AppSec week in Europe!
6-12 October 2015 will bring an unparalleled OWASP EEE (Eastern European Event).
Seven local events at different locations in one week will come together to create a real “European Championship for Information Security”! The participants include Poland, Lithuania, Romania (Cluj and Bucharest), Hungary, Russia and Austria.
The presentations will differ from location to location and will be broadcast online every day, so you can be a virtual participant!
OWASP Russia will host the event on October 11 at Mail.Ru Group’s office in Moscow.
13:30 - 14:00: Registration
14:00 - 14:45: Taras Ivaschenko, Yandex
“At today’s Internet companies, time to market is very important. The faster you release new features for users, the better service you have. This is critical, and as security people we need to follow business demands. In my talk, I will cover several case studies about building product security processes at an engineering company. I will explain our approaches on how to be a bottle opener, not a bottleneck”.
14:50 - 15:35: Zakaria Rachid, Security consultant
“This talk is about hacking connected kiosks and objects that permeate our daily life. A previous version of this talk was presented in France at Nuit du Hack 2014 with limited distribution in France. New attack vectors and critical infrastructures have been added, and some of the old vectors are more developed. And, of course, there are new screenshots/videos of PoCs. The defensive section is also beefier, thanks to some new runs I’ve made around Europe. Finally, the talk will be more mature, depicting a semblance of methodology and filled with ‘I Am the Calvary’ material”.
15:40 - 16:00: Lunch/Coffee Break
“My talk will cover some tips, tricks and tools for rapid web application security assessment (black and white box). They are useful in various situations: pentest with very limited time or a huge scope, competition, Bug Bounty programs, etc. We will go through the minimal set of tests that should be performed, and shortest paths to owning the app.
“OOB is an out-of-band technique to obtaining data using a band (data channel) other than that used to send the payload. Today we know that only the load_file() function can be used for this in the case of MySQL. However, this method is based on UNC names and only works on Windows platforms. We have tried to find other ways to obtain MySQL data by OOB. Of course, this also supports SSRF attacks through SQL injections”.
The presentations will be broadcast online here.
Address: Leningradsky prospekt 39, bld. 79.