{"schedule": {"version": "0.5", "base_url": "https://cfp.owaspukraine.org/okwinter2022/schedule/", "conference": {"acronym": "okwinter2022", "title": "OWASP Kyiv Winter 2022 ONLINE Meetup", "start": "2022-02-26", "end": "2022-02-26", "daysCount": 1, "timeslot_duration": "00:05", "days": [{"index": 1, "date": "2022-02-26", "day_start": "2022-02-26T04:00:00+02:00", "day_end": "2022-02-27T03:59:00+02:00", "rooms": {"ZOOM": [{"id": 134, "guid": "b18294c4-047d-505a-a32d-402131e9d99c", "logo": "", "date": "2022-02-26T10:15:00+02:00", "start": "10:15", "duration": "00:30", "room": "ZOOM", "slug": "QRNLAF", "url": "https://cfp.owaspukraine.org/okwinter2022/talk/QRNLAF/", "title": "Red+Blue = Purple: specifics of offensive and defensive teams cooperation", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "Red team operations can be effectively performed in close cooperation with the defensive (blue) team - this format differs in some key points from the classical redteaming or penetration testing. Organizational faults or wrong understanding of what is going on can decrease the overall effectiveness of the operation dramatically for both sides. \r\nLooking from the side of red team, discussing, what purple teaming really is, how it should be carried out to be really effective and what are the main constraints on this way.", "description": "Red team operations can be effectively performed in close cooperation with the defensive (blue) team - this format differs in some key points from the classical redteaming or penetration testing. Organizational faults or wrong understanding of what is going on can decrease the overall effectiveness of the operation dramatically for both sides. \r\nLooking from the side of red team, discussing, what purple teaming really is, how it should be carried out to be really effective and what are the main constraints on this way.", "recording_license": "", "do_not_record": false, "persons": [{"id": 198, "code": "CVCSGL", "public_name": "Roman Draguntsov", "biography": "Pentester", "answers": []}], "links": [], "attachments": [], "answers": []}, {"id": 132, "guid": "fa52339a-3f69-52ee-80b3-728f114b932f", "logo": "/media/okwinter2022/images/VGHGDC/picture_f1Gq7Qw.jpg", "date": "2022-02-26T10:50:00+02:00", "start": "10:50", "duration": "01:00", "room": "ZOOM", "slug": "VGHGDC", "url": "https://cfp.owaspukraine.org/okwinter2022/talk/VGHGDC/", "title": "How to make PHP WEB applications less vulnerable?", "subtitle": "", "track": null, "type": "Talk 60", "language": "en", "abstract": "Hi, I'm Kostia. Currently, I work as a Software Engineer at GOG.com. And I'd like to share some of my knowledge about WEB apps security.", "description": "At the presentation, I'd like to share my point of view on the WEB applications security. I classified the most common threats with examples and solutions. As a result, the listener obtains a holistic understanding of these threats and the correct mindset for building relatively secure applications.", "recording_license": "", "do_not_record": false, "persons": [{"id": 197, "code": "VK7UXL", "public_name": "Deleted User", "biography": "", "answers": []}], "links": [], "attachments": [], "answers": []}, {"id": 140, "guid": "b76422f8-0f99-5dc3-89e2-741a77d8a647", "logo": "/media/okwinter2022/images/PXW8ZW/Kos-OWASP-Kyiv-chapter-2021_3gduj20.jpg", "date": "2022-02-26T12:00:00+02:00", "start": "12:00", "duration": "00:30", "room": "ZOOM", "slug": "PXW8ZW", "url": "https://cfp.owaspukraine.org/okwinter2022/talk/PXW8ZW/", "title": "\u041d\u043e\u0432\u0438\u043d\u0438 \u0441\u0442\u0440\u0430\u0442\u0435\u0433\u0456\u0447\u043d\u043e\u0457 \u043a\u0456\u0431\u0435\u0440\u0431\u0435\u0437\u043f\u0435\u043a\u0438, Winter-2021-2022", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "\u041e\u0433\u043b\u044f\u0434 \u043d\u043e\u0432\u0438\u043d\u0438 \u0441\u0442\u0440\u0430\u0442\u0435\u0433\u0456\u0447\u043d\u043e\u0457 \u043a\u0456\u0431\u0435\u0440\u0431\u0435\u0437\u043f\u0435\u043a\u0438 \u0423\u043a\u0440\u0430\u0457\u043d\u0438 \u0442\u0430 \u0421\u0432\u0456\u0442\u0443, \u044f\u043a\u0456 \u0445\u0442\u043e\u0441\u044c \u043c\u0456\u0433 \u043f\u0440\u043e\u043f\u0443\u0441\u0442\u0438\u0442\u0438, \u0430\u043b\u0435 \u044f\u043a\u0456 \u0432\u0430\u0436\u043b\u0438\u0432\u043e \u0437\u043d\u0430\u0442\u0438.", "description": "\u0412\u0430\u0436\u043b\u0438\u0432\u0456 \u043d\u043e\u0432\u0438\u043d\u0438 \u043a\u0456\u0431\u0435\u0440\u0431\u0435\u0437\u043f\u0435\u043a\u0438 \u0441\u0442\u0440\u0430\u0442\u0435\u0433\u0456\u0447\u043d\u043e\u0433\u043e \u0445\u0430\u0440\u0430\u043a\u0442\u0435\u0440\u0443, \u044f\u043a\u0456 \u043d\u0435 \u0431\u0430\u0436\u0430\u043d\u043e \u043f\u0440\u043e\u043f\u0443\u0441\u043a\u0430\u0442\u0438, \u0449\u043e\u0431 \u0437\u0430\u043b\u0438\u0448\u0430\u0442\u0438\u0441\u044f \"\u0432 \u043c\u0430\u0442\u0435\u0440\u0456\u0430\u043b\u0456\", \"\u0432 \u043f\u043e\u0442\u043e\u0446\u0456\" \u0442\u0430 \"\u0432 \u043c\u043e\u043c\u0435\u043d\u0442\u0456\".", "recording_license": "", "do_not_record": false, "persons": [{"id": 24, "code": "BADYSF", "public_name": "Kostiantyn Korsun", "biography": "\u0423 2000-2005 \u0440\u043e\u043a\u0430\u0445 \u041a\u043e\u0441\u0442\u044f\u043d\u0442\u0438\u043d \u043f\u0440\u0430\u0446\u044e\u0432\u0430\u0432 \u0437\u0430\u0441\u0442\u0443\u043f\u043d\u0438\u043a\u043e\u043c \u043a\u0435\u0440\u0456\u0432\u043d\u0438\u043a\u0430 \u0432\u0456\u0434\u0434\u0456\u043b\u0443 \u0431\u043e\u0440\u043e\u0442\u044c\u0431\u0438 \u0437 \u043a\u043e\u043c\u043f\u2019\u044e\u0442\u0435\u0440\u043d\u043e\u044e \u0437\u043b\u043e\u0447\u0438\u043d\u043d\u0456\u0441\u0442\u044e \u043f\u0440\u0438 \u0414\u0435\u043f\u0430\u0440\u0442\u0430\u043c\u0435\u043d\u0442\u0456 \u043a\u043e\u043d\u0442\u0440\u0440\u043e\u0437\u0432\u0456\u0434\u043a\u0438 \u0421\u0411\u0423, \u0430 \u043f\u0456\u0437\u043d\u0456\u0448\u0435 \u2013 \u043e\u0434\u043d\u0438\u043c \u0456\u0437 \u0437\u0430\u0441\u043d\u043e\u0432\u043d\u0438\u043a\u043e\u043c \u0442\u0430 \u043f\u0435\u0440\u0448\u0438\u043c \u043a\u0435\u0440\u0456\u0432\u043d\u0438\u043a\u043e\u043c CERT-UA.\r\n\u041f\u0456\u0441\u043b\u044f \u0437\u0432\u0456\u043b\u044c\u043d\u0435\u043d\u043d\u0456 \u0437\u0456 \u0441\u043b\u0443\u0436\u0431\u0438 \u041a\u043e\u0441\u0442\u044f\u043d\u0442\u0438\u043d \u043f\u0440\u0430\u0446\u044e\u0432\u0430\u0432 \u0434\u0438\u0440\u0435\u043a\u0442\u043e\u0440\u043e\u043c \u0443\u043a\u0440\u0430\u0457\u043d\u0441\u044c\u043a\u043e\u0433\u043e \u043e\u0444\u0456\u0441\u0443 \u043c\u0456\u0436\u043d\u0430\u0440\u043e\u0434\u043d\u043e\u0457 \u043a\u0456\u0431\u0435\u0440\u0431\u0435\u0437\u043f\u0435\u043a\u043e\u0432\u043e\u0457 \u043a\u043e\u043c\u043f\u0430\u043d\u0456\u0457 iSIGHT Partners (\u0442\u0435\u043f\u0435\u0440 \u0454 \u0447\u0430\u0441\u0442\u0438\u043d\u043e\u044e FireEye), \u043f\u0456\u0437\u043d\u0456\u0448\u0435 \u0441\u043f\u0456\u0432\u043f\u0440\u0430\u0446\u044e\u0432\u0430\u0432 \u0437 Symantec Corp. \u0443 \u044f\u043a\u043e\u0441\u0442\u0456 \u043d\u0435\u0437\u0430\u043b\u0435\u0436\u043d\u043e\u0433\u043e \u043f\u043e\u0441\u0442\u0430\u0447\u0430\u043b\u044c\u043d\u0438\u043a\u0430 \u043f\u043e\u0441\u043b\u0443\u0433 Threat Intelligence.\r\n\u041d\u0430\u0440\u0430\u0437\u0456 \u041a\u043e\u0441\u0442\u044f\u043d\u0442\u0438\u043d \u0454 \u0441\u043f\u0456\u0432\u0437\u0430\u0441\u043d\u043e\u0432\u043d\u0438\u043a\u043e\u043c \u043a\u0456\u0431\u0435\u0440\u0431\u0435\u0437\u043f\u0435\u043a\u043e\u0432\u043e\u0457 \u043a\u043e\u043c\u043f\u0430\u043d\u0456\u0457 Berezha Security Group, \u044f\u043a\u0430 \u043d\u0430\u0434\u0430\u0454 \u043f\u043e\u0441\u043b\u0443\u0433\u0438 \u0442\u0435\u0441\u0442\u0443\u0432\u0430\u043d\u043d\u044f \u043d\u0430 \u043f\u0440\u043e\u043d\u0438\u043a\u043d\u0435\u043d\u043d\u044f, \u043e\u0446\u0456\u043d\u043a\u0438 \u0431\u0435\u0437\u043f\u0435\u043a\u0438 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043d\u043e\u0433\u043e \u0437\u0430\u0431\u0435\u0437\u043f\u0435\u0447\u0435\u043d\u043d\u044f, \u043e\u0446\u0456\u043d\u043a\u0438 \u043d\u0430 \u0441\u043e\u0446\u0456\u0430\u043b\u044c\u043d\u0443 \u0456\u043d\u0436\u0435\u043d\u0435\u0440\u0456\u044e, \u0440\u043e\u0437\u0440\u043e\u0431\u043a\u0438 \u0442\u0430 \u0432\u043f\u0440\u043e\u0432\u0430\u0434\u0436\u0435\u043d\u043d\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c \u0431\u0435\u0437\u043f\u0435\u043a\u0438 \u0434\u043e\u0434\u0430\u0442\u043a\u0456\u0432, \u0431\u0435\u0437\u043f\u0435\u043a\u043e\u0432\u043e\u0457 \u043e\u0431\u0456\u0437\u043d\u0430\u043d\u043e\u0441\u0442\u0456 \u043f\u0435\u0440\u0441\u043e\u043d\u0430\u043b\u0443, Bug Bounty, \u0442\u043e\u0449\u043e.\r\n\u041f\u0430\u043d \u041a\u043e\u0440\u0441\u0443\u043d \u0454 \u0430\u043a\u0442\u0438\u0432\u043d\u0438\u043c \u0447\u043b\u0435\u043d\u043e\u043c \u0443\u043a\u0440\u0430\u0457\u043d\u0441\u044c\u043a\u043e\u0457 \u043a\u0456\u0431\u0435\u0440-\u0441\u043f\u0456\u043b\u044c\u043d\u043e\u0442\u0438, \u043f\u0440\u043e\u043f\u0430\u0433\u0443\u044e\u0447\u0438 \u0456\u0434\u0435\u0457 \u0440\u043e\u0437\u0432\u0438\u0442\u043a\u0443 \u0456\u043d\u0434\u0443\u0441\u0442\u0440\u0456\u0457 \u043a\u0456\u0431\u0435\u0440\u0431\u0435\u0437\u043f\u0435\u043a\u0438 \u0432 \u0443\u043a\u0440\u0430\u0457\u043d\u0441\u044c\u043a\u043e\u043c\u0443 \u0441\u0443\u0441\u043f\u0456\u043b\u044c\u0441\u0442\u0432\u0456.\r\n\r\nKostiantyn Korsun\r\n\r\nAs former deputy head of Cybercrime Department at Security Service of Ukraine (colonel retired), Kostiantyn was one of the founders and the first head of CERT-UA. After resigning from the service (colonel retired), Kostiantyn acted as Regional Director for Ukraine Research Office of iSIGHT Partners, an international cyber threat intelligence company (now is a part of FireEye). Then he cooperated with Symantec Corp. as an official vendor of Threat Intelligence services.\r\nCurrently, Kostiantyn is a Co-Founder of BSG, a company that provides services in Penetration Testing, Security Awareness Programs, Software Security Assessment, Bug Bounty Program, Social Engineering Assessment, Application Security Programs.\r\n Mr. Korsun is an active member of the local cyber community in Ukraine, promoting cybersecurity ideas within Ukrainian society.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"id": 133, "guid": "88df96f0-2292-5a14-bdca-541474beb3ac", "logo": "", "date": "2022-02-26T12:45:00+02:00", "start": "12:45", "duration": "00:45", "room": "ZOOM", "slug": "9GATLL", "url": "https://cfp.owaspukraine.org/okwinter2022/talk/9GATLL/", "title": "WordPress: Hacking and Securing", "subtitle": "", "track": null, "type": "Talk 45", "language": "en", "abstract": "WordPress is the world's most popular Content Management System, which makes it a lucrative target for cyber criminals. Thousands of WordPress-based websites get hacked daily and according to the GoDaddy report 90% of hacked websites in 2019 were running WordPress CMS. In this talk you will learn about several vulnerabilities and methods used to hack into WordPress websites (including live demo) and some of the mitigations and methods  you can use to improve the security of your WordPress websites.", "description": "WordPress is the world's most popular Content Management System, which makes it a lucrative target for cyber criminals. Thousands of WordPress-based websites get hacked daily and according to the GoDaddy report 90% of hacked websites in 2019 were running WordPress CMS. In this talk you will learn about several vulnerabilities and methods used to hack into WordPress websites (including live demo) and some of the mitigations and methods  you can use to improve the security of your WordPress websites.", "recording_license": "", "do_not_record": false, "persons": [{"id": 163, "code": "NT89EU", "public_name": "Sam Stepanyan", "biography": "Sam Stepanyan is an OWASP London Chapter Leader and an Independent Application Security Consultant with over 20 years of experience in the IT industry with a background in software engineering and web application development. Sam has worked for various financial services institutions in the City of London specialising in Application Security consulting, Secure Software Development Lifecycle (SDLC), developer training, source code reviews and vulnerability management. He is also a Subject Matter Expert in Web Application Firewalls (WAF) and SIEM systems. Sam holds a Master\u2019s degree in Software Engineering and a CISSP certification.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"id": 135, "guid": "8bf85467-868a-598e-b62e-90a00960f434", "logo": "", "date": "2022-02-26T13:40:00+02:00", "start": "13:40", "duration": "00:30", "room": "ZOOM", "slug": "UPQJM8", "url": "https://cfp.owaspukraine.org/okwinter2022/talk/UPQJM8/", "title": "Infrastructure as a code security scanning in CI/CD", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "Current speech is about security scanners which will help you to find misconfigurations and follow best practices for terraform and similar IAC tools in CI/CD. The main goal of topic is to teach you how to protect your project with the best suitable tool.", "description": "Particularly will be discussed about snyk, tfsec, kics tools, vulnerable terraform project and Gitlab CI/CD", "recording_license": "", "do_not_record": false, "persons": [{"id": 199, "code": "HA77JB", "public_name": "Volodymyr Skorupskyi", "biography": "Application Security Engineer, former penetration tester with 4 years experience.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"id": 138, "guid": "a05dac03-c286-54dd-b380-860db3f4b123", "logo": "", "date": "2022-02-26T14:20:00+02:00", "start": "14:20", "duration": "00:30", "room": "ZOOM", "slug": "ETFW8M", "url": "https://cfp.owaspukraine.org/okwinter2022/talk/ETFW8M/", "title": "threat modeling all the things . why do we need it. how to achieve it.", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "what if i tell you that security vulnerabilities could be find before the pen test and sometimes before coding the functionality. if it sounds interesting to you - please, visit my talk and get some new information about thread modeling process and it implementation in the company", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"id": 101, "code": "MKHQH9", "public_name": "Nadia Klymenko", "biography": "Application Security Engineer in Bizzabo", "answers": []}], "links": [], "attachments": [], "answers": []}, {"id": 136, "guid": "3fa7fa06-ab51-508f-aae3-1ba3488ff427", "logo": "/media/okwinter2022/images/GKWHBH/veteranius_im3ukhU.png", "date": "2022-02-26T15:00:00+02:00", "start": "15:00", "duration": "00:30", "room": "ZOOM", "slug": "GKWHBH", "url": "https://cfp.owaspukraine.org/okwinter2022/talk/GKWHBH/", "title": "What I learned while teaching Cybersecurity to Ukrainian Veterans", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "Recently Ukraine has been at the forefront of the world news due to active war phases occurring on multiple operational areas: physical, cyber, informational, etc. In this presentation I share my story and ideas about how Ukrainian veterans can we help address cybersecurity situation in Ukraine.", "description": "There are almost half a million war veterans in Ukraine. These are people who have defended territorial integrity of their country. Many (if not all) possess critical skillsets of operating under stress, commitment to mission and teamwork. When veterans are back to civil life, they are faced with a number of problems - discrimination, lack of professional job prospects, financial hardships, PTSD and so on. Veterans are dedicated and committed individuals that deserve respect and a better life. IT and cybersecurity can be one of the ways to positively influence their lives. And how others can help as well.", "recording_license": "", "do_not_record": false, "persons": [{"id": 200, "code": "CMP9DD", "public_name": "Dmytro Kavun", "biography": "Born and raised in Ukraine, Dmytro has lived in the United States for over the past 20 something years. With nearly 20 years of professional experience in IT, the last 13 of them Dmytro has dedicated to cybersecurity. His strong expertise has been especially helpful in his active volunteering for and mentoring of Ukrainian veterans in obtaining a new profession in IT within our Veteranius project. Started volunteering with \"Razom for Ukraine\" US non-profit organization as Maidan unfolded in 2014, Dmytro has been involved in a variety of various projects since then - Toy Drive - supporting children of wounded and killed Ukrainian soldiers, organizing music concerts, etc. More recently Dmytro joined the Board of Directors of Razom organization. \r\nVeteranius: https://veteranius.razomforukraine.org\r\nRazom: http://razomforukraine.org", "answers": []}], "links": [], "attachments": [], "answers": []}]}}]}}}