[Owasp-boston] OWASP RI: Tuesday, Aug 18 - Access in Maliceland
patrick.laverty at owasp.org
Mon Aug 17 12:26:24 UTC 2015
Just a reminder that the next OWASP RI meeting is TOMORROW NIGHT! We are
having it on Tuesday night this month. So if you RSVP'd, we'll see you
there tomorrow night, and if you didn't RSVP either by replying to this
email or on our meet up site, well what are you waiting for? See you then!
On Tue, Aug 4, 2015 at 10:39 AM, Patrick Laverty <patrick.laverty at owasp.org>
> Hi Everyone,
> Just wanted to let you know that in two weeks, we will have the honor of
> hosting Gunnar Peterson to talk about access control security. The
> description and his bio are below.
> The meeting will be at Swipely's offices, 10 Dorrance Street in
> Providence, 6:30 pm. I hope you all can attend. Please either reply to this
> email or use the RSVP on our meet up page here:
> We are always open for new speakers or suggested topics. We don't
> currently have any other future talks lined up, so now is the time to send
> over either offers to present or topic ideas.
> Thank you!
> Access in Maliceland
> John Lambert observed attackers win because while defenders think in
> lists, attackers think in graphs. Access control systems divide the system
> a priori into secure and insecure states. But that’s only worth the paper
> its printed on. A Attackers see the system as it is, for attackers, the
> access control scheme is the beginning of the game not the end. Determined
> attackers seek out access control models and then find holes that they can
> leverage. Access control systems that purport to protect the system are
> built on assumptions from which reality diverges. Application security
> needs a new approach to access control- adding feedback loops for risk
> based decisions, fine-grained, dynamic access control.
> Security is a business with a very long list of issues and requirements.
> The spreadsheets are miles long. This makes it essential to find reusable
> solution patterns that can address multiple problems.This presentation
> looks at both medium term improvements and code examples to improve access
> control decisions and overall security today
> About the Speaker
> Gunnar Peterson (@oneraindrop) focuses on security architecture consulting
> and training. Experience includes Associate Editor for IEEE Security &
> Privacy Journal, a Microsoft MVP for App security, an IANS Research Faculty
> member, a Securosis Contributing Analyst, and a Visiting Scientist at
> Carnegie Mellon Software Engineering Institute. He maintains a popular
> information security blog at http://1raindrop.typepad.com.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-boston