OWASP LA Monthly Dinner Meeting - July 24, 2019

Are you going?

99 people going

Share:
Location image of event venue

Details

Join Us as We Have Two Great Speakers at this Special Meeting!

** Topic 1 ** Want to make $3000 a month working from home? Disrupting a money mule network.
Speaker: Liam O’Murchu

Biography:
Liam O’Murchu is a director with the Security Technology and Response group with Symantec. Over the past 15 years O’Murchu has investigated and responded to the most sophisticated cyber attacks to ever emerge, from professional cyber-criminals targeting financial institutions, to government backed threats targeting critical infrastructure. His analysis of Stuxnet uncovered its true objective, to disrupt uranium enrichment in Iran. The analysis detailed how sophisticated attacks on critical infrastructure are carried out in the modern era. The analysis is featured in the book, "Countdown to Zeroday" by Kim Zetter and the "Zerodays" feature film documentary by Academy award winner Alex Gibney, which was shortlisted for best documentary at the Academy Awards in 2017.

A frequent speaker on T.V., radio and in printed press, O'Murchu has continued to analyze threats from election hacking to financial heists to espionage and to represent that research to the public. Most recently O’Murchu testified at the trial of a group of malware authors he tracked for 12 years, where the authors were found guilty of 21 counts of computer abuse and financial fraud charges. He continues to work closely with law enforcement to identify and apprehend malware authors.

In 2012 O'Murchu was awarded the ISSA’s President’s Award honoring exceptional contributions to the security community.

Abstract:
We've all seen the ads for work-from-home schemes often accompanied by a picture of a cheque for thousands of dollars and a testimonial from a happy employee who only worked a few hours a week to earn the money. These legitimate looking ads are often fronts for money laundering services. Working with the FBI, Symantec recently disrupted a botnet that made extensive use of such work-from-home schemes. This talk looks in detail at one specific instance of such a scheme where we gained visibility into every detail of the scheme, from recruitment, to conversations with the ‘employees’, and ultimately, to the criminals behind the scheme. Vast technical and social skills are needed to operate such a scheme successfully while evading law enforcement. This talk shows the dangers of such scheme and how security researcher cooperation and information sharing brought down such an operation.
===========================================================
** Topic 2 ** Common API Security Pitfalls
Speaker: Philippe De Ryck

Biography:
Philippe De Ryck is the founder of Pragmatic Web Security, where he travels the world to train developers on web security and security engineering. He holds a Ph.D. in web security from KU Leuven. Google recognizes Philippe as a Google Developer Expert for his knowledge of web security and security in Angular applications.

Abstract:
The shift towards an API landscape indicates a significant evolution in the way we build applications. The rise of JavaScript and mobile applications have sparked an explosion of easily-accessible REST APIs. But how do you protect access to your API? Which security aspects are no longer relevant? Which security features are an absolutely must-have, and which additional security measures do you need to take into account?

These are hard questions, as evidenced by the deployment of numerous insecure APIs. Attend this session to find out about common API security pitfalls, that often result in compromised user accounts and unauthorized access to your data. We expose the problem that lies at the root of each of these pitfalls, and offer actionable advice to address these security problems. After this session, you will know how to assess the security of your APIs, and the best practices to improve them towards the future.