OWASP Limerick Day 2013

Welcome to OWASP Limerick Day 2013

OWASP Limerick Day 2013 is a one day Security conference taking place on October 31st in Limerick, Ireland.

This major InfoSec event will bring together IT professionals and Security Researchers to discuss relevant topics related to Application Security.
Everyone is free to participate in OWASP. All OWASP materials are available under a free and open software license.

Conference day is free! - registration required

For ISACA and (ISC)² members: This event qualifies for free CPE credits/hours.

Who Should Attend?

Application Developers
Application Testers and Quality Assurance
Application Project Management and Staff
Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, Deputies, Associates and Staff
Chief Financial Officers, Auditors, and Staff Responsible for IT Security Oversight and Compliance
Security Managers and Staff
Executives, Managers, and Staff Responsible for IT Security Governance
IT Professionals
Students
Security Researchers
Anyone with an interest on Application Security

Donate to OWASP Limerick

Conference Day, October 31st

Location

Conference room: 4A01

(for details, check the Venue tab)

Agenda

Time	Speaker	Topic
08:30 - 09:00	Registration
09:00 - 09:20	OWASP Limerick Organization	Welcome & OWASP Update Link
09:20 - 10:10	Gerard Joyce Director of Enterprise Risk Management at LinkResQ	Managing Risks: An ISO 31000 Approach Link In November 2009 ISO published the definitive guide to best practice in the management of risks: the ISO 31000 risk management standard. ISO 31000 can be applied to any business and any activity. In this presentation Gerard Joyce will demonstrate how it can be applied in software development.
10:10 - 11:00	Oana Cornea Security Analyst at Electronic Arts	iOS Penetration Testing Cheat Sheet Link This presentation will highlight the main iOS applications attack vectors, techniques and tools to perform a pentest and mechanisms that can be implemented to reduce application vulnerabilities. These will be presented in connection with the OWASP Top Ten Mobile Risks and will provide practical guidance on how to improve the security of mobile applications.
11:00 - 11:20	Tea/Coffee Break
11:20 - 12:10	Patrick Fitzgerald Security Consultant at Ward Solutions	Introduction to Metasploit Link Patrick will introduce Metasploit and demonstrate what the framework is capable of out-of-the-box. The goal is to show both how useful the tool is for security professionals and how dangerous it can be in the wrong hands.
12:10 - 13:00	Simon Bennetts Security Automation Engineer at Mozilla	OWASP ZAP - whats even newer Link The Zed Attack Proxy is one of the most popular OWASP projects, and has an enthusiastic developer community which encourages participation. There are many new developments in progress that will provide functionality currently unavailable in other security tools. In this session Simon will give a quick introduction for newcomers to ZAP, and then dive into the latest changes.
13:00 - 14:00	Lunch Break
14:00 - 14:50	Ahmed Neil Database Administrator at Mansoura University	Digital Forensics: What, Why and How Link
14:50 - 15:40	Mark Goodwin Security Engineer at Mozilla	An Introduction to Firefox OS Security [] A look at Firefox OS, Mozilla's new mobile operating system, the proposed Open Web Applications standard and what these new technologies mean for application security specialists.
15:40 - 16:00	Tea/Coffee Break
16:00 - 16:05	OWASP Limerick Chapter Raffle - Sponsored InfoSec Books and Gadgets
16:05 - 16:50	Marian Ventuneac Security Architect at Genworth Financial	Social Enterprise Software: Risks & Countermeasures Link Social enterprise is reshaping the way employees communicate, work and collaborate for increased productivity. With all such benefits for the business, it could be easy to overlook the security risks. From exposure of confidential data and files, to the classic Cross-Site Scripting and Insecure Direct Object Reference issues, the lack of proper security controls could lead to serious data breaches. Unfortunately, social enterprise solutions are not immune to such risks. Marian will present various security risks identified for representative social enterprise solutions (from Salesforce, Blogtronix, Tibco , Yammer and Jive), while also providing recommendations on effective risks mitigation for adoption of social enterprise solutions.
16:50 - 17:30	Angelo Prado Senior Manager, Product Security at Salesforce.com Yoel Gluck Lead Product Security Engineer at Salesforce.com	SSL, gone in 30 seconds - a BREACH beyond CRIME Link In this hands-on talk, Angelo and Yoel will introduce new targeted techniques and research that allows an attacker to reliably retrieve encrypted secrets (session identifiers, CSRF tokens, OAuth tokens, email addresses, ViewState hidden fields, etc.) from an HTTPS channel. They will demonstrate this new browser vector is real and practical by executing a PoC against a major enterprise product in under 30 seconds. They will also describe the algorithm behind the attack, how the usage of basic statistical analysis can be applied to extract data from dynamic pages, as well as practical mitigations you can implement today. They will also describe the posture of different SaaS vendors vis-à-vis this attack while also presenting the BREACH tool.

Made possible by our Sponsors

[...] [...]

OWASP Limerick Day 2013

Welcome to OWASP Limerick Day 2013

Donate to OWASP Limerick

Conference Day, October 31st - Registration now open

Venue: Limerick Institute of Technology

Conference Day, October 31st

Location

Agenda

Event Sponsors

Become a sponsor of OWASP Ireland Limerick Chapter

Promotion

Made possible by our Sponsors

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Reference

Tools