Evening with OWASP

The homelab rules all: logging on the down low

Jeremy Cohoe https://www.linkedin.com/in/jeremycohoe/

Are there debugging, security, or application events from your products and solution that are going into a black hole? Have you missed indicators of compromise, outages, or misconfigurations due to a lack of visibility and efficient tooling? Lets have a conversation about one approach to getting in front of these kinds of issues. We’ll focus on the Elastic stack, using Logstash and Kibana to ingest and visualize data, with the goal being quicker actions and response times for applications, servers, and the network. If you’ve ever seen an error message, then this session can be applicable to you

--

Preventing SHA1 Collision Attacks in Web Applications

Jack Xu

Preventing SHA1 collision attack seems to be top priority for companies use SHA1 on PDF files. Yet, upgrading from SHA1 to a more secure hash algorithm is difficult for complex applications. In this talk, we will introduce SHA1 collision detection, a practical solution to SHA1 collision attack in web applications.

Jack is a Computer Science major at University of Washington and currently work on Application Security team at DocuSign

--

De­vSkim

Michael Scovetta https://linkedin.com/in/scovett­a

As everyone knows, the best time to fix a security bug is "earlier in the lifecycle". We built DevSkim to bring real-time, spellcheck-like squiggly underlines to modern IDEs. While DevSkim doesn't replace "real" static analysis, many security bugs can be found with a simple regular expression, which is where the tool excels. DevSkim is open source and supports Visual Studio, VS Code, and Sublime Text.

https://github.com/Microsoft/De­vSkim

Michael Scovetta is a Principal Security Program Manager at Microsoft, where he leads the company's open source security program, amongst other security things.