Italy OWASP Day 2014 Genova

Back to the Italian Chapter

http://www.unige.it/imm/logo.jpg

= Welcome =

= Keynote =

Gary McGraw
 Ph.D. CTO, Cigital

= Agenda =

The schedule will be as follow:

15:00 Alessandro Armando - Welcome 15:05 Gary McGraw - Cyber War, Cyber Peace, Stones, and Glass Houses 16:30 Break 16:45 Matteo Meucci - Introduction to OWASP and the new projects

Abstract: in this talk Matteo will introduce the OWASP Community and the major active projects. How you can be involved and create a successful OWASP project.

Bio: Matteo is the OWASP-Italy President and the OWASP Testing Guide lead from 2006. He is the CEO and a co-founder of Minded Security. Matteo has undergraduate degrees in Computer Science Engineering from the University of Bologna.

17:00 Stefano di Paola - Client Side Vulnerabilities in the Web Environment

Abstract: Client side code is a growing part of the modern web and those common patterns or libraries, that are supposed to help developer's life, have the drawbacks to add complexity to the code exposing unexpected features with no or little warning. We will focus on the Client side vulnerabilities that are wide spreading in all the major web sites. The presentation will also show some interesting case study, collected and identified during two years of real world applications analysis.

Bio:Stefano is Research & Development Director of OWASP Italian Chapter. He is the CTO and co-founder of Minded Security, where he is Head of Research and Development Lab. In the last 7 years Stefano presented several cutting edge research topics, such as DOM based XSS runtime taint analysis, Expression Language Injection, Http Parameter Pollution, ActionScript Security that lead him to be in the Top Ten Web Hacking Techniques initiative for 5 consecutive years (2007-2011). He also published several security advisories and open source security tools and contributed to the OWASP testing guide.

17:45 Alessandro Armando - A Gentle Introduction to Social Single-Sign On and OAuth 2.0

Abstract: Social Sign On enables website visitors to authenticate to your website using their existing credentials, such as Facebook, Twitter, OpenID, etc. As a result, users don't have to initially register to your website in order to verify their identity. Social Sign On offers a variety of benefits including increased conversion rate and more accurate contextual information. Support to Social Sign On is normally achieved through the OAuth 2.0 protocol. OAuth 2.0 is a web-based protocol that provides client applications a 'secure delegated access' to server resources on behalf of a resource owner. It specifies a process for resource owners to authorize third-party access to their server resources without sharing their credentials. I this talk I will provide a gentle introduction to Social Sign On and OAuth 2.0.

Bio: Alessandro Armando is associate professor at the University of Genova, where he received his Laurea degree in Electronic Engineering in 1988 and his Ph.D in Electronic and Computer Engineering in 1994. His appointments include a postdoctoral research position at the University of Edinburgh (1994-1995) and one as visiting researcher at INRIA-Lorraine in Nancy (1998-1999). He is co-founder and leader (since 2003) of the Artificial Intelligence Laboratory (AI-Lab) at DIST. He is also head of the Security & Trust Research Unit at the Center for Information Technologies of Bruno Kessler Foundation in Trento. He has contributed to the discovery of a serious vulnerability on the SAML-based Single Sign-On for Google Apps and to the discovery and fixing of a vulnerability that leads to a Denial of Service attack on all Android devices. His current focus is on developing cutting-edge automated reasoning techniques and on using them to build a new generation of push-button software verification and debugging tools supporting the development of complex, large-scale, distributed IT applications.