Difference between revisions of "OWASP Romania InfoSec Conference 2013 Agenda"

Revision as of 20:42, 10 October 2013

Agenda
Time	Title	Speaker	Description
10:30 - 11:00 (30 mins)	Registration
11:00 - 11:15 (15 mins)	Introduction & Welcome	Oana Cornea	Introduction to OWASP & Bucharest Event, Schedule for the Day
11:15 - 12:00 (45 mins)	Secure Development LifeCycle (aka "The good the bad and the ugly implementations")	Martin Knobloch	Software development is not THAT new anymore, but it is still a fast changing work environment. We do develop more functionality faster, and the applications do even look more pretty! But what about security? Guess what, it is not a developers first priority! This presentation is about how to implement secure development strategy without blaming and bashing on developers. Instead of increasing the workload of the development-team with more process overhead, (security) quality gates, etc. Lets help developer by implementing impalpable mechanism!
12:05 - 12:50 (45 mins)	Practical Defense with mod_security Web Application Firewall	Marian Ventuneac	Marian will introduce the mod_security Web Application Firewall (WAF). This session will be a practical demonstration of mitigating security risks for a sample vulnerable Web application.
12:55 - 13:40 (45 mins)	Scanning Romania with Nessus (web part)	Adrian Furtuna	This talk presents the results of a passive vulnerability scan performed against all Romanian IP addresses, targeting all web servers listening on port 80. The research was performed against multiple network packet captures selected from the output of Carna botnet, which scanned Romania in July 2012.
13:40 - 14:30 (50 mins)	Lunch/Coffee Break
14:30 - 15:15 (45 mins)	Reading the minds	Anatolie Prisacaru	In my presentation I will focus the analysis of how web browsers and extensions keep in memory. I will start with a quick introduction on how to dump and analyse processes' random access memory maps on a Linux based operating system with basic tools and then run a quick code review to see a couple of weak points, find their Achilles' heel and finally prove why statements like "Your sensitive data is encrypted _locally_ before upload so even LastPass cannot get access to it" can be pretty misleading.
15:20 - 16:05 (45 mins)	Resolving 3 Common threats in MVC (A4 - Insecure Direct Object References , A3 - Cross-Site Scripting (XSS) , A8 - Cross-Site Request Forgery (CSRF) )	Andrei Ignat	Any website is confronted with hackers. The security measures are easy to follow - and this presentation shares to you this knowledge.
16:10 - 16:55 (45 mins)	Hacking the Wordpress ecosystem	Dan Catalin Vasile	This talk came from the personal need of securing multiple instances of Wordpress. An OWASP Project was initiated to gather the knowledge around this subject in one place. The presentation will address the following subjects: - securing the installation process - server side measures: backup, securing login, antivirus, regular scan, web firewall, monitoring, permissions, etc. - client side measures: personal devices security, password management, communication channels, etc. - hacking the infrastructure - hacking plugins
17:00 - 17:45 (45 mins)	iOS applications risks and defenses	Oana Cornea	The presentation will highlight the main iOS applications attack vectors, techniques and tools to perform a pentest and mechanisms that can be implemented to reduce application vulnerabilities. These will be presented in connection with the Owasp top ten mobile risks and will show how to improve the security of mobile applications.

@@ Line 29: / Line 29: @@
 Lets help developer by implementing impalpable mechanism!
 |-
-| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 12:05 - 13:50<br>(45 mins)
+| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 12:05 - 12:50<br>(45 mins)
 | style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Practical Defense with mod_security Web Application Firewall
 | style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | [http://ie.linkedin.com/in/mventuneac Marian Ventuneac]
 | style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="justify" colspan="0" | Marian will introduce the mod_security Web Application Firewall (WAF). This session will be a practical demonstration of mitigating security risks for a sample vulnerable Web application.
 |-
-| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 13:50 - 14:30<br>(40 mins)
+| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 12:55 - 13:40<br>(45 mins)
-| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Lunch/Coffee Break
-| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" |
-| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="justify" colspan="0" |
-|-
-| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 14:30 - 15:15<br>(45 mins)
 | style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Scanning Romania with Nessus (web part)
 | style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | [http://ro.linkedin.com/in/adrianfurtuna Adrian Furtuna]
@@ Line 45: / Line 40: @@
 The research was performed against multiple network packet captures selected from the output of Carna botnet, which scanned Romania in July 2012.
 |-
-| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 15:20 - 16:05<br>(45 mins)
+| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 13:40 - 14:30<br>(50 mins)
+| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" |Lunch/Coffee Break
+| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" |
+| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="justify" colspan="0" |
+|-
+| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 14:30 - 15:15<br>(45 mins)
 | style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Reading the minds
 | style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | [http://ro.linkedin.com/pub/anatolie-prisacaru/45/232/764 Anatolie Prisacaru]
 | style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="justify" colspan="0" | In my presentation I will focus the analysis of how web browsers and extensions keep in memory.<br> I will start with a quick introduction on how to dump and analyse processes' random access memory maps on a Linux based operating system with basic tools and then run a quick code review to see a couple of weak points, find their Achilles' heel and finally prove why statements like "Your sensitive data is encrypted _locally_ before upload so even LastPass cannot get access to it" can be pretty misleading.
 |-
-| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 16:10 - 16:55<br>(45 mins)
+| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 15:20 - 16:05<br>(45 mins)
 | style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Resolving 3 Common threats in MVC (A4 - Insecure Direct Object References , A3 - Cross-Site Scripting (XSS) , A8 - Cross-Site Request Forgery (CSRF) )
 | style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | [http://ro.linkedin.com/in/ignatandrei Andrei Ignat]
 | style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="justify" colspan="0" | Any website is confronted with hackers. The security measures are easy to follow - and this presentation shares to you this knowledge.
 |-)
-| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 17:00 - 18:45<br>(45 mins)
+| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 16:10 - 16:55<br>(45 mins)
 | style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Hacking the Wordpress ecosystem
 | style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | [http://ro.linkedin.com/pub/dan-catalin-vasile/1a/549/384 Dan Catalin Vasile]
@@ Line 66: / Line 66: @@
 - hacking plugins
 |-
-| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 18:50 - 19:35<br>(45 mins)
+| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 17:00 - 17:45<br>(45 mins)
 | style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | iOS applications risks and defenses
 | style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | [http://ro.linkedin.com/pub/oana-cornea/55/430/b10 Oana Cornea]

Difference between revisions of "OWASP Romania InfoSec Conference 2013 Agenda"

Revision as of 20:42, 10 October 2013

Agenda

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Reference

Tools