- BSides on the road @ Cluj-Napoca
Hey everyone! We are preparing another exciting evening away from home, this time in Cluj-Napoca! As you know us, we are preparing another round of high quality talks and the official open-sourcing announcement of the newest/coolest tool built by Adobe`s security team :) The schedule: 19:00 - 19:45 Tripod - latent representations for code and logs Tiberiu Boros - Senior Software Development Engineer @ Adobe Romania Cotaie Andrei - Senior Security Engineer @ Adobe Romania Machine learning and Artificial Intelligence are already buzz words in the community, but nobody speaks of the what it takes to build an end to end project. Data preparation is a challenge that all data scientist will encounter. Tripod aims to resolve exactly this. Its purpose is to transform your input into latent representations, computed in an un-supervised manner. Not only it vectorise your text observations or categorical features but it captures different aspects about your data. This is achieved by implementing three different methodologies for computing the latent representations in a deep encoder-decoder architecture: self-attention, global style tokens (GST) and "memory-based" representations. The self-attention model represents code as the concatenated values of all heads in a multi-head attention system; The GST method computes a probability distribution (attention) over a fixed number of style tokens (embeddings) and the latent representation is obtained as the weighted sum over all the tokens; Finally, the memory-based method is similar to GST, but it computes multiple probability distributions over different buckets of style-tokens. The latent representation of the data can be used in multiple application such as: Summarisation, Sentiment analysis, or, as we prefer, for security research projects as: Clustering, Code Analysis, Malicious Classifiers or Command Line/Log/Code Anomaly Detection. 20:00 - 20:45 - Surface - Security Intelligence Automation Platform Teofil Cojocariu - Application Security Engineering Lead @ Paddy Power Betfair Bogdan Peter - Security Operations Analyst @ Paddy Power Betfair Developing an alert aggregator - Flexibility and work adaptability in security monitoring environments.
- BSides Bucharest Meetup
Hey everyone! We are preparing another exciting evening with high quality security talks followed by networking session were you can treat yourself with some pizza and beer! The schedule: 19:00 - 19:30 Vaibhav Jain - Security Dashboard: The Unified Cloud Security View Security Dashboard is a one stop solution which provides all users at Adobe an opportunity to look at their cloud infrastructure which includes AWS, Azure and ITC from security standpoint and leverage it to make themselves CCF and PCI ready. In addition to this it also alerts teams by creating JIRA tickets in their own JIRA Projects so that teams now know tangibles of what needs to be fixed and all this is done intelligently via automation workflows. All of this is developed using a combination of Splunk, Python and JIRA Query Language by ingesting logs coming to Central Adobe Security Splunk from tools like Mavlink, Hubble, Rapid7 and ImageFactory which are mandated to be deployed in Adobe wide Cloud Services. 19:30 - 20:00 Andreea Dima - Continuous automated detection of web application vulnerabilities A manual, human-based, security testing is lengthy, inefficient and in many cases does not adapt to the needs of companies. Therefore, Andreea`s project proposes an approach that involves a continuous automated detection of web applications vulnerabilities, providing a consistent system that allows immediate detection of security inconsistencies by developers and thus more rapid remediation. The main focus of this project is to integrate security validation into a CI/CD Pipeline that also offers a great way to monitor and analyze the results. When a push is made in the Git repository, the pipeline starts automatically and builds, deploys the application on Kubernetes, runs the Kube-hunter for testing the cluster, runs OWASP ZAP for detecting top web vulnerabilities, and runs Snyk for testing application dependencies. 20:00 - 21:00 Trent Bennett & Brendan Abbott - Kubernetes Security There is not a one-size-fits-all approach to Kubernetes security. This talk will briefly go through some best practices, and then discuss multiple components of Adobe's security implementation in Kubernetes, including RBAC, NetworkPolicy, and Ingress. Trent and Brendan will also talk through a few common (and not always immediately obvious) ways to shoot yourself in the foot when it comes to security in Kubernetes.
- BSides Bucharest on the Road - PITESTI
This year, BSidesBucharest wants to reach more people across the country and share the infosec bug with them, so, for this first event, we're partnering with Endava and taking this show on the road to Pitesti, Arges. Speakers & Talks: 1. E-crime activity: Strategies, Actors/Criminal groups, Trends by Cristian-Ionita Dicianu 2. Early Security Testing Using OWASP ZAP by Alexandru Gatu As you've been accustomed by now, food and drinks are the key to a good networking after the event, so, as always, they're a given. Where? Endava - Pitesti Business Center, Victoriei St. 13B, Intrarea langa parcarea Mall-ului Trivale - Etaj 3 (langa Cafegiu).
- BSides Bucharest Security Conference
BSides Bucharest is a non-profit, independently run, community supported conference and part of the worldwide Security BSides movement. The idea behind the Security BSides Bucharest event is to organize a sales-pitch free Information Security community where professionals, experts, researchers, and InfoSec enthusiasts come together to discuss. Get your ticket here: https://www.eventbrite.com/e/security-bsides-bucharest-conference-tickets-50528737815
- BSides Bucharest Meetup
Hi everyone! Did you miss us? We surely missed you! We missed the community so much that we decided that it`s too long to wait until November at our big event to see you all again. Therefore, we teamed up with OWASP and decided to have another meetup in which we will all learn more about the security efforts at Fitbit, as well as enjoing a prequel on Docker and common sense measurements to use containers securely. Where? At the Fitbit HQ (Check the map) When? Tuesday, the 25th of September at 19:00! See you there! Schedule: 19:00 - 19:15 Welcoming message & special announcements 19:15 - 19:45 Katie Foster (Fitbit) - A Quickstart guide to running a Bug Bounty program 19:45 - 20:15 Ash Fox (Fitbit) - IANAC (I am not a cryptographer) but your crypto is broken 20:15 - 20:45 Dumitra Dragos (Adobe) - Meet the Docker-s , keep them safe! 20:45 -21:30 - Food & Networking
- Bsides Bucharest
We are thrilled to announce that BSides Bucharest is in town! BSides Bucharest is a non-profit organization, independently run, community supported conference and part of the worldwide Security BSides movement. The idea behind the Security BSides Bucharest event is to organize a sales-pitch free Information Security community where professionals, experts, researchers, and InfoSec enthusiasts come together to discuss. Please join us for our kick off event on 28th of June ! Schedule: 18:30 - 19:00 Kick off 19:00 - 19:30 Ionut Popescu Senior Application Security Engineer, 1&1 - NetRipper – Smart Traffic Sniffing for Penetration Testers 19:30 - 20:00 Uzoma Ogbonna Cloud Security Engineer, Adobe - Cloud security: STOP WAITING START HUNTING 20:00 - 21:00 Networking - of course, pizza is on us!