This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "EUTour2013 Bucharest Agenda"
From OWASP
Oana Cornea (talk | contribs) |
Oana Cornea (talk | contribs) |
||
| (9 intermediate revisions by the same user not shown) | |||
| Line 38: | Line 38: | ||
Venue Address: Splaiul Independentei nr. 313, sector 6, Bucuresti, ROMANIA; Rectorship Building, Senate Hall<br> | Venue Address: Splaiul Independentei nr. 313, sector 6, Bucuresti, ROMANIA; Rectorship Building, Senate Hall<br> | ||
Postal cod: RO-060042'''<br> | Postal cod: RO-060042'''<br> | ||
| − | Venue Map: [ | + | Venue Map: [https://plus.google.com/101033585760098377632/about] |
|- | |- | ||
| align="center" style="background:#CCCCEE;" colspan="2" | '''Price and registration''' | | align="center" style="background:#CCCCEE;" colspan="2" | '''Price and registration''' | ||
|- | |- | ||
| align="center" style="background:#EEEEEE;" colspan="2" | This event is '''FREE''' <br> | | align="center" style="background:#EEEEEE;" colspan="2" | This event is '''FREE''' <br> | ||
| − | '''Registration Link to the Europe Tour''': | + | '''Registration Link to the Europe Tour''': <br>http://owasp-romaniachapter-eorg.eventbrite.com/'''<br> |
<br> | <br> | ||
|- | |- | ||
| Line 56: | Line 56: | ||
| style="width:40%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Description''' | | style="width:40%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Description''' | ||
|- | |- | ||
| − | | style="width:10%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | | + | | style="width:10%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | 02:30 pm<br>(30 mins) |
| − | | style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | | + | | style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | Introduction & Welcome |
| − | | style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | | + | | style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | Ionel Chirita, Claudiu Constantinescu |
| − | | style="width:40%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | | + | | style="width:40%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | Introduction to OWASP |
|- | |- | ||
| − | | style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | | + | | style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 03:15 pm <br>(45 mins) |
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Penetration Testing - a way for improving our cyber security | | style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Penetration Testing - a way for improving our cyber security | ||
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Adrian Furtună | | style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Adrian Furtună | ||
| − | | style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | | + | | style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | The talk presents a comparison between two internal penetration tests made in consecutive years at the same client. We will see the successful attack scenarios and the techniques used to take control over the network. Furthermore, we will see how and why the security posture of the client improved as a result of the penetration tests. |
|- | |- | ||
| − | | style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | | + | | style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 04:15 pm<br>(45 mins) |
| − | | style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | | + | | style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Android reverse engineering: understanding third-party applications |
| − | | style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | | + | | style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Vicente Aguilera |
| − | | style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | | + | | style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | It will present the objectives of the software reverse engineering and the techniques and tools to execute this process in Android applications. It will present, from a security analyst point of view and in a practical manner, the process of analyzing an existing application at Google Play Store. |
|- | |- | ||
| − | | style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | | + | | style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 05:15 pm<br>(45 mins) |
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | The Trouble with Passwords | | style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | The Trouble with Passwords | ||
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Mark Goodwin | | style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Mark Goodwin | ||
| − | | style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | | + | | style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Many developers still seem unsure of how to deal with passwords and password data. This presentation covers some common mistakes made when storing credentials and introduces some good ways of tackling them. |
|- | |- | ||
| − | | style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | | + | | style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 06:15 pm <br>(45 mins) |
| − | | style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | | + | | style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Hacking the ViewState in ASP.NET |
| − | | style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | | + | | style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Ovidiu Diaconescu |
| − | | style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | | + | | style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | The view state is a necessary evil of ASP.NET Web Forms. Without having the proper protection mechanisms in place, it is trivial to exploit. This session will teach you how to take advantage of unsecured web applications and how to tighten-up your own |
|- | |- | ||
| − | | style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | | + | | style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 07:15 pm <br>(45 mins) |
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Do you "GRANT ALL PRIVILEGES ..." in MySQL/MariaDB/Percona Server? | | style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Do you "GRANT ALL PRIVILEGES ..." in MySQL/MariaDB/Percona Server? | ||
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Gabriel Preda | | style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Gabriel Preda | ||
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | We discuss (at least) elementary security procedures for MySQL and it's forks. Dive through short information about MySQL forks, replication options and their security implications. Finally some notes on what changes about security when you scale MySQL. | | style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | We discuss (at least) elementary security procedures for MySQL and it's forks. Dive through short information about MySQL forks, replication options and their security implications. Finally some notes on what changes about security when you scale MySQL. | ||
|} | |} | ||
Latest revision as of 15:00, 31 May 2013
 |
OWASP EUROPE TOUR 2013 Tour Home Page |
| CONFERENCE | |
OWASP Europe Tour - Bucharest 2013Wednesday 5th June (Conference) | |
| DESCRIPTION | |
OWASP Europe TOUR, is an event across the European region that promotes awareness about application security, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.
| |
| OWASP MEMBERSHIP | |
| During the OWASP Europe Tour you could become a member and support our mission. |
|
CONFERENCE (Wednesday 5th of June) | |
| Date | Location |
| Wednesday 5th of June | Venue Location: University "Politehnica" of Bucharest Venue Address: Splaiul Independentei nr. 313, sector 6, Bucuresti, ROMANIA; Rectorship Building, Senate Hall |
| Price and registration | |
This event is FREE Registration Link to the Europe Tour:
| |
| Conference Details | |||||
| Time | Title | Speaker | Description | ||
| 02:30 pm (30 mins) |
Introduction & Welcome | Ionel Chirita, Claudiu Constantinescu | Introduction to OWASP | ||
| 03:15 pm (45 mins) |
Penetration Testing - a way for improving our cyber security | Adrian Furtună | The talk presents a comparison between two internal penetration tests made in consecutive years at the same client. We will see the successful attack scenarios and the techniques used to take control over the network. Furthermore, we will see how and why the security posture of the client improved as a result of the penetration tests. | ||
| 04:15 pm (45 mins) |
Android reverse engineering: understanding third-party applications | Vicente Aguilera | It will present the objectives of the software reverse engineering and the techniques and tools to execute this process in Android applications. It will present, from a security analyst point of view and in a practical manner, the process of analyzing an existing application at Google Play Store. | ||
| 05:15 pm (45 mins) |
The Trouble with Passwords | Mark Goodwin | Many developers still seem unsure of how to deal with passwords and password data. This presentation covers some common mistakes made when storing credentials and introduces some good ways of tackling them. | ||
| 06:15 pm (45 mins) |
Hacking the ViewState in ASP.NET | Ovidiu Diaconescu | The view state is a necessary evil of ASP.NET Web Forms. Without having the proper protection mechanisms in place, it is trivial to exploit. This session will teach you how to take advantage of unsecured web applications and how to tighten-up your own | ||
| 07:15 pm (45 mins) |
Do you "GRANT ALL PRIVILEGES ..." in MySQL/MariaDB/Percona Server? | Gabriel Preda | We discuss (at least) elementary security procedures for MySQL and it's forks. Dive through short information about MySQL forks, replication options and their security implications. Finally some notes on what changes about security when you scale MySQL. | ||
