[Owasp-boston] OWASP Boston topic description for Thursday - 7pm MS NERD - sexy app defense?
Jim.Weiler at starwoodhotels.com
Wed Jun 1 09:00:18 EDT 2011
Paul has an updated talk with more demos -
There is a plethora of information available on how to break into
systems, steal information, and compromise users. As a penetration
tester, I have performed testing on a regular basis that reveals severe
security weaknesses in several organizations, and many of my peers have
reported on the same. However, once you "own" the network and report on
how you accomplished your goals, now what? Sure, we make defensive
recommendations, but consistently it has been proven that security can
be bypassed. Not enough focus is given to what works defensively. We
have a lot of technology at our disposal: firewalls, intrusion
detection, log correlation, but it provides little protection from
today's threats and is often not implemented effectively. This talk will
focus on taking an offensive look at defense. Applying techniques that
are simple, yet break the mold of traditional defensive measures. We
will explore setting up "traps" for attackers, slowing them down with
simple scripts, using honeypots, planting bugs, and most importantly
tying these methods to "enterprise security". This talk will also
include real-world examples of the techniques in action from a live,
heavily attacked site. Topics will include:
- Using wireless "attacks" on the attackers
- Implementing the Metasploit Decloak engine to find the attackers
- Setting traps to detect web application attacks
- Integrating results into your enterprise log management tool
The goal of this talk is to make defense "sexy"...
Jim Weiler CISSP CSSLP GSSP-Java
Starwood Hotels and Resorts
Sr. Mgr. Information Security Risk Assessment
Office - 781 356 0067
Cell - 781 654 6048
This electronic message transmission contains information from the Company that may be proprietary, confidential and/or privileged.
The information is intended only for the use of the individual(s) or entity named above. If you are not the intended recipient, be
aware that any disclosure, copying or distribution or use of the contents of this information is prohibited. If you have received
this electronic transmission in error, please notify the sender immediately by replying to the address listed in the "From:" field.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-boston