2.0 -//Pentabarf//Schedule//EN PUBLISH SJGDXQ@@cfp.owaspukraine.org 737897492 -SJGDXQ All about Subdomain Takeover attack en en 20190406T100000 20190406T112000 1.02000 All about Subdomain Takeover attack This attack vector utilizes DNS entries pointing to Service Providers where the pointed subdomain is currently not in use. Depending on the DNS-entry configuration and which Service Provider it points to, some of these services will allow unverified users to claim these subdomains as their own. ###### Requirements: * Laptop with Linux * Basic understanding of the Domain Name System (DNS) * Knows how to set up a subdomain * Valid accounts in several cloud services(amazon, microsoft azure (paid subscription), github) for practice * EyeWiteness, SubJack * Good mood PUBLIC CONFIRMED Workshop https://cfp.owaspukraine.org/owaspkyivspring2019/talk/SJGDXQ/ SkyPoint Kostiantyn Sanduliak PUBLISH EQNZA9@@cfp.owaspukraine.org 200948663 -EQNZA9 Overview of iOS apps security assessment en en 20190406T113000 20190406T125000 1.02000 Overview of iOS apps security assessment - iOS security architecture overview - Difference between iOS and Android security assessments - Few words about OWASP MSTG - OWASP Mobile TOP 10 overview - What do you need for testing? - Several tools demonstration PUBLIC CONFIRMED Workshop https://cfp.owaspukraine.org/owaspkyivspring2019/talk/EQNZA9/ SkyPoint Dmytro Diordiichuk PUBLISH FAEFWJ@@cfp.owaspukraine.org 227340804 -FAEFWJ Shooting yourself in the feet with php en en 20190406T130000 20190406T134000 0.04000 Shooting yourself in the feet with php In this talk I'm going to uncover php deserialization mechanism and how it can be used to hack web applications. Every exploitation will be demonstrated in real time using prepared lab and debugger. Minimal php knowledge required for better understanding. PUBLIC CONFIRMED Talk https://cfp.owaspukraine.org/owaspkyivspring2019/talk/FAEFWJ/ SkyPoint Taras Sharkadi PUBLISH D7WZTU@@cfp.owaspukraine.org 170527936 -D7WZTU Ваше веб-приложение уязвимо! en en 20190406T150000 20190406T154000 0.04000 Ваше веб-приложение уязвимо! В 2018 отшумели утечки базы данных населения Индии на 1.1 млрд человек, 330 млн паролей пользователей Twitter, 50 млн паролей и 87 мин личных переписок на Facebook, при этом десятки тысяч других утечек персональных данных и конфиденциальной информации остались за кадром или вообще не были обнаружены. Большинство инцидентов связано с простыми и хорошо изученными уязвимостями, которым легко противостоять. Основные тезисы: - Векторы атак в вашем приложении - Способы поддержания уровня безопасности - План действий на случай обнаружения взлома - На десерт: подборка изысканных уязвимостей, повышающих уровень паранойи PUBLIC CONFIRMED Talk https://cfp.owaspukraine.org/owaspkyivspring2019/talk/D7WZTU/ SkyPoint Dmytro Naumenko PUBLISH R7VML7@@cfp.owaspukraine.org 715699617 -R7VML7 OWASP MSTG in Real Life en en 20190406T160000 20190406T164000 0.04000 OWASP MSTG in Real Life I will talk about: - How security is treated in small companies working on mobile application from scratch to release; - What is MSTG and MASVS, how developers to propose security technics and how it helps QA team to test; - General Testing Guide overview: Authentication, Networking, Crypto, etc. - Short summary if iOS Testing guide: Jailbreak, Data Storage, Tampering, Reverse Engineering, etc. - Popular third party security SDKs for e-Commerce apps PUBLIC CONFIRMED Talk https://cfp.owaspukraine.org/owaspkyivspring2019/talk/R7VML7/ SkyPoint Julia Potapenko PUBLISH NNMNM7@@cfp.owaspukraine.org 561707735 -NNMNM7 Adversarial attacks on DNNs en en 20190406T170000 20190406T174000 0.04000 Adversarial attacks on DNNs PUBLIC CONFIRMED Talk https://cfp.owaspukraine.org/owaspkyivspring2019/talk/NNMNM7/ SkyPoint Andrey Shalaenko