• Webster U CyberSec: In-Vehicle Security: Implications for the Auto Supplier
    Webster Irvine Campus ∙ 32 Discovery, Suite 250 ∙ Irvine Presented by OWASP OC and Webster Irvine RSVP here: http://bit.ly/owaspwebsteroct2018 Speaker: Aaron Guzman, Director, Aon’s Cyber Solutions Group Subject: In-Vehicle Security: Implications for the Auto Supplier Abstract: As the automotive industry continues to introduce bleeding edge technology, vehicles have become increasingly intelligent expanding the automotive attack surface far beyond traditional paradigms. We are living in a world of connected and autonomous vehicles with expectations that our means of transport are resilient in the face of malice. OEM’s along with numerous integrators and hardware/software suppliers support the daunting task of holistically securing a vehicle’s ecosystem. But how can we know this for sure? In this presentation, we will discuss the latest in-vehicle security attack trends, supplier third-party risk, and provide mitigative solutions suppliers can employ into their development processes. Speaker Bio: Aaron Guzman is a Director with Aon’s Cyber Solutions group, also serving as Head of Automotive & IoT. Aaron is well versed in performing application, IoT, automotive and embedded device security assessments. Mr. Guzman has extensive public speaking experience delivering conference presentations, trainings, and workshops globally. Aaron is a Board Member for the Open Web Application Security Project (OWASP) Los Angeles, Cloud Security Alliance SoCal (CSA SoCal), a Technical Editor for multiple IoT Security related books, and Co-Author of “IoT Penetration Testing Cookbook” with Packt Publishing. Over the years, he has contributed to many IoT security guidance publications and leads the OWASP Embedded Application Security project; providing practical guidance to address the most common firmware security vulnerabilities to the embedded and IoT community. Twitter: @scriptingxss Linkedin: https://www.linkedin.com/in/scriptingxss/ The Cybersecurity Seminar Series is a partnership of OWASP, ISACA OC, IEEE OC Cybersecurity SIG, and ISSA-OC with Webster Irvine. Links available at Cybersecurity Seminar Series Eventbrite page. Seating is limiited - no recruiters please.

    Webster University

    32 Discovery · Irvine

    1 comment
  • OWASP OC November dinner meeting: Oh you got this? Practical Attacks on the Mode
    Speaker: Moses Frost, Security Architect, Cisco Topic: Oh, you got this? Practical Attacks on the Mode Abstract: Have you ever been on a Web Assessment, Bug Bounty, Pen Test, or Red Team and encountered a component using the latest frameworks, languages, libraries, or on the infrastructure? This presentation will provide a practical guide to approach these types of scenarios. Many of these technologies are strikingly new, probably visually stunning, but are they entirely secure? This talk will explore concepts like Modernized languages, Exposed In-Memory Databases, Proxies, Breaking Microservices, and more. We will show demos of how to abuse the latest architectures and frameworks. Follow me as we break the stuff that everyone else is just riding by, or discovering on accident. Much of the internet today is built on web technologies. These web technologies, the underlying infrastructure, the tooling to support it are changing at an incredibly rapid pace. Attackers, Assessment Teams, and others will have a difficult time understanding what this looks like in totality. This talk attempts to apply legacy concepts to Modern Applications, Libraries, and Infrastructure. We will have a few example demos’ to help cement concepts to the audience. The presentation is an attempt to cobble together several ideas into a single succinct talk. Most of the web attack concepts that exist together are still focusing on the simplistic views of SQL injection, XSS, password brute forcing, and the like. How do those paradigms change when there are no direct queries or when everything applications have been artificially limited by technologies like mobile. This talk boils down how to approach a more complicated application using the latest and greatest developer technologies. Speaker Bio: Someone or another has employed Moses Frost for the last 19 years. He started with BBS’s and ran a few, in the early 90’s, and his first non-Microsoft Operating System was Slackware and Linux 1.2 He is now employed Cisco Security Architect and is an Instructor and Author for the SANS Institute. You can catch him teaching Network or Web Penetration Testing at SANS, or catch him at a conference. He is prolifically twittering so find him on twitter @mosesrenegade. He is a seldom blogger at www.renegade.blog. Schedule: 6:00pm Food, Drinks & Networking 6:40pm Presentation (followed by Q&A) A raffle will be held at the end of the meeting for OWASP swag and a free conference pass to the AppSec Cali 2019 conference. You must be present to win.


    1691 Kettering St · Irvine, CA