OWASP Houston August Mini-Con

Please join us on August 15th for the third installment of OWASP Houston's 2013 Mini-Con series. Seating and drinks are reserved for guests that have signed up through eventbrite. If there are no tickets available, a wait list will for a seat will be opened. If you do not have a ticket and would like to come, please come to the event early. Limited standing room will be available.

Reception begins at 6:00PM. Our speakers at this event included Georgia Weidman and Clint Pollack. Clint will open the evening at 7:00PM. Georgia will end the evening with a presentation begining at 8:00PM.

To find out about future events, sign up for our meetup group.

Georgia Weidman will present:

Can You Hear Me Now? Leveraging Mobile Devices on Pentests BYOD is not a new concept. From contractor laptops to an employee’s game console in the break room, a compromised device in the corporate environment can lead to all sorts of bad things. In this talk we will look at the unique threats that BYOD for mobile devices brings to the table. The most security conscious corporations are deploying the latest devices and policies to stop attackers from breaching the perimeter and if they do to stop data exfiltration. We will discuss how mobile devices on a corporate network and/or handling company data undermines these efforts. We will look at multiple mobile platforms gathering sensitive information, attacking other devices such as other mobile devices, servers, and workstations, and using out of band communication to perform data exfiltration and communicate with internal devices. Multiple live demo scenarios will be shown and some useful code for pentesters will be released.

Speaker Bio:

Georgia has worked in information security in both the public and private sectors. She recently founded her own security firm, Bulb Security LLC focusing on security training, research and development, and penetration testing. She began speaking at security conferences at Shmoocon 2011 and has had a full schedule ever since, presenting all over the world. To name a few she has spoken at Security Zone, Takedowncon, Hacker Halted, Defcon Wireless Village, and many Bsides events.

Georgia was recently awarded a DARPA Cyber Fast Track grant to continue her smartphone security research. Georgia’s security work has been featured in print articles including Ars Technica, PC World, and MIT Technology Review. She’s also discussed security on television on programs such as Fox News Live and 16×9 on Global TV Canada.

Clint Pollack will present:

Tips for Building a Successful Application Security Program
Application vulnerabilities are steeply on the rise. At $350 billion per year software is the largest manufacturing industry in the world yet there are no uniform standards or insight into security, risk or liability of the final product. The development environment is becoming increasingly complex – application origin ranges from internally developed code, outsourced, 3rd party, Open Source, and Commercial Off the Shelf software. Ensuring these entities are creating secure software is becoming a daunting task. Lots of emphasis is placed on IT controls, patching, etc, but the new attack vector is your applications. During this presentation we will recap the state of software security today and discuss detailed actions you can take to build a successful application security program that is centralized, policy-driven, and comprehensive.

Speaker Bio:

Clint Pollock is a Senior Solutions Architect at Veracode. Since 1997, he has also created security solutions for large-scale enterprise environments on behalf of CREDANT Technologies and Netegrity. In his current role, Clint helps globally distributed organizations evaluate, track, and mitigate their application security risk. Clint’s greatest strengths are his enthusiasm, experience and determination to help customers succeed in maintaining secure, compliant systems, and avoid the consequences and bad headlines that come with application security breaches.

FAQs

What are my parking options ?

Parking is freely available in the garage behind the hotel. We will be validating parking at registration. This benefit applies to everyone that attends the event regardless of your ticket holding status.

Do I have to bring my printed ticket to the event?

You don't have to bring your ticket, but it might help speed up things. We can verify the name you register with.

The name on the registration/ticket doesn't match the attendee. Is that okay?

If you can't make it and want to print your ticket for a friend that can, that's fine.