I'd like to discuss experiences on IoT and IIoT security.

Tools you use, methods you follow, Interesting use cases.

The idea is not to do a presentation but more share knowledge among practitioners.

(experience collection proposed from someone with no experience )

with focus on web applications like angular, main interest how to security related checks can be integrated into deployment processes

I'd like to discuss if these are a contradiction or a complementary improvement

What is your experience? What do you want to know about agile.

Disclaimer: This is maybe to small for 50 minutes.

I have questions about sudo:

- Should I use it or does it increase attack surface?

- Should I use it with or without password?

- Should I use it with root password or suddens password?

What are your opinions?

Which attacks endanger occupants? How to convince stakeholders that Security is important? Which tools did I use? Which tools did you benefit from?

I am Reasearch Assistant at the Institute for Occupational Safety IFA (DGUV) and will report from our perspective.

Short talk+Diskussion

Let's do something practical. overthewire.org offers a variety of interesting wargames. We can form teams and solve the tasks together and thus learn from each other. I would suggest to limit the teams to 3 people, so that a discussion can also develop. No installation is necessary.

Best practices for employes

- connections

- storage

- distribution

- conferencing, meetings?

I ´d like to discuss the features and structure of the functional safety protocol. In particular, the security features will be analyzed and possible attacks on the protocol will be discussed.

Yesses is a new open-source tool for security scanning developed and in use at yes.com. In this session, Daniel and I will give an overview of the features of yesses. One main feature of yesses is the ability to compare the TLS settings of a server with a Mozilla TLS Profile. This feature is also available separately as a public web service.

I'm more a Developer than a security guy, but I do security. I'm not very good in this "we find security holes afterwards" thingy. I prefer more a test driven approach: constantly checking for errors, fix them and test that they do not occurre again. I started a project in my company to test-drive our whole infrastructure to find issues and wanna give you my experience about that, how do that and also funny stories what we found.

Security is not that hard! You just need to start doing it.

And yes, I do some some ISO27k bashing ;-)

With future manned space missions and probes returning from other planets - what can possibly go wrong?

How is the Earth planning to protect itself from alien organisms?

How small is a virus and how many Kb of code does it actually make it self-replicate in a host?

I want to give an intro to buffer overflows as an attack method (stack smashing).

I'd like to give some insights into the disclosure process of security issues in electronic classbooks. A lot of things went wrong before public disclosure and resulted into unpatched issues when first information were published. I'd like to discuss what went wrong and how these problems may have been avoided.

I'd like to discuss how internet standards are developed at the IETF and at other organizations, like the W3C. A special focus will be the security aspects of internet standards.