OWASP Meetup - SF September 2018
Details
Please join us for an awesome night of security, courtesy of our host: Twilio. There will be three amazing talks, food/drinks, and security!
• 6:30 - Doors open
• 7:00-7:30 - Putting the Bits Back Together - AWS Forensics (Brandon Sherman)
• 7:35-8:05 - Software Development Lifecycle at Cloudflare Scale (Evan Johnson)
• 8:10-8:40 - Working with Developers for Fun and Progress (Leif Dreizler)
• 8:40-9:00 - Networking
Talk 1: Putting the Bits Back Together - AWS Forensics (Brandon Sherman)
Cloud computing security response is no different to servers racked in a regular datacenter, except for a key difference: When a server is breached, and the need exists to perform a forensic evaluation of that server, the responder has no idea where, or what, that server is. The very first steps of imaging a disk need to be rethought in an environment where disks are of variable sizes and capabilities, and are only exposed via APIs. Many things which are taken for granted in the physical world are implementation details in the cloud. Recent product launches in AWS, such as the next-generation of EC2 instances which access EBS in a different manner, as well as bare-metal instances, have changed some of these implementation details— which potentially changes what an incident responder may encounter.
Bio:
Brandon has been working with AWS infrastructure for four years and is a Senior Cloud Infrastructure engineer at Twilio, where the challenge of real-time cloud communications requires thinking about security in new and exciting ways. He wants to replace himself with microservices & APIs but until he manages to do that, you'll find him teaching anyone who will listen that they can be a "security person" too.
Talk 2: Software Development Lifecycle at Cloudflare Scale (Evan Johnson)
At Cloudflare, a large amount of rigor and process is required to rapidly release quality software products. In this talk, we will show Cloudflare’s approach to our software development lifecycle and how security fits in to this process.
Bio:
Evan Johnson is a Product Security Manager at Cloudflare where he helps his team deliver products that millions of websites use every day.
Talk 3: Working with Developers for Fun and Progress (Leif Dreziler)
Forging a strong relationship with developers is essential part of creating an impactful AppSec program. Without it your team will have little idea what's going on and have trouble getting bugs fixed. Segment has built strong ties to developers using our competition-based training featuring Burp Suite and OWASP Juice Shop, hands threat-modeling, and contributions to the existing codebase. We'll also talk about our future plans for our security champions and embed programs.
Bio:
Leif works on the AppSec team at Segment, partnering with engineers to continuously improve their security story and protect customer data. Leif got his start in the security industry at Redspin doing security consulting work, and was an early employee at Bugcrowd. He has presented at OWASP meetups, BSides conferences, and NolaCon. He was a founding member of the Santa Barbara OWASP Chapter, the AppSec California conference, and is currently an organizer for the Bay Area OWASP Chapter.