Los Angeles/2014 Meetings
---April 2014, Symantec Offices, Culver City
---March 26, 2014, Symantec Offices, Culver City
Monitoring and protecting Windows Web Servers with OMENS
OMENS is a utility that monitors and protects Windows web servers from attackers. It is a practical system designed by someone directly responsible for defending high value public facing web servers. In this talk D0n Quix0te will discuss why he took the unique approaches that OMENS uses. He will also demo installing and using this relatively simple but effective piece of free software.
Speaker: D0n Quix0te is the author and creator of OMENS.
D0n Quix0te is the author and creator of OMENS. He has more than 25 years of experience in architecting, installing, maintaining, and defending high value targets. Currently he is an Incident Response Analyst for a Fortune 500 entertainment company. Prior to that he spent more than 20 years architecting and securing systems for NASA and Lockheed.
---February 19, 2014, Symantec Offices, Culver City
Building a shield of security - Vulnerability Management by the numbers and dumb robots
This presentation discusses how builders, breakers and defenders should look at vulnerability management when attempting to keep hackers at bay?? We shall discuss the most common vulnerabilities which are not detected by security tools nor automation but nevertheless are common and can be used to commit real fraud resulting in financial loss. We will look at some real world examples from the trenches, discuss business logic and authorisation testing, how we approach these and why automation does not work to detect such critical issues. We will see that Web Application Firewalls are ineffective against such attacks and why the only practical solution is to apply a layered approach across the SDLC and by focusing on the application as a logical state machine.
Speaker: Rahim Jina - BCC Risk Advisory
Rahim has been an active member of OWASP since 2008 and has contributed to many projects such as the OWASP Security Code Review Guide and is an ex-board member of the Irish Chapter. Previously Rahim was a senior security consultant at a ?big 4? professional services firm and more recently, the head of security for Fonality Inc, a VoIP service provider based in Los Angeles. Rahim is currently a director for BCC Risk Advisory (bccriskadvisory.com), based in Dublin, Ireland. He is also responsible for the security architecture of the edgescan.com vulnerability management solution.
---January 2014, Symantec Offices, Culver City