Difference between revisions of "EUTour2013 Bucharest Agenda"

From OWASP
Jump to: navigation, search
 
(10 intermediate revisions by one user not shown)
Line 38: Line 38:
 
Venue Address: Splaiul Independentei nr. 313, sector 6, Bucuresti,  ROMANIA; Rectorship Building, Senate Hall<br>
 
Venue Address: Splaiul Independentei nr. 313, sector 6, Bucuresti,  ROMANIA; Rectorship Building, Senate Hall<br>
 
Postal cod: RO-060042'''<br>
 
Postal cod: RO-060042'''<br>
Venue Map: [http://g.co/maps/ajq42 Google Maps]  
+
Venue Map: [https://plus.google.com/101033585760098377632/about]  
 
|-
 
|-
 
| align="center" style="background:#CCCCEE;" colspan="2" | '''Price and registration'''
 
| align="center" style="background:#CCCCEE;" colspan="2" | '''Price and registration'''
 
|-
 
|-
 
| align="center" style="background:#EEEEEE;" colspan="2" | This event is '''FREE''' <br>
 
| align="center" style="background:#EEEEEE;" colspan="2" | This event is '''FREE''' <br>
  '''Registration Link to the Europe Tour''': [TBD REGISTER HERE!]'''<br>
+
  '''Registration Link to the Europe Tour''': <br>http://owasp-romaniachapter-eorg.eventbrite.com/'''<br>
 
<br>
 
<br>
 
|-
 
|-
Line 56: Line 56:
 
| style="width:40%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Description'''
 
| style="width:40%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Description'''
 
|-
 
|-
| style="width:10%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | 09:00 am<br>(30 mins)
+
| style="width:10%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | 02:30 pm<br>(30 mins)
| style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | Registration
+
| style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | Introduction & Welcome
| style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" |  
+
| style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | Ionel Chirita, Claudiu Constantinescu
| style="width:40%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" |  
+
| style="width:40%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | Introduction to OWASP
 
|-
 
|-
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | hour -TBD <br>(45 mins)  
+
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 03:15 pm <br>(45 mins)  
 
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Penetration Testing - a way for improving our cyber security   
 
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Penetration Testing - a way for improving our cyber security   
 
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Adrian Furtună
 
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Adrian Furtună
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | description
+
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | The talk presents a comparison between two internal penetration tests made in consecutive years at the same client. We will see the successful attack scenarios and the techniques used to take control over the network. Furthermore, we will see how and why the security posture of the client improved as a result of the penetration tests.
 
|-
 
|-
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | hour -TBD <br>(45 mins)
+
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 04:15 pm<br>(45 mins)
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Hacking the ViewState in ASP.NET
+
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Android reverse engineering: understanding third-party applications
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Ovidiu Diaconescu
+
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Vicente Aguilera
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | description
+
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | It will present the objectives of the software reverse engineering and the techniques and tools to execute this process in Android applications. It will present, from a security analyst point of view and in a practical manner, the process of analyzing an existing application at Google Play Store.
 
|-
 
|-
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | hour -TBD <br>(45 mins)
+
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 05:15 pm<br>(45 mins)
 
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | The Trouble with Passwords  
 
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | The Trouble with Passwords  
 
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Mark Goodwin
 
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Mark Goodwin
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | description
+
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Many developers still seem unsure of how to deal with passwords and password data. This presentation covers some common mistakes made when storing credentials and introduces some good ways of tackling them.
 +
|-
 +
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 06:15 pm <br>(45 mins)
 +
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Hacking the ViewState in ASP.NET
 +
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Ovidiu Diaconescu
 +
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | The view state is a necessary evil of ASP.NET Web Forms. Without having the proper protection mechanisms in place, it is trivial to exploit. This session will teach you how to take advantage of unsecured web applications and how to tighten-up your own
 
|-
 
|-
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | hour -TBD <br>(45 mins)
+
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 07:15 pm <br>(45 mins)
 
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Do you "GRANT ALL PRIVILEGES ..." in MySQL/MariaDB/Percona Server?  
 
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Do you "GRANT ALL PRIVILEGES ..." in MySQL/MariaDB/Percona Server?  
 
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Gabriel Preda
 
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Gabriel Preda
 
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | We discuss (at least) elementary security procedures for MySQL and it's forks. Dive through short information about MySQL forks, replication options and their security implications. Finally some notes on what changes about security when you scale MySQL.
 
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | We discuss (at least) elementary security procedures for MySQL and it's forks. Dive through short information about MySQL forks, replication options and their security implications. Finally some notes on what changes about security when you scale MySQL.
 
|}
 
|}

Latest revision as of 10:00, 31 May 2013

Eu tour1.png

OWASP EUROPE TOUR 2013

Tour Home Page
Tour Scheadule
Tour Organizers Resources
Mailing List

CONFERENCE

OWASP Europe Tour - Bucharest 2013

Wednesday 5th June (Conference)

DESCRIPTION
OWASP Europe TOUR, is an event across the European region that promotes awareness about application security, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.
  • Apart from OWASP's Top 10, most OWASP Projects are not widely used and understood. In most cases this is not due to lack of quality and usefulness of those Document & Tool projects, but due to a lack of understanding of where they fit in an Enterprise's security ecosystem or in the Web Application Development Life-cycle.
  • This event aims to change that by providing a selection of mature and enterprise ready projects together with practical examples of how to use them.
OWASP MEMBERSHIP
During the OWASP Europe Tour you could become a member and support our mission.

Become an OWASP member by clicking here



CONFERENCE (Wednesday 5th of June)

Date Location
Wednesday 5th of June Venue Location: University "Politehnica" of Bucharest

Venue Address: Splaiul Independentei nr. 313, sector 6, Bucuresti, ROMANIA; Rectorship Building, Senate Hall
Postal cod: RO-060042
Venue Map: [1]

Price and registration
This event is FREE
Registration Link to the Europe Tour: 
http://owasp-romaniachapter-eorg.eventbrite.com/



Conference Details
Time Title Speaker Description
02:30 pm
(30 mins)
Introduction & Welcome Ionel Chirita, Claudiu Constantinescu Introduction to OWASP
03:15 pm
(45 mins)
Penetration Testing - a way for improving our cyber security Adrian Furtună The talk presents a comparison between two internal penetration tests made in consecutive years at the same client. We will see the successful attack scenarios and the techniques used to take control over the network. Furthermore, we will see how and why the security posture of the client improved as a result of the penetration tests.
04:15 pm
(45 mins)
Android reverse engineering: understanding third-party applications Vicente Aguilera It will present the objectives of the software reverse engineering and the techniques and tools to execute this process in Android applications. It will present, from a security analyst point of view and in a practical manner, the process of analyzing an existing application at Google Play Store.
05:15 pm
(45 mins)
The Trouble with Passwords Mark Goodwin Many developers still seem unsure of how to deal with passwords and password data. This presentation covers some common mistakes made when storing credentials and introduces some good ways of tackling them.
06:15 pm
(45 mins)
Hacking the ViewState in ASP.NET Ovidiu Diaconescu The view state is a necessary evil of ASP.NET Web Forms. Without having the proper protection mechanisms in place, it is trivial to exploit. This session will teach you how to take advantage of unsecured web applications and how to tighten-up your own
07:15 pm
(45 mins)
Do you "GRANT ALL PRIVILEGES ..." in MySQL/MariaDB/Percona Server? Gabriel Preda We discuss (at least) elementary security procedures for MySQL and it's forks. Dive through short information about MySQL forks, replication options and their security implications. Finally some notes on what changes about security when you scale MySQL.