Los Angeles/2014 Meetings
---March 2014, Symantec Offices, Culver City
---Feburary 19, 2014, Symantec Offices, Culver City
Building a shield of security - Vulnerability Management by the numbers and dumb robots
This presentation discusses how builders, breakers and defenders should look at vulnerability management when attempting to keep hackers at bay?? We shall discuss the most common vulnerabilities which are not detected by security tools nor automation but nevertheless are common and can be used to commit real fraud resulting in financial loss. We will look at some real world examples from the trenches, discuss business logic and authorisation testing, how we approach these and why automation does not work to detect such critical issues. We will see that Web Application Firewalls are ineffective against such attacks and why the only practical solution is to apply a layered approach across the SDLC and by focusing on the application as a logical state machine.
Speaker: Rahim Jina - BCC Risk Advisory
Rahim has been an active member of OWASP since 2008 and has contributed to many projects such as the OWASP Security Code Review Guide and is an ex-board member of the Irish Chapter. Previously Rahim was a senior security consultant at a ?big 4? professional services firm and more recently, the head of security for Fonality Inc, a VoIP service provider based in Los Angeles. Rahim is currently a director for BCC Risk Advisory (bccriskadvisory.com), based in Dublin, Ireland. He is also responsible for the security architecture of the edgescan.com vulnerability management solution.
---January 2014, Symantec Offices, Culver City