Chapter Croatia Physical Meetup (SRCE, Zagreb)

Hello everyone, it’s time for our OWASP Croatia meetup. This time, we will meet in person.

Location: Public Lecture Room inside the SRCE/CARNet building on floor -1 (Ul. Josipa Marohnića 5, 10000, Zagreb). Thursday, 30.11.2023 @ 18:00.

Huge thanks to the National CERT (cert.hr) and SRCE (srce.hr) for providing the venue!

We have two topics for this meetup:

• Luka Matetić: Modern web attack scenarios
• Hrvoje Prgeša: Breaking the Chain of Insecurity: Why Your Vendor Needs (S)SDLC

Talk abstracts and biographies follow:

Luka Matetić: Modern web attack scenarios

Abstract:
There is a growing misconception about old vulnerabilities such as XSS and assumed decline of the real threat it represents while at the same time there is a growing fascination with modern technologies such as GraphQL. By using modern web attack scenarios on technologies such as JWT or GraphQL it is possible to compare popular attacks and defenses while giving XSS a well deserved place as an end goal within everchanging offensive security landscape.

Bio:
Luka Matetić is a Senior Information Security Consultant with experience in the field of software development, base systems, and integration of Oracle components and several years of experience in Information security. He holds information security related certificates such as Offensive Security Certified Professional (OSCP) and has a master's degree in software engineering and information systems at the Faculty of Electrical Engineering and Computing in Zagreb.

Hrvoje Prgeša: Breaking the Chain of Insecurity: Why Your Vendor Needs (S)SDLC

Sažetak:
Govoriti ćemo o supply chain securityu, uključenim rizicima, i kako ih mitigirati putem koraka uključenih u secure development life-cycle proces, zajedno s preporučenim i najčešće korištenim praksama i alatima. Osvrnut ćemo se i na iskustva u implementaciji jednog takvog procesa.

Biografija:
Hrvoje je development manager u tvrtci ASEE unutar Security & Compliance odjela gdje se bavi isporukom sigurnosno orjentiranog softwera, primarno za fintech industriju, kao i implementacijom (S)SDLCa unutar odjela. S više od 15 godina u struci, Hrvoje je u karijeri bio zadužen za Salesforce Security Review 50+ SalesForce aplikacija i implementaciju SDLCa u više navrata.