[Owasp-SFL] Wednesday, June 27, 2012 - 6:00pm - South Florida OWASP Meeting - Two great talks and networking after
South Florida OWASP
sfl.owasp at gmail.com
Mon Jun 25 03:26:14 UTC 2012
*Wednesday, June 27, 2012 - 6:00pm - South Florida OWASP Meeting - Two
great talks and networking after*
Join us for our June meeting where we will have two great talks. Please
note that the scheduled talks are for 30 minutes each with a small break in
between. We will have a networking event after as usual.
Talk 1: Bad implementation in PBKDF2 *
PBKDF2 is a popular way to generate long encryption keys from
human-memorable passwords and passphrases. Used properly, it can keep
encrypted sensitive data safe from attackers long enough for its ultimate
compromise to be almost moot (assuming the attacker doesn't lose interest
and give up first). Used badly, in conjunction with poorly-implemented AES
encryption, it will protect sensitive data for approximately 5 minutes
against an attacker with a 2 year old laptop and a list of compromised
real-world passwords obtained from popular websites.
Jeff Skubick is a security analyst with more than a decade of professional
experience developing mobile and web applications for companies like
Verizon, and a lifetime of recreational hacking that extends far enough
back into childhood to remember what happens when you JSR to $FFD2. His
second language was 6502 assembly. As a teenager, he doubled his Amiga’s
RAM by soldering piggybacked chips onto the motherboard, then spent 10
minutes on the phone with Dave Haynie learning what a "slow PAL" was. In
his spare time, he invalidates warranties, builds robots, and takes
liberties with local building codes in the name of home automation. He will
never, *ever* make the mistake of buying another Motorola Android phone
with a locked bootloader.
*Talk 2: Mobile Framework vulnerabilities*
Mobile frameworks are being used for cross-platform development and to ease
development efforts in producing applications for iOS/Android/Blackberry
devices. In this talk we observe bad development practices and expose some
issues found in open source frameworks, notably Apache Cordova (previously
known as "PhoneGap").
Claudio J. Lacayo causes 500 response errors in web applications and is
currently evangelizing the use of native code over frameworks.
*Please vote on our new poll and let us know what future topics you would
like to see presented at our meetings this year :
NOVA SOUTHEASTERN UNIVERSITY
Carl DeSantis Building, Main Davie Campus
3301 College Ave Fort Lauderdale, FL 33314-7796
Phone: 800-541-NOVA (6682)
FREE CPE CREDITS! Did you know you earn 2 CPE credits for attending an
OWASP Meeting? It's true! Join us to feed your certs.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-florida