily for the best for developers and users. We will conclude in deriving a general lesson learnt and hopefully agree that progress doesn't invariably mean an enhancement.

= Michele Orrú =

== Bio ==
Michele Orru a.k.a. antisnatchor is the lead core developer and
smart-minds-recruiter for the BeEF project. Michele is also the
co-author of the "Browser Hacker's Handbook." He has a deep knowledge
of programming in multiple languages and paradigms, and is excited to
apply this knowledge while reading and hacking code written by others.
Michele loves lateral thinking, black metal, and the communist utopia
(there is still hope!). He also enjoys speaking and drinking at a
multitude of hacking conferences, including CONFidence, DeepSec,
Hacktivity, SecurityByte, AthCon, HackPra AllStars, OWASP AppSec USA,
44Con, EUSecWest, Ruxcon, InsomniHack, PXE, BlackHat and more we just
cant disclose. Besides having a grim passion for hacking and
programming, he enjoys leaving his Mac alone, while fishing on
saltwater and praying for Kubricks resurrection.

== Title ==
Dark FairyTales from a Phisherman (Vol. III)

== Abstract ==
Phishing and client-side exploitation DevOps for all
your needs. Combine BeEF, PhishingFrenzy and your fishy business to
automate most of the usual phishing workflow while minimizing human
interaction. Multiple real-life phishing engagements will be discussed,
together with the shiny new BeEF Autorun Rule Engine.

= Marie Moe =

== Bio ==
Marie Moe is passionate about incident handling and information sharing, she cares about public safety and securing systems that may impact human lives, this is why she has joined the grassroots organisation “I Am The Cavalry”. Marie is a research scientist at SINTEF ICT, and has a Ph. D. in information security. She has experience as a team leader at NorCERT, the Norwegian national CERT. Marie also teaches a class on incident management and contingency planning at Gjøvik University College in Norway. Marie loves to break crypto protocols, but gets angry when its in her own body.

== Title ==
Unpatchable - Living with a Vulnerable Implanted Device

== Abstract ==
My life depends on the functioning of a medical device, a pacemaker that generates each and every beat of my heart. This computer inside of me may fail due to hardware and software issues, due to misconfigurations or network-connectivity.

Yes, you read that correctly. The pacemaker has a wireless interface for remote monitoring and I am forced to become a human part of the Internet-of-Things. As a seasoned security-professional I am worried about my heart’s attack surface.

This talk will be focused on the problem that we have these life critical devices with vulnerabilities that can’t easily be patched without performing surgery on patients, my personal experience with being the host of such a device, and how the hacker community can proceed to work with the vendors to secure the devices.

= Jenny Radcliffe =

== Bio ==
Jenny Radcliffe - aka “The People Hacker” - is a force to be reckoned with. She can diffuse a crisis situation, talk her way into a secure building and spot a psychopath at a hundred paces. She has been called a mind reader and a ‘human lie detector’, and likened to a Jedi Knight.

In reality, she is an expert in Social Engineering (the human element of security), negotiations, non-verbal communication and deception, using her skills to help clients from corporations and law enforcement, to poker players, politicians and the security industry.

Using a mixture of scams, psychological tactics, advanced profiling and non verbal communication skills, Jenny highlights how criminals, special interest groups and others with mal-intent, can talk or trick their way into gaining access to personnel, buildings and confidential information. It’s a guaranteed eye-opener for everyone from the Board to the Staff – many of whom will not appreciate how intrinsically linked their personal and family security is with that of their employer!

== Title ==
The Invisible Man - Social Engineering Methods and Mindsets Revealed - Workshop

== Abstract ==
This session covers some of the most widely used social engineering methods and tactics and explains how these are used to breach the physical and human elements of organisations.
The workshop also covers the psychology behind Social Engineering attacks and explains how and why it works, revealing the hidden mindset of Social Engineers and the victims they target, illustrated by anecdotes and lessons learnt from successful real life attacks.

Key Points
- Understand the goals and motivations of Social Engineers
- Understand some of the most common attack methods and tricks deployed
- Revealing the dark psychology of Social Engineers. What makes a good Social Engineer? Why are they successful? Who do they target? How and why choose one company or individual over another
- Advice and guidance into protecting against Social Engineering attacks and creating awareness within our organisations and as individuals
- Interactive exercises, quiz and case study with prizes

= Sean Duggan =

== Bio ==
Seán is currently working as an InfoSec Analyst and studying for a Masters in Security and Forensics. He is also the Mobile Dev Lead for the Security Shepherd Project. During college he started making vulnerable Android Apps for the OWASP Security Shepherd project, which he continues to this day. He is always looking for new ways to make vulnerable Mobile Apps. Speaker at AppSec EU 2014, Attendee at Project summit in AppSec EU 2015, Speaker at DaggerCon 2015.

== Title ==
OWASP Security Shepherd - Workshop

== Abstract ==
How do you know a web site is secure? How do you know your credentials are safe online? What makes a web site safe? Do you even know the questions to ask to help determine this? HTTPs is not the answer and trust is no longer a solution. The only way to be sure is to perform ethical hacking on the web application using a combination of manual and automated pentesting techniques. These skills are in high demand in the market place right now - but how can one get them? Well that's easy... if you take the right first step!

Join Sean Duggan for a 3 hour hands on workshop that will bring attendees up to speed on all the latest and greatest security testing techniques that are a concern in the market today. Compete against other attendees to solve increasingly complex security puzzles derived from real world security threats. Workshop attendees will leave with a real familiarity of web and mobile security testing best practice, terminology, workflows, and commonly used tool kits.

Bring an open mind and your laptop

= Martin Johns =

== Bio ==
<TBA>

== Title ==
Your Scripts in My Page - What Could Possibly Go Wrong?

== Abstract ==
<TBA>

= Rikard Bodforss =

== Bio ==
<TBA>

== Workshop ==
Forensics - Workshop

== Abstract ==
<TBA>

OWASP Gothenburg Day 2015

2015-11-19T16:30:11Z

Mjidhage: /* Agenda & Speakers */

[[File:Owaspgbg_brand_logo_web.png|options|500px]]

Welcome to THE security event of 2015 in Gothenburg! A full day with high quality speakers and workshops dedicated to security. If you are a developer or a security practitioner in the Gothenburg area participating is more or less mandatory, for all others it's just a really well spent day.

= Venue =
[[image:fasad.png|300px]]

[http://www.chalmerskonferens.se/en/konferensevent/lindholmen-conference-centre/ Lindholmen Conference Center], Lindholmspiren 5, 417 56 Göteborg <br>
Here is the [http://www.chalmerskonferens.se/wp-content/uploads/Skiss-konf-avd-LCC.pdf layout] of the rooms. <br>
How to get [http://www.chalmerskonferens.se/en/kontakt/lindholmen/#find_us there].

= Agenda & Speakers =

The detailed schedule is not yet set, this is a preliminary agenda

{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#00549E; color:white"|<h2><span style="color:white">OWASP Gothenburg Day 2015</span></h2>
|-

| style="width:10%; background:#0079A7" | 08:30 || colspan="3" style="width:80%; background:#F2F2F2" align="center" | ''REGISTRATION OPENS''
|-

| style="width:10%; background:#0079A7" | Room || style="width:30%; background:#BC857A" align="center" | Tesla
| style="width:30%; background:#BCA57A" align="center" | Kelvin
| style="width:30%; background:#99FF99" align="center" | Newton
|-

| style="width:10%; background:#0079A7" | 09:00-10:00 || style="width:30%; background:#D85D33" align="center" | <h3>'''[[OGD15_Speakers#Sean_Duggan | OWASP Security Shepherd Workshop]]'''</h3><h4>Sean Duggan</h4> <br>
| style="width:30%; background:#E88A49" align="center" | <h3>'''[[OGD15_Speakers#Jenny_Radcliffe | Social Engineering Workshop]]'''</h3><h4>Jennifer Radcliffe</h4> <br>
| style="width:30%; background:#87BB40" align="center" | <h3>'''[[OGD15_Speakers#Rikard_Bodforss | Forensics Workshop]]'''</h3><h4>Rikard Bodforss</h4><br>
|-

| style="width:10%; background:#0079A7" | 10:00-10:15 || colspan="3" style="width:80%; background:#F2F2F2" align="center" | ''COFFEE (suggested time)''
|-

| style="width:10%; background:#0079A7" | 10:15-11:15 || style="width:30%; background:#D85D33" align="center" | <br> '''OWASP Security Shepherd Workshop, cont.''' <br><br>
| style="width:30%; background:#E88A49" align="center" | <br>'''Social Engineering Workshop, cont.''' <br><br>
| style="width:30%; background:#87BB40" align="center" | <br>'''Forensics Workshop, cont.''' <br><br>
|-

| style="width:10%; background:#0079A7" | 11:15-12:00 || style="width:30%; background:#D85D33" align="center" | <br>'''OWASP Security Shepherd Workshop, cont.''' <br><br>
| style="width:30%; background:#E88A49" align="center" | <br> Time to practice your new skills <br><br>
| style="width:30%; background:#87BB40" align="center" | <br>'''Forensics Workshop, cont.''' <br><br>
|-

| style="width:10%; background:#0079A7" | 12:00-13:00 || colspan="3" style="width:80%; background:#F2F2F2" align="center" | ''LUNCH''
|-

| style="width:10%; background:#0079A7" | Room || colspan="3" style="width:80%; background:#727F5B" align="center" | Lindholmen Conference Hall
|-

| style="width:10%; background:#0079A7" | 13:00-13:45 || colspan="3" style="width:80%; background:#727F5B" align="center" | <h3>'''[[OGD15_Speakers#Mario_Heiderich | An Abusive Relationship with AngularJS – About the Security Adventures with the "Super-Hero" Framework]]'''</h3><h4>Mario Heiderich</h4>
|-

| style="width:10%; background:#0079A7" | 14:00-14:45 || colspan="3" style="width:80%; background:#727F5B" align="center" | <h3>'''[[OGD15_Speakers#Martin_Johns | TBA]]'''</h3><h4>Martin Johns</h4>
|-

| style="width:10%; background:#0079A7" | 14:45-15:15 || colspan="3" style="width:80%; background:#F2F2F2" align="center" | ''FIKA''
|-

| style="width:10%; background:#0079A7" | 15:15-16:00 || colspan="3" style="width:80%; background:#727F5B" align="center" | <h3>'''[[OGD15_Speakers#Marie_Moe | Unpatchable - Living with a vulnerable implanted device]]'''</h3><h4>Marie Moe</h4>
|-

| style="width:10%; background:#0079A7" | 16:15-17:00 || colspan="3" style="width:80%; background:#727F5B" align="center" | <h3>'''[[OGD15_Speakers#Michele_Orr.C3.BA | Dark FairyTales from a Phisherman (Vol. III)]]'''</h3><h4>Michele Orrú</h4>
|-

| style="width:10%; background:#0079A7" | 17:00-21:00 || colspan="3" style="width:80%; background:#F2F2F2" align="center" | <br> ''BEER, MINGLE, FOOD AND SECURITY CHAT'' <br><br>
|}

<br>

<H1><span style="color:gold">Gold Sponsor</span></H1>

<div class="center" >
[[image:atea_logo.png|link=http://www.atea.se/|600px]]

<br />
</div>

<H3><span style="color:silver">Silver Sponsors</span></H3>

<div class="center" >
[[image:op5_logo_3d_2703px.png|link=http://www.op5.com/|200px]]    
[[image:chalmers-logo.png|link=http://www.chalmers.se/|250px]]    
<br />
</div>

<H4><span style="color:skyblue">Event sponsors</span></H4>

<div class="center" >
[[image:mullvad-circle.png|link=https://mullvad.net/|70px]]    
[[image:assured_logo.png|link=https://www.assured.se/|80px]]    

<br />
</div>

= Registration =

Buy your ticket here:

[[File:EventBriteRegisterButton.png|link=https://www.eventbrite.com/e/owasp-gothenburg-day-2015-tickets-19260398370|Register for OWASP Gothenburg Day 2015]]

There are two major ticket types;
* Full day ticket, where an early-bird ticket will set you back SEK 470
* Afternoon ticket, where an early-bird ticket will cost SEK 300

''Note! There are still some parts of the budget to straighten out. If everything comes along according to plan we'll manage to keep the prices for standard tickets low, but we can't promise anything yet so make sure you grab your early bird ticket quickly!''

<h4>Full day ticket </h4>
Entitles you to participate on all sessions during the entire day. Note that the workshops have limited number of seats.
The tickets also entitles you coffee in the morning and afternoon, lunch, a light dinner and something to drink with that.

<h4>Afternoon ticket </h4>
Entitles you to participate on the afternoon presentations. The morning workshops are not included.
The tickets also entitles you coffee in the afternoon, a light dinner and something to drink with that.

''Note! OWASP paying members are eligible for the standard OWASP discount; in return for sending your Membership Number to mattias.jidhage@owasp.org you will receive a personal discount code to be used when ordering your OWASP Gothenburg Day 2015 ticket. Your Membership Number can be found when logging into the OWASP portal.''

= Sponsorship =

There is still one silver sponsor slot and one event sponsor slot open, please contact Mikael Falkvidd, mikael.falkvidd@mjo.se if your company is interested in getting your hands on one of those.
[[Category:Sweden]] [[Category:Gothenburg]]

= Policies =
Participants are required to abide by OWASP's [https://www.owasp.org/index.php/Governance/Conference_Policies#Anti_Harassment_Policy| Anti harassment policy]

[https://www.owasp.org/index.php/Governance/Conference_Policies#Cancellation_Policy| Refund/cancellation policy]

OWASP Gothenburg Day 2015

2015-11-19T16:04:40Z

Mjidhage: /* Venue */

[[File:Owaspgbg_brand_logo_web.png|options|500px]]

Welcome to THE security event of 2015 in Gothenburg! A full day with high quality speakers and workshops dedicated to security. If you are a developer or a security practitioner in the Gothenburg area participating is more or less mandatory, for all others it's just a really well spent day.

= Venue =
[[image:fasad.png|300px]]

[http://www.chalmerskonferens.se/en/konferensevent/lindholmen-conference-centre/ Lindholmen Conference Center], Lindholmspiren 5, 417 56 Göteborg <br>
Here is the [http://www.chalmerskonferens.se/wp-content/uploads/Skiss-konf-avd-LCC.pdf layout] of the rooms. <br>
How to get [http://www.chalmerskonferens.se/en/kontakt/lindholmen/#find_us there].

= Agenda & Speakers =

The detailed schedule is not yet set, this is a preliminary agenda

{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4058A0; color:white"|<h2>OWASP Gothenburg Day 2015</h2>
|-

| style="width:10%; background:#7B8ABD" | 08:30 || colspan="3" style="width:80%; background:#F2F2F2" align="center" | ''REGISTRATION OPENS''
|-

| style="width:10%; background:#7B8ABD" | Room || style="width:30%; background:#BC857A" align="center" | Tesla
| style="width:30%; background:#BCA57A" align="center" | Kelvin
| style="width:30%; background:#99FF99" align="center" | Newton
|-

| style="width:10%; background:#7B8ABD" | 09:00-10:00 || style="width:30%; background:#BC857A" align="center" | <h3>'''[[OGD15_Speakers#Sean_Duggan | OWASP Security Shepherd Workshop]]'''</h3><h4>Sean Duggan</h4> <br>
| style="width:30%; background:#BCA57A" align="center" | <h3>'''[[OGD15_Speakers#Jenny_Radcliffe | Social Engineering Workshop]]'''</h3><h4>Jennifer Radcliffe</h4> <br>
| style="width:30%; background:#99FF99" align="center" | <h3>'''[[OGD15_Speakers#Rikard_Bodforss | Forensics Workshop]]'''</h3><h4>Rikard Bodforss</h4><br>
|-

| style="width:10%; background:#7B8ABD" | 10:00-10:15 || colspan="3" style="width:80%; background:#F2F2F2" align="center" | ''COFFEE (suggested time)''
|-

| style="width:10%; background:#7B8ABD" | 10:15-11:15 || style="width:30%; background:#BC857A" align="center" | <br> '''OWASP Security Shepherd Workshop, cont.''' <br><br>
| style="width:30%; background:#BCA57A" align="center" | <br>'''Social Engineering Workshop, cont.''' <br><br>
| style="width:30%; background:#99FF99" align="center" | <br>'''Forensics Workshop, cont.''' <br><br>
|-

| style="width:10%; background:#7B8ABD" | 11:15-12:00 || style="width:30%; background:#BC857A" align="center" | <br>'''OWASP Security Shepherd Workshop, cont.''' <br><br>
| style="width:30%; background:#BCA57A" align="center" | <br> Time to practice your new skills <br><br>
| style="width:30%; background:#99FF99" align="center" | <br>'''Forensics Workshop, cont.''' <br><br>
|-

| style="width:10%; background:#7B8ABD" | 12:00-13:00 || colspan="3" style="width:80%; background:#F2F2F2" align="center" | ''LUNCH''
|-

| style="width:10%; background:#7B8ABD" | Room || colspan="3" style="width:80%; background:#C2C2C2" align="center" | Lindholmen Conference Hall
|-

| style="width:10%; background:#7B8ABD" | 13:00-13:45 || colspan="3" style="width:80%; background:#C2C2C2" align="center" | <h3>'''[[OGD15_Speakers#Mario_Heiderich | An Abusive Relationship with AngularJS – About the Security Adventures with the "Super-Hero" Framework]]'''</h3><h4>Mario Heiderich</h4>
|-

| style="width:10%; background:#7B8ABD" | 14:00-14:45 || colspan="3" style="width:80%; background:#C2C2C2" align="center" | <h3>'''[[OGD15_Speakers#Martin_Johns | TBA]]'''</h3><h4>Martin Johns</h4>
|-

| style="width:10%; background:#7B8ABD" | 14:45-15:15 || colspan="3" style="width:80%; background:#F2F2F2" align="center" | ''FIKA''
|-

| style="width:10%; background:#7B8ABD" | 15:15-16:00 || colspan="3" style="width:80%; background:#C2C2C2" align="center" | <h3>'''[[OGD15_Speakers#Marie_Moe | Unpatchable - Living with a vulnerable implanted device]]'''</h3><h4>Marie Moe</h4>
|-

| style="width:10%; background:#7B8ABD" | 16:15-17:00 || colspan="3" style="width:80%; background:#C2C2C2" align="center" | <h3>'''[[OGD15_Speakers#Michele_Orr.C3.BA | Dark FairyTales from a Phisherman (Vol. III)]]'''</h3><h4>Michele Orrú</h4>
|-

| style="width:10%; background:#7B8ABD" | 17:00-21:00 || colspan="3" style="width:80%; background:#F2F2F2" align="center" | <br> ''BEER, MINGLE, FOOD AND SECURITY CHAT'' <br><br>
|}

<br>

<H1><span style="color:gold">Gold Sponsor</span></H1>

<div class="center" >
[[image:atea_logo.png|link=http://www.atea.se/|600px]]

<br />
</div>

<H3><span style="color:silver">Silver Sponsors</span></H3>

<div class="center" >
[[image:op5_logo_3d_2703px.png|link=http://www.op5.com/|200px]]    
[[image:chalmers-logo.png|link=http://www.chalmers.se/|250px]]    
<br />
</div>

<H4><span style="color:skyblue">Event sponsors</span></H4>

<div class="center" >
[[image:mullvad-circle.png|link=https://mullvad.net/|70px]]    
[[image:assured_logo.png|link=https://www.assured.se/|80px]]    

<br />
</div>

= Registration =

Buy your ticket here:

[[File:EventBriteRegisterButton.png|link=https://www.eventbrite.com/e/owasp-gothenburg-day-2015-tickets-19260398370|Register for OWASP Gothenburg Day 2015]]

There are two major ticket types;
* Full day ticket, where an early-bird ticket will set you back SEK 470
* Afternoon ticket, where an early-bird ticket will cost SEK 300

''Note! There are still some parts of the budget to straighten out. If everything comes along according to plan we'll manage to keep the prices for standard tickets low, but we can't promise anything yet so make sure you grab your early bird ticket quickly!''

<h4>Full day ticket </h4>
Entitles you to participate on all sessions during the entire day. Note that the workshops have limited number of seats.
The tickets also entitles you coffee in the morning and afternoon, lunch, a light dinner and something to drink with that.

<h4>Afternoon ticket </h4>
Entitles you to participate on the afternoon presentations. The morning workshops are not included.
The tickets also entitles you coffee in the afternoon, a light dinner and something to drink with that.

''Note! OWASP paying members are eligible for the standard OWASP discount; in return for sending your Membership Number to mattias.jidhage@owasp.org you will receive a personal discount code to be used when ordering your OWASP Gothenburg Day 2015 ticket. Your Membership Number can be found when logging into the OWASP portal.''

= Sponsorship =

There is still one silver sponsor slot and one event sponsor slot open, please contact Mikael Falkvidd, mikael.falkvidd@mjo.se if your company is interested in getting your hands on one of those.
[[Category:Sweden]] [[Category:Gothenburg]]

= Policies =
Participants are required to abide by OWASP's [https://www.owasp.org/index.php/Governance/Conference_Policies#Anti_Harassment_Policy| Anti harassment policy]

[https://www.owasp.org/index.php/Governance/Conference_Policies#Cancellation_Policy| Refund/cancellation policy]

OWASP Gothenburg Day 2015

2015-11-05T19:45:19Z

Mjidhage: /* Agenda & Speakers */

OWASP Gothenburg Day 2015

2015-11-05T19:42:27Z

Mjidhage: /* Agenda & Speakers */

OGD15 Speakers

2015-11-05T19:39:41Z

Mjidhage:

= Mario Heiderich =

== Bio ==
Dr. Mario Heiderich, handsome heart-breaker, bon-vivant and (as he loves to call himself) "security researcher" is from Berlin, likes everything between lesser- and greater-than.

He leads the small yet exquisite pen-test company called Cure53 and pesters peaceful attendees on various 5th tier conferences with his hastily assembled PowerPoint-slides and a lot of FUD.

The closest Mario ever was to visiting 日本(Japan) was a wild ride between ESC$B and ESC(B so it's about time to pay a visit!)

== Title ==
An Abusive Relationship with AngularJS – About the Security Adventures with the "Super-Hero" Framework

== Abstract ==
Some voices claim that "Angular is what HTML would have been if it had been designed for building web applications". While this statement may or may not be true, is certainly accounts as one of the bolder ones a JavaScript web framework can ever issue. And where boldness is glistening like a German Bratwurst sausage in the evening sun, a critical review from a grumpy old security person shouldn’t be too far away. This talk will have a stern, very stern look at AngularJS in particular and shed light on the security aspects of this ever-popular tool. Did the super-hero framework do everything right and follow its own super-heroic principles? Does AngularJS increase or rather decrease the attack surface of a web application? How does AngularJS play along with the Content Security Policy, and was it a good idea to combine this kind of security with futuristic feature creep? And what about AngularJS version 2.0? Beware that we won’t stop at glancing at the code itself, investigating security best practices, and verifying compatibility and other common things that contribute to robust security (or lack thereof). We will cross the moral border and see if the AngularJS team could notice rogue bug tickets. A pivotal question that everyone is wondering about is: Have they successfully kept evil minds like yours truly speaker here from introducing new security bugs into the code base? This talk is a reckoning with a modern JavaScript framework that promises a lot and keeps even more, not necessarily for the best for developers and users. We will conclude in deriving a general lesson learnt and hopefully agree that progress doesn't invariably mean an enhancement.

= Michele Orrú =

== Bio ==
Michele Orru a.k.a. antisnatchor is the lead core developer and
smart-minds-recruiter for the BeEF project. Michele is also the
co-author of the "Browser Hacker's Handbook." He has a deep knowledge
of programming in multiple languages and paradigms, and is excited to
apply this knowledge while reading and hacking code written by others.
Michele loves lateral thinking, black metal, and the communist utopia
(there is still hope!). He also enjoys speaking and drinking at a
multitude of hacking conferences, including CONFidence, DeepSec,
Hacktivity, SecurityByte, AthCon, HackPra AllStars, OWASP AppSec USA,
44Con, EUSecWest, Ruxcon, InsomniHack, PXE, BlackHat and more we just
cant disclose. Besides having a grim passion for hacking and
programming, he enjoys leaving his Mac alone, while fishing on
saltwater and praying for Kubricks resurrection.

== Title ==
Dark FairyTales from a Phisherman (Vol. III)

== Abstract ==
Phishing and client-side exploitation DevOps for all
your needs. Combine BeEF, PhishingFrenzy and your fishy business to
automate most of the usual phishing workflow while minimizing human
interaction. Multiple real-life phishing engagements will be discussed,
together with the shiny new BeEF Autorun Rule Engine.

= Marie Moe =

== Bio ==
Marie Moe is passionate about incident handling and information sharing, she cares about public safety and securing systems that may impact human lives, this is why she has joined the grassroots organisation “I Am The Cavalry”. Marie is a research scientist at SINTEF ICT, and has a Ph. D. in information security. She has experience as a team leader at NorCERT, the Norwegian national CERT. Marie also teaches a class on incident management and contingency planning at Gjøvik University College in Norway. Marie loves to break crypto protocols, but gets angry when its in her own body.

== Title ==
Unpatchable - Living with a Vulnerable Implanted Device

== Abstract ==
My life depends on the functioning of a medical device, a pacemaker that generates each and every beat of my heart. This computer inside of me may fail due to hardware and software issues, due to misconfigurations or network-connectivity.

Yes, you read that correctly. The pacemaker has a wireless interface for remote monitoring and I am forced to become a human part of the Internet-of-Things. As a seasoned security-professional I am worried about my heart’s attack surface.

This talk will be focused on the problem that we have these life critical devices with vulnerabilities that can’t easily be patched without performing surgery on patients, my personal experience with being the host of such a device, and how the hacker community can proceed to work with the vendors to secure the devices.

= Jenny Radcliffe =

== Bio ==
Jenny Radcliffe - aka “The People Hacker” - is a force to be reckoned with. She can diffuse a crisis situation, talk her way into a secure building and spot a psychopath at a hundred paces. She has been called a mind reader and a ‘human lie detector’, and likened to a Jedi Knight.

In reality, she is an expert in Social Engineering (the human element of security), negotiations, non-verbal communication and deception, using her skills to help clients from corporations and law enforcement, to poker players, politicians and the security industry.

Using a mixture of scams, psychological tactics, advanced profiling and non verbal communication skills, Jenny highlights how criminals, special interest groups and others with mal-intent, can talk or trick their way into gaining access to personnel, buildings and confidential information. It’s a guaranteed eye-opener for everyone from the Board to the Staff – many of whom will not appreciate how intrinsically linked their personal and family security is with that of their employer!

== Title ==
The Invisible Man - Social Engineering Methods and Mindsets Revealed - Workshop

== Abstract ==
This session covers some of the most widely used social engineering methods and tactics and explains how these are used to breach the physical and human elements of organisations.
The workshop also covers the psychology behind Social Engineering attacks and explains how and why it works, revealing the hidden mindset of Social Engineers and the victims they target, illustrated by anecdotes and lessons learnt from successful real life attacks.

Key Points
- Understand the goals and motivations of Social Engineers
- Understand some of the most common attack methods and tricks deployed
- Revealing the dark psychology of Social Engineers. What makes a good Social Engineer? Why are they successful? Who do they target? How and why choose one company or individual over another
- Advice and guidance into protecting against Social Engineering attacks and creating awareness within our organisations and as individuals
- Interactive exercises, quiz and case study with prizes

= Sean Duggan =

== Bio ==
<TBA>

== Title ==
OWASP Security Shepherd - Workshop

== Abstract ==
How do you know a web site is secure? How do you know your credentials are safe online? What makes a web site safe? Do you even know the questions to ask to help determine this? HTTPs is not the answer and trust is no longer a solution. The only way to be sure is to perform ethical hacking on the web application using a combination of manual and automated pentesting techniques. These skills are in high demand in the market place right now - but how can one get them? Well that's easy... if you take the right first step!

Join Sean Duggan for a 3 hour hands on workshop that will bring attendees up to speed on all the latest and greatest security testing techniques that are a concern in the market today. Compete against other attendees to solve increasingly complex security puzzles derived from real world security threats. Workshop attendees will leave with a real familiarity of web and mobile security testing best practice, terminology, workflows, and commonly used tool kits.

Bring an open mind and your laptop

= Martin Johns =

== Bio ==
<TBA>

== Title ==
<TBA>

== Abstract ==
<TBA>

= Richard Bodforss =

== Bio ==
<TBA>

== Workshop ==
Forensics - Workshop

== Abstract ==
<TBA>

OGD15 Speakers

2015-11-05T19:35:00Z

OWASP Gothenburg Day 2015

2015-11-05T19:09:26Z

Mjidhage: /* Agenda & Speakers */

[[File:Owaspgbg_brand_logo_web.png|options|500px]]

Welcome to THE security event of 2015 in Gothenburg! A full day with high quality speakers and workshops dedicated to security. If you are a developer or a security practitioner in the Gothenburg area participating is more or less mandatory, for all others it's just a really well spent day.

= Venue =
Lindholmen Conference Center, December 8th 2015

= Agenda & Speakers =

The detailed schedule is not yet set, this is a preliminary agenda

{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4058A0; color:white" |

<h2>OWASP Gothenburg Day 2015</h2>
|-
| style="width:10%; background:#7B8ABD" | 08:30-09:30 || colspan="3" style="width:80%; background:#F2F2F2" align="center" | Registration <br> BREAKFAST - Provided by event sponsors @ Breakfast Sponsor
|-
| style="width:10%; background:#7B8ABD" | 09:30:-12:00 || style="width:30%; background:#BC857A" align="center" |

'''[[OGD15_Speakers | OWASP Security Shepherd]]''' <br>
''[http://authorurl.com Sean Duggan], OWASP [https://www.owasp.org/index.php/OWASP_Security_Shepherd Security Shepherd] Project Leader''<br>
<p>How do you know a web site is secure? How do you know your credentials are safe online? What makes a web site safe? Do you even know the questions to ask to help determine this? HTTPs is not the answer and trust is no longer a solution. The only way to be sure is to perform ethical hacking on the web application using a combination of manual and automated pentesting techniques. These skills are in high demand in the market place right now - but how can one get them? Well that's easy... if you take the right first step!
</p><p>
Join Sean Duggan for a 3 hour hands on workshop that will bring attendees up to speed on all the latest and greatest security testing techniques that are a concern in the market today. Compete against other attendees to solve increasingly complex security puzzles derived from real world security threats. Workshop attendees will leave with a real familiarity of web and mobile security testing best practice, terminology, workflows, and commonly used tool kits.
</p><p>
Bring an open mind and your laptop
</p>
| style="width:30%; background:#BCA57A" align="center" |
'''[[OGD15_Speakers | Social Engineering]]''' <br>
''[http://authorurl.com Jennifer Radcliffe]''<br>

| style="width:30%; background:#99FF99" align="center" |
'''[[OGD15_Speakers | Forensics]]''' <br>
''[http://authorurl.com Rikard Bodforss]''<br>
|-

| style="width:10%; background:#7B8ABD" | 12:00-13:00 || colspan="3" style="width:80%; background:#F2F2F2" align="center" | ''LUNCH - Provided by event sponsors @ LunchSponsor''
|-
| style="width:10%; background:#7B8ABD" | 13:00-13:45 || colspan="3" style="width:80%; background:#C2C2C2" align="center" | <h2>Mario Heiderich</h2><h3>An Abusive Relationship with AngularJS – About the Security Adventures with the "Super-Hero" Framework</h3>
|-
| style="width:10%; background:#7B8ABD" | 14:00-14:45 || colspan="3" style="width:80%; background:#C2C2C2" align="center" | <h2>Martin Johns</h2><h3>TBA</h3>
|-
| style="width:10%; background:#7B8ABD" | 14:45-15:30 || colspan="3" style="width:80%; background:#F2F2F2" align="center" | ''FIKA - Coffee break''
|-
| style="width:10%; background:#7B8ABD" | 15:30-16:15 || colspan="3" style="width:80%; background:#C2C2C2" align="center" | <h2>Marie Moe</h2><h3>Unpatchable - Living with a vulnerable implanted device</h3>
My life depends on the functioning of a medical device, a pacemaker that generates each and every beat of my heart. This computer inside of me may fail due to hardware and software issues, due to misconfigurations or network-connectivity. Yes, you read that correctly. The pacemaker has a wireless interface for remote monitoring and I am forced to become a human part of the Internet-of-Things. As a seasoned security-professional I am worried about my heart's attack surface.
|-
| style="width:10%; background:#7B8ABD" | 16:15-17:00 || colspan="3" style="width:80%; background:#C2C2C2" align="center" | <h2>Michele Orrú</h2><h3>Dark FairyTales from a Phisherman (Vol. III)</h3>
|-
| style="width:10%; background:#7B8ABD" | 17:00-21:00 || colspan="3" style="width:80%; background:#C2C2C2" align="center" | Beer, mingel, food and security talk
|}
<br>

<H1><span style="color:gold">Gold Sponsor</span></H1>

<div class="center" >
[[image:atea_logo.png|link=http://www.atea.se/|600px]]

<br />
</div>

<H3><span style="color:silver">Silver Sponsors</span></H3>

<div class="center" >
[[image:op5_logo_3d_2703px.png|link=http://www.op5.com/|200px]]    
[[image:chalmers-logo.png|link=http://www.chalmers.se/|250px]]    
<br />
</div>

<H4><span style="color:skyblue">Event sponsors</span></H4>

<div class="center" >
[[image:mullvad-circle.png|link=https://mullvad.net/|70px]]    
[[image:assured_logo.png|link=https://www.assured.se/|80px]]    

<br />
</div>

= Registration =

Tickets will be available shortly. Announcement will be made through the normal channels; the owasp-sweden mailing list and the @owaspgbg twitter account.

[[File:EventBriteRegisterButton.png|link=https://www.eventbrite.com/e/owasp-gothenburg-day-2015-tickets-19260398370|Register for OWASP Gothenburg Day 2015]]

= Sponsorship =

There is still one silver sponsor slot and one event sponsor slot open, please contact Mikael Falkvidd, mikael.falkvidd@mjo.se if your company is interested in getting your hands on one of those.
[[Category:Sweden]] [[Category:Gothenburg]]