[OWASP-NYNJMetro] Wed 24th Meeting

Thu Feb 18 13:23:12 EST 2010

 "It's not a conference... its a just a meeting"

Wed 24th at 6pm-9pm seats for 200 & rockstar speakers, its FREE

* Learn * Network * Teach * Career * Meet-Up * Collaborate * but.. RSVP as
space is limited and building security requires a ticket for entry thanks in
advance.

http://www.owasp.org/index.php/NYNJMetro

=================================================
TOPIC: ADVANCED PERSISTENT THREATS 6:15 - 6:50 PM
SPEAKER: VIJAY AKASAPU BIO, MANDIANT
The Advanced Persistent Threat (APT) is a sophisticated and organized cyber
attack to access and steal information from compromised computers. The
intruders responsible for theAPT attacks target the Defense Industrial Base,
critical infrastructure, financial, manufacturing and research industries.
The attacks used by the APT intruders are not very different from any other
intruder: the primary difference is their perseverance and resources. They
have malicious code (malware) that circumvents common safeguards such as
anti-virus, and they escalate their tools and techniques as a victim's
capability to respond improves.
During this "State of the Hack" session, ViJay will present case studies
that describe, in technical detail, the most recent incidents MANDIANT has
responded to. The talk covers how intruders gain access; what they do once
inside a victim network; and how an organization can remediate these attacks

TOPIC: CLOUD COMPUTING AND SECURITY 6:55 - 7:30 PM
SPEAKER: ANDREW BECHERER BIO, iSEC Partners
This session will explore the widely differing security models of the
leading cloud computing providers, including Amazon, Google and Salesforce.
Andrew will also reveal the significant differences in operational and
application security practices necessary to deal with a cloud computing
environment.

TOPIC: THREAT MODELING 7:35 - 8:10 PM
SPEAKER: JOHN STEVEN BIO, CIGITAL
Threat Modeling - How will attackers break your web application? How much
security testing is enough? Do I have to worry about insiders? Threat
modeling, applied with a risk management approach can answer both of these
questions if done correctly. This talk will present advanced threat modeling
step-wise through examples and exercises using the Java EE platform and
focusing on authentication, authorization, and session management.
Participants will learn, through interactive exercise on real software
architectures, how to use diagramming techniques to explicitly document
threats their applications face, identify how assets worth protecting
manifest themselves within the system, and enumerate the attack vectors
these threats take advantage of. Participants will then engage in secure
design activities, learning how to use the threat model to specify
compensating controls for specified attack vectors. Finally, we'll discuss
how the model can drive security testing and validate an application resists
specified attack.

TOPIC: LEVERAGING EXISTING APPSEC TOOLSETS 8:15 - 8:50 PM
SPEAKER: PHIL AMES BIO
Discover ways to leverage the tools you currently use to find potential
vulnerabilities in web applications as early as during an initial
application walk through. This talk will cover the current state of passive
web application analysis as well as discuss how to set up a framework for
your own testing needs

More information - visit http://www.owasp.org/index.php/NYNJMetro  to be a
speaker, sponsor or get involved see HOW-TO

===============================

Tom Brennan
NYC Metro Chapter President / Global Board Member
OWASP Foundation
www.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-nynjmetro/attachments/20100218/9116681a/attachment.html 