Difference between revisions of "OWASP Romania InfoSec Conference 2014 Agenda"

Latest revision as of 13:18, 2 November 2014

Agenda
Time	Title	Speaker	Description
10:00 - 10:30 (30 mins)	Registration
10:30 - 10:45 (15 mins)	Introduction & Welcome	Oana Cornea	Introduction to OWASP & Bucharest Event, Schedule for the Day
10:45 - 11:30 (45 mins)	Keynote	Andrzej Klesnicki	We tend to blame developers for every problem we have with web applications, is it really the case? Nevertheless who is responsible, what if we just do not have security emended in our process. How to deal with security when deployment days is close. Are we doomed or there is still something that we can do? This speech will look for those answers.
11:50 - 12:35 (45 mins)	OWASP O2 Platform : Automating Security Consultant's Knowledge/Workflows and Allowing non-security experts to access and consume Security Knowledge	Dinis Cruz	This presentation will show how to use the multiple O2 Platform tools and coding environments to perform multiple types of Application security analysis (from black-box browser-automation, to static-analysis code-reviews). A key part of the O2 Platform are the FluentSharp APIs which will be used for the demos (like the interactive creation of a custom Application security tool, which is then packaged as an stand-alone executable/cli-tool)
12:55 - 13:40 (45 mins)	OWASP WordPress Security Checklist	Dan Catalin Vasile	In last year presentation I focused on breaking the WordPress ecosystem. Meanwhile I finished the OWASP project related to the security checklist every administrator should follow when implementing WordPress. It was an effort of gathering information from various sources and personal experience and setting a security baseline for WordPress. Furthermore, I also focused on the implementation of WordPress in corporate environments with general advises (which applies in general to the adoption of open source software by the business) and specific actions like central management and integration with Active Directory.
13:40 - 14:30 (50 mins)	Lunch/Coffee Break
14:30 - 15:15 (45 mins)	Secure continuous delivery: developer’s immediate connection to what they’re creating	Dinis Cruz	This presentation makes the case that when developers have access to powerful development CI (Continuous Integration) environments and code analysis/execution tools, they are able to: a) understand what their code is doing, b) refactor code with confidence, c) test they code efficiently and d) provide assurance that are writing secure code. This presentation will show real examples of what such environment looks like in .NET and NodeJS
15:20 - 16:05 (45 mins)	Secure coding with python	Enrico Branca	TBD
16:10 - 16:55 (45 mins)	Shellshock Vulnerability	Tudor Enache	Discussion of one of the most popular 0-days in recent years. What's shellshock? What are the attack vectors? How do you mitigate it? Additionally we will brainstorm about how to efficiently deal with such bugs and understand the real threat of 0-days.

@@ Line 20: / Line 20: @@
 |-
 | style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 10:45 - 11:30<br>(45 mins)
-| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Keynote <br>
+| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | [https://www.owasp.org/images/a/a9/Qualys_OWASP_RO_Oct2014.pdf Keynote] <br>
 | style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | [http://www.linkedin.com/in/klesnicki Andrzej Klesnicki]
-| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="justify" colspan="0" | TBD <br>
+| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="justify" colspan="0" | We tend to blame developers for every problem we have with web applications, is it really the case? Nevertheless who  is responsible, what if we just do not have security emended in our process. How to deal with security when deployment days is close. Are we doomed or there is still something that we can do? This speech will look for those answers.  <br>
 |-
@@ Line 32: / Line 32: @@
 |-
 | style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 12:55 - 13:40<br>(45 mins)
-| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | OWASP WordPress Security Checklist
+| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | [https://www.owasp.org/images/1/13/WordPress_Security_Implementation_Guideline_-_OWASP_Romania_InfoSec_Conference_2014.pdf OWASP WordPress Security Checklist]
 | style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | [http://ro.linkedin.com/in/dancatalinvasile Dan Catalin Vasile]
 | style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="justify" colspan="0" | In last year presentation I focused on breaking the WordPress ecosystem. Meanwhile I finished the OWASP project related to the security checklist every administrator should follow when implementing WordPress. It was an effort of gathering information from various sources and personal experience and setting a security baseline for WordPress. Furthermore, I also focused on the implementation of WordPress in corporate environments with general advises (which applies in general to the adoption of open source software by the business) and specific actions like central management and integration with Active Directory.
@@ Line 47: / Line 47: @@
 |-
 | style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 15:20 - 16:05<br>(45 mins)
-| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Secure coding with python
+| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | [https://www.owasp.org/images/c/cb/OWASP_Romania_Branca.pdf Secure coding with python]
 | style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | [http://fr.linkedin.com/in/ebranca Enrico Branca]
 | style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="justify" colspan="0" | TBD
 |-)
 | style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 16:10 - 16:55<br>(45 mins)
-| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Shellshock Vulnerability
+| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | [https://www.owasp.org/images/1/1b/Shellshock_-_Tudor_Enache.pdf Shellshock Vulnerability]
 | style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | [http://ae.linkedin.com/pub/tudor-enache-oscp-oswp-gwapt-ceh-ecsa/28/261/604 Tudor Enache]
 | style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="justify" colspan="0" | Discussion of one of the most popular 0-days in recent years. What's shellshock? What are the attack vectors? How do you mitigate it? Additionally we will brainstorm about how to efficiently deal with such bugs and understand the real threat of 0-days.

Difference between revisions of "OWASP Romania InfoSec Conference 2014 Agenda"

Latest revision as of 13:18, 2 November 2014

Agenda

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Reference

Tools