Author: Ionut – Daniel BARBU
OWASP Romania InfoSec Conference is starting to be a usual event among the field’s enthusiasts. As October has been chosen worldwide to be the Information Security Awareness month, this event kept the tradition so it was held on Friday, 25th at the University POLITEHNICA of Bucharest. This event review has been written from various perspectives: organizer, OWASP member, RAISA member and information security analyst.
OWASP’s Romania InfoSec Conference declared objective is to encourage application security knowledge sharing. Apart from this, generally speaking information security awareness is a critical aspect of this event. The intention is to assist organizations and also people when taking decisions while implementing different solutions. However, to be clear on this matter, it should be underlined that OWASP is an open source project and very important, vendor free. The audience of the event was widely spread along security specialists, IT employees, teachers, students or just passionate people. Prior to the conference, registration as well as confirmation was required but the attendance was free of charge, making the event available to everyone. Organizers also confirmed that some material will also be available on the conference’s web page.
Throughout the day of the event we have seen around 120 security experts, students and enthusiasts. In my opinion they were given the opportunity to take part in very interesting technical presentations, meet amazing speakers and most of all, get to know each other and share their views towards security. Already confirmed, the IT security community in Bucharest is growing year by year.
The day started with Oana CORNEA, OWASP Romania Chapter leader greeting the attendants and presenting the sponsors: Intel, Dell SecureWorks and Checkmarks and the supporters. Among this last category I would highlight DefCamp organizing team, securitatea-informatiilor.ro, criminalitatea-informatica.ro and Romanian Association for Information Security Assurance (RAISA).
Going through the agenda I would start with the key speaker, at least from the attendants’ perspective, Dinis CRUZ. He is one of the OWASP’s main developers, a security consultant based in London dedicated on Static Source Code Analysis and Dynamic Website Assessments. Dinis held two interesting presentations with regards to his project OWASP O2 Platform. The first one covered how to use the multiple O2 Platform tools and coding environments to perform multiple types of Application security analysis (from black-box browser-automation, to static-analysis code-reviews) while the second speech made the case that when developers have access to powerful development CI (Continuous Integration) environments and code analysis/execution tools, they are able to understand what their code is doing, refactor code with confidence, test they code efficiently and provide assurance that are writing secure code.
Going further, Qualys was well represented by Andrzej KLESNICKI who tried at the beginning of the conference to respond to the question: what is to be done from a security perspective when the developing day closes…To my opinion, as an attendant it was interesting to see that ideas from last year’s event have not been forgotten and Dan VASILE proved me right. He built on the previous presentation of WordPress security and the result was an OWASP project related to the security checklist every administrator should follow when implementing WordPress. His effort of gathering information from various sources and personal experience and setting a security baseline for WordPress was very well received by the audience. Another welcomed speaker was Enrico BRANCA who presented some ways of secure coding in Python. The day has ended with a discussion of one of the most popular 0-days in recent years. By speaking about Shellshock, Tudor ENACHE proved that he is on top of security news and also made OWASP Romania InfoSec Conference 2014 an event up to date with the field’s topics.
As a summary, all people keen on the various fields of IT security should be a part of OWASP Romania InfoSec Conference 2015. University POLITEHNICA of Bucharest was very generous to assist the organizing team by providing the location. By the end of this review some words about OWASP should be said. It is a worldwide not-for-profit charitable organizations whose name is a acronym of Open Web Application Security Project. Their purpose is to improve the security of software. If interested in more information search for the Romanian chapter on the OWASP.org and also join the mailing list.