“Discovering the world of cybersecurity, from the ‘niche’ sector to a widespread priority for all companies. Why is cybersecurity so important? Are all cyber-attacks so sophisticated? What can we do to protect our data and technologies?”

Pluribus One is a software company that develops cybersecurity solutions. It was founded based on university research and maintains a strong connection to academia.
The company is committed to training, knowledge sharing, and innovation to advance modern society.
In recent years, computer security has become a topic of widespread interest, even in mass media.
“For this reason, we organized a day in Cagliari dedicated to the modern cyber landscape. It was the second event of its kind in 2023.” During the event, we analyzed some of the most relevant topics and the results obtained in Italy and Europe. These results were thanks to the research and development projects funded by the European Commission. These projects are one of the main drivers of innovation in our continent.

The AssureMOSS project, which is the main sponsor of the event and of which Pluribus One is a partner, is one of several projects that have delved into the themes of testing, risk management, and certification related to software over the last three years. This project has been deepened by the work of its 12 partners from all over Europe.

The OWASP Foundation, which participated in organizing the event through its Italian Chapter, is the leading authority on software security issues. The community promotes and implements projects, solutions, and models to address these issues.
The day started with a welcome from Davide Ariu, CEO of Pluribus One, Matteo Meucci, chair of OWASP Italy Chapter, and Fabio Massacci, Project Coordinator of AssureMoss.

Next, Annita Sciacovelli from ENISA and the University of Bari presented her talk on the ‘EU Cybersecurity Strategy: All-Hazard Approach and Normative Firewall’. She highlighted that addressing cyber threats is not just a technological challenge, but also requires coordination across all levels of society, including political, regulatory, and research sectors.

We spoke with Antonino Sabetta from SAP-Security Research. In his talk ‘Open-source software and security of the software supply chain’, he explained how the widespread use of open-source software increases the attack surface of applications that use it.
Giorgio Di Tizio from the University of Trento gave a talk titled ‘Are Software Updates Useless Against Advanced Persistent Threats?’ which focused on the importance of continuous software updates in preventing attacks.

The proceedings continued with Jan Lukasz Seidel from QWIET.AI, who gave a talk on ‘Testability Patterns for Web Applications’. He shared useful and recurrent patterns for testing web applications.

The panel discussion titled ‘AI for Security, Security for AI’ featured Enrico Frumento from Cefriel, Cedric Gouy Pailler from CEA (Commissariat à l’Energie Atomique), Maura Pintor from the University of Cagliari and Pluribus One, and Fabio Massacci from the University of Trento and University of Amsterdam. The discussion focused on the interaction between AI and security.

Just before a relaxing and precious break, we listened to Angel Merino, Universidad Carlos III Madrid with his talk “Analysis and implementation of nanotargeting on LinkedIn based on publicly available non-PII information.”

The work starts again with the speakers of OWSAP’s “call for talk”.

It starts with Fabrizio Bugli CheckMarx – “API Security and Observability: Going Beyond the Shift Left Paradigm”, with an interesting talk about the security of the APIs and the testing phases from the beginning of the development cycle.

The afternoon continues with Silvia Lucia Sanna, University of Cagliari with the talk “Vulnerabilities in Android applications’ Native Code: a risk approach”, with a focus on the vulnerability in the native code of Android applications.

This is the moment of Christian Scano, Pluribus One, with the talk “Software Supply Chain Attacks: An overview of Threats, Real Cases and Prevention Strategies”, with an overview on attacks on the software supply chain, with a space dedicated to threats, real cases and prevention strategies.

Finally, Davide Carboni – Uncommon Digital, with his talk “Secure coding and auditing of smart contracts”, on secure programming and audit
of intelligent contracts.
It’s time for greetings and to thank a room still grim after 8 hours of cyber training.

Our journey continues in 2024!