OWASP Toronto - October 2017 Chapter Event

Swiss cheese security, or the real challenges faced by internet facing companies

Summary:
In this talk we will get an overview of which are the challenges faced by companies that have an internet presence, but instead of focusing on well know attacks we will focus on targeted and stealthy attacks.

Each scenario will be described and explained by using data collected over the years, and for each case we will discuss not only attack and defense strategies but also some legal implications and possible impact to the business.

Brief biography:
Enrico Branca is an experienced researcher with specialist knowledge in Cyber Security. He has been working in Information Security for over a decade with experience in Software Security, Information Security Management, and Cyber Security R&D. He has been trained and worked in various roles during his career, including Senior Security Engineer, Security Architect, Disaster Recovery Specialist, Microsoft Security Specialist and others, always looking for new exiting opportunities.

Outline:

• what main stream news say about cyber security

• what industry says about cyber security

• how can we dispute the claims with a reality check

• example 1: are financial and insurance companies well defended?

• example 2: web encryption with SSL/TLS, defending from unknown attacks

• example 3: the state of GPG public key cryptography, can we trust it?

• example 4: software companies and version controls, useful or useless?

• example 5: targeted data breach or "indirect" breach

what has been found without any sort of cyber attack

• what can be learned from others' mistakes

• what can be done to make things better