This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

OWASP Bucharest AppSec Conference 2017 Agenda Talks

From OWASP
Revision as of 05:46, 9 August 2017 by Oana Cornea (talk | contribs)

Jump to: navigation, search

Conference agenda

Time Title Speaker Description
8:30 - 9:00
(30 mins) 		Registration and coffee break
9:00 - 9:15
(15 mins) 		Introduction Oana Cornea Introduction to the OWASP Bucharest Event, Schedule for the Day
9:15 - 10:00
(45 mins) 		Automation of Application Security Testing Lucian Corlan This presentation aims to provide a way into achieving application security testing automation (with SAST, DAST and other tools) within a development pipeline. In this talk you will experience an approach to using ThreadFix and its "Policies" feature to determine the security exposure of a build/release and to output the result back into the continuous integration and delivery pipelines for quick and reliable decision making.
10:00 - 10:45
(45 mins) 		OWASP Juice Shop: The most trustworthy online shop out there Bjoern Kimminich OWASP Juice Shop is an intentionally insecure webapp for security trainings written entirely in Javascript which encompasses the entire OWASP Top Ten and other severe security flaws.

In this talk you will learn all about the project and its capabilities. You will...

  • join a "happy shopper round tour"
  • enjoy a hacking demo of some of the 43+ challenges
  • get an insight into the underlying application architecture
  • witness how to customize Juice Shop into a security awareness booster
  • learn how to set up a CTF event with Juice Shop for extra fun during trainings

https://www.owasp.org/index.php/OWASP_Juice_Shop_Project

11:00 - 11:40
(40 mins) 		N different strategies to automate OWASP ZAP Marudhamaran Gunasekaran (Maran) In this talk we will explore the many different ways of automating security testing with the OWASP Zed Attack Proxy and how it ties to an overall Software Security Initiative. Over the years, ZAP has made many advancements to its powerful APIs and introduced scripts to make security automation consumable for mortals. This talk is structured to demonstrate how ZAP's API, and scripts could be integrated with Automated Testing frameworks beyond selenium, Continuous Integration and Continuous Delivery Pipelines beyond Jenkins, scanning authenticated parts of the application, options to manage the discovered vulnerabilities and so on with real world case studies and implementation challenges.

This is a demonstration oriented talk that explains OWASP ZAP automation strategies for Security Testing by example.

11:50 - 12:30
(40 mins) 		Women in AppSec Panel

WiA 400x400.jpg Panel discussion. Guests and agenda will be announced here at a later date.
      Stay tuned for updates!

12:30 - 13:30
(60 mins) 		Lunch/Coffee Break
13:30 - 14:15
(45 mins) 		Security champions: Opera experience Alexander Antukh Security champions is an interesting concept of scaling security in multi-team companies. During this presentation I'll share experience of building a team of champions, challenges we had to overcome, and metrics to evaluate the efficiency of the model. As a bonus, security champion playbook will be introduced to the audience.
14:15 - 15:00
(45 mins)
15:00 - 15:15
(15 mins) 		Coffee break
15:15 - 16:00
(45 mins)
16:00 - 16:45
(45 mins)
16:45 - 17:00
(15 mins) 		Closing ceremony OWASP Bucharest team CTF Prizes
Retrieved from "https://wiki.owasp.org/index.php?title=OWASP_Bucharest_AppSec_Conference_2017_Agenda_Talks&oldid=232110"