[HGI-news-int] Meet the folks of ws-attacker, BeEF, WAHH, sqlmap, Zed Attack Proxy, OWASP Top10, DOMinator, Minion, Mallodroid, and the inglorious bastards aka HackPra Allstars

[English Newsletter of the Horst Goertz Institute of IT Security in Bochum]

... at this year's OWASP AppSec Research 2013 (https://appsec.eu/) , which takes place in less than 4 weeks in Hamburg.

 

Excerpt:

 

A: Awesome trainings  (https://appsec.eu/trainings/)

 

Two days of pre‐conference technical training with a focus on builders (PHP, Java, JavaScript), a bit

of breaking and defending and last but not least satisfying the signs of time: Mobile!

Important: Trainers with outstanding international reputation! Highlights:

 

* Marcus Pinto (WAHH): MDSec’s Web Application Hacker’s Handbook, Live Edition

* Hawaiian Jim Manico, Irishman Eoin Keary: Web Application, Web Service and Mobile Secure Coding

* Dave Wichers (Project Lead OWASP Top 10): Securing Mobile Devices and Applications

* Mobile stuff: Mobile Application Hacking and Security — OWASP Top 10 Way by Hemil Shah

* Big stuff: SAP ABAP Pentesting from Frederik Weidemann

* New Stuff: Tiago Teles Defensive Programming for JavaScript & HTML5

* Solid stuff: Paco Hope (author of "web seurity testing book"): Defensive Programming in PHP

* Solid stuff II: Christian Schneider: Java Web Hacking & Hardening

* Go-away stuff: Christian Bockermann (AuditConsole) teaches ModSecurity in depth

 

 

B: Exciting conference program highlights, 2 days, 2 tracks (http://sched.appsec.eu/)

 

* David Ross (Master mind of the XSS filter in IE8+): insane in the IFRAME

* Yvan Boily (Mozilla): new testing framework Minion

* Stefano Di Paola ("DOMinator"): JavaScript libraries (in)security: A showcase of reckless uses and unwitting misuses

* Taras Ivashchenko (Yandex): CSP on a service with an audience more than 11 million users per week

* Chris Eng: Real‐World Agile SDLC, not kidding

* Simon Bennetts (Mozilla/OWASP): What's new in OWASP Zed Attack Proxy

* Jim Manico (WhiteHat/OWASP): Top 10 Proactive Controls for Developers

* Dave Wichers (Aspect/OWASP): OWASP Top 10 – 2013

* Milton Smith (Product Security Manager for Java platform products @ Oracle):  Making the Future Secure with Java

* Krzysztof Kotowicz (PRISM .. err .. Amazon 1 Button Chrome Extension):  I'm in ur browser, pwning your stuff - Attacking (with) Google Chrome extensions

* Michele Orrù, Sardinian: Rooting your internals: Inter-Protocol Exploitation, custom shellcode and BeEF

* Paul Stone: Precision Timing – Attacking browser privacy with SVG and CSS

* Gareth Heyes, Scottish Highlander, will present an array of so far unpublished XSS attack techniques in his XSS Horror Show

* Mario Heiderich, believes that XSS can be eradicated by using JavaScript, will cover HTML injections that break each and every

  HTML filter and shows buggy browsers

* Fun with Broken SSL implementations on Android, spotted by MalloDroid (a story which made it to WSJ last year)

* ... some more interesting SSL stuff!

* Keynotes by Thomas Roessler (W3C), Angela Sasse (Head Information Security Research @ University College London),

  Dieter Gollmann (Head of Security in Distributed Applications, Technical University of Hamburg

 

See teasers @ https://appsec.eu/program/talk-teaser/, https://appsec.eu/program/hackpra-allstars/ 

 

 

C: Open Source Security Showcase (https://appsec.eu/program/open-source-security-showcase/)

 

* Would you like to inject some SQL? Miroslav Stampar will show you how with sqlmap!

* Chris Bockermann: Honeynetting the web with community collectors running mod_security

* A new kid on the webservices penetration testing block:  WS-Attacker presented by XML-Security

  dudes Juraj Somorovsky and Christian Mainka

 

 

and much much more!

 

 

The conference will be held from August 22-23, 2013 (trainings from August 20-21) at the Emporio Hamburg. 

It's centrally located in the heart of the city with a splendid view over Binnen-, Aussenalster and River Elbe.

 

As ticket prizes are subsidized by sponsors (anybody still interested? http://is.gd/QY8PT2), thus entry fees

are low (excl. VAT):

* 350 EUR€ (ISACA/ISC2/OWASP member)

* 420 EUR normal prize

 

trainings come extra.

 

The Open Web Application Security Project (OWASP) is a global open project composed of individuals, educational

organizations and supporting corporations from around the world. OWASP has quickly become the defacto

standards body for web application and software security by providing free, vendor‐neutral, practical,

cost‐effective application security guidelines.

 

 

**Cooperation**

The track HackPra Allstars is organized in cooperation with UbiCrypt - DFG Research Training Group 1817/1 

"New Challenges for Cryptography in Ubiquitous Computing" of the Horst Görtz Institute for IT-Security. 

Find more information about HackPra here: http://www.nds.ruhr-uni-bochum.de/teaching/hackpra/

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ruhr-uni-bochum.de/pipermail/hgi-news-international/attachments/20130729/211c5fe4/attachment.html>