OWASP EEE Russian Event 2015

From OWASP
Revision as of 15:01, 22 September 2015 by Alexander Antukh (talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search


Owasp_eee.jpg
OWASP Eastern European Event - Russian Event, 11th of October 2015

OWASP EEE - Russian Event 2015 - October 11th

OWASP Russia team is happy to announce the OWASP Russian Event 2015, part of OWASP EEE, a one day Security and Hacking Conference. It will take place on 11th of October, 2015 - Moscow, Russia.

The objective of the OWASP's Eastern European Event is to raise awareness about application security and to bring high-quality security content provided by renowned professionals in the European region. Everyone is free to participate in OWASP and all our materials are available under a free and open software license.

This initiative will enable participants to get the most out of OWASP events and meetings in the region. During approximately a week OWASP chapters will organize events and meetings that will be broadcasted live so that every day people could watch presentations from another chapter.

Who Should Attend?

  • Application Developers
  • Application Testers and Quality Assurance
  • Application Project Management and Staff
  • Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, Deputies, Associates and Staff
  • Chief Financial Officers, Auditors, and Staff Responsible for IT Security Oversight and Compliance
  • Security Managers and Staff
  • Executives, Managers, and Staff Responsible for IT Security Governance
  • IT Professionals Interesting in Improving IT Security
  • Anyone interested in learning about or promoting Web Application Security

CONFERENCE (Friday 9th of October)

Date Location
Sunday 11th of October, 14.00
Venue Location: Mail.Ru

Venue Address: 125167, Leningradsky prospekt 39, bld. 79, Moscow, Russia;

Price and registration
The conference entrance is FREE, you need to register on the link provided below, print your ticket and present it at the entrance.

General Registration


Sponshorship opportunities
Why sponsor?

  • Join 200+ leaders, security consultants, security architects and developers gathered to share cutting-edge ideas, initiatives and trends in technology.
  • OWASP events attract an audience interested in "What's next?" - As a sponsor, you will be promoted as an answer to this question.
  • Increase awareness and recognition in Romanian Security IT environment.
  • Support and involvement in the world of information security enthusiasts.

Conference agenda

Time Title Speaker Description
13:30 - 14:00
(30 mins)
Registration
14:00 - 14:45
(45 mins)
Building better product security: an engineering approach Taras Ivaschenko In modern internet company time to market is very important. The faster you release new features for users the better service you have. This is essential thing and we, as security people, need to follow business demands. In my talk I will cover several case studies about building Product security processes in engineering company. I will explain our approaches on how to be a bottle opener, not a bottleneck.
14:50 - 15:35
(45 mins)
Give me a stable input and I'll p0wn the planet
Zakaria Rachid
This talk is about the connected objects around us and how they lack security by design in some critical cases. I'll show some interesting attack vectors that allowed me to gain access to Kiosks, ATMs and other IoT devices. Modern attacks and defensive measures, including those from IATC, will be reviewed, too.
15:40 - 16:00
(20 mins)
Lunch/Coffee Break
16:00 - 16:45
(45 mins)
Bugs -> max; time <= T Omar Ganiev The talk will cover some tips, tricks and tools for rapid web application security assessment (black and white box). They are useful in various situtations: pentest with very limited time or huge scope, competition, bugbounty program, etc. We'll go through minimal set of tests, that should be performed, and shortest paths to pwning the app.
16:50 - 17:35
(45 mins)
Mysql OOB injection. Can I surprise you? Ivan Novikov OOB - out-of-band technique for obtaining data by another band (data channel) than used to send payload. Currently known that only load_file() function can be used for this in MySQL case. But this method is based on UNC names and works only under Windows platforms. We tried to find other ways to obtain MySQL data by OOB. Of course this provides also SSRF attacks through SQL injections.
  • Alexander Antukh [1]
  • Taras Ivaschenko [2]