[Owasp-losangeles] February meeting -- Wednesday, February 24th, 2010 7:00PM

[Tin Zaw]

February meeting speaker is Alex Stamos, topic is Cloud Computing
Security. It will be hosted at AT&T Interactive in Glendale.

Meeting location is: 611 N. Brand Blvd., 5th Floor, Glendale, CA 91203

Please RSVP via Eventbrite at: http://owaspla.eventbrite.com/

Parking will be validated (no cost). It will be on February 24 (NOT
February 17 as usual) because of my travel schedule. It starts at
7:00PM this time, not 7:30 as usual.

----------
Cloud Computing Security: Raining on the Trendy New Parade

Cloud computing is an unstoppable meme at the CIO level, and will
dominate corporate IT planning for the next several years. Although
they do offer the promise of cost savings for many organizations, the
basic ideas behind abstracting out the corporate datacenter greatly
complicates the tasks of securing and auditing these systems. While
there has been excellent research into low-level hypervisor and
virtualization bugs, there has been little public discussion of the
“big picture” problems for cloud computing. These include virtualized
network devices, browser same-origin issues, credential management and
many interesting legal challenges.

Our goal with this talk will be to explore the different attack
scenarios that exist in the cloud computing world and to provide a
comparison between the security models of the leading cloud computing
platforms. We will discuss how current attacks against applications
and infrastructure are changed with cloud computing, as well as
introduce the audience to new types of vulnerabilities that are unique
to cloud computing. Attendees will learn how to analyze the threat
posed to them by cloud computing platforms as either providers or
consumers of software built on these new platforms. Our platforms for
discussion include Salesforce.com, Google Apps, Microsoft Office Live,
Google AppEngine, Microsoft Azure, Amazon EC2, and Sun.
---------
Alex Stamos is a founding partner of iSEC Partners, a strategic
digital security organization. Alex is an experienced security
engineer and consultant specializing in application security and
securing large infrastructures, and has taught multiple classes in
network and application security.

He is a leading researcher in the field of web application and web
services security and has been a featured speaker at top industry
conferences such as Black Hat, CanSecWest, DefCon, SyScan, Microsoft
BlueHat and OWASP App Sec.

He holds a BS in Electrical Engineering and Computer Science from the
University of California, Berkeley.