OWASP Ottawa August 2019 Meetup

Hello Ottawa OWASPers! Here is our schedule for our August 2019 Meetup.

5:00 Networking and Pizza

6:00 PM: Technical Talks

Title: Securing SSH Access

Abstract:
Currently, Linux servers are overwhelmingly winning the infrastructure server space. At the same time, SSH is a de-facto standard to administrate Linux servers. Therefore, gaining SSH access continues to be one of the most lucrative targets for attackers. Indeed, several recent researches set up honeypots to track SSH brute-force attacks and registered very high activity of attackers on SSH. There are various resources available on the Internet containing bits and pieces of information how to protect SSH. The goal of this presentation is to present systematic approach discussing possible attack scenarios involving SSH and ways to mitigate such attacks.

Bio:

Pavel Shukhman is a Co-Founder and CEO at Reliza, an Ottawa DevOps startup. For the past 10 years he was working in the fields of Site Reliability Engineering, DevOps, DevSecOps and DataOps in several organizations. Pavel’s professional life is mainly built around startups – he founded 3 companies and worked at 5 startups in total. He likes to work with small-to-medium sized companies, while being frequently exposed to enterprises through this work. He is also graduating from the Master of Computer Science program at University of Illinois Urbana-Champaign later this year.

Title:Tool-Assisted Security Code Review

Abstract:

According to OWASP: “Security code review is the process of auditing the source code for an application to verify that the proper security controls are present”. While important, it is often ignored by development teams, there are several reasons behind this, some of which are:
1- Developers lack the time to do an effective security code review
2- Developers lack the skills to do so
3- Developers lack the proper tools to do so.
This talk will go over the art and science of performing an effective code review. There are several types of security code review, this talk will focus on tool-assisted security code, which is basically performing a security code review with the assistance of a static code analysis tool.
This hands-on workshop will go through the process of scanning a code base, the risk-based vs bug-based approach, and rapidly triaging issues and weeding out false positive.

Bio:

Sherif Koussa is an OWASP Ottawa Chapter Co-Leader, Software Developer, Hacker, and founder and CEO of Software Secured (https://www.softwaresecured.com). Sherif started his security career by leading OWASP WebGoat 5.0 as well as mentor, and exam consultant for Java and .NET for the SANS Institute. As an OWASP Leader and SANS Java and .NET SME, Sherif worked as an Information Security Engineer for Wells Fargo. Afterwards, Sherif started Software Secured, an Ottawa-based Application Security boutique company, where he helps his clients design, implement and maintain secure software through their software specific lines of services, products and training courses