This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP Bucharest AppSec Conference 2016 Agenda Talks"

From OWASP
Jump to: navigation, search
Line 25: Line 25:
 
|-
 
|-
 
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 10:30 - 11:15<br>(45 mins)  
 
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 10:30 - 11:15<br>(45 mins)  
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | How I Rooted My Company's Product (and What We Learned from It)
+
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | CSWSH (Cross-Site WebSocket Hijacking)
  
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | [https://ro.linkedin.com/in/adrian-hada-70a80631 Adrian Hada]
+
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | [https://ro.linkedin.com/in/vali-malinoiu-4b137853 Vali Malinoiu]
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="justify" colspan="0" |Educating development teams is one of the more important actions after a penetration test. Having succeeded in exploiting the target, the red team usually comes with suggestions on how to improve application security. Having access to the source code generally offers insight into how and why vulnerabilities appear in the first place. In this presentation I aim to exemplify how one such test went and what I think the development team did right, as well as the few things they got wrong. In the end, multiple smaller mistakes can easily turn into a great vulnerability. <br>
+
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="justify" colspan="0" | <br>
  
 
|-
 
|-

Revision as of 19:31, 25 September 2016

Conference agenda

Time Title Speaker Description
8:30 - 9:00
(30 mins) 		Registration
9:00 - 9:30
(30 mins) 		Introduction Oana Cornea Introduction to the OWASP Bucharest Event, Schedule for the Day
9:30 - 10:15
(45 mins) 		Handling of Security Requirements in Software Development Lifecycle Daniel Kefer The bigger the company you're working in, the more technologies and methodologies used by development teams you are going to face. At the same time, you want to address security risks in an appropriate, reliable and traceable way for all of them.

After a short introduction of a unified process for handling security requirements in a large company, the main part of the talk is going to focus on a tool called SecurityRAT (Requirement Automation Tool) which has been developed in order to support and accelerate this process. The goal of the tool is first to provide a list of relevant security requirements according to properties of the developed software, and afterwards to handle these in a mostly automated way - integration with an issue tracker being used as a core feature. Work in progress and future plans will form the last part of the talk.

10:30 - 11:15
(45 mins) 		CSWSH (Cross-Site WebSocket Hijacking) Vali Malinoiu
11:30 - 12:15
(45 mins) 		Software assurance with OpenSAMM Jacco van Tuijl More and more developers realize that something needs to change into their development process. This is to reduce the number of vulnerabilities and to be well prepared when incidents are reported . The Secure Software Development Life Cycle process ( SSDLC ) ensures that there is thought to security at all stages of the development process. This reduces the number of vulnerabilities in delivered software and provides a thorough process for handling incidents.

There are several frameworks for the implementation of SSDLC like BSIMM , MS SDL and OpenSAMM . Jacco van Tuijl will discuss the OpenSAMM : The Software Assurance Maturity Model . A completely open framework of OWASP . Jacco will share experiences regarding the implementation of OpenSAMM within various organizations.

12:30 - 13:15
(45 mins) 		How to handle bot threats Andrei Daniel Oprisan This talk is an overview, from a security perspective, of the robotic systems (bots) that we can find today over the internet. It consists of two main parts: Robot Detection and Robot Mitigation. I will explain how the detection models can be applied in preventing the robots to harm the website but also explaining why it is important not to affect the user experience in a significant way.
13:15 - 14:30
(75 mins) 		Lunch/Coffee Break
14:30 - 15:15
(45 mins)
15:20 - 16:05
(45 mins)
16:10 - 16:55
(45 mins)
Retrieved from "https://wiki.owasp.org/index.php?title=OWASP_Bucharest_AppSec_Conference_2016_Agenda_Talks&oldid=221774"