EUTour2013 Dublin Agenda
OWASP EUROPE TOUR 2013
|CONFERENCE AND TRAINING|
OWASP Europe Tour - Dublin 2013
Tuesday 25th June (Training)
| OWASP Europe TOUR, is an event across the European region that promotes awareness about application security, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.
| During the OWASP Europe Tour you could become a member and support our mission.|
CONFERENCE (Wednesday 26th June)
|Wednesday 26th June|| Venue Location: TCube|
Venue Address: 32 - 34 Castle Street, Dublin 2, Ireland
|Price and registration|
| This event is FREE |
Registration Link to the Europe Tour: [TBD REGISTER HERE!]
|Conference Details - Times are subject to change|
| 09:30 am
| 10:00 am
|The Realex Payments Application Security story||David Rook|| As the old British Telecom adverts used to say it's good to talk so I thought now was a good time to talk about how we do application security at Realex Payments. Rather than just talk about where we are today this talk will focus on the lessons learned over the past five years and what I'd do differently if I could it all again. I will tell the story of how application security has worked and evolved in a fast growing technology company from the day we created our first application security role in the business to our current application security approach.
The story will include how we scaled application security to keep up with the changes in a fast growing business, how playing card games with developers was one of the best things we've ever done and how following the KISS principle in the early days of an application security program is vital. You will see how we have progressed from having no dedicated application security resources to our current staffing levels and how our goals have evolved from simply security reviewing our applications to more grand goals such as wanting to provide free application security training for anyone in Ireland.
This isn't an application security talk focusing on the theory and approaches that seem good on paper. You will have the opportunity to learn the lessons from five years of real world application security from the person who was at the centre of application security in Realex Payments.
|The Building Security In Maturity Model (BSIMM)||Paco Hope|| How do you know what security activities belong in your software lifecycle? How do you measure what you're doing? Begun in 2009, the BSIMM, is an observation-based scientific model directly describing the collective software security activities of more than sixty software security initiatives. Used as a measuring tool, BSIMM helps an organisation understand and plan their software security initiative. It covers the full framework of software development from requirements, architecture, code and test, to release management, governance, and training. This talk will introduce the measurements, explain what is measured, how it is measured, and how the measurement can be used to create or improve a software security initiative.
Paco Hope is a Principal Consultant at Cigital, helping Fortune 500 companies secure their software for over 10 years in a variety of industries like online gaming, financial services, retail, and embedded systems. He is the author of two books on security, the most recent being the Web Security Testing Cookbook and a frequent conference speaker. As and a member of (ISC)²'s Application Security Advisory Board, he helps create and advise on the direction of the CSSLP certification. His passion is empowering everyone in the software lifecycle—developers, testers, analysts—to make meaningful contributions to the securing of software.
|Lesson learned from the trenches of targeted attack||Robert McArdle|| Targeted attacks are now a major worry for organisations. In this talk we will describe real life case studies of some of the largest and more sophisticated targeted attacks, including how we infiltrated and mapped criminal networks, and live demos of some such mapping in action.
In this talk we will discuss some of the major ongoing and previous targeted attack campaigns that have been uncovered by Trend Micro in the last year or so, such as Luckycat, Tinba and others. We will discuss in-depth the modus operandi of the criminals in these so called APT attacks, show how we mapped and infiltrated their infrastructure, and demo some of the tools and techniques that we use when carrying out these type of investigations. All of this presentation will focus on real technical details from real cases studies, and this presentation will also include live demos.
1) What is the reality (not the hype) of a modern targeted attack