Techday by Init 2014

Tech Day by Init 2014 will take place on the 27:th of november at Armémuseum on Riddargatan 13 in central Stockholm. We've divided the day in a shorter and longer track with lunch onsite in between. Join us all day or on individual sessions that interests you. The event is free of charge but the number of seats is limited.

After the event there will be a TDBI Networking Session and Bar

Please feel free to attend our networking session where we discuss the event, speeches, and future opportunities! The Networking Session and Bar will be established in our office at Engelbrektsgatan 7, a five minutes walk from Armémuseum. Init representatives will guide you as needed.

To make sure we can take good care of you at our office, please send an email to willem.stolk@init.se for head counting!

We welcome you all!

Schedule

08.30 Registration, coffe and sandwich

09.00 Welcome

09.10 Network Segmentation - Fredrik Söderblom, XPD

10.05 Varnish Security Firewall - Kacper Wysocki, Redpill Linpro

10.40 Universal 2nd Factor - Simon Josefsson, Yubico

11.30 Lunch

12.30 PKI, enabler of business - Tomas Gustavsson, Primekey

13.25 Spiralbunden säkerhet - Patrik Järnefelt, Blocket AB & Daniel Gustafsson, SCM Ventures AB

14.20 Securing your system with AppArmor... - Johannes Segitz, SUSE Security TEAM

15.10 Coffee break

15.40 Securing web based applications... - Magnus Hagander, Redpill Linpro

16.35 Incident response and forensic investigations... - Robert Malmgren, ROMAB/sysctl

17.25 Closing

Talk details

Universal 2nd Factor (U2F) - Simon Josefsson, Yubico

I will briefly walk through the evolution of 2-factor authentication solutions and explain the upcoming Universal 2nd Factor (U2F) protocol from the FIDO Alliance works

Spiralbunden säkerhet - Patrik Järnefelt, Blocket AB & Daniel Gustafsson, SCM Ventures AB

Blocket.se (http://blocket.se/) har gått från att vara en regional prylmarknad i Skåne till att driva siter i över 40 länder. I denna presentationen kommer vi gå genom hur vi
skalar arbetet med kundsäkerhet samtidigt som vi skalar vår kodbas.

PKI, an enabler of business - Tomas Gustavsson, Primekey

This presentation will show some concrete use cases how PKI enablesorganizations to improve their operations and invent new businesscases. To start with, a short PKI primer will be held to establish common ground.After the primer some real use cases will be presented.- Swedish police- BankID- A state of the art car manufacturing company.

The use cases will show how PKI enables IT usage that was not otherwise possible, or at least much harder to realize.

Securing web based applications in PostgreSQL - Magnus Hagander, Redpill Linpro

Far too often we read about websites that have "leaked" millions of passwords or email addresses (or both). Even if the passwords are hashed this is of course bad - and email addresses can be valuable. This talk will outline a trivial way to use the security features in PostgreSQL to make this type of attack significantly harder, without compromising site functionality.

Network Segmentation - When information security is a business and technology enabler - Fredrik Söderblom, XPD

This presentation is about network segmentation and will walk you through prerequisites, pitfalls, do's and don'ts and opportunities.

Securing your system with AppArmor & SELinux - Johannes Segitz, SUSE Security Team

With AppArmor and SELinux there are two mature mandatory access control(MAC) systems available for Linux. This talk will introduce MAC, discuss why it is a good idea to use such a system and present the two leading options, AppArmor and SELinux.

Incident response and forensic investigations is always a challenge - Robert Malmgren, ROMAB/sysctl

This is a presentation of the biggest publicly known hacking investigations in Sweden and Denmark. We will discuss what happened and how even mainframe computers is vulnerable to Internet style hacking.

The presentation will highlight some of the experiences and conclusions one must draw from something like this.

Varnish Security Firewall - Kacper Wysocki, Redpill Linpro

Varnish is the swiss army knife of the HTTP transport, and its flexible configuration language has long been used to thwart application attacks and DoS with custom rulesets. The Varnish Security Firewall framework enables us to rapidly secure web applications, and allows for fast rule writing to enhance the security and quickly react to attacks.