IJISC
  • Indexed in

  • Latest News

    December 29, 2017
    Volume 6, Issue 2 of IJISC – International Journal of Information Security and Cybercrime was published
    December 4, 2017
    IJISC has been successfully evaluated for the ICI Journals Master List 2016 and received the ICV of 85.83 points
    June 29, 2017
    Volume 6, Issue 1 of IJISC – International Journal of Information Security and Cybercrime was published
    May 5, 2017
    IJISC was indexed in CEEOL (Central and Eastern European Online Library) database
  • --- More News ---
  • Popular Articles

  • Interview with Ms. Oana CORNEA


    Interview made by: BARBU, Ionuț-Daniel
    Issue: Volume 5, Issue 1, Year 2016

    Download PDF | Views: 681

    Oana CORNEAMs. Oana CORNEA has been working in the field of IT Security for six and a half years, mostly doing application security and penetration testing for companies in different industries: gaming, banking and biomedical.
    Being passionate about application security, making things more secure and learning new things, Oana CORNEA reactivated the OWASP chapter from Bucharest, Romania. Since 2013, she is the chapter leader and she has been organizing many meetings and conferences. The purpose of these events is to raise awareness about application security issues, to share knowledge and also to train and educate people on OWASP projects, tools and best practices.

    1. Open Web Application Security Project is a worldwide not-for profit charitable organization focused in improving the security of software. Can you tell us more about the contribution in the information security field?

    OWASP is a global community that drives the visibility and evolution in the safety and security of the world’s software. It has been around for 16 years and there are many OWASP projects that were cited in more than 129 Information Security standards and regulations (see www.owasp.org/index.php/Industry:Citations).

    “OWASP Top 10” may be the most popular project, however there are also some other flagship projects that have demonstrated strategic value to OWASP and application security as a whole:

    2. In the autumn of 2013 you organized for the first time the Conference OWASP Romania InfoSec. What new elements did these events bring in the landscape of cybersecurity conferences from Romania?
     

    The OWASP events organized in Bucharest brought the first application security conferences and meetings organized in Romania. Until then there were other events but not dedicated only to application security. Today there are four OWASP chapters in Romania: Bucharest, Cluj-Napoca, Timisoara and a student chapter in Sibiu.

     
    3. OWASP Romania InfoSec Conference started to grow year by year, with better presentations and more participants. How did you succeed to attract more speakers and participants to this conference?
     

    I believe that people are becoming more aware of the security risks in general and developers are getting more and more aware of the security risks that can be introduced in software. The issues presented at our conferences are actual and provide impartial and practical information about application security. I find interesting topics online, attending other conferences and contacting local universities. Besides this, I think we gained experience on organizing events.

     
    4. You have joined many important conferences on cybersecurity, like OWASP AppSec EU and DefCamp. What ideas could you bring from these conferences to OWASP Romania InfoSec Conference?
     

    The events I’ve organized in Bucharest were small local events, with maximum 200 attendees. Comparing to other bigger conferences you mentioned, there is a lot to improve to our events. Usually beside the presentation tracks there are many other activities. This is why in 2016 I’ve decided to add a CTF competition to our program and it was a success.

     
    5. OWASP Bucharest Chapter is very active in the cyberspace, through many social channels where you post different news from cybersecurity. How important is awareness in this domain?
     

    Security can’t be 100 percent guaranteed and there are many factors coming into play when talking about it. Awareness is very important and social networks are powerful in spreading the word. Being aware of potential risks that can be introduced in software can make people avoid common mistakes and hopefully make them research more and write secure code. The ones that want to share their knowledge or learn, can meet, talk and find out more about security topics at OWASP events or they can simply browse the OWASP wiki.

     
    6. Lately, the number and the complexity of cyber-attacks have increased in Internet and one of the reason is the huge number of vulnerabilities. Why do you think there are so many vulnerabilities in the cyberspace?
     

    The number of attacks on web applications has increased substantially over the time due to new technologies, their wide adoption and our dependence on the Internet. Often application is the entry point for an attack on a network. Attacks have become more complex due to the large number of interconnected applications, mobile devices and networks.

    Periodically OWASP gathers anonymous data, from volunteer organizations and makes a top of the most common vulnerabilities. This is the “OWASP Top 10” project that is a powerful awareness document for web application security. Project members include a variety of security experts from around the world who have shared their expertise to produce this list.

    Even if this is not a complete list and there are many complex threats, adopting it for awareness and training, can be an effective first step towards changing the software development culture within an organization into one that produces secure code.

     
    7. We become increasingly dependent on computing devices that are interconnected via Internet. Are you concerned about this dependence in terms of information security?
     

    In an interconnected world starting form a primary breach, an attacker can go further into the organization with other subsequent attacks. Software has become an important part in many aspects of our life.

    Also, companies face many challenges in order to protect their infrastructure because the attack surface is larger with more and more applications being online and systems being interconnected. Attacks have become more sophisticated in such way that, when under attack, the company’s total defenses are tested and the security people’s tasks become challenging. In order to minimize the threats there should be a combination of organizational regulations and technical controls in place.

     
    8. Will you continue the series of OWASP conferences in the field of cybersecurity? Can you describe some of the most interesting topics of the following events?
     

    Definitely! There will be OWASP events (meetings and conferences) organized in Bucharest. I cannot say anything specific but we will have topics around browser security, HTML5 security, mobile security, Internet of Things and maybe also some management topics in application security: such as business risks, outsourcing/offshoring, managing SDLC.

    Stay tuned and check out our wiki page and out meetup group!


    Additional Information

    Title: Interview with Ms. Oana CORNEA
    Author(s): BARBU, Ionuț-Daniel
    Publication: International Journal of Information Security and Cybercrime
    ISSN: 2285-9225, e-ISSN: 2286-0096
    Issue: Volume 5, Issue 1, Year 2016
    Section: Interviews with experts
    Page Range: 101-103



    Copyright

    Copyright ©2012-2018 IJISC - International Journal of Information Security and Cybercrime

    All rights reserved: International Journal of Information Security and Cybercrime is a trademark of RAISA - Romanian Association for Information Security Assurance.
    No part of this publication may be reproduced, stored in a retrieval system, photocopied, recorded or archived, without the written permission from RAISA. When authors submit their papers for publication, they agree that the copyright for their article be transferred to Romanian Association for Information Security Assurance, if the articles are accepted for publication. The copyright covers the exclusive rights to reproduce and distribute the article, including reprints and translations.