OWASP East Bay Meetup - April 2017 (1/1)

Hello all - we are very excited to announce our first dedicated East Bay meetup! We'll have two great talks, food/drink, and great company.

• 6:30 Doors Open
• 6:45 - 7:30 "Effective AppSec Metrics" - Caroline Wong
• 7:35 - 8:20 "IoT Exploitation 101" - Aditya Gupta
• 8:25 - 9:00 Networking
• 9:00 Doors Close

Talk Details:

Talk 1: Effective AppSec Metrics - Caroline Wong

Abstract:
Executives often ask the wrong questions about application security. This session will discuss techniques for changing the conversation in order to encourage execs to ask the right questions—and provide data-driven answers that show progress towards meaningful objectives.

Bio:
Caroline Wong is the Vice President of Security Strategy at Cobalt. Cobalt delivers crowdsourced pen tests and private bug bounties to modern organizations.

Caroline’s close and practical information security knowledge stems from broad experience as a Cigital consultant, a Symantec product manager, and day-to-day leadership roles at eBay and Zynga. She is a well-known thought leader on the topic of security metrics and has been featured at industry conferences including RSA (USA and Europe), IT Web Summit (South Africa), OWASP AppSec, Metricon, the Executive Women’s Forum, ISC2, and the Information Security Forum.

Caroline received a 2010 Women of Influence Award in the One to Watch category and authored the popular textbook Security Metrics: A Beginner’s Guide, published by McGraw-Hill in 2011. She graduated from U.C. Berkeley with a B.S. in Electrical Engineering and Computer Sciences.

Talk 2: IoT Exploitation 101

Abstract:
IoT or the Internet of Things is one of the most popular trends in technology and security industry today. However, not a lot has been talked about how you as a security researcher can identify vulnerabilities in these so called “smart devices”.

This talk is a short crash course on how you can get started with IoT security and exploitation of smart devices.

Aditya will discuss topics such as how to start pentesting of IoT devices - initial analysis, moving into topics such as Firmware reverse engineering, Embedded Device Hacking and Zigbee and BLE exploitation.

This talk could be thought of as a quick starter guide for you, covering all the essential tools and techniques to see how IoT pentests are conducted, and how you can set up your own lab environment and get started with identifying vulnerabilities in the IoT and smart devices.

Aditya will additionally share his own experiences on pentesting and training on IoT security, and the common patterns he has seen so far in IoT vendors. The session will also be concluded with a short QnA at the end.

Bio:

Aditya Gupta (@adi1391) is the founder and principal consultant of Attify, an IoT and mobile security firm, and a leading IoT and mobile security expert and evangelist. He has an electronics engineering and embedded background by education. He has done a lot of in-depth research on mobile application security and IoT device exploitation, and is the creator of the Offensive IoT Exploitation course. He is also the author of the popular Android security book "Learning Pentesting for Android Devices" that sold over 15,000 copies, since it was published in March 2014.

He has also discovered serious web application security flaws in websites such as Google, Facebook, PayPal, Apple, Microsoft, Adobe and many more. He has also published a research paper on ARM Exploitation titled "A Short Guide on ARM Exploitation." In his previous roles, he has worked on mobile security, application security, network penetration testing, developing automated internal tools to prevent fraud, finding and exploiting vulnerabilities and so on.

He is also a frequent speaker and trainer at numerous international security conferences including Black Hat, Defcon, Syscan, OWASP AppSec, PhDays, Brucon, Toorcon, Clubhack amongst others.