This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

OWASP Bucharest AppSec Conference 2017 Agenda Talks

From OWASP
Revision as of 19:43, 8 August 2017 by Oana Cornea (talk | contribs) (edit3)

Jump to: navigation, search

Conference agenda

Time Title Speaker Description
8:30 - 9:00
(30 mins) 		Registration and coffee break
9:00 - 9:15
(15 mins) 		Introduction Oana Cornea Introduction to the OWASP Bucharest Event, Schedule for the Day
9:15 - 10:00
(45 mins) 		Automation of Application Security Testing Lucian Corlan This presentation aims to provide a way into achieving application security testing automation (with SAST, DAST and other tools) within a development pipeline. In this talk you will experience an approach to using ThreadFix and its "Policies" feature to determine the security exposure of a build/release and to output the result back into the continuous integration and delivery pipelines for quick and reliable decision making.
10:00 - 10:45
(45 mins) 		OWASP Juice Shop: The most trustworthy online shop out there Bjoern Kimminich OWASP Juice Shop is an intentionally insecure webapp for security trainings written entirely in Javascript which encompasses the entire OWASP Top Ten and other severe security flaws.

In this talk you will learn all about the project and its capabilities. You will...

  • join a "happy shopper round tour"
  • enjoy a hacking demo of some of the 43+ challenges
  • get an insight into the underlying application architecture
  • witness how to customize Juice Shop into a security awareness booster
  • learn how to set up a CTF event with Juice Shop for extra fun during trainings

https://www.owasp.org/index.php/OWASP_Juice_Shop_Project

11:00 - 11:40
(40 mins) 		How my SVM nailed your Malware Nikhil.P.K As we know the Android Application Industry from a security perspective, it is also quite well known that the Android platform is succeptible to malicious applications. And with the recent trend where all the vendors and customers going completely mobile, android has now become an attack surface for most of the malicious attacks. Moreover, the mechanisms used for android malware detection comprise of several known methods, and we also know that most of these mechanisms are permission based or based on API usage. But, when we dig deeper and analyzed, we also realize the fact that these mechanisms are open to instruction level obfuscation techniques. Hence, we decided to bring in the approach of Machine Learning to the Android Malware analysis such as using the graph kernels, we tried implementing two different Graph Kernels namely: Weisfeiler – Lehman Graph Kernel and Neighborhood Hash Graph Kernel method which could be used to implement a mechanism that could be used to find the similarities among the binaries while being stringent against these obfuscations used.
11:50 - 12:30
(40 mins) 		Women in AppSec Panel
12:30 - 13:30
(60 mins) 		Lunch/Coffee Break
13:30 - 14:15
(45 mins) 		N different strategies to automate OWASP ZAP Marudhamaran Gunasekaran (Maran) In this talk we will explore the many different ways of automating security testing with the OWASP Zed Attack Proxy and how it ties to an overall Software Security Initiative. Over the years, ZAP has made many advancements to its powerful APIs and introduced scripts to make security automation consumable for mortals. This talk is structured to demonstrate how ZAP's API, and scripts could be integrated with Automated Testing frameworks beyond selenium, Continuous Integration and Continuous Delivery Pipelines beyond Jenkins, scanning authenticated parts of the application, options to manage the discovered vulnerabilities and so on with real world case studies and implementation challenges.

This is a demonstration oriented talk that explains OWASP ZAP automation strategies for Security Testing by example. Introduction
Automated Security Scanning 101
ZAP Introduction
Demo 1 - Controlling ZAP via the API
Demo 2 - ZAP Baseline scan
Demo 3 - Automating quick scan via the Python API
Demo 4 - Automating authenticated scans via the Dot Net APIs
Demo 5 - Automated authenticated scans with Selenium Integration via the Java APIs
Tips from the field for CI / CD Integration
Demo 6 - ZEST Scripting
Demo 7 - Python Scripting

14:15 - 15:00
(45 mins)
15:00 - 15:15
(15 mins) 		Coffee break
15:15 - 16:00
(45 mins) 		Security champions: Opera experience Alexander Antukh Security champions is an interesting concept of scaling security in multi-team companies. During this presentation I'll share experience of building a team of champions, challenges we had to overcome, and metrics to evaluate the efficiency of the model. As a bonus, security champion playbook will be introduced to the audience.
16:00 - 16:45
(45 mins)
16:45 - 17:00
(15 mins) 		Closing ceremony OWASP Bucharest team CTF Prizes
Retrieved from "https://wiki.owasp.org/index.php?title=OWASP_Bucharest_AppSec_Conference_2017_Agenda_Talks&oldid=232087"