OWASP Moscow Meetup # 9

image

On December 6, 2019, the next OWASP Meetup will be held at the BI.ZONE Moscow office - a meeting of the Moscow branch of the community, which will bring together information security experts.







OWASP (Open Web Application Security Project) brings together large companies, educational organizations and individuals from around the world. Community members write articles and tutorials, create documentation, tools and technologies. All OWASP developments are publicly available.







The number of seats is limited, so you need to register in advance. Please indicate your real first name / surname when registering on this site and bring your ID with you.







Video broadcast on YouTube is planned, the link will be available later.







Program



18:30 Registration







19:00 “OWASP projects: monitoring the security of the 3rd-party component using the Dependency Track”, Taras Ivashchenko, OZON. We launch the format of mini-reports about OWASP projects. This time we will touch upon the actual security problem of third-party components of your service.







19:15 “One among strangers”, Anton Lopanitsyn. Bypassing IP white sheets of some web applications due to the peculiarities of incorrect parsing of HTTP request headers.







19:30 “The future without passwords: about FIDO2 / WebAuthN and not only”, Sergey Belov, Mail.Ru Group. Password authentication began to be buried many years ago, but they, unfortunately, are still used everywhere. The new standard has united the giants of the Internet industry and aims to complete this era.







19:55 Break







20:10 “CTFZone, or how to stop re-writing and falling in love with CTF”, Nikita Vdovushkin, BI.ZONE. How to conduct a competition when any configuration error can lead to a complete breakdown. How to prepare the infrastructure, the services of which will obviously be finished, dirbit and brute. What are good tasks, how do teams break each other in the finals and how to be prepared for this.







20:35 “GraphQL Security Testing”, Egor Bogomolov, Wallarm. About GraphQL API testing approaches: what to look for, which tools can make life easier, as well as interesting unpopular attacks on GraphQL that open up new possibilities in operation.







21:00 End of the meeting







Registration for the event.








All Articles