EUTour2013 Finland Agenda

{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="5"
 * align="center" height="30" style="background:#CCCCEE;" colspan="2"      | CONFERENCE
 * align="center" style="background:#EEEEEE;" colspan="2"                  |
 * align="center" style="background:#EEEEEE;" colspan="2"                  |
 * align="center" style="background:#EEEEEE;" colspan="2"                  |

OWASP Europe Tour - Finland 2013
Monday 17th June (Conference)
 * valign="center" bgcolor="#CCCCEE" align="center" colspan="2"            | DESCRIPTION
 * valign="left" height="80" bgcolor="#EEEEEE" align="left" colspan="2" | OWASP Europe TOUR, is an event across the European region that promotes awareness about application security, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.
 * valign="left" height="80" bgcolor="#EEEEEE" align="left" colspan="2" | OWASP Europe TOUR, is an event across the European region that promotes awareness about application security, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.
 * valign="left" height="80" bgcolor="#EEEEEE" align="left" colspan="2" | OWASP Europe TOUR, is an event across the European region that promotes awareness about application security, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.


 * Apart from OWASP's Top 10, most OWASP Projects are not widely used and understood. In most cases this is not due to lack of quality and usefulness of those Document & Tool projects, but due to a lack of understanding of where they fit in an Enterprise's security ecosystem or in the Web Application Development Life-cycle.

Become an OWASP member by clicking here
 * This event aims to change that by providing a selection of mature and enterprise ready projects together with practical examples of how to use them.
 * align="center" style="background:#CCCCEE;" colspan="2" | OWASP MEMBERSHIP
 * valign="left" height="80" bgcolor="#EEEEEE" align="center" colspan="2" | During the OWASP Europe Tour you could become a member and support our mission.
 * valign="left" height="80" bgcolor="#EEEEEE" align="center" colspan="2" | During the OWASP Europe Tour you could become a member and support our mission.
 * valign="left" height="80" bgcolor="#EEEEEE" align="center" colspan="2" | During the OWASP Europe Tour you could become a member and support our mission.
 * }

Abstract
Omar's presentation:

Nokia has launched responsible disclosure program recently. Omar will talk about experiences starting and running such a program as a part of enterprise application security program. Common errors, solutions and best practices will be explained to help other companies to improve their security with this type of programs.

Gavin's presentation:

Jac0byterebel is not your typical social engineering presenter. Out goes the snake oil sale of analysing the minutia of pop psychology and trying to squeeze out real answers to the questions asked during a real social engineering attack. In comes hard hitting accounts of social engineering attacks drawn from real sources but anonymised to protect the pwned.

Deano, our ‘hypothetical’ bad-guy, could hack and social engineer his way to cash in his pocket and no cash in your pocket. Easy, boring, predictable. But what if Deano, a criminal social engineer, really upped his game?

This talk will see Deano up the stakes and deliver the kind of aggressive attack you have all lived in fear of. No longer a phone call to get your credentials, or a rogue e-mail to direct you to a fake website, this time its personal and Deano is looking to do you REAL damage.

Drawing on real data from anonymised sources, from the account given of this attack, attendees of the talk will see that a real social engineer doesn’t once pick up a psychology textbook. Deano will instead pose you a question -

“What if Deano could destroy my business without anyone realising it had been attacked?”

Live in fear of Hactivism? You won’t sleep at night after meeting Deano.

If you want an hour and a half of being told that ‘looking to the right makes you easier to social engineer’, go to another talk. If you want to see how the real bad guy operates, and talk about how to defend against him, then I look forward to seeing you there..

Bio
Omar

Omar Benbouazza is a spanish hacker working in the Nokia Incident Response Team, as a Senior Security Analyst. He has been working in Security Information the last 8 years and has big experience in international companies such as Telefonica, Ernst&Young, Santander Bank and now Nokia. He is also organizer of the most important security conference in Spain, RootedCON.

Gavin Ewan

Gavin 'Jac0byterebel' Ewan is a ranty, shouty, sweary Scottish hacker. After selling lots of things to lots of people, he decided to get firmly into the field of information security, always having been a geek at heart. Having taken his education and training in psychology, particularly sales psychology into the field of social engineering, he is now re-writing the social engineering rulebook and chasing out the snake-oil salesmen. Already a successful speaker, Gavin has delivered talks on social engineering worldwide to various audiences.