OWASP Tampa Day 2013
Monday, August 19, 2013 from 11:30 AM to 5:30 PM (EDT)
The 3rd annual OWASP Tampa Day will take place on Monday, August 19th at the Firestick Grill within the Tampa Bay Times Forum. This FREE event will feature presentations aimed at providing developers and Information Security professionals with insights into Cloud, Mobile and Application Security. ALL are welcome to attend. Attendees will leave the event with a greater understanding of Cloud, Mobile and Application Security. Additionally, attendees will learn how and when to integrate security principles into their daily processes and procedures.
|11:30 to 12:15||Registration & Lunch|
|12:15 to 12:30||Welcome & Lunch||Justin Morehouse|
|12:30 to 13:15||Securing your Applications & Data With Web Application Firewalls||Dennis K. Uslé|
|13:15 to 14:00||Design Considerations and Guiding Principles for Implementing Cloud Security||Bill Stearns|
|14:00 to 14:15||Break|
|14:15 to 15:00||BYOS (Bring Your Own Service)||Doug Maul|
|15:00 to 15:15||Break|
|15:15 to 16:00||Let’s Get Right to the Endpoint: Leveraging Endpoint Data to Expose, Validate, Triage, and Remediate Security Breaches||Mel Pless|
|16:00 to 16:45||Your Scanner is Broken: Vulnerability Management That Works||Tony Turner|
|16:45 to 17:00||Closing Remarks & Giveaways||Justin Morehouse|
|17:00 to 18:00||Networking Reception||Sponsored by RedSeal Networks|
Dennis K. Uslé, Director of Security, Radware
Securing your Applications & Data With Web Application Firewalls
While some web application attack vectors such as SQL injection and XSS are familiar and often discussed, the spectrum of attack vectors is significantly wider. Attackers have become more targeted rather than opportunistic. Their attacks are more sophisticated, potentially Involving : Multiple phases, writing code tailored for target systems, planting Trojan horses, Viruses, physical access, initial penetration through attachments in emails, and more intensive use of Zero Day Vulnerabilities. By analyzing the web application attack trends and statistical information, we will get familiar with the web application security challenges and identify the more relevant requirements for organizations.
Bill Stearns, Security Analyst, CloudPassage
Design Considerations and Guiding Principles for Implementing Cloud Security
Moving applications from a data center to a cloud environment involves changes in mindset. Manual system configuration, storage on transient virtual machines, security responsibility conflicts, network limitations, and hosting provider lock-in are all pitfalls to avoid. This talk covers the core differences and how to handle them.
Doug Maul, Senior System Engineer, Varonis
BYOS (Bring Your Own Service)
Cloud-based file synchronization services are very popular among end users today, however they represent a great challenge for IT when it comes to protecting corporate data. The IT dilemma: Is there a way to provide cloud-based synchronization services that boost productivity, without sacrificing security and compliance?
A report, put together by Varonis and IDG, reveals the pros and cons of cloud-based file synchronization services and present some surprising facts:
- 80% of companies at present do not allow cloud-based file synchronization
- Only 14% of the organizations are satisfied with the controls that cloud-based file sync services have in place
- 70% of organizations would use cloud-based synchronization if the management tools were as robust as internal tools
- 51% of the companies are worried about maintaining correct access rights and authorization
Hear how you can leverage your existing file sharing infrastructure to create a private cloud experience, keeping your existing permissions, and give users the ability to sync data with different devices inside or outside your organization securely.
Mel Pless, Sr. Director - Solutions Consulting, Guidance Software
Let’s Get Right to the Endpoint: Leveraging Endpoint Data to Expose, Validate, Triage, and Remediate Security Breaches
The ultimate target of any attacker – laptops, desktops, servers, and the data residing on them—is currently the biggest blind spot for information-security operations and the greatest area of risk. These endpoints are not only hotbeds of valuable data and activity that can provide actionable insights into the hidden security risks threatening your organization’s systems, but also where you need visibility and control the most once a breach is detected.
Learn how to:
- Leverage endpoint data for Big Data security analytics, providing security insights into hidden, nascent, or undetected threats
- Reduce mean time-to-detection, response and recovery via integration with detection technology
- Prioritize response based on the existence of sensitive information, validation of a detected event, or by exposing additional compromised machines through similar file analysis
- Quickly and confidently triage and assess the impact of any security incident.
Tony Turner, Senior Security Consultant, GuidePoint Security
Your Scanner is Broken: Vulnerability Management That Works
Vulnerability management (VM) is more than just running Nessus and sending a remediation report to your operations team. VM encompasses a lifecycle of finding, prioritizing and fixing security issues and should be a core operational process. This talk will discuss the ways that security vendors have mislead organizations through clever marketing and provide tips for organizations looking to get more out of their scanner tools to truly reduce operational risk. We will also discuss how some vendors are stepping up to solve the problems, while others still seem blind to the gap in capabilities in the current VM market landscape. Lastly, but perhaps most importantly, we will explore ways that VM programs can be embedded into operations and gain buy-in for remediation efforts.
GuidePoint Security provides customized, innovative and valuable information security solutions that enable commercial and federal organizations to more successfully achieve their security and business goals. Visit guidepointsecurity.com for more information.
Guidance Software is recognized globally as a world leader in Digital Forensics, Cyber Security, and E-Discovery solutions. Our services include incident response, computer forensics, and litigation support, provided by experts with hands-on experience in digital investigation. Each year we also train over 6,000 corporate, law enforcement, and government professionals in digital forensics, e-discovery, security, and incident response.
The International Information Systems Security Certification Consortium, Inc., (ISC)²®, is the global, not-for-profit leader in educating and certifying information security professionals throughout their careers. ISC2 are recognized for Gold Standard certifications and world class education programs. They provide vendor-neutral education products, career services, and Gold Standard credentials to professionals in more than 135 countries. ISC2 take pride in their reputation built on trust, integrity, and professionalism. And they're proud of their membership – an elite network of nearly 90,000 certified industry professionals worldwide.
Radware, the global leader in integrated application delivery and application security solutions for business-smart networking, assures the complete availability, performance, and security of business-critical applications for enterprises and carriers worldwide.
Today Varonis is the foremost innovator and solution provider of comprehensive, actionable data governance solutions for unstructured and semi-structured data with over 4500 installations spanning leading firms in financial services, government, healthcare, energy, media, education, manufacturing and technology worldwide. Based on patented technology, Varonis' solutions give organizations total visibility and control over their data, ensuring that only the right users have access to the right data at all times.
RedSeal Networks is the leading provider of security risk management solutions that enable businesses and government agencies to visualize their security posture, continuously audit and monitor IT compliance and eliminate cyber threats. Using patented network visualization and predictive threat modeling, the RedSeal Platform helps enterprises better prioritize vulnerability remediation efforts, dramatically cut compliance costs and optimize their security architectures.
- Firestick Grill @ The Tampa Bay Times Forum, 401 Channelside Drive, Tampa, FL 33602
- Parking available in the West Lot for $10 per vehicle and the East Lot for $5 per vehicle. Click here for a map of the available parking options.
A reminder that you may be able to earn 5 CPE credit hours for attending OWASP Tampa Day 2013. CPE verification information will be provided during the event's Closing Remarks.
When & Where
OWASP - Tampa Chapter
The Open Web Application Security Project (OWASP) is an international organization and the OWASP Foundation supports OWASP efforts around the world.
OWASP is an open community dedicated to enabling organizations to conceive, develop, acquire, operate, and maintain applications that can be trusted.
All of the OWASP tools, documents, forums, and chapters are free and open to anyone interested in improving application security.
We advocate approaching application security as a people, process, and technology problem because the most effective approaches to application security include improvements in all of these areas.