A night of collaboration, secure coding and -implementation

Now that BSides København (where most of our volunteers have been preoccupied these last months) is over, it's now time to commence meetings in OWASP Copenhagen. We hope you can join us, if nothing else for the free pizza :-)

We'll be talking about collaboration and large scala data collection, secure coding and -implementation. See you there!

Note Talks will be recorded and put on YouTube but not live streamed, so don't ask. If you don't show up physically, don't sign up.

Agenda
17.00 Welcome
17.05 CrowdSec: Detecting Log4J on a global scale using collaborative security by Klaus Agnoletti
17.40 Pizzatime + socializing
18.30 Secure Code Inspection by Sébastien Gordon
19.00 Secure Implementation by Linus Lagerhjelm
(all times are approximate and subject to change)

Abstracts and Speakers
Klaus Agnoletti
Klaus will talk about how CrowdSec was able to enable the entire infosec community to work together by detecting attempts to exploit a critical 0day, reporting them centrally, thereby enabling anyone to protect themselves. CrowdSec is FOSS, collaborative threat intelligence and threat mitigation. More info at https://crowdsec.net

Sébastien Gondron
Manual code inspection is a very effective measure in detecting and preventing vulnerabilities and weaknesses. However, navigating applications that can span millions of lines of code can be an arduous task. Sébastien will share his experience and show how to make the best of static analysis tools to facilitate and enhance the manual inspection.

Linus Lagerhjelm
You have designed your application with security in mind but how do you make sure that the implementation is actually following these principles? Any sort of software system, even a simple one, usually consists of a lot of moving parts in a lot of different layers and getting everything correct can sometimes feel overwhelming. In this presentation, Linus will present a 'checklist' with the most important security controlls to apply in each layer of the application, from the database to the user's client. When security is applied in every layer of the application, the impact of a vulnerability will be much smaller.