Talkin' Security - July 2019

Join us on Monday, July 22nd for the seventh Talkin' Security event of the year

Cisco needs your first name and last name for printing badges in advance. Please use the form below to enter your name so your badge will be ready when you arrived to event:
https://forms.gle/nqWgvdbTatgTPrAEA

AGENDA

6:00 - 6:15pm: Networking

6:15 - 6:30pm: Introduction

6:30 - 7:15pm: Chetan Conikee - A Graph-Based Approach to Hunting Zero Day Vulnerabilities in DevOps Pipelines

Speaker Bio: Chetan is a serial entrepreneur with over 20+ years of experience in authoring and architecting mission critical software. His expertise includes building web-scale distributed infrastructure, personalization algorithms, complex event processing, fraud detection, and prevention in investment/retail banking domains. He was most recently Chief Data Officer and GM Operations at CloudPhysics. Prior to CloudPhysics he was part of early founding teams at CashEdge (acquired FiServ), Business Signatures (acquired Entrust) and EndForce (acquired Sophos).

Chetan earned his M.S. in Computer Engineering from Iowa State University and B.S in Computer Science and Engineering from Bangalore University.

Summary of the Talk: Traditionally, zero-day vulnerabilities are discovered using patterns in code analysis during development or by conducting penetration testing in runtime environments. However, both approaches require heavy manual efforts and are far too slow to be a part of DevOps pipelines. Traditional code analysis methods are inaccurate, and pentesting is constrained by time and testers’ varying skill levels. Hence, most (if not all) releases are pushed to production without comprehensive security checks.

A graph-based approach can help deliver the holy grail of modern AppSec: Accurate and comprehensive security testing that is automated in the DevOps pipeline.

Attendees will learn:

• how to accurately and comprehensively find vulnerabilities at the speed of DevOps.
• Extracting an application’s Security DNA with The Code Property Graph
• Querying the Code Property Graph to identify attack surface of application
• How to hunt zero-day vulnerabilities
• Automating your policy checks

7:15 - 7:30 pm: Networking

7:30 - 8:15pm: Ram Subramanian – A Quick Introduction to IDS/IPS using Snort

Speaker Bio: Ram is a Software Engineer in Enterprise Routing BU at Cisco Systems Inc. He earned his Ph.D. in Electrical Engineering from Northeastern University and M.Tech (Research) in Computer Science and Automation from the Indian Institute of Science.

Summary of the Talk: The talk will first cover some background on what an IDS/IPS is, and then introduce Snort with its history, usage. Next, Snort’s operation using rules, its syntax will be discussed. Finally, the importance of picking good rules and being up to date will be emphasized. Time permitting, we will demo the Snort operation in action.

• What to bring
Brilliant ideas, positive energy and good jokes