OWASP Frankfurt #54 (Virtual): Defending Azure Active Directory & CSRF Attacks

Hi all, we are looking forward to welcome you to our #54 OWASP Frankfurt Meetup!

_What's going to happen?
Despite our very successful box office hit of the OWASP Frankfurt In-Person Meetup in April, we have decided to host the upcoming Meetup for May virtual / online. However, be assured that our Meetup thereafter will be back in-person! Note that this Meetup will not be recorded, so make sure not to miss out on this.

_What are the talks?

_Keynote:
"Securing Azure Active Directory" by Thomas Naunheim, glueckkanja-gab AG

Thomas Naunheim is a Cloud Security Architect with focus on identity and security solutions in Microsoft Azure. During this talk, Thomas will walk us through Azure Active Directory security considerations during the design and implementation of a modern identity infrastructure. In particular, Thomas will dive into following subjects:
- Identity Security Posture in Azure AD and privilege escalation from Azure AD Connect
- Conditional Access Baseline, Continuous Access Evaluation (CAE) and risks of token replay attacks
- Privileged Identity and Access in Azure AD and "overlooked" privileged access paths
- App Integration and different types of workload Identities

Cloud Identities as the "new control plane" is a growing target for cybercriminals. Azure AD offers many security features and integration to other security solutions to protect hybrid identities.

Thomas Naunheim, is an Microsoft MVP for Azure is working for glueckkanja-gab AG and to design and implement cloud identity and security solutions in enterprise environments. He is also a member of the "Azure Meetup Bonn" organization team and co-host of "Cloud Inspires" podcast. You will find him blogging at "cloud-architekt.net" and speaking on community events.

_Talk
Introduction to CSRF attacks by Matthias Altmann, Micromata GmbH

CSRF attacks are no longer part of the OWASP top 10. Modern frameworks
are now well positioned at this point. On the other hand, it is
increasingly found in security vulnerabilities of products. For example,
Wifi manufacturer Ubiquiti, LastPass a password manager or Twitter were
hacked using this way. So what is this security vulnerability, what can
you do with it and how can you find it? To answer this, Matthias will show a small introduction to CSRF attacks using Portswigger Burp.

Matthias Altmann is a IT security expert and Software Developer at
Micromata GmbH, where, together with his colleagues, he is responsible
for and develops the area of IT security. He is also co-founder and
organizer of the IT-Security-Meetup Kassel, a network of IT security
enthusiasts, who are dedicated to the professional exchange on the topic.

_When
Wednesday, 25.05.2022, 18:00h - 19.30h CEST (ca. 1.5 hours)

_Where?
We will be hosting our Meetup via Zoom. Virtual Access details to be announced a few days before!

_Interested in giving a talk yourself?
Get in touch with us (Dan Gora, Jonas Becker or Johannes Schönborn)

_Interested in mentoring or being mentored?
We are exciting to announce our return of our OWASP Frankfurt Mentoring Program (details TBA). If you are interested in becoming a mentor for AppSec, Cloud Security, Ethical Hacking or Blue Teaming, please get in touch with the organisers (Dan Gora, Jonas Becker or Johannes Schönborn)!

_And now?
Save the date, spread the word and bring your friends and colleagues along to our event.

_Follow Us!
Also, follow us on Twitter #owasp_frankfurt and refer to our OWASP Frankfurt site for information including slides and recordings of previous presentations

We're looking forward to see you for this event!