Atlanta Member Meeting 12.15.11

From OWASP
Revision as of 11:24, 28 December 2011 by Shauvik (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

December 2011 Meeting

WHAT:: December Chapter Meeting - 'Preventing Data Breaches using Provenance-aware Firewalls'

WHEN:: 15th of December 2011. 6-8pm

WHERE:: Cumberland Pkwy Tilted Kilt http://atlanta-cumberland.tiltedkilt.com/

WHO:: Anirudh Ramachandran is a networks and systems security researcher at Georgia Tech and the founder and CTO of Nouvou Inc., a nascent data security startup. He has 6 years of experience developing solutions in areas such as data breach prevention, high speed traffic monitoring, network-level spam filtering, and botnet identification. He graduated with a PhD in Computer Science from Georgia Tech in 2011. http://www.cc.gatech.edu/~avr

ABSTRACT:: Data breaches through Web application vulnerabilities have become particularly rampant. Point solutions -- for example, a Web Application Firewall that scans requests destined to the Web app -- can only stop a limited number of attack patterns, and do not provide any protection from a breach once a vulnerability is eventually exploited. We have developed a complementary approach to prevent breaches based on the idea that, if sensitive data is tracked closely enough, a breach can be prevented without worrying about the Web application vulnerability that led to the breach.

In this talk, I will present the architecture of SilverLine (associates tamper-proof tags with database records and files, and uses an OS-level module to track the flow of tagged data through the various components of a Web application) and describe how we integrated SilverLine with a popular open source e-Commerce Web application, OSCommerce.

COST: Free to all. Bring a Friend. However, please look to join our chapter. Only $50. No pressure, but greatly appreciate. Non-profit and good cause.