Avoiding and Detecting Attacks on Cloud Applications

What we'll do

Securing Web Applications (even in Cloud Native environments) requires both avoiding attacks as well as detecting attacks.
Our talks will introduce you to the dark side (how do attackers think and work?), and will show systematic ways to substantially improve the security of your applications.

*Please note:* This will be an online meetup. We will send the login credentials shortly before the event.

19:00: Welcome and Intro
19:05: Talk 1 (with Escape Game Special): Hack me if you can!
20:00: Talk 2: OWASP AppSensor: Detecting Attacks in your Application
afterwards: Get in touch with the speakers (and other attendees)

Talk 1: *** Hack me if you can! (Speaker: Janosch Maier, Crashtest Security GmbH) ***

You are confident, that your web application is secure? No hacker can touch you? Good for you – or not... Only if you know how a hacker thinks, you can really protect yourself. Therefore, in this virtual "escape the room" game, several hacking challenges are waiting for you. By exploiting flaws in a web application, you will see what is possible without much preparation and with a very simple toolset – a modern web browser. Keep this experience in mind, when working on your next application in order to defend yourself against malicious attacks.

About Janosch:
Janosch Maier was only 15 when he created his own tool to record passwords. Ever since then, he questioned publicly available software and began looking for security flaws wherever he could. While living in Uganda, he met Hackers for Charity where he tasted blood on how to hack for the good cause. Since then, Janosch has been on a crusade to enable developers and security experts to cope with the challenges of agile security principles. Especially in modern, agile environments, it is not sufficient anymore to conduct manual, infrequent security tests. As an engaging speaker and Co-Founder of Crashtest Security, his mission is to educate DevOps teams on how to integrate security in their development processes.

Talk 2: *** OWASP AppSensor: Detecting Attacks in your Application (Simon Bäumler, QAware GmbH) ***

How do you find out if your application is currently under attack by a hacker? The OWASP flagship project AppSensor is a conceptual framework to detect such attacks. In contrast to common intrusion detection systems, AppSensor is directly integrated into the code of the application. Thus, the technical context of the application can be used to identify attacks. This makes the detection of attacks much more precise and the application can react directly.
In this talk OWASP AppSensor is presented and examples are shown on how to integrate AppSensor into your own application to protect your application from attacks.

About Simon:
Dr. Simon Bäumler is software architect and chief technical designer at QAware GmbH. His main focus is on secure applications and microservice architectures. In particular, he deals with the question of how security can be integrated into the software development process in a practical way. He implements this in numerous projects, especially in the telecommunications industry.