This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
OWASP Bucharest AppSec Conference 2017 Agenda Talks
From OWASP
Conference agenda | |||||
| Time | Title | Speaker | Description | ||
| 8:30 - 9:00 (30 mins) |
Registration and coffee break | ||||
| 9:00 - 9:15 (15 mins) |
Introduction | Oana Cornea | Introduction to the OWASP Bucharest Event, Schedule for the Day | ||
| 9:15 - 10:00 (45 mins) |
Automation of Application Security Testing | Lucian Corlan | This presentation aims to provide a way into achieving application security testing automation (with SAST, DAST and other tools) within a development pipeline. In this talk you will experience an approach to using ThreadFix and its "Policies" feature to determine the security exposure of a build/release and to output the result back into the continuous integration and delivery pipelines for quick and reliable decision making. | ||
| 10:00 - 10:45 (45 mins) |
OWASP Juice Shop: The most trustworthy online shop out there | Bjoern Kimminich | OWASP Juice Shop is an intentionally insecure webapp for security trainings written entirely in Javascript which encompasses the entire OWASP Top Ten and other severe security flaws. In this talk you will learn all about the project and its capabilities. You will...
| ||
| 11:00 - 11:40 (40 mins) |
N different strategies to automate OWASP ZAP | Marudhamaran Gunasekaran (Maran) | In this talk we will explore the many different ways of automating security testing with the OWASP Zed Attack Proxy and how it ties to an overall Software Security Initiative. Over the years, ZAP has made many advancements to its powerful APIs and introduced scripts to make security automation consumable for mortals. This talk is structured to demonstrate how ZAP's API, and scripts could be integrated with Automated Testing frameworks beyond selenium, Continuous Integration and Continuous Delivery Pipelines beyond Jenkins, scanning authenticated parts of the application, options to manage the discovered vulnerabilities and so on with real world case studies and implementation challenges.
This is a demonstration oriented talk that explains OWASP ZAP automation strategies for Security Testing by example. | ||
| 11:50 - 12:30 (40 mins) |
Women in AppSec Panel
| ||||
| 12:30 - 13:30 (60 mins) |
Lunch/Coffee Break | ||||
| 13:30 - 14:15 (45 mins) |
Security champions: Opera experience | Alexander Antukh | Security champions is an interesting concept of scaling security in multi-team companies. During this presentation I'll share experience of building a team of champions, challenges we had to overcome, and metrics to evaluate the efficiency of the model. As a bonus, security champion playbook will be introduced to the audience. | ||
| 14:15 - 15:00 (45 mins) |
Threat modelling – How we deconstruct systems and the threats they are at risk from | Mustafa Kasmani | The presentation focuses on plenty of great case studies is threat modelling – how we deconstruct systems and the threats they are at risk from. There will be implicit training in the form of practical exercises in how you calculate risk and accountability. Threat modelling also involves different disciplines in design, development and security so we expect the audience to join the conversation. | ||
| 15:00 - 15:15 (15 mins) |
Coffee break | ||||
| 15:15 - 16:00 (45 mins) |
|||||
| 16:00 - 16:45 (45 mins) |
|||||
| 16:45 - 17:00 (15 mins) |
Closing ceremony | OWASP Bucharest team | CTF Prizes | ||
