End-to-end encrypted message exchange for CRDT-based real-time syncing app? Yep. DRM-like protection with application-level encryption using HPKE-like approach for protecting ML models? Yes. End-to-end encryption flow for the NoCode platform? Sure. When data is properly encrypted, it can’t be suddenly, unnoticeably decrypted. Anastasiia maintains open-source cryptographic library Themis, conducts secure software development training, often speaks at international conferences, co-organizes cyber-security events and leads security chapter at WomenWhoCode Kyiv.Ībstract:We will discuss how companies use cryptography as an ultimate security control for data. She shares a lot about "boring cryptography", end-to-end encryption, data security, zero knowledge / zero trust systems, software security architecture. Anastasiia builds security tools for protecting data during the whole lifecycle (encrypt everything!). Head of customer solutions, security software engineer at Cossack Labs. We will be helping developers stop forgery on the web in this talk! Clickjacking is a way to trick users into taking action and entering data into one site while another is collecting those events. SSFF is a direct attacker category meant to trick your servers into making additional requests than never intended to. We will discuss various historical CSRF attacks and investigate a wide range of defensive strategies such as nonce tokens, SameSite cookies, and the double-cookie submit pattern. This attack type requires very specialized defense. Cross-Site Request Forgery, or CSRF, will allow an attacker to trick a user into submitting a transaction they never intended to. Talk: Request Forgery on the Web - SSRF, CSRF and ClickjackingĪbstract:This technical talk on various forms of request forgery is for the software developer who needs to build secure web applications. Jim also volunteers for the OWASP foundation as the project lead for the OWASP Application Security Verification Standard and the OWASP Cheatsheet Series. Jim is a frequent speaker on secure software practices, is a member of the Java Champion community, and is the author of 'Iron-Clad Java: Building Secure Web Applications' from Oracle Press. He is also an investor/advisor for Nucleus Security, BitDiscovery, Secure Circle, KSOC and Inspectiv. Jim Manico is the founder of Manicode Security where he trains software developers on secure coding and security engineering. This talk dives into the socially constructed beliefs that the world has towards hackers and how increasing public awareness is needed to change their mindset to update out-of-date legislation. In return, 1 out of 4 hackers don't submit vulnerabilities due to the ongoing fear of prosecution. Current legislation has destroyed many lives of hackers who did not exploit and stayed within scope. In return, we face prosecution when doing our job and trying to keep the world safe from attackers. Outside of her work, she is the co-founder of Hacking is NOT a Crime and We Open Tech.Ībstract:Hackers have been mislabeled and treated as criminals due to socially constructed beliefs that have been pushed out by the public. Additionally, she is one of the Business Insider’s 50 Power Players. She is an international keynote speaker at major information security and tech conferences and events, and serves as a trusted source to reporters and editors, such as Forbes and Business Insider. hear some highlights and some lowlights from the journey, and more importantly, what can we expect over the next 25 years? Where is appsec going? What new frontiers will we get to secure? What problems will still be with us?Ĭhloé Messdaghi is an award-winning changemaker who is innovating tech and information security sectors to meet today and future demands by providing solutions that empower organizations, products, and people to stand out from the crowd. 15 years ago he joined the Microsoft SDL team. Talk: 25 Years in AppSec - Looking Back, Looking ForwardĪbstract:25 years ago, Adam was working at a bank doing source code security reviews, and got permission to release their internal security guidelines. Adam is the author of Threat Modeling - Designing for Security, and the co-author of The New School of Information Security. While at Microsoft, he drove the Autorun fix into Windows Update, was the lead designer of the SDL Threat Modeling Tool v3 and created the 'Elevation of Privilege' game. He currently helps many organizations improve their security via Shostack & Associates, and helps startups become great businesses as an advisor and mentor. He's a member of the BlackHat Review Board, and helped create the CVE and many other things. Adam is a leading expert on threat modeling, and a consultant, entrepreneur, technologist, author and game designer.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |