Name: OWASP and ISSA-LA (PAID Holiday Party) - December 16, 2015
Start: 2015-12-16T18:15:00-08:00
End: 2015-12-16T21:15:00-08:00
Location: Microsoft Office

Mark your calendars: AppSec California 2016 is Jan 25-27

For our December Holiday Party:

You will have to RSVP on this Meetup site and also PAY at the ISSA-LA registration site: http://www.issala.org/event/issa-la-december-dinner-meeting/

Speaker: Jim Manico

Topic: OAuth is a new kind of security protocol.

Abstract: The best time to address secure software is before most developers even start writing code. In fact, the best time to address secure software occurs before most developers even start thinking about their various projects. Months sometimes years before most developers even start writing code, various open source or corporate developers work together to build software frameworks that other developers may depend upon in the future as a harness to build their software. These decisions will ripple though time and have a large impact on the security posture of software that is built upon these frameworks.

OAuth is a new kind of security protocol. It’s used for delegating various features from one service to another on behalf of your users. OAuth intersects with authentication and access control, let would not likely use OAuth in and of itself for authentication, session management or for access control in your applications. Even more confusing, OAuth is not a standard and various service providers will likely have different implementations. Let’s say it again, OAuth is not a standard – its a framework for delegation. So this leaves us with questions! What really is delegation? Where does OAuth fit in? How can I use OAuth in a secure fashion? These questions and more will me answered in this talk!

HTTPS/SSL/TLS has been under fire for years. FREAK, POODLE, BEAST, CRIME, problems with the weakness of the CA system, problems with various versions of the protocol – and more – have plagued HTTPS to be less than satisfactory, at best, as a transport security protocol. However, there is hope. Recent enhancements in browsers have made encryption in transit over the web viable for the first time in history. This talk with review the HTTPS protocol and describe how it works. Historical attacks and other legacy issues with HTTPS will be discussed. And most important, we will talk about what can be done today to ensure that your users will have the most secure HTTPS experience possible.

Speaker: Jim Manico is the founder of Manicode Security where he trains software developers on secure coding and security engineering. He has a 18 year history building software as a developer and architect. Jim is a frequent speaker on secure software practices and is a member of the JavaOne rockstar speaker community. Jim is also a Global Board Member for the OWASP foundation where he helps drive the strategic vision for the organization. He is the author of Iron-Clad Java: Building Secure Web Applications (http://www.amazon.com/Iron-Clad-Java-Building-Secure-Applications/dp/0071835881) from McGraw-Hill. For more information, visit http://www.linkedin.com/in/jmanico .

Thanks to our sponsors:

Gemalto (formerly SafeNet) and PhishMe

Edward Bonver

Aaron

Tin Zaw

Stu Schwartz

OWASP Los Angeles

OWASP® Foundation 

OWASP - LA

Wallarn

Application Detection and Response for Modern Enterprises

Contrast Security

Helping AppSec Teams Make Security a Priority

Kodem

AppSec made simple pipelineless detection and secret mitigation.

Arnica

Secure open source software without the dev productivity tax

Endor Labs

DefectDojo is the platform and product that enables scalable security

DefectDojo

One platform to connect all edges, everywhere

Cato Networks

Securing the Applications Driving Our World

Checkmax

equips your dev and security teams with tools to build a mature AppSec

OWASP Los Angeles

OWASP and ISSA-LA (PAID Holiday Party) - December 16, 2015

OWASP Los Angeles

Details

Sponsors

Members are also interested in