Webster Irvine Campus ∙ 32 Discovery, Suite 250 ∙ Irvine
Presented by OWASP OC and Webster Irvine
RSVP here: http://bit.ly/owaspwebsteroct2018
Speaker: Aaron Guzman, Director, Aon’s Cyber Solutions Group
Subject: In-Vehicle Security: Implications for the Auto Supplier
As the automotive industry continues to introduce bleeding edge technology, vehicles have become increasingly intelligent expanding the automotive attack surface far beyond traditional paradigms. We are living in a world of connected and autonomous vehicles with expectations that our means of transport are resilient in the face of malice. OEM’s along with numerous integrators and hardware/software suppliers support the daunting task of holistically securing a vehicle’s ecosystem. But how can we know this for sure? In this presentation, we will discuss the latest in-vehicle security attack trends, supplier third-party risk, and provide mitigative solutions suppliers can employ into their development processes.
Aaron Guzman is a Director with Aon’s Cyber Solutions group, also serving as Head of Automotive & IoT. Aaron is well versed in performing application, IoT, automotive and embedded device security assessments. Mr. Guzman has extensive public speaking experience delivering conference presentations, trainings, and workshops globally. Aaron is a Board Member for the Open Web Application Security Project (OWASP) Los Angeles, Cloud Security Alliance SoCal (CSA SoCal), a Technical Editor for multiple IoT Security related books, and Co-Author of “IoT Penetration Testing Cookbook” with Packt Publishing. Over the years, he has contributed to many IoT security guidance publications and leads the OWASP Embedded Application Security project; providing practical guidance to address the most common firmware security vulnerabilities to the embedded and IoT community.
The Cybersecurity Seminar Series is a partnership of OWASP, ISACA OC, IEEE OC Cybersecurity SIG, and ISSA-OC with Webster Irvine. Links available at Cybersecurity Seminar Series Eventbrite page. Seating is limiited - no recruiters please.
Speaker: Moses Frost, Security Architect, Cisco
Topic: Oh, you got this? Practical Attacks on the Mode
Have you ever been on a Web Assessment, Bug Bounty, Pen Test, or Red Team and encountered a component using the latest frameworks, languages, libraries, or on the infrastructure? This presentation will provide a practical guide to approach these types of scenarios. Many of these technologies are strikingly new, probably visually stunning, but are they entirely secure? This talk will explore concepts like Modernized languages, Exposed In-Memory Databases, Proxies, Breaking Microservices, and more. We will show demos of how to abuse the latest architectures and frameworks. Follow me as we break the stuff that everyone else is just riding by, or discovering on accident.
Much of the internet today is built on web technologies. These web technologies, the underlying infrastructure, the tooling to support it are changing at an incredibly rapid pace. Attackers, Assessment Teams, and others will have a difficult time understanding what this looks like in totality. This talk attempts to apply legacy concepts to Modern Applications, Libraries, and Infrastructure. We will have a few example demos’ to help cement concepts to the audience. The presentation is an attempt to cobble together several ideas into a single succinct talk. Most of the web attack concepts that exist together are still focusing on the simplistic views of SQL injection, XSS, password brute forcing, and the like. How do those paradigms change when there are no direct queries or when everything applications have been artificially limited by technologies like mobile. This talk boils down how to approach a more complicated application using the latest and greatest developer technologies.
Someone or another has employed Moses Frost for the last 19 years. He started with BBS’s and ran a few, in the early 90’s, and his first non-Microsoft Operating System was Slackware and Linux 1.2 He is now employed Cisco Security Architect and is an Instructor and Author for the SANS Institute. You can catch him teaching Network or Web Penetration Testing at SANS, or catch him at a conference. He is prolifically twittering so find him on twitter @mosesrenegade. He is a seldom blogger at www.renegade.blog.
6:00pm Food, Drinks & Networking
6:40pm Presentation (followed by Q&A)
A raffle will be held at the end of the meeting for OWASP swag and a free conference pass to the AppSec Cali 2019 conference. You must be present to win.