{"schedule": {"version": "0.3", "base_url": "https://cfp.owaspukraine.org/okw2021/schedule/", "conference": {"acronym": "okw2021", "title": "OWASP Kyiv Winter 2021 ONLINE Meetup", "start": "2021-02-27", "end": "2021-02-27", "daysCount": 1, "timeslot_duration": "00:05", "days": [{"index": 1, "date": "2021-02-27", "day_start": "2021-02-27T04:00:00+02:00", "day_end": "2021-02-28T03:59:00+02:00", "rooms": {"ZOOM": [{"id": 115, "guid": "a14f0f16-6216-5d6c-9c2d-4b8b8fec39c7", "logo": "", "date": "2021-02-27T10:00:00+02:00", "start": "10:00", "duration": "00:30", "room": "ZOOM", "slug": "VZTUHW", "url": "https://cfp.owaspukraine.org/okw2021/talk/VZTUHW/", "title": "\u0420\u043e\u0437\u0432\u0456\u0434\u043a\u0430: \u043f\u043e\u0448\u0443\u043a \u043f\u0456\u0434\u0434\u043e\u043c\u0435\u043d\u0456\u0432", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "\u041f\u043e\u0448\u0443\u043a \u043f\u0443\u0431\u043b\u0456\u0447\u043d\u0438\u0445 \u0440\u0435\u0441\u0443\u0440\u0441\u0456\u0432 \u0442\u0430 \u043f\u0456\u0434\u0434\u043e\u043c\u0435\u043d\u0456\u0432 \u0437\u0430 \u0434\u043e\u043f\u043e\u043c\u043e\u0433\u043e\u044e \u0456\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0456\u0432 \u0437 \u0432\u0456\u0434\u043a\u0440\u0438\u0442\u0438\u043c \u043a\u043e\u0434\u043e\u043c.", "description": "\u041f\u043e\u0448\u0443\u043a \u0432\u0441\u0456\u0445 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u0438\u0445 \u0430\u043a\u0442\u0438\u0432\u0456\u0432 \u043a\u043e\u043c\u043f\u0430\u043d\u0456\u0457, \u0449\u043e \u0442\u0435\u0441\u0442\u0443\u0454\u0442\u044c\u0441\u044f \u0454 \u043e\u0434\u043d\u0438\u043c \u0437 \u043a\u043b\u044e\u0447\u043e\u0432\u0438\u0445 \u0437\u0430\u0432\u0434\u0430\u043d\u043d\u044c, \u0442\u0430\u043a \u044f\u043a \u0432\u0456\u0434\u043a\u0440\u0438\u0432\u0430\u0454 \u043d\u043e\u0432\u0456 \u0432\u0435\u043a\u0442\u043e\u0440\u0438 \u0430\u0442\u0430\u043a\u0438 \u0456 \u0447\u0430\u0441\u043e\u043c \u043d\u0430\u0432\u0456\u0442\u044c \u0432\u0456\u0434\u0440\u0430\u0437\u0443 \u0434\u043e\u0437\u0432\u043e\u043b\u044f\u0454 \u0437\u043d\u0430\u0439\u0442\u0438 \u0432\u0440\u0430\u0437\u043b\u0438\u0432\u043e\u0441\u0442\u0456. \u041f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u0435 \u0432\u0438\u043a\u043e\u0440\u0438\u0441\u0442\u0430\u043d\u043d\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u0438\u0445 \u0456\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0456\u0432 \u0434\u043e\u0437\u0432\u043e\u043b\u044f\u0454 \u0437\u0440\u043e\u0431\u0438\u0442\u0438 \u0446\u0435\u0439 \u043f\u0440\u043e\u0446\u0435\u0441 \u0432\u0456\u0434\u043d\u043e\u0441\u043d\u043e \u0448\u0432\u0438\u0434\u043a\u0438\u043c \u0442\u0430 \u0435\u0444\u0435\u043a\u0442\u0438\u0432\u043d\u0438\u043c. \u0412 \u0434\u043e\u043f\u043e\u0432\u0456\u0434\u0456 \u0431\u0443\u0434\u0443\u0442\u044c \u0440\u043e\u0437\u0433\u043b\u044f\u043d\u0443\u0442\u0456 \u043c\u0435\u0442\u043e\u0434\u0438 \u043f\u043e\u0448\u0443\u043a\u0443 \u043f\u0456\u0434\u0434\u043e\u043c\u0435\u043d\u0456\u0432 \u0442\u0430 \u043f\u0443\u0431\u043b\u0456\u0447\u043d\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u0438\u0445 \u0440\u0435\u0441\u0443\u0440\u0441\u0456\u0432 \u0437\u0430 \u0434\u043e\u043f\u043e\u043c\u043e\u0433\u043e\u044e \u0456\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0456\u0432 \u0437 \u0432\u0456\u0434\u043a\u0440\u0438\u0442\u0438\u043c \u043a\u043e\u0434\u043e\u043c.", "recording_license": "", "do_not_record": false, "persons": [{"id": 166, "code": "X9YWHX", "public_name": "\u0420\u043e\u043c\u0430\u043d", "biography": null, "answers": []}], "links": [], "attachments": [], "answers": []}, {"id": 112, "guid": "ecf6b326-56dc-5283-b7d3-074064483434", "logo": "", "date": "2021-02-27T11:00:00+02:00", "start": "11:00", "duration": "00:30", "room": "ZOOM", "slug": "LX9QSU", "url": "https://cfp.owaspukraine.org/okw2021/talk/LX9QSU/", "title": "Threat Modeling Gamification for Fun and Profit", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "In this talk, I will show how our team Threat Models during security testing projects to achieve the completeness of the scope of work. We use gamification to improve this process and I assume it is much less boring than you expect from a threat modeling session. I will share the tools we use and a general approach to the game.", "description": "It is funny when I hear security vendors talk about \"pushing appsec left\" in the development lifecycle. Given that Threat Modeling is the leftest left of all lefts, they actually mean SAST, DAST, DeveSecOps, or another buzzword du jour.\r\n\r\nIt is fine (dog meme here); you can get away with an \"implicit threat model\", or rely on your \"expert intuition\" in most cases. However, one day you will encounter something you never met before, and this approach will fail you, your team, and your client. You will still test the product, but you will not be sure if you did everything you could. You could use some checklists and testing guides, of course, but we all know that even the OWASP Security Testing Guide in all its glory covers only that much of the scope.\r\n\r\nThis is where offensive Threat Modelling comes in. Usually, we succeed by thinking like the attacker, but here we should turn around and think like the developer. By going through the usual Threat Modeling cycle and applying STRIDE, we can brainstorm and write down all the things that could go wrong and then move out to simulate them. From theory and practice, this is a much more reliant approach for scope definition. And even if you fail to achieve full completeness of testing, your client will at least end up with a decent Threat Model.", "recording_license": "", "do_not_record": false, "persons": [{"id": 1, "code": "BP9LP7", "public_name": "Vlad Styran", "biography": "VP and Co-founder at BSG (bsg.tech)\r\nCISSP CISA OSCP\r\nstyran.com", "answers": []}], "links": [], "attachments": [], "answers": []}, {"id": 114, "guid": "63fc7168-a77d-502f-b69d-43e601d48466", "logo": "", "date": "2021-02-27T12:00:00+02:00", "start": "12:00", "duration": "00:30", "room": "ZOOM", "slug": "XQCKVL", "url": "https://cfp.owaspukraine.org/okw2021/talk/XQCKVL/", "title": "Using OWASP Nettacker For Recon and Vulnerability Scanning", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "This talk is about the OWASP Nettacker Project, one of OWASP's \"Unsung Hero\" projects. Nettacker is a little-known yet awesome and powerful 'swiss-army-knife' type tool for information gathering and vulnerability scanning fully written in Python. Featuring live demo and practical usage examples", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"id": 163, "code": "NT89EU", "public_name": "Sam Stepanyan", "biography": "Speaker Bio: Sam Stepanyan is an OWASP London Chapter Leader and an Independent Application Security Consultant with over 20 years of experience in IT industry with a background in software engineering and web application development. Sam has worked for various financial services institutions in the City of London specialising in Application Security consulting, Secure Software Development Lifecycle (SDLC), developer training, source code reviews and vulnerability management. He is also a Subject Matter Expert in Web Application Firewalls (WAF) and SIEM systems. Sam holds a Master\u2019s degree in Software Engineering and a CISSP certification.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"id": 116, "guid": "08afc5a6-c0af-5d4a-88cc-845fef0f31c1", "logo": "", "date": "2021-02-27T13:00:00+02:00", "start": "13:00", "duration": "00:30", "room": "ZOOM", "slug": "FDDJHJ", "url": "https://cfp.owaspukraine.org/okw2021/talk/FDDJHJ/", "title": "How to find your first bug", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "We will try to build the \u201cflow\u201d to follow when looking for vulnerabilities on a web application security testing.", "description": "Discovering vulnerabilities in a web application is not an easy road and required proper preparation from a security researcher. We will discuss the basics of setting tools up and how the Internet work, some tips & tricks. The main goal is to build the \u201cflow\u201d to follow when looking for vulnerabilities on a web application security testing.", "recording_license": "", "do_not_record": false, "persons": [{"id": 168, "code": "NLF37F", "public_name": "Kyrylo", "biography": null, "answers": []}], "links": [], "attachments": [], "answers": []}]}}]}}}