2nd OWASP Security Meetup @ SBA
On March 31, our 2nd OWASP Chapter Vienna Meetup took place, featuring three excellent speaker sharing insights on OT-Security and a bit more.
© SBA Research
Speakers
Talk 1: OWASP Top 10 … but for OT?!
Operational Technology (OT) encompasses a wide variety of programmable systems and devices that have direct or indirect interactions with the physical environment. These technologies are integral to numerous sectors such as manufacturing, energy, transportation, medical, and utilities, where they play a crucial role in the operation and management of physical processes.
As OT systems become more interconnected and integrated with Information Technology (IT) networks, they face increased vulnerability to large-scale cyber attacks. This integration, while beneficial for operational efficiency and data sharing, exposes OT systems to the same cyber threats that typically target IT environments.
The goal of the OWASP OT Top 10 is to raise awareness about the top security risks and vulnerabilities specific to OT environments.
Speaker:
Siegfried Hollerer has seven years of experience as a penetration tester, focusing on the analysis of web applications, IT/OT infrastructures, and social engineering attacks. In addition to his practical experience, he has obtained an OSCP certificate. Furthermore, Siegfried has gained experience in incident response. During this time, he also carried out security management consultations, audits and certifications based on the OT security standard IEC 62443 and the IT security standard ISO 27000.
In 2023, Siegfried joined the Federal Ministry of the Interior (BMI) in Austria as a security architect and analyst to enforce the “Netz- und Informationssystemsicherheitsgesetz” (NISG), which is the national implementation of the NIS EU directive [cf. Directive (EU) 2016/1148] .
Talk 2: Recurring Security Pitfalls in Cyber-Physical Systems: A Cross-Domain Analysis
Cyber-physical systems (CPS) repeatedly exhibit similar security weaknesses across domains, despite differing technologies and operational contexts. This talk explores recurring security pitfalls in areas such as manufacturing, energy, and aerospace. By analyzing common patterns, we reveal the root causes and discuss strategies for designing more resilient CPS architectures and engineering
practices.
Speakers:
Matthias Eckhart is a postdoctoral scientist at the AIT Austrian Institute of Technology. Previously, he worked on privacy and responsible AI at Amazon, conducted security research at SBA Research,
and developed software at NXP Semiconductors.
Philipp-S. Vogt is a research engineer and PhD candidate at AIT Austrian Institute of Technology. Vogt received a MSc in electrical engineering from TU Wien. His research interests include cyber-physical systems, embedded systems and cyber security.
About the Meetup
As the OWASP Vienna Chapter, our mission is to connect people, share knowledge, and advance software and IT security within our community. We aim to create an open and collaborative environment where security professionals, researchers, students, and enthusiasts can learn from each other, exchange ideas, and build meaningful connections.
Whether you’re deeply specialized in application security or just beginning to explore the field, our events and activities are designed to provide valuable insights, hands-on learning opportunities, and a strong network of like-minded individuals.