Please join us for another OWASP Houston Mini-Con on August 15th at 6PM. Please register on EventBrite to guarantee seating. Registration will be open July 29th at 10AM.
We will be hosting Georgia Weidman, and Clint Pollock.
Georgia Weidman presenting on:
Can You Hear Me Now? Leveraging Mobile Devices on Pentests BYOD is not a new concept. From contractor laptops to an employee’s game console in the break room, a compromised device in the corporate environment can lead to all sorts of bad things. In this talk we will look at the unique threats that BYOD for mobile devices brings to the table. The most security conscious corporations are deploying the latest devices and policies to stop attackers from breaching the perimeter and if they do to stop data exfiltration. We will discuss how mobile devices on a corporate network and/or handling company data undermines these efforts. We will look at multiple mobile platforms gathering sensitive information, attacking other devices such as other mobile devices, servers, and workstations, and using out of band communication to perform data exfiltration and communicate with internal devices. Multiple live demo scenarios will be shown and some useful code for pentesters will be released.
Speaker Bio: Georgia has worked in information security in both the public and private sectors. She recently founded her own security firm, Bulb Security LLC focusing on security training, research and development, and penetration testing. She began speaking at security conferences at Shmoocon 2011 and has had a full schedule ever since, presenting all over the world. To name a few she has spoken at Security Zone, Takedowncon, Hacker Halted, Defcon Wireless Village, and many Bsides events.
Georgia was recently awarded a DARPA Cyber Fast Track grant to continue her smartphone security research. Georgia’s security work has been featured in print articles including Ars Technica, PC World, and MIT Technology Review. She’s also discussed security on television on programs such as Fox News Live and 16×9 on Global TV Canada.
Clint Pollock presenting on:
Tips for Building a Successful Application Security Program Application
Vulnerabilities are steeply on the rise. At $350 billion per year software is the largest manufacturing industry in the world yet there are no uniform standards or insight into security, risk or liability of the final product. The development environment is becoming increasingly complex – application origin ranges from internally developed code, outsourced, 3rd party, Open Source, and Commercial Off the Shelf software. Ensuring these entities are creating secure software is becoming a daunting task. Lots of emphasis is placed on IT controls, patching, etc, but the new attack vector is your applications. During this presentation we will recap the state of software security today and discuss detailed actions you can take to build a successful application security program that is centralized, policy-driven, and comprehensive.
Speaker Bio: Clint Pollock is a Senior Solutions Architect at Veracode. Since 1997, he has also created security solutions for large-scale enterprise environments on behalf of CREDANT Technologies and Netegrity. In his current role, Clint helps globally distributed organizations evaluate, track, and mitigate their application security risk. Clint’s greatest strengths are his enthusiasm, experience and determination to help customers succeed in maintaining secure, compliant systems, and avoid the consequences and bad headlines that come with application security breaches.