OWASP Aarhus Chapter Meeting - Virtual - November/December

Notice, that this is a virtual event running on Zoom.

19:00 - 19:10 – "Welcome" by OWASP Chapter Aarhus

19:10 - 19:55 – “PKI Well Revised: Common Mistakes Which Lead to Huge Compromise of Identity” by Dr Mike Jankowski-Lorek, CQURE

About the presentation:
All technologies and systems currently use cryptography and most uses certificates at some points. Since its boom, internal PKI systems has not changed a lot, but as well the problems that we observe during almost all pentests. It’s time to revise your knowledge about one of the cornerstones of enterprise security and learn few tricks that attackers are using to spoof any identity. What are common pitfalls and mistakes that can lead to full breach of trust and your systems? Where are hidden certificates in Windows infrastructure and who and how can use them? How Azure Information Protection, Windows Hello for Business and other modern technologies rely on Certificates and their security? Brace yourself, this will be demo intense!

About the presenter:
Dr Mike Jankowski-Lorek is a solution architect, developer, data scientist and security expert with more than 17-years’ experience in the field. He designs and implements solutions for Databases, Network & Management area, mainly for Microsoft platform for medium to enterprise level organizations. Mike holds multiple certifications, especially security, database and software development related. He is one of core Experts at CQURE – worldwide known cyber security company. As a passionate person he loves sharing his knowledge. Since 2007 he has been closely cooperating with Polish-Japanese Academy of Information Technology in Warsaw, teaching security, database and data mining related subjects. Dr. Mike is additionally interested in Big data, High Availability and real time analytics especially when combined with machine learning and artificial intelligent or natural language processing. He has completed his PhD – Dr. academic knowledge, professional experience and strong technical skills. Dr. Mike is already an author of multiple scientific publications, including a chapter in “Encyclopedia of Social Network Analysis and Mining” published by Springer. He has appeared at the world’s most important and well-known cybersecurity conferences both individually – at RSA USA, RSA Asia Pacific & Japan and NT Konferenca Slovenia – or with the CQURE Team – at Black Hat Black Hat USA, Black Hat Europe, Black Hat Asia.

19:55 – 20:05 – Short break

20:05 – 20:55 – "Protecting your web application/API with common sense and CrowdSec" by Klaus Agnoleti, Head of Community at CrowdSec

About the presentation:
Protecting your web applications and APIs are more important than ever. Especially these days where one can deploy their application in the cloud where everything but the application itself is a standardized application constantly updated for you by continuous patch processes, it is more evident than ever that the biggest risk is present in the code you produce yourself and expose to the internet. But what are the risks? And how to mitigate them? And is it true that APIs don’t need to be secured as much as your website?

All competent security professionals know that there’s no such thing as a silver bullet so obviously, creating an AppSec program is inevitable to achieve a sufficient security posture. But how do we handle the remaining risks? Along with your common sense, CrowdSec is a useful FOSS security tool that can be used to mitigate those (as well as many other risks).

About the presenter:
Klaus Agnoletti has been an infosec professional since 2004. As a long-time active member of the infosec community in Copenhagen, Denmark, he co-founded BSides København in 2019.

Currently, as Head of Community in CrowdSec, one of his current roles is to spread the word and inspire an engaging community.

20:55 – 21:00 - "Closing notes and Goodbyes" by OWASP Chapter Aarhus