Join us at Deja vu Security's offices in Capitol Hill and share what you've been working on from between 5 to 20 minutes.
Here's some of our lineup:
Sarah Squire (https://engageidentity.com/leadership/):
NIST released an entirely rewritten version of their Digital Identity Guidelines (SP[masked]) at the Cloud Identity Summit in June. Co-author Sarah Squire will explain why levels of assurance are now a thing of the past and what new guidance and recommendations NIST is proving to federal agencies in terms of identity proofing, authentication transactions, and federated identity management.
Seth Hinze (https://www.linkedin.com/in/seth-hinze-55a1691/):
Microservices enable accelerated feature development, but this causes unique security risks as compared to monolithic services. It’s easy to find bugs in your own code, but people often forget about all the external code they depend on. We'll talk about things to watch out and strategies to stay secure when leveraging all that 3rd party technology.
James Premo (https://www.linkedin.com/in/james-premo-ab21b111a):
Confused deputy is an old and subtle attack that tricks a system into misusing its authority, in many cases completely bypassing well tested and hardened access controls. In this talk I will guide you through various aspects of the confused deputy issue from origin to solution, including some real world examples.
Daniel Herrera (https://www.linkedin.com/in/daniel-herrera-a627934/):
Filter evasion and staged injection payloads in distributed micro service environments. More stacks result in more default normalization behavior as values are passed around to complete user actions. We'll talk about the mechanics of performing targeted injection against vulnerable supporting services behind public endpoints and some changes you can make to centralized input validation and output encoding behavior to combat this scenario.
Ross Snider (https://www.linkedin.com/in/ross-snider-b927b846/):
Microservice architectures, on the broad timeline, are relatively new ways to design highly available systems. As with other types of system architectures, microservices suffer from design anti-patterns which can lead to systemic security issues. In this lightning talk we'll sample a common security pitfall that arises from an innocent looking access control anti-pattern.
Ian Gorrie (https://www.linkedin.com/in/gorrie/):
The Democracy of Crime
Videos will be posted within a few days for those unable to attend.