OWASP AppSec Europe 2016 : a roundup

This year’s AppSec Europe was hosted in Rome, Italy and I decided to participate as a volunteer in order to help the OWASP organization and meet up with my friends of the Italian OWASP chapter. It was my first time at AppSec Europe and it was truly amazing.

Me enjoying time off, in front of the Coliseum under the Roman sun

Me enjoying time off, in front of the Coliseum under the Roman sun

The event started with some hands on trainings running on 27th-28th-29th June and then 2 days of conference on 30th June and 1st July. You can find the full program here.

AppSec EU 16 Conference Guide

AppSec EU 16 Conference Guide

 

 

 

 

 

 

Let’s take a look at the trainings:

Assessing and Securing MEAN(MongoDB, Express.js, Angular.js, Node.js) by Jaap Karan (securecodewarrior.com) <– It was nice to meet you Jaap. Highly recommended

Hands on Web App Testing with Python by Michael Born and Fred Donovan

OWASP Application Security Verification Standard 3.0 Developer and QA by Andrew Van Der Stock

Droid-Sec Exploitation by Gordon Gonsalves and Blessen Thomas

Exploiting Websites by using offensive HTML, SVG, CSS and other Browser-Evil by Mario Heiderich

OWASP Top 10: Exploitation and Effective Safeguards by David Caissy

CISO-Training: Managing Web & Application Security – OWASP for senior managers by Tobias Gondrom

Hands-on Threat Modeling by Sebastien Deleersnyder

Web Service and Single Sign-On Security by Christian Mainka and and Juraj Somorovsky

Bootstrap and improve your SDLC with OpenSAMM by Bart De Win

Defensive Programming for JavaScript & HTML5 by Ksenia Dmitrieva

Hacking and Securing iOS Applications by Simone Bovi and Davide Danelon

How to FIDO-enable your web-application for Strong-Authentication by Arshad Noor

The first day of the conference was opened by the keynote of Charlie Miller Bugs ruin everything. He discussed about some real world cases of bugs he encountered working at Apple and Uber and as a consultant for multiple companies.

Charlie Miller - Bugs ruin everything Charlie Miller - Bugs ruin everything Charlie Miller - Bugs ruin everything Charlie Miller - Bugs ruin everything Charlie Miller - Bugs ruin everything Charlie Miller - Bugs ruin everything Charlie Miller - Bugs ruin everything Charlie Miller - Bugs ruin everything Charlie Miller - Bugs ruin everything Charlie Miller - Bugs ruin everything Charlie Miller - Bugs ruin everything Charlie Miller - Bugs ruin everything Charlie Miller - Bugs ruin everything Charlie Miller - Bugs ruin everything

Then we had various talks: (click on the titles to download the slides or watch the videos)

Day 1
AppSecEU2016 – Aaron Weaver – Pipeline Automation
AppSecEU2016 – Achim Brucker – Using Third Party Components [VIDEO]
AppSecEU2016 – Adam Muntner – Open Source Approaches to Security [VIDEO]
AppSecEU2016 – Ajin Abraham – Automated Mobile Assessment [VIDEO]

AppSecEU2016 – Alvaro Muñoz, Christian Schneider – Surviving the Java serialization apocalypse [VIDEO]
AppSecEU2016 – Andreas Falk – Building Native Cloud Apps [VIDEO]
AppSecEU2016 – Arne Swinnen – Tales of a Bug Bounty Hunter [VIDEO]
AppSecEU2016 – Christian Mainka – Breaking And Fixing [VIDEO]
AppSecEU2016 – Dan Cornell – Source Assisted PenTesting [VIDEO]

AppSecEU2016 – David Lindner, Jack Mannino – Dont Touch Me That Way [VIDEO]
AppSecEU2016 – Daniel Kefer – Addressing Security Requirements
AppSecEU2016 – David Rook – Leveling an Application Security Program [VIDEO]
AppSecEU2016 – Dinis Cruz – Using Jira To Manage Risks

AppSecEU2016 – Dirk Wetter – Calm down HTTPS is not a VPN [VIDEO]

AppSecEU2016 – Felix Leder – Bug Hunting on the Dark Side [VIDEO]
AppSecEU2016 – Giancarlo Pellegrino – Compression Bombs [VIDEO]

AppSecEU2016 – Glen ten Cate – OWASP Security Knowledge Framework – Making the web secure by design [VIDEO]
AppSecEU2016 – John Dickson – Making OpenSAMM More Effective [VIDEO]
AppSecEU2016 – Julia Knecht – SAASy SPLC [VIDEO]
AppSecEU2016 – Lofti Othmane – Prediction Models

AppSecEU2016 – Michele Spagnuolo, Lukas Weichselbaum – Making CSP great again [VIDEO]

AppSecEU2016 – Oliver Lavery – Framework Security – Have You Hugged A Developer Today [VIDEO]
AppSecEU2016 – Scott Davis – Scanning with Swagger [VIDEO]
AppSecEU2016 – Simone Onofri – Security Project Management [VIDEO]
AppSecEU2016 – Timur Khrotko – Lets Skip The Pentest
AppSecEU2016 – Tobias Gondrom – Ciso Survey [VIDEO]
AppSecEU2016 – Tom Van Goethem – The Timing Attacks They Are A Changin [VIDEO]

AppSecEU2016 – L. Compagna, A. Sudhodanan, A. Armando, R. Carbone – Attack Patterns for Black-Box Det [VIDEO]
Day 2
AppSecEU2016 – Abhay Bhargav – SecDevOps [VIDEO]
AppSecEU2016 – Amit Ashbel – Game of Hacks

Amol Sarwate – 2016 State of Vulnerability Exploits [VIDEO]
AppSecEU2016 – Ben Stock – From Facepalm To Brain Bender [VIDEO]
AppSecEU2016 – Chris Romeo – AppSec Awareness [VIDEO]
AppSecEU2016 – Christian Wressengger – Flash-based Malware [VIDEO]
AppSecEU2016 – Christopher Spaeth – From DTD to XXE [VIDEO]
AppSecEU2016 – Grant McCracken – Running a Bug Bounty [VIDEO]
AppSecEU2016 – Ikka Turunen – Chain of Trust [VIDEO]

AppSecEU2016 – J. Rose, R. Sulatycki – Grow up AppSec-A case study of maturity models and metrics [VIDEO]
AppSecEU2016 – Jacky Fox – Women in Cyber [VIDEO]

AppSecEU2016 – Jakub Kaluzny – Big problems with big data – Hadoop interfaces security [VIDEO]

AppSecEU2016 – Johannes Dahse – Static Code Analysis of Complex PHP Application Vulnerabilities [VIDEO]
AppSecEU2016 – John Kozyrakis – Certificate Pinning [VIDEO]

AppSecEU2016 – Jonathan Kuskos – The Top 10 Web Hacks of 2015 [VIDEO]
AppSecEU2016 – Liesbeth Kimpen – Think Villain Proof [VIDEO]
AppSecEU2016 – Marisa Fagan – The Cool Factor [VIDEO]
AppSecEU2016 – Matthias Rohr – Practical Threat Modelling [VIDEO]

AppSecEU2016 – Mike West – Keynote – Hardening the Web Platform [VIDEO]
AppSecEU2016 – Rob Van Der Veer – GriponSSD [VIDEO]

AppSecEU2016 – Sebastian Lekies – Securing AngularJS Applications [VIDEO]
AppSecEU2016 – Wojtek Dworakowski – Internet Banking Safeguards Vulnerabilities [VIDEO]

TonyUV – Attack Tree Vignette for CaaS [VIDEO]
AppSecEU2016 – Yair Amit – The Ultimate Reason Why Hackers Are Winning The Mobile Malware Battle [VIDEO]

AppSec EU 16 conference AppSec EU 16 conference AppSec EU 16 conference AppSec EU 16 conference AppSec EU 16 conference AppSec EU 16 conference AppSec EU 16 conference AppSec EU 16 conference AppSec EU 16 conference AppSec EU 16 conference AppSec EU 16 conference AppSec EU 16 conference AppSec EU 16 conference AppSec EU 16 conference AppSec EU 16 conference AppSec EU 16 conference AppSec EU 16 conference AppSec EU 16 conference AppSec EU 16 conference AppSec EU 16 conference AppSec EU 16 conference AppSec EU 16 conference AppSec EU 16 conference AppSec EU 16 conference AppSec EU 16 conference AppSec EU 16 conference AppSec EU 16 conference AppSec EU 16 conference AppSec EU 16 conference AppSec EU 16 conference AppSec EU 16 conference AppSec EU 16 conference AppSec EU 16 conference AppSec EU 16 conference AppSec EU 16 conference AppSec EU 16 conference AppSec EU 16 conference AppSec EU 16 conference AppSec EU 16 conference AppSec EU 16 conference AppSec EU 16 conference AppSec EU 16 conference AppSec EU 16 conference AppSec EU 16 conference AppSec EU 16 conference AppSec EU 16 conference

The closing keynote was given by Alessandro Perilli, Can Security Keep Up the Pace with Frictionless IT?

Alessandro Perilli is  the General Manager for Cloud Management Strategy in Red Hat. His keynote focused on the rapid evolution of technology and its security implications. He flew from San Francisco just for speaking at AppSec EU Rome. Thanks Alessandro.

Alessandro Perilli's keynote Alessandro Perilli's keynote Alessandro Perilli's keynote Alessandro Perilli's keynote

Apart from the trainings and the conference we had a University Challenge and a CTF open to everyone. I didn’t bring my laptop but I managed to participate together with a few friends of mine. Security topics ranged from web app, network, mobile, crypto and forensic. I had a lot of fun!

University Challenge Hack in progress An OWASP leader awarding a winner of the University Challenge University Challenge participants

I want to thank everyone, in primis the OWASP Foundation, then the organizer of AppSec EU 16 Matteo Meucci, my friends Simone Onofri, Davide Pataracchia, Giacomo Saliola, Adriano Di Luzio,  Andrea De Gaetano, Francesco Ongaro, Francesco Stillavato, Giuseppe Trotta, Michele Reale, Michele Saporito and Sandro Zaccarini. I hope I didn’t forget anyone. See you soon!

Group picture taken at Cinecittà Studios

Did you enjoy this article?
Signup today and receive free updates straight in your inbox. We will never share or sell your email address.

Author: Fabio Baroni   Date: 2016-07-15 23:00:46

Related posts:

Comments 2

    1. Post
      Author

Leave a Reply

Your email address will not be published. Required fields are marked *