This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

OWASP Bucharest AppSec Conference 2017 Agenda Talks

From OWASP
Revision as of 18:10, 28 September 2017 by Oana Cornea (talk | contribs)

Jump to: navigation, search

Conference agenda, 13th of October

Time Title Speaker Description
9:00 - 9:30
(30 mins) 		Registration and coffee break
9:30 - 9:45
(15 mins) 		Introduction Oana Cornea Introduction to the OWASP Bucharest Event, Schedule for the Day
9:45 - 10:30
(45 mins) 		OWASP Juice Shop: The most trustworthy online shop out there Bjoern Kimminich OWASP Juice Shop is an intentionally insecure webapp for security trainings written entirely in Javascript which encompasses the entire OWASP Top Ten and other severe security flaws.

In this talk you will learn all about the project and its capabilities. You will...

  • join a "happy shopper round tour"
  • enjoy a hacking demo of some of the 43+ challenges
  • get an insight into the underlying application architecture
  • witness how to customize Juice Shop into a security awareness booster
  • learn how to set up a CTF event with Juice Shop for extra fun during trainings

https://www.owasp.org/index.php/OWASP_Juice_Shop_Project

10:45 - 11:30
(45 mins) 		Application Security Lifecycle Adrian Locusteanu A complete perspective on application security assumes addressing the whole application lifecycle: from secure design and (static or dynamic) testing to changes and continuous operational protection through adaptive managed application security services.

A standardized end2end frame to provide secure enablement for both application developers and online presences will be presented from Telekom's experience.

11:45 - 12:30
(45 mins) 		N different strategies to automate OWASP ZAP Marudhamaran Gunasekaran (Maran) In this talk we will explore the many different ways of automating security testing with the OWASP Zed Attack Proxy and how it ties to an overall Software Security Initiative. Over the years, ZAP has made many advancements to its powerful APIs and introduced scripts to make security automation consumable for mortals. This talk is structured to demonstrate how ZAP's API, and scripts could be integrated with Automated Testing frameworks beyond selenium, Continuous Integration and Continuous Delivery Pipelines beyond Jenkins, scanning authenticated parts of the application, options to manage the discovered vulnerabilities and so on with real world case studies and implementation challenges.

This is a demonstration oriented talk that explains OWASP ZAP automation strategies for Security Testing by example.

12:30 - 13:30
(60 mins) 		Lunch/Coffee Break
13:30 - 14:15
(40 mins) 		Women in AppSec Panel

WiA 400x400.jpg Panel discussion with: Daniela Ene, Daniel Barbu, Georgiana Vlasceanu, Monica Munteanu, Silvia Stegaru
      See panelists bios here

14:20 - 15:05
(45 mins) 		Security champions: Opera experience Alexander Antukh Security champions is an interesting concept of scaling security in multi-team companies. During this presentation I'll share experience of building a team of champions, challenges we had to overcome, and metrics to evaluate the efficiency of the model. As a bonus, security champion playbook will be introduced to the audience.
15:05 - 15:20
(15 mins) 		Coffee break
15:20 - 16:05
(45 mins) 		Man-in-the-browser attacks Daniel Tomescu Most of today's efforts towards securing web applications rely on securing the web server and providing users with web pages which are protected against common weaknesses over a secure channel. However, we often forget that web applications are client-server applications where the client is the web browser. Therefore, accessing a website is not safe as long as the web browser cannot be trusted.

How many web browsers do we use in a week or a month? Are those web browsers exposed to attacks? Do we trust our favourite web browsers? We will discover multiple attack scenarios and attack vectors which can endanger our browsing experience. Be warned, your relationship with your favourite web browser might suffer and trust issues might arise.

16:05 - 16:50
(45 mins) 		How my SVM nailed your Malware Nikhil.P.K As we know the Android Application Industry from a security perspective, it is also quite well known that the Android platform is succeptible to malicious applications. And with the recent trend where all the vendors and customers going completely mobile, android has now become an attack surface for most of the malicious attacks. Moreover, the mechanisms used for android malware detection comprise of several known methods, and we also know that most of these mechanisms are permission based or based on API usage.

This Project implementation is based on well known machine learning algorithm which is Support Vector Machines for solving the problem of android malware analysis. This method involves the mechanism of detection of android malware by effeciently embedding the functional call graphs along the feature map. The gamechanger in this concept would be the optimal utilization of the SVM Algorithm(Support Vector Machine) that proves to be better than other approaches with a minimalistic amount of false positives found and a higher detection rate.

16:50 - 17:00
(15 mins) 		Closing ceremony OWASP Bucharest team CTF Prizes
Retrieved from "https://wiki.owasp.org/index.php?title=OWASP_Bucharest_AppSec_Conference_2017_Agenda_Talks&oldid=233834"