Open Web Application Security Project -- az alkalmazásbiztonság ügyét mozdítja elő. Az AppSec ügye: a hackereknek ellenállóbb szoftver.
See all
Members (69)
Eniko Szekely's profile photo
OWASP HU's profile photo
Tibor Bősze's profile photo
Tibor Fekete's profile photo
Timur Khrotko (x)'s profile photo
Timur “x” Khrotko's profile photo
Péter Rónaszéki's profile photo
Tamás Lengré's profile photo
Krisztián Schäffer's profile photo
Antonio Cunha Santos's profile photo
Attila Varga's profile photo
József Halmi's profile photo
Rákos András's profile photo
Béres Katalin's profile photo
PolX Krol's profile photo
Csaba Sidló's profile photo
Daniel Vasarhelyi's profile photo
Péter Béleczki's profile photo
Kovács János's profile photo
Ferenc Pohly's profile photo
György Kollár's profile photo
Makay László's profile photo
Prém Dániel's profile photo
Jäckl Attila's profile photo

Stream

Join this community to post or comment

Timur Khrotko (x)
owner

Radar (érdekes)  - 
 
It’s harder every day for IT security professionals to fight off the latest attacks. Utilities such as antivirus software and intrusion prevention systems (IPSs) are often ineffective against today’s advanced malware and emerging cyberthreats... #enterprisesecurity #guidelines #networksecurity
1
Timur Khrotko (x)'s profile photo
 
letölthető
Add a comment...

Timur Khrotko (x)
owner

Repo (hasznos)  - 
1
Add a comment...

OWASP HU
moderator

Meetups  - 
 
Aaron Guzman (@scriptingxss, OWASP LA / board member, Sr penetration tester / Belkin)
Secure by design

#IoT #security @LogMeIn  #owaspHu1503 (meetup+hangout)

Abstract: Internet of Things (IoT) invites different risks and attacks as we are in the process of living in a fully connected world. There are security and privacy concerns that have no regulations for the IoT industry. In short, it is a free for all out there. As the relevance of IoT devices continue to rise, traction for guidelines and standards are being discussed and created. However, these standards are missing a key factor when stating "secure by design" and "privacy by design”. Join us as we threat model the supply chain and development lifecycle of these IoT devices to understand where the vulnerabilities in each process lay.

Bio: Aaron is a Board member for the Open Web Application Security Project (OWASP) Los Angeles chapter, Director of Research for Cloud Security Alliance Socal chapter and the President for the High Technology Crime Investigation Association of Southern California(HTCIA SoCal). Aaron evangelizes application security and all the fun that come along with it. Currently, Aaron currently works at Belkin as a Senior Penetration Tester hacking all the things to secure the internet of things.
1
Add a comment...

OWASP HU
moderator

Meetups  - 
 
Ivan Novikov (@d0znpp, director / Wallarm)
IoT hacking practice: vulnerabilities examples and taxonomy

#IoT #security @LogMeIn #owaspHu1503 (meetup+hangout)
1
Add a comment...

OWASP HU
moderator

Meetups  - 
 
Gregory Estrade (@torlus, FR, a software dev and a self-taught hw hacker)
Identity, Security and Privacy in the IoT era
slides: http://torlus.github.io/owasp_hu/

#IoT #security @LogMeIn  #owaspHu1503 (meetup+hangout)

Abstract: Identity, Security and Privacy are still some of the main subjects of worry with Internet as we know it. Forseeing it populated with millions of connected low-end hardware devices, where security will be traded-off for efficiency raises even more major concerns.
However, Security, which is the foundation upon which Identity and Privacy can be enforced, is more a state of mind and a set of good practices and education, than a technical challenge.
1
Add a comment...

OWASP HU
moderator

Meetups  - 
 
Márk Vinkovits (HU, Security engineer / LogMeIn)
Where are the Humans in IoT? -- Usability, Control, and Trust

#IoT #security @LogMeIn #owaspHu1503 (meetup+hangout)

Abstract: Until now security and privacy assumed a separation between our virtual and real life. But what happens if such assumptions are not valid anymore? The talk discusses the challenges of IT being introduced into spaces other than your home office, when you cannot run away or pretend anymore. Methods are shown how humans traditionally handle such situations when alone or in a group, and how IoT can learn from these methods. Additionally the talk presents the most applicable techniques that allow users to remain in control of their privacy. These techniques range from legislation to cryptography and user experience.”

Bio: He studied computer science and information security at the Budapest University of Technology and the Karlsruhe Institute of Technology. After university he worked at the Fraunhofer Institute of Applied Information Technology near Bonn. There he participated in research focused on usability and security of IoT systems. He joined LogMeIn in 2014 after finishing his PhD dissertation at RWTH Aachen University on usable security development methods, and currently works as application security engineer.
1
Add a comment...

Timur Khrotko (x)
owner

Radar (érdekes)  - 
 
OWASP 24/7 is a recorded series of discussions with project leads within OWASP. Each week, we talk about the new projects that have come on board, updates to existing projects and interesting bits of trivia that come across our desk.
1
Add a comment...

Timur Khrotko (x)
owner

Radar (érdekes)  - 
1
Add a comment...

Timur “x” Khrotko
owner

Repo (hasznos)  - 
 
"If you walk into a bank and try opening random doors, you will be identified, led out of the building and possibly arrested. However, if you log into an online banking application and start looking for vulnerabilities no one will say anything. This needs to change! As critical applications continue to become more accessible and inter-connected, it is paramount that critical information is sufficiently protected. We must also realize that our defenses may not be perfect. Given enough time, attackers can identify security flaws in the design or implementation of an application."
OWASP AppSensor. The AppSensor project defines a conceptual framework and methodology that offers prescriptive guidance to implement intrusion detection and automated response into applications. The project offers 1) a comprehensive guide and 2) a reference implementation.
1
Add a comment...

Timur “x” Khrotko
owner

Repo (hasznos)  - 
 
 
T10 németül
#ln
 ·  Translate
Vorwort der deutschen Übersetzung. „Ist es nicht sonderbar, dass eine wörtliche Übersetzung fast immer eine schlechte ist? Und doch lässt sich alles gut übersetzen. Man sieht hieraus, wie viel es sagen will, eine Sprache ganz verstehen; es heißt, das Volk ganz kennen, das sie spricht.
View original post
1
Add a comment...

About this community

Open Web Application Security Project -- az alkalmazásbiztonság ügyét mozdítja elő. Az AppSec ügye: a hackereknek ellenállóbb szoftver. ✦ AppSec -- tedd működőképessé! ✦

Timur “x” Khrotko
owner

Radar (érdekes)  - 
 
A szegényember fenyegetettség modellező/vizualizáló eszköze.
#theatmodel  
1
Add a comment...

Timur “x” Khrotko
owner

Radar (érdekes)  - 
 
 
OWASP Proactive Controls http://www.hackinsight.org/news,280.html
The OWASP Top Ten Proactive Controls describes the most important control and control categories that every architect and developer should absolutely, 100% include in every project.
View original post
1
Add a comment...

OWASP HU
moderator

Meetups  - 
 
Jürgen Grieshofer (OWASP AT / board member, director / Awarity Training)
IoT Top 10
slides: http://goo.gl/Mc60L4

#IoT #security @LogMeIn  #owaspHu1503 (meetup+hangout)

Abstract: Oxford defines the Internet of Things as: “A proposed development of the Internet in which everyday objects have network connectivity, allowing them to send and receive data.”
The OWASP Internet of Things (IoT) Top 10 is a project designed to help manufacturers, developers, and consumers better understand the security issues associated with the Internet of Things, and to enable users in any context to make better security decisions when building, deploying, or assessing IoT technologies.
The project defines the top ten security surface areas presented by IoT systems, and provides information on threat agents, attack vectors, vulnerabilities, and impacts associated with each. In addition, the project aims to provide practical security recommendations for builders, breakers, and users of IoT systems.

Bio: Jürgen Grieshofer works for 4CKnowLedge OG as security researcher, penetrationtester and developer in ICS/SCADA environments. He's also co-founder of Awarity Training Solutions GmbH, a company providing innovative security awareness trainings and incident handling. In the sparetime he contributes to various projects and organizations like CyberSecurityAustria, OWASP or Funkfeuer. 
1
Add a comment...

OWASP HU
moderator

Meetups  - 
 
Attila Török (HU, Security engineering manager / LogMeIn)
Picking an IoT Platform is Risky Business

#IoT #security @LogMeIn #owaspHu1503 (meetup+hangout)

Abstract:  'Risk Analysis' – hearing this expression can make anyone sleepy in an instant. But before choosing an IoT platform for your next big connected product hit, you need to stop and think about how protected your product will be from the many security threats out there. All IoT platforms are not created equally, so we will discuss some key risk analysis questions such as:
• What type of questions should you ask to forecast threat perils?
• How do you decide what level of risk is affordable?
• Are there any new risk analysis concerns that having a connected product introduces?
In this talk we learn how to categorize the security of your own information system, and learn the right questions to ask your IoT platform provider before signing on the dotted line.

Bio: Attila J. Török, Security Engineering Manager at LogMeIn.
A crypto enthusiast and wannabe gardener.
People tell him he’s slightly paranoid regarding security. Nope, paranoia only applies when the concern isn't justified.
1
1
Timur “x” Khrotko's profile photo
Add a comment...

OWASP HU
moderator

Meetups  - 
 
Sean Lorenz (US, Sr product marketing manager / LogMeIn)
Know Thyself – Managing Identity in the IoT
slides: http://goo.gl/hWcKmk

#IoT #security @LogMeIn #owaspHu1503 (meetup+hangout)

Abstract:  Identity Access Management (IAM) is proving to be a monumental hurdle for companies building secure and scalable IoT products. Why so difficult? The IoT has opened a orders of magnitude more interactions between a company and its customers, resellers, technicians, external “Things”, 3rd party business software, and other entities trying to access your connected data. In this talk we will discuss the numerous entity relationships that a secure IoT product (and platform) need to manage, as well as discuss some best practices to keep in mind during the connected product design process.

Bio: Sean Lorenz is Sr. Product Marketing Manager for Xively at LogMeIn. Dr. Lorenz helps drive thought leadership and go-to-market strategy for Xively's Internet of Things (IoT) platform. He has shaped business models and product strategies in several emerging markets including the IoT, robotics, and healthcare. Sean holds a PhD in Cognitive & Neural Systems from Boston University and has extensive knowledge of natural language processing, brain-computer interfaces, adaptive systems, machine learning, context-aware computing and other forms of predictive analytics for sensor-based data.
1
Add a comment...

Tibor Fekete
owner

Radar (érdekes)  - 
 
1
Add a comment...

Timur Khrotko (x)
owner

Repo (hasznos)  - 
 
" Dependency-Track is a webapp that allows organizations to document the use of third-party components across multiple applications and versions. Further, it provides automatic visibility into the use of components with known vulnerabilities."
OWASP Dependency-Track. OWASP Dependency-Track is a Java web application that allows organizations to document the use of third-party components across multiple applications and versions. Further, it provides automatic visibility into the use of components with known vulnerabilities.
1
Add a comment...

Timur Khrotko (x)
owner

Repo (hasznos)  - 
 
 
API security is a critical component in the API lifecycle, and yet it is often overlooked. In this guide, you will learn about various API vulnerabilities and how to find them in your own APIs. #API #SecurityTesting #Hacking  
API security is a critical component in the API lifecycle, and yet it is often overlooked. Many companies don’t consider API security until a breach occurs and they are forced into a reactive solution. Proactively fortify your APIs to make them as impenetrable as possible using the tips in this guidebook for API security. In this guide, you will learn about various API vulnerabilities and how to find them in your own APIs. The following pages wil...
View original post
1
Add a comment...

Timur Khrotko (x)
owner

Radar (érdekes)  - 
 
 
"Developers care as much about security, as security cares about learning more about legal and compliance." #ln  
I've been busy this past year which has resulted in almost no updates to this site. Consider this one of many rants/posts of my experience/s in the industry during this time. This post covers a topic I think many people implement poorly, which is security training targeting developers.
View original post
1
Add a comment...