by Matt Tesauro
by Ron Ross
by Keith Turpin
by Asad Ali and Karen Lu
by Noa Bar-Yosef
by Gene Kim
by David Hughes
by Daniel Herrera
by John Sapp
by Kevin Stadmeyer and Garrett Held
by Andrew Wilson
by Josh Sokol and Orlando Barrera II
by Tom Brown
by Dan Cornell
by Steve Werby
by Rafal Los
PCI, SAS70, FISMA, BITS, COBIT, just a few of myriad computer audit plans that information security and IT managers have to face every year. The effort required to make and keep systems compliant can be quite complicated and expensive. All those audits mean nothing though, if you can snow your auditor into passing non-compliant systems.
And you'd be shocked at how easy it is to do...
This lecture is an indispensable resource for system admins that are in need of "distressed audit" consulting, as well as security auditors to learn the ways that non-compliant systems get passed by unsuspecting audit personnel. No matter the type of IT audit, we will show you proven ways that have been used to pass machines that by all intents should have failed any thorough review. Tried and true methods are illustrated, then countermeasures discussed. Physical security, CCTV, access logs, audit logs, vendor visits, PCI scans, compensating controls, and other items will be discussed.
by Peter Perfetti and Jim Manico
by Chris Eng
PIE (Programmable Infrastructure Environment) is the open source cloud system management project released in the fall of 2011 that has changed how engineers build systems and manage security in the cloud. In DevOps fashion, PIE is focused on coding infrastructure that blends the lines between applications and servers.
The PIE project began when we built our very large scale cloud-based products and we focused on building a rugged, highly available system that would run resiliently in the face of failures. We knew we had to treat our "Infrastructure as Code" and from that theory PIE was born. Along the way we have learned how hard that can be. Come here how to use PIE to shape your cloud deployment and secure your infrastructure.
This presentation will feature the main developer of PIE, Peco Karayanev, who will give insight into how to transform your infrastructure using PIE.
by Joe Jarzombek
by Philip J Beyer and Scott Stevens
In "Pitfall!", a player must maneuver Pitfall Harry through a maze-like jungle to stay alive. Along the way, he must negotiate numerous hazards, try to recover treasure, and do it all in a limited time. Implementing OWASP's OpenSAMM in a large organization is kinda like playing that classic game. It's a little dangerous, requires vision, planning, and precision, and promises rewards. Like many of its size and with its mandate, the Texas Education Agency already has an SDLC. Enter Pitfall Phil. In an effort to build a stronger program, Pitfall Phil shifted the focus of TEA's application security program to align with OpenSAMM. We will present the hazards he discovered and the treasure he found while playing the game.
by Charles Henderson and Ryan Jones
by David Byrne and Charles Henderson
by Ben Broussard
28th October 2011