OWASP Bucharest AppSec Conference 2017 is a three day Security and Hacking Conference dedicated to the application security. The first two days are dedicated to trainings and on the 13th we will have our talks and workshops running in parallel. The CTF final will be on 12th of October – in order to reach the final the participants need to pass the online qualifiers that are scheduled for 9th of September.
The conference will take place at Hotel Caro.
The event will be in English, with cutting-edge topics presented by renowned security professionals.
AppSec Bucharest vs. OWASP Juice Shop
In this free workshop you can test your skills in hacking modern web applications against the OWASP Juice Shop! There are 43+ challenge that are waiting to be solved, ranging from simple functional problems and the usual XSS/SQLi issues over severe authentication flaws to multi-step & multi-path attacks against the discount coupons issued by the application!
Trainers: Björn Kimminich
Secure Coding for Java (three-day training)
This three-day instructor-led Secure Coding for Java course provides developers with practical guidance for developing Java programs that are robust and secure. Material in this presentation was derived from the Addison-Wesley book The CERT Oracle Secure Coding Standard for Java and is supported by the Secure Coding Rules for Java Live Lessons videos. Participants should come away from the course with a working knowledge of common programming errors that lead to software vulnerabilities, how these errors can be exploited, and effective mitigation strategies for preventing the introduction of these errors.
Trainers: Robert Seacord
OWASP Top 10 vulnerabilities – discover, exploit, remediate (one-day training)
The overall objective of this workshop is to increase the participants’ awareness on the most common web application vulnerabilities and their associated risks. We will discuss about each type of vulnerability described in the OWASP Top 10 project and will teach participants manual discovery and exploitation techniques. Furthermore, a set of useful security testing tools will be introduced during the workshop.
Time critical DFIR: Key playbooks, techniques and tools for time-pressured investigations of security incidents
This course provides responders and threat hunting teams with advanced skills to hunt down, identify, counter, and recover from a wide range of threats within enterprise networks.
Trainer: Teodor Cimpoesu
Introduction to Metasploit Framework
In this course, we will teach how to use Metasploit to enumerate available services, identify potential weaknesses, test vulnerabilities through exploitation, and gather evidence for reporting. You will learn how to install and configure the Metasploit Framework and several supporting tools on Kali Linux. At the end of the course you will have a better understanding on how exploits and payloads work together to gain access to systems.
Trainer: Adrian Ifrim
Capture The Flag contests are popular ways to hone your practical security skills by solving challenges on topics such as web, crypto, reverse, exploiting.
We invite security enthusiasts passionate about practical security at the OWASP AppSec 2017 CTF, where you and your team will solve challenges on web, reverse and exploiting. Challenges will be Linux-centric and web.
The CTF webpage is here: https://owasp-ctf.security.cs.pub.ro/home
For the final, the prizes will be:
More information about the agenda can be found at:
You can register at:
We look forward to seeing you at this event!