Insight Summit on June 1st: DevOps, Continuous Deployment & Agile Security

The following post is in German as it is covering an Event with German as the main language.

INSIGHT SUMMIT 2017 präsent DevOps, Continuous Deployment & Agile Security

Inspiriert durch die erfolgreichen Round Table Session der TROOPERS freuen wir uns Ihnen heute mit dem AgileSecurity Insight Summit 2017 eine weitere Veranstaltung in einer Reihe zu Trend-Themen im Bereich der IT-Sicherheit vorzustellen.

Die Veranstaltung beginnt am Morgen mit einer Keynote, gefolgt von Fallstudien und Vorträgen durch interne und externe Referenten aus der Industrie. Im Anschluss werden alle Teilnehmer in zwei Gruppen aufgeteilt, die nacheinander an beiden Round Table Sessions teilnehmen (jeder Teilnehmer kann an beiden Sessions teilnehmen). In den Round Table Sessions werden unter Expertenmoderation typische Problemstellungen und Lösungsansätze diskutiert.

Was Sie erwartet:

  • Eröffnungsvortrag von Florian Barth (Stocard)
  • Fallstudien & Vorträge
  • 2 Round Table Diskussionen


09:00- Opening Remarks
09:15- DevOps Best Practices
10:00- DevOops: Security Fails in the DevOps World
10:45- Kaffeepause
11:00- Case Study
11:45- Integrating Security into Continuous Deployment
12:30- Mittagspause
13:30- Round Table Session
15:00- Kaffeepause
15:30- Round Table Session
17:00- Closing Remarks
17:15- Offizielles Ende

Break Out Sessions:

  • Organisatorische Herausforderungen und Möglichkeiten von DevOps und Continuous Integration/Deployment unter Sicherheitsaspekten
  • Technische Sicherheitsaspekte typischer Technologien der modernen agilen Software-Entwicklung

Gerne lassen wir Ihnen weitere Informationen zukommen oder nehmen Ihre Anmeldung unter entgegen. (Link zu vollständigem Flyer)

Continue reading

TR17 Training: Crypto attacks and defenses

This is a guest blog written by Jean-Philippe AumassonPhilipp Jovanovic about their upcoming TROOPERS17 training: Crypto attacks and defenses. 

The 1-day training from last TROOPERS has become a 2-day training, featuring even more real-world attacks and defenses as well as new hands-on sessions! We’ll teach you, step by step, how to spot and exploit crypto vulnerabilities, how to use the strongest forms of state-of-the-art cryptography to secure modern systems (like IoT or mobile applications), and bring you up to speed on the latest and greatest developments in the world of cryptography, such as TLS 1.3, blockchains, and post-quantum crypto. Continue reading “TR17 Training: Crypto attacks and defenses”

Continue reading

TR17 Training: Fuzzing with American Fuzzy Lop, Address Sanitizer and LibFuzzer

This is a guest blog written by Hanno Böck who will be running the Fuzzing with American Fuzzy Lop, Address Sanitizer and LibFuzzer at TROOPERS17.

Fuzzing is a very old technique to find bugs and vulnerabilities in software. However it has seen a new push in recent years due to vastly improved tools. The compilers gcc and clang have received Sanitizer tools that allow finding a lot of bugs like use after free errors and out of bounds reads that are otherwise very hard to find.

Continue reading “TR17 Training: Fuzzing with American Fuzzy Lop, Address Sanitizer and LibFuzzer”

Continue reading

2nd Rounds of TROOPERS17 Talks!

It is the end of the year and we are hoping it is not too hectic of a time for you all! But if it is, hopefully the announcement of our next round of TROOPERS17 talks is enough to get you in the TROOPERS (if not the holiday) spirit 🙂

Francis Alexander & Bharadwaj Machiraju: How we hacked Distributed Configuration Management Systems

With increase in necessity of distributed applications, coordination and configuration management tools for these classes of applications have popped up. These systems might pop-up occasionally during penetration tests. The major focus of this research was to find ways to abuse these systems as well as use them for getting deeper access to other systems. Continue reading “2nd Rounds of TROOPERS17 Talks!”

Continue reading

CCS’16 – Day 2 – 25th October 2016

Hello again.

Andrei Costin (at project) is here, and this is the second post from a series of guest postings courtesy of ERNW (thanks Niki and Enno!).

Few days ago, the first CCS’16 summarization post went online:

It summarized five presentations of the 6th Annual Workshop on Security and Privacy in Smartphones (SPSM’16). In short, it contained presentations on: over-the-top and phone number abuse, smartphone fingerprinting, apps privacy increase and protection/security, and apps privacy ranking. Continue reading “CCS’16 – Day 2 – 25th October 2016”

Continue reading

Introduction & CCS’16 – Day 1 – 24th October 2016

 I am Andrei Costin (at project), and this is the first post from a series of guest postings courtesy of ERNW.

Between 24th and 28th October, I had the pleasure and the great opportunity to attend ACM CCS 2016 in Vienna, Austria, where I also presented at the TrustED’16 workshop my paper titled “Security of CCTV and Video Surveillance Systems: Threats, Vulnerabilities, Attacks, and Mitigations”.

My attendance throughout the entire ACM CCS 2016 week and my presentation at TrustED was possible thanks to generous support from Enno Rey and ERNW, and I thank them again for this opportunity!

 In these guest postings I am going to summarize the talks I have attended, and will try to make you interested in exploring more on each of the mentioned papers. Continue reading “Introduction & CCS’16 – Day 1 – 24th October 2016”

Continue reading

Announcing the first 5 talks of TROOPERS17!!!!

TROOPERS16 was packed with epic talks from around the world, an unknown evil twin brother appearing, hands-on trainings, and a legendary year for our TROOPERS Charity efforts! If you were there you might be wondering to yourself how could they possibly top it? Well, I am going to let you in on a little secret: Next year is the 10th edition of TROOPERS. One DECADE of TROOPERS, and we are pulling out all the stops! Starting with the announcement of the first 5 talks!

Continue reading “Announcing the first 5 talks of TROOPERS17!!!!”

Continue reading

IoT Insight Summit November 15, 2016

The newest addition to ERNW, ERNW Insight which now hosts TROOPERS, is launching a new concept this year. Based on the successful TROOPERS Roundtable sessions, ERNW Insight will host a series events every year covering current and relevant topics in the field of IT Security. While the style of the events may vary the in-depth knowledge sharing that you have come to know from TROOPERS will not!
Continue reading “IoT Insight Summit November 15, 2016”

Continue reading