Topic: Web Hacking ExposedWeb Hacking 101:
What it means for your SDLC and protecting yourself as a consumer.
Web attacks are in the news a lot these days. Hitting every vertical from LinkedIn to Sony to OPM to Home Depot and Target, and finally you as a personal consumer. This presentation is aimed at providing an overview of software security, and why it's different from and just as important as network and OS-level security. The presentation will conclude with a consumer minded discussion on protecting yourself and family from web threats.
An overview interspersed with technical demonstrations will explain in layman's terms what the application level threat vectors facing your enterprise are. As a guide for the discussion we'll use the Open Web-App Security Project (OWASP) Top Ten list.
Short, technical demonstrations will be given using WebGoat, a honeypot web application, and WebScarab, a web hacker's tool used to intercept and tweak web traffic.
The presentation will conclude with a discussion on personal web security hygiene. How do you manage so many passwords for your dozens of web accounts; What is ransomware and how to avoid it; And, why are people so worried about security in the cloud?
Speaker: Ed Tracy
Edward Tracy is a CISSP whose career has focused on the problem of application security, primarily with web applications. His career has spanned NSA, Booz Allen, co-founding Aspect Security, a MD based software security company, and is presently founder and CEO of Planet Security, Inc.
Edward's career credits include dozens of software-level penetration tests, code reviews, teaching software security, and consulting on security in the SDLC. Publishing credits include technical editor for Hacking Exposed, Web Applications 2nd Ed. and editor for the initial SANS's Secure Java Programming certification.
CPE Value: 2CPEs