July 2016: Web Hacking Exposed (Ed Tracy)

  • 07/21/2016
  • 6:30 PM - 8:30 PM
  • Laurel Volunteer Fire Department 7411 Cherry Ln, Laurel, MD 20707

Registration


Registration is closed

Topic: Web Hacking Exposed

Web Hacking 101:
What it means for your SDLC and protecting yourself as a consumer.

ABSTRACT:

Web attacks are in the news a lot these days. Hitting every vertical from LinkedIn to Sony to OPM to Home Depot and Target, and finally you as a personal consumer. This presentation is aimed at providing an overview of software security, and why it's different from and just as important as network and OS-level security. The presentation will conclude with a consumer minded discussion on protecting yourself and family from web threats. 

An overview interspersed with technical demonstrations will explain in layman's terms what the application level threat vectors facing your enterprise are. As a guide for the discussion we'll use the Open Web-App Security Project (OWASP) Top Ten list.

Short, technical demonstrations will be given using WebGoat, a honeypot web application, and WebScarab, a web hacker's tool used to intercept and tweak web traffic.

The presentation will conclude with a discussion on personal web security hygiene. How do you manage so many passwords for your dozens of web accounts;  What is ransomware and how to avoid it;  And, why are people so worried about security in the cloud? 

Speaker: Ed Tracy

BIO:

Edward Tracy is a CISSP whose career has focused on the problem of application security, primarily with web applications. His career has spanned NSA, Booz Allen, co-founding Aspect Security, a MD based software security company, and is presently founder and CEO of Planet Security, Inc.

Edward's career credits include dozens of software-level penetration tests, code reviews, teaching software security, and consulting on security in the SDLC. Publishing credits include technical editor for Hacking Exposed, Web Applications 2nd Ed. and editor for the initial SANS's Secure Java Programming certification.

CPE Value:   2CPEs

 Copyright 2017, International Information Systems Security Certification Consortium, Inc. (ISC)² , in website format and trade dress only. All Rights Reserved.
(ISC)², CISSP, SSCP, CCSP, CAP, CSSLP, HCISPP, CCFP, CISSP-ISSAP, CISSP-ISSEP, CISSP-ISSMP and CBK are registered certification marks of (ISC)², Inc.
Disclaimer: (ISC)² does not own, operate, or moderate this website.  All content of this site, exclusive of licensed trademarks or copyright, is the property of the designated (ISC)² Chapter organization, which is not owned, managed, or controlled by (ISC)² and operates independent of (ISC)².
 
(ISC)² Baltimore Chapter
2657-G Annapolis Road, #472, Hanover, MD 21076-1262
Powered by Wild Apricot Membership Software