This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "EUTour2013"
Line 71: | Line 71: | ||
{{:EUTour2013 Cambridge Agenda}} | {{:EUTour2013 Cambridge Agenda}} | ||
− | = | + | =London= |
− | {{: | + | {{:EUTour2013 London Agenda}} |
− | = | + | =Paris= |
− | {{: | + | {{:EUTour2013 Paris Agenda}} |
− | = | + | =Dublin= |
− | {{: | + | {{:EUTour2013 Dublin Agenda}} |
− | = | + | =Brussels= |
− | {{: | + | {{:EUTour2013 Brussels Agenda}} |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
=Training= | =Training= | ||
− | {{: | + | {{:EUTour2013 Training}} |
= CTF Competition = | = CTF Competition = | ||
− | The OWASP | + | The OWASP Europe 2013 CTF online competition is '''OFFLINE.''' To register and play visit the following URL: TBD |
'''Background information''' | '''Background information''' | ||
Line 151: | Line 135: | ||
= Team = | = Team = | ||
− | ''' | + | '''Europe Tour Team''' |
'''Chapter Leaders''' | '''Chapter Leaders''' | ||
− | + | *Simon Bennetts (Manchester Chapter) | |
+ | *Justin Clarke (London Chapter) | ||
+ | *Colin Watson (London Chapter) | ||
+ | *Ludovic Petit (France Chapter) | ||
+ | *Sebastien Deleersnyder (Belgium Chapter) | ||
+ | *Fiona Walsh (Dublin Chapter) | ||
+ | *Eoin Keary (Dublin Chapter) | ||
+ | *Fabio Cerullo (Dublin Chapter) | ||
'''Operations''' | '''Operations''' |
Revision as of 14:41, 22 April 2013
|
OWASP EUROPE TOUR 2013 Tour Home Page |
|
|
CONFERENCE AND TRAINING | |
OWASP Europe Tour - Cambridge 2013Monday 13th May (Conference) | |
DESCRIPTION | |
OWASP Europe TOUR, is an event across the European region that promotes awareness about application security, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.
| |
OWASP MEMBERSHIP | |
During the OWASP Europe Tour you could become a member and support our mission. |
CONFERENCE (Monday 13th May) | |
Fecha | Lugar |
Monday 13th May | Venue Location: Anglia Ruskin University (Cambridge) - Lord Ashcroft Building - Room LAB002 Venue Address: East Road, Cambridge, CB1 1PT |
Price and registration | |
This event is FREE Registration Link to the Europe Tour: OWASP Cambridge Chapter Registration
|
Conference Details | |||||
Time | Title | Speaker | Description | ||
11:00 (0 mins) |
Registration | ||||
11:45 (0 mins) |
Introduction & Welcome | Adrian Winckles - OWASP Cambridge Chapter Leader & Senior Lecturer | Introduction to OWASP & Anglia Ruskin University
Schedule for the Day | ||
12:00 (45 mins) |
Real Costs of Cybercrime | Ross Anderson (Cambridge University) | Following a systematic study of the costs of cybercrime, in response to a request from the UK Ministry of Defence following scepticism that previous studies had hyped the problem, each of the main categories of cybercrime we set out what is and is not known of the direct costs, indirect costs and defence costs { both to the UK and to the world as a whole. We distinguish carefully between traditional crimes that are now `cyber' because they are conducted online (such as tax and welfare fraud); transitional crimes whose modus operandi has changed substantially as a result of the move online (such as credit card fraud); new crimes that owe their existence to the Internet; and what we might call platform crimes such as the provision of botnets which facilitate other crimes rather than being used to extract money from victims
directly. | ||
12:45 (45 mins) |
Three Legged Cybercrime Investigation and its Implications | DI Stewart Garrick (Metropolitan Police ECrime Unit) | DI Stewart Garrick has over 27 years experience in the Metropolitan Police Service, 22 years as a detective and 10 years as a Detective Inspector. His career has been spent primarily on major crime units engaged on both proactive and reactive investigations, including 5 years investigating murders, 3 years on the Homicide Task Force (a proactive unit targeting those who would commit murder) and 5 years managing covert operations against organised crime. In March 2011 he joined Scotland Yard's Police Central eCrime Unit. He has witnessed the PCeU's growth from 40 officers to over 100 and has managed several high profile investigations. He has recently taken charge of the unit's cadre of police and civilian forensic examiners who are integrated into the unit's dynamic investigative model. He has this year completed an MSc in Countering Organised Crime and Terrorism at UCL, with a dissertation examining the emergence of radicalising settings based on Situational Action Theory. | ||
13:30 (45 mins) |
OWASP Mobile Top 10 | Justin Clarke - London OWASP Chapter Leader | The OWASP Mobile Security Project is a centralized resource intended to give developers and security teams the resources they need to build and maintain secure mobile applications. Through the project, our goal is to classify mobile security risks and provide developmental controls to reduce their impact or likelihood of exploitation.
As part of the overall Mobile Project , the Top 10 Mobile Risks include M1: Insecure Data Storage M2: Weak Server Side Controls M3: Insufficient Transport Layer Protection M4: Client Side Injection M5: Poor Authorization and Authentication M6: Improper Session Handling M7: Security Decisions Via Untrusted Inputs M8: Side Channel Data Leakage M9: Broken Cryptography M10: Sensitive Information Disclosure | ||
14:15 (45 mins) |
Refreshments & Networking | LAB107 | |||
15:00 (45 mins) |
Everything We Know is Wrong | Eoin Keary - OWASP Global Committee | The premise behind this talk is to challenge both the technical controls we recommend to developers and also out actual approach to testing. This talk is sure to challenge the status quo of web security today.
"Insanity is doing the same thing over and over and expecting different results." - Albert Einstein We continue to rely on a “pentest” to secure our applications. Why do we think it is acceptable to perform a time-limited test of an application to help ensure security when a determined attacker may spend 10-100 times longer attempting to find a suitable vulnerability? Our testing methodologies are non-consistent and rely on the individual and the tools they use. Currently we treat vulnerabilities like XSS and SQLI as different issues but the root causes it the same. – it’s all code injection theory!! Why do we do this and make security bugs over complex? Why are we still happy with “Testing security out” rather than the more superior “building security in”? | ||
15:45 (45 mins) |
Tricolour Alphanumercial Spaghetti | Colin Watson - OWASP Project Leader | Do you know your "A, B, Cs" from your "1, 2, 3s"?
Is "red" much worse than "orange", and why is "yellow" used instead of "green"? Just what is a "critical" vulnerability? Is "critical" the same as "very high"? How do PCI DSS "level 4 and 5" security scanning vulnerabilities relate to application weaknesses? Does a "tick" mean you passed? Are you using CWE and CVSS? Is a "medium" network vulnerability as dangerous as a "medium" application vulnerability? Can CWSS help? What is FIPS PUB 199? Does risk ranking equate to prioritisation? What is "one" vulnerability? Are you drowning in a mess of unrelated, classifications, terminology and abbreviations? If you are a security verifier and want to know more about ranking your findings more meaningfully, or receive test reports and want to better understand the results, or are just new to ranking weaknesses/vulnerabilities and want an overview, come along to this presentation. It will also explain why the unranked information-only ("grey" or "blue"?) findings might contain some of the best value information. | ||
16:30 (45 mins) |
Secure Coding, some simple steps help. | Steven van der Baan - OWASP Cambridge | Secure coding is often perceived as difficult and complex.
While it is true that 'good security' should be embedded into the design, there are a couple of steps a developer can take which lead to a more secure application. In this presentation we will go to the basics of secure application development and demonstrate these principles which help you build security into your application. |
CONFERENCE AND TRAINING | |
OWASP Europe Tour - London 2013Monday 3rd June | |
DESCRIPTION | |
OWASP Europe TOUR, is an event across the European region that promotes awareness about application security, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.
| |
OWASP MEMBERSHIP | |
During the OWASP Europe Tour you could become a member and support our mission. |
London EUTour2013 Conference Day (Monday 3rd June) | |
Date | Location |
Monday 3rd June | Venue Location: Lion Court Conference Centre Venue Address: 25 Procter Street, Holborn, London, WC1V 6NY |
Price and registration | |
This event is FREE and open to allRegistration Link to the Europe Tour: REGISTER HERE!
|
Conference Details | |||||
Time | Title | Speaker | Description | ||
09:00 am (45 mins) |
Registration and Tea/Coffee | ||||
9:45 am (15 mins) |
Introduction & Welcome Video |
Justin Clarke - London OWASP Chapter Leader | Introduction to OWASP & London Event Schedule for the Day | ||
10:00AM (45 mins) |
Managing Web & Application Security with OWASP – bringing it all together Video | Presentation |
Tobias Gondrom - OWASP Project Leader | Setting up, managing and improving your global information security organisation using mature OWASP projects and tools. Achieving cost-effective application security and bringing it all together on the management level. A journey through different organisational stages and how OWASP tools help organisations moving forward improving their web and application security. This talk will discuss a number of quick wins and how to effectively manage global security initiatives and use OWASP tools inside your organisation. | ||
10:45AM (45 mins) |
Using the O2 Platform, Zap and AppSensor to protect and test applications Video |
Dinis Cruz - OWASP O2 Platform Project Leader | This presentation will show how these 3 OWASP tools can be used to find and mitigate security vulnerabilities in applications. The O2 Platform will be used to analyse the target application source code, and automate the use of both Zap and AppSensor's capabilities | ||
11:30AM (45 mins) |
PCI for Developers No Video | Presentation to follow |
Fabio Cerullo, OWASP Ireland | The PCI-DSS and PA DSS standards are well known to security professionals and auditors, but how are these interpreted by software development teams? Usually is not clear whether all requirements are necessary and most importantly, how these should be implemented. This talk aims to help developers understanding the key points of these standards in a simple and fast approach and be able to implement them during the software development cycle. | ||
12:15PM (60 mins) |
Lunch | ||||
1:15PM (45 mins) |
Teaching an Old Dog New Tricks: Securing Development with PMD Video | Presentation |
Justin Clarke - London OWASP Chapter Leader | Using static analysis to identify software bugs is not a new paradigm. For years, developers have used static analysis tools to identifying code quality issues. While these tools may not be specifically designed for identifying security bugs. This presentation will discuss how custom security rules can be added to existing code quality tools to identify potential software security bugs. Writing custom software security rules for the popular Java code scanning tool PMD will be the focus of the presentation. | ||
2:00PM (45 mins) |
Your framework will fail you Video | Presentation |
Rory McCune - OWASP Scotland | A lot of reliance for Web Application Security is put in the framework that’s used. But here’s the bad news … it will fail you. There’s no such thing as perfect code, and web application frameworks are no exception. So how do you avoid the panic upgrades when a security alert hits your e-mail Inbox? This talk aims to give you some ideas about what you can do reduce reliance on individual security mechanisms and allow you to sleep more easily at night. | ||
2:45PM (30 mins) |
Tea/Coffee Break and Networking | ||||
3:15PM (45 mins) |
OWASP Cornucopia Project Video | Presentation |
Colin Watson - OWASP Project Leader | Microsoft's Elevation of Privilege (EoP) threat modelling card game has been refreshed into a new version more suitable for typical web applications, and aligned with OWASP advice and guides. "OWASP Cornucopia - Ecommerce Web Application Edition" will be presented and used to demonstrate how it can help developers identify security requirements from the OWASP Secure Coding Practices - Quick Reference Guide. The project is now referenced by a PCIDSS information supplement. | ||
4:00PM (45 mins) |
Secure Coding, some simple steps help Video | Presentation |
Steven van der Baan - OWASP Cambridge | Secure coding is often perceived as difficult and complex.
While it is true that 'good security' should be embedded into the design, there are a couple of steps a developer can take which lead to a more secure application. In this presentation we will go to the basics of secure application development and demonstrate these principles which help you build security into your application. |
CONFERENCE AND TRAINING | |
OWASP Europe Tour - Cambridge 2013Monday 13th May (Conference) | |
DESCRIPTION | |
OWASP Europe TOUR, is an event across the European region that promotes awareness about application security, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.
| |
OWASP MEMBERSHIP | |
During the OWASP Europe Tour you could become a member and support our mission. |
CONFERENCE (Monday 13th May) | |
Fecha | Lugar |
Monday 13th May | Venue Location: XXX Venue Address: XXX |
Price and registration | |
This event is FREE Registration Link to the Europe Tour: [TBD REGISTER HERE!]
|
Conference Details | |||||
Time | Title | Speaker | Description | ||
09:00 am (30 mins) |
Registration | ||||
9:45 am (45 mins) |
BLABLABLA | BLABLABLA | BLABLABLA | ||
10:15AM (45 mins) |
BLABLABLA | BLABLABLA | BLABLABLA |
CONFERENCE AND TRAINING | |
OWASP Europe Tour - Dublin 2013Tuesday 25th June (Training. Info about the training session) | |
DESCRIPTION | |
OWASP Europe TOUR, is an event across the European region that promotes awareness about application security, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.
| |
OWASP MEMBERSHIP | |
During the OWASP Europe Tour you could become a member and support our mission. |
Training (Wednesday 25th June) | |
When | Where |
Tuesday 25th June | Venue Location: TCube Venue Address: 32 - 34 Castle Street, Dublin 2, Ireland |
DEFENSIVE PROGRAMMING – JAVASCRIPT AND HTML5 HTML5 is the fifth revision of the HTML standard. HTML5, and its integration with JavaScript, introduces new
security risks that we need to carefully consider when writing web front-end code. Modern web-based software, including
mobile web front-end applications, makes heavy use of innovative JavaScript and HTML5 browser support to deliver
advanced user experiences. Front-end developers focus their efforts on creating this experience and are generally not aware
of the security implications of the technologies they use. The Defensive Programming – JavaScript/HTML5 course helps web front-end developers understand the risks involved with
manipulating the HTML Document Object Model (DOM) and using the advanced features of JavaScript and HTML 5 such as
cross-domain requests and local storage. The course reinforces some important security aspects of modern browser
architecture and presents the student with defensive programming techniques that can be immediately applied to prevent common vulnerabilities from being introduced. Additionally, the course provides a detailed description of typical JavaScript sources and sinks and explains how they can be used to detect problems in code. For more information about the training please see Further training information
| |
Price and registration | |
Price: 350€ Non members / 300€ OWASP members. Duration: 8 hours (09:00h - 18:00h)
Registration Link to the Europe Tour training: Register Here
|
CONFERENCE (Wednesday 26th June) | |
When | Where |
Wednesday 26th June | Venue Location: TCube Venue Address: 32 - 34 Castle Street, Dublin 2, Ireland |
Price and registration | |
This event is FREE Registration Link to the Europe Tour: Register Here
|
Conference Details - Times are subject to change | |||||
Time | Title | Speaker | Description | ||
09:30 (30 mins) |
Registration | ||||
10:00 (15 mins) |
Introduction | ||||
10:15 (15 mins) |
Interactive Workshop - Ultimate Fighting Championship: Bugs vs Flaws | Paco Hope | Abstract
We see a lot of defects in software and they fall broadly into two categories: bugs or flaws. How well we understand the defects and our correct categorisation influences how successful we will be fixing them. If we mistake a flaw for a bug and offer a point solution, we'll be back in the same situation as before, only with more broken code. If we mistake a bug for a flaw, we condemn ourselves to reengineering hunks of our system when a localised patch would do. Spend time with Paco Hope analysing defects from real systems. Create rules that distinguish bugs from flaws and cast your vote. Argue about what to do with them. Climb into the ring with that defect and pin it to the mat! Learning Objectives
Pre-Requisites All security and software developers should be prepared for this. Prior experience in mixed martial arts is not necessary. :) | ||
11:15 (15 mins) |
Coffee Break | ||||
11:30 (60 mins) |
Using the browser as a platform for security tools | Mark Goodwin | |||
12:30 (60 mins) |
Lunch | ||||
13:30 (60 mins) |
Lesson learned from the trenches of targeted attack | Robert McArdle | Targeted attacks are now a major worry for organisations. In this talk we will describe real life case studies of some of the largest and more sophisticated targeted attacks, including how we infiltrated and mapped criminal networks, and live demos of some such mapping in action.
In this talk we will discuss some of the major ongoing and previous targeted attack campaigns that have been uncovered by Trend Micro in the last year or so, such as Luckycat, Tinba and others. We will discuss in-depth the modus operandi of the criminals in these so called APT attacks, show how we mapped and infiltrated their infrastructure, and demo some of the tools and techniques that we use when carrying out these type of investigations. All of this presentation will focus on real technical details from real cases studies, and this presentation will also include live demos. KEY QUESTIONS
1) What is the reality (not the hype) of a modern targeted attack | ||
14:30 (15 mins) |
Coffee Break | ||||
14:45 (60 mins) |
The Building Security In Maturity Model (BSIMM) | Paco Hope | How do you know what security activities belong in your software lifecycle? How do you measure what you're doing? Begun in 2009, the BSIMM, is an observation-based scientific model directly describing the collective software security activities of more than sixty software security initiatives. Used as a measuring tool, BSIMM helps an organisation understand and plan their software security initiative. It covers the full framework of software development from requirements, architecture, code and test, to release management, governance, and training. This talk will introduce the measurements, explain what is measured, how it is measured, and how the measurement can be used to create or improve a software security initiative.
Paco Hope is a Principal Consultant at Cigital, helping Fortune 500 companies secure their software for over 10 years in a variety of industries like online gaming, financial services, retail, and embedded systems. He is the author of two books on security, the most recent being the Web Security Testing Cookbook and a frequent conference speaker. As and a member of (ISC)²'s Application Security Advisory Board, he helps create and advise on the direction of the CSSLP certification. His passion is empowering everyone in the software lifecycle—developers, testers, analysts—to make meaningful contributions to the securing of software. | ||
15:45 (60 mins) |
Needles in haystacks, why we are not solving the appsec problem & html hacking the | Eoin Keary | We continue to rely on a “pentest” to secure our applications. Why do we think it is acceptable to perform a time-limited test of an application to help ensure security when a determined attacker may spend 10-100 times longer attempting to find a suitable vulnerability? Our testing methodologies are non-consistent and rely on the individual and the tools they use. Currently we treat vulnerabilities like XSS and SQLI as different issues but the root causes it the same. – it’s all code injection theory!! | ||
16:45 (15 mins) |
Close |
OWASP EU TOUR 2013 | |||
== TRAINING SESSIONS == | |||
SPAIN - Barcelona | |||
Date | Location | ||
Jueves, 13 de junio de 2013 09:00h - 18:00h |
Universitat Ramon Llull, La Salle - URL Sant Joan de La Salle, 42 E-08022 Barcelona, Spain Aula: MFS.03 | ||
Fabio Cerullo |
Taller: Desarrollo Seguro usando OWASP ESAPI Este curso tiene como objetivo proporcionar los conocimientos y recursos necesarios para mejorar la seguridad de las aplicaciones Java utilizando las librerias OWASP Enterprise Security API (ESAPI). Estas librerias se han diseñado para que sea más fácil para los desarrolladores mejorar la seguridad en aplicaciones existentes, como asi tambien utilizarlas como base para el desarrollo de nuevas aplicaciones. Los principios generales aprendidos en el curso se puede aplicar en el contexto de otros lenguajes de programación.
Perfil del instructor Fabio Cerullo, CEO y fundador de Cycubix, ayuda a clientes de todo el mundo a mejorar la seguridad de aplicaciones desarrolladas internamente o por terceros, mediante la definición de políticas y normas, implementando iniciativas de desarrollo seguro y gestión de riesgos, así como brindando capacitación sobre el tema a desarrolladores, auditores, ejecutivos y profesionales. Duracion: 8 horas (09:00h - 18:00h)
Precio: 250€ No miembros / 200€ Miembros OWASP. Existen tambien descuentos para grupos y miembros de ATI.
Regístrese a este taller: HAGA CLIC AQUI! | ||
Date | Location | ||
Jueves, 13 de junio de 2013 14:00h - 18:00h |
Universitat Ramon Llull, La Salle - URL Sant Joan de La Salle, 42 E-08022 Barcelona, Spain Aula: MFS.04 | ||
Simón Roses |
Taller: OSINT + Python = Custom Hacking Workshop Taller práctico que combina el arte de OSINT (Open Source Inteligence) mediante el desarrollo de scripts en Python utilizando diversas API y librerías disponibles. A lo largo del taller se realizarán ejercicios prácticos con el objetivo de asimilar los conceptos por parte del alumno. Para entrar en materia se recomienda la lectura del siguiente artículo: Perfil del instructor Simón Roses eslicenciado en Informática por Suffolk University (Boston), Postgrado en E-Commerce, Harvard University (Boston) y Executive MBA, Instituto de Empresa (Madrid). En la actualidad es el CEO de VULNEX. Anteriormente formó parte de Microsoft, PriceWaterhouseCoopers y @Stake. Creador y colaborador en varios proyectos de código abierto de seguridad como OWASP Pantera y LibExploit, además de publicar avisos en seguridad de conocidos productos. Ponente habitual en eventos del sector de seguridad incluyendo BlackHat, RSA, OWASP, DeepSec, Source y Technets de seguridad de Microsoft. CISSP, CEH y CSSLP. Duracion: 4 horas (14:00h - 18:00h)
Precio: 125€ No miembros / 100€ Miembros OWASP. Existen tambien descuentos para grupos y miembros de ATI.
Regístrese a este taller: HAGA CLIC AQUI!. | ||
Date | Location | ||
Jueves, 13 de junio de 2013 09:00h - 13:00h |
Universitat Ramon Llull, La Salle - URL Sant Joan de La Salle, 42 E-08022 Barcelona, Spain Aula: MFS.04 | ||
Matias Katz |
Taller: OWASP Top 5 Esta formación incorporará las técnicas de ataque a plataformas Web más importantes en la actualidad, estandarizadas mediante la norma OWASP Top 5. El curso presentará al alumno la forma de realizar estos ataques, y las contramedidas necesarias para mitigar su riesgo en sus desarrollos. La clase contará con contenido teórico y demostraciones prácticas e interactivas de laboratorio. Esta formación está orientada a desarrolladores, administradores de bases de datos, analistas de sistemas, auditores de seguridad, jefes de proyecto, así como cualquier otro interesado en las principales técnicas de ataque y defensa en aplicaciones Web.
Perfil del instructor Matias Katz is an IT architect and a security specialist. He's CISSP, CEH and MCSE certified, and has 10 years of experience in the field, focusing in the implementation of security audits, in infrastructures and critic applications for big organizations, both private and public. After working at IBM for several years, in 2008 Matias founded Mkit Argentina (link: http://www.mkit.com.ar), a company that specializes in performing security audits, vulnerability analysis and penetration tests to organizations, companies and the public sector. The company also gives training of a high technical level for companies, organizations and end-users. Matias also works as an external consultant for the computer crimes division of the federal police department in Argentina, where he collaborates in open cases through the acquirement of digital evidence and performing active investigations for the potential suspects. He is a professor in 3 universities in Argentina, both in engineering courses and information security post-graduate degree courses. He has presented at some of the most important security conferences, like BlackHat, Ekoparty, H2HC, Campus Party. He has dozens of published papers, and has created many tools used daily by security professionals world-wide, for their security audits.
Duracion: 4 horas (09:00h - 13:00h)
Precio: 125€ No miembros / 100€ Miembros OWASP. Existen tambien descuentos para grupos y miembros de ATI.
Regístrese a este taller: HAGA CLIC AQUI!.
| ||
Ireland - Dublin | |||
Date | Location | ||
Tuesday, June 25th, 2013 09:00h - 18:00h |
TCube 32 - 34 Castle Street, Dublin 2, Ireland | ||
Paco Hope |
DEFENSIVE PROGRAMMING – JAVASCRIPT AND HTML5 HTML5 is the fifth revision of the HTML standard. HTML5, and its integration with JavaScript, introduces new
security risks that we need to carefully consider when writing web front-end code. Modern web-based software, including
mobile web front-end applications, makes heavy use of innovative JavaScript and HTML5 browser support to deliver
advanced user experiences. Front-end developers focus their efforts on creating this experience and are generally not aware
of the security implications of the technologies they use. The Defensive Programming – JavaScript/HTML5 course helps web front-end developers understand the risks involved with
manipulating the HTML Document Object Model (DOM) and using the advanced features of JavaScript and HTML 5 such as
cross-domain requests and local storage. The course reinforces some important security aspects of modern browser
architecture and presents the student with defensive programming techniques that can be immediately applied to prevent common vulnerabilities from being introduced. Additionally, the course provides a detailed description of typical JavaScript sources and sinks and explains how they can be used to detect problems in code. Prerequisites: Students should be familiar with Web programming environments and technologies including JavaScript
and HTML. Completion of the Foundations of Software Security, Attack and Defense, or OWASP Top Ten + 2 courses is
highly recommended.
Instructor Profile Mr. Hope is a Principal Consultant for Cigital with over 12 years experience in the securing of software and systems. He sets the technical direction in Europe and leads consultants delivering static source code analysis, architectural risk assessments, vulnerability assessments, and penetration tests. His experience covers web applications, online gaming (gambling), embedded gaming devices, lotteries, and business-to-business transaction systems. He has assessed systems for small startups with thousands of lines of code, and massive enterprises with thousands of applications and millions of lines of code. He is a frequent conference speaker at such venues as OWASP, RSA (US and Europe), Security B-Sides, and SecAppDev. He speaks on issues like integrating security into the software development lifecycle (SDLC), securing web applications, and secure random number generation. Paco is also involved in the leadership of the London Chapter of (ISC)2. He also serves on (ISC)2's Application Security Advisory Board, helping to advise on the direction of the Certified Secure Software Lifecycle Professional (CSSLP) certification. He has held the CISSP for nearly 10 years and the CSSLP since shortly after its creation. Mr. Hope has co-authored two books on software security: the Web Security Testing Cookbook and Mastering FreeBSD and OpenBSD Security. He has also authored a chapter of Gary McGraw's Building Security In.
Duration: 8 hours (09:00h - 18:00h)
Price: 350€ Non members / 300€ OWASP members.
Registration link: Register here. | ||
ITALY - Rome | |||
Date | Location | ||
Friday 28th June 09:00h - 13:00h |
Università Degli Studi Roma Tre | ||
Giorgio Fedon |
Title: Mobile Application Security and Security Development Introduction Students will learn mobile hacking techniques and remediation strategies for Android and iPhone operating systems. They will understand platform security models, mobile application secure design, mobile application security errors, mobile application vulnerabilities related to in-house development. Exploiting techniques for operating system components are explained in the extent they may impact on a company SSDLC process for their mobile applications.
Instructor Profile
Giorgio Fedon is the COO and a cofounder of Minded Security, where he is responsible for running daily operations of the company and managing Professional Services. Prior to founding Minded Security, Giorgio was employed as senior security consultant and penetration tester at Emaze Networks S.p.a., delivered code auditing, Forensic and Log analysis, Malware Analysis and complex Penetration Testing services to some of the most important Companies as Banks and Public Agencies in Italy. He participated as speaker in many national and international events talking mainly about web security and malware obfuscation techniques. He was also employed at IBM System & Technology Group in Dublin (Ireland).
Language: English and Italian
Duration: 4 horas (09:00h - 13:00h)
Price: The prices are: 125 Euro for non members / 100 Euro for members.
Registration Link: Register Here.
|
The OWASP Europe 2013 CTF online competition is OFFLINE. To register and play visit the following URL: TBD
Background information
Ever wonder what a CTF is, or ever been curious to have a go - but have no idea where to start? OWASP Security Shepherd has been designed and implemented with the aim of fostering and improving security awareness among a varied skill-set demographic. This project enables users to learn or to improve upon existing manual penetration testing skills.
The guys from Honeyn3t Ireland have created a customised version of the OWASP Security Shepherd for the OWASP EU Tour 2013.
More info about this project here:
https://www.owasp.org/index.php/OWASP_Security_Shepherd
Competition Rules
- No Denial of Service Attacks.
- No automated Scans (you might get banned).
- Do not generate large amounts of traffic.
- No destructive attacks (don't delete stuff).
- Please confine your hacking on the tasks that are explicitly free to hack.
- If you find a cheat or trick to solve things more easily, please report it for Bonus Points.
- The organizers might change the rules throughout the challenge.
- Participants breaking these rules might be penalized or excluded from the competition.
Winner Prize
- 1st Prize: An admission ticket to OWASP AppSec EU Conference to be hosted in Hamburg, Germany this August 2013.
- 2nd Prize: An Amazon gift card worth U$50.
Winner Announcement
The winners will be announced TBD.
Europe Tour Team
Chapter Leaders
- Simon Bennetts (Manchester Chapter)
- Justin Clarke (London Chapter)
- Colin Watson (London Chapter)
- Ludovic Petit (France Chapter)
- Sebastien Deleersnyder (Belgium Chapter)
- Fiona Walsh (Dublin Chapter)
- Eoin Keary (Dublin Chapter)
- Fabio Cerullo (Dublin Chapter)
Operations
Gold Sponsors |
||
Sponsors |
||
Event Supporters | ||
Educational Supporters |
||
Community Supporters |
||
|