Welcome to the OWASP Timisoara Chapter Homepage
Timisoara has an evolved software development community and one of the most important aspects that we aim to achieve is to continuously improve the application security world.
Everyone is welcome to join our chapter meetings, members and non-members. OWASP Timisoara Chapter meetings / events are free and open, so please join us!
The Chapter Board Members are: Monica Iovan (Education), Ioana Piroska ( PR/Marketing), Claudiu Ivan.
Anyone who wants to get involved and help the Chapter evolve is very welcome and please just contact us.
If you want to present at one of our meetings / events (please read the speaker agreement).
In case that you have any questions about the OWASP Timisoara Chapter, send an email to Catalin Curelaru.
Next event: For details please check Upcoming Events.!
OWASP Timisoara #19: 17 June 2021
The next OWASP Timisoara Chapter Meeting will be online.
Summer sessions - Theme: Threat Modeling & Iterative Security
Introduction, OWASP News & Updates - Catalin Curelaru
Challenges and Experiences with Threat Modeling in Agile Development Projects - Monica Iovan (Visma) & Daniela S. Cruzes (NTNU)
Security through an iterative process - Dario Cavallaro (Cisco)
18:30 to 20:30
More about the speakers and topics
Dr. Monica Iovan, Head of Security Development @ Visma.
Dr. Monica Iovan, Head of Security Development, Visma; In her free time, Monica enjoys peaceful moments in nature and the company of a good book. She is a passionate researcher having the goal of simplifying the use of security services within Agile development. She leads the security development team in Visma and conducts research on security in agile software development
Dr. Daniela S. Cruzes, Professor @ Norwegian University of Science and Technology (NTNU)
Dr. Daniela S. Cruzes is a Professor at the Norwegian University of Science and Technology (NTNU). Previously, she worked as a senior research scientist at SINTEF in Norway. She has also been a researcher fellow at the University of Maryland and Fraunhofer Center for Experimental Software Engineering-Maryland. Dr. Daniela Cruzes received her PhD in experimental software engineering from the University of Campinas - UNICAMP in Brazil in 2007. Her research interests are empirical software engineering, research methods and theory development, synthesis of SE studies, software security, software testing and agile and DevOps
Challenges and Experiences with Threat Modeling in Agile Development Projects
Abstract: The goal of secure software engineering is to create software that keeps performing as intended even when exposed to attacks. Threat modeling is considered to be a key activity, but can be challenging to perform for developers, and even more so in agile software development. Hence, threat modeling has not seen widespread use in agile software projects. The goal of the presentation is to show some of these challenges and approaches that the teams are working on.
Dario Cavallaro, Security Customer Success Specialists @ Cisco.
Security through an iterative process
Abstract: Security through an iterative process is a collection of notes collected in 15+ years’ experience. We will go through what has worked for most companies, some myths and some of the common things that are typically missing, but that everybody wants.
OWASP Timisoara #18: 18 March 2021
Spring sessions - Theme: Security Automation & Intelligence, Code Patters
More about the speakers and topics
Teofil Cojocariu, Application Security Engineering Lead @ Betfair Development Romania.
I’m focused on Application Security Engineering & Penetration Testing combined with CAMS mindset (Culture, Automation, Measurement, Sharing - DevSecOps) and I reported security bugs to Google, Facebook, Uber, Bitdefender, ING Bank, Yahoo or other companies. One of the most interesting thing is that I built a platform “Surface - Security Intelligence Automation Platform” which is being used by more than 900 people in Paddy Power Betfair, Flutter and I was the Security SME for a Private Cloud based on OpenStack with environments as code.
Surface Security - Security Intelligence Automation Platform
Abstract: Our external attack surface is constantly growing, which gives external attackers the opportunity to continuously search for new attack vectors. In order to successfully respond to Security incidents we needed a centralized platform which aggregates all the data about our premises in a single place.
Surface Security (Security Intelligence Automation Platform) is an internally built tool which assists our internal Security teams to gain a holistic view about our externally exposed assets. More than that, it facilitates faster incident response based on the information correlated by it. Surface started as a small project in which we tried to close the gaps identified in our security controls. The platform’s core is built in Django which is a Python-based open-source framework which has a fast learning curve. Besides Django, we’re using technologies like Ansible (automation), Dkron (fault-tolerant jobs), Elasticsearch (Security metrics storage) and Grafana (reporting). During the whole period it gained a lot of traction in our company determining people to contribute to its success by implementing and suggesting new features. We’re currently utilizing it for reporting the Security gaps to other areas of key business areas and for Security controls like: monitoring our externally exposed assets, vulnerability management, security incidents, bug bounty reports and penetration testing.
Bence Nagy, software engineer @ r2c.
Bence Nagy is a software engineer at r2c, working on Semgrep, an open-source syntax-aware code search tool. At r2c, his responsibilities tend towards building various interfaces atop the core semgrep CLI. These include CI integrations, editor extensions, and the semgrep.dev web app. He previously led a developer experience team at Kiwi.com, the Czech Republic’s top startup at the time of its acquisition in 2019. You should totally ask him for video game recommendations after the talk.`
Detect complex code patterns using semantic grep
Abstract: We’ll discuss a program analysis tool we’re developing called Semgrep. It’s a multilingual semantic tool for writing security and correctness queries on source code (for Python, Java, Go, C, and JS) with a simple “grep-like” interface. The original author, Yoann Padioleau, worked on Semgrep’s predecessor, Coccinelle, for Linux kernel refactoring, and later developed Semgrep while at Facebook. He’s now full time with us at r2c.
Semgrep is a free open-source program analysis toolkit that finds bugs using custom analysis we’ve written and OSS code checks. Semgrep is ideal for security researchers, product security engineers, and developers who want to find complex code patterns without extensive knowledge of ASTs or advanced program analysis concepts.
OWASP Timisoara #17: 03 December 2020
Online Event - Due to #COVID19 in #Romania, we have to make the announcement that the #17 OWASP Timisoara Chapter meetup will be ONLINE. Winter sessions - Theme: Hackers Mindset + Web Indexing and Crawlers
More about the speakers and topics
Per Olsson(repolsson), Application Security Engineer at Visma. Per has a background as a developer focusing on the security aspects of software development, he has an unhealthy obsession with passwords and understanding the human behind the hoodie.
Hackers and the hacker mindset Abstract: Per will talk about what hacking actually is, how a hacker thinks compared to for example a developer and about a few different types of hackers.
Tom Hudson (TomNomNom), Security Research Tech Lead at Detectify. Tom is from Bradford in the UK and he is a Open-source tool maker, trainer, talker, fixer, eater, not really a sheep.
The Unsearchables - Finding Things That Google Doesn’t Abstract: Google does a fine job of indexing the web for most purposes, but we often want to find things that “regular” people aren’t so interested in. Let’s take a look at some places you can look, and some techniques you can use to find things that Google doesn’t index. We’ll look at digging into git repository histories, Docker images, and a few other things to find secrets and other useful information.
Hackers and the hacker mindset - Per Olsson (Visma)
The Unsearchables - Finding Things That Google Doesn't - Tom Hudson (Detectify)
Networking or Other Questions
18:30 to 20:00
OWASP Timisoara #16: 24 September 2020
Online Event - This summer at the #16 OWASP Timisoara edition you will find out from experts what pushes the industry further. We will explore the latest cyber trends in Bug Bounty, Responsible Disclosure Programs presented by the OWASP Timisoara Board members (Ioana Piroska & Daniel Ilies) and in Cyber threat Intelligence by Julius Nicklasson from Recorded Future. Summer sessions - Theme: Bug Bounty, Responsible Disclosure and Cyber Threat Intelligence
Working with Hackers (Bug Bounty and Responsible Disclosure Program) - Ioana Piroska (Visma) & Daniel Ilies (Visma)
Cyber Threat Intelligence - Julius Nicklasson (Recorded Future)
18:00 to 19:20
OWASP Timisoara #15: 11 December 2019
Powered by UnifiedPost / Address: C. Brediceanu, 10, City Business Center,Building D, 5th floor, Timisoara, Romania Winter sessions - Theme: Honeypots, Hacking and Community Building
About Honeypots - Florin Patruta
Too good to be true - Learning path: How to become a hacker - Catalin Curelaru
Learning Security & Community Building - Radu Ticiu
18:00 to 21:00
POWERED BY UnifiedPost
> snacks and drinks on the house
Winter sessions - Theme: Honeypots, Hacking and Community Building
OWASP Timisoara #14: 29th August 2019
Powered by Visma / Address: Strada Aristide Demetriade, Nr 1, UBC3 building, 10th Floor, Timisoara Summer sessions - Theme: CyberSecurity, XSS/CSRF Attacks, Transparency
Intro OWASP Timisoara - Catalin Curelaru
CyberSecurity - Behind your front door - Adrian Daniel Bacanu
XSS & CSRF attacks - Daniel Ilies & Claudiu Ivan
Transparency of Episode XVI: The Empire Strikes - Catalin Curelaru
Endnote - Plans for the future - Involvement in the Chapter - Catalin Curelaru
18:00 to 21:00
POWERED BY Visma Romania
20th September 2016, OWASP InfoSecTM #13
Matei-Eugen Vasile, ApTI - Digital privacy și inamicii săi
Lucian Florin Ilca, Atos - Prezentarea și dezvoltarea vulnerabilităților la nivel de routere, switch-uri și access point-uri
31th May 2016, OWASP InfoSecTM #12
Daniel BORCA - engine developer, Bitdefender - Be aware of your bugs, if you aren’t, someone else is
12th April 2016, OWASP InfoSecTM #11
Title: Be aware of your bugs, if you aren’t, someone else is The first session will introduce key concepts necessary in understanding what is going on “under the hood” of your program and how this correlates with being a possible victim of an exploit.
We will also dissect a real life exploit to see how this is done “in the wild” and what can we do to prevent it.
Daniel BORCA - engine developer, Bitdefender
Alin BARBATEI - malware researcher, Bitdefender
17th February 2016, OWASP InfoSecTM #9
17th February 2016, OWASP InfoSecTM #9
15th december 2015, OWASP InfoSecTM #8
Previous speakers at OWASP Timisoara
Become a supporter of OWASP or of OWASP’s Timisoara Chapter and help us
to make application security more visible.
All information about becoming a member/sponsor can be found
OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.
to this chapter or become a local chapter supporter. Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member?