DeepSec Press Release: DeepSec and DeepINTEL 2020 as a hybrid conference. IT security in unusual times – events enable virtual access.
There’s nothing like “business as usual” in information security. Vulnerabilities in software, malware, campaigns to attack companies and organizations as well as defending your own infrastructure know no break. In recent months, digital networking has been put to the test as the most important pillar of society and working life. It is often forgotten that not every chic app, every portal and digital trend is trustworthy. For security reasons the annual DeepSec and DeepINTEL conferences will run as a hybrid event. Virtual lectures and face-to-face presentations will be equally accessible to all participants and speakers.
Digital protection has never been more important
Digitization is quickly pronounced. Software is even faster labelled as secure. Unfortunately, the last few decades of security research have shown that weak points can only be reduced through consistent secure design and secure coding. In addition, secure data transmission and data processing must be guaranteed. According to self-promotion, a large number of applications that are used every day meet these criteria. But if you look behind the scenes, the picture is often completely different. Therefore, transparency is not an empty word in information security. The implemented security measures – especially of platforms – in hardware and software must be able to be technically scrutinized. Quick fixes, such as an all-powerful app for the smartphone or quickly set up websites that pretend to be a platform built with experience, will sooner or later take revenge with serious security problems.
The pandemic rampant home office offers a wide range of attack options because the typical home network can hardly offer any noteworthy protection against threats due to many amenities such as entertainment and smart home technologies. Convenience does not automatically have to be a contradiction to security if the devices and networks used are properly separated.
Social engineering through misinformation
Extraordinary events always lead to a meteoric trail of false information that is used for fraud and tricks. Especially with the large number of reports on health measures and regulations on infection protection, the credibility of messages with catchphrases from the reporting increases. Since the most common attacks still occur via links to manipulated websites or by carelessly opening apparently trustworthy documents, you have to keep a cool head. Otherwise stoked insecurity and built-up fear can be exploited. Given the current situation, DeepSec conference events in November would like to offer the usual forum for exchange and discussions.
Virtual training on current security problems
Nothing beats exchanging practical experience using hands-on examples. This concept is also available in our virtual trainings. These are also held in the hybrid concept. Participants on site in the event hotel can work on content together with virtual participants. The format offers space for discussions and targeted training.
The program again includes the successful Full Stack Security Testing Workshop by Dawid Czagan. Modern web applications have a strong vertical structure and are based on a variety of technologies. Developers are faced with major challenges because a very good overview of the code used in the levels is required. The workshop covers all aspects of current web applications, attacks against database systems (SQL and NoSQL), taking over subdomains, attacks against browsers, executing injected code on systems and much more. In the DeepSec schedule there are links to videos that give a precise overview of the content.
Since DeepSec has a special focus on Industrial Control Systems (ICS) this year, there will also be training on securing these systems. Tobias Zillner and Thomas Brandstetter focus on the interface between Information Technology (IT) and Operational Technology (OT). The training provides an overview of the most important protocols in the industrial sector, shows how they are secured and guides you through a series of attacks and vulnerabilities. The knowledge is indispensable for the defense of industrial plants in the context of digitization. The content comes from the experiences of the trainers when analyzing existing ICS configurations.
Further trainings are listed in the DeepSec program and described in detailed articles on our blog.
Programs and booking
The DeepINTEL Security Intelligence Conference will take place on November 18th. Since this is a closed event, we ask for direct inquiries about the program.
The DeepSec 2020 conference days are on November 19th and 20th. The DeepSec trainings will take place on the two preceding days, November 17th and 18th.
Due to the restrictions on travel and stable implementation, some of the training courses are of a virtual nature (for details, please refer to the program or ask us directly).
The conferences themselves will run as a hybrid event (mixed presence / virtual, whereby everyone can see and hear everything).
Both events are carried out under COVID-19 health measures, which we publish constantly updated under this link https://deepsec.net/docs/Counter_Covid-19.pdf?xfiles=on.
The venue for the DeepSec and DeepINTEL events is The Imperial Riding School Vienna – A Renaissance Hotel, Ungargasse 60, 1030 Vienna.
You can order tickets for the DeepSec conference itself and the training courses at any time under the link https://deepsec.net/register.html. Please note that due to planning security we are dependent on timely ticket orders.