Test Driven Application Security + Post-Quantum Cryptography 101
Details
Welcome to OWASP Oslo September meetup. Special thanks to venue and food sponsor Visma.
First presentation:
Test Driven Application Security
Most penetration tests find vulnerabilities present in the OWASP TOP 10 lists. Many originate from unclear non-functional requirements and a lack of tests with security in mind. This presentation will demonstrate a test-driven approach to application security and show how we can write automated tests to prove that our defenses work as expected. Demos will be in C#, for an API in ASP.NET Core 7.
Target audience
All concerned with building secure applications. The demos are in C#, it is good to have a basic understanding of C# and unit testing, but the concepts and security best practices relevant regardless of programming background and level.
Tobias Ahnoff - Application security specialist at Omegapoint
Tobias Ahnoff is an experienced .NET developer and architect with focus on application security. He specializes in implementing authentication flows and authorization for web applications and APIs that manage sensitive data in the bank, finance, and health sectors. He performs security reviews and penetration tests as part of Omegapoint Cybersecurity Gothenburg, a group of experts in application security.
Martin Altenstedt - Application security specialist at Omegapoint
Martin Altenstedt is a software developer and architect with 25 years of experience in Sweden's IT industry. He specializes in being able to take part in both the development and management of software. He is part of Omegapoint Cybersecurity Gothenburg, a group of experts in application security, and has developed several courses in secure application development and gives presentations on application development and security.
Second presentation:
Post-Quantum Cryptography 101 - aka. The end of the world as we know it
You might have heard that the advent of Quantum Computers heralds the end of commonly used cryptography, but what does that mean, and why does it concern you?
In this talk, I will help answer some of these questions. You will learn what a Quantum Computer is, why they are such a bad thing for cryptography, and what you should do about it.
Target audience
The talk does not require any prior knowledge, but some points will be lost to non-technical participants.
Developers, Tech Leads and Architects will get the most out of the talk, but the content is adapted to a varied audience so managers of technology businesses would also benefit.
Stian Svedenborg
Stian is a security enthusiast with a passion for cryptography. He graduated from NTNU in 2014 specializing in cryptography and spent a number of years as a developer. He has entered the eID space as the Security Architect for BankID.