This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP EEE Russia Event 2015 Agenda"
From OWASP
m |
|||
Line 23: | Line 23: | ||
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | [https://twitter.com/zackhimself Zakaria Rachid] <br> | | style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | [https://twitter.com/zackhimself Zakaria Rachid] <br> | ||
− | | style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="justify" colspan="0" | This talk is about | + | | style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="justify" colspan="0" | This talk is about the connected objects around us and how they lack security by design in some critical cases. I'll show some interesting attack vectors that allowed me to gain access to Kiosks, ATMs and other IoT devices. Modern attacks and defensive measures, including those from IATC, will be reviewed, too.<br> |
|- | |- | ||
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 15:40 - 16:00<br>(20 mins) | | style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 15:40 - 16:00<br>(20 mins) |
Latest revision as of 14:58, 25 September 2015
Conference agenda | |||||
Time | Title | Speaker | Description | ||
13:30 - 14:00 (30 mins) |
Registration | ||||
14:00 - 14:45 (45 mins) |
Building better product security: an engineering approach | Taras Ivaschenko | In modern internet company time to market is very important. The faster you release new features for users the better service you have. This is essential thing and we, as security people, need to follow business demands. In my talk I will cover several case studies about building Product security processes in engineering company. I will explain our approaches on how to be a bottle opener, not a bottleneck. | ||
14:50 - 15:35 (45 mins) |
Give me a stable input and I'll p0wn the planet |
Zakaria Rachid |
This talk is about the connected objects around us and how they lack security by design in some critical cases. I'll show some interesting attack vectors that allowed me to gain access to Kiosks, ATMs and other IoT devices. Modern attacks and defensive measures, including those from IATC, will be reviewed, too. | ||
15:40 - 16:00 (20 mins) |
Lunch/Coffee Break | ||||
16:00 - 16:45 (45 mins) |
Bugs -> max; time <= T | Omar Ganiev | The talk will cover some tips, tricks and tools for rapid web application security assessment (black and white box). They are useful in various situtations: pentest with very limited time or huge scope, competition, bugbounty program, etc. We'll go through minimal set of tests, that should be performed, and shortest paths to pwning the app. | ||
16:50 - 17:35 (45 mins) |
Mysql OOB injection. Can I surprise you? | Ivan Novikov | OOB - out-of-band technique for obtaining data by another band (data channel) than used to send payload. Currently known that only load_file() function can be used for this in MySQL case. But this method is based on UNC names and works only under Windows platforms. We tried to find other ways to obtain MySQL data by OOB. Of course this provides also SSRF attacks through SQL injections. |