OWASP Moscow Meetup # 9: Recordings


On December 6, 2019, the next OWASP Meetup, a meeting of the Moscow branch of the community, was held at the BI.ZONE Moscow office. In under the cut are presentations and presentations of speakers.

“OWASP projects: monitoring the security of the 3rd-party component using the Dependency Track”, Taras Ivashchenko, OZON.

We launch the format of mini-reports about OWASP projects. This time we will touch upon the actual security problem of third-party components of your service.

→ Presentation.

“One among strangers,” Anton Lopanitsyn.

Bypassing IP white sheets of some web applications due to the peculiarities of incorrect parsing of HTTP request headers.

→ Presentation.

“The future without passwords: about FIDO2 / WebAuthN and not only”, Sergey Belov, Mail.Ru Group.

Password authentication began to be buried many years ago, but they, unfortunately, are still used everywhere. The new standard has united the giants of the Internet industry and aims to complete this era.

→ Presentation.

“CTFZone, or how to stop re-writing and love CTF,” Nikita Vdovushkin, BI.ZONE.

How to conduct a competition when any configuration error can lead to a complete breakdown. How to prepare the infrastructure, the services of which will obviously be finished, dirbit and brute. What are good tasks, how do teams break each other in the finals and how to be prepared for this.

→ Presentation.

GraphQL Security Testing, Egor Bogomolov, Wallarm.

About GraphQL API testing approaches: what to look for, which tools can make life easier, as well as interesting unpopular attacks on GraphQL that open up new possibilities in operation.

→ Presentation.

OWASP Moscow chapter: OWASP Moscow
OWASP Russia chat: https://t.me/OWASP_Russia
OWASP Russia channel: https://t.me/OWASP_RU

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *