The conference will take place at Hotel Caro.

• Conference talks are free however, you need to register.

The event will be in English, with cutting-edge topics presented by renowned security professionals.

• Free Workshop:

AppSec Bucharest vs. OWASP Juice Shop

In this free workshop you can test your skills in hacking modern web applications against the OWASP Juice Shop! There are 43+ challenge that are waiting to be solved, ranging from simple functional problems and the usual XSS/SQLi issues over severe authentication flaws to multi-step & multi-path attacks against the discount coupons issued by the application!

Trainers:  Björn Kimminich

• Trainings:

Secure Coding for Java (three-day training)

This three-day instructor-led Secure Coding for Java course provides developers with practical guidance for developing Java programs that are robust and secure. Material in this presentation was derived from the Addison-Wesley book The CERT Oracle Secure Coding Standard for Java and is supported by the Secure Coding Rules for Java Live Lessons videos. Participants should come away from the course with a working knowledge of common programming errors that lead to software vulnerabilities, how these errors can be exploited, and effective mitigation strategies for preventing the introduction of these errors.

Trainers: Robert Seacord

OWASP Top 10 vulnerabilities – discover, exploit, remediate (one-day training)

The overall objective of this workshop is to increase the participants’ awareness on the most common web application vulnerabilities and their associated risks. We will discuss about each type of vulnerability described in the OWASP Top 10 project and will teach participants manual discovery and exploitation techniques. Furthermore, a set of useful security testing tools will be introduced during the workshop.

Trainers: Adrian Furtună, Ionuţ Ambrosie

Time critical DFIR: Key playbooks, techniques and tools for time-pressured investigations of security incidents

This course provides responders and threat hunting teams with advanced skills to hunt down, identify, counter, and recover from a wide range of threats within enterprise networks.

Trainer: Teodor Cimpoesu

Introduction to Metasploit Framework

In this course, we will teach how to use Metasploit to enumerate available services, identify potential weaknesses, test vulnerabilities through exploitation, and gather evidence for reporting. You will learn how to install and configure the Metasploit Framework and several supporting tools on Kali Linux. At the end of the course you will have a better understanding on how exploits and payloads work together to gain access to systems.

Trainer: Adrian Ifrim

• CTF (Capture The Flag)

Capture The Flag contests are popular ways to hone your practical security skills by solving challenges on topics such as web, crypto, reverse, exploiting.

We invite security enthusiasts passionate about practical security at the OWASP AppSec 2017 CTF, where you and your team will solve challenges on web, reverse and exploiting. Challenges will be Linux-centric and web.

The CTF webpage is here: https://owasp-ctf.security.cs.pub.ro/home

For the final, the prizes will be:

• 1st place: 1024 euros
• 2nd place: 512 euros
• 3rd place: 256 euros

More information about the agenda can be found at:

https://www.owasp.org/index.php/OWASP_Bucharest_AppSec_Conference_2017

You can register at:

https://www.eventbrite.com/e/owasp-bucharest-appsec-conference-2017-tickets-35356670754

We look forward to seeing you at this event!