OWASP Bucharest AppSec Conference 2017
Author(s): NICA, Cristina; BARBU, Ionuț-Daniel
Issue: Volume 6, Issue 2, Year 2017
As some of you already know October is the National Cyber Security Awareness Month so everywhere across the globe various events are held.
In Romania, OWASP Bucharest AppSec Conference was at its 5th annual edition. This time around there was a 3-day conference, with 11th and 12th of October being training days and Capture the Flag (CTF) contest and the 13th day was packed with presentations and panels. Industry practitioners shared their experiences, knowledge and projections.
The objective of the OWASP’s Bucharest AppSec Conference is to raise awareness about application security and to bring high-quality security content provided by renowned professionals in the European region.
Among the talks I would like to emphasize the Women in AppSec Panel with Giorgiana Vlăsceanu, Alexandra Anghel, Daniela Ene and Daniel Barbu, moderated by Iulia Ivanov. Industry people were talking to each other and the public about how girls could and why they should focus more on this field and also why the reality is a bit different. One thing that resonated with me is that women tend to not take as many chances as their peers, which stands in their way big time. They should also not be afraid to ask for guidance or help when needed for fear of being judged or any other reason.
OWASP Bucharest AppSec Conference 2017
On a more technical note, the talk about Protecting against credential stuffing attacks was also a in-depth review on how to keep your credentials safe from automated web injection.
Sony, Yahoo or Dropbox are just a few of the names that were affected by this type of attack so getting to understand how it works under the hood and what you can do to safekeep your credential data was a welcome guidance.
We especially liked the vibe of the conference and the people attending, it was a great chance to see people from the field and exchange ideas. The talks triggered a lot of ice breakers among the attendees, which, looking back, makes the conference seem like a genuine community.
The tracks included overall the following presentations:
- Track 1: Application Security Lifecycle, N different strategies to automate OWASP ZAP, Women in AppSec Panel, Security champions 2.0, Man-in-the-browser attacks and How my SVM nailed your Malware.
- Track 2: Threat modelling – How we deconstruct systems and the threats they are at risk from, Testing for cyber resilience: tools & techniques for adversary attack/defense simulation, Less Known Web Application Vulnerabilities, Overview of TLS v1.3, Protecting against credential stuffing attacks, BDD Mobile security testing with OWASP MASVS, OWASP MSTG and Calabash and Securing the code and waiting for skilled hackers.
Image source: http://blogs.adobe.com
Title: OWASP Bucharest AppSec Conference 2017
Author(s): NICA, Cristina; BARBU, Ionuț-Daniel
Publication: International Journal of Information Security and Cybercrime
ISSN: 2285-9225, e-ISSN: 2286-0096
Issue: Volume 6, Issue 2, Year 2017
Section: Books Reviews and Conferences Analysis
Page Range: 65-66
Copyright ©2012-2024
The International Journal of Information Security and Cybercrime (IJISC)
All rights reserved
The International Journal of Information Security and Cybercrime is a trademark of the Romanian Association for Information Security Assurance (RAISA).
No part of this publication may be reproduced, stored in a retrieval system, photocopied, recorded or archived, without the written permission from RAISA. When authors submit their papers for publication, they agree that the copyright for their article be transferred to the Romanian Association for Information Security Assurance, if the articles are accepted for publication. The copyright covers the exclusive rights to reproduce and distribute the article, including reprints and translations.