No subject


Wed Nov 1 13:33:48 EST 2006


Software
Presenter:  Barmak Meftah

Abstract: This presentation focuses on turning abstract software security=20
theories into practical steps that you can use to develop and deploy=20
measurably more secure software. The key to solving the software security=20
problem is getting started. Away from broad process re-engineering and=20
silver-bullet technologies, the session focuses on practical actions that=20
every organization can take today. The steps are based on real-world=20
examples and cover the development process from upfront risk assessment to =

post-deployment. Artifacts of the steps, including checklists and software =

security metrics will be reviewed and discussed.
=20
Title: Application Defense ? Software That  Fights Back=20
Presenter: Barmak Meftah

Abstract:  In the last decade, the majority of security breaches occurred=20
when networks were broken into directly. Today, however, most security=20
threats and exploits derive from hackers maliciously manipulating software =

applications, without ever breaching perimeter network defenses.  The=20
reality is that software applications have changed little to address these =

new software-based attack strategies.  This presentation explores a new=20
and rich field: software application forensics and countermeasures. By=20
using real-world examples, this session will define and demonstrate=20
technical topics like attack surface, pattern recognition, tracers and=20
method guards. The audience will leave with an understanding of=20
cutting-edge techniques for strengthening software code and preparing for=20
business discussions about liability and post-intrusion investigation.=20
This session will also investigate common preventative and forensic tools=20
such as intrusion detection systems and application firewalls.

**********************************
Eoin Keary CISSP
Senior Consultant
Rits Information Security
2052  Castle  Drive
Citywest Business Campus
Co. Dublin

Tel:  353 (01) 642 0500
Fax: 353 (01) 466 0468
Email: eoin.keary at ritsgroup.com
Web: www.ritsgroup.com
**********************************
This email contains information which may be confidential or privileged.=20
The information is intended solely for the use of the individual or entity =

named above.  If you are not the intended recipient, be aware that any=20
disclosure, copying, distribution or use of the contents of this=20
information is prohibited.  If you have received this electronic=20
transmission in error, please notify me by telephone or by electronic mail =

immediately. Any opinions expressed are those of the author, not Rits.=20
This email does not constitute either offer or acceptance of any=20
contractually binding agreement. Such offer or acceptance must be=20
communicated in writing.=20
--=_alternative 0039D92680257133_=
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable


<br><font size=3D2 face=3D"sans-serif">Hello,</font>
<br><font size=3D2 face=3D"sans-serif">The details for the Meeting on Monda=
y &nbsp;are as follows:</font>
<br>
<br><font size=3D2 face=3D"sans-serif"><b>20th March.</b></font>
<br><font size=3D2 face=3D"sans-serif"><b>7:00pm AIB BankCentre, Ballsbridg=
e, Dublin 4.</b></font>
<br>
<br>
<br>
<br>
<br>
<br><font size=3D2 face=3D"sans-serif">This meeting is special as our guest=
 presenter is one of the vice presidents of Fortify Software:</font>
<br>
<br><font size=3D2 face=3D"sans-serif">http://www.fortifysoftware.com/</fon=
t>
<br>
<br>
<br><font size=3D2 face=3D"Tahoma"><b>Barmak Meftah, Vice President, Engine=
ering and Operations</b></font>
<br><font size=3D2 face=3D"Tahoma">&nbsp;</font>
<br><font size=3D2 face=3D"Tahoma">Barmak has over 15 years experience in e=
nterprise software development and product management with acknowledged ind=
ustry leaders. He joined Fortify from Sychron where as Vice President of En=
gineering and Product Management he was responsible for the product strateg=
y, development, and release of one of the pioneering products in the area o=
f grid computing on massively scalable clusters. In addition, he spent 7 ye=
ars at Oracle overseeing the delivery of the Oracle database for the Window=
s server family. He has also served as Managing Principal Consultant at Pri=
ce Waterhouse LLC and Group Manager and Technical Lead with Wells Fargo Ban=
k.</font>
<br>
<br>
<br><font size=3D3 face=3D"Tahoma"><b>From Theory to Reality: Seven Practic=
al Steps to Delivering More Secure Software</b></font>
<br><font size=3D3 face=3D"Tahoma"><b>Presenter: &nbsp;Barmak Meftah</b></f=
ont>
<br><font size=3D2 face=3D"Tahoma"><br>
Abstract: This presentation focuses on turning abstract software security t=
heories into practical steps that you can use to develop and deploy measura=
bly more secure software. The key to solving the software security problem =
is getting started. Away from broad process re-engineering and silver-bulle=
t technologies, the session focuses on practical actions that every organiz=
ation can take today. The steps are based on real-world examples and cover =
the development process from upfront risk assessment to post-deployment. Ar=
tifacts of the steps, including checklists and software security metrics wi=
ll be reviewed and discussed.</font>
<br><font size=3D2 face=3D"Tahoma">&nbsp;</font>
<br><font size=3D3 face=3D"Tahoma"><b>Title: Application Defense &#8211; So=
ftware That &nbsp;Fights Back <br>
Presenter: Barmak Meftah</b></font>
<br><font size=3D2 face=3D"Arial"><br>
Abstract: &nbsp;In the last decade, the majority of security breaches occur=
red when networks were broken into directly. Today, however, most security =
threats and exploits derive from hackers maliciously manipulating software =
applications, without ever breaching perimeter network defenses. &nbsp;The =
reality is that software applications have changed little to address these =
new software-based attack strategies. &nbsp;This presentation explores a ne=
w and rich field: software application forensics and countermeasures. By us=
ing real-world examples, this session will define and demonstrate technical=
 topics like attack surface, pattern recognition, tracers and method guards=
. The audience will leave with an understanding of cutting-edge techniques =
for strengthening software code and preparing for business discussions abou=
t liability and post-intrusion investigation. &nbsp;This session will also =
investigate common preventative and forensic tools such as intrusion detect=
ion systems and application firewalls.</font>
<br>
<br><font size=3D2 face=3D"sans-serif">**********************************<b=
r>
Eoin Keary CISSP<br>
Senior Consultant<br>
Rits Information Security<br>
2052 &nbsp;Castle &nbsp;Drive<br>
Citywest Business Campus<br>
Co. Dublin<br>
<br>
Tel: &nbsp;353 (01) 642 0500<br>
Fax: 353 (01) 466 0468<br>
Email: eoin.keary at ritsgroup.com<br>
Web: www.ritsgroup.com<br>
**********************************<br>
This email contains information which may be confidential or privileged. Th=
e information is intended solely for the use of the individual or entity na=
med above. &nbsp;If you are not the intended recipient, be aware that any d=
isclosure, copying, distribution or use of the contents of this information=
 is prohibited. &nbsp;If you have received this electronic transmission in =
error, please notify me by telephone or by electronic mail immediately. Any=
 opinions expressed are those of the author, not Rits. This email does not =
constitute either offer or acceptance of any contractually binding agreemen=
t. Such offer or acceptance must be communicated in writing. </font>
--=_alternative 0039D92680257133_=--




More information about the Owasp-ireland mailing list