This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP Romania InfoSec Conference 2014 Agenda"
From OWASP
Oana Cornea (talk | contribs) (Created page with "__NOTOC__ {|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="4" | style="width:100%" valign="mi...") |
Oana Cornea (talk | contribs) |
||
Line 16: | Line 16: | ||
| style="width:10%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | 11:00 - 11:15<br>(15 mins) | | style="width:10%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | 11:00 - 11:15<br>(15 mins) | ||
| style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | Introduction & Welcome | | style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | Introduction & Welcome | ||
− | | style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | | + | | style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | Oana Cornea |
| style="width:40%" valign="middle" height="30" bgcolor="#CCEEEE" align="justify" colspan="0" | Introduction to OWASP & Bucharest Event, Schedule for the Day | | style="width:40%" valign="middle" height="30" bgcolor="#CCEEEE" align="justify" colspan="0" | Introduction to OWASP & Bucharest Event, Schedule for the Day | ||
|- | |- | ||
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 11:15 - 12:00<br>(45 mins) | | style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 11:15 - 12:00<br>(45 mins) | ||
− | | style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | | + | | style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Keynote <br> |
− | | style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | | + | | style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | [http://www.linkedin.com/in/klesnicki Andrzej Klesnicki] |
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="justify" colspan="0" | TBD <br> | | style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="justify" colspan="0" | TBD <br> | ||
|- | |- | ||
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 12:05 - 12:50<br>(45 mins) | | style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 12:05 - 12:50<br>(45 mins) | ||
− | | style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | | + | | style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | OWASP O2 Platform : Automating Security Consultant's Knowledge/Workflows and Allowing non-security experts to access and consume Security Knowledge |
− | | style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | | + | | style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | [http://blog.diniscruz.com/p/about.html Dinis Cruz] |
− | | style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="justify" colspan="0" | | + | | style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="justify" colspan="0" | This presentation will show how to use the multiple O2 Platform tools and coding environments to perform multiple types of Application security analysis (from black-box browser-automation, to static-analysis code-reviews). A key part of the O2 Platform are the FluentSharp APIs which will be used for the demos (like the interactive creation of a custom Application security tool, which is then packaged as an stand-alone executable/cli-tool) |
|- | |- | ||
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 12:55 - 13:40<br>(45 mins) | | style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 12:55 - 13:40<br>(45 mins) | ||
− | | style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | | + | | style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | OWASP WordPress Security Checklist |
− | | style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | | + | | style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | [http://ro.linkedin.com/in/dancatalinvasile Dan Catalin Vasile] |
− | | style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="justify" colspan="0" | | + | | style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="justify" colspan="0" | In last year presentation I focused on breaking the WordPress ecosystem. Meanwhile I finished the OWASP project related to the security checklist every administrator should follow when implementing WordPress. It was an effort of gathering information from various sources and personal experience and setting a security baseline for WordPress. Furthermore, I also focused on the implementation of WordPress in corporate environments with general advises (which applies in general to the adoption of open source software by the business) and specific actions like central management and integration with Active Directory. |
|- | |- | ||
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 13:40 - 14:30<br>(50 mins) | | style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 13:40 - 14:30<br>(50 mins) | ||
Line 42: | Line 42: | ||
|- | |- | ||
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 14:30 - 15:15<br>(45 mins) | | style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 14:30 - 15:15<br>(45 mins) | ||
− | | style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | | + | | style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Secure continuous delivery: developer’s immediate connection to what they’re creating |
− | | style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | | + | | style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | [http://blog.diniscruz.com/p/about.html Dinis Cruz] |
− | | style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="justify" colspan="0" | | + | | style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="justify" colspan="0" | This presentation makes the case that when developers have access to powerful development CI (Continuous Integration) environments and code analysis/execution tools, they are able to: a) understand what their code is doing, b) refactor code with confidence, c) test they code efficiently and d) provide assurance that are writing secure code. This presentation will show real examples of what such environment looks like in .NET and NodeJS |
|- | |- | ||
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 15:20 - 16:05<br>(45 mins) | | style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 15:20 - 16:05<br>(45 mins) |
Revision as of 17:49, 30 September 2014
Agenda | |||||
Time | Title | Speaker | Description | ||
10:30 - 11:00 (30 mins) |
Registration | ||||
11:00 - 11:15 (15 mins) |
Introduction & Welcome | Oana Cornea | Introduction to OWASP & Bucharest Event, Schedule for the Day | ||
11:15 - 12:00 (45 mins) |
Keynote |
Andrzej Klesnicki | TBD | ||
12:05 - 12:50 (45 mins) |
OWASP O2 Platform : Automating Security Consultant's Knowledge/Workflows and Allowing non-security experts to access and consume Security Knowledge | Dinis Cruz | This presentation will show how to use the multiple O2 Platform tools and coding environments to perform multiple types of Application security analysis (from black-box browser-automation, to static-analysis code-reviews). A key part of the O2 Platform are the FluentSharp APIs which will be used for the demos (like the interactive creation of a custom Application security tool, which is then packaged as an stand-alone executable/cli-tool) | ||
12:55 - 13:40 (45 mins) |
OWASP WordPress Security Checklist | Dan Catalin Vasile | In last year presentation I focused on breaking the WordPress ecosystem. Meanwhile I finished the OWASP project related to the security checklist every administrator should follow when implementing WordPress. It was an effort of gathering information from various sources and personal experience and setting a security baseline for WordPress. Furthermore, I also focused on the implementation of WordPress in corporate environments with general advises (which applies in general to the adoption of open source software by the business) and specific actions like central management and integration with Active Directory. | ||
13:40 - 14:30 (50 mins) |
Lunch/Coffee Break | ||||
14:30 - 15:15 (45 mins) |
Secure continuous delivery: developer’s immediate connection to what they’re creating | Dinis Cruz | This presentation makes the case that when developers have access to powerful development CI (Continuous Integration) environments and code analysis/execution tools, they are able to: a) understand what their code is doing, b) refactor code with confidence, c) test they code efficiently and d) provide assurance that are writing secure code. This presentation will show real examples of what such environment looks like in .NET and NodeJS | ||
15:20 - 16:05 (45 mins) |
TBD | ||||
16:10 - 16:55 (45 mins) |
TBD | ||||
17:00 - 17:45 (45 mins) |
TBD |