Chapter Croatia Virtual Meetup: State of Infosec in Croatia & SBOM with DepTrack

Hello everyone, it’s time for our OWASP Croatia meetup. The topics will be delivered virtually, over Google Meet.
We have two topics:
* Vlatko Kosturjak: State of information security in Croatia
* Tonimir Kisasondi: Software Bill of Materials (SBOM) with OWASP Dependency Track
See you!
Talk abstracts and bios follow:

-----------
Vlatko Kosturjak: State of information security in Croatia
Diverto just published report about state of information security in Croatia for past year (2021). It is good time to go through the report details including:
- Governance perspective
- Offensive perspective
- Defense perspective
- Incidents
- Phishing
- OT security
- Denial of Service attacks
- Recommendations

Vlatko Kosturjak usually helps clients to reach desired security level(s). He likes to break and build depending on the mood and time of day(night). Beside security, his passion is open and free software, so he contributed code to various free security software.

Tonimir Kisasondi: Software Bill of Materials (SBOM) with OWASP Dependency Track

Today, even the most simple production application relies on a number of dependencies. One library can pull in dozens of packages, and each of those can pull a number of packages so your simple CRUD app that works with a database and a 3rd party API suddenly has a large number of software dependencies. Since each of those packages can contain a security vulnerability that can break the security requirements for your entire application, we somehow need to track from which components our software is built, and if there are any advisories / vulnerabilities for our packages. In this talk you will see how does a CycloneDX standard SBOM look like, how can we generate a SBOM and how can we analyse vulnerabilities and enforce software licences with OWASP Dependency Track. We will touch upon how we can integrate this into our development and security management workflows.

Bio: Tonimir juggles his time between running a consultancy and making and breaking new shiny stuff. He loves appsec, python, go, coffee and secure software/hardware.