Difference between revisions of "EUTour2013 Lisbon Agenda"

From OWASP
Jump to: navigation, search
(OWASP Europe Tour - Lisbon 2013)
(OWASP Europe Tour - Lisbon 2013)
 
(32 intermediate revisions by 2 users not shown)
Line 36: Line 36:
 
| valign="middle" bgcolor="#EEEEEE" align="left" | '''Venue Location: ISCTE-IUL University Institute of Lisbon, Aud. B2.03  <br>
 
| valign="middle" bgcolor="#EEEEEE" align="left" | '''Venue Location: ISCTE-IUL University Institute of Lisbon, Aud. B2.03  <br>
 
Venue Address: Avª das Forças Armadas, 1649-026 Lisboa'''<br>
 
Venue Address: Avª das Forças Armadas, 1649-026 Lisboa'''<br>
Venue Map: [https://maps.google.pt/maps?q=ISCTE+-+Lisbon+University+Institute,+Avenida+For%C3%A7as+Armadas,+Lisboa&hl=en&ie=UTF8&ll=38.74784,-9.153443&spn=0.006937,0.013915&sll=37.221852,-18.827504&sspn=14.485045,28.498535&oq=iscte&t=v&hq=ISCTE+-+Lisbon+University+Institute,+Avenida+For%C3%A7as+Armadas,+Lisboa&z=17 Google Maps]  
+
Venue Map: [https://maps.google.pt/maps?q=ISCTE+-+Lisbon+University+Institute,+Avenida+For%C3%A7as+Armadas,+Lisboa&hl=en&ie=UTF8&ll=38.74784,-9.153443&spn=0.006937,0.013915&sll=37.221852,-18.827504&sspn=14.485045,28.498535&oq=iscte&t=v&hq=ISCTE+-+Lisbon+University+Institute,+Avenida+For%C3%A7as+Armadas,+Lisboa&z=17 Google Maps] <br>
 +
[[image:locationmap01.png|800px]] <br>
 +
[[image:ISCTE mapa envolvente.png|800px]] <br>
 +
[[image:locationmap03.png]] <br>
 +
|-
 +
| valign="middle" bgcolor="#EEEEEE" align="center" | ''' Pictures '''
 +
| valign="middle" bgcolor="#EEEEEE" align="left" | [http://www.flickr.com/photos/iscteiul/sets/72157634250746526/with/9099830217/ Set 1] [https://plus.google.com/u/0/photos/113770963329765884729/albums/5892063386701578001 Set 2]  <br>
 
|-
 
|-
 
| align="center" style="background:#CCCCEE;" colspan="2" | '''Price and registration'''
 
| align="center" style="background:#CCCCEE;" colspan="2" | '''Price and registration'''
Line 53: Line 59:
 
| style="width:45%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Title / Description'''
 
| style="width:45%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Title / Description'''
 
|-
 
|-
| style="width:8%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | -
+
| style="width:8%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | 14:00
| style="width:20%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="3" | Welcome note
+
| style="width:20%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="3" | Opening
|-
+
| style="width:8%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 10:00-10:05
+
| style="width:7%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | [[image:Jmribes.png]]
+
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Josep Maria Ribes.<BR>Director d'Enginyeria de [http://www.salleurl.edu La Salle Campus Barcelona].
+
| style="width:65%" valign="middle" height="30" bgcolor="#EEEEEE" align="justify" colspan="0" | Bienvenida.
+
|-
+
|-
+
| style="width:8%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 10:05-10:15
+
| style="width:7%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | [[image:Vaguileradiaz.png]]
+
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Vicente Aguilera Díaz.<BR>[http://www.owasp.org/index.php/Spain OWASP Spain Chapter] Leader. Socio y Director Dpto. Auditoría en [http://www.isecauditors.com Internet Security Auditors].
+
| style="width:65%" valign="middle" height="30" bgcolor="#EEEEEE" align="justify" colspan="0" | Introducción a la jornada.
+
|-
+
| style="width:8%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 10:15-11:15
+
| style="width:7%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | [[image:Selvamaria.png]]
+
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Selva María Orejón Lozano.<BR>Directora ejecutiva de [http://www.onbranding.es onbranding]. Co-fundadora AERCO-PSM.
+
| style="width:65%" valign="middle" height="30" bgcolor="#EEEEEE" align="justify" colspan="0" | '''Seguridad en redes sociales'''.<BR>Ya estamos todos conectados Online, incluso hiperconectados, hiperexpuestos con nuestros contactos. Saben qué hacemos, dónde estamos, con quién, qué compramos, qué consumimos ... pero ¿y nuestra seguridad? ¿Ya sabemos quién ve qué? ¿Nos interesa comunicar todo lo que hacemos? ¿Tener tanta visibilidad? Y como empresa ¿ya controlamos a quien lleva nuestra comunicación? ¿Y si se va de la empresa? ¿Tenemos acceso real y completo en nuestra comunidad?.
+
|-
+
| style="width:8%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 11:15-12:15
+
| style="width:7%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | [[image:fabio-cerullo-small.jpg|60px]]
+
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Fabio Cerullo.<BR>CEO & Founder [http://www.cycubix.com Cycubix Limited].<BR>OWASP Ireland Chapter Leader.
+
| style="width:65%" valign="middle" height="30" bgcolor="#EEEEEE" align="justify" colspan="0" | '''PCI Para Desarrolladores'''.<BR>Los estandares PCI-DSS y PCI-PA DSS son bien conocidos por los profesionales de seguridad y auditoria informatica, pero como son interpretados por los equipos de desarrollo de software? Muchas veces no es claro si todos los requerimientos son necesarios y mas importante, como tienen que ser implementados. Esta charla tiene como objetivo ayudar a los desarrolladores a interpretar de manera rapida y sencilla cuales son los puntos criticos de estos estandares a tener en cuenta y poder implementarlos durante el ciclo de desarrollo de software.
+
|-
+
| style="width:8%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 12:15-13:15
+
| style="width:7%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | [[image:Chemaalonso.png]]
+
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Chema Alonso.<BR>CEO en Telefónica Digital Identity & Privacy.
+
| style="width:65%" valign="middle" height="30" bgcolor="#EEEEEE" align="justify" colspan="0" | '''Why cyberspies always win'''.<BR>Todos los días sitios webs pertenecientes a grandes empresas son vulneradas. Muchas de esas empresas pasan revisiones constantes de seguridad, y sin embargo, siguen apareciendo en las noticias las contraseñas de usuarios, los datos de los clientes o información sensible de la empresa. ¿Por qué? En esta sesión se presentarán algunas ideas al respecto sobre este tema... de forma muy maligna.
+
|-
+
| style="width:8%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | 13:15-15:15
+
| style="width:7%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="3" | Lunch & Networking
+
|-
+
| style="width:8%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 15:15-16:15
+
| style="width:7%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | TBD
+
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | TBD
+
| style="width:65%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | TBD
+
 
|-
 
|-
| style="width:8%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 16:15-17:15
+
| style="width:8%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 14:15 - 15:15
| style="width:7%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | [[image:Albert-lopez.png]]
+
| style="width:7%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | [[image:lievendesmet.png]]
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Albert López Fernández.<BR>Analista de Seguridad en [http://www.isecauditors.com Internet Security Auditors].
+
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | [http://people.cs.kuleuven.be/~lieven.desmet/ Lieven Desmet]<BR><BR>[http://www.cs.kuleuven.be/~distrinet/ DistriNet Research Group], [http://www.kuleuven.be/ Katholieke Universiteit Leuven], OWASP Benelux.
| style="width:65%" valign="middle" height="30" bgcolor="#EEEEEE" align="justify" colspan="0" | '''Low Level Miseries when Exploiting Linux Heap'''.<BR>Se explicarán varias vulnerabilidades que afectan a la implementación del heap en sistemas GNU/Linux. Se realizará un repaso del estado del arte, y cómo aprovecharse de las vulnerabilidades presentes en el código encargado de gestionar la memoria dinámica en Linux y se detallará cuál ha sido la problemática al desarrollar los payloads necesarios para explotar dichas vulnerabilidades. Asimismo, se repasará a alto nivel cómo funciona la gestión de memoria dinámica en Linux para luego destripar su funcionamiento a bajo nivel.
+
| style="width:65%" valign="middle" height="30" bgcolor="#EEEEEE" align="justify" colspan="0" | '''Sandboxing JavaScript'''.<BR><BR>- Discussing the problem of remote script inclusion based on an analysis of the Top 10.000 websites; - Overview of JavaScript sandboxing techniques, with particular focus on JSand (ie. a prototype we have developed at KU Leuven).<br>
 +
<center>{{#ev:youtube|igyePSLptG8}} </center>
 
|-
 
|-
| style="width:8%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | 17:15-18:00
+
| style="width:8%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 15:15 - 16:00
| style="width:7%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="3" | Coffee-break
+
| style="width:7%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | [[image:pedrofortuna.png]]
 +
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | [http://www.linkedin.com/in/pedrofortuna Pedro Fortuna]<BR><BR>CTO, [http://www.auditmark.com Auditmark].
 +
| style="width:65%" valign="middle" height="30" bgcolor="#EEEEEE" align="justify" colspan="0" | '''Protecting JavaScript source code – Facts and Fiction'''.<BR><BR>The goal of code obfuscation is to delay the understanding of a program does. It can be used, for example, in scenarios where the code contains Intellectual Property (algorithms) or when the owner wants to prevent a competitor for stealing and reusing the code. To achieve it, an obfuscation transformation translates easy to understand code into a much harder to understand form. But in order to be resilient, obfuscation transformations need also to resist automatic reversal performed using static or dynamic code analysis techniques. This presentation focuses on the specific case of JavaScript source obfuscation, main usage cases, presents some obfuscation examples and their value in providing real protection against reverse-engineering. <br>
 +
<center>{{#ev:youtube|J68iLsd525k}} <br>
 +
[http://www.slideshare.net/auditmark/owasp-eu-tour-2013-lisbon-pedro-fortuna-protecting-java-script-source-code-using-obfuscation Slides]</center>
 
|-
 
|-
| style="width:8%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" rowspan="2" | 18:00-19:00
+
| style="width:8%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 16:00 - 16:45
| style="width:7%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | [[image:Marc-rivero.png]]
+
| style="width:7%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | [[image:ricardomelo.png]]
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Marc Rivero López.<BR>Security researcher en [http://www.bdigital.org Barcelona Digital].
+
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | [http://www.dri-global.com/who-we-are/team/ricardo-melo Ricardo Melo]<BR><BR>CTO, [http://www.dri-global.com DRI].
| style="width:65%" valign="top" height="30" bgcolor="#EEEEEE" align="justify" rowspan="2" | '''Internet tactical fraud evolution'''.<BR>Antes de entrar en materia y a modo de contexto histórico se expondrá la evolución del fraude en Internet en la última década. Desde las brechas de seguridad provocadas con el afán de conocimiento, hasta los ataques industrializados en los que se roban a usuario de manera masiva. Se hará especial hincapíe a las medidas de seguridad adoptadas durantes los últimos años en el sector de la banca electrónica y las técnicas empleadas por los delincuentes para conseguir saltárselas.Del mismo modo, se expondrá la capacidad del código malicioso actual para conseguir, ya no solamente la información de cuentas bancarias, sino del contexto en el que se ejecutan (sandbox laboratorios de malware con el fin de recopilar información que pueda ser convertida en inteligencia que servirá para optimizar las tácticas empleadas).  
+
| style="width:65%" valign="middle" height="30" bgcolor="#EEEEEE" align="justify" colspan="0" | '''PHP and Application Security'''.<BR><BR>To which level can PHP and application security cohexist? The presentation will provide information about the most security critical aspects while developing a PHP web application.<br>
 +
<center>{{#ev:youtube|NTc5cZKZGF0}}<br>
 +
[http://www.slideshare.net/rjsmelo/ricardo-melo-owasp201306 Slides]</center>
 
|-
 
|-
| style="width:7%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | [[image:Dani-creus.png]]
+
| style="width:8%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 16:45 - 17:30
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Dani Creus.<BR>Lead Consultant RISK Team EMEA - Verizon.
+
| style="width:7%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | [[image:tiagohenriques.png]]
 +
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | [http://www.linkedin.com/in/balgan Tiago Henriques]<BR><BR>Founder and Team Leader of [http://ptcoresec.eu PTCoreSec].
 +
| style="width:65%" valign="middle" height="30" bgcolor="#EEEEEE" align="justify" colspan="0" | '''Software - vulnerabilities and needs'''.<BR><BR>In this talk he will discuss some of the most common ways attackers can use to compromise your computers, understand the details of how some of the tools can be used to achieve this and even how when we are sending our taxes online (IRS) we put ourselves in danger. How can a simple link or opening a simple PDF file give and attacker remote access to your computer systems.<br>
 +
<center>{{#ev:youtube|Gt_mBg21kLk}} </center>
 
|-
 
|-
| style="width:8%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 19:00-19:45
+
| style="width:8%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 17:30 - 18:15
| style="width:7%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="3" | Mesa de debate
+
| style="width:7%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | [[image:diniscruz.png]]
 +
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | [http://uk.linkedin.com/in/diniscruz Dinis Cruz]<BR><BR>OWASP [https://www.owasp.org/index.php/OWASP_O2_Platform OWASP O2 Platform] project
 +
| style="width:65%" valign="middle" height="30" bgcolor="#EEEEEE" align="justify" colspan="0" | '''Scripting Application Security'''<BR>Pentesting at the speed of Scripting (using O2 Platform) -
 +
This presentation will show how the OWASP O2 Platform scripting capabilities can be used to 'codify' an pen-testers mind/action and perform advanced analysis, fuzzing and exploitation of both Web and desktop-based Applications.<br>
 +
<center>{{#ev:youtube|71FuVIFnTFI}} </center>
 
|-
 
|-
| style="width:8%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | 19:45-19:55
+
| style="width:8%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | 18:30
 
| style="width:7%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="3" | Closure
 
| style="width:7%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="3" | Closure
 
|}
 
|}

Latest revision as of 18:45, 25 June 2013

Eu tour1.png

OWASP EUROPE TOUR 2013

Tour Home Page
Tour Scheadule
Tour Organizers Resources
Mailing List

CONFERENCE

OWASP Europe Tour - Lisbon 2013

Friday 21st June (Conference)

DESCRIPTION
OWASP Europe TOUR, is an event across the European region that promotes awareness about application security, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.
  • Apart from OWASP's Top 10, most OWASP Projects are not widely used and understood. In most cases this is not due to lack of quality and usefulness of those Document & Tool projects, but due to a lack of understanding of where they fit in an Enterprise's security ecosystem or in the Web Application Development Life-cycle.
  • This event aims to change that by providing a selection of mature and enterprise ready projects together with practical examples of how to use them.
OWASP MEMBERSHIP
During the OWASP Europe Tour you could become a member and support our mission.

Become an OWASP member by clicking here


CONFERENCE (Friday 21st June)

Date Location
Friday 21st June Venue Location: ISCTE-IUL University Institute of Lisbon, Aud. B2.03

Venue Address: Avª das Forças Armadas, 1649-026 Lisboa
Venue Map: Google Maps
Locationmap01.png
ISCTE mapa envolvente.png
Locationmap03.png

Pictures Set 1 Set 2
Price and registration
This event is FREE
Registration Link to the Europe Tour (Lisboa): Registration



Conference Details
Time Speaker Title / Description
14:00 Opening
14:15 - 15:15 Lievendesmet.png Lieven Desmet

DistriNet Research Group, Katholieke Universiteit Leuven, OWASP Benelux.
Sandboxing JavaScript.

- Discussing the problem of remote script inclusion based on an analysis of the Top 10.000 websites; - Overview of JavaScript sandboxing techniques, with particular focus on JSand (ie. a prototype we have developed at KU Leuven).
15:15 - 16:00 Pedrofortuna.png Pedro Fortuna

CTO, Auditmark.
Protecting JavaScript source code – Facts and Fiction.

The goal of code obfuscation is to delay the understanding of a program does. It can be used, for example, in scenarios where the code contains Intellectual Property (algorithms) or when the owner wants to prevent a competitor for stealing and reusing the code. To achieve it, an obfuscation transformation translates easy to understand code into a much harder to understand form. But in order to be resilient, obfuscation transformations need also to resist automatic reversal performed using static or dynamic code analysis techniques. This presentation focuses on the specific case of JavaScript source obfuscation, main usage cases, presents some obfuscation examples and their value in providing real protection against reverse-engineering.

Slides
16:00 - 16:45 Ricardomelo.png Ricardo Melo

CTO, DRI.
PHP and Application Security.

To which level can PHP and application security cohexist? The presentation will provide information about the most security critical aspects while developing a PHP web application.

Slides
16:45 - 17:30 Tiagohenriques.png Tiago Henriques

Founder and Team Leader of PTCoreSec.
Software - vulnerabilities and needs.

In this talk he will discuss some of the most common ways attackers can use to compromise your computers, understand the details of how some of the tools can be used to achieve this and even how when we are sending our taxes online (IRS) we put ourselves in danger. How can a simple link or opening a simple PDF file give and attacker remote access to your computer systems.
17:30 - 18:15 Diniscruz.png Dinis Cruz

OWASP OWASP O2 Platform project
Scripting Application Security
Pentesting at the speed of Scripting (using O2 Platform) -

This presentation will show how the OWASP O2 Platform scripting capabilities can be used to 'codify' an pen-testers mind/action and perform advanced analysis, fuzzing and exploitation of both Web and desktop-based Applications.

18:30 Closure