This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP EEE Bucharest Event 2015 Agenda"
Oana Cornea (talk | contribs) |
Oana Cornea (talk | contribs) |
||
Line 69: | Line 69: | ||
| style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | '''OWASP Top 10 vulnerabilities – from discovery to complete exploitation''' <br>The purpose of this workshop is to increase the participants’ awareness on the most common web application vulnerabilities and their associated risks. <br> | | style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | '''OWASP Top 10 vulnerabilities – from discovery to complete exploitation''' <br>The purpose of this workshop is to increase the participants’ awareness on the most common web application vulnerabilities and their associated risks. <br> | ||
We will discuss each type of vulnerability described in the OWASP Top 10 project and we will be practicing manual discovery and exploitation techniques. <br> | We will discuss each type of vulnerability described in the OWASP Top 10 project and we will be practicing manual discovery and exploitation techniques. <br> | ||
− | | style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | '''Adrian Furtună''' – Technical Manager – Security Services – KPMG Romania <br> '''Ionuţ Ambrosie''' – Security Consultant – KPMG Romania | + | | style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | '''[https://ro.linkedin.com/in/adrianfurtuna Adrian Furtună]''' – Technical Manager – Security Services – KPMG Romania <br> '''Ionuţ Ambrosie''' – Security Consultant – KPMG Romania |
| style="width:40%" valign="middle" height="30" bgcolor="#CCEEEE" align="justify" colspan="0" | '''Description:'''<br> | | style="width:40%" valign="middle" height="30" bgcolor="#CCEEEE" align="justify" colspan="0" | '''Description:'''<br> | ||
Revision as of 18:02, 11 September 2015
Conference agenda | |||||
Time | Title | Speaker | Description | ||
10:00 - 10:30 (30 mins) |
Registration | ||||
10:30 - 10:45 (15 mins) |
Introduction & Welcome | Oana Cornea | Introduction to OWASP & Bucharest Event, Schedule for the Day | ||
10:45 - 11:30 (45 mins) |
From SCADA to IoT - Cyber Security |
Bogdan Matache |
The presentation dwells on the distinctive issues of cybersecurity in the world of Internet of Things (IoT). It starts with a short overview of the entities and trends of IoT: Industrial Control Systems (ICS), SCADA, consumer IoT, communication protocols and operating modes, threats and vulnerabilities for ICS / IoT. The presentation moves on to illustrating protection profiles, non-invasive penetration testing for ICS/IoT and finishes with a few consideration on building and operating a security operation center for SCADA / ICS / IoT. | ||
11:50 - 12:35 (45 mins) |
XML Based Attacks | Daniel Tomescu | The presentation is focused on general and specific attack vectors in applications that use XML and additional technologies. The audience will learn how some of the OWASP Top 10 vulnerabilities can be reproduced using XML vectors, how XML External Entities can be used in order to read local files and how XML can be used in order to cause Denial of Service in vulnerable applications. | ||
12:55 - 13:40 (45 mins) |
Dark appsec made simple | Alexander Antukh | In this talk I would like to present results of my security research of applications in the "darknet" - a place where even low-risk vulnerabilities can become crucial for successful de-anonymization. We will go through different techniques of de-anonymizing subjects and will see that privacy is much harder topic than it appears to be. Finally, some vulnerabilities in real well-known services will be presented. | ||
13:40 - 14:30 (50 mins) |
Lunch/Coffee Break | ||||
14:30 - 15:15 (45 mins) |
Attack is easy, let's talk defence. From threat modelling to intelligence driven defence. | Teodor Cimpoesu | Warfare is hard in asymmetric territories, and while cyber realm favours offence, defence is even harder. Modern cyber security talks about adversaries and threat actors, attack modelling and defence chain. But little information is about implementing these concepts. We propose to have a look at the modern approaches of taming security complexity by implementing intelligence driven defence in the day-to-day operations. | ||
15:20 - 16:05 (45 mins) |
|||||
16:10 - 16:55 (45 mins) |
Workshop | |||||
Time | Title | Trainers | Description | ||
9:00 - 14:00 (5 hours) Sala Albastra |
OWASP Top 10 vulnerabilities – from discovery to complete exploitation The purpose of this workshop is to increase the participants’ awareness on the most common web application vulnerabilities and their associated risks. We will discuss each type of vulnerability described in the OWASP Top 10 project and we will be practicing manual discovery and exploitation techniques. |
Adrian Furtună – Technical Manager – Security Services – KPMG Romania Ionuţ Ambrosie – Security Consultant – KPMG Romania |
Description: This will be a (very) hands-on workshop where we will practice exercises as:
Of course, we will also present safe ways in which the identified vulnerabilities can be eliminated or mitigated in a production environment.
Seats available: 20 (first-come, first served) |