Difference between revisions of "EUTour2013 France Agenda"

From OWASP
Jump to: navigation, search
 
(3 intermediate revisions by one user not shown)
Line 60: Line 60:
 
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 2:00 pm <br>(30 mins)
 
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 2:00 pm <br>(30 mins)
 
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Owasp France
 
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Owasp France
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Ely de Travieso
+
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | '''Ely de Travieso''' <br> Owasp France - Relation Partenaires - Directeur de la société Phonesec
 
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Presentation of the OWASP France Chapter (in French)
 
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Presentation of the OWASP France Chapter (in French)
 
|-
 
|-
 
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 2:30 pm <br>(60 mins)  
 
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 2:30 pm <br>(60 mins)  
 
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Behind The Scenes of Web Attacks
 
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Behind The Scenes of Web Attacks
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Davide Canali and Maurizio Abb&agrave;<br>ph.D.student and MSc students, EURECOM
+
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | '''Davide Canali''' and '''Maurizio Abb&agrave;'''<br>ph.D. student and MSc student, EURECOM
 
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | This work presents the design, implementation, and deployment of a network of 500 fully functional honeypot websites, hosting a range of different services, whose aim is to attract attackers and collect information on what they do during and after their attacks. In 100 days of experiments, our system automatically collected, normalized, and clustered over 85,000 files that were created during approximately 6,000 attacks. Labeling the clusters allowed us to draw a general picture of the attack landscape, identifying the behavior behind each action performed both during and after the exploitation of a web application.  
 
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | This work presents the design, implementation, and deployment of a network of 500 fully functional honeypot websites, hosting a range of different services, whose aim is to attract attackers and collect information on what they do during and after their attacks. In 100 days of experiments, our system automatically collected, normalized, and clustered over 85,000 files that were created during approximately 6,000 attacks. Labeling the clusters allowed us to draw a general picture of the attack landscape, identifying the behavior behind each action performed both during and after the exploitation of a web application.  
 
|-
 
|-
Line 72: Line 72:
 
|-
 
|-
 
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 3:45 pm<br>(60 mins)
 
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 3:45 pm<br>(60 mins)
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Talk
+
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Business Logic Vulnerabilities in eCommerce Web Applications
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Giancarlo Pellegrino <br> ph.D. student, SAP Research
+
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | '''Giancarlo Pellegrino''' <br> ph.D. student, SAP Research
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | TBD
+
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Logic vulnerabilities lack a formal definition but, in general, they are often the consequence of an insufficient validation of the work flow and data flow in web applications. As a result, an attacker can try to replay expired authentication tokens, or mix the session values obtained by parallel run of the same web application. Logic vulnerabilities are notoriously difficult to be discovered but, if exploited, they can have the highest impact. This talk shows how simple manipulations of the work flow and data flow of popular eCommerce web applications can let an attacker to shop for free or pay less.
 
|-
 
|-
 
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 4:45 pm <br>(60 mins)  
 
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 4:45 pm <br>(60 mins)  
 
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | PCI for Developers
 
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | PCI for Developers
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Fabio Cerullo <br> OWASP Ireland Chapter Leader, CEO & Founder Cycubix Limited.
+
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | '''Fabio Cerullo''' <br> OWASP Ireland Chapter Leader, CEO & Founder Cycubix Limited.
 
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | The PCI-DSS and PA DSS standards are well known to security professionals and auditors, but how are these interpreted by software development teams? Usually is not clear whether all requirements are necessary and most importantly, how these should be implemented. This talk aims to help developers understanding the key points of these standards in a simple and fast approach and be able to implement them during the software development cycle.
 
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | The PCI-DSS and PA DSS standards are well known to security professionals and auditors, but how are these interpreted by software development teams? Usually is not clear whether all requirements are necessary and most importantly, how these should be implemented. This talk aims to help developers understanding the key points of these standards in a simple and fast approach and be able to implement them during the software development cycle.
 
|-
 
|-

Latest revision as of 03:15, 14 June 2013

Eu tour1.png

OWASP EUROPE TOUR 2013

Tour Home Page
Tour Scheadule
Tour Organizers Resources
Mailing List

CONFERENCE

OWASP Europe Tour - France 2013

Monday June 24th (Conference)

DESCRIPTION
OWASP Europe TOUR, is an event across the European region that promotes awareness about application security, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.
  • Apart from OWASP's Top 10, most OWASP Projects are not widely used and understood. In most cases this is not due to lack of quality and usefulness of those Document & Tool projects, but due to a lack of understanding of where they fit in an Enterprise's security ecosystem or in the Web Application Development Life-cycle.
  • This event aims to change that by providing a selection of mature and enterprise ready projects together with practical examples of how to use them.
OWASP MEMBERSHIP
During the OWASP Europe Tour you could become a member and support our mission.

Become an OWASP member by clicking here



CONFERENCE (Monday, June 24th)

Date Location
Monday, June 24th Venue Location: EURECOM, Sophia-Antipolis

Venue Address:
EURECOM
Campus SophiaTech, 450 route des Chappes
06410 Biot (France)
Venue Map: Google Maps

Price and registration
This event is FREE
Registration Link to the Europe Tour: 
EUTour2013BCN-ENG.png



Conference Details
Time Title Speaker Description
2:00 pm
Introduction & Welcome
2:00 pm
(30 mins)
Owasp France Ely de Travieso
Owasp France - Relation Partenaires - Directeur de la société Phonesec
Presentation of the OWASP France Chapter (in French)
2:30 pm
(60 mins)
Behind The Scenes of Web Attacks Davide Canali and Maurizio Abbà
ph.D. student and MSc student, EURECOM
This work presents the design, implementation, and deployment of a network of 500 fully functional honeypot websites, hosting a range of different services, whose aim is to attract attackers and collect information on what they do during and after their attacks. In 100 days of experiments, our system automatically collected, normalized, and clustered over 85,000 files that were created during approximately 6,000 attacks. Labeling the clusters allowed us to draw a general picture of the attack landscape, identifying the behavior behind each action performed both during and after the exploitation of a web application.
3:30 pm
(15 mins)
Coffee Break
3:45 pm
(60 mins)
Business Logic Vulnerabilities in eCommerce Web Applications Giancarlo Pellegrino
ph.D. student, SAP Research
Logic vulnerabilities lack a formal definition but, in general, they are often the consequence of an insufficient validation of the work flow and data flow in web applications. As a result, an attacker can try to replay expired authentication tokens, or mix the session values obtained by parallel run of the same web application. Logic vulnerabilities are notoriously difficult to be discovered but, if exploited, they can have the highest impact. This talk shows how simple manipulations of the work flow and data flow of popular eCommerce web applications can let an attacker to shop for free or pay less.
4:45 pm
(60 mins)
PCI for Developers Fabio Cerullo
OWASP Ireland Chapter Leader, CEO & Founder Cycubix Limited.
The PCI-DSS and PA DSS standards are well known to security professionals and auditors, but how are these interpreted by software development teams? Usually is not clear whether all requirements are necessary and most importantly, how these should be implemented. This talk aims to help developers understanding the key points of these standards in a simple and fast approach and be able to implement them during the software development cycle.
5:45 pm
(10 mins)
Closure