Difference between revisions of "OWASP EEE Bucharest Event 2015 Agenda"

From OWASP
Jump to: navigation, search
Line 58: Line 58:
 
|}
 
|}
  
9.00 - 14.00 - [http://www.ccins.ro/sala-albastra.php Sala Albastra ]<br>
+
{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="4"
'''Workshop name:'''<br>
+
| style="width:100%" valign="middle" height="40" bgcolor="#CCCCEE" align="center" colspan="6" | <h2>Workshop </h2>
'''OWASP Top 10 vulnerabilities – from discovery to complete exploitation'''<br>
+
|-
'''Description:'''<br>
+
| style="width:10%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" |  '''Time'''
The purpose of this workshop is to increase the participants’ awareness on the most common web application vulnerabilities and their associated risks. <br>
+
| style="width:25%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Title'''
 +
| style="width:25%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Trainers'''
 +
| style="width:40%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Description'''
 +
|-
 +
| style="width:10%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | 9:00 - 14:00<br>(5 hours)<br>[http://www.ccins.ro/sala-albastra.php Sala Albastra ]
 +
| style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | '''OWASP Top 10 vulnerabilities – from discovery to complete exploitation''' <br>The purpose of this workshop is to increase the participants’ awareness on the most common web application vulnerabilities and their associated risks. <br>
 
We will discuss each type of vulnerability described in the OWASP Top 10 project and we will be practicing manual discovery and exploitation techniques. <br>
 
We will discuss each type of vulnerability described in the OWASP Top 10 project and we will be practicing manual discovery and exploitation techniques. <br>
 +
| style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | '''Adrian Furtună''' – Technical Manager – Security Services – KPMG Romania <br> '''Ionuţ Ambrosie''' – Security Consultant – KPMG Romania
 +
| style="width:40%" valign="middle" height="30" bgcolor="#CCEEEE" align="justify" colspan="0" | '''Description:'''<br>
 +
 
This will be a (very) hands-on workshop where we will practice exercises as:<br>
 
This will be a (very) hands-on workshop where we will practice exercises as:<br>
 
- Discover SQL injection and exploit it to extract information from the database<br>
 
- Discover SQL injection and exploit it to extract information from the database<br>
Line 78: Line 86:
 
- Administrative rights on the laptop<br>
 
- Administrative rights on the laptop<br>
 
- VMWare Player installed<br>
 
- VMWare Player installed<br>
'''Instructors: '''Adrian Furtună – Technical Manager – Security Services – KPMG Romania<br>
+
 
-Ionuţ Ambrosie– Security Consultant – KPMG Romania<br>
+
[http://www.eventbrite.com/e/owasp-top-10-vulnerabilities-from-discovery-to-complete-exploitation-tickets-18454393588 Register here]
'''Workshop duration: '''5 hours<br>
+
|-
'''Seats available: '''20 (first-come, first served)<br>
+
|}
'''Price '''100 euros; Student ticket is 25 euros (within the limit of 10 places)<br>
+
 
  
 
<!--
 
<!--
 
{{:OWASP_EEE_Bucharest_Event_2015_Sponsors}}
 
{{:OWASP_EEE_Bucharest_Event_2015_Sponsors}}
 
-->
 
-->

Revision as of 13:46, 3 September 2015


Conference agenda

Time Title Speaker Description
10:00 - 10:30
(30 mins)
Registration
10:30 - 10:45
(15 mins)
Introduction & Welcome Oana Cornea Introduction to OWASP & Bucharest Event, Schedule for the Day
10:45 - 11:30
(45 mins)


11:50 - 12:35
(45 mins)
12:55 - 13:40
(45 mins)
13:40 - 14:30
(50 mins)
Lunch/Coffee Break
14:30 - 15:15
(45 mins)
15:20 - 16:05
(45 mins)
16:10 - 16:55
(45 mins)

Workshop

Time Title Trainers Description
9:00 - 14:00
(5 hours)
Sala Albastra
OWASP Top 10 vulnerabilities – from discovery to complete exploitation
The purpose of this workshop is to increase the participants’ awareness on the most common web application vulnerabilities and their associated risks.

We will discuss each type of vulnerability described in the OWASP Top 10 project and we will be practicing manual discovery and exploitation techniques.

Adrian Furtună – Technical Manager – Security Services – KPMG Romania
Ionuţ Ambrosie – Security Consultant – KPMG Romania
Description:

This will be a (very) hands-on workshop where we will practice exercises as:
- Discover SQL injection and exploit it to extract information from the database
- Find OS command injection and exploit it to execute arbitrary commands on the target server
- Discover Cross-Site Scripting and exploit it to gain access to another user’s web session
- Identify Local File Inclusion and exploit it to gain remote command execution
- Find Cross-Site Request Forgery and exploit it to gain access to the admin panel
- Other fun and challenging tasks
Of course, we will also present safe ways in which the identified vulnerabilities can be eliminated or mitigated in a production environment.
Intended audience: Web application developers, security testers, quality assurance personnel, people passionate about web security
Skill level: Intermediate
Requirements: - Laptop with a working operating system
- At least 2 GB of free disk space and at least 2 GB RAM
- Administrative rights on the laptop
- VMWare Player installed

Register here