Global webinar brought hours of security research and related content to members’ own homes
At a time when social distancing is becoming the new norm, a new online conference aims to bring the global security community together again.
This past weekend saw the first edition of OWASP Chapters All Day, a 24-hour, non-stop security conference conducted from the safety of members’ homes.
OWASP – the Open Web Application Security Project – has more than 280 groups, or chapters, on six continents, with factions covering cities or sometimes entire countries.
The online conference was suggested by Takaharu Ogasa, leader of the Sendai chapter, Japan, back in March after social distancing was enforced worldwide amid the coronavirus pandemic.
Ogasa floated the idea with other chapter leaders, forming an organizing committee consisting of himself plus Oscar Carlo Orellana Artigas (Chile), John DiLeo (New Zealand), Grant Ongers (UK), Azzeddine Ramrami (Morocco), and Vandana Verma Sehgal (India).
Hours of content
OWASP Chapters All Day, which is open to viewing by members and non-members alike, saw participants from the organizers’ chapters plus Egypt, Belgium, the US, Guatemala, and others covering topics including cloud security, open source projects, and security policy.
In a session topically named ‘Flattening the Cyber Curve’, New York’s Christopher Frenz highlighted the risks that cyber-attacks pose to the healthcare sector.
Frenz, a leader on the OWASP Secure Medical Device Deployment Standard (PDF) project, said: “With the Covid pandemic going on around the world, there have been really increased infosec challenges for healthcare.”
Issues such as an increased adoption of remote access, often via insecure personal devices, along with a surge in temporary healthcare workers, were cited among the sector’s many challenges.
But how does the healthcare industry flatten this so-called cyber curve? Frenz suggested malware protection and auditing remote access setups could be just some of the short-term solutions to this growing problem.
Defense in depth
Rahul Tyagi, from OWASP Meerut in India, presented a talk entitled ‘Real Privacy Protection in the Covid-19 Era’, offering tips on how to defend against issues such as the increase in social media fraud, spear-phishing, and e-commerce scams by cybercriminals taking advantage of the global pandemic.
Elsewhere, Morocco chapter leader and co-organizer of the conference Azzeddine Ramrami presented his idea of how to set up a continuous DevSecOps toolchain using open source software.
Traditionally, Ramrami explained, security defects are spotted during the pre-release testing stage, or sometimes even after the product has been released.
Instead, he demonstrated how the implementation of threat-driven, security-focused designs (and testing throughout the entire process) can not only ensure that products are secure before their launch, but also save time and money.
OWASP New Zealand affiliate Erica Anderson spoke about how the security community can help small businesses and other organizations in the wake of Covid-19.
Anderson explained how phishing attacks, scams, and fraud are among issues that these small groups face, often falling victim to attacks due to lack of knowledge, time, and money to defend against them.
In response, Anderson has helped to create a guide for these “perpetually small” groups, which you can find out more about in her OWASP Chapters All Day session.
One of the final presentations, by Sam Stepanyan from OWASP London, introduced OWASP Nettacker, a tool to automate information gathering and vulnerability scanning during pen tests.
Back next year
In the closing remarks, the OWASP Chapters All Day organizers revealed that the conference had received more than 5,700 views, and gained more than 950 subscribers on YouTube.
The team is now planning an extended event for February 2021, which will take place over 48 hours.
New Zealand’s John DiLeo said in the closing statements: “One of the things we would like to do is to make sure the event stays inclusive [and] that everyone who would like to participate gets a chance.
“So we’ll do some improvements to call for chapters and call for presenters process, and it is our desire to make sure that first priority goes to chapters that did not get a chance to host this time.”
Vandana Verma Sehgal, Bangalore chapter leader and OWASP board of directors member, told The Daily Swig: “We planned this event in two months and pulled it off with the help of leaders and community.
“The community involvement in the sessions was amazing. The best part was that we had speakers from around the world [to] address the global audience such as Japan, Chile, India, and South Africa.”
Sehgal added: “The next event is set to plan for February 2021 for 48 hours to involve more and more chapters. It’s all to get the chapter leaders, speakers, and global community together.”