OWASP STL Meetup, Thur May 17

Join us for an evening of networking, tech talks, DRINKS and pool. Come as you are and bring a friend. THERE IS NO COST TO THIS EVENT.

6:30pm - Social Hour (Food & Beverages PROVIDED)

7:00pm - Cryptojacking, Hijacking Websites for Fun & Profit

The use of third-party web components such as popular JavaScript frameworks and fonts in web applications is ubiquitous among modern development teams. Sourcing those components from Content Delivery Networks is even more compelling with the promise of faster
load times and reduced bandwidth costs.

We’ll discuss a recent event that tells a cautionary tale of the very real risk organizations take in the casual inclusion of these components within their systems without taking the proper precautions to mitigate or eliminate the risks. In most cases modern security controls can make the difference between bliss and disaster.

Speaker Bio:
André Van Klaveren (@opratr) is an Information Security professional specializing in Application Security and Solution Architecture. Andre has spent the last 21 years helping organizations design, develop, and maintain more robust and secure web applications and to integrate security into the SDLC.

Break

8:00pm - Using Instrumentation to Optimize your Application Security Program

Abstract: In our physical world, we have instrumentation all around us. Clocks tell us time, kitchen ovens tell us temperature, cars tell us speed, fuel level and even has onboard health diagnostics. At our homes, we have security alerts when someone trespasses our property or opens a door. However, in the world of software, we have very little visibility into what is going on inside the software. This presentation describes how instrumentation can be used to enable your software applications to both detect vulnerabilities and block attacks. Furthermore, we will demonstrate the insights offered by using instrumentation and why this approach adds no friction to your development cycle while improving the efficiency of your security program and is best suited for Agile and DevOps.

Speaker: Garish Nair, Contrast Security

Drinks & Billiards, until they kick us out.

Sponsored by Contrast Security. https://www.contrastsecurity.com/

CE Credits will be issued upon request.