This event has ended

OWASP Tampa Day 2013

OWASP - Tampa Chapter

Monday, August 19, 2013 from 11:30 AM to 5:30 PM (EDT)

Tampa, FL

OWASP Tampa Day 2013

Ticket Information

Type Remaining End     Quantity
General Adminssion 12 Tickets Ended Free  

Share OWASP Tampa Day 2013

Event Details

Jump To

Description

The 3rd annual OWASP Tampa Day will take place on Monday, August 19th at the Firestick Grill within the Tampa Bay Times Forum. This FREE event will feature presentations aimed at providing developers and Information Security professionals with insights into Cloud, Mobile and Application Security. ALL are welcome to attend. Attendees will leave the event with a greater understanding of Cloud, Mobile and Application Security. Additionally, attendees will learn how and when to integrate security principles into their daily processes and procedures.


Schedule

Time Topic Presenter
11:30 to 12:15 Registration & Lunch  
12:15 to 12:30 Welcome & Lunch Justin Morehouse
12:30 to 13:15 Securing your Applications & Data With Web Application Firewalls Dennis K. Uslé
13:15 to 14:00 Design Considerations and Guiding Principles for Implementing Cloud Security Bill Stearns 
14:00 to 14:15 Break  
14:15 to 15:00 BYOS (Bring Your Own Service) Doug Maul 
15:00 to 15:15 Break  
15:15 to 16:00 Let’s Get Right to the Endpoint: Leveraging Endpoint Data to Expose, Validate, Triage, and Remediate Security Breaches  Mel Pless
16:00 to 16:45 Your Scanner is Broken: Vulnerability Management That Works Tony Turner 
16:45 to 17:00 Closing Remarks & Giveaways Justin Morehouse
17:00 to 18:00 Networking Reception Sponsored by RedSeal Networks 

  

Presentation Abstracts

 

Dennis K. Uslé, Director of Security, Radware 

Securing your Applications & Data With Web Application Firewalls

While some web application attack vectors such as SQL injection and XSS are familiar and often discussed, the spectrum of attack vectors is significantly wider. Attackers have become more targeted rather than opportunistic. Their attacks are more sophisticated, potentially Involving : Multiple phases, writing code tailored for target systems, planting Trojan horses, Viruses, physical access, initial penetration through attachments in emails, and more intensive use of Zero Day Vulnerabilities. By analyzing the web application attack trends and statistical information, we will get familiar with the web application security challenges and identify the more relevant requirements for organizations. 

Bill Stearns, Security Analyst, CloudPassage

Design Considerations and Guiding Principles for Implementing Cloud Security

Moving applications from a data center to a cloud environment involves changes in mindset.  Manual system configuration, storage on transient virtual machines, security responsibility conflicts, network limitations, and hosting provider lock-in are all pitfalls to avoid.  This talk covers the core differences and how to handle them. 

Doug Maul, Senior System Engineer, Varonis

BYOS (Bring Your Own Service)

Cloud-based file synchronization services are very popular among end users today, however they represent a great challenge for IT when it comes to protecting corporate data. The IT dilemma: Is there a way to provide cloud-based synchronization services that boost productivity, without sacrificing security and compliance?

A report, put together by Varonis and IDG, reveals the pros and cons of cloud-based file synchronization services and present some surprising facts:

  • 80% of companies at present do not allow cloud-based file synchronization
  • Only 14% of the organizations are satisfied with the controls that cloud-based file sync services have in place
  • 70% of organizations would use cloud-based synchronization if the management tools were as robust as internal tools
  • 51% of the companies are worried about maintaining correct access rights and authorization

Hear how you can leverage your existing file sharing infrastructure to create a private cloud experience, keeping your existing permissions, and give users the ability to sync data with different devices inside or outside your organization securely.

Mel Pless, Sr. Director - Solutions Consulting, Guidance Software

Let’s Get Right to the Endpoint: Leveraging Endpoint Data to Expose, Validate, Triage, and Remediate Security Breaches

The ultimate target of any attacker – laptops, desktops, servers, and the data residing on them—is currently the biggest blind spot for information-security operations and the greatest area of risk. These endpoints are not only hotbeds of valuable data and activity that can provide actionable insights into the hidden security risks threatening your organization’s systems, but also where you need visibility and control the most once a breach is detected. 

Learn how to:

  • Leverage endpoint data for Big Data security analytics, providing security insights into hidden, nascent, or undetected threats
  • Reduce mean time-to-detection, response and recovery via integration with detection technology
  • Prioritize response based on the existence of sensitive information, validation of a detected event, or by exposing additional compromised machines through similar file analysis
  • Quickly and confidently triage and assess the impact of any security incident.

Tony Turner, Senior Security Consultant, GuidePoint Security

Your Scanner is Broken: Vulnerability Management That Works

Vulnerability management (VM) is more than just running Nessus and sending a remediation report to your operations team. VM encompasses a lifecycle of finding, prioritizing and fixing security issues and should be a core operational process. This talk will discuss the ways that security vendors have mislead organizations through clever marketing and provide tips for organizations looking to get more out of their scanner tools to truly reduce operational risk. We will also discuss how some vendors are stepping up to solve the problems, while others still seem blind to the gap in capabilities in the current VM market landscape. Lastly, but perhaps most importantly, we will explore ways that VM programs can be embedded into operations and gain buy-in for remediation efforts. 

Sponsors

 GuidePoint Security

GuidePoint Security provides customized, innovative and valuable information security solutions that enable commercial and federal organizations to more successfully achieve their security and business goals. Visit guidepointsecurity.com for more information.

 

 Guidance Software

Guidance Software is recognized globally as a world leader in Digital Forensics, Cyber Security, and E-Discovery solutions. Our services include incident response, computer forensics, and litigation support, provided by experts with hands-on experience in digital investigation. Each year we also train over 6,000 corporate, law enforcement, and government professionals in digital forensics, e-discovery, security, and incident response.

ISC2

The International Information Systems Security Certification Consortium, Inc., (ISC)²®, is the global, not-for-profit leader in educating and certifying information security professionals throughout their careers. ISC2 are recognized for Gold Standard certifications and world class education programs. They provide vendor-neutral education products, career services, and Gold Standard credentials to professionals in more than 135 countries. ISC2 take pride in their reputation built on trust, integrity, and professionalism. And they're proud of their membership – an elite network of nearly 90,000 certified industry professionals worldwide.

radware

Radware, the global leader in integrated application delivery and application security solutions for business-smart networking, assures the complete availability, performance, and security of business-critical applications for enterprises and carriers worldwide. 

 

Varonis

Today Varonis is the foremost innovator and solution provider of comprehensive, actionable data governance solutions for unstructured and semi-structured data with over 4500 installations spanning leading firms in financial services, government, healthcare, energy, media, education, manufacturing and technology worldwide. Based on patented technology, Varonis' solutions give organizations total visibility and control over their data, ensuring that only the right users have access to the right data at all times.

RedSeal Networks

RedSeal Networks is the leading provider of security risk management solutions that enable businesses and government agencies to visualize their security posture, continuously audit and monitor IT compliance and eliminate cyber threats. Using patented network visualization and predictive threat modeling, the RedSeal Platform helps enterprises better prioritize vulnerability remediation efforts, dramatically cut compliance costs and optimize their security architectures.

 

Venue Details 


CPE Credits

A reminder that you may be able to earn 5 CPE credit hours for attending OWASP Tampa Day 2013. CPE verification information will be provided during the event's Closing Remarks.

Have questions about OWASP Tampa Day 2013? Contact OWASP - Tampa Chapter

When & Where



Firestick Grill @ The Tampa Bay Times Forum
401 Channelside Dr
Tampa, FL 33602

Monday, August 19, 2013 from 11:30 AM to 5:30 PM (EDT)


  Add to my calendar

Organizer

OWASP - Tampa Chapter

The Open Web Application Security Project (OWASP) is an international organization and the OWASP Foundation supports OWASP efforts around the world.

OWASP is an open community dedicated to enabling organizations to conceive, develop, acquire, operate, and maintain applications that can be trusted.

All of the OWASP tools, documents, forums, and chapters are free and open to anyone interested in improving application security.

We advocate approaching application security as a people, process, and technology problem because the most effective approaches to application security include improvements in all of these areas.

You can learn more about OWASP at www.owasp.org or get involved with the Tampa Chapter by visiting www.owasp.org/index.php/Tampa.

  Contact the Organizer

Please log in or sign up

In order to purchase these tickets in installments, you'll need an Eventbrite account. Log in or sign up for a free account to continue.