Uncategorized

Workshop prerequisites

Posted on Updated on

If you plan to attend one of the workshops, you should prepare by bringing a laptop with the below prerequisites to get the most out of your participation:

WebGoat: Teaching application security 101 with Nanne Baars
  • Java 8
  • Docker
  • Burp or ZAP or any other favorite proxy interceptor tool
  • Maven 3 (optional)

 

Gothenburg pwns the OWASP Juice Shop with Björn Kimminich
  • Node.js (v4, 6 or 7)  OR
  • Docker OR
  • Vagrant

and

 

Digital Forensics: Know your enemy and know yourself with Ahmed Neil

Software installation is done during workshop

 

Passwords are dead! with Viktor Lindström

Hardware is provided by OWASP Gothenburg. Software installation is done during workshop.

See you on Thursday!

The end is nigh!

Posted on Updated on

Now it’s only a few days until the security event of the year! We are officially sold out and have done everything we can to serve you high-quality security content throughout the day. We are very excited and look forward to seeing you on Thursday!

The registration starts at 8.30. Make sure to be on time and grab a tasty breakfast roll and a cup of coffee before the talks and workshops start at 9.00. The schedule can be found here: https://owaspgbgday.se/schedule/
The conference will run three parallel tracks – one speaker track in the Pascal room and two workshop tracks in the Tesla and Kelvin rooms. All conference visitors are free to participate in workshops and watch talks of their choice. However, the workshop seats are limited and provided on a first come, first served basis. There will be no reservations, so make sure to be on time and take a seat if you are aiming for a specific workshop.

There has been a slight change in the workshop area. The previously communicated OWASP Zap workshop has been canceled. Instead, you will get the opportunity to solder and program your own USB based two-factor-authentication device to bring home. The workshop has 10 seats and will be headed by Viktor Lindström. Go there for some serious hardware work!

After the last presentation, we will walk across the hallway to L’s Resto for a security pub with beer and quiz. Be there or be square!

Viktor Lindström – Passwords are dead! (workshop)

Posted on Updated on

viktorPasswords are dead! We all know it, they can no longer be trusted. Only this year, the well known Troy Hunt has made his point over and over and OVER again. Yahoo did a boo boo, Linked in did a boo boo, Dropbox did a boo boo… The list is so long it’s not even worth continuing, it’s just makes you sad. You will know it for real if you had a “friend” that had an account on Adult Friend Finder or Ashley Madison.
So lets step back and take a look at authentication, wouldn’t it be nice if were more like a real tangible item which, when activated grants you access when you uses it. It’s groundbreaking! IT’S U2F-ZERO! Take this chance and build your own 2 Factor Authentication Key, and use it for your Github, GMail or why not implement 2FA at your own webpage.

To be clear – This workshop actually contains soldering your own 2FA-device that works. Components are free. No equipment required. Limited seats.

Viktor Lindström has a passion for security, loves the offensive as well as the defensive side. Currently he focuses his daily work in the automotive industry trying to do more good than bad. He has worked as programmer, pentester, adviser and loves spread the word about security.

Pierre Pavlidès – Overview of some automotive RKE systems

Posted on

pierre-pavlidesCar security started as a simple mean to prevent car theft. The issue is becoming increasingly serious with onboard computers controlling every key component. Some are now part of the Internet of things, or even self-driving. Massive car hacking a la Ghost in the Shell may come sooner than we think.
In this talk however, we will come back to one of the security features used by the vast majority of our cars: remote keyless entry systems (RKE). These systems are in charge of locking and unlocking the car when the owner pushes the corresponding button on the remote control.
Like any computing systems, RKEs schemes may be prone to security issues. We will present two categories of vulnerabilities that allow an attacker to clone a key fob under the right circumstances and (un)lock the car at will. Such insecure schemes have be used by major manufacturers over more than 20 years.
This talk is based on the paper “Lock It and Still Lose It – On the (In)Security of Automotive Remote Keyless Entry Systems” presented at the 25th USENIX Security Symposium (August 2016) and authored by Flavio D. Garcia, David Oswald, Timo Kasper and Pierre Pavlidès.

Pierre Pavlidès studied RKE systems during his Master of Science at the School of Computer Science of the University of Birmingham (UK). Today he is working as a pentester and security trainer at Lexsi in France.

2015 Line-up and Videos

Posted on Updated on

In 2015 the first #owaspgbgday conference was  held with amazing workshops and speakers, thank you! If you cannot wait until november make sure to check out the presentations from last year!

Read the rest of this entry »

We are looking for workshops as well!

Posted on Updated on

Papers and presentations are awesome but getting ones hands dirty in a workshop is also critical in learning. Remember that for #owaspgbgday we are also looking for workshops.

Make sure to checkout our call for papers and submit your workshop idea. If you’d rather hold a presentation, of course we would love to hear about it as well.

See you on OWASP Gothenburg Day 2016!

The Call For Papers is open!

Posted on Updated on

The CFP for #owaspgbgday has opened and WE WANT YOU!

We want talks and workshops so go a head and check out the details on the CFP page.

Venue has been booked!

Posted on Updated on

For those of you who were with us on #owaspgbgday last year, you will remember the amazing venue on Lindholmen Conference Center.

We are glad to tell you we will be there once more!

The story continues!

Posted on Updated on

After the success of OWASP Gothenburg Day (#owaspgbgday) in 2015 we are now in the midst of planning the 2016 successor. CFP will open soon and we are actively talking with speakers right now, the venue is already booked and the date has been set!

As you see, it is only a matter of time so stay tuned!

Date: 2016-11-24
Venue: Someplace
Cost: Stay tuned!