Past Meetup

Web Security: Attack, Defend, and Profit.

This Meetup is past

571 people went

Location visible to members

Details

Join us for an incredible event about Web Security. Speakers include four security experts: Parisa Tabriz, Eduardo Vela Nava, Tim Willis, and Joel Weinberger. This special event will be streamed live on YouTube and recorded.

https://www.youtube.com/watch?v=oAYjZy1Nuyg

Talk 1: Do Know Evil (Parisa Tabriz)

Understanding how to exploit web applications is one of the most useful skills for developers that want to write secure applications. It can also lead to a steady stream of side money if you get good at it. To open our security-themed evening, I’m going to encourage you to temporarily put your black hat on, think like an attacker, and learn the dark arts of web hacking.

Parisa Tabriz (@laparisa (https://twitter.com/laparisa)) has worked on information security at Google for over 7 years, starting as one of the "hired hacker" software engineers in Google's security team. As an engineer, she found and closed security holes in Google's web applications, and taught other engineers how to do the same. Today, she manages Google's Chrome security engineering team, whose goal is to make Chrome the most secure browsing experience for users on the Internet.

Talk 2: Ca$h for Bugs (Tim Willis)
Security bugs are annoying. They are usually buried deep in code and manifest when seemingly unrelated changes are made. So, why not learn from Google’s mistakes so that you can build and design more secure web applications? We’ll look at the most common types of bugs reported under our Vulnerability Reward Program, play a few games of “spot the bug” (with “cool” prizes** for audience participation!) and touch on what you can do to minimize these types of bugs popping up in applications that you develop. [** notice the quotes around cool.]
Tim Willis works at Google and makes sure that security bugs get fixed. This involves spending a fair amount of time working with internal engineers and external security researchers that find and report vulnerabilities to Google. Before joining Google, Tim worked for the Australian Department of Defence where he specialised in vulnerability assessment, incident response and computer forensics.
Talk 3: Vulns Shouldn't Compile (Eduardo Vela Nava)
By the end of this talk, if I do my job right, you will be completely convinced, that the best way to develop secure software is by knowing absolutely nothing about security.
Eduardo Vela Nava (sirdarckcat (http://sirdarckcat.blogspot.com/)) leads Google's Product Security Response team, whose mission is to respond to security issues found in Google products and preventing them from happening ever again. He is a frequent speaker at security conferences and avid web security researcher.
Talk 4: Three Steps to Safety (Joel Weinberger)
A key part of building secure software without thinking about security is having the right tools in place at the right time. Web browsers provide many great features to help developers write secure secure web applications, but one of the most common complaints we often hear is, "why can't the browser prevent this attack?" Unfortunately, there are limits to what the browser can stop, so we'll go over 3 ways to setup your application and workflow so that your developers don’t think about web security, it just happens. Don’t write security code; write code securely.
Joel Weinberger (@metromoxie (https://twitter.com/metromoxie)) is a software engineer on the Chrome security team. He focuses on user experience security and browser features to help developers harden their web applications. Before Google, Joel worked at Sun Microsystems and completed his doctorate in Computer Science at the University of California, Berkeley in 2012, with his thesis, “Analysis and Enforcement of Web Application Security Policies.”
Schedule
• 5:00 p.m. Doors open, eat and drink (amazing wine bar, live DJ (https://soundcloud.com/rockylubbers), and delicious food catered by Google, with limited quantities of vegan and gluten-free options)
• 6:00 p.m. Registered guest space guarantee cut-off. Waitlisters will be allowed in depending on available space on first-come basis
• 6:30-6:40 Announcements
• 6:40-7:00 Talk 1 (Parisa Tabriz)
• 7:05-7:35 Talk 2 (Tim Willis)
• 7:35-8:00 Break (Wine and Dessert)
• 8:00-8:10 Lightning talks
• 8:10-8:40 Talk 3 (Eduardo Vela Nava)
• 8:45-9:15 Talk 4 (Joel Weinberger)
• 9:15-9:30 Break
• 9:30-9:50 Q&A (All speakers)
• 9:50-9:59 Raffle!
• 10:00 Room cleared