Welcome to OWASP EEE October 11th

From October 6 to October 12, a series of 7 mini-conferences for information security specialists under the general name OWASP EEE will be held . Meetings will be held in 6 different countries: in Poland, Lithuania, Romania (in Cluj and Bucharest), in Hungary, Russia and Austria. Each meeting will have different reports, but thanks to the daily online broadcast, you can watch all the interesting speeches. The Russian part of OWASP EEE will be held on October 11 at the office of Mail.Ru Group. Please note that all reports will be in English.

Meeting

schedule : 13:30 - 14:00: Registration of guests.

14:00 - 14:45: Taras Ivashchenko , Yandex
“For Internet companies it is very important to enter the market with the finished product as soon as possible. The faster you offer users new features, the better the service. This is critical, and information security professionals need to adapt to market requirements. "I will consider several cases of building a product’s security system, and show how to avoid various problems that lead to deployment delays."

14:50 - 15:35: Zakariya Rashid (Zakaria Rachid), Information Security Consultant
“We’ll talk about hacking payment terminals and various devices that surround us in everyday life. The first version of this report was presented in France at Nuit du Hack 2014. Since then I have supplemented it with information on new attack vectors and critical infrastructure, as well as examined in more detail some of the old vectors. In addition, I have expanded the part that describes defenses against attacks. So the report has become more mature. ”

15:40 - 16:00: Break.

16:00 - 16:45: Omar Ganiev , Ahack.ru
“I will look at some ways, tricks, and tools for quickly assessing the security of a web application (black box and white box methods). All this can be useful to you in a variety of situations: for speedy or large-scale penetration testing, in conditions of unfair competition, when searching for bugs for a fee, etc. We will consider the minimum set of necessary tests and the shortest ways to get application control. "

16:50 - 17:35: Ivan Novikov , Wallarm.com
“OOB is a method of obtaining information through information transmission channels that are not used to send data directly. We know that in the case of MySQL, only the load_file () function can be used for this. However, this method involves the use of UNC names and works only under Windows. I will talk about our attempts to find other ways to get data from MySQL using OOB. Of course, this also applies to SSRF attacks using SQL injection. ”

The online broadcast of all seven meetings will be conducted on the Youtube channel .

Mail.Ru Group office address: Leningradsky prospect, 39, building 79.

To register for this event, you need to have a valid IT.Mail.Ru account .