RIO DE LA PLATA 2016

OWASP APPSEC

The Best Application Security Conference in Latin America
1st - 2nd December 2016
MONTEVIDEO - URUGUAY

Torre de las Comunicaciones de ANTEL - Auditorio Principal

1 Training
Training on December 1st!

1st - 2nd December
Conference Days!

+20 Speakers
The best specialists

300 seats
Maximun capacity

Overview

The AppSec Rio de la Plata 2016 Conference will be a reunion of Information Security Latin American leaders, and will present cutting-edge ideas. OWASP events attract a worldwide audience interested in “what’s next”. The conference is expected to draw 300-400 technologists from Government, Financial Services, Media, Pharmaceuticals, Healthcare, Technology, and many other verticals.

Only qualified speakers and experts

The AppSec Rio de la Plata 2016 Conference will be a reunion of Information Security Latin American leaders, and will present cutting-edge ideas. OWASP events attract a worldwide audience interested in “what’s next”. The conference is expected to draw 300-400 technologists from Government, Financial Services, Media, Pharmaceuticals, Healthcare, Technology, and many other verticals.

Awesome Trainings!

TRAINING : MOBILE SECURITY!

Awesome Keynotes

Carlos Eduardo Santiago: Improving your Penetration Testing with Threat Intelligence

Michael Hidalgo: Regular expression Denial of Service (ReDoS) : An overlooked Application Security Problem

Cristian Amicelli: Biohacking y no morir en el intento

Walter Riveros: Talking about security in Node Applications

OWASP Chapter Leaders Workshop

Many OWASP Chapter Leaders from Latam will be here!

Great researchers
will be showing trends!

Many OWASP Project Leaders will be presenting their work and research.

26

Speakers

The best experts will perform for you

16

Hours

The most productive days for software security

1

Training

Mobile Security Hacking!

1

Auditorium

Torre de las Comunicaciones de Antel

Schedule

Flexible and comfortable event program

Schedule: 1st day (1st December)

Registration

Mateo Martinez Mateo Martinez

"Welcome and Introduction to OWASP"

Welcome to participants, Thanks to our Sponsors, and Introduction to OWASP

Walter Riveros Walter Riveros (Argentina)

"Talking about security in node Applications"

Coffee break

Mauricio Campiglia Mauricio Campiglia (Uruguay)

"Seguridad en el SDLC, el ultimo orejon del tarro"

Security in the SDLC is the last priority of many projects. Many agree that it is a necessary evil but the best they achieve is a pentest prior to coming into production. In this talk will be presented OpenSAMM as a maturity model to include security in the development life cycle and propose alternatives to approach the state in which security is an integral part of the development effort.

Gaston Toth Gaston Toth (Argentina)

"Web app little mistakes, big problems"

The main focus of the talk is to make software developers aware of security issues and how a simple bug can have serious consequences on the system.

Lunch break

Cristian Borghello Carlos Eduardo Santiago (Brasil)

"Improving your Penetration Testing with Threat Intelligence"

This year there is a large increase in data leakage due to security breaches of companies like Yahoo, LinkedIn, Dropbox, Tumblr. With this, the Pentest must evolve and cover more tests to identify a larger number of security flaws and possible data leakage, which are presents outside the company's security perimeter. This presentation has objective to introduce and discuss how Threat Intelligence has become a key to the Pentest can identify as many as possible vulnerabilities of companies.

Coffee break

Cristobal del Pino Cristobal del Pino (ARGENTINA)

"Struts: anatomía de un ataque"

Hoy dia en programacion se utilizan frameworks que facilitan el desarrollo e implementacion de productos. Strust 2 es un MVC Framework para Java WebApps. La charla estara basada en la experiencia y pasos de un analisis de vulnerabilidad que permite ejecucion remota e infiltracion en un sistema.

Alexis Taborda Alexis M. Taborda (Colombia)

"Conditions of Binary search algorithm for being an optimization of sequential inference algorithms to audit the risk of SQL injections in web environments"

En Blind SQL Injection, siempre se muestra la búsqueda binaria cómo una optimización de los algoritmos secuenciales sin ningún tipo de condición. Nosotros demostramos que los parámetros para estos algoritmos no pueden ser aleatorios. En los algoritmos que inyectan retardo de tiempo, nuestra investigación muestra que el valor óptimo del tiempo inyectado es menor a 30 veces el tiempo de respuesta de la página. De esa manera, el algoritmo de búsqueda binaria es óptimo.

DAY 1 END

Schedule: 2nd day (2nd December)

Registration

Alejandro Parodi Alejandro Parodi (ARGENTINA)

"Mobile Security Warnings!"

Michael Hidalgo Michael Hidalgo

"Regular expression Denial of Service (ReDoS) : An overlooked Application Security Problem"

Regular expressions are commonly used in each computational environment: from Web clients to IDS/IPS to Web applications to databases. Software engineers use regular expressions to perform input data validation and a wide range of other functions related to string manipulations and parsing. With code examples, We'll discuss the so-called RegEx DoS vulnerability and why this security problem has become more and more recurrent in this repository-driven and open source software development model.

Coffee break

Fernando Cocaro Fernando Cocaro

"No negociamos con secuestradores"

Conociendo como opera el ransomware, los negocios detrás de esto, los mecanismos de infección, sus variantes. Y se verá la mejor forma de protegerse ante esta creciente amenaza.

Gustavo Nieves Gustavo Nieves (Chile)

"Las buenas prácticas del SDLC basado en OWASP"

Muchas organizaciones y personas entienden a OWASP como una manera de identificar fallas, la seguridad como un ciclo que debe mantenerse en paralelo a las fases del desarrollo del software y las herramientas que el OWASP posee en las fases del ciclo. .

Lunch break

Cristian Amicelli Cristian Amicelli

"Biohacking y no morir en el intento"

What is Bio Hacking? How can it be useful? Where to begin? These are some of the questions to be answered when implanting an NFC / RDIF chip. This talk is based on the experience with this type of devices and their use, from the moment I perform an implant without having defined for that. The talk is accompanied by a demo where an implanted NFC chip is used

Pablo Torres Correa Pablo Torres Correa

"¿Porque exponemos nuestra informacin privada tan facilmente?"

It will explain how a sql injection bypass works, the measures that can be taken to avoid them and how they still work in IT companies, and the little responsibility that is to skip those errors.

Coffee break

Julian Murguía Hughes Julian Murguía Hughes

"Privacy Beyond Security - Keeping the Personally Indentifiable Information private after the security has been breached"

Unconditionally secure encryption impervious to an attacker with infinite computational power has been a dream, specially now when quantum computers do exist and all cryptography in use is at stake. We will present a new unconditionally secure encryption technique. Existing Format Preserving Encryption is slow, expensive and no more secure than the underlying algorithm. We will show how fast and inexpensive Format Preserving Encryption based on this technique can be implemented.

To Be Defined

Maximiliano Alonso Maximiliano Alonso

"Secure Release Management"

Many organizations and individuals understand OWASP as a way to identify failures, security as a cycle that must be kept in parallel to the phases of software development and the tools that OWASP possesses in the phases of the cycle.

Close

Speakers

Top experts will be presenting advanced software security topics

Alejandro Parodi

Alejandro Parodi (ARGENTINA)Infobyte LLC / Fundador SecuritySignal

Mobile Security Warnings!

Gustavo Nieves

Gustavo Nieves (CHILE)

"Las buenas prácticas del SDLC basado en OWASP"

Mateo Martinez

Mateo Martinez (URUGUAY)OWASP Uruguay

"Presentación de OWASP Uruguay"

Mauricio Campiglia

Mauricio Campiglia (Uruguay)Krav Maga Hacking

"Seguridad en el SDLC, el último orejón del tarro"

Gaston Toth

Gaston Toth (ARGENTINA)OWASP Patagonia Chapter Leader

"Web app little mistakes, big problems"

Carlos_Santiago

Carlos Eduardo Santiago (BRASIL)REDBELT

"Improving your Penetration Testing with Threat Intelligence"

Fernando Cocaro

Fernando Cocaro (URUGUAY)TBD

"No negociamos con secuestradores"

Maximiliano Alonzo

Maximiliano Alonzo (URUGUAY)TIB (This Is Boolean) / OWASP Uruguay

"Secure Release Management"

Walter Riveros

Walter Riveros (ARGENTINA)Deloitte Argentina

"Talking about security in node Applications"

Pablo Torres

Pablo Torres Correa (Argentina)Argentina

"¿Porqué exponemos nuestra información privada tan fácilmente?"

Alexis Taborda

Alexis Taborda (Colombia)Universidad Nacional de Colombia

"Conditions of Binary search algorithm for being an optimization of sequential inference algorithms to audit the risk of SQL injections in web environments"

Michael Hidalgo

Michael Hidalgo (COSTA RICA)OWASP Costa Rica

"Regular expression Denial of Service (ReDoS) : An overlooked Application Security Problem"

Julian Hughes

Julian Murguía Hughes (Uruguay)Omega Krypto

"Privacy Beyond Security - Keeping the Personally Indentifiable Information private after the security has been breached" Some ways to get the root when the intrusion is successful

Conference and Trainings Fees

(Conference entrance: USD 50)

1-Day Training
USD 150 / all days

Conference Seat and free entry

Free Wi-Fi

Coffe Break

Certificate

1-Day Training Access

Purchase now
Registration + 1 year OWASP Membership
USD 150 / all days

Seat and free entry

Free Wi-Fi

Coffe Break

Certificate

Purchase now

Sign up right now!

Welcome to the best Application Security Conference in Latam!

Partners and Sponsors

OWASP is maintained by the OWASP Foundation, established in the United States as an 501(c)(3) Not-For-Profit entity. The US based foundation manages the financial resources of the global organization as well as this event. Sponsorship contributions should be made through bank wire or credit card payment to our US Foundation. Sponsorships are listed in USD, but we are happy to provide a quote and invoice in another currency.

We are actively looking for sponsors for the 2016 edition of AppSec Rio de la Plata. If you are interested in sponsoring this event, please contact Kelly Santalucia

To find out more about the different sponsorship opportunities please check the following document:

OWASP AppSec Rio de la Plata Sponsorship Options – English

Platinum Sponsor - AGESIC

Gold Sponsor - Software Testing Bureau

Academic Supporter - Universidad ORT Uruguay

Venue Supporter - ANTEL

TRAINING - MOBILE SECURITY HACKING! (1st december) - USD 150

By Alejandro Parodi & Martin Tartarelli

En este curso podrás ver los ataques a dispositivos móviles mas utilizados (basado en el OWASP Top 10 Mobile) bajo un formato practico, con demostraciones y detalles técnicos para comprender cada falla y aprender a remediarlas.

El curso esta orientado a Desarrolladores, Técnicos, Analistas de Seguridad, Auditores, Estudiantes y todo aquel entusiasta de la seguridad informatica.

Importante: Se estará brindando una imagen de VirtualBox para realizar las practicas. Es necesario que traigan sus notebooks si desean participar de las mismas.

Horario: 09:30hs - 16:00hs


Main Topics

Introducción Arquitectura Mobile

- IOS
- Android

OWASP Top 10 Mobile

Errores de configuración:

- Android Backup vulnerability
- APK Decompiling
- Insecure data storage

Errores de Código:

- Hardcoding Issues
- Username Enumeration
- Insecure Webview implementation
- Input Validation Issues
- Invoke insecure Broadcast Receiver
- Developer Backdoor / Debug User

Patch y re-compilación:

- Bypass Root Detection

Errores en Protocolos de Comunicación:

- Insecure Traffic Transmission
- Insecure HTTP connections
- Parameter Manipulation
- Serialization Attacks (con ejemplo y exploit)

Auditorias Reales

- Herramientas
- Conclusiones y Recomendaciones

Conference Volunteer Team

The OWASP AppSec Rio de la Plata 2016 Conference was made with an awesome volunteer task-force with people from OWASP Uruguay Chapter and OWASP Argentina Chapter including:

Alberto Hill

Alejandro Martinez

Edgar Salazar

Enrique Rossel

Felipe Zipitria

Gerardo Canedo

Guillermo Skrilec

Guillermo Talento

Hector Quartino

Mario Garcia

Martin Marsicano

Martin Tartarelli

Mateo Martinez

Martin Tartarelli

Mauricio Campiglia

Mauricio Papaleo

Mauro Flores

Maximiliano Alonzo

Pablo Alzuri

Rodrigo Martinez

Thank you guys for making this event possible! You rock!

Special Thanks to OWASP Staff

Operations Director: Kate Hartmann

Graphics

Background Photo: Pixabay

Licence: Creative Commons CC0

Contacts

You can reach the conference team. Feel free to contact us:

info@appsecriodelaplata.org