This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

OWASP Bucharest AppSec Conference 2017 Talks

From OWASP
Revision as of 19:20, 8 August 2017 by Oana Cornea (talk | contribs) (edit2)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Conference agenda

Time Title Speaker Description
8:30 - 9:00
(30 mins) 		Registration and coffee break
9:15 - 10:00
(45 mins) 		Testing for cyber resilience: tools & techniques for adversary attack/defense simulation Teodor Cimpoesu and Adrian Ifrim We know that testing selected points around large infrastructures, combined with testing a subset of the enterprise applications (the critical ones) is no longer enough to match what is going on in the wild in terms of cyber risk.

Nowadays real attacks often go undetected for months, use modern tools & techniques, and the responders many times get overwhelmed by the complexity of analysis, time pressure, and the need to understand adversary tactics.
In this presentation and demo, we will show some common techniques of getting a foothold in a target, stealing credentials, doing lateral movement and preparing for data exfil from the red teamer perspective, as well as best practices and approaches for blue teamers to detect and respond to them.

10:00 - 10:45
(45 mins) 		Securing the code and waiting for skilled hackers Sergiu Zaharia When code is analyzed and secured early in the development phase, the developers are really curious about the remaining channels that can be exploited by hackers.

Via this presentation we try to provide hints on the following topics:

  • What software security standards tell us and why we should listen to them;
  • Types of vulnerabilities statistically identified by SAST scanners on source code / Deep dive into some vulnerabilities discovered by SAST solutions;
  • Solutions at code level and for the software environment: supporting processes and technology (vendor-agnostic), architectures, features, limitations. / The holistic secure software development process model;
  • How can ethical hackers make use of SAST solutions to optimize their white box tests.
11:00 - 11:40
(40 mins) 		Less Known Web Application Vulnerabilities Ionut Popescu Many application programs (including their testing strategies) rely on rather simple standards, sometimes even as simple as OWASP Top Ten. This often leads to a false sense of security – developers tend to believe that if they have worked their way through ready-made checklists and took proper care of the well-known topics like authentication, authorization or using parameterized queries, there should be no big surprises ahead.

Nevertheless, the real world of application security is way more complicated than this. New attack vectors are being found on a regular basis and security standards and vulnerability libraries tend to get obsolete pretty fast. It’s nearly impossible to keep on track regarding all vulnerabilities which an application can be vulnerable to.
The goal of this talk is to raise awareness about this topic. Several less known security vulnerabilities will be explained, shown in practice and mitigation strategies will be proposed.

11:50 - 12:30
(40 mins) 		Students in Security Panel
12:30 - 13:30
(60 mins) 		Lunch/Coffee Break
13:30 - 14:15
(45 mins)
14:15 - 15:00
(45 mins)
15:00 - 15:15
(15 mins) 		Coffee break
15:15 - 16:00
(45 mins)
16:00 - 16:45
(45 mins)
16:45 - 17:00
(15 mins) 		Closing ceremony OWASP Bucharest team CTF Prizes
Retrieved from "https://wiki.owasp.org/index.php?title=OWASP_Bucharest_AppSec_Conference_2017_Talks&oldid=232084"