Open Web Application Security Project -- az alkalmazásbiztonság ügyét mozdítja elő. Az AppSec ügye: a hackereknek ellenállóbb szoftver.
See all
Members (71)
Eniko Szekely's profile photo
OWASP HU's profile photo
Tibor Bősze's profile photo
Tibor Fekete's profile photo
Timur “x” Khrotko's profile photo
Timur Khrotko (x)'s profile photo
Péter Nagy's profile photo
Adam Zsuffa's profile photo
Péter Béleczki's profile photo
Kovács János's profile photo
Imre Fekete's profile photo
moto defy's profile photo
Balázs Úr's profile photo
Béres Katalin's profile photo
Péter Rónaszéki's profile photo
Nándor Róth's profile photo
Mi Ki's profile photo
Krisztián Schäffer's profile photo
kurri sudarshan reddy's profile photo
Ferenc Frész's profile photo
Ferenc Pohly's profile photo
János Bukovics's profile photo
György Kollár's profile photo
László Németh's profile photo

Stream

Join this community to post or comment

Tibor Fekete
owner

Radar (érdekes)  - 
 
“Short-term solutions tend to stay with us for a very long time. And long-term solutions tend to never happen,” said Yakov Rekhter, one of the engineers who invented the “three-napkins protocol.” “That’s what I learned from this experience.”

Jó kis technológia történelem, de a fenti tanulság miatt került ide. Akadályozzuk meg még idejekorán a bajt: egy kis odafigyeléssel fejlesszünk átgondoltabb, biztonságosabb rendszereket.
 ·  Translate
A key protocol created as a short-term solution in 1989 is designed to automatically trust users, a flaw that leaves the network ripe for attack.
1
Add a comment...

Timur Khrotko (x)
owner

Repo (hasznos)  - 
 
"OWASP dependency-check is an open source solution the OWASP Top 10 2013 entry: A9 - Using Components with Known Vulnerabilities. Dependency-check can currently be used to scan Java applications (and their dependent libraries) to identify known vulnerable components."
1
Add a comment...

Timur Khrotko (x)
owner

Radar (érdekes)  - 
 
It’s harder every day for IT security professionals to fight off the latest attacks. Utilities such as antivirus software and intrusion prevention systems (IPSs) are often ineffective against today’s advanced malware and emerging cyberthreats... #enterprisesecurity #guidelines #networksecurity
1
Timur Khrotko (x)'s profile photo
 
letölthető
Add a comment...

Timur “x” Khrotko
owner

Radar (érdekes)  - 
 
 
OWASP Proactive Controls http://www.hackinsight.org/news,280.html
The OWASP Top Ten Proactive Controls describes the most important control and control categories that every architect and developer should absolutely, 100% include in every project.
1
Add a comment...

OWASP HU
moderator

Meetups  - 
 
Jürgen Grieshofer (OWASP AT / board member, director / Awarity Training)
IoT Top 10
slides: http://goo.gl/Mc60L4

#IoT #security @LogMeIn  #owaspHu1503 (meetup+hangout)

Abstract: Oxford defines the Internet of Things as: “A proposed development of the Internet in which everyday objects have network connectivity, allowing them to send and receive data.”
The OWASP Internet of Things (IoT) Top 10 is a project designed to help manufacturers, developers, and consumers better understand the security issues associated with the Internet of Things, and to enable users in any context to make better security decisions when building, deploying, or assessing IoT technologies.
The project defines the top ten security surface areas presented by IoT systems, and provides information on threat agents, attack vectors, vulnerabilities, and impacts associated with each. In addition, the project aims to provide practical security recommendations for builders, breakers, and users of IoT systems.

Bio: Jürgen Grieshofer works for 4CKnowLedge OG as security researcher, penetrationtester and developer in ICS/SCADA environments. He's also co-founder of Awarity Training Solutions GmbH, a company providing innovative security awareness trainings and incident handling. In the sparetime he contributes to various projects and organizations like CyberSecurityAustria, OWASP or Funkfeuer. 
1
Add a comment...

OWASP HU
moderator

Meetups  - 
 
Attila Török (HU, Security engineering manager / LogMeIn)
Picking an IoT Platform is Risky Business

#IoT #security @LogMeIn #owaspHu1503 (meetup+hangout)

Abstract:  'Risk Analysis' – hearing this expression can make anyone sleepy in an instant. But before choosing an IoT platform for your next big connected product hit, you need to stop and think about how protected your product will be from the many security threats out there. All IoT platforms are not created equally, so we will discuss some key risk analysis questions such as:
• What type of questions should you ask to forecast threat perils?
• How do you decide what level of risk is affordable?
• Are there any new risk analysis concerns that having a connected product introduces?
In this talk we learn how to categorize the security of your own information system, and learn the right questions to ask your IoT platform provider before signing on the dotted line.

Bio: Attila J. Török, Security Engineering Manager at LogMeIn.
A crypto enthusiast and wannabe gardener.
People tell him he’s slightly paranoid regarding security. Nope, paranoia only applies when the concern isn't justified.
1
1
Timur “x” Khrotko's profile photo
Add a comment...

OWASP HU
moderator

Meetups  - 
 
Sean Lorenz (US, Sr product marketing manager / LogMeIn)
Know Thyself – Managing Identity in the IoT
slides: http://goo.gl/hWcKmk

#IoT #security @LogMeIn #owaspHu1503 (meetup+hangout)

Abstract:  Identity Access Management (IAM) is proving to be a monumental hurdle for companies building secure and scalable IoT products. Why so difficult? The IoT has opened a orders of magnitude more interactions between a company and its customers, resellers, technicians, external “Things”, 3rd party business software, and other entities trying to access your connected data. In this talk we will discuss the numerous entity relationships that a secure IoT product (and platform) need to manage, as well as discuss some best practices to keep in mind during the connected product design process.

Bio: Sean Lorenz is Sr. Product Marketing Manager for Xively at LogMeIn. Dr. Lorenz helps drive thought leadership and go-to-market strategy for Xively's Internet of Things (IoT) platform. He has shaped business models and product strategies in several emerging markets including the IoT, robotics, and healthcare. Sean holds a PhD in Cognitive & Neural Systems from Boston University and has extensive knowledge of natural language processing, brain-computer interfaces, adaptive systems, machine learning, context-aware computing and other forms of predictive analytics for sensor-based data.
1
Add a comment...

Tibor Fekete
owner

Radar (érdekes)  - 
 
1
Add a comment...

About this community

Open Web Application Security Project -- az alkalmazásbiztonság ügyét mozdítja elő. Az AppSec ügye: a hackereknek ellenállóbb szoftver. ✦ AppSec -- tedd működőképessé! ✦

Timur Khrotko (x)
owner

Repo (hasznos)  - 
 
ThreadFix Community Edition
http://www.threadfix.org/product-tour/
1
Add a comment...

Timur Khrotko (x)
owner

Repo (hasznos)  - 
 
"The Problem – Cycle time for software is getting shorter – Continuous delivery is a goal – Scanning windows are not viable – First mover / first to market advantage ... The Solution - Automated software testing - Automated operational infrastructure - Automated security testing"
 
Some really great ideas here from +Matt Tesauro 
Bruce Lee once said “Don’t get set into one form, adapt it and build your own, and let it grow, be like water“. AppSec needs to look beyond itself for answers to solving problems since we live in a world of every increasing numbers of apps. Technology and apps have invaded our lives, so how to you lead a security counter-insurgency? One way is to look at the key tenants of DevOps and apply those that make sense to your approach to AppSec. Somethi...
1
Add a comment...

Timur Khrotko (x)
owner

Repo (hasznos)  - 
1
Add a comment...

Timur “x” Khrotko
owner

Radar (érdekes)  - 
 
A szegényember fenyegetettség modellező/vizualizáló eszköze.
#theatmodel  
1
Add a comment...

Timur Khrotko (x)
owner

Repo (hasznos)  - 
1
Add a comment...

OWASP HU
moderator

Meetups  - 
 
Aaron Guzman (@scriptingxss, OWASP LA / board member, Sr penetration tester / Belkin)
Secure by design

#IoT #security @LogMeIn  #owaspHu1503 (meetup+hangout)

Abstract: Internet of Things (IoT) invites different risks and attacks as we are in the process of living in a fully connected world. There are security and privacy concerns that have no regulations for the IoT industry. In short, it is a free for all out there. As the relevance of IoT devices continue to rise, traction for guidelines and standards are being discussed and created. However, these standards are missing a key factor when stating "secure by design" and "privacy by design”. Join us as we threat model the supply chain and development lifecycle of these IoT devices to understand where the vulnerabilities in each process lay.

Bio: Aaron is a Board member for the Open Web Application Security Project (OWASP) Los Angeles chapter, Director of Research for Cloud Security Alliance Socal chapter and the President for the High Technology Crime Investigation Association of Southern California(HTCIA SoCal). Aaron evangelizes application security and all the fun that come along with it. Currently, Aaron currently works at Belkin as a Senior Penetration Tester hacking all the things to secure the internet of things.
1
Add a comment...

OWASP HU
moderator

Meetups  - 
 
Ivan Novikov (@d0znpp, director / Wallarm)
IoT hacking practice: vulnerabilities examples and taxonomy

#IoT #security @LogMeIn #owaspHu1503 (meetup+hangout)
1
Add a comment...

OWASP HU
moderator

Meetups  - 
 
Gregory Estrade (@torlus, FR, a software dev and a self-taught hw hacker)
Identity, Security and Privacy in the IoT era
slides: http://torlus.github.io/owasp_hu/

#IoT #security @LogMeIn  #owaspHu1503 (meetup+hangout)

Abstract: Identity, Security and Privacy are still some of the main subjects of worry with Internet as we know it. Forseeing it populated with millions of connected low-end hardware devices, where security will be traded-off for efficiency raises even more major concerns.
However, Security, which is the foundation upon which Identity and Privacy can be enforced, is more a state of mind and a set of good practices and education, than a technical challenge.
1
Add a comment...

OWASP HU
moderator

Meetups  - 
 
Márk Vinkovits (HU, Security engineer / LogMeIn)
Where are the Humans in IoT? -- Usability, Control, and Trust

#IoT #security @LogMeIn #owaspHu1503 (meetup+hangout)

Abstract: Until now security and privacy assumed a separation between our virtual and real life. But what happens if such assumptions are not valid anymore? The talk discusses the challenges of IT being introduced into spaces other than your home office, when you cannot run away or pretend anymore. Methods are shown how humans traditionally handle such situations when alone or in a group, and how IoT can learn from these methods. Additionally the talk presents the most applicable techniques that allow users to remain in control of their privacy. These techniques range from legislation to cryptography and user experience.”

Bio: He studied computer science and information security at the Budapest University of Technology and the Karlsruhe Institute of Technology. After university he worked at the Fraunhofer Institute of Applied Information Technology near Bonn. There he participated in research focused on usability and security of IoT systems. He joined LogMeIn in 2014 after finishing his PhD dissertation at RWTH Aachen University on usable security development methods, and currently works as application security engineer.
1
Add a comment...

Timur Khrotko (x)
owner

Radar (érdekes)  - 
 
OWASP 24/7 is a recorded series of discussions with project leads within OWASP. Each week, we talk about the new projects that have come on board, updates to existing projects and interesting bits of trivia that come across our desk.
1
Add a comment...