Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » OWASP Meetup at FOI - bits and bytes

OWASP Meetup at FOI - bits and bytes

by Nikola Strahija on February 28th, 2016 We bring you a short recap of the OWASP meetup that was held at FOI - Varadzin, Croatia this past Friday (Feb 26th 2016).


The meetup started with a short presentation by Jasna Bencic about DORS/CLUC (Days of Open Systems / Croatian Linux users' Conference) conference. We learned that DORS has been going on for 23 years, attendees are from all around the world and it takes place at the Faculty of electrical engineering (FER) in Zagreb, Croatia. She informmed us about some of the talks that were given during previous conferences and what to expect this year in May 11-13th. DORS is growing every year in quality and quantity, is the largest conference of it's kind in Eastern Europe and you should definitely check it out.



The organizer, Tonimir Kisasondi then gave an hour-long talk on Developing (reasonably) secure applications. The talk started by explaining why planning is important, how security has to be one of the requirements and continued to OWASP ASVS - Application Security Verification Standard. He then went through the top 10 vulnerabilities and ESAPI implementation (with some source code) followed by several real-life examples.

A significant amount of time was spent towards tips & tricks when using OWASP ZAP (Zed Attack Project) during which we learned how to use OWASP ZAP with continuous integration tools like Jenkins to improve on the overall security of our codebase, terms of use related to security scans from some cloud providers such as Amazon - which doesn't allow scanning of anything smaller than the medium instance. The talk was finished with Q&A.

btw. during his presentation every 5 minutes his computer kept locking the screen - I haven't checked if his webcam has a sticker on it or not.


After a short break Bernard Toplak gave a talk titled "Post-Password Era - safe(er) methods of authentification".
He compared passwords with PKI, token-generators, old and net authentication methods. We learned about the differences between token generators that are commonly used in Croatia, their pros and cons and Java+browser requirements from Banks and Croatian IRS. The latter gives IT departments a huge headache in the OS+Browser+Java version realm just to be able to sign a document digitally instead of using a token generator. Bernard finished the talk by answering quite a few question from the attendees.



Last but not least was a presentation by Miroslav Stampar from Croatian Goverment's CERT on his concept "ABcD" which is a browser plugin for Automated Bug (cruised) Discovery. ABcD is stil a concept and basically it would test for vulnerabilities while you browse the web. The first prototype might see the light of day in about 2 months and could be the start of a whole new era of script kiddies.

As a long-time developer of sqlmap Miroslav probably gave over 50 talks and presentations in his career. I can't wait to see ABcD in action.



Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »