What Could Hurt: How Framework and Library Dependence is Weakening our Development
by: Kevin Johnson, Secure Ideas, 45 min
Kevin will discuss how security works, why we do the things we do and where platforms and libraries can be both good and bad. This will be done through a series of real world examples directly from his testing and assessment of modern applications and the SDLC.
Intrusion Detection Systems
by: Pradeep Gowda, Proofpoint, Inc
Beginner, 30 min
A large chunk of sophisticated cyber attacks still happen behind secured firewalls. Having a firewall is not longer sufficient to prevent attacks on your infrastructure, data and business. Having an Intrusion Detection System monitor incoming and outgoing traffic is highly critical to a sophisticated security posture. In this session, we will learn:
• Why we need Intrusion detection systems
• How do they work
• How to make IDS part of your overall security posture
• Open source intrusion detection systems
Hacking with Python -- Automation During Penetration Testing
by: Nat Shere, Rook Security
Beginner/Intermediate, 30 min
Penetration tests simulate real-world hackers to perform security testing against applications and services. Python often plays an integral role in automating some of this testing, both for the security professional and for the hacker. Through real-world examples and stories, we will explore the function that Python and automation play in penetration tests, and in hacking in general. Examples will include, but are not limited to:
• Brute forcing custom developed login pages
• Automating open source reconnaissance to identify users' passwords
• Automating SQL injection attacks for full database access
• Creating a worm to hijack social media accounts
• Using Social Engineering to execute Python-based malware on users' computers
Keeping Secrets Secret
by: Randy Syring
30 minutes
Understanding Legal and Regulatory Issues in Information Security in a Global Context
by: Naomi Asfaw, Miz - Hasab Research Center
Beginner, 40 min
• The value of your data in the United States vs European Union
• How cross-border data flow could affect small businesses
• Obstacles that prevents public-private sector collaboration on cybersecurity issues
• Global challenges on standards, regulation and enforcement
• Project 2020 and other global agencies that are addressing cybersecurity issues
Python Cryptography - Keeping Secrets from the NSA
by: James Alexander, Leaf Software Solutions
Intermediate, 45 min
How to manage secret data, and store it securely:
• The differences between Hashes and Encrypted Fields
• How to properly store Passwords
• Characteristics of Encrypted data
• An explanation of several encryption algorithms
• Example implementations of all of the above in Python
Log Analysis for Security and Development
by: Michael Taylor, Rook Security
Intermediate to Expert, 1 hour
The creation and consumption of application logs can yield significant insights into the security posture and performance of your systems. Beginning with the design of a logging standard and ending with anomaly detection we will be discussion how modern security incident and event management (SIEM) tools analyze data. Additionally we will discuss how to mine that data using Python to generate alerts, create reactive decision paths, and identify underlying security concerns.
8:30 - 9:00 Registration & networking
9:00 - 9:15 - Announcements & Logistics
9:15 - 10:00 - Kevin Johnson
10:00 - 10:15: Break
10:15 - 10:45: Pradeep Gowda
10:45 - 11:00: Break
11:00 - 11:30: Nat Shere
11:30 - 12:30: Lunch (included)/ RetroPi gaming
12:30 - 1:00: Lightning Talks
1:00 - 1:30: Randy Syring
1:30 - 1:45: Break
1:45 - 2:30: Naomi Asfaw
2:30 - 2:45: Coffee Break
2:45 - 3:30: James Alexander
3:30 - 3:45: Break
3:45 - 4:45: Michael Taylor
4:45 - 5:00: Closing statements/Door Prize Drawing
5:00 - 6:00: Happy Hour