Difference between revisions of "Spain/Agenda Chapter Meeting"

From OWASP
Jump to: navigation, search
Line 30: Line 30:
 
<td  bgcolor="white" valign="top" align="center"  height=75px width=80px>http://www.owasp.org/images/9/99/Ashar-80.jpg</td>
 
<td  bgcolor="white" valign="top" align="center"  height=75px width=80px>http://www.owasp.org/images/9/99/Ashar-80.jpg</td>
 
<td bgcolor="#d5deed" align="center" valign="top" width=110px>09:15h - 10:15h</td>
 
<td bgcolor="#d5deed" align="center" valign="top" width=110px>09:15h - 10:15h</td>
<td bgcolor="#d5deed" align="justify" valign="top"><i><b>Cross-Site Scripting: The Force Awakens</b></i><br>Ashar Javed. - Twitter: [http://www.twitter.com/soaj1664ashar @soaj1664ashar].<br>Pentester. [http://www.hyundai-autoever.eu Hyundai AutoEver Europe GmbH].<br>
+
<td bgcolor="#d5deed" align="justify" valign="top"><i><b>Cross-Site Scripting: The Force Awakens</b></i><br>Ashar Javed. [http://www.twitter.com/soaj1664ashar @soaj1664ashar].<br>Pentester. [http://www.hyundai-autoever.eu Hyundai AutoEver Europe GmbH].<br>
 
This talk is inspired from Star Wars thriller. In this premier, we will see, XSS---the force awakens again or has never been disappeared. Is XSS a new threat on the landscape even though it was discovered sixteen years ago or the threat was there all the time. XSS is a war between the developers of the web applications and the attacker but the question is: who is winning the war so far? Can we hug developers now or should find a way for them to escape from this endless pain of war?  
 
This talk is inspired from Star Wars thriller. In this premier, we will see, XSS---the force awakens again or has never been disappeared. Is XSS a new threat on the landscape even though it was discovered sixteen years ago or the threat was there all the time. XSS is a war between the developers of the web applications and the attacker but the question is: who is winning the war so far? Can we hug developers now or should find a way for them to escape from this endless pain of war?  
  
Line 44: Line 44:
 
<td  bgcolor="white" valign="top" align="center"  height=75px width=80px></td>
 
<td  bgcolor="white" valign="top" align="center"  height=75px width=80px></td>
 
<td bgcolor="#d5deed" align="center" valign="top" width=110px>10:15h - 10:45h</td>
 
<td bgcolor="#d5deed" align="center" valign="top" width=110px>10:15h - 10:45h</td>
<td bgcolor="#d5deed" align="justify" valign="top"><i><b>TBD</b></i>
+
<td bgcolor="#d5deed" align="justify" valign="top"><i><b>TBD</b></i><br>
 
</td>
 
</td>
 
</tr>
 
</tr>
  
 
<tr>
 
<tr>
<td  bgcolor="white" valign="top" align="center"  height=75px width=80px></td>
+
<td  bgcolor="white" valign="top" align="center"  height=75px width=80px>http://www.owasp.org/images/2/22/Miguel-80x80.png</td>
 
<td bgcolor="#d5deed" align="center" valign="top" width=110px>10:45h - 11:45h</td>
 
<td bgcolor="#d5deed" align="center" valign="top" width=110px>10:45h - 11:45h</td>
<td bgcolor="#d5deed" align="justify" valign="top"><i><b>TBD</b></i>
+
<td bgcolor="#d5deed" align="justify" valign="top"><i><b>OWASP Mobile Security Project como base para auditar una aplicación iOS</b></i><br>Miguel Ángel Arroyo Moreno. [http://www.twitter.com/Miguel_Arroyo76 @Miguel_Arroyo76].<br>IS Auditor. [https://www.svtcloud.com/ SVT Cloud & Security]. Autor del blog [http://www.hacking-etico.com Hacking Ético]. Fundador de la comunidad [https://twitter.com/hackandbeers Hack&Beers]<br>
 +
En la charla se expondrán los distintos recursos que hay disponibles en el proyecto Mobile Security Project de OWASP para auditar aplicaciones móviles, concretamente de tipo iOS. Desde los riesgos más importantes, así como los controles de seguridad a evaluar y finalmente un arsenal de herramientas útiles para llevar a cabo una auditoría de seguridad de una aplicación iOS.
 +
 
 +
Se explicará también las distintas fases a llevar a cabo, según la metodología que OWASP nos propone y teniendo como referencia el cheet sheat disponible en su web oficial.
 
</td>
 
</td>
 
</tr>
 
</tr>
 
  
 
<tr>
 
<tr>

Revision as of 04:07, 24 October 2016

Barcelona, 17 de noviembre de 2016
AGENDA de la jornada:

08:00h - 08:55h Registro de asistentes
Jabella-80.jpg 09:00h - 09:05h Bienvenida
Jaume Abella Fuentes @JaumeAbella.
Coordinador del Máster de Ciberseguridad. La Salle Campus Barcelona.
Vadpic.png 09:05h - 09:15h Introducción a la jornada
Vicente Aguilera Díaz. vicenteaguileradiaz.com - @VAguileraDiaz.
OWASP Spain Chapter Leader. Socio y Director Dpto. Auditoría en Internet Security Auditors.
Ashar-80.jpg 09:15h - 10:15h Cross-Site Scripting: The Force Awakens
Ashar Javed. @soaj1664ashar.
Pentester. Hyundai AutoEver Europe GmbH.

This talk is inspired from Star Wars thriller. In this premier, we will see, XSS---the force awakens again or has never been disappeared. Is XSS a new threat on the landscape even though it was discovered sixteen years ago or the threat was there all the time. XSS is a war between the developers of the web applications and the attacker but the question is: who is winning the war so far? Can we hug developers now or should find a way for them to escape from this endless pain of war?

Smart researchers out there have already started talking about post-XSS era ("may the force be with you") but the question is are we really at this stage? Can we say "We're home"? Unfortunately not! It seems the empire of XSS has been advancing and flourishing (at least the evidence shows). "It's true. All of it. The Dark Side".

Can developers make things right and have some resistance even after sixteen years of XSS? Is there a call from light? With the help of some real fairy tales, we will shed light on developers' rudimentary knowledge about XSS protection(s). Is there a universal panacea for XSS epidemic? No one knows how the upcoming chapters of XSS will look like but the leaked teaser shows wind turbine has been XSSed.

This talk will conclude on: "There's been an awakening...The Dark and Some Light".

10:15h - 10:45h TBD
Miguel-80x80.png 10:45h - 11:45h OWASP Mobile Security Project como base para auditar una aplicación iOS
Miguel Ángel Arroyo Moreno. @Miguel_Arroyo76.
IS Auditor. SVT Cloud & Security. Autor del blog Hacking Ético. Fundador de la comunidad Hack&Beers

En la charla se expondrán los distintos recursos que hay disponibles en el proyecto Mobile Security Project de OWASP para auditar aplicaciones móviles, concretamente de tipo iOS. Desde los riesgos más importantes, así como los controles de seguridad a evaluar y finalmente un arsenal de herramientas útiles para llevar a cabo una auditoría de seguridad de una aplicación iOS.

Se explicará también las distintas fases a llevar a cabo, según la metodología que OWASP nos propone y teniendo como referencia el cheet sheat disponible en su web oficial.

11:45h - 12:15h Coffee-break
12:15h - 12:45h TBD
12:45h - 13:15h TBD
13:15h - 14:45h Pausa
14:45h - 15:45h TBD
15:45 - 16:15h TBD
16:15h - 17:15h TBD
17:15h - 17:45h TBD
Vadpic.png 17:45h - 18:00h Cierre de la jornada
Vicente Aguilera Díaz. vicenteaguileradiaz.com - @VAguileraDiaz.
OWASP Spain Chapter Leader. Socio y Director Dpto. Auditoría en Internet Security Auditors.


Si desea participar como ponente, consulte la sección Call for Papers.

Twitter: @OWASPSpain
Hashtag de la jornada: #OWASPSpain10
Twitter-logo-icon.jpeg