OWASP Gothenburg PyPI security and TruffleHog Disclosure

Join us at our partner Omegapoint's office for an intriguing evening with food and drinks, and talks about PyPI security and a disclosure of security issues in TruffleHog!

Where: Omegapoint, Rosenlundsgatan 3, 411 20 Göteborg

Agenda:
17:00 - 17:30: Welcome to Omegapoint
17:30 - 17:45: Introduction from the event hosts and presentation of tonight's speakers.
17:45 - 18:30: PyPI Security: Past, Present & Future
The talk will be about PyPI's security stance, from the point of view of a
free software maintainer: 2FA, tokens and authentication.
The changes they did, the mistakes along the way, changes that are a work in progress and speculation on changes they will introduce in the future.
Salvo Tomaselli is the sole maintainer of a critical python library.
Also small time free software contributor, Debian developer, IRC dweller, GPG holdout. Has worked in Gothenburg for a network security company for the past years.
Enjoys jamming music, participating in flame wars and talking too loud.

18:30 - 19:15: Food & Drinks

19:15 - 20:00: TruffleHog Security Issue Disclosure
This presentation covers a set of security issues in TruffleHog, an open source, automated security tool that scans code repositories and configuration files for active secrets. The session provides a detailed walkthrough with several live demos, showing how the tool can be exploited to remotely harvest credentials from anyone running a default installation of TruffleHog v3. This presentation is part of a coordinated disclosure together with Truffle Security, the team behind TruffleHog.
Helena Rosenzweig is a security researcher and software engineer at Omegapoint, focusing on application security for client projects. She has a keen interest in building secure and scalable software but is equally intrigued by all the things that can go wrong.

20:00 - 21:30: Over-time (optional)
Hang out, grab something to drink, and discuss security, the weather or anything in between!