OWASP Ottawa November 2018 Meetup
Aujourd'hui, 15 nov. à 23:00
Hello Ottawa OWASPers! Here is our schedule for our November 2018 Meetup 5:00 Networking and Pizza 6:00 PM: Technical Talks
Alex deVries: Spectre/Meltdown and their Hype Trifecta
David Jackson: You are Certifiable
Paul Ionescu: Security Code Review 101 Details:
Title: Spectre/Meltdown and their Hype Trifecta
The Spectre and Meltdown group of CPU vulnerabilities were big news in early 2018, but were they worth the hype? This talk goes explains weaknesses related to speculative execution side channel attacks. We first introduce basic CPU features you might not know, then go through an example and how it might be exploited. We go through the possible mitigations and their complexity. Bio:
Alex deVries is a security architect at Wind River Systems, and is their Security Incident Response Team (SIRT) lead. He has a background in Linux and embedded operating systems. Title: You are Certifiable
Abstract: InfoSec certifications are a popular way to show your skills but it's hard to know which ones might be right for you. I'll talk about the pros and cons of doing certifications, show some stats about certifications in the job market, my experience of doing the CISSP and which one I might do next. You are certifiable too. Bio:
David Jackson is a developer who has worked on ASP.NET web apps for more than 10 years and I'm working on moving into the AppSec field. Title: Security Code Review 101
Abstract: Code review is, hopefully, part of regular development practices for any organization. Adding security elements to code review can be the most effective measure in preventing vulnerabilities, very early in the development lifecycle, even before the first commit. This is an interactive presentation which will contain the basic elements to get you started. The audience will help review more than a dozen software examples in order to figure out the good from the ugly. The software examples are based on OWASP Top 10 and SANS Top 25 favourites such as Injection, Memory Flaws, Sensitive Data Exposure, Cross-Site Scripting and Broken Access Control. Paul Ionescu is a Security Architect and OWASP Ottawa Chapter Co-Leader. Over the past decade, Paul has worked in various areas of application security. He was a developer of application security testing tools, performed ethical hacking, lead a team of pen-testers, conducted security research, authored security articles and was involved in building an application security program for a large enterprise. Nowadays Paul is focusing on integrating all areas of security into a dynamic DevOps SDLC while ensuring compliance with industry and government standards. Paul is also a creator and maintainer of an open source training platform: the Secure Coding Dojo.
Nous avons temporairement désactivé la possibilité de naviguer vers les tags.