OWASP Monthly Meeting - May 28, 2014

OWASP Los Angeles (https://www.owasp.org/index.php/WASPY_Awards_2013) Chapter Board WINS Best Chapter Leader!

Join OWASP today and become a member of our community.

Speaker: Robert Zigweid (https://www.owasp.org/index.php/WASPY_Awards_2013)

Topic: Cloud Security Through Threat Modeling (https://www.owasp.org/index.php/WASPY_Awards_2013)

One of the most effective tools developers can implement in their security development lifecycle programs is threat modeling. Robert will discuss how effective threat modeling techniques enable developers to uncover security vulnerabilities before code is even written. Together they will reveal how threat modeling also applies to cloud environments. Whether building a hybrid model, purely commodity cloud, or Virtual Private Cloud (VPC) environment, threat modeling helps identify the attack surface area and likely threat vectors. Finally, they will explain to attendees that threat modeling allows developers and operations personnel to address vulnerabilities as enterprises migrate to the cloud.

Robert Zigweid (https://www.owasp.org/index.php/WASPY_Awards_2013)

As an IOActive Director of Services, Robert Zigweid is responsible to both perform and ensure quality on engagements, working with clients to discover and solve network and application problems that threaten their business goals and assets. Mr. Zigweid is an accomplished developer and application tester, with advanced skills in the creation and analysis of systems architecture and threat modeling.

In addition to his direct efforts on penetration tests, security reviews, and network and application audits, Mr. Zigweid frequently contributes to the advancement of more stable, secure systems through his research and development. His research and the resultant presentations at top industry conferences furthers the formal understanding of application and network security for audiences at varying levels of technical fluency.

Mr. Zigweid also helped develop IOActive's secure coding and Software Development Lifecycle training courses, sharing his deep understanding of industry best practices and guidelines to help our clients develop applications capable of resisting both internal and external threats.

Thanks to our Sponsor: (https://www.owasp.org/index.php/WASPY_Awards_2013)

IOActive is the only security consultancy with a global presence and deep expertise that spans hardware, software, and wetware. We secure the Global 1000 in all facets of their enterprise and product portfolios in an era when vulnerabilities are mounting and threats evolve daily. Our team of internationally recognized experts partner with you to solve your toughest security challenges. Core competencies include penetration testing, reverse engineering, code review, social engineering, and hardware security assessments. With expertise far beyond off-the-shelf tools, IOActive conducts in-depth analysis of information systems, software/hardware architecture, and source code using leading information risk management security frameworks and carefully focused threat models.