Getting Value out of a Pentest, WAF Optimization and Beer Brewing 101!
Details
Agenda:
6:00-6:30pm - Gather and mingle
(Food & Beverages provided courtesy of sponsor)
6:30-7:15pm - Getting Value out of an Application Pentest
7:15-7:35pm - I can has beer? (Home brewing 101)
10'ish minute break
7:45-8:30pm - WAF Optimization and Best Practices
Title: Getting Value Out Of An Application Pentest
Speaker: Patrick Thomas
Abstract: I do lots of application pentests, and it really sucks when I see clients who don't get value out of them. The hope of this talk is to share some useful observations about the types of companies, teams, and software that are aligned to actually get value out of pentests, versus those that are throwing money at a problem without being ready to get meaningful results. I'll also share a concrete list of pre- and post- activities to help make sure your organization is one getting the best bang for your buck in app pens.
Bio: Patrick Thomas a recovering software developer turned penetration tester. As a practice lead with the Cisco Security Services group, his focus areas are web application security and secure development. He has previously spoken at Black Hat, DEFCON, SecTor, AppSec Cali, TROOPERS, and others.
Turbo Talk:
Title: I can has beer?
Speaker: Dan Nellessen
Abstract: No, I will not be handing out free beer. This is an introduction to the fabulous hobby of homebrewing. If you like craft beer and have always wanted to try your hand at making it, this is a great overview on how to get started. I'll quickly step through the process and go over the equipment you'll need. Why buy beer, when you can make it...at home...in your bathrobe? Who am I kidding? I still buy beer.
Bio: My friends call me a beer snob because I brew and only drink "fancy" beers. At least they don't think I'm an alcoholic. I've been homebrewing for 4 years. I am not a master brewer, nor do I pretend to be. I am a hobbyist at best, and got started the same way you are - by attending a short intro class. I've won a few awards at some smaller competitions in the city, so I must be doing something right. Yeah, validation!
Title: WAF Optimization and Best Practices
Speaker: Robi Papp and Serg Panfilov
Abstract: Web application firewalls (WAFs) are a necessary evil, especially in regards to certain compliance regulations. They can be extremely powerful to mitigate specific threats, however the biggest issue with the management of WAFs is that applications and databases change over time, compounded by a changing threat landscape and a scarcity of available resources to tune them. To effectively manage WAFs, administrators must have competency in networks, systems, information security, web applications, databases, penetration testing and regulatory compliance.
We will present how a properly tuned WAF environment should be configured and will review a battery of areas that can be scored against and according to industry best practices. We will also review certain aspects to a WAF optimization methodology for the audience to emulate within their respective organizations.
Bio: Robi Papp is a Managing Partner at Avantgarde Partners, who provides purpose built information and performance assurance services by removing the operational heartache experienced by the ongoing management of complex, niche technologies and creating lasting, measured programs for the business. As a founder member of the company, Robi was instrumental in building out the operational methodology of the Harmony for WAF managed service.
Prior to Avantgarde Partners, Robi has spent time at F5 Networks, Bromium and a long tenure at Accuvant, where he was the top national reseller of Imperva for numerous years. Before entering into the dark side of sales, he was a solution architect for Ingrian Networks, product manager for Interactive Data and developer for numerous consulting companies. Robi led the San Francisco chapter of OWASP from 2008 to 2011.
Sponsors:
http://photos1.meetupstatic.com/photos/event/a/d/6/600_451322774.jpeg
http://photos1.meetupstatic.com/photos/event/3/5/0/5/600_451333573.jpeg