by Aaron Bedra
Putting software on the web can be a dangerous venture. Sure you read about all of the internet billionaires and their seemingly simple ideas. What you don't read about (unless it gets really bad) are the trials and tribulations that take place in the name of securing those applications. Every day new ideas techniques are discovered to plunder your software and take your users sensitive information. A security breach can mean serious brand disruption and in some cases, close doors. Join Aaron Bedra as he walks you through a practical approach of the things you need to be aware of as you design new software systems. He will take you through a brief history of security, cryptography, and politics. He will cover ideas like authentication, authorization, configuration management, and data validation. He will offer some ideas around building a security program in your organization and provide some pragmatic tips that will help you secure your software without sacrificing your time to delivery.
The cloud is a great new force in computing. A lot of companies are betting their future on it, and many more are dipping their toes in the water. There are a lot of concerns about the cloud, and if it is secure. In this session Brian will discuss what security in the cloud means, and how you can be both secure and in the cloud. He might bust some myths and burst some bubbles in the process.
by Aaron Bedra
Are there things about your software that keep you up at night? Is the security of your application and the servers they’re running on one of those things? If you answered yes, this talk is for you. If you answered no, this talk is a must! Join Aaron as he introduces you to several methods of quickly learning the basic skills needed to asses the security of a web application and the server(s) that it runs on. You will explore common mistakes made in software development as well as common misconfigurations on servers that lead to their eventual demise. In this session you will be introduced to Webgoat, a project by OWASP that teaches basic web application hacking techniques through exploration and challenges. You will have the ability to work through a few of the labs as a group and arm yourselves with some new skills. You will learn the basic techniques for port scanning and service identification, and how to spot potential weaknesses in server configurations without setting off any alarm bells. After some basic training you will be given a challenge as a group to deface a simple web application running on a virtual machine during the talk.
30th April to 4th May 2012