Session Proposals

Daniel Fett

How are (secure) internet standards created?

I'd like to discuss how internet standards are developed at the IETF and at other organizations, like the W3C. A special focus will be the security aspects of internet standards.

Learning from a failed responsible disclosure process

I'd like to give some insights into the disclosure process of security issues in electronic classbooks. A lot of things went wrong before public disclosure and resulted into unpatched issues when first information were published. I'd like to discuss what went wrong and how these problems may have been avoided.

Guido Schmitz

BUFFER OVERFLOW 101

I want to give an intro to buffer overflows as an attack method (stack smashing).

Vladimir Dzhuvinov

Bio security in the age of interplanetary travel and probes

With future manned space missions and probes returning from other planets - what can possibly go wrong?

How is the Earth planning to protect itself from alien organisms?

How small is a virus and how many Kb of code does it actually make it self-replicate in a host?

Got to be attending some unexpected family matter today and it looks like I won't be able to make it for a talk, apologies.
Vladimir Dzhuvinov, 04.04.2020
Sven Strittmatter

Security-Test-Driven Company

I'm more a Developer than a security guy, but I do security. I'm not very good in this "we find security holes afterwards" thingy. I prefer more a test driven approach: constantly checking for errors, fix them and test that they do not occurre again. I started a project in my company to test-drive our whole infrastructure to find issues and wanna give you my experience about that, how do that and also funny stories what we found.

Security is not that hard! You just need to start doing it.

And yes, I do some some ISO27k bashing ;-)

Sounds great :-) Maybe it's quite similar to my session
Claudius Link, 04.04.2020

Security scanning and TLS profiling with yesses

Yesses is a new open-source tool for security scanning developed and in use at yes.com. In this session, Daniel and I will give an overview of the features of yesses. One main feature of yesses is the ability to compare the TLS settings of a server with a Mozilla TLS Profile. This feature is also available separately as a public web service.

Reminder to me: What are the differences to SSLalyze and such?
Sven Strittmatter, 04.04.2020

Functional Safety with PROFIsafe

I ´d like to discuss the features and structure of the functional safety protocol. In particular, the security features will be analyzed and possible attacks on the protocol will be discussed.

Reimar Bauer

Discussion about Home Office - secure it

Best practices for employes

- connections

- storage

- distribution

- conferencing, meetings?

- conferencing, meetings I can show an example of the Open Source bigbluebutton project.
Reimar Bauer, 04.04.2020
Martin Junker

Play a wargame

Let's do something practical. overthewire.org offers a variety of interesting wargames. We can form teams and solve the tasks together and thus learn from each other. I would suggest to limit the teams to 3 people, so that a discussion can also develop. No installation is necessary.

Industrial Security as Requirement for Occupational Safety and Health

Which attacks endanger occupants? How to convince stakeholders that Security is important? Which tools did I use? Which tools did you benefit from?

I am Reasearch Assistant at the Institute for Occupational Safety IFA (DGUV) and will report from our perspective.

Short talk+Diskussion

Sven Strittmatter

What about sudo

Disclaimer: This is maybe to small for 50 minutes.

I have questions about sudo:

- Should I use it or does it increase attack surface?

- Should I use it with or without password?

- Should I use it with root password or suddens password?

What are your opinions?

wow, 7 votes?!
Sven Strittmatter, 04.04.2020
Claudius Link

Agile [vs] Security

I'd like to discuss if these are a contradiction or a complementary improvement

What is your experience? What do you want to know about agile.

Security Testing in CICD processes

(experience collection proposed from someone with no experience )

with focus on web applications like angular, main interest how to security related checks can be integrated into deployment processes

Shameless self plug: Then my session about security-testdrivne company may be interesting because we do this with CICD tools.
Sven Strittmatter, 04.04.2020
Pablo Endres

Open discussion on IoT and IIoT security

I'd like to discuss experiences on IoT and IIoT security.

Tools you use, methods you follow, Interesting use cases.

The idea is not to do a presentation but more share knowledge among practitioners.

In order to be able to create or vote for proposals, you need to be logged in. you can log in and register here