OWASP Kyiv Fall 2019

0.4 okf219 OWASP Kyiv Fall 2019 2019-11-23 2019-11-23 1 00:05 https://cfp.owaspukraine.org/okf219/schedule/ 2019-11-23T10:00:00+02:00 10:00 00:40 Grammarly okf219-84-cilium-network-security-for-microservices-let-s-see-how-it-works-with-istio https://cfp.owaspukraine.org/okf219/talk/GS3WNJ/ false Cilium - Network Security for Microservices. Let's See How It Works with Istio Talk en Cilium is a CNI -compliant networking plugin used to provide multi-host network connectivity for Linux containers and a way to define granular network-layer and application-layer security policies. Cilium brings API-aware network security filtering to Linux container frameworks like Docker and Kubernetes. Using a new Linux kernel technology called BPF, Cilium provides a simple and efficient way to define and enforce both network-layer and application-layer security policies based on container/pod identity. Stanislav Kolenkin 2019-11-23T11:00:00+02:00 11:00 00:40 Grammarly okf219-87-quarantine-nights-exploiting-macos-file-quarantine-in-popular-apps https://cfp.owaspukraine.org/okf219/talk/XYH7EV/ false Quarantine Nights: exploiting macOS File Quarantine in popular apps Talk en Quarantine Nights: exploiting macOS File Quarantine in popular apps /media/okf219/images/XYH7EV/Screenshot_2019-11-23_at_05.53.28.png Vladimir Metnew 2019-11-23T12:00:00+02:00 12:00 00:40 Grammarly okf219-88-injections-4-ways-of-penetration https://cfp.owaspukraine.org/okf219/talk/RHPPSG/ false Injections - 4 Ways of Penetration Talk en I will show 4 types of injections and we will discuss how to protect against them. Evgeny Tolchinsky 2019-11-23T13:00:00+02:00 13:00 00:40 Grammarly okf219-83-pentest-expectations https://cfp.owaspukraine.org/okf219/talk/P89CL9/ false Pentest Expectations Talk en What do pentesters looking for and what customers wish to receive in their reports? Examples of easy account compromise. What do pentesters look for the rest of the project time? Classic OWASP checklist. What are pentesters tired to report but still have to What do we expect? A total compromise. • Account Takeover • Logic Bypass • Remote Code Execution • Easy Exploitation What do we get? OWASP daily work. • XSS • CSRF • Session Fixation • IDOR • Information Disclosure • Unlimited Email Spam • ARP poisoning • Mountable NFS volumes What are we bored of in the reports? • Versions • Ciphers • Headers • Checklists • False Positives • Automatic Reports How to get an empty pretest report? /media/okf219/images/P89CL9/Screenshot_1.png Ihor uZ 2019-11-23T15:00:00+02:00 15:00 00:40 Grammarly okf219-82-hacktoberfest--open-source https://cfp.owaspukraine.org/okf219/talk/NHK7YG/ false Hacktoberfest та open-source Talk en Відкриття для себе _open-source_, участь у **Hacktoberfest** та чому варто приділяти увагу проектам з відкритим кодом. * Hacktoberfest. * З яких проектів варто починати свій шлях. * Чому це має значення. * Чи буде з цього вигода. Mykhailo Pazyniuk 2019-11-23T16:00:00+02:00 16:00 00:40 Grammarly okf219-85-basic-ideas-of-osint-and-why-it-is-useful https://cfp.owaspukraine.org/okf219/talk/JR9BPR/ false Basic Ideas of OSINT and Why It Is Useful Talk en Describing what is OSINT. Describing a couple of OSINT tools: Censys.io, Google Dorks, The Harvester, Shodan, Nmap, etc. Describing what is OSINT. Describing a couple of OSINT tools: Censys.io, Google Dorks, The Harvester, Shodan, Nmap, etc. Nadia Klymenko