Needs a location
DevSlop will be live streaming the two talks on their regular sites:
And OWASP Vancouver will stream from YouTube: https://www.youtube.com/watch?v=IitBQKMrEfk
Or better yet, SHOW UP IN PERSON in Vancouver Canada! :-D
This is a special double header edition of the OWASP Vancouer meet-up series with two great speakers: Tanya Janca, and Siva Ram. They will be speaking on Application Security Incident Response, and Continuous Risk-based Authentication respectively. Details are provided below.
1st Speaker: Tanya Janca (6-7pm)
Title: Are You Ready for the Worst? Application Security Incident Response
Abstract: No matter the size of your IT shop, if the first time you think about the security of the software is during a major incident, it’s not going to go well. I will teach developers and security teams to prepare for, manage, and hopefully prevent, application security incidents. Starting with preparation; do you have a proper application inventory? How do you manage your technology stack? Disaster Recover? Backup strategy? Do you have a WAF? Monitoring? Tools that are at the ready when the s* hits the fan? During an incident; who’s managing the incident? Do you know? What is triage? Who does the investigation? Do you have a “safe” place to do potentially destructive testing? This talk outlines an immediate plan for the audience to get started, with a list of open source tools the security team and/or developers will use to ensure that they are ready, for the worst.
Speaker Bio: Tanya Janca is a senior cloud advocate for Microsoft, specializing in application and cloud security; evangelizing software security and advocating for developers and operations folks alike through public speaking, her open source project OWASP DevSlop, and various forms of teaching via workshops, blogs and community events. As an ethical hacker, OWASP Project and Chapter Leader, Women in Security and Technology (WIST) chapter leader, software developer and professional computer geek of 20+ years, she is a person who is truly fascinated by the ‘science’ of computer science.
2nd Speaker: Siva Ram (7-8pm)
Title: Managing convenience and security: Moving towards continuous risk based authentication
Abstract: Your organization does not have to be breached for you to end up having to send notification of a data compromise. All it takes is for one of the millions of websites to lose credentials and your site can be vulnerable, due to credential stuffing attacks. Attackers have also become very sophisticated in combining different data sources and attack vectors (phishing, social engineering, malware, etc) to launch successful attacks, resulting in account takeovers and data compromise.
This presentation will discuss some of the attack trends on customer facing applications and how your authentication methods need to adapt to keep your sites secure.
Speaker Bio: Siva Ram is the Head of Security & Fraud risk for commercial banking digital channels at a global bank. He started off as a developer and has 18 years experience in the security industry. He has been a pentester, PCI/PA QSA, and currently responsible for protecting mission critical banking applications against cyber and fraud attacks.
Live streaming: you can check out this event remotely by going to https://www.youtube.com/watch?v=IitBQKMrEfk
Thank you: Ping Identity for hosting and providing pizza + pop, George Pajari for streaming the event, and Jeevan Singh and all the volunteers for helping make this happen!
OWASP Vancouver Web site can be found here (https://www.owasp.org/index.php/Vancouver), where you can find more info and stay connected with us.
The recordings will be available after here: https://www.youtube.com/channel/UCSXBb_cPvieNm-MoLjjtbXw