This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP Limerick Day 2013"
Line 121: | Line 121: | ||
|- | |- | ||
| 15:40 - 16:00 | | 15:40 - 16:00 | ||
− | | colspan="2" style="text-align: center;background: grey; color: white" | 'Tea/Coffee Break'' | + | | colspan="2" style="text-align: center;background: grey; color: white" | ''Tea/Coffee Break'' |
|- | |- | ||
− | | 16:00 - 16: | + | | 16:00 - 16:05 |
+ | | colspan="2" style="text-align: center;background: grey; color: white" | ''OWASP Limerick Chapter Raffle - Sponsored InfoSec Books and Gadgets'' | ||
|- | |- | ||
− | | 16:50 - 17:30 || [http://www.linkedin.com/in/angeloprado Angelo Prado]<br>Senior Manager, Product Security at Salesforce.com<br><br>[http://www.linkedin.com/in/yoelgluck Yoel Gluck]<br>Lead Product Security Engineer at Salesforce.com|| ''' SSL, gone in 30 seconds - a BREACH beyond CRIME ''' <br>In this hands-on talk, Angelo and Yoel will introduce new targeted techniques and research that allows an attacker to reliably retrieve encrypted secrets (session identifiers, CSRF tokens, OAuth tokens, email addresses, ViewState hidden fields, etc.) from an HTTPS channel. They will demonstrate this new browser vector is real and practical by executing a PoC against a major enterprise product in under 30 seconds. They will also describe the algorithm behind the attack, how the usage of basic statistical analysis can be applied to extract data from dynamic pages, as well as practical mitigations you can implement today. They will also describe the posture of different SaaS vendors vis-à-vis this attack while also presenting the BREACH tool. | + | | 16:05 - 16:50 || [http://www.linkedin.com/in/mventuneac Marian Ventuneac]<br> Security Architect at Genworth Financial|| ''' Social Enterprise Software: Risks & Countermeasures''' <br><br>Social enterprise is reshaping the way employees communicate, work and collaborate for increased productivity. Furthermore, it facilitates enhanced collaboration with partners and customers while building and strengthening business relationships. Relying on cloud-based ecosystems, hybrid or the classic on-premise solutions, adoption of social networks in the enterprise is on the rise. |
+ | <br> | ||
+ | With all these benefits for the business, it could be easy to overlook the security risks associated with an improperly planned adoption of social enterprise within a corporate. From exposure of confidential data and files, to the classic Cross-Site Scripting and Insecure Direct Object Reference issues, the lack of proper security controls could lead to serious data breaches. Unfortunately, social enterprise solutions are not immune to such risks. This presentation discusses various security vulnerabilities identified for representative social enterprise solutions (from Blogtronix, Salesforce, Tibco , Yammer, and Jive), while providing recommendations on effective risks mitigation when considering the adoption of a social enterprise solution. | ||
+ | |- | ||
+ | | 16:50 - 17:30 || [http://www.linkedin.com/in/angeloprado Angelo Prado]<br>Senior Manager, Product Security at Salesforce.com<br><br>[http://www.linkedin.com/in/yoelgluck Yoel Gluck]<br>Lead Product Security Engineer at Salesforce.com|| ''' SSL, gone in 30 seconds - a BREACH beyond CRIME ''' <br><br>In this hands-on talk, Angelo and Yoel will introduce new targeted techniques and research that allows an attacker to reliably retrieve encrypted secrets (session identifiers, CSRF tokens, OAuth tokens, email addresses, ViewState hidden fields, etc.) from an HTTPS channel. They will demonstrate this new browser vector is real and practical by executing a PoC against a major enterprise product in under 30 seconds. They will also describe the algorithm behind the attack, how the usage of basic statistical analysis can be applied to extract data from dynamic pages, as well as practical mitigations you can implement today. They will also describe the posture of different SaaS vendors vis-à-vis this attack while also presenting the BREACH tool. | ||
|} | |} | ||
Revision as of 19:19, 28 October 2013
Welcome to OWASP Limerick Day 2013
OWASP Limerick Day 2013 is a one day Security conference taking place on October 31st in Limerick, Ireland.
This major InfoSec event will bring together IT professionals and Security Researchers to discuss relevant topics related to Application Security.
Everyone is free to participate in OWASP. All OWASP materials are available under a free and open software license.
Conference day is free! - registration required
For ISACA and (ISC)² members: This event qualifies for free CPE credits/hours.
Who Should Attend?
- Application Developers
- Application Testers and Quality Assurance
- Application Project Management and Staff
- Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, Deputies, Associates and Staff
- Chief Financial Officers, Auditors, and Staff Responsible for IT Security Oversight and Compliance
- Security Managers and Staff
- Executives, Managers, and Staff Responsible for IT Security Governance
- IT Professionals
- Students
- Security Researchers
- Anyone with an interest on Application Security
Donate to OWASP Limerick
Conference Day, October 31st - Registration now open
- Conference is free!
To support the OWASP organisation, consider to become a member, it's only US$50!
Check out the Membership page to find out more.
Venue: Limerick Institute of Technology
Moylish Park
Limerick
Conference room: 4A01
Parking & roadmap: TBD
Conference Day, October 31st
Location
Conference room: 4A01
(for details, check the Venue tab)
Agenda
Time | Speaker | Topic |
---|---|---|
08:30 - 09:00 | Registration | |
09:00 - 09:20 | OWASP Limerick Organization | Welcome & OWASP Update |
09:20 - 10:10 | Gerard Joyce Director of Enterprise Risk Management at LinkResQ |
Managing Risks: An ISO 31000 Approach In November 2009 ISO published the definitive guide to best practice in the management of risks: the ISO 31000 risk management standard. ISO 31000 can be applied to any business and any activity. In this presentation Gerard Joyce will demonstrate how it can be applied in software development. |
10:10 - 11:00 | Oana Cornea Security Analyst at Electronic Arts |
iOS Penetration Testing Cheat Sheet This presentation will highlight the main iOS applications attack vectors, techniques and tools to perform a pentest and mechanisms that can be implemented to reduce application vulnerabilities. These will be presented in connection with the OWASP Top Ten Mobile Risks and will provide practical guidance on how to improve the security of mobile applications. |
11:00 - 11:20 | Tea/Coffee Break | |
11:20 - 12:10 | Patrick Fitzgerald Security Consultant at Ward Solutions |
Introduction to Metasploit |
12:10 - 13:00 | Simon Bennetts Security Automation Engineer at Mozilla |
OWASP ZAP - whats even newer The Zed Attack Proxy is one of the most popular OWASP projects, and has an enthusiastic developer community which encourages participation. There are many new developments in progress that will provide functionality currently unavailable in other security tools. In this session Simon will give a quick introduction for newcomers to ZAP, and then dive into the latest changes. |
13:00 - 14:00 | Lunch Break | |
14:00 - 14:50 | Ahmed Neil Database Administrator at Mansoura University |
Digital Forensics: What, Why and How |
14:50 - 15:40 | Mark Goodwin Security Engineer at Mozilla |
An Introduction to Firefox OS Security A look at Firefox OS, Mozilla's new mobile operating system, the proposed Open Web Applications standard and what these new technologies mean for application security specialists. |
15:40 - 16:00 | Tea/Coffee Break | |
16:00 - 16:05 | OWASP Limerick Chapter Raffle - Sponsored InfoSec Books and Gadgets | |
16:05 - 16:50 | Marian Ventuneac Security Architect at Genworth Financial |
Social Enterprise Software: Risks & Countermeasures Social enterprise is reshaping the way employees communicate, work and collaborate for increased productivity. Furthermore, it facilitates enhanced collaboration with partners and customers while building and strengthening business relationships. Relying on cloud-based ecosystems, hybrid or the classic on-premise solutions, adoption of social networks in the enterprise is on the rise.
|
16:50 - 17:30 | Angelo Prado Senior Manager, Product Security at Salesforce.com Yoel Gluck Lead Product Security Engineer at Salesforce.com |
SSL, gone in 30 seconds - a BREACH beyond CRIME In this hands-on talk, Angelo and Yoel will introduce new targeted techniques and research that allows an attacker to reliably retrieve encrypted secrets (session identifiers, CSRF tokens, OAuth tokens, email addresses, ViewState hidden fields, etc.) from an HTTPS channel. They will demonstrate this new browser vector is real and practical by executing a PoC against a major enterprise product in under 30 seconds. They will also describe the algorithm behind the attack, how the usage of basic statistical analysis can be applied to extract data from dynamic pages, as well as practical mitigations you can implement today. They will also describe the posture of different SaaS vendors vis-à-vis this attack while also presenting the BREACH tool. |
Event Sponsors
- Genworth Financial
- Limerick Institute of Technology
- Ward Solutions
- LinkResQ
Sponsorship opportunities are available [1]
Become a sponsor of OWASP Ireland Limerick Chapter
Promotion
Feel free to use the text below to promote our event!
We invite you to our next OWASP event: the Limerick OWASP Day 2013!
Free your agenda on October 31st, 2013.
Please register early as places are limited (first registered, first served).
Made possible by our Sponsors
[...] [...]