[Owasp-boston] OWASP Boston topic description for Thursday - 7pm MS NERD - sexy app defense?

Weiler, Jim Jim.Weiler at starwoodhotels.com
Wed Jun 1 09:00:18 EDT 2011


Paul has an updated talk with more demos - 

There is a plethora of information available on how to break into
systems, steal information, and compromise users. As a penetration
tester, I have performed testing on a regular basis that reveals severe
security weaknesses in several organizations, and many of my peers have
reported on the same. However, once you "own" the network and report on
how you accomplished your goals, now what? Sure, we make defensive
recommendations, but consistently it has been proven that security can
be bypassed. Not enough focus is given to what works defensively. We
have a lot of technology at our disposal: firewalls, intrusion
detection, log correlation, but it provides little protection from
today's threats and is often not implemented effectively. This talk will
focus on taking an offensive look at defense. Applying techniques that
are simple, yet break the mold of traditional defensive measures. We
will explore setting up "traps" for attackers, slowing them down with
simple scripts, using honeypots, planting bugs, and most importantly
tying these methods to "enterprise security". This talk will also
include real-world examples of the techniques in action from a live,
heavily attacked site. Topics will include:

- Using wireless "attacks" on the attackers
- Implementing the Metasploit Decloak engine to find the attackers
- Setting traps to detect web application attacks
- Integrating results into your enterprise log management tool

The goal of this talk is to make defense "sexy"... 

 

 

Jim Weiler   CISSP  CSSLP  GSSP-Java

Starwood Hotels and Resorts

Sr. Mgr. Information Security Risk Assessment

Office - 781 356 0067

Cell - 781 654 6048

 



This electronic message transmission contains information from the Company that may be proprietary, confidential and/or privileged. 
The information is intended only for the use of the individual(s) or entity named above.  If you are not the intended recipient, be 
aware that any disclosure, copying or distribution or use of the contents of this information is prohibited.  If you have received 
this electronic transmission in error, please notify the sender immediately by replying to the address listed in the "From:" field. 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-boston/attachments/20110601/22d4a33b/attachment.html 


More information about the Owasp-boston mailing list