0.1 okspring2021 2021-04-24 2021-04-24 1 00:05 https://cfp.owaspukraine.org/okspring2021/schedule/ 2021-04-24T10:00:00+03:00 10:00 01:00 ZOOM okspring2021-118-a9-using-components-with-known-vulnerabilities https://cfp.owaspukraine.org/okspring2021/talk/LXCAJZ/ false Workshop en Known Security Vulnerabilities are those gaps in security that have been identified, either by the developer/vendor of the products used, by the user/developer, or by the hacker/intruder. To exploit known security vulnerabilities, hackers identify a weak component in the system by scanning the system using automated tools (more common because these hacking tools are available online) or by analyzing the components manually (less common, because it takes more advanced skills). Svyat Login 2021-04-24T11:30:00+03:00 11:30 00:30 ZOOM okspring2021-122-information-security-academic-minors-in-modern-ukrainian-higher-education https://cfp.owaspukraine.org/okspring2021/talk/UMMPFM/ false Talk en Nowadays higher education in Ukraine takes new challenges: required knowledge level for employment is low, knowledge sometimes are outdated, student oriented on self-education. Also, education in Ukraine mostly doesn't orient on lifelong education, so it doesn't prepare wide specialists. How modern education in Ukraine can compete with these factors and being attractive and useful for students and several other questions will be discussed around this topic. Trokhym Babych 2021-04-24T12:30:00+03:00 12:30 00:30 ZOOM okspring2021-121-responsible-disclosure-it-s-not-all-about-the-money- https://cfp.owaspukraine.org/okspring2021/talk/GHF9EC/ false Talk en Starting from an introduction to "Responsible Disclosure" model, we will see this process in detail, pointing out the differences with "Full Disclosure" model, bug bounty programs and black market. Lastly, three CVEs will be publicly disclosed and presented to the audience, in order to show a real case about the responsible disclosure model. This is the detailed agenda of the talk: 1 - Intro -> total 5 minutes, divided in: Who am I? -> 1 minute Introduction to responsible disclosure -> 4 minutes 2 - Responsible disclosure in detail and differences with full disclosure, bug bounty programs and black marcket -> total 10 minutes 3 - Real case: how to report vulnerabilities to a non-cooperative vendor, gaining the glory and avoiding to be jailed. Analysis of 3 CVEs -> total 10 minutes 4 - Q&A -> 5 minutes /media/okspring2021/images/GHF9EC/resp_disclosure_Q5k4sy5.png Carlo Di Dato