The Minister of e-Governance Opened the First in Bulgaria International Conference on the Cyber Security, Part of BSIDES Series, at the UNWE
The UNWE jointly with leading companies in the field of cyber security is a co-organizer of the first in Bulgaria International Conference on the Cyber Security, part of the BSIDES series. The Forum was held in Maxima Aula at the UNWE on two consecutive days - 15 and 16 April 2022.
Such events have been organized all over the world since 2009. They are generally entirely non-commercial designed to create opportunities for cyber security professionals and enthusiasts to present their ideas and share experiences in an appropriate environment among an audience with similar interests.
Special guest for the Conference was the Minister of e-Governance Bozhidar Bozhanov who discussed with the Rector of UNWE Prof. Dimitar Dimitrov the security in the state cyber space and the opportunities for cooperation with the UNWE two days ago.
|The Minister Bozhidar Bozhanov and Assoc. Prof. Rosen Kirilov|
"I rely a lot on the Network and Information Security Directorate at the Ministry. There are many competent and trained people there but more specialists are also needed. For the responsibilities and powers of the Ministry of e-Governance people are also needed. The problem exists not only in the public but also in the private sector", said Minister Bozhanov at the opening of the Forum and added: "unfortunately, we, who understand the details of this matter are a few and that`s why in the medium and long-term policy of the Ministry we have set to increase the capacity through education. We need well-trained people to guard the public systems as well".
|Assoc. Prof. Rosen Kirilov and Minister Bozhidar Bozhanov|
The Vice Rector for Digitalization and Cyber Security of UNWE Assoc. Prof. Dr. Rosen Kirilov greeted the participants in the Conference: "On behalf of the Rector Prof. Dr. Dimitar Dimitrov and on behalf of the entire Rector's leadership, allow me to welcome you to our University. I hope that from this Conference will come out many fruitful papers, discussions, comments and we will outline the directions for the development of this field in the future. In recent years the UNWE has made great efforts to modernize education, to keep up with the latest trends, to be extremely helpful to our students in order to be best prepared for the labour market. It is the reason we develop the Master's Programme in Cyber Security Management very successfully. We are convinced and we want to expand significantly the training of students in this field in the future as we are aware that these challenges to the real business and real life are getting bigger and when the young people come out of the University they need to be prepared for this environment."
On the first day of the Conference the reports and the discussions set in the Conference programme were in thematic areas related to the Internet vulnerability, enhancing the security of information systems and the best practices in cyber security.
|Spas Ivanov, Manager Baseline and moderator of the event|
In the first lecture on the Vulnerabiltiy Full Disclosure Miglen Evlogiev explained what is vulnerability and revealed the responsible vulnerability detection. He emphasized that all the implemented projects have a vulnerability that may be an open problem or one that will become visible in the future. He gave advices and examples of good practice. Evlogiev pointed out that if there are enough ethical hackers who monitor for incidents there will have fewer problems as for him it is important to be built a healthy society. He gave an example of ethical hacking with the case of the training platform Shkolo.bg and the discovery of a security problem by the pupil Stoyan Kolev from the Vocational High School of Computer Programming and Innovation in Burgas.
The Executive Director of the platform Lyubomir Vanyov talked about the case in details and recommended to think about the information security as the health. Stoyan Kolev himself gave more details on how he had discovered the problem.
|Lyubomir Vanyov||Stoyan Kolev|
Vladimir Dimitrov, cyber crimes investigator at the Directorate General for Fight against Organized Crime, reminded the most common frauds in cyber space, such as IBAN switching, investment and love fraud, child pornography, intellectual property theft. He considers the Botnet networks that infect computers as a very big problem. Dimitrov outlined that a large part of the work of the Directorate General for Fight against Organized Crime is focused on the prevention. He specified that the law is strict towards such crimes and new additions are forthcoming for increasing penalties. Dimitrov warned "to be careful with ethical hacking, an important point is when the hacker will stop his activity - his interference, it is also important what is his goal. The line is thin and there is still no legal framework for ethical hacking".
In the second report Tsvetomir Balevsky presented the Application Security into DevOps.
Charge My Car for Free Forever was the topic of the report by Vangelis Stykas. He focused on the electric vehicles which are provisioned to become major vehicles by 2030. He talked about what does API do in the area of cyber security, the cloud infrastructure development and the related cloud cyber attacks and he emphasized on the security stages against such type of cyber-attacks. The lecturer also examined the possibilities of charging vehicles through a cloud system but outlined that actually it increases the risk of cyber-attacks.
In the fourth lecture Martin Stoyanov and Spas Genov explained what is Front-end Security. They pointed out some misconceptions and with short demos presented three vulnerabilities with an analysis of what they lead to, how they can be prevented and how to provide protection. They also explained What is Cross-sideSkripting, what is its impact and did demos on how to prevent it. They also examined various bugs.
|Martin Stoyanov and Spas Genov|
The next presentation delivered by Anton Tsankov was about Securing Kubernetes with Open Policy Agent. The presenter explained how and why to use Kubernetes and what are the cons.
Radoslav Gerganov's presentation was on the Decrypting IPTV. He presented the IPTV service, the advantage of broadcasting TV programmes via the Internet. The lecturer clarified what IPTV services are offered in Bulgaria paying attention to what is the security model and what the IPTV providers use.
In his presentation Daniel Rankov examined the Common Security Pitfalls in AWS Public Cloud for Highly Regulated Industries. He talked about what the public cloud providers offer and when using them: where ends the responsibility by the provider, where begins the responsibility by the user and who will be audited. Rankov also paid attention to the security in public environments. He also explained what services should be used for protection. Last but not least, the lecturer pointed out that the public provider helps with off-the-shelf architectures.
Radostina Kondakova and Yordan Popov presented the topic Where and How to Implement Security in Softwere Development. R. Kondakova drew attention to the fact that even if the company does not have a security specialist everyone in the team is obliged to secure it and emphasized that the prevention is very important. She shared the working principles and one of them says that there is no 100% security. She examined in details the design of Security in Software Development and why to use Threat Modelling.
|Radostina Kondakova||Yordan Popov|
Kristian Mladenov talked about the Active Directory Reconnaissance /Red Team Exercise in Finding Hidden AD Relationships/. He explained what the Bloodhound tool is and how to install it. He pointed out its benefits and what value can be derived from this tool. Mladenov also presented a list of protections.
How to Collect Linux Malware was the topic of the report by Sergey Kostov.
He explained what Malware is for and how to “pick it up”.
The last lecturer Ognian Chikov presented A survey of Blockchain Consensus Algorithms and Attacks. He clarified what the blockchain network is and the consensus algorithms that set rules for operating.
|The team of the event part of BSIDES series|