This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP Bucharest AppSec Conference 2018 Talks"
Oana Cornea (talk | contribs) (edit6) |
Oana Cornea (talk | contribs) |
||
| Line 31: | Line 31: | ||
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | [https://ro.linkedin.com/in/gabriel-pilat-3053229b Gabriel Pilat] | | style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | [https://ro.linkedin.com/in/gabriel-pilat-3053229b Gabriel Pilat] | ||
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="justify" colspan="0" |This presentation looks at how Vulnerability Management is generally performed (Scanning, Asset management, Reporting, TI etc. ), how it can be performed in the Amazon Cloud ( Deploy scanners, Use Integrated scanner, etc), the possibilities of automation Amazon offers and ways to integrate it with 3rd party tools such as Qualys. General AWS architecture, security services and benefits, inherited security flaws, issues and limitations encountered. | | style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="justify" colspan="0" |This presentation looks at how Vulnerability Management is generally performed (Scanning, Asset management, Reporting, TI etc. ), how it can be performed in the Amazon Cloud ( Deploy scanners, Use Integrated scanner, etc), the possibilities of automation Amazon offers and ways to integrate it with 3rd party tools such as Qualys. General AWS architecture, security services and benefits, inherited security flaws, issues and limitations encountered. | ||
| − | |||
|- | |- | ||
| style="width:10%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | 12:30 - 13:30 <br>(60 mins) | | style="width:10%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | 12:30 - 13:30 <br>(60 mins) | ||
Revision as of 20:24, 25 September 2018
Conference agenda, 26th of October | |||||
| Time | Title | Speaker | Description | ||
| 9:00 - 9:30 (30 mins) |
Registration and coffee break | ||||
| 9:30 - 9:45 (15 mins) |
Introduction | Oana Cornea | Introduction to the OWASP Bucharest Event, Schedule for the Day | ||
| 9:45 - 10.30 (45 mins) |
Tales of Practical Android Penetration Testing (Mobile Pentest Toolkit) | Alexander Subbotin | A vast number of open source tools and commercial products has been developed to support the security analysis of mobile apps. It has become a great challenge for a penetration tester to choose suitable or the best tools and the adequate pentest environment/distribution. And even when the test tools have been chosen, the problem remains that most of the tools only offer a CLI interface and that their usage can be very time consuming.
In order to automatize the setup of the test environment and the common processes during a mobile pentest, the author has developed the "Mobile Pentest Toolkit" (PMT). This toolkit takes over recurring and time consuming tasks for the tester. It has a standardized user interface for the usage of locally installed security tools (and installs them on demand). An example of use is: After the tester has modified the Smali code, the generation of a valid and signed APK file only takes a few moments. Aside from that, this talk illustrates techniques for dynamic analysis and tracking of changes within the app. The goal is to present the Mobile Pentest Toolkit to an interested audience and to publish it as an open source tool. | ||
| 10:45 - 11.30 (45 mins) |
OWASP Top 10 with .NET Core | Andrei Ignat | We will show OWASP Top 10 and how to counter them in .NET Core | ||
| 11:45 - 12.30 (45 mins) |
AWS VMS | Gabriel Pilat | This presentation looks at how Vulnerability Management is generally performed (Scanning, Asset management, Reporting, TI etc. ), how it can be performed in the Amazon Cloud ( Deploy scanners, Use Integrated scanner, etc), the possibilities of automation Amazon offers and ways to integrate it with 3rd party tools such as Qualys. General AWS architecture, security services and benefits, inherited security flaws, issues and limitations encountered. | ||
| 12:30 - 13:30 (60 mins) |
Lunch/Coffee Break | ||||
| 13:30 - 14:15 (45 mins) |
|||||
| 14:20 - 15:05 (45 mins) |
|||||
| 15:05 - 15:20 (15 mins) |
Coffee break | ||||
| 15:20 - 16:05 (45 mins) |
|||||
| 16:05 - 16:50 (45 mins) |
|||||
| 16:50 - 17:00 (15 mins) |
Closing ceremony | OWASP Bucharest team | CTF Prizes | ||
