OWASP Europe Tour - Lisbon 2013

Tive a oportunidade de assistir ao evento OWASP Europe Tour - Lisbon, no ISCTE, dia 21 de Junho de 2013.

O programa incluia vários speakers, com temáticas bastantes variadas mas sempre com a segurança como pano de fundo.

Lieven Desmet
Sandboxing JavaScript. - Discussing the problem of remote script inclusion based on an analysis of the Top 10.000 websites; - Overview of JavaScript sandboxing techniques, with particular focus on JSand (ie. a prototype we have developed at KU Leuven).

- deu para me aperceber melhor sobre as vulnerabilidades da inclusão de javascript externo, e como contornar usando JSand

Pedro Fortuna
Protecting JavaScript source code – Facts and Fiction.
The goal of code obfuscation is to delay the understanding of a program does. It can be used, for example, in scenarios where the code contains Intellectual Property (algorithms) or when the owner wants to prevent a competitor for stealing and reusing the code. To achieve it, an obfuscation transformation translates easy to understand code into a much harder to understand form. But in order to be resilient, obfuscation transformations need also to resist automatic reversal performed using static or dynamic code analysis techniques. This presentation focuses on the specific case of JavaScript source obfuscation, main usage cases, presents some obfuscation examples and their value in providing real protection against reverse-engineering.

- num futuro breve não irei precisar deste tipo de técnicas, mas deu para ter uma ideia sobre como obfuscar javascript

Ricardo Melo
PHP and Application Security.
To which level can PHP and application security cohexist? The presentation will provide information about the most security critical aspects while developing a PHP web application

- uma apresentação sobre alguns mitos e as falhas mais comuns de PHP, incluíndo o OWASP top ten.

Dinis Cruz
Scripting Application Security Pentesting at the speed of Scripting (using O2 Platform)
This presentation will show how the OWASP O2 Platform scripting capabilities can be used to 'codify' an pen-testers mind/action and perform advanced analysis, fuzzing and exploitation of both Web and desktop-based Applications.

- uau.

Tiago Henriques
In this talk he will discuss some of the most common ways attackers can use to compromise your computers, understand the details of how some of the tools can be used to achieve this and even how when we are sending our taxes online (IRS) we put ourselves in danger. How can a simple link or opening a simple PDF file give and attacker remote access to your computer systems.

- infetar e controlar computadores com recurso a ferramentas como metasploit e backtrac, explorando vulnerabilidades de java, pdf´s, etc.. 

IT´S A CRAZY WORLD OUT THERE ON THE INTERNETS...

E ficam aqui os videos das apresentações:
https://www.owasp.org/index.php/EUTour2013_Lisbon_Agenda