This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
OWASP Romania InfoSec Conference 2014 Agenda
From OWASP
Revision as of 13:18, 2 November 2014 by Oana Cornea (talk | contribs)
Agenda | |||||
| Time | Title | Speaker | Description | ||
| 10:00 - 10:30 (30 mins) |
Registration | ||||
| 10:30 - 10:45 (15 mins) |
Introduction & Welcome | Oana Cornea | Introduction to OWASP & Bucharest Event, Schedule for the Day | ||
| 10:45 - 11:30 (45 mins) |
Keynote |
Andrzej Klesnicki | We tend to blame developers for every problem we have with web applications, is it really the case? Nevertheless who is responsible, what if we just do not have security emended in our process. How to deal with security when deployment days is close. Are we doomed or there is still something that we can do? This speech will look for those answers. | ||
| 11:50 - 12:35 (45 mins) |
OWASP O2 Platform : Automating Security Consultant's Knowledge/Workflows and Allowing non-security experts to access and consume Security Knowledge | Dinis Cruz | This presentation will show how to use the multiple O2 Platform tools and coding environments to perform multiple types of Application security analysis (from black-box browser-automation, to static-analysis code-reviews). A key part of the O2 Platform are the FluentSharp APIs which will be used for the demos (like the interactive creation of a custom Application security tool, which is then packaged as an stand-alone executable/cli-tool) | ||
| 12:55 - 13:40 (45 mins) |
OWASP WordPress Security Checklist | Dan Catalin Vasile | In last year presentation I focused on breaking the WordPress ecosystem. Meanwhile I finished the OWASP project related to the security checklist every administrator should follow when implementing WordPress. It was an effort of gathering information from various sources and personal experience and setting a security baseline for WordPress. Furthermore, I also focused on the implementation of WordPress in corporate environments with general advises (which applies in general to the adoption of open source software by the business) and specific actions like central management and integration with Active Directory. | ||
| 13:40 - 14:30 (50 mins) |
Lunch/Coffee Break | ||||
| 14:30 - 15:15 (45 mins) |
Secure continuous delivery: developer’s immediate connection to what they’re creating | Dinis Cruz | This presentation makes the case that when developers have access to powerful development CI (Continuous Integration) environments and code analysis/execution tools, they are able to: a) understand what their code is doing, b) refactor code with confidence, c) test they code efficiently and d) provide assurance that are writing secure code. This presentation will show real examples of what such environment looks like in .NET and NodeJS | ||
| 15:20 - 16:05 (45 mins) |
Secure coding with python | Enrico Branca | TBD | ||
| 16:10 - 16:55 (45 mins) |
Shellshock Vulnerability | Tudor Enache | Discussion of one of the most popular 0-days in recent years. What's shellshock? What are the attack vectors? How do you mitigate it? Additionally we will brainstorm about how to efficiently deal with such bugs and understand the real threat of 0-days. | ||
