Pitfalls of a top N Vulnerability list and Performance Management and Security:
Details
Agenda:
6:00-6:30pm - Gather and mingle
(Food & Beverages provided courtesy of sponsor)
6:30-7:15pm - Looking for your keys under the street light – potential pitfalls of a top N vulnerability list
7:15-7:35pm - Turbo Talk: A Tactical Guide to Phở
10'ish minute break
7:45-8:30pm - Performance Management and Security: Friends or Foes?
Talk 1: Looking for Your Keys Under the Street Light – Potential Pitfalls of a Top N Vulnerability List
Abstract:
The OWASP Top Ten represents a broad consensus about the most critical web application security issues found on the web today. Many organizations use these as their "most wanted" list, but how often do they align with an organization's bug priorities? Top N vulnerability lists may initially appear to be interesting data sets, but they often open more questions than they answer and may lead to stagnation if not updated periodically.
Cigital has gathered reports from application security assessments performed over the last year, and compared the data with this industry leading benchmark. In this presentation, we will discuss our observations and share the lessons that we learned. The discussion will also include a close correlation and comparison of the data identified against the top 10 OWASP vulnerabilities found in web applications.
Bios:
Sudeeptha Adgal is a Software Security Professional with over three years of experience in security. As security consultant at Cigital Inc.'s Assessment Center (CAC) for managed services, Sudeeptha performed web and mobile application security testing by utilizing proficiency in automated as well as manual ethical hacking techniques. Sudeeptha was also responsible for providing technical oversight to clients and leading groups of security professionals. A transition from managed to professional services in May 2015 led to the diversification and enhancement of responsibilities as a security consultant and a team player.
Matt Reeder is a Senior Security Consultant with Cigital. Having started in systems administration and development before transitioning into application security, he has a broad background in technology. He specializes in penetration testing and has experience testing everything from web applications to operating systems or embedded devices.
--------------------
Turbo Talk: A Tactical Guide to Phở
Abstract:
Phở's origins are poorly documented but we do know that it’s the world’s most delicious breakfast food. What is it? What makes it authentic? Where do you get the best in Chicago? Why do you need to eat it in a small divey room with mismatched chairs, a thousand condiments, and a bin of plastic chopsticks on the table? I’ll answer these questions and more. Disclaimer – I’m not Vietnamese, but I’ve been a lot of places and I’ve eaten a lot of Phở - I’m also fairly obsessed with Vietnamese cooking.
Bio:
Rob Havelt is formerly a bourbon-fueled absurdist, raconteur, and man about town, currently a sardonic workaholic occasionally seeking meaning in the finer things in life...
-------------------- Talk 2: Performance Management and Security: Friends or Foes?
Abstract:
As DevOps organizations grow in prevalence and power they bring new issues to the old problem of visibility vs. security. We will take a look at information being kept in systems you might not even know exist, some ways you might be able to reduce risk, and how you can leverage systems that other people paid for to your advantage.
Bio:
Richard Manion loves his dogs and hates writing bios.
Sponsors:
http://photos1.meetupstatic.com/photos/event/5/4/1/1/600_451341521.jpeg