This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP Romania InfoSec Conference 2013"

From OWASP
Jump to: navigation, search
 
(18 intermediate revisions by 2 users not shown)
Line 4: Line 4:
  
 
=Welcome=  
 
=Welcome=  
 
 
{| style="width: 100%;"
 
{| style="width: 100%;"
 
|-
 
|-
Line 10: Line 9:
 
{| style="border: 0px solid ; background: transparent none repeat scroll 0% 0%; width: 100%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;"
 
{| style="border: 0px solid ; background: transparent none repeat scroll 0% 0%; width: 100%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;"
 
|-
 
|-
| style="width: 95%; color: rgb(0, 0, 0);" |
+
| style="width: 95%; color: rgb(0, 0, 0);" |  
  
 
'''Owasp Romania InfoSec Conference 2013 - October 25th'''
 
'''Owasp Romania InfoSec Conference 2013 - October 25th'''
  
OWASP Romania is happy to announce the Call for Papers for OWASP Romania InfoSec Conference 2013 a one day Security and Hacking Conference. It will take place on 25th of October, 2013 - Bucharest, Romania. <br>
+
OWASP Romania team is happy to announce the '''OWASP Romania InfoSec Conference 2013''', a one day '''Security''' and '''Hacking Conference'''. It will take place on 25th of October, 2013 - Bucharest, Romania. <br>
 
The OWASP Romania InfoSec Conference objective is to raise awareness about application security, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.
 
The OWASP Romania InfoSec Conference objective is to raise awareness about application security, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.
  
Line 27: Line 26:
 
*Executives, Managers, and Staff Responsible for IT Security Governance  
 
*Executives, Managers, and Staff Responsible for IT Security Governance  
 
*IT Professionals Interesting in Improving IT Security
 
*IT Professionals Interesting in Improving IT Security
*Anyone interested in learning about or promoting Web Application Security<br>
+
*Anyone interested in learning about or promoting Web Application Security
<br>
+
 
 +
| style="width: 110px; font-size: 95%; color: rgb(0, 0, 0);" |
 +
|}
  
= Agenda =
+
| style="width: 110px; font-size: 95%; color: rgb(0, 0, 0);" |
 +
|}
 
{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="5"
 
{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="5"
 
|-
 
|-
| align="center" style="background:#4B0082;" colspan="2" | <span style="color:#ffffff">
+
| align="center" style="background:#CCCCEE;" colspan="2" |
'''CONFERENCE (Friday 25th of October)''' </span>
+
'''CONFERENCE (Friday 25th of October)'''  
 
|-
 
|-
 
|-
 
|-
Line 40: Line 42:
 
| style="width:80%" valign="middle"  bgcolor="#CCCCEE" align="center" colspan="0" | '''Location'''
 
| style="width:80%" valign="middle"  bgcolor="#CCCCEE" align="center" colspan="0" | '''Location'''
 
|-
 
|-
| valign="middle" bgcolor="#EEEEEE" align="center" | ''' Friday 25th of October '''
+
| valign="middle" bgcolor="#EEEEEE" align="center" | ''' Friday 25th of October<br>10:30 AM '''
| valign="middle" bgcolor="#EEEEEE" align="left" | '''Venue Location: University "Politehnica" of Bucharest<br>
+
| valign="middle" bgcolor="#EEEEEE" align="left" | '''Venue Location: University "Politehnica" of Bucharest, Rectorship Building, AN024 Hall'''<br>
 
Venue Address: Splaiul Independentei nr. 313, sector 6, Bucuresti,  ROMANIA; <br>
 
Venue Address: Splaiul Independentei nr. 313, sector 6, Bucuresti,  ROMANIA; <br>
Postal cod: RO-060042'''<br>
+
<!-- Postal cod: RO-060042<br>
Venue Map: [https://plus.google.com/101033585760098377632/about]  
+
Venue Map: [https://plus.google.com/101033585760098377632/about] -->
 
|-
 
|-
 
| align="center" style="background:#CCCCEE;" colspan="2" | '''Price and registration'''
 
| align="center" style="background:#CCCCEE;" colspan="2" | '''Price and registration'''
Line 50: Line 52:
 
| align="center" style="background:#EEEEEE;" colspan="2" | This event is '''FREE''', you need to register on the link provided below, print your ticket and present it at the entrance. <br>
 
| align="center" style="background:#EEEEEE;" colspan="2" | This event is '''FREE''', you need to register on the link provided below, print your ticket and present it at the entrance. <br>
 
  '''Limited number of seats! Register now!''' [https://owasp-romaniachapter-infosec.eventbrite.com/ https://owasp-romaniachapter-infosec.eventbrite.com/ ]
 
  '''Limited number of seats! Register now!''' [https://owasp-romaniachapter-infosec.eventbrite.com/ https://owasp-romaniachapter-infosec.eventbrite.com/ ]
 
 
|-
 
|-
| align="center" style="background:#CCCCEE;" colspan="2" | '''Event details'''
+
| align="center" style="background:#CCCCEE;" colspan="2" | '''How to get there'''
 
|-
 
|-
| align="left" style="background:#EEEEEE;" colspan="2" |  
+
| align="center" style="background:#EEEEEE;" colspan="2" | [[Image:Harta-an024.jpg|800px|]]
* The presentation slides will be in English
+
|
* The presentations will be held in Romanian, except the one of Mr. Martin Knobloch
 
* There will be a short Q&A session at the end of each presentation (please hold them until the presentation ends)
 
* A mid-day break will be available for speaking with the presenters and with each other
 
 
 
 
|}  
 
|}  
 
<br>
 
<br>
{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="4"
 
| style="width:100%" valign="middle" height="40" bgcolor="#CCCCEE" align="center" colspan="6" | '''Conference Details '''
 
|-
 
| style="width:10%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" |  '''Time'''
 
| style="width:25%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Title'''
 
| style="width:25%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Speaker'''
 
| style="width:40%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Description'''
 
|-
 
| style="width:10%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | 15 mins
 
| style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | Introduction & Welcome
 
| style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | Oana Cornea
 
| style="width:40%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | Introduction to OWASP & Bucharest Event, Schedule for the Day
 
|-
 
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 45 mins
 
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Secure Development LifeCycle<br>
 
(aka "The good the bad and the ugly implementations")
 
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Martin Knobloch
 
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Software development is not THAT new anymore, but it is still a fast changing work environment.<br>
 
We do develop more functionality faster, and the applications do even look more pretty!<br>
 
..but what about security? Guess what, it is not a developers first priority!<br>
 
This presentation is about how to implement secure development strategy without blaming and bashing on developers.
 
Instead of increasing the workload of the development-team  with more process overhead, (security) quality gates, etc
 
Lets help developer by implementing impalpable mechanism!
 
|-
 
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 45 mins
 
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Practical Defense with mod_security Web Application Firewall
 
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Marian Ventuneac
 
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Marian will introduce the mod_security Web Application Firewall (WAF). This session will be a practical demonstration of mitigating security risks for a sample vulnerable Web application.
 
|-
 
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 45 mins
 
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Scanning Romania with Nessus (web part)
 
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Adrian Furtuna
 
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | This talk presents the results of a passive vulnerability scan performed against all Romanian IP addresses, targeting all web servers listening on port 80. <br>
 
The research was performed against multiple network packet captures selected from the output of Carna botnet, which scanned Romania in July 2012.
 
|-
 
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 45 mins
 
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Reading the minds 
 
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Anatolie Prisacaru
 
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | In my presentation I will focus the analysis of how web browsers and extensions keep in memory.<br> I will start with a quick introduction on how to dump and analyse processes' random access memory maps on a Linux based operating system with basic tools and then run a quick code review to see a couple of weak points, find their Achilles' heel and finally prove why statements like "Your sensitive data is encrypted _locally_ before upload so even LastPass cannot get access to it" can be pretty misleading.
 
|-
 
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 45 mins
 
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Resolving 3 Common threats in MVC (A4 - Insecure Direct Object References , A3 - Cross-Site Scripting (XSS) , A8 - Cross-Site Request Forgery (CSRF) ) 
 
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Andrei Ignat
 
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Any website is confronted with hackers. The security measures are easy to follow - and this presentation shares to you this knowledge.
 
|-
 
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 45 mins
 
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Hacking the Wordpress ecosystem 
 
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Dan Catalin Vasile
 
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | This talk came from the personal need of securing multiple instances of Wordpress. An OWASP Project was initiated to gather the knowledge around this subject in one place.<br>
 
The presentation will address the following subjects:<br>
 
- securing the installation process<br>
 
- server side measures: backup, securing login, antivirus, regular scan, web firewall, monitoring, permissions, etc.<br>
 
- client side measures: personal devices security, password management, communication channels, etc.<br>
 
- hacking the infrastructure<br>
 
- hacking plugins
 
|-
 
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 45 mins
 
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | iOS applications risks and defenses 
 
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Oana Cornea
 
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | The presentation will highlight the main iOS applications attack vectors, techniques and tools to perform a pentest and mechanisms that can be implemented to reduce application vulnerabilities. These will be presented in connection with the Owasp top ten mobile risks and will show how to improve the security of mobile applications.
 
|-
 
|}
 
  
=Sponsors  =
+
=Agenda=
<!--
+
{{:OWASP_Romania_InfoSec_Conference_2013_Agenda}}
== Sponsorship==
+
 
 +
=Team=
 +
{{:OWASP_Romania_InfoSec_Conference_2013_Team}}
  
You could find all available sponsorship options for the conference clicking [here] -->
+
<headertabs />
<br>
 
{| cellspacing="10" border="0" valign="middle" align="center" style="background: none repeat scroll 0% 0%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous; color: white;"
 
|-
 
| &nbsp;
 
| <h2>Event Supporters</h2>
 
| &nbsp;
 
|-
 
| &nbsp;
 
| <h2>Educational Supporters</h2>
 
|
 
| &nbsp;
 
|-
 
| [[Image:UPBlogo.png|150px|link=http://www.upb.ro/en/]]
 
|
 
|}
 
=Questions=
 
  
*If you have any questions about this event, please send an email to [mailto:[email protected] Oana Cornea]
+
=Sponsors=
 +
{{:OWASP_Romania_InfoSec_Conference_2013_Sponsors}}

Latest revision as of 20:50, 10 October 2013


Logo-ro.jpg
OWASP Romania

InfoSec Conference

Owasp Romania InfoSec Conference 2013 - October 25th

OWASP Romania team is happy to announce the OWASP Romania InfoSec Conference 2013, a one day Security and Hacking Conference. It will take place on 25th of October, 2013 - Bucharest, Romania.
The OWASP Romania InfoSec Conference objective is to raise awareness about application security, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.

Who Should Attend?

  • Application Developers
  • Application Testers and Quality Assurance
  • Application Project Management and Staff
  • Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, Deputies, Associates and Staff
  • Chief Financial Officers, Auditors, and Staff Responsible for IT Security Oversight and Compliance
  • Security Managers and Staff
  • Executives, Managers, and Staff Responsible for IT Security Governance
  • IT Professionals Interesting in Improving IT Security
  • Anyone interested in learning about or promoting Web Application Security

CONFERENCE (Friday 25th of October)

Date Location
Friday 25th of October
10:30 AM 		Venue Location: University "Politehnica" of Bucharest, Rectorship Building, AN024 Hall

Venue Address: Splaiul Independentei nr. 313, sector 6, Bucuresti, ROMANIA;

Price and registration
This event is FREE, you need to register on the link provided below, print your ticket and present it at the entrance. 
Limited number of seats! Register now! https://owasp-romaniachapter-infosec.eventbrite.com/
How to get there
Harta-an024.jpg


Agenda

Time Title Speaker Description
10:30 - 11:00
(30 mins) 		Registration
11:00 - 11:15
(15 mins) 		Introduction & Welcome Oana Cornea Introduction to OWASP & Bucharest Event, Schedule for the Day
11:15 - 12:00
(45 mins) 		Secure Development LifeCycle

(aka "The good the bad and the ugly implementations") [1]

Martin Knobloch Software development is not THAT new anymore, but it is still a fast changing work environment.

We do develop more functionality faster, and the applications do even look more pretty!
But what about security? Guess what, it is not a developers first priority!
This presentation is about how to implement secure development strategy without blaming and bashing on developers. Instead of increasing the workload of the development-team with more process overhead, (security) quality gates, etc.
Lets help developer by implementing impalpable mechanism!

12:05 - 12:50
(45 mins) 		Practical Defense with mod_security Web Application Firewall [2] Marian Ventuneac Marian will introduce the mod_security Web Application Firewall (WAF). This session will be a practical demonstration of mitigating security risks for a sample vulnerable Web application.
12:55 - 13:40
(45 mins) 		Scanning Romania with Nessus (web part) [3] Adrian Furtuna This talk presents the results of a passive vulnerability scan performed against all Romanian IP addresses, targeting all web servers listening on port 80.

The research was performed against multiple network packet captures selected from the output of Carna botnet, which scanned Romania in July 2012.

13:40 - 14:30
(50 mins) 		Lunch/Coffee Break
14:30 - 15:15
(45 mins) 		Reading the minds [4] Anatolie Prisacaru In my presentation I will focus the analysis of what data web browsers, extensions and web servers keep in memory.
I will start with a quick introduction on how to dump and analyse processes' random access memory maps on a Linux based operating system with basic tools and then run a quick code review to see a couple of weak points, find their Achilles' heel and finally prove why statements like "Your sensitive data is encrypted _locally_ before upload so even LastPass cannot get access to it" can be pretty misleading.
15:20 - 16:05
(45 mins) 		Online Fraud and the part it plays in Cybercrime [5] Alexandru Doroftei The presentation will be about what is online fraud, what risks do companies face when they support e-commerce and the growing role fraud has in the cybercrime area. I will describe a few of the best practices against fraud, diving a little bit in the fraud industry numbers associated with fraud.
16:10 - 16:55
(45 mins) 		Hacking the Wordpress ecosystem [6] Dan Catalin Vasile This talk came from the personal need of securing multiple instances of Wordpress. An OWASP Project was initiated to gather the knowledge around this subject in one place.

The presentation will address the following subjects:
- securing the installation process
- server side measures: backup, securing login, antivirus, regular scan, web firewall, monitoring, permissions, etc.
- client side measures: personal devices security, password management, communication channels, etc.
- hacking the infrastructure
- hacking plugins

17:00 - 17:45
(45 mins) 		Resolving 3 Common threats in MVC (A4 - Insecure Direct Object References , A3 - Cross-Site Scripting (XSS) , A8 - Cross-Site Request Forgery (CSRF) ) [7] Andrei Ignat Any website is confronted with hackers. The security measures are easy to follow - and this presentation shares to you this knowledge.


  • Oana Cornea [8]
  • Ionel Chirita [9]
  • Dan Catalin Vasile [10]
  • Daniel Barbu [11]
  • Raluca Vasilache [12]
  • Ovidiu Diaconescu [13]
  • Cristian Pascariu [14]
  • Mihai Terzea [15]
  • Catalin Teodorescu [16]
  • Ivona Rustem [17]

Sponsors

     

Gold Sponsor

      
      Sigla ea alpha.jpg    
     

Event Lunch/Coffee Break sponsored by

      
      Lugera-logo.png    
     

Event Supporters

      
    Logo phpromania.png Defcamp logo.png Logo AGORA.jpg  
    LSE.jpg Sigla-facultateonline.JPG ARASEC.jpg
    Securitatea-Informatiilor.jpg SoftLead.png  
     

Educational Supporters

      
    UPBlogo.png SiglaFils.JPG  
Retrieved from "https://wiki.owasp.org/index.php?title=OWASP_Romania_InfoSec_Conference_2013&oldid=160195"