Bulgaria

Events

Round table National Cyber Security Strategy - the Road Ahead
Date: 30 Sep 2016

National Strategy model, Key activities and projects. Inter Institutional cooperation – key factor in the implementation of Cyber Resilient Bulgaria Strategy Public Private Partnership and the place and role of Industry in building Cyber Resilient environment in Bulgaria. Solutions and Technology 3. International and Regional Cooperation and possibilities for use and adaptation of partner countries and organizations experience Available solutions and Technologies. Industrial proposals

Round table aims to initiate discussion among State Authorities, Academia and Industry on the mail directions and projects in the Action Plan and Road map for Strategy implementation

Cyber Security Threats and Risks. How to Combat Cybercrime.
Date: 13 Oct 2016

A one-day specialisation course on cybersecurity and cybercrime prevention for experts from the Bulgarian National Revenue Agency.

The course aims to improve the qualification and knowledge of the National Revenue Agency experts from Bulgaria. It is part of series of courses provided by the Academy to NRA experts.

The course focuses on the following topics:

- Latest technology challenges - smartphones and social media. Identity theft and the role of social engineering. Introduction to the dark side of technologies.

- Virtual money and cryptocurrencies. Methods for combating crime committed through the use of information and communication technologies.

- Modern solutions for investigation, electronic evidences, search and seizure. 24/7 point of contact and the new challenges for the trans-border cooperation.

- Case studies.

The trainers are law enforcement representatives, prosecutors and information security experts.

The course is part of the newest educational campaign of the International Cyber Investigation Training Academy for representatives from the public authorities, business and end users aiming to improve their skills and raise their awareness on cybersecurity.

Top 10 Web Threats
Date: 17 Oct 2016

This course includes live demos of attacks, exercises in detecting and leveraging threats, examples of weak and vulnerable code and the process of repairing it and fixing vulnerabilities, mitigation tactics, developer-specific best practices and discussions on how not to write vulnerable code in the process of daily work. The course is mostly technical and not organizational.

When: 17 October 2016
Where: Sofia Tech Park

Various sources identify that between 20% and 60% of websites have each at least one serious vulnerability. Our own research at ESI CEE confirms that the danger is significant. A serious issue is the diversity of threats on Web platforms – different types of attacks can shut down entire services, steal valuable data, impersonate legitimate sites, intercept data on-the-fly, forge user actions, etc. Due to the constant increase in the number of attacks on Web applications, a Web developer now has to be aware of the threats in order to effectively counteract these threats and produce secure and correctly working systems. This 1-day course is designed to introduce developers to the inner workings of the top web threats, how they are exploited, and how to write code that is secure against these threats.
The course includes live demos of attacks, exercises in detecting and leveraging threats, examples of weak and vulnerable code and the process of repairing it and fixing vulnerabilities, mitigation tactics, developer-specific best practices and discussions on how not to write vulnerable code in the process of daily work. The course is mostly technical and not organizational.

Objectives
Successful completion of this course enables participants to:
- Be aware of the top threats in Web development;
- Know the tactics used to mitigate these threats;
- Do not systematically allow security vulnerabilities to 'slip in' while developing a product/website.

Practical PHP Security Course
Date: 18 Oct 2016

The course is based on applying security principles in the everyday development process for the PHP language. This training is strongly focused on practice, including exercises that show PHP code with security defects and lets the participants practice fixing such issues. The course will also cover best security practices for the most popular PHP frameworks.

The course is based on applying security principles in the everyday development process for the PHP language. This training is strongly focused on practice, including exercises that show PHP code with security defects and lets the participants practice fixing such issues.
The course will also cover best security practices for the most popular PHP frameworks.

The goal of this course is to teach developers how to recognize common security problems and to write code that is not vulnerable to such issues.

Key topics include:
- Injections (SQL, code, shell)
- XSS
- CSRF
- Session hijacking, and others

Ransomware
Date: 19 Oct 2016

Educational seminar on ransomware

Short history of ransomware, how ransomware works, what to do if attacked by ransomware, how to protect from ransomware

Advanced Web Threats
Date: 20 Oct 2016

The course intends to pick where “Top 10” left off – namely to deepen the understanding of the top vulnerabilities and to broaden the scope of vulnerabilities that are discussed. The course includes live demos of attacks, exercises in detecting and leveraging threats, examples of weak and vulnerable code and the process of repairing it and fixing vulnerabilities, mitigation tactics, developer-specific best practices and discussions on how not to write vulnerable code in the process of daily work. The course is mostly technical and not organizational. The advanced course will additionally include exercises in which participants in turn attempt to fix and attack particular implementations. A heavier focus will be placed on labs.

The course includes live demos of attacks, exercises in detecting and leveraging threats, examples of weak and vulnerable code and the process of repairing it and fixing vulnerabilities, mitigation tactics, developer-specific best practices and discussions on how not to write vulnerable code in the process of daily work. The course is mostly technical and not organizational.
The advanced course will additionally include exercises in which participants in turn attempt to fix and attack particular implementations. A heavier focus will be placed on labs.

The goal of this course is to prepare developers for dealing with real-world sophisticated attacks, so they can properly design and code in order to deliver a resilient and secure product.

Course agenda:
- Introduction
- Advanced SQL & NoSQL Injection
- Advanced XSS & HTML-only Injection
- Server-side request forgery
- XML Injection
- Advanced CSRF Examples & Labs
- OpenID & OAuth
- Integer security
- Basics of Secure Coding

Prerequisites: Suggested background is the ESI CEE “Top 10 Web Threats” course or equivalent knowledge.
The course requires a deep understanding of web technologies and strong programming skills.