iSEC Open Forum Bay Area
Details
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
iSEC Open Forum Bay Area
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
DATE: Thursday, April 30, 2015
TIME: 6:00pm-9:00pm
LOCATION: Cisco Building 30 Serenity Café (Cafeteria)
707 Tasman Drive (at Alder Drive)
Milpitas, CA 95035
https://goo.gl/maps/PCpjg
technical managers and engineers only please
food and beverage provided
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
AGENDA
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
SPEAKERS: Jeff Hodges / Sr Member Technical Staff / Paypal
PRESO TITLE: Next Gen User Authentication Online: FIDO Technical Overview
PRESO SUMMARY: In just under two-years the FIDO Alliance has produced a pair of specifications for strong authentication that have already been deployed at scale by some of the biggest brands in the world: Universal Authentication Framework (UAF) and Universal 2nd Factor (U2F). This talk reviews UAF & U2F protocol details, what makes FIDO different, and how we dodge dancing pigs.
SPEAKER BIOS: Jeff has been involved in protocol design and online identity since the mid-nineties. He has contributed to various specification efforts, including: LDAPv3, SAMLv1.x, Liberty, SAMLv2, HSTS, TLS Server ID Check, and now FIDO. He is serving as a FIDO UAF TWG co-chair, and formerly co-chaired the OASIS Security Services Technical Committee (SSTC) during the SAMLv1.0 effort, as well as chaired the re-booted IETF HTTP State Management WG, which begat RFC6265.
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
SPEAKER: Nick Sullivan / Security Engineering Lead / CloudFlare
PRESO TITLE: CFSSL: The evolution of an open source cryptography tool
PRESO SUMMARY: In July 2014, CloudFlare released CFSSL, an open source toolkit for TLS and PKI written in Go. It can be used as a lightweight certificate authority, a certificate chain bundler and now a TLS configuration scanner. In this talk, we explore the process that led us to build a new developer-friendly tool instead of leveraging existing solutions. We’ll also discuss the challenges faced by the the project and how it came to be used by several high-profile organizations.
SPEAKER BIO: Nick Sullivan is a leading cryptography and security expert. He founded and built the security team at CloudFlare, one of the world's leading web security companies. He is a digital rights management pioneer in his work building Apple’s multi-billion dollar iTunes store. He is the author of over a dozen computer security patents and holds an MSc in Cryptography and a BMath in Pure Mathematics.
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
SPEAKER: Aaron Grattafiori / Principal Security Consultant / iSEC Partners
PRESO TITLE: Linux Containers: Fact or Fiction?
PRESO SUMMARY: In recent years the Linux Containers (LXC) project has developed from an insecure and loose collection of Linux kernel namespaces to a production ready OS virtualization stack. In this talk, the audience will learn the basics of how containers function, as well as understand cgroups, capabilities and namespaces in order to see how Linux containers offer an effective application and system sandboxing solution yet to be widely adopted.
Docker, CoreOS, Heroku and OpenStack among others which leverage container technologies are rapidly becoming popular within the modern development and devops world but little has been publicly discussed in terms of security. Prior container vulnerabilities, escapes and general hardening will be the main focus of this talk. This includes leveraging techniques such as kernel hardening, root capabilities, Mandatory Access Control (MAC), the User namespace and seccomp-bpf all of which help contain containers.
SPEAKER BIO: Aaron Grattafiori (@dyn___) is a Principal Security Consultant and Research Lead with iSEC Partners. A jack-of-all-security, Aaron leads projects dealing with complex system analysis, mobile and web application security to network, protocol and other hybrid penetration testing. With over eight years of security experience, Aaron utilizes a wide array of technology skills, historical research and security knowledge to consistently discover critical vulnerabilities. Aaron has spoke at security conferences such as Blackhat 2013, DEFCON Kids, Toorcon:Seattle, Toorcon:SanDiego, Source Seattle and SecureWorld in addition to being a guest speaker at Stanford University. Prior to working at iSEC Partners, Aaron worked as a Security Consultant for Security Innovation.