BugCrowd is proud to host the AppSec EU Bug Bash – a bug bounty hackathon where cash bounties will be rewarded to those who discover vulnerabilities in companies such as Heroku, Indeed, Blackphone, and more.
We’ll be rewarding the best bug each night with an Apple Watch, so make sure to bring your laptop for some hacking! Note: You must be physically present at the event for a chance to win the watch.
Join us (6-11:30PM) both nights (May 19 & 20):
Drinks and food will be provided, so bring your laptop and your appetite!
You do not need a conference badge to attend this event, however space is limited, please pre-register here: http://bgcd.co/appsecEU
Android App Hacking is a one day course on learning Android application security assessment based on the “OWASP Top 10 Mobile Risks”. This hands-on training is designed around the dummy internet banking application which contains vulnerabilities that were observed by the trainer during his daily application security assessments. This dummy internet banking application has features such as adding a beneficiary account, fund transfer, view statements, OTP, Pin sign-in, etc. to provide attendees a real world application scenario.
Attendees will get familiar with following topics during the class:
The exact topics discussed will be agreed between the attendees at the start of the day, but are expected to cover things like: An introduction to ZAP and the attendees A review of ZAPs perceived strengths and weaknesses Discussions around the future direction of ZAP Areas of ZAP that people find difficult to contribute to Components of ZAP that attendees think need significant reworking How to encourage more participation Interworking with 3rd party tools The opportunity to focus on specific areas of interest to the attendees
The AppSensor v2.0.0 code implementation final release was undertaken in January. One of the tasks to continue with is the development of a reporting dashboard. This session is to brainstorm ideas and layouts for the dashboard, and identify what tools/libraries can assist in the creation of the dashboard. Bring ideas, energy, URLs, paper and pens! The outputs will be dashboard mockups.
• Introductions and objectives • Information requirements • User stories • Information design • Code libraries and frameworks.Code roadmap: https://www.owasp.org/index.php/OWASP_AppSensor_Project#tab=Road_Map_and_Getting_Involved Microsite http://www.appsensor.org/
Deliverables:
BugCrowd is proud to host the AppSec EU Bug Bash – a bug bounty hackathon where cash bounties will be rewarded to those who discover vulnerabilities in companies such as Heroku, Indeed, Blackphone, and more.
We’ll be rewarding the best bug each night with an Apple Watch, so make sure to bring your laptop for some hacking! Note: You must be physically present at the event for a chance to win the watch.
Join us (6-11:30PM) both nights: (May 19 & 20)
Drinks and food will be provided, so bring your laptop and your appetite!
You do not need a conference badge to attend this event, however space is limited, please pre-register here: http://bgcd.co/appsecEU
The AppSec industry is enormously diverse and it only continues to diverge as we put more software into more things with more connections. It’s an industry that’s fluctuating between the sophisticated to the absurd, the intelligent to the primitive and the scary to the outright hilarious. There’s valuable lessons to be taken away from these events and applied in our future security efforts.
In this talk, Troy is going to cover a broad spectrum of what’s happening in our industry – an entire 50 shades of it in only 45 minutes – and you’ll get a sense of just how challenging it’s becoming for those of us working in AppSec to keep ahead of the attacks. Troy will cover everything from the social aspects of hacking through to some of the more obscure attacks and the increasing challenges we have as defenders.
Over the last year, we’ve seen a profound rise in new attack vectors (Wirelurker and Masque) against mobile apps that involve reverse engineering mobile code followed by unauthorized runtime behavior modification. How are hackers reverse engineering mobile apps and injecting their own malicious code into them? It’s disturbingly easy and there are plenty of freely available and easy-to-use tools on the market to help the hacker along the way. In this hands on session, you will use laptops and iOS devices we provide to reverse engineer and modify code in an iOS app. We will guide you through each step.
Attendees are asked to bring their own laptop and a jailbroken device. A very limited number of jailbroken devices will be available.
Here’s a description of how to prepare for the workshop:
Listen to OWASP leaders explain their own projects in 10-minute lightning talks, describing the aims, audience, benefits and free open source outputs available. This first session showcases four OWASP projects:
In the second session a further four OWASP leaders explain their own projects in 10-minute lightning talks, describing the aims, audience, benefits and free open source outputs available from the following OWASP projects:
With continuous development, we write less code and consume more re-usable open source code. Innovation is accelerated and so is application complexity. Complexity is the enemy of quality. Poor quality creates unplanned/unschedule work. Re-work creates a drag on development speed. It’s a continuous loop.
While Agile and DevOps have made us faster and more efficient, they can only take us so far… and worse the year of OpenSource attacks we’ve just had commands better practices.
What if we could deliver applications on-time (even faster), on-budget (even more efficiently) and with a natural byproduct of more acceptable quality and risk?
The good news: other industries have figured this out with supply chain management. Applying supply chain approaches to software raises the bar on continuous goals.
A few of the patterns we can take from the rigor of things like the Toyota Supply Chain: