Difference between revisions of "EUTour2013 Finland Agenda"

From OWASP
Jump to: navigation, search
 
(12 intermediate revisions by one user not shown)
Line 7: Line 7:
 
| align="center" style="background:#EEEEEE;" colspan="2"                  |  
 
| align="center" style="background:#EEEEEE;" colspan="2"                  |  
 
== '''OWASP Europe Tour - Finland 2013''' ==  
 
== '''OWASP Europe Tour - Finland 2013''' ==  
'''Monday 17th June''' ''(Conference)'' <br>'
+
'''Monday 17th June''' ''(Conference)'' <br>
 
|-
 
|-
 
| valign="center" bgcolor="#CCCCEE" align="center" colspan="2"            | '''DESCRIPTION'''
 
| valign="center" bgcolor="#CCCCEE" align="center" colspan="2"            | '''DESCRIPTION'''
Line 27: Line 27:
 
|-
 
|-
 
| align="center" style="background:#4B0082;" colspan="2" | <span style="color:#ffffff">  
 
| align="center" style="background:#4B0082;" colspan="2" | <span style="color:#ffffff">  
'''CONFERENCE (Monday 17th May)''' </span>
+
'''CONFERENCE (Monday 17th June)''' </span>
 
|-
 
|-
 
|-
 
|-
| style="width:20%" valign="middle"  bgcolor="#CCCCEE" align="center" colspan="0" | '''Fecha'''  
+
| style="width:20%" valign="middle"  bgcolor="#CCCCEE" align="center" colspan="0" | '''When'''  
| style="width:80%" valign="middle"  bgcolor="#CCCCEE" align="center" colspan="0" | '''Lugar'''
+
| style="width:80%" valign="middle"  bgcolor="#CCCCEE" align="center" colspan="0" | '''Where'''
 
|-
 
|-
 
| valign="middle" bgcolor="#EEEEEE" align="center" | ''' Monday 17th June '''
 
| valign="middle" bgcolor="#EEEEEE" align="center" | ''' Monday 17th June '''
 
| valign="middle" bgcolor="#EEEEEE" align="left" | '''Venue Location: HTC Keilaniemi<br>
 
| valign="middle" bgcolor="#EEEEEE" align="left" | '''Venue Location: HTC Keilaniemi<br>
 
Venue Address: Keilaranta 15<br> 02150 Espoo'''<br>
 
Venue Address: Keilaranta 15<br> 02150 Espoo'''<br>
Venue Map: [https://maps.google.fi/maps?q=keilaranta+15&hl=en&sll=60.178512,24.835169&sspn=0.008174,0.02429&hnear=Keilaranta+15,+Espoo&t=m&z=16]  
+
Venue Map: [https://maps.google.fi/maps?q=keilaranta+15&hl=en&sll=60.178512,24.835169&sspn=0.008174,0.02429&hnear=Keilaranta+15,+Espoo&t=m&z=16 map]  
 
|-
 
|-
 
| align="center" style="background:#CCCCEE;" colspan="2" | '''Price and registration'''
 
| align="center" style="background:#CCCCEE;" colspan="2" | '''Price and registration'''
 
|-
 
|-
 
| align="center" style="background:#EEEEEE;" colspan="2" | This event is '''FREE''' <br>
 
| align="center" style="background:#EEEEEE;" colspan="2" | This event is '''FREE''' <br>
  '''Registration Link to the Europe Tour - Finland''': [registration not open yet]'''<br>
+
  '''Registration Link to the Europe Tour - Finland''': [http://www.regonline.com/owaspeutourfinland Regonline]'''<br>
 
<br>
 
<br>
 
|-
 
|-
Line 71: Line 71:
 
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 16:45<br>(30 mins followed by 15 min break)  
 
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 16:45<br>(30 mins followed by 15 min break)  
 
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Nokia responsible disclosure program
 
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Nokia responsible disclosure program
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Mikko Saario
+
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Omar Benbouazza-Villa
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Nokia has launched bounty hunter program recently. Mikko will talk about experiences starting and running such a program as a part of enterprise application security program
+
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Nokia has launched responsible disclosure program recently. Omar will talk about experiences starting and running such a program as a part of enterprise application security program. Common errors, solutions and best practices will be explained to help other companies to improve their security with this type of programs.
 
|-
 
|-
 
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 17:30<br>(1 hour 30 mins)  
 
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 17:30<br>(1 hour 30 mins)  
 +
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Social engineering
 
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Gavin Ewan
 
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Gavin Ewan
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" |
+
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Jac0byterebel is not your typical social engineering presenter. Out goes the snake oil sale of analysing the minutia of pop psychology and trying to squeeze out real answers to the questions asked during a real social engineering attack. In comes hard hitting accounts of social engineering attacks drawn from real sources but anonymised to protect the pwned.
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" |  
+
 
|-
 
|-
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 20:00 <br>(15 min)
+
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 19:00 <br>(15 min)
 
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Rounding up
 
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Rounding up
 
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Petteri Arola
 
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Petteri Arola
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Conclusions and last questions
+
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Conclusions and last questions. Discussion continues over food & drinks at same location
 
|}
 
|}
 
<br><br>
 
<br><br>
 +
== Abstract ==
 +
Omar's presentation:
 +
 +
Nokia has launched responsible disclosure program recently. Omar will talk about experiences starting and running such a program as a part of enterprise application security program. Common errors, solutions and best practices will be explained to help other companies to improve their security with this type of programs.
 +
 +
Gavin's presentation:
 +
 +
Jac0byterebel is not your typical social engineering presenter. Out goes the snake oil sale of analysing the minutia of pop psychology and trying to squeeze out real answers to the questions asked during a real social engineering attack. In comes hard hitting accounts of social engineering attacks drawn from real sources but anonymised to protect the pwned.
 +
 +
Deano, our ‘hypothetical’ bad-guy, could hack and social engineer his way to cash in his pocket and no cash in your pocket.  Easy, boring, predictable.  But what if Deano, a criminal social engineer, really upped his game?
 +
 +
This talk will see Deano up the stakes and deliver the kind of aggressive attack you have all lived in fear of. No longer a phone call to get your credentials, or a rogue e-mail to direct you to a fake website, this time its personal and Deano is looking to do you REAL damage.
 +
 +
Drawing on real data from anonymised sources, from the account given of this attack, attendees of the talk will see that a real social engineer doesn’t once pick up a psychology textbook. Deano will instead pose you a question -
 +
 +
“What if Deano could destroy my business without anyone realising it had been attacked?”
 +
 +
Live in fear of Hactivism? You won’t sleep at night after meeting Deano.
 +
 +
If you want an hour and a half of being told that ‘looking to the right makes you easier to social engineer’, go to another talk. If you want to see how the real bad guy operates, and talk about how to defend against him, then I look forward to seeing you there..
 +
 
== Bio ==
 
== Bio ==
TBD
+
Omar
 +
 
 +
Omar Benbouazza is a spanish hacker working in the Nokia Incident Response Team, as a Senior Security Analyst. He has been working in Security Information the last 8 years and has big experience in international companies such as Telefonica, Ernst&Young, Santander Bank and now Nokia. He is also organizer of the most important security conference in Spain, RootedCON.
 +
 
 +
Gavin Ewan
 +
 
 +
Gavin 'Jac0byterebel' Ewan is a ranty, shouty, sweary Scottish hacker. After selling lots of things to lots of people, he decided to get firmly into the field of information security, always having been a geek at heart. Having taken his education and training in psychology, particularly sales psychology into the field of social engineering, he is now re-writing the social engineering rulebook and chasing out the snake-oil salesmen. Already a successful speaker, Gavin has delivered talks on social engineering worldwide to various audiences.

Latest revision as of 08:04, 10 June 2013

Eu tour1.png

OWASP EUROPE TOUR 2013

Tour Home Page
Tour Scheadule
Tour Organizers Resources
Mailing List

CONFERENCE

OWASP Europe Tour - Finland 2013

Monday 17th June (Conference)

DESCRIPTION
OWASP Europe TOUR, is an event across the European region that promotes awareness about application security, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.
  • Apart from OWASP's Top 10, most OWASP Projects are not widely used and understood. In most cases this is not due to lack of quality and usefulness of those Document & Tool projects, but due to a lack of understanding of where they fit in an Enterprise's security ecosystem or in the Web Application Development Life-cycle.
  • This event aims to change that by providing a selection of mature and enterprise ready projects together with practical examples of how to use them.
OWASP MEMBERSHIP
During the OWASP Europe Tour you could become a member and support our mission.

Become an OWASP member by clicking here


CONFERENCE (Monday 17th June)

When Where
Monday 17th June Venue Location: HTC Keilaniemi

Venue Address: Keilaranta 15
02150 Espoo
Venue Map: map

Price and registration
This event is FREE
Registration Link to the Europe Tour - Finland: Regonline



Conference Details
Time Title Speaker Description
16:00
(15 mins)
Registration & coffee
16:15
(15 mins)
Welcome Petteri Arola OWASP in Finland
16:30
(15 mins)
Word from our sponsor
16:45
(30 mins followed by 15 min break)
Nokia responsible disclosure program Omar Benbouazza-Villa Nokia has launched responsible disclosure program recently. Omar will talk about experiences starting and running such a program as a part of enterprise application security program. Common errors, solutions and best practices will be explained to help other companies to improve their security with this type of programs.
17:30
(1 hour 30 mins)
Social engineering Gavin Ewan Jac0byterebel is not your typical social engineering presenter. Out goes the snake oil sale of analysing the minutia of pop psychology and trying to squeeze out real answers to the questions asked during a real social engineering attack. In comes hard hitting accounts of social engineering attacks drawn from real sources but anonymised to protect the pwned.
19:00
(15 min)
Rounding up Petteri Arola Conclusions and last questions. Discussion continues over food & drinks at same location



Abstract

Omar's presentation:

Nokia has launched responsible disclosure program recently. Omar will talk about experiences starting and running such a program as a part of enterprise application security program. Common errors, solutions and best practices will be explained to help other companies to improve their security with this type of programs.

Gavin's presentation:

Jac0byterebel is not your typical social engineering presenter. Out goes the snake oil sale of analysing the minutia of pop psychology and trying to squeeze out real answers to the questions asked during a real social engineering attack. In comes hard hitting accounts of social engineering attacks drawn from real sources but anonymised to protect the pwned.

Deano, our ‘hypothetical’ bad-guy, could hack and social engineer his way to cash in his pocket and no cash in your pocket. Easy, boring, predictable. But what if Deano, a criminal social engineer, really upped his game?

This talk will see Deano up the stakes and deliver the kind of aggressive attack you have all lived in fear of. No longer a phone call to get your credentials, or a rogue e-mail to direct you to a fake website, this time its personal and Deano is looking to do you REAL damage.

Drawing on real data from anonymised sources, from the account given of this attack, attendees of the talk will see that a real social engineer doesn’t once pick up a psychology textbook. Deano will instead pose you a question -

“What if Deano could destroy my business without anyone realising it had been attacked?”

Live in fear of Hactivism? You won’t sleep at night after meeting Deano.

If you want an hour and a half of being told that ‘looking to the right makes you easier to social engineer’, go to another talk. If you want to see how the real bad guy operates, and talk about how to defend against him, then I look forward to seeing you there..

Bio

Omar

Omar Benbouazza is a spanish hacker working in the Nokia Incident Response Team, as a Senior Security Analyst. He has been working in Security Information the last 8 years and has big experience in international companies such as Telefonica, Ernst&Young, Santander Bank and now Nokia. He is also organizer of the most important security conference in Spain, RootedCON.

Gavin Ewan

Gavin 'Jac0byterebel' Ewan is a ranty, shouty, sweary Scottish hacker. After selling lots of things to lots of people, he decided to get firmly into the field of information security, always having been a geek at heart. Having taken his education and training in psychology, particularly sales psychology into the field of social engineering, he is now re-writing the social engineering rulebook and chasing out the snake-oil salesmen. Already a successful speaker, Gavin has delivered talks on social engineering worldwide to various audiences.