Difference between revisions of "EUTour2013 Lisbon Agenda"

From OWASP
Jump to: navigation, search
(OWASP Europe Tour - Lisbon 2013)
(OWASP Europe Tour - Lisbon 2013)
Line 68: Line 68:
 
| style="width:8%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | xx:xx - xx:xx
 
| style="width:8%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | xx:xx - xx:xx
 
| style="width:7%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | [[image:Vaguileradiaz.png]]
 
| style="width:7%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | [[image:Vaguileradiaz.png]]
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Vicente Aguillera.<BR>OWASP Spain Chapter Leader. Socio y Director Dpto. Auditoría en Internet Security Auditors..
+
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Vicente Aguillera.<BR>OWASP Spain Chapter Leader. Socio y Director Dpto. Auditoría en Internet Security Auditors.
 
| style="width:65%" valign="middle" height="30" bgcolor="#EEEEEE" align="justify" colspan="0" | '''Android reverse engineering: understanding third-party applications'''.<BR>It will present the objectives of the software reverse engineering and the techniques and tools to execute this process in Android applications. It will present, from a security analyst point of view and in a practical manner, the process of analyzing an existing application at Google Play Store.
 
| style="width:65%" valign="middle" height="30" bgcolor="#EEEEEE" align="justify" colspan="0" | '''Android reverse engineering: understanding third-party applications'''.<BR>It will present the objectives of the software reverse engineering and the techniques and tools to execute this process in Android applications. It will present, from a security analyst point of view and in a practical manner, the process of analyzing an existing application at Google Play Store.
 +
|-
 +
| style="width:8%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | xx:xx - xx:xx
 +
| style="width:7%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | [[image:ricardomelo.png]]
 +
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Ricardo Melo.<BR>DRI CTO.
 +
| style="width:65%" valign="middle" height="30" bgcolor="#EEEEEE" align="justify" colspan="0" | '''PHP and Application Security'''.<BR>To which level can PHP and application security cohexist? The presentation will provide information about the most security critical aspects while developing a PHP web application.
 +
|-
 +
| style="width:8%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | xx:xx - xx:xx
 +
| style="width:7%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | [[image:tiagorodrigues.png]]
 +
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Tiago Rodrigues.<BR>Founder and Team Leader of PTCoreSec.
 +
| style="width:65%" valign="middle" height="30" bgcolor="#EEEEEE" align="justify" colspan="0" | '''Software - vulnerabilities and needs'''.<BR>Nesta talk, iremos falar sobre formas comuns que os atacantes usam para comprometer maquinas, perceber em detalhe como algumas das ferramentas usadas funcionam, e como até para entregar o IRS nos colocamos em perigo.
 +
Iremos ver como apenas clicar num link ou abrir um PDF pode remotamente dar acesso a um atacante e o que pode esse atacante fazer depois de obter controlo da maquina da sua vitima.
 +
|-
 +
| style="width:8%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | xx:xx - xx:xx
 +
| style="width:7%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | [[image:diniscruz.png]]
 +
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Dinis Cruz.<BR>.
 +
| style="width:65%" valign="middle" height="30" bgcolor="#EEEEEE" align="justify" colspan="0" | '''TBD'''.<BR>
 
|-
 
|-
 
| style="width:8%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | xx:xx - xx:xx
 
| style="width:8%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | xx:xx - xx:xx
 
| style="width:7%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="3" | Closure
 
| style="width:7%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="3" | Closure
 
|}
 
|}

Revision as of 11:45, 12 June 2013

Eu tour1.png

OWASP EUROPE TOUR 2013

Tour Home Page
Tour Scheadule
Tour Organizers Resources
Mailing List

CONFERENCE

OWASP Europe Tour - Lisbon 2013

Friday 21st June (Conference)

DESCRIPTION
OWASP Europe TOUR, is an event across the European region that promotes awareness about application security, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.
  • Apart from OWASP's Top 10, most OWASP Projects are not widely used and understood. In most cases this is not due to lack of quality and usefulness of those Document & Tool projects, but due to a lack of understanding of where they fit in an Enterprise's security ecosystem or in the Web Application Development Life-cycle.
  • This event aims to change that by providing a selection of mature and enterprise ready projects together with practical examples of how to use them.
OWASP MEMBERSHIP
During the OWASP Europe Tour you could become a member and support our mission.

Become an OWASP member by clicking here


CONFERENCE (Friday 21st June)

Date Location
Friday 21st June Venue Location: ISCTE-IUL University Institute of Lisbon, Aud. B2.03

Venue Address: Avª das Forças Armadas, 1649-026 Lisboa
Venue Map: Google Maps

Price and registration
This event is FREE
Registration Link to the Europe Tour (Lisboa): Registration



Conference Details
Time Speaker Title / Description
xx:xx - xx:xx Opening
xx:xx - xx:xx Lievendesmet.png Lieven Desmet
DistriNet Research Group, Katholieke Universiteit Leuven, OWASP Benelux.
Sandboxing JavaScript.
- Discussing the problem of remote script inclusion based on an analysis of the Top 10.000 websites; - Overview of JavaScript sandboxing techniques, with particular focus on JSand (ie. a prototype we have developed at KU Leuven).
xx:xx - xx:xx Pedrofortuna.png Pedro Fortuna.
CTO, Auditmark.
Protecting JavaScript source code – Facts and Fiction.
The goal of code obfuscation is to delay the understanding of a program does. It can be used, for example, in scenarios where the code contains Intellectual Property (algorithms) or when the owner wants to prevent a competitor for stealing and reusing the code. To achieve it, an obfuscation transformation translates easy to understand code into a much harder to understand form. But in order to be resilient, obfuscation transformations need also to resist automatic reversal performed using static or dynamic code analysis techniques. This presentation focuses on the specific case of JavaScript source obfuscation, main usage cases, presents some obfuscation examples and their value in providing real protection against reverse-engineering.
xx:xx - xx:xx Vaguileradiaz.png Vicente Aguillera.
OWASP Spain Chapter Leader. Socio y Director Dpto. Auditoría en Internet Security Auditors.
Android reverse engineering: understanding third-party applications.
It will present the objectives of the software reverse engineering and the techniques and tools to execute this process in Android applications. It will present, from a security analyst point of view and in a practical manner, the process of analyzing an existing application at Google Play Store.
xx:xx - xx:xx Ricardomelo.png Ricardo Melo.
DRI CTO.
PHP and Application Security.
To which level can PHP and application security cohexist? The presentation will provide information about the most security critical aspects while developing a PHP web application.
xx:xx - xx:xx File:Tiagorodrigues.png Tiago Rodrigues.
Founder and Team Leader of PTCoreSec.
Software - vulnerabilities and needs.
Nesta talk, iremos falar sobre formas comuns que os atacantes usam para comprometer maquinas, perceber em detalhe como algumas das ferramentas usadas funcionam, e como até para entregar o IRS nos colocamos em perigo.

Iremos ver como apenas clicar num link ou abrir um PDF pode remotamente dar acesso a um atacante e o que pode esse atacante fazer depois de obter controlo da maquina da sua vitima.

xx:xx - xx:xx Diniscruz.png Dinis Cruz.
.
TBD.
xx:xx - xx:xx Closure