Welcome to OWASP EEE October 11

From October 6 to October 12, a whole series of 7 mini-conferences for information security specialists will be held under the general title OWASP EEE . Meetings will be held in 6 different countries: in Poland, Lithuania, Romania (in the cities of Cluj (Cluj) and Bucharest), in Hungary, Russia and Austria. At each meeting there will be different reports, but thanks to the daily online broadcast you will be able to watch all the interesting speeches. The Russian part of the OWASP EEE will be held on October 11 at the Mail.Ru Group office. Please note that all reports will be in English.

Meeting program:

13:30 - 14:00: Registration of guests.
')
14:00 - 14:45: Taras Ivashchenko , Yandex
“For Internet companies it is very important to enter the market with the finished product as soon as possible. The faster you offer new features to users, the better the service. This is critical, and information security professionals need to adapt to market requirements. I will consider several cases of building a product security system, show you how to avoid various problems that lead to a failure in deployment time. ”

14:50 - 15:35: Zakaria Rachid, Information Security Consultant
“We will talk about hacking payment terminals and various devices that surround us in everyday life. The first version of this report was presented in France at Nuit du Hack 2014. Since then, I supplemented it with information on new attack vectors and critical infrastructure, as well as considered in more detail some of the old vectors. In addition, I have expanded the part in which defenses against attacks are described. So the report has become more mature. ”

15:40 - 16:00: Break.

16:00 - 16:45: Omar Ganiev , Ahack.ru
“I’ll look at some of the ways, tricks, and tools for quickly assessing the security of a web application (black box and white box methods). All this may come in handy in a variety of situations: for high-speed or large-scale penetration testing, in unfair competition, when looking for bugs for a fee, etc. We will look at the minimum set of required tests and the shortest ways to get control of the application. ”

16:50 - 17:35: Ivan Novikov , Wallarm.com
“OOB is a technique for obtaining information through information transfer channels that are not used to send data directly. We know that in the case of MySQL, only the load_file () function can be used for this. However, this method involves the use of UNC-names and works only under Windows. I will talk about our attempts to find other ways to get data from MySQL using OOB. Of course, this also applies to SSRF attacks using SQL injection. "

Live broadcast of all seven meetings will be conducted on the Youtube channel .

Mail.Ru Group office address: Leningradsky Avenue, 39, Building 79.

To register for this event, you must have a valid account on IT.Mail.Ru.