This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Timisoara"

From OWASP
Jump to: navigation, search
 
(14 intermediate revisions by the same user not shown)
Line 1: Line 1:
 
__NOTOC__  
 
__NOTOC__  
 
{{Chapter Template|chaptername=Timisoara|extra=The chapter leader is [mailto:[email protected] Catalin Curelaru].
 
|meetupurl=https://www.meetup.com/OWASP-Timisoara-Chapter/|region=Europe}}
 
 
'''Follow us on [https://twitter.com/OwaspT Twitter.]'''<br>
 
 
 
== Local News ==
 
 
'''Meeting Location'''
 
 
Everyone is welcome to join us at our chapter meetings.
 
 
[[Category:OWASP Chapter]]
 
 
 
  
 
=Welcome=  
 
=Welcome=  
 +
== Welcome to the OWASP Timisoara Chapter Homepage ==
 +
<br>
 +
Follow us on [https://twitter.com/OwaspT Twitter.]<br>
 +
Follow us on [https://www.meetup.com/OWASP-Timisoara-Chapter/ Meetup.]<br>
 +
Follow us on [https://www.linkedin.com/in/owasp-timisoara-chapter/ Linkedin.]<br>
  
<br>
 
 
Timisoara has an evolved software development community and one of the most important aspects that we aim to achieve is to continuously improve the application security world.  
 
Timisoara has an evolved software development community and one of the most important aspects that we aim to achieve is to continuously improve the application security world.  
  
 
Everyone is welcome to join our chapter meetings, members and non-members. OWASP Timisoara Chapter meetings / events are free and open, so please join us!<br><br>
 
Everyone is welcome to join our chapter meetings, members and non-members. OWASP Timisoara Chapter meetings / events are free and open, so please join us!<br><br>
 +
 +
The chapter leader is [mailto:[email protected] Catalin Curelaru].
  
 
The Chapter Board Members are: Monica Iovan (Education), Ioana Piroska ( PR/Marketing), Claudiu Ivan, Daniel Ilies.
 
The Chapter Board Members are: Monica Iovan (Education), Ioana Piroska ( PR/Marketing), Claudiu Ivan, Daniel Ilies.
Line 30: Line 20:
  
 
Next event:<br>
 
Next event:<br>
For details please check [https://www.owasp.org/index.php/Timisoara#tab=Upcoming_events Upcoming Events]!
+
For details please check [https://www.owasp.org/index.php/Timisoara#tab=Upcoming_events Upcoming Events.]!<br>
 +
 
 +
Past chapter leaders<br>
 +
2015 - 2019 Cornel Punga<br>
 +
2015 - 2019 Florina Rosiu<br>
  
 
=Upcoming events=
 
=Upcoming events=
 
[https://www.meetup.com/OWASP-Timisoara-Chapter/?scroll=true Please see our Meetup page for more details and to register as attendee]
 
[https://www.meetup.com/OWASP-Timisoara-Chapter/?scroll=true Please see our Meetup page for more details and to register as attendee]
== OWASP Timisoara #14: 29th August 2019 ==
+
 
Powered by Visma / Address: Strada Aristide Demetriade, Nr 1, UBC3 building, 10th Floor, Timisoara
+
== OWASP Timisoara #15: 11 December 2019 ==
 +
Powered by UnifiedPost / Address: C. Brediceanu, 10, City Business Center,Building D, 5th floor, Timisoara, Romania
 
<br>
 
<br>
Summer sessions - Theme: CyberSecurity, XSS/CSRF Attacks, Transparency
+
Winter sessions - Theme: Honeypots, Hacking and Community Building
 +
 
 +
Schedule
 +
'''18:00''' Welcome participants
 +
'''18:15''' About Honeypots - Florin Patruta
 +
'''18:50''' Too good to be true - Learning path: How to become a hacker - Catalin Curelaru
 +
'''19:25''' Break
 +
'''19:40''' Learning Security & Community Building - Radu Ticiu
 +
'''20:15''' Networking
 +
'''Time:''' 18:00 to 21:00
  
Schedule
+
POWERED BY UnifiedPost
'''18:00''' Welcome participants
 
'''18:15''' Intro OWASP Timisoara - Catalin Curelaru
 
'''18:20''' CyberSecurity - Behind your front door - Adrian Daniel Bacanu
 
'''18:50''' Break
 
'''19:00''' XSS & CSRF attacks - Daniel Ilies & Claudiu Ivan
 
'''19:45''' Break
 
'''19:50''' Transparency of Episode XVI: The Empire Strikes - Catalin Curelaru
 
'''20:20''' Endnote - Plans for the future - Involvement in the Chapter - Catalin Curelaru
 
'''20:30''' Networking
 
  
Time: 18:00 to 21:00
+
> snacks and drinks on the house
  
POWERED BY Visma Romania
+
Miercuri, 11 Decembrie - ora 18:00
  
> snacks and drinks on the house
+
C. Brediceanu, 10, City Business Center,Building D, 5th floor, Timisoara, Romania
  
Joi, 29 August - ora 18:00
+
Winter sessions - Theme: Honeypots, Hacking and Community Building
 +
<li>Honeypots:
 +
The internet is getting bigger and bigger and the attacks on organisations, governments, individuals etc are increasing. It's not a matter of if you're going to be a target, but when. At some point in time, attackers will find a way to enter a company's network, some way or another. They usually do it by trying multiple times, after conducting reconnaissance activity. Knowing who accesses the company assets, creating decoys to lure attackers and gain time to implement defense strategies could be a deal breaker. Learn more about what honeypots are, how they can be used and what value they can provide to a company.</li>
 +
<li>Hacking:
 +
Nowadays we can see an increase in cyber-crime or state controlled attacks and companies are starting to become more aware for the need of people with a hacking culture. In Learning path, how to become a hacker you will find a few steps on how you can be a good guy into security and help organizations secure their environments.</li>
 +
<li>Security Community Building:
 +
The founder and the coordinator of CoderDojo will present the learning steps into security, how can we get more insights if we participate into CTFs and how we can build a stronger security community.</li>
  
UBC3 building, Strada Aristide Demetriade, Nr 1, 10th Floor, Timisoara
+
=Past events=
 +
== OWASP Timisoara #14: 29th August 2019 ==
 +
Powered by Visma / Address: Strada Aristide Demetriade, Nr 1, UBC3 building, 10th Floor, Timisoara
 
<br>
 
<br>
 +
Summer sessions - Theme: CyberSecurity, XSS/CSRF Attacks, Transparency
  
 +
Schedule
 +
'''18:00''' Welcome participants
 +
'''18:15''' Intro OWASP Timisoara - Catalin Curelaru
 +
'''18:20''' CyberSecurity - Behind your front door - Adrian Daniel Bacanu
 +
'''18:50''' Break
 +
'''19:00''' XSS & CSRF attacks - Daniel Ilies & Claudiu Ivan
 +
'''19:45''' Break
 +
'''19:50''' Transparency of Episode XVI: The Empire Strikes - Catalin Curelaru
 +
'''20:20''' Endnote - Plans for the future - Involvement in the Chapter - Catalin Curelaru
 +
'''20:30''' Networking
 +
'''Time:''' 18:00 to 21:00
 +
 +
POWERED BY Visma Romania
  
=Past events=
 
 
==20th September 2016, OWASP InfoSecTM #13==  
 
==20th September 2016, OWASP InfoSecTM #13==  
 
<br>
 
<br>
Line 89: Line 105:
 
<br>
 
<br>
  
==31th May 2016, OWASP InfoSecTM #12==  
+
== 31th May 2016, OWASP InfoSecTM #12 ==  
 
<br>
 
<br>
 
<b>Title: Be aware of your bugs, if you aren’t, someone else is. Part 2</b><br>
 
<b>Title: Be aware of your bugs, if you aren’t, someone else is. Part 2</b><br>
Line 101: Line 117:
 
<br>
 
<br>
  
==12th April 2016, OWASP InfoSecTM #11==  
+
== 12th April 2016, OWASP InfoSecTM #11 ==  
 
<br>
 
<br>
 
<b>Title: Be aware of your bugs, if you aren’t, someone else is</b><br>
 
<b>Title: Be aware of your bugs, if you aren’t, someone else is</b><br>
Line 163: Line 179:
 
https://www.owasp.org/index.php/Local_Chapter_Supporter
 
https://www.owasp.org/index.php/Local_Chapter_Supporter
 
<headertabs />
 
<headertabs />
 +
 +
== Participation ==
 +
OWASP Foundation ([https://docs.google.com/a/owasp.org/presentation/d/10wi1EWFCPZwCpkB6qZaBNN8mR2XfQs8sLxcj9SCsP6c/edit?usp=sharing Overview Slides]) is a professional association of [[Membership | global members]] and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the [[Chapter_Leader_Handbook]].  As a [[About_OWASP | 501(c)(3)]] non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button.  To be a <b>SPEAKER</b> at ANY OWASP Chapter in the world simply review the [[Speaker_Agreement | speaker agreement]] and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.
 +
 +
== Sponsorship/Membership  ==
 +
 +
[[Image:Btn_donate_SM.gif|link=https://www.owasp.org/index.php/Local_Chapter_Supporter]] to this chapter or become a local chapter supporter.
 +
Or consider the value of [[Membership | Individual, Corporate, or Academic Supporter membership]]. Ready to become a member? [[Image:Join_Now_BlueIcon.JPG|75px|link=https://www.owasp.org/index.php/Membership]]
 +
 +
 +
[[Category:OWASP Chapter]]
 +
{{#if:{{{region|}}}|
 +
[[Category:{{{region}}}]]
 +
}}
  
 
==Chapter Supporters==
 
==Chapter Supporters==
 
<b>Chapter Supporters</b>
 
<b>Chapter Supporters</b>

Latest revision as of 14:29, 11 December 2019


Welcome to the OWASP Timisoara Chapter Homepage


Follow us on Twitter.
Follow us on Meetup.
Follow us on Linkedin.

Timisoara has an evolved software development community and one of the most important aspects that we aim to achieve is to continuously improve the application security world.

Everyone is welcome to join our chapter meetings, members and non-members. OWASP Timisoara Chapter meetings / events are free and open, so please join us!

The chapter leader is Catalin Curelaru.

The Chapter Board Members are: Monica Iovan (Education), Ioana Piroska ( PR/Marketing), Claudiu Ivan, Daniel Ilies.

  • Anyone who wants to get involved and help the Chapter evolve is very welcome and please just contact us.
  • If you want to present at one of our meetings / events (please read the speaker agreement).
  • In case that you have any questions about the OWASP Timisoara Chapter, send an email to [Catalin Curelaru]]

    • Next event:
    For details please check Upcoming Events.!

    Past chapter leaders
    2015 - 2019 Cornel Punga
    2015 - 2019 Florina Rosiu

    Please see our Meetup page for more details and to register as attendee

    OWASP Timisoara #15: 11 December 2019

    Powered by UnifiedPost / Address: C. Brediceanu, 10, City Business Center,Building D, 5th floor, Timisoara, Romania
    Winter sessions - Theme: Honeypots, Hacking and Community Building 

    Schedule
18:00 Welcome participants
18:15 About Honeypots - Florin Patruta 
18:50 Too good to be true - Learning path: How to become a hacker - Catalin Curelaru
19:25 Break
19:40 Learning Security & Community Building - Radu Ticiu
20:15 Networking
Time: 18:00 to 21:00

    POWERED BY UnifiedPost

    > snacks and drinks on the house

    Miercuri, 11 Decembrie - ora 18:00

    C. Brediceanu, 10, City Business Center,Building D, 5th floor, Timisoara, Romania

    Winter sessions - Theme: Honeypots, Hacking and Community Building

  • Honeypots: The internet is getting bigger and bigger and the attacks on organisations, governments, individuals etc are increasing. It's not a matter of if you're going to be a target, but when. At some point in time, attackers will find a way to enter a company's network, some way or another. They usually do it by trying multiple times, after conducting reconnaissance activity. Knowing who accesses the company assets, creating decoys to lure attackers and gain time to implement defense strategies could be a deal breaker. Learn more about what honeypots are, how they can be used and what value they can provide to a company.
  • Hacking: Nowadays we can see an increase in cyber-crime or state controlled attacks and companies are starting to become more aware for the need of people with a hacking culture. In Learning path, how to become a hacker you will find a few steps on how you can be a good guy into security and help organizations secure their environments.
  • Security Community Building: The founder and the coordinator of CoderDojo will present the learning steps into security, how can we get more insights if we participate into CTFs and how we can build a stronger security community.

    • OWASP Timisoara #14: 29th August 2019

    Powered by Visma / Address: Strada Aristide Demetriade, Nr 1, UBC3 building, 10th Floor, Timisoara
    Summer sessions - Theme: CyberSecurity, XSS/CSRF Attacks, Transparency 

    Schedule
18:00 Welcome participants
18:15 Intro OWASP Timisoara - Catalin Curelaru
18:20 CyberSecurity - Behind your front door - Adrian Daniel Bacanu
18:50 Break
19:00 XSS & CSRF attacks - Daniel Ilies & Claudiu Ivan
19:45 Break
19:50 Transparency of Episode XVI: The Empire Strikes - Catalin Curelaru
20:20 Endnote - Plans for the future - Involvement in the Chapter - Catalin Curelaru
20:30 Networking
Time: 18:00 to 21:00

    POWERED BY Visma Romania

    20th September 2016, OWASP InfoSecTM #13


      Speakers
    • Matei-Eugen Vasile, ApTI
      Title: Digital privacy și inamicii săi

      • Description:
      Odată cu dezvoltarea Internetului, a apărut o presiune din partea anumitor organizații ale statelor pentru a-l controla. Până recent, aceste presiuni erau cunoscute doar celor a căror activitate era strâns legată de funcționarea Internetului – adică oamenilor tehnici. Ulterior și alte categorii au început să intuiască existenta acestor acțiuni de control: profesioniștii din domeniul juridic, unii activiști din zona apărării drepturile omului, etc. În ultimii ani, probabil că oricine a auzit de Internet, a auzit și de încercările statelor de a controla Internetul.


      Parlamentul României a elaborat şi adoptat, la solicitarea organizațiilor din domeniul securităţii naţionale, o lege a securității „cibernetice” care a fost respinsă de Curtea Constituțională. O eventuală decizie favorabila legii venita din partea Curţii Constituţionalear fi fost dezastruoasă pentru toți cei care conetaţi la Internet. Oricum, decizia Curții Constituționale nu i-a descurajat pe autorii legii: au fost lansate propuneri aproape identică. E revelator faptul că în România, până în prezent au avut loc patru încercări de introducere a înregistrării datelor de identificare a cumpărătorilor de cartelele SIM pre-plătite, iar ultima dintre ele a trecut de Parlament fiind și aceasta respinsă de Curtea Constituțională. Lista tentativelor de control poate continua, din păcate.

      Concluzia care poate fi trasă este că supravegherea şi controlul poate lua multe forme dar scopul final este același. Trebuie ca aceste aspecte ale controlului să fie cunoscute şi discutate, pentru a putea fi generate reacţii la abuzurile de aşteptat în viitor.

    • Lucian Florin Ilca, Atos
      Title: Prezentarea și dezvoltarea vulnerabilităților la nivel de routere, switch-uri și access point-uri

      • Description:
      Vulnerabilitățile la nivel de arhitecturi MIPS sunt subiecte de actualitate în zona securității informatice. Arhitecturile MIPS sunt dezvoltate special pentru routere, switch-uri, puncte de acces WiFi. Cu aceste device-uri avem de a face voluntar și involuntar, ele fiind elemente fundamentale ale rețelele interconectate sau ”internet networks”. Fie că folosim internetul mobil, în mediul domestic sau în spațiul public, pentru ca traficul nostru să ajungă la destinație, el va trece printr-un gateway care poate fi exploatat cu relativă ușurință.

      În ultimii ani au fost raportate numeroase vulnerabilități 0 Day (sau, mai bine zis, 0 Hour), care au afectat foarte mulți furnizori de echipamente, de la Cisco, Juniper, Extreme Networks până la F5 sau Palo Alto.

      Prin intermediul prezentări sale, Lucian va aduce un plus de informație despre modul de identificare și dezvoltare a unui exploit într-un router, switch, access point, respectiv modul prin care pot fi obținute, de la distanță, privilegii în aceste echipamente. Cu o vulnerabilitate găsită și exploatată într-un echipament de rețea, se poate dezvolta atacuri de mare amploare, de diverse tipuri: Man-in-the-middle attack,Distributed Denial of Service sau Denial of Service, Network Spoofing sau Remote Access Trojan.

      31th May 2016, OWASP InfoSecTM #12


      Title: Be aware of your bugs, if you aren’t, someone else is. Part 2

      This session shows a few exploit techniques used in the wild: ROP and sled. We will also dissect a real life O day to see how this was done.

      The takeaway is that sometimes no OS mitigation/static analyzer can save you from an interprocedural logic flaw.

        Speakers
      • Daniel BORCA - engine developer, Bitdefender

        12th April 2016, OWASP InfoSecTM #11


        Title: Be aware of your bugs, if you aren’t, someone else is

        The first session will introduce key concepts necessary in understanding what is going on “under the hood” of your program and how this correlates with being a possible victim of an exploit.

        We will also dissect a real life exploit to see how this is done “in the wild” and what can we do to prevent it.

          Speakers
        • Daniel BORCA - engine developer, Bitdefender
        • Alin BARBATEI - malware researcher, Bitdefender

          15th december 2015, OWASP InfoSecTM #8

          17th February 2016, OWASP InfoSecTM #9


          • Title: A new generation of cryptographic algorithms - IDEA NXT".
            Speaker: Andreea Bozesan
            Discover the newest generation of symmetric block ciphers, their capabilities, drawbacks and means of testability. A hardware implementation is also analyzed for providing metrics to sustain the theoretic aspects exposed in the first part of the presentation
          • Title: Software Protection by Code Obfuscation
            Speaker: Ciprian Lucaci
            Complete protection of software against unauthorized access cannot be fully guaranteed because with enough resources any protection mechanism can eventually be overcome. Thus, the goal is usually to make the job of the attacker as difficult as possible. One possibility of protecting software intellectual property is through different source code obfuscation techniques. In this presentation I will briefly discuss different software protection techniques and present virtualization obfuscation as an effective protection mechanism. Virtualization obfuscation is a particular obfuscation technique that aims to protect the intellectual property of a software vendor by hiding the control-flow of a program P. This talk will present the concept of virtualization obfuscation by comparing by introducing the advantages and disadvantages compared to other obfuscation techniques.

            • Check the event on FB[1]

            15th March 2016, OWASP InfoSecTM #10


            Presentations:

            Romanian description

          • Speaker: Dan Negrea, Software Engineer în departamentul de Security al ACI.
            Ca departament ne ocupăm de securitatea produselor ACI. Aplication Security este o felie din ce în ce mai importantă din IT Security. Voi prezenta Cross-Site Request Forgery, care ocupă poziția 8 în Top-ul OWASP. Este o vulnerabilitate ușor de exploatat, implicând foarte puțin cod. Detectarea este de asemenea ușoară. Dacă ai un website și nu știi ce înseamnă CSRF, mai devreme sau mai târziu vei afla. Mai bine mai devreme :) Iar, ca simplu utilizator, vei afla câteva ”Best Practices”.
          • Speaker Radu Ciorbă
            Linux and Python fanboy. Problemele de securitate vreau să le înțeleg în primul rând din curiozitate, dar și pentru a ști ce să evit în sistemele pe care le construiesc. Voi prezenta, pe scurt, "The Debian SSL Fiasco" sau cum puțină "curățenie în cod" bine intenționată a introdus unul dintre cele mai grave exploituri de securitate din Debian.
          • Speaker: Flavius Oprițoiu
            Prezentarea este intitulată "Reliable implementations for cryptographic systems with testability facilities". Tema abordată o reprezintă testarea fără degradarea securității în contextul dispozitivelor criptografice. Astfel, sunt investigate mai întâi aspectele ce țin de implementarea algoritmilor criptografici în contextul Advanced Encryption Standard (AES), algoritm pentru care va fi descrisă proiectarea unei arhitecturi duale, pentru criptare-decriptare, de dimensiuni reduse (în consecință, de consum redus), construită pin partajarea elementelor comune ale operațiilor directă și inversă. Obiectivul urmărit în proiectarea acestei arhitecturi este obținerea unui compromis cât mai bun între dimensiunile designului și capacitatea de trecere a unității. Pornind de la arhitectura AES descrisă, vor fi prezentate mai multe soluții posibile de extindere a sistemului criptografic prin mecanisme de detecție a erorilor și, respectiv, a situațiilor de atac. Strategiile de detecție a defectelor sunt clasificate în mijloace de testare concurentă, respectiv, preemptivă, fiind protejate toate operațiile de rundă ale AES prin mijloacele de testare propuse.

    Become a supporter of OWASP or of OWASP's Timisoara Chapter and help us to make application security more visible.
    All information about becoming a member/sponsor can be found here.
    https://www.owasp.org/index.php/Local_Chapter_Supporter

    Participation

    OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

    Sponsorship/Membership

    Btn donate SM.gif to this chapter or become a local chapter supporter. Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG


    Chapter Supporters

    Chapter Supporters
    Retrieved from "https://wiki.owasp.org/index.php?title=Timisoara&oldid=256300"