The first talk by @2sharmavishal (https://twitter.com/2sharmavishal) is about `Hackers vs Security Ops: The Lessons Learned! `. The abstract is given below.
The importance of cyber security has been recently escalated at a global level either it is SMEs or the big enterprises, no matter if they are into retail, banking, mass media or automotive industry etc. The reasons may be compliance, legal and governance or may be because of their own competitive business requirements that has been threatened because of various cyber-attacks experienced.
Most of the cyber frauds or cybercrime occur because of some very silly loopholes that has been left open during the daily security operations (SOC) in an ever expanding complex IT infrastructure in an enterprise.
This talk will start with the top news agencies from Alexa top 500 which are exposed to XSS and their mitigating strategies, In addition this talk will also emphasize on the lessons learnt during daily security operations in a fortune 500 enterprise and shed light on the problems we face on daily basis and how we try to overcome given real life barriers and hurdles. This part will mainly focus around solutions like WAF, IDS, IPS, Splunk, Server Access Control(CyberArk), AppScan etc. and how they assist or fail to secure an enterprise.
Moreover, this talk will look into security Policies & Procedures that will mainly focus on security monitoring.
In the second part of meetup, @soaj1664ashar (https://twitter.com/soaj1664ashar) will show some practical examples of finding XSS vulnerabilities in top sites.