OWASP Cluj

Welcome

Welcome to the OWASP Cluj-Napoca Chapter Homepage

Click here to join our mailing list.

Follow us on Twitter. Follow us on Meetup. OWASP Cluj-Napoca Chapter meetings / events are free and open. Cluj-Napoca benefits from a strong software development community and application security is one vital aspect to be taken into consideration. Everyone is welcome to join our chapter meetings, members and non-members.

The Chapter Leader is Ovidiu Cical - ovidiu dot cical @ owasp dot org

The Chapter Board Members are: Cristian Serban, Lucian Suta, Adrian Beleanu (Education), Robert Suciaghi (Education), Stefan Farr (Education), Radu A. Munteanu (PR/Marketing, Events & Conferences), Tudor Blaga (Education), Marius Corici (Education), Lucian Corlan.

  • Anyone who wants to get involved and help the Chapter evolve is very welcome and it's easy as just contacting us.
  • You want to present at one of our meetings / events (please read the [speaker agreement](https://www.owasp.org/index.php/Speaker_Agreement)).
  • In case you have any questions about the OWASP Cluj-Napoca Chapter, send an email to [Ovidiu Cical](User:Ovidiu.cical "wikilink"), [Cristian Serban](mailto:cristian@appsec.ro) or [Lucian Suta](mailto:lucisan@mac.com)
  • Next event: For details please check Upcoming Events!

    Recent events

    Please see our Meetup page for more details and to register as attendee

    OWASP + Riverbed - All Day DevOps - Viewing Party

    POWERED BY Riverbed Cluj-Napoca

    snacks and drinks on the house

    OWASP AllDayDevops Riverbed Cluj-Napoca

    OWASP Cluj-Napoca - the biggest Cybersecurity Community in the city - in partnership with Riverbed Cluj - a Leader in network performance monitoring, application performance management, and (software-defined) wide area networks - will host the only Viewing Party for All Day DevOps in Cluj, which is a 24h marathon for DevOps, DevSecOps and Cloud-related speaking sessions broadcasted for free. We will most likely follow the DevSecOps track, but we’re flexible ;)

    5:45pm: Registration and access; 6:00pm: Start viewing session on selected Track; 7:30pm: Break, snacks and networking; 8:00pm: Continue viewing session; 9:30pm: Networking and drinks; 10:00pm: Closing.

    More info about the event can be found here: https://www.alldaydevops.com/

    Google Maps: https://goo.gl/maps/D8g3Xz5o4CQB8DSm6

    When? Wednesday, 6 November - starting 5:45pm Where? Advancity Building, 1st Floor - ask at reception. Strada Someșului 30 - enter from Someșului street, near Scala Center.

    Past events

    16th - OWASP Cluj-Napoca members meeting: 18th of April 2019

    Powered by Paddy Power Betfair Romania Development / Address: Blvd. 21 Decembrie 1989, no. 77, The Office building, Entrance A, 4th Floor Spring sessions - Theme: HashiCorp Vault, CTF, Security Platform

    Who Should Attend? Application Developers Application Testers and Quality Assurance Application Project Management and Staff Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, Deputies, Associates and Staff Chief Financial Officers, Auditors, and Staff Responsible for IT Security Oversight and Compliance Security Managers and Staff Executives, Managers, and Staff Responsible for IT Security Governance IT Professionals Interesting in Improving IT Security Anyone interested in learning about or promoting Web Application Security

    Schedule 18:00 Welcome participants 18:10 Surface - Security Intelligence Automation Platform - Teo Cojocariu '''18:40 '''CTF - Where creativity meets Google - Andrei Gaftoniuc  19:10 Break '''19:20 '''The benefits of PKI for Internet of Things - Bogdan Oniga '''19:50 '''CD Secrets Management with HashiCorp Vault - Alex Dima '''20:10 '''Networking Time: 18:00 to 20:30 

    POWERED BY Paddy Power Betfair Romania

    > snacks and drinks on the house

    Joi, 18 Aprilie - ora 18:00

    The Office, etaj 4 Bd. 21 Decembrie nr. 77

    15th - OWASP Cluj-Napoca members meeting: 31st of Jan 2019

    Powered by AROBS Transilvania Software / Address: Henri Barbusse, CBC Et. II, Cluj-Napoca Winter sessions - Theme: DevSecOps & Ski Pass

    Who Should Attend? Application Developers Application Testers and Quality Assurance Application Project Management and Staff Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, Deputies, Associates and Staff Chief Financial Officers, Auditors, and Staff Responsible for IT Security Oversight and Compliance Security Managers and Staff Executives, Managers, and Staff Responsible for IT Security Governance IT Professionals Interesting in Improving IT Security Anyone interested in learning about or promoting Web Application Security

    Schedule 18:00 Welcome participants & coffee break 18:10 Basic Security Testing of a Website - Sage-Intacct '''18:40 '''NFC misconfigured. Or how to get free transportation & entry for Feleacu Ski Slope - Ciorceri Sorin (Globant) 19:00 Break '''19:10 '''Introduction to CTF - Betfair - Postponed '''19:30 '''DevSecOps hands-on - Securing your CI/CD Pipelines: cyscale.com - Automated Cloud Security '''20:00 '''Networking Time: 18:00 to 20:30 

    8th - OWASP Cluj-Napoca members meeting: 12th of May 2016

    Who Should Attend? Application Developers Application Testers and Quality Assurance Application Project Management and Staff Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, Deputies, Associates and Staff Chief Financial Officers, Auditors, and Staff Responsible for IT Security Oversight and Compliance Security Managers and Staff Executives, Managers, and Staff Responsible for IT Security Governance IT Professionals Interesting in Improving IT Security Anyone interested in learning about or promoting Web Application Security

    Schedule 18:00-18:15 Welcome participants & coffee break 18:15-18:35 Cosmin Huruiala - IEEE Center for Secure Design  - POSTPONED '''18:35-19:00 Ionut Indre -  Argos Box - Experimental detection and prevention system ''' 19:00-19:10 BREAK '''19:10-19:30 Stefan Farr -  Web server hardening ''' '''19:30-19:55 Mircea Patachi - UNLOQ & Sconfig - How we do zero-knowledge ''' '''19:55-20:15 Cristian Serban -  Threat Modelling ''' Time: 18:00 to 20:15 

    Sponsors

    Betfair - Betfair Romania Website

    7th - OWASP Cluj-Napoca members meeting: 4th of February

    Powered by Accenture / Address: Sigma Center, etaj 6, intrarea de lângă Lidl, Cluj-Napoca Winter sessions - Theme: IoT Security Who Should Attend? Application Developers Application Testers and Quality Assurance Application Project Management and Staff Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, Deputies, Associates and Staff Chief Financial Officers, Auditors, and Staff Responsible for IT Security Oversight and Compliance Security Managers and Staff Executives, Managers, and Staff Responsible for IT Security Governance IT Professionals Interesting in Improving IT Security Anyone interested in learning about or promoting Web Application Security

    Location and host: Accenture Schedule 17:30-17:45 Welcome participants & coffee break 17:45-18:15 Intro & Agenda & Cristian Serban - My first IoT 18:15-18:45 Daniel Miessler - OWASP IoT project (Skype) 18:45-19:15 Matteo Mazzeri - IoT Label, the unifying label for ethical and sustainable IOT design 19:15-19:30 Break - Walkthrough Accenture IoT Lab 19:30-20:00 Allan Haughton - Security-Call-to-Action-IOT 20:00-20:30 Marius Mornea, Igor Stirbu - Securing BLE beacon deployments 20:30-21:00 Ionut Indre - Argos Box - Experimental detection and prevention system - postponed Time: 17:30 to 21:00 

    Sponsors

    Accenture - Accenture Website

    6th - OWASP Cluj-Napoca members meeting: 10th of December

    Powered by Intacct Winter sessions POSTER Who Should Attend? Application Developers Application Testers and Quality Assurance Application Project Management and Staff Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, Deputies, Associates and Staff Chief Financial Officers, Auditors, and Staff Responsible for IT Security Oversight and Compliance Security Managers and Staff Executives, Managers, and Staff Responsible for IT Security Governance IT Professionals Interesting in Improving IT Security Anyone interested in learning about or promoting Web Application Security

    Location and host: Intacct / Address: Calea Dorobantilor 48 Silver Business Center (Sala Conferinte - etaj 8) Schedule 17:30-18:00 Welcome participants & coffee break 18:00-18:15 Intro & Agenda 18:15-18:45 Stefan Farr - Christmas Phishing 18:45-19:40 Narasimhulu Golla - Secure your SaaS application 19:45-19:55 Break 19:55-20:15 Narasimhulu Golla - BURP Workshop 20:15-20:30 Bogdan Oniga - OWASP Security Shepherd Last minute add: Cristian Serban - The Java Deserialization Bug Time: 17:30 to 20:30 

    Sponsors

    Intacct https://us.intacct.com/

    5th - OWASP Cluj-Napoca members meeting: 8th of October

    Part of OWASP EEE Powered by Betfair Romania Development Autumn sessions

    OWASP Cluj team is happy to announce the 5th OWASP event of the year, part of OWASP EEE, a one week Security and Hacking Conference. OWASP EEE Regional Event Oct. 4, 2015 - Oct. 10, 2015 Austria, Armenia, Poland, Romania (Cluj and Bucharest), Hungary, Lithuania, Russia - live on YouTube. It will take place on 8th of October, 2015 - Cluj, Romania, starting at 17:30.

    The objective of the OWASP’s Eastern European Event is to raise awareness about application security and to bring high-quality security content provided by renowned professionals in the European region. Everyone is free to participate in OWASP and all our materials are available under a free and open software license.

    This initiative will enable participants to get the most out of OWASP events and meetings in the region. During approximately a week a number of OWASP chapters will organize events and meetings that will be broadcasted live so that every day people could watch presentations from another chapter (details to follow).

    Who Should Attend? Application Developers Application Testers and Quality Assurance Application Project Management and Staff Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, Deputies, Associates and Staff Chief Financial Officers, Auditors, and Staff Responsible for IT Security Oversight and Compliance Security Managers and Staff Executives, Managers, and Staff Responsible for IT Security Governance IT Professionals Interesting in Improving IT Security Anyone interested in learning about or promoting Web Application Security

    Live stream (and recording afterwards): https://www.youtube.com/channel/UCzpfaWiZaT9_msL3jdY_FDw

    Photos from the event: Photo 1 Photo 2 Photo 3 Photo 4 Photo 5

    Location and host: Betfair Romania Development Cluj-Napoca Schedule 17:30-18:00 Welcome participants & coffee break 18:00-18:15 Intro & Agenda 18:15-18:45 Stefan Farr - The (in)security of standard communication channels on the internet 18:45-19:15 Ovidiu Cical - Turn SSL ON: Your Own Certificate Authority - Or simply use Let's Encrypt 19:15-19:30 Break 19:30-20:00 Marius Corici - Information Security Through Gamification - Learning | Training | Improving 20:00-20:30 Lucian Corlan Bogdan Oniga Teofil Cojocariu - CSP tricks to save your reputation and improve resilience Time: 17:30 to 20:30 

    Register here for Cluj on-site attendance: https://www.eventbrite.com/e/5th-owaspcluj-napoca-evening-event-part-of-owasp-eee-tickets-18756825169

    Sponsors

    Betfair Romania Development - Gold Sponsor http://www.betfairromania.ro/ Checkmarx - Silver Sponsor https://www.checkmarx.com/ Qualys - EEE Sponsor https://www.qualys.com/

    4th - OWASP Cluj-Napoca members meeting: 20th of August

    (July was skipped due to Cluj Security Meetup on the 18th of June) Powered by SDL Cluj Summer sessions

    Location and host: SDL Cluj, Str. Constanta, nr.24, 400158 Cluj-Napoca Schedule 17:30-18:00 Welcome participants & coffee break 18:00-18:15 Say hi - who's who - 1-2 mins self presentation (or more if needed :)) 18:15-18:45 ISO 27001 - Experiences on the field (for Software Development companies) 18:45-19:15 SDL - ZAP presentation and open discussion about why, where and how 19:15-19:30 Break 19:30-20:00 OWASP Dependency Check - who/what do you trust? 20:00-20:30 .NET Security - what you need to know Time: 17:30 to 20:30 

    Sponsors

    SDL Cluj http://www.sdl.com/

    3rd - OWASP Cluj-Napoca members meeting: May 18 2015 Monday 17:00

    Powered by AROBS Security is the new black

    Location and host: @AROBS, Cluj Business Center, Str. Henri Barbusse, Nr. 44-46. Schedule 17:00-17:30 Welcome participants & coffee break 17:30-18:00 Say hi - who's who - 1-2 mins self presentation (or more if needed :)) 18:00-18:30 Robert Suciaghi - AppSec my story 18:30-19:00 Stefan Farr - Big Companies, Big Data, Big Danger 19:00-19:30 Bogdan Oniga - SSLStrip and how to steal credentals 19:30-20:00 Lucian Corlan - A couple of things about InfoSec Certifications Time: 17:00 to 20:00 

    Sponsors

    AROBS Transilvania Software http://www.arobs.com/

    2nd - OWASP Cluj-Napoca members meeting: March 19 2015

    Location and host: Blvd. 21 decembrie 1989, nr. 128-130, Fac. de Instalatii, sala 205 Schedule 18:30-18:45 Say hi - who's who - everyone (not optional :D) 1-2 mins self presentation (or more if possible :)) 18:45-19:30 Adrian Beleanu - Lessons Learnt in Web Apps Security Testing 19:30-20:00 Raoul Gheletus - XSS Attacks 20:00-20:30 OWASP Cluj Plans for the future - Involvement in the Chapter (Note: this didn't take place) Time: 18:30 to 20:30 

    1st OWASP Cluj-Napoca event: 29th of January, 2015

    Video here.

    Location and host: Hotel Opera Plaza, Cluj-Napoca, Romania, Conference Room Cristal Schedule 09:00-10:00 Registration (& Coffee) 10:00-10:05 Intro OWASP Cluj-Napoca Lucian Corlan '''10:05-10:20 Jim Manico - OWASP Cluj-Napoca Welcome - video recording - ''' 10:20-10:50 Petko Petkov - Keynote: Everything is awesome! 10:55-11:35 Renato Rodrigues - Topic: I Didn't See That Coming (Weird Stuff on the Web) 11:40-12:00 Tudor Blaga - Topic: [https://www.dropbox.com/s/rcnwo98ncademg5/OWASP%20-%20So%20you%20want%20to%20move%20to%20the%20Cloud%20...%20-%20Tudor%20Blaga.pdf?dl=0 So you want to move to the Cloud …] 12:00-12:10 Short presentation of COM'ON Cluj-Napoca YourCluj.ro 12:10-12:30 All participants that actually work in the field of Security - 1-2 mins short presentation (optional!) 12:30-14:00 Lunch, Drinks & Social 14:00-14:40 Oana Cornea - Topic: Mobile applications security risks and defenses 14:45-15:10 Cristian Serban Topic: Java Securer Code  15:15-15:45 Subodh Sawant Topic: Application Security Risk Calculator 15:50-16:00 Break 16:00-16:25 Cosmin Huruiala Topic: HTTP Access Control (CORS) 16:30-16:55 Lucian Corlan Endnote: OpenSAMM 17:00 ++ Drinks & Social Register here. Time: 10:00 to 17:00 

    Here you can find a short movie from the conference:

    Sponsors

    Betfair Romania Development - Platinum Sponsor http://www.betfairromania.ro/ Checkmarx - Gold Sponsor https://www.checkmarx.com/

    What is this event about:

    OWASP Cluj-Napoca Chapter InfoSec Event 2015 is free and open. Cluj-Napoca benefits from a strong software development community and application security is one vital aspect to be taken into consideration. The presentations to be shown at the InfoSec Event 2015 will cover several Information Security Topics such as: Application Security - Attacks, Penetration Testing; Access Management; Cloud Security and others. Everyone with genuine interest into Information Security is welcome to join the event.

    Who Should Attend?

    • Application Developers • Application Testers and Quality Assurance • Application Project Management and Staff • Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, Associates and Staff • Chief Financial Officers, Auditors, and Staff Responsible for IT Security Oversight and Compliance • Security Managers and Staff • Executives, Managers, and Staff Responsible for IT Security Governance • IT Professionals Interesting in Improving IT Security • Anyone interested in learning about or promoting Web Application Security

    Speakers:

    *Petko D. Petkov (pdp): Founder of Websecurify and frontman of the GNUCITIZEN Information Security Think Tank. pdp is a recognized information security researcher, security tools developer, penetration tester, frequent speaker at industry events, and published author who has contributed to several best-selling books in the field of information security.’’

    *Renato Rodrigues: Holder of a MSc in Informatics Engineering with great interest in innovation and security issues - an area that I am interested in ever since I can remember. I am driven by opportunities of finding breakthrough ideas and developing them. I split my free time exploring the Android Platform and surfing some waves, whenever I get the chance.’’ Twitter: @simps0n

    *Oana Cornea: Currently I am working as an Application Security Analyst at Electronic Arts and I am the chapter leader of the OWASP chapter from Bucharest, Romania. I have been working in the field of IT security for almost 5 years and I am a Computer Science graduate with a Master in Information Technology Security. Oana’s presentation will highlight the main mobile applications attack vectors, techniques and tools to perform a security review. These will be presented in connection with OWASP projects and will provide practical guidance on how to improve the security of mobile applications.’’

    *Cristian Serban: He was responsible for software security in 3 development offices. He coordinated security testing of a wide range of products, mobile, web internal and externally developed. He also implemented SDLC in Agile projects by training Security Champions in each development team and included automated security testing in continuous delivery environment. Cristian worked 5 years in Betfair as Senior Apllication Security Analyst, then joined another online betting business and returned half a year ago at Betfair in Cluj’’

    *Subodh Sawant: I have been in Application Security field for over 5 years managing application security programme and performing pentesting of web application, services and android apps. I have completed MSc Information Security from Royal Holloway, University of London. Subodh will present: Risk Calculator - a tool identifies the risk associated with an application change (at a high level) by using a balanced scorecard to identify common risk indicators or attributes’’

    *Tudor Blaga: He has been working in Networking, Network Security and Infrastructure Security for more than 6 years and in research & education for more than 12 years. In his current role at Betfair he provides security consultancy for infrastructure projects, and trainings, demos to Security Champions. Holder of a PhD. in Telecommunications Engineering, he teaches course on Networking and Security at the Technical University of Cluj-Napoca. Tudor will present challenges, security concerns when moving to the Cloud’’

    Sponsorship

    Become a supporter of OWASP or of OWASP’s Cluj-Napoca Chapter and help us to make application security more visible. All information about becoming a member/sponsor can be found here. https://www.owasp.org/index.php/Local_Chapter_Supporter

    Chapter Supporters

    Chapter Supporters

    Category:OWASP Chapter Category:Europe