Security Meetup by SBA Research

 
 
 

This meeting is organized as an on-site event only! This event will be hosted by Dynatrace, find the information on how to get there down below!

----- WHAT TO EXPECT -----
Talk 1: Vulnerable by Design: Why We Built Unguard, Our Own Insecure Cloud-Native Twitter Clone
By: Christoph Wedenig & Simon Ammer

Talk 2: Boosting your Supply Chain Security with SBOM and VEX
By: Johannes Feichtner

-----Event & Details-----

Talk 1:
Vulnerable by Design: Why We Built Unguard, Our Own Insecure Cloud-Native Twitter Clone

Join us at Vulnerable by Design, where we explore the open-source project, Unguard - an intentionally insecure microservice application crafted for vulnerability testing and educational purposes. Designed to replicate a web-based Twitter clone, this platform boasts standard features such as user management, text, and image posting, alongside “hidden features” (aka. vulnerabilities) that facilitate cross-site scripting (XSS), server-side request forgery (SSRF), and comprehensive remote code execution (RCE). In contrast to other demo applications, Unguard features built-in vulnerabilities, creating the ideal learning atmosphere for security enthusiasts and serving as an excellent testing ground for cybersecurity companies like Dynatrace to evaluate their products. We will dissect Unguard’s microservices, explore their deployment across different platforms using Kubernetes, and learn how to take advantage of these embedded vulnerabilities.

Speaker & Details:

• Simon Ammer: Software Engineer, Dynatrace
• Christoph Wedenig: Senior Software Engineer, Dynatrace
• Talk language: English

Talk 2:
Boosting your Supply Chain Security with SBOM and VEX

Modern software development exposes the supply chain to infinite sources of known and unknown vulnerabilities. Ranging from insecure open-source dependencies to zero-day exploits, software vendors are constantly on the lookout for vulnerabilities in used third-party dependencies and wondering if they themselves are affected. SBOM and VEX are standardized representations to explain what components make up software and can provide transparency into the affected status of vulnerabilities. This talk explains why we need SBOMs and VEX files to ensure product integrity, highlights ways to generate them, and exemplifies practical use-cases.

Speaker & Details:

• Johannes Feichtner, Senior Security Engineer, Dynatrace
• Talk language: English

Agenda:

• 18:00 – 18:15: Gathering
• 18:15 – 18:20: Welcome & Intro
• 18:20 – 18:50: Vulnerable by Design: Why We Built Unguard, Our Own Insecure Cloud-Native Twitter Clone (Simon Ammer and Christoph Wedenig, Dynatrace)
• 18:50 – 19:00: Q&A for the first talk
• 19:00 – 19:30: Boosting your Supply Chain Security with SBOM and VEX (Johannes Feichtner, Dynatrace)
• 19:30 – 19:40: Q&A for the second talk

Location:
Dynatrace Austria GmbH
THE ICON VIENNA
Tower 24 - 22nd Floor
Wiedner Gürtel 13, 1100 Vienna

How to get up:

• When you arrive in the ICON tower, walk straight to the info point and ask for a visitor's card for Dynatrace (22nd floor). They will explain your way to tower 24.
• Walk through the 1st glass door. At the 2nd glass door, you will need your visitor's card (left side) and hold it against the card reader to open.
• At the turnstiles, hold your visitor card against the card reader, walk through and look at the screen on your slide (while entering).
• The screen will display a letter (A-D) about which elevator you need to take.
• At the elevator, entrance is a small display showing you the floor where it is going. Enter if you see the number 22. You can also hold your card against the bottom of the display to get the elevator letter.

Looking forward to see you!