This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "AppSecRiodelaPlata"

From OWASP
Jump to: navigation, search
(Trainings)
m (2015 AppSec Rio de la Plata Conference Volunteer Team)
 
(6 intermediate revisions by 2 users not shown)
Line 29: Line 29:
 
<br>
 
<br>
  
= Trainings =
+
= Keynotes  =
 +
 
 +
 
 +
 
 +
 
 +
 
 +
 
 +
== Jacobo Tibaquirá  ==
 +
 
 +
{| style="background-color: transparent"
 +
|-
 +
! width="200" align="center" | <br>
 +
! width="1000" align="center" | <br>
 +
|-
 +
| align="center" |
 +
| align="justify" | '''Attacking the Attackers''': In this talk, Jacobo Tibaquirá , who is part of DragonJar, will discuss the results of his investigation on countermeasures that can be used if a system administrator detects an attacker on his network.
 +
 
 +
Jacobo Tibaquirá from DragonJar will be teaching the workshop "From 0 to Ninja with Metasploit" Metasploit is the most widely used Framework for Information Security Experts around the world.
 +
 
 +
 
 +
|}
 +
<br>
 +
 
 +
== Cristian Borghello  ==
 +
 
 +
{| style="background-color: transparent"
 +
|-
 +
! width="200" align="center" | <br>
 +
! width="1000" align="center" | <br>
 +
|-
 +
| align="center" |
 +
| align="justify" | '''We all are Ashley Madison'''. In this talk, Cristian Borghello will present 2 cases where code review and the security consultant role are so critical and important. Which is the security consultant role? How can we motivate the team and show them that secure programming is possible? How can we prevent the same errors once and again?
 +
 
 +
 
 +
Cristian Borghello has been involved in computer security for more than 15 years, working on vulnerability research, pentesting, source code review and development. He is the CEO of Segu-Info [http://www.segu-info.com.ar|www.segu-info.com.ar]
 +
 
 +
|}
 +
 
 +
 
 +
= Speakers  =
 +
 
 +
= Keynotes =
 
<font size=2pt>
 
<font size=2pt>
 +
==Jacobo Tibaquirá==
 +
{| style="background-color: transparent"
 +
|-
 +
! width="200" align="center" | <br>
 +
! width="1000" align="center" | <br>
 +
|-
 +
| align="center" | [[Image:Jacobo Tibaquira.jpg|100px]]
 +
| align="justify" | '''Attacking the Attackers''' In this talk, Jacobo Tibaquirá will discuss the results of his investigation on countermeasures that can be used if a system administrator detects an attacker on his network.
  
  
The trainings will be held on November 1st December, 2015 and will run from 8:30 AM to 5:30 PM each day.
+
|}
 +
<br>
  
 +
==Cristian Borghello==
 +
{| style="background-color: transparent"
 +
|-
 +
! width="200" align="center" | <br>
 +
! width="1000" align="center" | <br>
 +
|-
 +
| align="center" | [[Image:Cristian-borghello-P.jpg|100px]]
 +
| align="justify" | '''We all are Ashley Madison'''.  In this talk, Cristian Borghello will present 2 cases where code review and the security consultant role are so critical and important. Which is the security consultant role? How can we motivate the team and show them that secure programming is possible? How can we prevent the same errors once and again? Cristian F. Borghello, holds a degree in Information System,
 +
developer, Certified Information Systems Security Professional (CISSP)
 +
and Microsoft Security MVP (Most Valuable Professional).
  
AppSec Rio de la Plata 2015 will be held in downtown Montevideo, Uruguay at the [http://www.antel.com.uy/antel/institucional/nuestra-empresa/complejo-torre Antel National Telco Company]. Directions are available through: [https://maps.google.com/maps?q=Auditorio+Torre+de+las+Telecomunicaciones,+Guatemala+1075,+Montevideo+11800,+Uruguay&hl=es-419&ll=-34.899448,-56.179104&spn=0.098412,0.181789&geocode=FaOW6_0dt4qm_A&hnear=Auditorio+Torre+de+las+Telecomunicaciones,+Guatemala+1075,+Montevideo+11800,+Uruguay&t=m&z=13 Google Maps]
+
 
 +
Currently Director of Segu-Info and independent consultant in
 +
Information Security. He writes for various specialized media and
 +
research independently on Computer Security and Information. Interest
 +
in Computer Security and its research has led him to keep this site:
 +
http://www.segu-info.com.ar/
 +
Cristian is member of OWASP (Open Web Application Security Project)
 +
Buenos Aires Chapter, ISSA (Information Systems Security Association),
 +
CSA (Cloud Security Alliance) Argentina Chapter and ISC2 Argentina
 +
Chapter.
 +
 
 +
|}
 
<br>
 
<br>
 +
 
<br>
 
<br>
  
The conference training and talks will be held in the conference auditorium and interactive room, which are adjacent to the Antel Tower.
 
<br><br>
 
  
 +
== Talks ==
 +
 +
Ricardo Supo (PERU)OWASP Peru Chapter Leader
 +
 +
"Hacking Windows Networks" is that easy when Ricardo is in place! Hacking techniques plus Domainator tool!
 +
 +
Mateo Martinez (URUGUAY)OWASP Uruguay
 +
'''SQL Injection Deep Dive''' Welcome to a Deep Dive on SQL Injection. A full tour across the most used SQL Injection Techniques.
 +
 +
Fabio Cerullo (IRLANDA)OWASP Board Member
 +
 +
'''Desarrollo Rápido y Seguro de Aplicaciones. ¿Es posible tener las dos cosas?'''
 +
 +
Josué Rojas Silva (PERU)amn3s1a
 +
 +
'''Browser hijacking 4 fun n profit''' Will present Hooking Techniques for Web Browser Control
 +
 +
Sheila Ayelen Berta (ARGENTINA)semecayounexploit.com
 +
 +
'''Threat Not Found''' is a great presentation about how can be possible to evade Antivirus.
 +
 +
Elvin Mollinedo (BOLIVIA)OWASP Bolivia Chapter Leader
 +
 +
"Creating Fake GSM Radio Bases with BTS Attacks"will be one of the more trendy and interesting talk about fake cells!.
 +
 +
Matias Katz (ARGENTINA)MKIT
 +
'''Social Engineering Attacks with Non-Verbal language''' Software have bugs... humans too!
 +
Cristian Amicelli (ARGENTINA)MKIT
 +
 +
'''NLTK Syntax Analysis''' Cristian will show his research about Natural Language Toolkit
 +
 +
Martin Tartarelli (ARGENTINA)OWASP Argentina Chapter
 +
'''Web Apps Continuos Scanning''' Research about Continuos Scanning
 +
 +
Mauro Flores (URUGUAY)OWASP Uruguay
 +
 +
'''Cloud Security'''
 +
Javier Antunez (ARGENTINA)Porto y Asociados
 +
 +
'''SSL & TLS .. a long horror story'''
 +
Diego Bruno (ARGENTINA)Blackmantis Security
 +
 +
'''TBD'''
 +
Gustavo Nicolas Ogawa (ARGENTINA)Argentina
 +
 +
'''Facebook Hacking Tool'''
 +
 +
= Trainings  =
 +
<font size=2pt>
 +
 +
We have 3 Awesome Trainings for you!
  
 
== Training 1: From 0 to Ninja on Metasploit==
 
== Training 1: From 0 to Ninja on Metasploit==
Line 58: Line 179:
 
Training Audience: Technical<br>
 
Training Audience: Technical<br>
 
Required Skill Level: Intermediate<br>
 
Required Skill Level: Intermediate<br>
 +
 +
 +
== Training 2: Introduction to Web Apps Security ==
 +
'''Instructor:''' Fabio Cerullo
 +
 +
Fabio is an OWASP Board Member and he will be teaching the workshop "Web Applications Security Introduction" with a both teorical and technical approach to the OWASP Top 10 Risks including SQL Injection, XSS, Broken Auth and Session Management, XSRF, etc.
 +
 +
===Course Language===
 +
'''The course will be delivered in SPANISH (español)''' with simultaneous translation in English (if necessary).
 +
 +
Training Audience: Technical<br>
 +
Required Skill Level: Initial<br>
 +
 +
 +
== Training 3: "Practical Applied Cryptography" ==
 +
'''Instructor:''' Javier Antunez
 +
 +
===Course Language===
 +
'''The course will be delivered in SPANISH (español)''' with simultaneous translation in English (if necessary).
 +
 +
Training Audience: Technical<br>
 +
Required Skill Level: Initial<br>
  
 
= Venue  =
 
= Venue  =
Line 94: Line 237:
 
'''Access to conference:'''
 
'''Access to conference:'''
  
*Before September 30th 100 USD
+
*General Access   200 USD
*Before October 31th   200 USD
 
*After November 1st    300 USD
 
  
 
-- Discounts --
 
-- Discounts --
Line 205: Line 346:
 
* Felipe Zipitria
 
* Felipe Zipitria
 
* Mauricio Papaleo
 
* Mauricio Papaleo
* Alberto Hill
+
* [[user:Alberto_Daniel_Hill|Hill,Alberto]]
 
* Maximiliano Alonzo
 
* Maximiliano Alonzo
 
* Rodrigo Martinez
 
* Rodrigo Martinez
Line 212: Line 353:
 
* Martin Tartarelli
 
* Martin Tartarelli
 
* Mario Garcia
 
* Mario Garcia
 
 
  
 
=Archives=
 
=Archives=

Latest revision as of 06:40, 6 July 2017

OWASP Project Header.jpg

Para sumarse a la lista de correo de OWASP Uruguay, registrarse aquí: Lista de correo OWASP Uruguay


REGISTRATION HERE! ---


We are pleased to announce that the OWASP Uruguay chapter will host the OWASP AppSec Rio de la Plata 2015 conference in Montevideo, Uruguay at ANTEL National Telco Company. The event will be composed of 2 days of training (November 31- December 1st), followed by 2 days of conference talks (December 2-3).


The AppSec Rio de la Plata 2015 Conference will be a reunion of Information Security latin american leaders, and will present cutting-edge ideas. OWASP events attract a worldwide audience interested in “what’s next”. The conference is expected to draw 300-400 technologists from Government, Financial Services, Media, Pharmaceuticals, Healthcare, Technology, and many other verticals.

About our Call for Papers:

- Submissions until October 8th, 2015.
- Accepted Proposals on October 9th, 2015.
- But, if you have a great one, send it at anytime! :)   CALL FOR PAPERS SUBMIT'



Jacobo Tibaquirá



Attacking the Attackers: In this talk, Jacobo Tibaquirá , who is part of DragonJar, will discuss the results of his investigation on countermeasures that can be used if a system administrator detects an attacker on his network.

Jacobo Tibaquirá from DragonJar will be teaching the workshop "From 0 to Ninja with Metasploit" Metasploit is the most widely used Framework for Information Security Experts around the world.



Cristian Borghello



We all are Ashley Madison. In this talk, Cristian Borghello will present 2 cases where code review and the security consultant role are so critical and important. Which is the security consultant role? How can we motivate the team and show them that secure programming is possible? How can we prevent the same errors once and again?


Cristian Borghello has been involved in computer security for more than 15 years, working on vulnerability research, pentesting, source code review and development. He is the CEO of Segu-Info [1]


Jacobo Tibaquirá



100px Attacking the Attackers In this talk, Jacobo Tibaquirá will discuss the results of his investigation on countermeasures that can be used if a system administrator detects an attacker on his network.



Cristian Borghello



Cristian-borghello-P.jpg We all are Ashley Madison. In this talk, Cristian Borghello will present 2 cases where code review and the security consultant role are so critical and important. Which is the security consultant role? How can we motivate the team and show them that secure programming is possible? How can we prevent the same errors once and again? Cristian F. Borghello, holds a degree in Information System,

developer, Certified Information Systems Security Professional (CISSP) and Microsoft Security MVP (Most Valuable Professional).


Currently Director of Segu-Info and independent consultant in Information Security. He writes for various specialized media and research independently on Computer Security and Information. Interest in Computer Security and its research has led him to keep this site: http://www.segu-info.com.ar/ Cristian is member of OWASP (Open Web Application Security Project) Buenos Aires Chapter, ISSA (Information Systems Security Association), CSA (Cloud Security Alliance) Argentina Chapter and ISC2 Argentina Chapter.




Talks

Ricardo Supo (PERU)OWASP Peru Chapter Leader

"Hacking Windows Networks" is that easy when Ricardo is in place! Hacking techniques plus Domainator tool!

Mateo Martinez (URUGUAY)OWASP Uruguay SQL Injection Deep Dive Welcome to a Deep Dive on SQL Injection. A full tour across the most used SQL Injection Techniques.

Fabio Cerullo (IRLANDA)OWASP Board Member

Desarrollo Rápido y Seguro de Aplicaciones. ¿Es posible tener las dos cosas?

Josué Rojas Silva (PERU)amn3s1a

Browser hijacking 4 fun n profit Will present Hooking Techniques for Web Browser Control

Sheila Ayelen Berta (ARGENTINA)semecayounexploit.com

Threat Not Found is a great presentation about how can be possible to evade Antivirus.

Elvin Mollinedo (BOLIVIA)OWASP Bolivia Chapter Leader

"Creating Fake GSM Radio Bases with BTS Attacks"will be one of the more trendy and interesting talk about fake cells!.

Matias Katz (ARGENTINA)MKIT Social Engineering Attacks with Non-Verbal language Software have bugs... humans too! Cristian Amicelli (ARGENTINA)MKIT

NLTK Syntax Analysis Cristian will show his research about Natural Language Toolkit

Martin Tartarelli (ARGENTINA)OWASP Argentina Chapter Web Apps Continuos Scanning Research about Continuos Scanning

Mauro Flores (URUGUAY)OWASP Uruguay

Cloud Security Javier Antunez (ARGENTINA)Porto y Asociados

SSL & TLS .. a long horror story Diego Bruno (ARGENTINA)Blackmantis Security

TBD Gustavo Nicolas Ogawa (ARGENTINA)Argentina

Facebook Hacking Tool

We have 3 Awesome Trainings for you!

Training 1: From 0 to Ninja on Metasploit

Instructor: Jacobo Tibaquirá

Jacobo Tibaquirá from DragonJar will be teaching the workshop "From 0 to Ninja with Metasploit" Metasploit is the most widely used Framework for Information Security Experts around the world. Who do not master this tool is losing a great resource that is freely available to make our work as Ethical Hackers or pentesters. In this course "From 0 to Ninja with Metasploit" you can shorten the learning curve tool, thanks to the transmission of knowledge and experience of the teachers you'll make the best of Metasploit from a level 0 / Novice to Ninja / Advanced

Course Language

The course will be delivered in SPANISH (español) with simultaneous translation in English (if necessary).

Course Overview

Training Audience: Technical
Required Skill Level: Intermediate


Training 2: Introduction to Web Apps Security

Instructor: Fabio Cerullo

Fabio is an OWASP Board Member and he will be teaching the workshop "Web Applications Security Introduction" with a both teorical and technical approach to the OWASP Top 10 Risks including SQL Injection, XSS, Broken Auth and Session Management, XSRF, etc.

Course Language

The course will be delivered in SPANISH (español) with simultaneous translation in English (if necessary).

Training Audience: Technical
Required Skill Level: Initial


Training 3: "Practical Applied Cryptography"

Instructor: Javier Antunez

Course Language

The course will be delivered in SPANISH (español) with simultaneous translation in English (if necessary).

Training Audience: Technical
Required Skill Level: Initial

AppSec Rio de la Plata 2015 will be held in downtown Montevideo, Uruguay at the Antel National Telco Company. Directions are available through: Google Maps

The conference training and talks will be held in the conference auditorium and interactive room, which are adjacent to the Antel Tower.

Antel Tower:

Antel National Telco Building.jpg


Antel Telco Auditorium (left) and Auditorium main entrance (right):

Antel Telco Venue Auditorium.jpg Antel Telco Main Entrance to Auditorium.jpg


-- Inside the Auditorium (left) and Interactive Room (right):

Antel Telco Auditorium 02.jpg Antel Telco Interactive Room 02.jpg]

Online Registration

Registration is now open!

Conference Fees

Access to conference:

  • General Access 200 USD

-- Discounts --

  • OWASP Members 50.00 USD
  • Students: 75.00 USD Note: student ID or other proof of current student status is required

Trainings

  • 1-Day 500.00 USD
  • 2 Days 800.00 USD

We are looking for sponsors for 2015 edition of AppSec Rio de la Plata


If you are interested to sponsor AppSec Rio de la Plata 2015, please contact [[email protected] Kelly Santalucia]


To find out more about the different sponsorship opportunities please check the document below:
OWASP AppSec Rio de la Plata Sonsorship Options - English

Accommodation

We've been able to arrange for accommodation with the Four Points Sheraton Hotel for attendees. These rooms have been allocated at a special rate, and available strictly for a limited time. To book these rooms at the special rate, you need to use the booking link shown below. These rooms are available one night either side of the event ensuring that if you are travelling interstate or international it's easy to find a room at a good rate. The room rate allocated for the event is $169/USD per night and includes breakfast.


Note: Conference events will primarily be held at the Antel National Telco Company. We will have a few events held at this hotel and are arranging for transportation between the Sheraton and Antel building.


Four Points Sheraton Montevideo
Ejido 1275
Montevideo 11100
Uruguay
Phone: (598)(2) 9017000
Fax: (598)(2) 9032247
Email: [email protected]


To make your reservation, visit: https://www.starwoodmeeting.com/StarGroupsWeb/res?id=1209182075&key=76379


Directions to/from in English

Directions to/from in English


Need more assistance booking your travel?

For assistance with any of the items below, feel free to utilize OWASP's preferred travel agency:
Segale Travel Service contact information is: +1-800-841-2276
Sr. Travel Consultants:
Maria Martinez...ext 524
Linn Vander Molen...ext 520




Four Points Sheraton Montevideo
Ejido 1275
Montevideo 11100
Uruguay
Phone: (598)(2) 9017000


About the Workshop

We plan to start with a 1.5 hour session including an overview of the chapter handbook. This session will be video taped and available for chapter leaders to use in their local chapters (or to be viewed by those unable to attend). The second part of the workshop will be a roundtable discussion on regional issues and challenges, with a goal of working together to create solutions. If you are interested in participating in either of these workshops, please register for the conference and select this workshop, please register for the Conference and select the optional session "chapter leaders workshop" as part of the registration process. Remember that conference attendance is free for current chapter and project leaders.


Info about last year's workshop: Meeting Minutes from Latin America Chapters Workshop 2011


Sponsorship to Attend the Chapters Workshop

If you need financial assistance to attend the Chapter Leader Workshops please submit a request to via the Contact Us Form http://owasp4.owasp.org/contactus.html by the application deadline for each of the events.

Additional Information for Applicants:

  • Priority of sponsorships will be given to those not covered by a sponsorship to attend a previous workshop. Additionally, we are looking for new or struggling chapter leaders who need assistance kick starting their chapter.
  • When you apply for funding, please let us know *why we should sponsor you*. While we prefer that chapter leaders use their own chapter's funds before requesting a sponsorship, this is not a requirement for application.
  • If your chapter has fund but will not be using them to sponsor your attendance, please include why you will not be using the funds for this purpose (i.e. what are the other plans for those funds?).


Questions?

If any questions, please contact us at: http://owasp4.owasp.org/contactus.html


2015 AppSec Rio de la Plata Conference Volunteer Team

  • Mateo Martinez
  • Mauro Flores
  • Felipe Zipitria
  • Mauricio Papaleo
  • Hill,Alberto
  • Maximiliano Alonzo
  • Rodrigo Martinez
  • Guillermo Skrilec
  • Gerardo Canedo
  • Martin Tartarelli
  • Mario Garcia

Training Instructor Agreement

By submitting your training proposal through our CFT, you are consenting to stay within the guidelines of the Training Instructor Agreement. We will ask you to sign and complete the Agreement and email it back to us if your talk is selected and you accept.


Training Instuctor Agreement


Speaker Agreement

By submitting your proposal for a talk/paper through our CFP, you are consenting to stay within the guidelines of the speaker agreement: https://www.owasp.org/index.php/Speaker_Agreement