This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP Indonesia Day 2017"

From OWASP

Jump to: navigation, search

@@ Line 7: / Line 7: @@
 ! width="500" align="center" | <br>
 |-
-| align="center" | [[Image:Owasp_id_day_re2.jpg|800px]]
+| align="center" | [[Image:bro.jpg|800px]]
 | align="center" |
@@ Line 173: / Line 173: @@
 OWASP Indonesia Day 2017 will be held in Yogyakarta  on the 9 th of september, 2017 and is a security conference entirely dedicated to application security.
-The conference is once again being hosted by the Jogja Digital Valley with their support and assistance.
 OWASP Indonesia Day 2017 is a free event, but requires sponsor support to help be an instructive and quality event for the Yogyakarta community.
 OWASP is strictly not for profit. The sponsorship money will be used to help make OWASP Indonesia Day 2017  a free, compelling, and valuable experience for all attendees.
@@ Line 245: / Line 245: @@
 ==Conference Committee==
-* Ade Yoseman  - OWASP Indonesia Leader (Jakarta)
+* Ade Yoseman  - Conference Chair
-* Ikhwan Dirga Pratama -  OWASP Indonesia Board member (Jakarta)
+* Ali Kaharu
 ==Volunteer==
@@ Line 289: / Line 288: @@
 Contact us at [mailto:ade.putra@owasp.org ade.putra@owasp.org]
 </font>
+=Training=
+Date: Sunday 10 September 2017<br>
+{{:OWASP Indonesia Day 2017 Workshop}}
 =Speaker=
-[[File:Jays.jpg]] <br>'''Jay Rajesh Thakor'''
-I am Jay Rajesh Thakor, the founder/Director of Skinox India and Skinox Singapore.
-I am Cyber Security professional and Forensic Investigator.
-I have my own research in Cryptography Stegnography
-Went through ethical hacking,networking and Forensic Investigation Courses.
-Now running Skinox in singapore.
-Devoloping own crypto currency and Secure Mobile system.
-As well as hardware wallets...for crypto currency.
-And soob we ll release our own mobile phone manufecturing units <br>
+[[File:Suman.jpg|200px]]<br>'''Suman Sourav'''(Keynote Speaker)<br>
+<br> Application Security in DevOps Era ([[Media:OWASP_Indonesia_Day2017_Suman.pdf|PDF]])<br><br>
+SOFTWARE SECURITY ASSURANCE & DEVSECOPS PROFESSIONAL - VANTAGE POINT SECURITY PTE. LTD SINGAPORE<br>
+Suman has more than a decade experience in designing secure-SDLC programs and is passionate about integrating security into the development lifecycle. He is skilled beyond existing static analysis tools and code review techniques and shaping the way the industry secures code in a Continuous Deployment world. He has worked with various financial and non-financial institutions to implement software security life-cycle and has strong experience of creating an organizational framework to break silos security culture in the organization and builds an unified approach to deal with the root cause of software security problems. <br>
-[[File:Girin.jpg|200px]]] <br>'''Girindro Pringgo Digdo'''<br>
+[[File:Sven.jpg|200px]]<br>'''Sven Schleier'''<br>
+Fixing Mobile AppSec: The OWASP Mobile ([[Media:OWASP_Day_Indonesia_2017_-_Fixing_Mobile_AppSec.pdf|PDF]])<br><br>
+Project
+{{:User:Sven_Schleier}}
+<br>
+[[File:Girin.jpg|200px]] <br>'''Girindro Pringgo Digdo'''<br>
+<br>Threat Modeling Using STRIDE([[Media:Threat_Modeling_Using_STRIDE_v1.1.pdf|PDF]])<br><br>
 CYBERQUOTE PTE LTD<br>
 Girindro Pringgo Digdo Is a person interested in security information. He did some research
-And help Institution / good company Private and government In conducting the assessment,
+And help Institution /  private company and government In conducting the assessment,
 Write, and give Recommendations on findings-Information security findings.<br><br>
 Current activity as Security Consultant at a Company in Singapore.
 In The weekend he took the time to teach the Student College in Information Security. In addition he is also active writing
-As well as being a resource person at a seminar entitled security information.
+As well as being a resource person at a seminar entitled security information.<br><br>
-[[File:Suman.jpg|200px]]] <br>'''Suman Sourav'''<br>
+[[File:Damara Putra Pratama.jpg|200px]] <br>''' Damara Putra Pratama , OSCP - CyberMantra '''<br>
-SOFTWARE SECURITY ASSURANCE & DEVSECOPS PROFESSIONAL - VANTAGE POINT SECURITY PTE. LTD SINGAPORE<br>
-Suman has more than a decade experience in designing secure-SDLC programs and is passionate about integrating security into the development lifecycle. He is skilled beyond existing static analysis tools and code review techniques and shaping the way the industry secures code in a Continuous Deployment world. He has worked with various financial and non-financial institutions to implement software security life-cycle and has strong experience of creating an organizational framework to break silos security culture in the organization and builds an unified approach to deal with the root cause of software security problems. <br>
+IT Security Researcher in CyberMANTRA and currently help the ministry and Telecom Provider in Indonesia. I was certified as OSCP
+<br><br>
-[[File:Sven.jpg|200px]]] <br>'''Sven Schleier'''<br>
+[[File:Bagus_Prasetyo_Budiono.jpg|200px]]<br>'''Bagus Prasetyo Budiono, OSCP - CyberMantra'''<br>
+SECURITY RESEARCHER - CYBERMANTRA<br>
-{{:User:Sven_Schleier}}
+IT Security Researcher in CyberMANTRA and currently help the ministry and Telecom Provider in Indonesia. I was certified as OSCP
-<br>
-[[File:Jordan.jpg|200px]]] <br>'''Jordan Andrean , OSCP , CyberSec Hr'''<br>
-is a Security Researcher from CyberMantra who actively helps Government, Bank and Telecommunications Industry. Currently has OSCP Certification from Kali Linux, Certification from Hack in The Box Training and Cyber Security Certification From Algebra University Croatia.
-Abstract :
-This platform for Hacking Learning activities through the browser using various existing operating system, User will get Kali Linux As Client (Attacker) and Multiple Operating System as victim (Target). This platform is suitable for capture the flag. This platform does not use remote desktop protocol or vnc.
-Advantages:
-. No Need to Have PC / Laptop With High Specifications
-. Support All Devices
-. Easy and Simple Using only the browser
-. Data Center Bandwidth
 <br><br>
+[[File:Dyan_Galih.jpg|200px]]<br>'''Dyan Galih'''<br>
-[[File:Dyan Galih.jpg|200px]]] <br>'''Dyan Galih'''<br>
+Head Of Technology Kulina & CTO PT Asanka<br> [https://slides.com/dyangalih/owasp/live#/ PPT ] <br>
-CTO PT. Asanka<br>
 <br>
+[[File:Yenisetiawan.jpg|200px]]<br>'''Yeni Setiawan'''<br>
+<br>Cloud with a chance of security breach([[Media:OWASP_slide_Rumahwbe.pdf|PDF]])<br>
+RUMAHWEB INDONESIA<br>
+Web developer with years of experience in web technology, formerly system administrator and technical support representative. Interested in software automation, software-defined radio, and involved in localization of two major web browsers.<br>
-[[File:Dedi.jpg|200px]]] <br>'''Dedy Hariyadi''<br>
+[[File:Dedi.jpg|200px]]<br>'''	Dedy Hariyadi''<br>
+Researchers who are members of the Indonesia Digital Forensics Community aka FORKID. Obtained a master’s degree in Digital Forensics from the Universitas Islam Indonesia. Currently focusing more on the field of Mobile Forensics Research, one community shared work is a BBM forensic application called BBMPork.<br>
+[http://milisdad.github.io/Presentasi/owasp2017/index.html#/step-1 PPT]
+<br><br>
 =Trainer=
 Mastering burp suite pro<br>
-[[File:Rheno Sulistyo, A.Md., OSCP.jpg|200px]]] <br>'''Rheno Sulistyo, OSCP'''<br>
+[[File:Rheno Sulistyo, A.Md., OSCP.jpg|200px]] <br>'''Rheno Sulistyo, OSCP'''<br>
 <br>
 SECURITY RESEARCHER - CYBERMANTRA<br><br>
 Introduction Digital Forensics<br>
-[[File:Aat.jpg|200px]]] <br>'''Achmad Syafaat'''<br>
+[[File:Aat.jpg|200px]] <br>'''Achmad Syafaat'''<br>
 Achmad Syafaat, working in Id-SIRTII/CC as a cyber security researcher in data mining, digital forensics and also managing cyber security training. As well as a lecturer at the Faculty of Computer Science University of Subang. He holds a master of computer science from Langlangbuana University. Experienced as cyber security analyst, security assessment, digital forensics, cyber defense, cyber security incident response, and cyber security trainer.
+<br>Introduction Digital Forensics([[Media:Introduction_to_Digital_Forensics--en-id--OWASP-ID-DAY-2017.pdf|PDF]])<br>
 <br>
-Topic: Statefull tracking with ids/ips <br><br>
-[[File:Zak.jpg|200px]]] <br>''' Zakaria Achmad'''<br>
-Training experience <br>
-Amanah Ikhtiar Malaysia Network Forensic TCPIP 4 days<br>
-Wireshark Analaysis Kolej Komuniti Sabak Bernam 3 days<br>
-Linux Basic-Inter Mdec program graduate  15 days<br>
-Jabatan Perkhidmatan Awam(JPA) linux basic  Admin-Server 4 days<br>
-Network Forensic with wireshark TCPIP University Perguruan Sultan Idris(UPSI) 1 days<br>
-Network Forensic Tunnelling/Reverse Shell University Petronas Malaysia(UTP) 2 days Tronoh Perak<br>
-Network DDOS attack analysis  University Petronas Malaysia(UTP) 1 days Tronoh Perak<br>
-Web Honeypot Training for Mindef Military 2 days <br>
-<br>

Latest revision as of 08:56, 29 January 2018

Welcome
Registration
Call For Presentations
Call For Sponsorships
Conference Sponsors
Conference Venue
Team
Conference structure
Training
Speaker
Trainer
About Yogyakarta

We are proud to announce the first OWASP Indonesia Day conference, to be held at STMIK AKAKOM Yogyakarta on Saturday September 09th, 2017. Workshop on September 10 th, 2017. OWASP Indonesia Day is a one-day conference dedicated to application security, with an emphasis on secure architecture and development techniques to help developers build more secure applications.

Call for Speakers is Closed

Who is it for?

Web Developers: There will be a choice of two streams in the morning. First stream covering introductory talks to application security, second stream covering deeper technical topics. Afternoon sessions will cover various defensive topics, with a DevSecOps cluster of talks in stream two after afternoon tea break.
Security Professionals and Enthusiasts: Technical sessions later in the day will showcase new and interesting attack and defence topics.

Who Should Attend OWASP Indonesia Day conference 2017:

Application Developers
Application Testers and Quality Assurance
Application Project Management and Staff
Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, Deputies, Associates and Staff
Chief Financial Officers, Auditors, and Staff Responsible for IT Security Oversight and Compliance
Security Managers and Staff
Executives, Managers, and Staff Responsible for IT Security Governance
IT Professionals Interested in Improving IT Security

Registration for the main conference day is now open: Conference Registration Here

Follow us on twitter OWASPJAKARTA
If you dont have paypal you can still register via transfer ATM (just click this link)

OWASP Member Is Free For join Conference please register OWASP Membership Today.

Event	Yogyakarta Student	Public
1. Seminar a. Seminar	IDR30.000	IDR150.000
2. Workshop a. Statefull tracking with ids/ips b. Introduction digital forensics c. Mastering burpsuite pro	IDR30.000 IDR30.000 IDR30.000	IDR150.000 IDR150.000 IDR150.000

Event

Yogyakarta Student

Public

1. Seminar

a. Seminar

IDR30.000

IDR150.000

2. Workshop

a. Statefull tracking with ids/ips
b. Introduction digital forensics
c. Mastering burpsuite pro

IDR30.000
IDR30.000
IDR30.000

IDR150.000
IDR150.000
IDR150.000

-->==Important dates==

CFP submission deadline: 15 th august 2017
Conference Registration deadline: 5th september 2017
Conference Day date: 09th september 2017

For those of you booking flights, ensure you can be at the venue at 9:00am, the conference will end by 6:00pm however we will have post conference drinks at a local drinking establishment for those interested.

OWASP Indonesia Day conferences attract a high quality of speakers from a variety of security disciplines including architects, web developers and engineers, system administrators, penetration testers, policy specialists and more.

We would like a variety of technical levels in the presentations submitted, corresponding to the three sections of the conference:

Introductions to various Web Application Security topics, and the OWASP projects
Technical topics
Policy, Compliance and Risk Management

The introductory talks should appeal to an intermediate to experienced web developer, without a solid grounding in web application security or knowledge of the OWASP projects. These talks should be engaging, encourage developers to learn more about web application security, and give them techniques that they can immediately return to work and apply to their jobs.

Technical topics are running all day and should appeal to two audiences - experienced web application security testers or researchers, and web developers who have a “OWASP Top Ten” level of understanding of web attacks and defenses. You could present a lightning, short or long talk on something you have researched, developed yourself, or learnt in your travels. Ideally the topics will have technical depth or novelty so that the majority of attendees learn something new.

We would also like to invite talks that will appeal to those interested in the various non-technical topics that are important in our industry. These talks could focus on the development of policies, dealing with compliance obligations, managing risks within an enterprise, or other issues that could appeal to those in management roles.

We encourage presentations to have a strong component on fixing and prevention of security issues. We are looking for presentations on a wide variety of security topics, including but not limited to:

Web application security
Mobile security
Secure development
Vulnerability analysis
Threat modelling
Application exploitation
Exploitation techniques
Threat and vulnerability countermeasures
Platform or language security (JavaScript, NodeJS, .NET, Java, RoR, etc)
Penetration Testing
Browser and client security
Application and solution architecture security
PCI DSS
Risk management
Security concepts for C*Os, project managers and other non-technical attendees
Privacy controls

The submission will be reviewed by the OWASP Indonesia Day conference committee and the highest voted talks will be selected and invited for presentation.

PLEASE NOTE:

Due to limited budget available, expenses for international speakers cannot be covered.
If your company is willing to cover travel and accommodation costs, the company will become "Support Sponsor" of the event.

Thank you to all those who have submitted talks. The call for presentations is opening now.

Call For Sponsorships

OWASP Indonesia Day 2017 will be held in Yogyakarta on the 9 th of september, 2017 and is a security conference entirely dedicated to application security.

OWASP Indonesia Day 2017 is a free event, but requires sponsor support to help be an instructive and quality event for the Yogyakarta community. OWASP is strictly not for profit. The sponsorship money will be used to help make OWASP Indonesia Day 2017 a free, compelling, and valuable experience for all attendees.

The sponsorship funds collected are to be used for things such as:

Name tags - we feel that getting to know people within the Yogyakarta community is important, and name tags make that possible.
Promotion - up to now our events are propagating by word of mouth. We would like to get to a wider audience by advertising our events.
Printed Materials - printed materials will include brochures, tags and lanyards.

Sponsorships

There are three different levels of sponsorships for the OWASP Day event:

Support Sponsorship: (Covering international speaker travel expenses, media coverage/article/promotion of the event)

Includes:

Publication of the sponsor logo on the event web site -https://www.owasp.org/index.php/OWASP_Indonesia_Day_2017

Silver Sponsorship: 7.000.000 IDR

Includes:

Publication of the sponsor logo on the event web site - https://www.owasp.org/index.php/OWASP_Indonesia_Day_2017
The publication of the sponsor logo in the event site, in the agenda, on the handouts and in all the official communications with the attendees at the conference.
The possibility to distribute the company brochures, CDs or other materials to the participants during the event.

Gold Sponsorship: 10.000.000 IDR

Includes:

The possibility to have a promotional banner or sign side stage in the main auditorium (to be provided by the sponsor, size subject to approval by the OWASP ID Day Committee).
The publication of the sponsor logo in the event site, in the agenda, on the handouts and in all the official communications with the attendees at the conference.
The possibility to distribute the company brochures, CDs or other materials to the participants during the event.
Publication of the sponsor logo on the OWASP Jakarta Chapter page - Sponsor logo on the OWASP Jakarta site prior and during the OWASP Day event - https://www.owasp.org/index.php/Jakarta
Publication of the sponsor logo on the event web site - https://www.owasp.org/index.php/OWASP_Indonesia_Day_2017
Logo on banner and X event banner (Medium Size)

Platinum Sponsorship: 15.000.000 IDR
Includes:

The gold sponsorship
Individual article to social media OWASP (twitter, facebook, telegram)
Special 1 Article on OWASP Indonesia website
Logo on banner and X event banner (Large Size)
Exhibition space
30 minutes presentation during the kick off session + ppt presentation during coffee breaks

The following organizations are sponsors for this conference. If you are interested in sponsoring an OWASP conference, please contact OWASP at: ade.putra 'at' owasp.org or contact

Laura Grau
Kelly Santalucia

maps : https://goo.gl/23hjtP

Conference Committee

Ade Yoseman - Conference Chair
Ali Kaharu

Volunteer

Hilman Aditya
Fuad Zein

OWASP Staff Support

Laura Grau
Kelly Santalucia

Date: Saturday 09 September 2017
Time: 9:30am - 5:00pm
Cost:

The main conference is on Saturday 09th of September, and will have two streams in both the morning and the afternoon:

Conference agenda
Time	Title	Speaker	Description
8:30 - 9:00 (30 mins)	Registration
9:00 - 9:15 (15 mins)	Opening Speech by Conference Chair	Ade Yoseman Putra	Introduction to the OWASP Indonesia Day, Schedule for the Day
9:15 - 09:30 (15 mins)	Appointment of STMIK Akakom as OWASP ACADEMIC SUPPORTER	Sri Redjeki, S.Si,M.Kom
9:30 - 10:00 (30 mins)	Technical Support Manager of Rumahweb.com	Mr Yeni Setiawan	Cloud with a chance of security breach
10:00 - 10:45 (45 mins)	Software Security Assurance & DevSecOps Professional - Vantage Point Security Pte. Ltd Singapore	Suman Sourav (Keynote Speaker)	Application Security in DevOps Era
10:45 - 11:15 (30 mins)	CYBERQUOTE PTE LTD	Girindro Pringgo Digdo	Threat Modeling Using STRIDE
11:15 - 12:00 (45 mins)	PROJECT LEADER FOR THE OWASP MOBILE SECURITY	Sven Schleier	Fixing Mobile AppSec: The OWASP Mobile Project
12:15 - 12:45 (30 mins)	Q & A
12:45 - 13:45 (60 mins)	Lunch
13:45 - 14:15 (30 mins)	SECURITY RESEARCHER - CYBERMANTRA	Damara Putra Pratama , OSCP	Modern Lab Framework for Education Cyber Security
14:15 - 14:45 (30 mins)	SECURITY RESEARCHER - CYBERMANTRA	Bagus Prasetyo Budiono, OSCP	IOT Hacking
14:45 - 15:15 (30 mins)	Coffee break
15:15 - 15:45 (30 mins)	Technical Session	Dedy Hariyadi	Mobile Forensic using XRY
15:45 - 16:15 (30 mins)	Head Of Technology Kulina & CTO PT Asanka	Dyan Galih	Finding a unsecure end point API's using reverse engineering android technique
16:15 - 16:45 (30 mins)	Q & A
16:45 - 17:00 (15 mins)	Closing ceremony	Mc	Schedule for the Workshop 10 th

Date: Sunday 10 September 2017

Workshop
Time	Title	Trainers	Description
9:00 - 17:00	Mastering burp suite pro	Rheno Sulistyo, OSCP	Description: Burp Suite Pro is the leading tool for auditing web applications. This training will learn how to penetrate web app automated crawl and scan, manual testers etc Outcome: Intended Audience:Professional & Student Skill Level:Beginner and middle Requirements:burpsuite, Seats available: 30 (first-come, first served) [Registration link: REGISTER HERE
9:00 - 17:00	Introduction Digital Forensics	Achmad Syafaat	Description:discover computer forensic tools and techniques for e-Discovery, investigation and incident response Outcome: Intended Audience:Professional & Student Skill Level:Beginner Requirements: Seats available: 30 (first-come, first served) [Registration link: REGISTER HERE

Suman Sourav(Keynote Speaker)

Application Security in DevOps Era (PDF)

SOFTWARE SECURITY ASSURANCE & DEVSECOPS PROFESSIONAL - VANTAGE POINT SECURITY PTE. LTD SINGAPORE

Suman has more than a decade experience in designing secure-SDLC programs and is passionate about integrating security into the development lifecycle. He is skilled beyond existing static analysis tools and code review techniques and shaping the way the industry secures code in a Continuous Deployment world. He has worked with various financial and non-financial institutions to implement software security life-cycle and has strong experience of creating an organizational framework to break silos security culture in the organization and builds an unified approach to deal with the root cause of software security problems.

Sven Schleier
Fixing Mobile AppSec: The OWASP Mobile (PDF)

Project Sven is a Senior Security Consultant with Vantage Point Security and has over 6 years of hands-on experience in web and mobile application penetration testing, network penetration testing and source code review. He has published an article on HTML5 security, several security advisories and a white paper about the HTTP Strict Transport Security Header.

At the moment Sven is focusing on the OWASP Mobile Testing Guide (https://github.com/OWASP/owasp-mstg), by being one of the project leaders and top contributors and is the project leader of the OWASP Mobile Hacking Playground (https://github.com/OWASP/OMTG-Hacking-Playground). He is also part of the OWASP Mobile Application Security Verification Standard (https://github.com/OWASP/owasp-masvs).

Girindro Pringgo Digdo

Threat Modeling Using STRIDE(PDF)

CYBERQUOTE PTE LTD

Girindro Pringgo Digdo Is a person interested in security information. He did some research And help Institution / private company and government In conducting the assessment, Write, and give Recommendations on findings-Information security findings.

Current activity as Security Consultant at a Company in Singapore. In The weekend he took the time to teach the Student College in Information Security. In addition he is also active writing As well as being a resource person at a seminar entitled security information.

Damara Putra Pratama , OSCP - CyberMantra

IT Security Researcher in CyberMANTRA and currently help the ministry and Telecom Provider in Indonesia. I was certified as OSCP

Bagus Prasetyo Budiono, OSCP - CyberMantra
SECURITY RESEARCHER - CYBERMANTRA

IT Security Researcher in CyberMANTRA and currently help the ministry and Telecom Provider in Indonesia. I was certified as OSCP

Dyan Galih
Head Of Technology Kulina & CTO PT Asanka
PPT

Yeni Setiawan

Cloud with a chance of security breach(PDF)
RUMAHWEB INDONESIA
Web developer with years of experience in web technology, formerly system administrator and technical support representative. Interested in software automation, software-defined radio, and involved in localization of two major web browsers.

' Dedy Hariyadi
Researchers who are members of the Indonesia Digital Forensics Community aka FORKID. Obtained a master’s degree in Digital Forensics from the Universitas Islam Indonesia. Currently focusing more on the field of Mobile Forensics Research, one community shared work is a BBM forensic application called BBMPork.
PPT

Mastering burp suite pro

Rheno Sulistyo, OSCP

SECURITY RESEARCHER - CYBERMANTRA

Introduction Digital Forensics

Achmad Syafaat
Achmad Syafaat, working in Id-SIRTII/CC as a cyber security researcher in data mining, digital forensics and also managing cyber security training. As well as a lecturer at the Faculty of Computer Science University of Subang. He holds a master of computer science from Langlangbuana University. Experienced as cyber security analyst, security assessment, digital forensics, cyber defense, cyber security incident response, and cyber security trainer.
Introduction Digital Forensics(PDF)

Yogyakarta is a part of java island, yogyakarta is the main tour destination of the island of java in Indonesia. Yogyakarta ( sone people call it Yogya, jogja, Jogjakarta) is a city have many temples ( Prambanan temple, Borobudur temple, Boko Temple), Palace( Sultan's Palace), Beach( Parangtritis, Baron, Krakal, Kukup,Samas). Yogyakarta was centreof Mataram Dynasty (1575- 1640) and until now The Kraton ( Sultan's Palage) exist it's real function. Yogyakarta Torism detination such as, Prambanan temple, Borobudur temple like as picture on the top,Sultan Palace, Baron Beach, Parangtritis beach, Malioboro Street, Merapi Volcano Mountain, and Yogyakarta has Beautiful natural panorama, natural beaohes can be easily found to the south of Yogyakarta more detail