OWASP Meeting in Krakow
Hi,
If you hadn't attended our previous meeting - OWASP is a group related to application security issues. This time we will have two topics to discuss. First - problem of cyber attacks targeted at developers.
Second - is mobile application security case study based on Google Family Link.
As usual, we are open to discuss any application security related topic, there will be a time for open discussion or event to present IT security related jobs if you are an employer.
Please RSVP and save the date!
If you have a minute, please share this link with friends and in social media.
BTW - if you have interesting topic to discuss, send us your proposal.
Agenda:
- Developer in a digital crosshair, 2022 edition (Mateusz Olejarka)
- Google Family Link field test (Mateusz Krzeszowiec)
- Open discussion / Lightning talks / IT Security jobs
Developer in a digital crosshair
Recent years show huge increase in the number of attacks on third party libraries and tools used in software development.
Typosquatting, dependency confusion, malicious changes in popular dependencies (UAParser.js, coa, node-ipc...), issues in popular dev tools (Codecov, Homebrew, npm...) or incidents (PHP, GitHub...). During my talk I will show a lot of interesting, recent examples of such attacks, causes and effects and discuss how to stay secure when developing software.
Speaker's bio:
Mateusz Olejarka - Principal Security Consultant | Head of Web Security @ SecuRing. He performed more than 60 application security trainings dedicated to software developers. Previously working as a software developer, building software for financial sector. He was a speaker both at international and Polish conferences and meetings dedicated to software development and IT security. Casual bug bounty hunter, listed in Hall of Fame companies like: Netflix, Tesla, Twitter, Uber, Yahoo.
Google Family Link field test
Google Family Link promise is to "Help your family create healthy digital habits". Throughout this talk you'll learn that motivated teenager can easily workaround the restrictions on the device through the combination of security weaknesses in in Google app and usage of unfortunate APIs in 3rd party applications like Microsoft Skype.
We'll begin with Google Family Link overview and the reasons behind why it may be the best worst thing we could have. We'll touch on parenting, social impact of mobile devices addiction and science behind it.
Next we'll step through number of bugs found by a curious teenage boy before discussing problematic APIs exposed in Android.
Lastly we'll cover mitigations that ensure that Google Family Link policies are preserved in applications to ensure digital wellbeeing.
Speaker's bio:
Mateusz Krzeszowiec - Veracode, Security Researcher. "Husband, father of two very curious beings. Spent roughly 10 years in various Software Engineering roles before moving into Application Security Space.
Currently working at Veracode as a Researcher responsible for Static Application Security Testing of Android and Javascript applications."
Open discussion / Lightning Talks / IT Security jobs
The stage is yours. If you have something inspiring to share or just IT security related job offer - don't hesitate, it's open meeting and it's all about exchange of views and information.
