Opis predavanj

Pentesting DevOps Environments, Matthias Luft, Salesforce-Heroku
Container, their orchestration platforms, and a variety of other tools from the DevOps ecosystem enable engineers to develop, deploy, and operate applications at great speed and flexibility. In this presentation, I will give a short buzzword-less introduction to the technologies with a security practitioner audience in mind and will then focus on common security issues of those. We will cover container, container orchestration platforms, and network technologies.

Internet stvari (IoT), ki temelji na arhitekturi spletnih vmesnikov pametnega doma ali podjetja, Žiga Podgoršek, Inštitut za korporativne varnostne študije
V predavanju bodo predstavljeni vidiki etičnega hekerja na tehnologijo implementirano v pametnih hišah in podjetjih, ki temelji na IoT napravah. Predavatelj, Žiga Podgoršek, bo uporabil nekaj primerov iz lastnih izkušenj in poskušal prikazati, kako je v praksi implementirana omenjena tehnologija in kjer so njene največje šibkosti ter kako jih regulirati. Spoznali bomo, da se kar nekaj ranljivosti povzroči zgolj z nepravilno implementacijo in z nezadostnim poznavanjem mrežnega segmenta s strani implementacijskih ekip. Prikazane bodo največje napake, ki se v praksi pogosto dogajajo, kako se veliko nepravilno implementiranih naprav prosto pojavlja v spletu, kjer čakajo, da jih zlonamerneži tako ali drugače izkoristijo.

How to Secure OpenShift Environments and What Happens If You Don’t, Jan Harrie, ERNW
OpenShift by Red Hat is one of the major Platform as a Service (PaaS) solutions on the market. It is used to automatically deploy Kubernetes clusters and provides useful extensions for cluster management mixed with some magic under the hood.
Instantiating a Kubernetes cluster is often a crucial step in setting up a modern application stack. But be aware – a lot of configuration parameters are awaiting you. And here several misconfigurations may occur that can lead up to a compromise of the cluster. Privileged containers, tainting of masters and executing workloads on them, missing role-based access controls, and misconfigured Service Accounts are part of the problem.
In this talk, Jan will explain which configuration parameters of an OpenShift environment are critical to ensure the overall security of the deployed Kubernetes clusters. Implications of misconfigurations will be demonstrated during live demos. Finally, recommendations for a secure configuration are provided.

The story behind of my favorite ATM (Arbitrary Taking Money), Balazs Hambalko, Balasec
Do you want to build (and maybe sell) a branch level ATM? Or are you about to buy one into your office?
Then it is worth to come and check this lecture.
Balazs Hambalko will show you several possibilities how could an arbitrary colleague abuse this ATM controller system, and “hopefully” bypass the log and audit related mechanisms, as well.
Based on a true story.
If you want to see in his video how the ATM abbreviation becomes “Arbitrary Taking Money” without bothering ourselves with such a dirty word like Authentication, then we definitely should meet.

Security compliance and security planning tips related to SWIFT CSCF version 2020, Nebojša Bulatović, Euridica d.o.o.
From July 2020, all SWIFT users will be obligated to carry out an independent assessment when self-attesting. SWIFT Customer Security Controls Framework (CSCF) in version 2020 provides three new advisory controls and two advisory controls are promoted to mandatory. Additional guidance is provided for technical and alternative implementations, including 15 clarification related to previous CSCF version 2019. We will look back on experiences from CSCF compliance and security projects, especially in COBIT framework use in compliance and security planning process and some common implementation mistakes and misunderstandings. Our control and self-assessments plan details are based on COBIT 2019 core model and related practice.

Kdo je kdo – vloge in naloge na področju informacijske varnosti, Matjaž Jekl, Abanka d.d.
Delovanje sistema informacijske varnosti je učinkovito, če se tudi vsi deležniki zavedajo svojih vlog oz. prispevkov. Pristop k obravnavi informacijske varnosti je seveda odvisen od zahtev regulative, kulture organizacije, med drugim tudi od sprejemljivosti tveganj. V prispevku bomo skušali odgovoriti na naslednja vprašanja: Kdo so glavni udeleženci, ki prispevajo k učinkovitemu delovanju sistema informacijske varnosti? Kakšne so njihove vloge? Katere so glavne naloge? Kako se jih lotiti?

Napolnite si svoj Inbox 🙂

SEZNANITE SE Z VSEM, KAR PALSIT PONUJA.

Darilo: ob prijavi dobite dostop do 5 najbolje ocenjenih video vsebin z naših dogodkov.