OWASP Stammtisch #37 Frankfurt,
|
|
|
- Stanley Cole
- 5 years ago
- Views:
Transcription
1 OWASP Stammtisch #37 Frankfurt,
2 Info 2
3 Intro 3
4 Intro My name is... I work as... I m here because... 4
5 Agenda Talk Johannes: What is OWASP? (why am I here?) 2 Next meetup 5
6 6
7 7 What is OWASP? Open Web Application Security Project worldwide free and open community focused on improving the security of application software Promotes secure software development Oriented to the delivery of web oriented services An open forum for discussion A free resource for any development team
8 8 What is OWASP? Non-profit (50c3), volunteer driven organization All members are volunteers (save 4 employees) All work is donated by volunteers and sponsors Provide free resources to the community Publications, Articles, Standards Testing and Training Software Local Chapters & Mailing Lists Supported through sponsorships Corporate support through financial or project sponsorship Personal sponsorships from members
9 OWASP Organization Global Board Global Committees Education Chapters Conferences Industry Projects & Tools Membership Employees Volunteers
10 OWASP membership Membership category Annual membership fee Individual Supporters $50 Organization Supporters $5,000 Accredited University Supporters FREE (in exchange of meeting space at least 2x per year) Lifetime Membership $500 Funds OWASP Speakers via OWASP On the Move Funds Season of Code projects Helps Support Local Chapters
11 OWASP Conferences ( ) Denver Spring 2009 Minnesota Oct 2008 NYC Sep 2008 Brussels May 2008 Poland May 2009 San Jose Sep 2009 Portugal Nov 2008 Israel Sep 2008 India Aug 2008 Taiwan Oct 2008 Gold Coast Feb 2008
12 2
13 Write Secure Code Audit Code, Result Control Risk 3
14 Write Secure Code Audit Code, Result Control Risk Software Assurance Maturity Model (SAMM) Mobile Application Security Verification Standard (MASVS) Cheat Sheet Series 4
15 Write Secure Code Audit Code, Result Control Risk Software Assurance Maturity Model (SAMM) 5
16 Write Secure Code Audit Code, Result Control Risk Software Assurance Maturity Model (SAMM) Mobile Application Security Verification Standard (MASVS) Cheat Sheet Series 6
17 Write Secure Code Audit Code, Result Control Risk Software Assurance Maturity Model (SAMM) Mobile Application Security Verification Standard (MASVS) Cheat Sheet Series 7
18 Write Secure Code Audit Code, Result Control Risk Software Assurance Maturity Model (SAMM) Mobile Application Security Verification Standard (MASVS) Cheat Sheet Series 8
19 Write Secure Code Audit Code, Result Control Risk Software Assurance Maturity Model (SAMM) Mobile Application Security Verification Standard (MASVS) Cheat Sheet Series 9
20 Write Secure Code Audit Code, Result Control Risk Software Assurance Maturity Model (SAMM) Mobile Application Security Verification Standard (MASVS) Cheat Sheet Series 20
21 Write Secure Code Audit Code, Result Control Risk OWASP Testing Guide «OWASP Top0» Web, Mobile, IoT OWASP Zed Attack Proxy 2
22 22
23 23
24 24
25 Write Secure Code Audit Code, Result Control Risk OWASP Testing Guide «OWASP Top0» Web, Mobile, IoT OWASP Zed Attack Proxy 25
26 26
27 27
28 28
29 29
30 30
31 3
32 Am I vulnerable to injection? How do I prevent injection attacks? 32
33 33
34 34
35 Write Secure Code Audit Code, Result Control Risk OWASP Testing Guide «OWASP Top0» Web, Mobile, IoT OWASP Zed Attack Proxy 35
36 2 Write Secure Code Audit Code, Result Control Risk OWASP Testing Guide «OWASP Top0» Web, Mobile, IoT OWASP Zed Attack Proxy 36
37 Write Secure Code Audit Code, Result Control Risk OWASP Risk Rating Methodology Threat Risk Modeling OWASP Application Security Guide For CISOs Project 37
38 Write Secure Code Audit Code, Result Control Risk 38
39 Write Secure Code Audit Code, Result Control Risk 39
40 Write Secure Code Audit Code, Result Control Risk 40
41 4
42 42
43 2 Feedback 43
44 Next meetup ??? 2 44
45 Spread the word 2 Mailinglisten OWASP Deutschland Stammtisch Frankfurt Meetup Stammtisch Frankfurt OWASP Germany
46 2 Outro 46
47 47
48 Quellen Intro_to_OWASP_Rochester_v5.ppt Owasp.org 48
Welcome to OWASP Bay Area Application Security Summit July 23rd, OWASP July 23 rd, The OWASP Foundation
Welcome to OWASP Bay Area Application Security Summit July 23rd, 2009 OWASP July 23 rd, 2009 Mandeep Khera OWASP Bay Area Chapter Leader mkhera@owasp.org mandeep@cenzic.com Phone: 408-200-0712 Copyright
Application Security for the Masses. OWASP Greek Chapter Meeting 16/3/2011. The OWASP Foundation
Application Security for the Masses Konstantinos Papapanagiotou Greek Chapter Leader Syntax IT Inc Greek Chapter Meeting 16/3/2011 Konstantinos@owasp.org Copyright The Foundation Permission is granted
Where we are.. Where we are going!
The OWASP Foundation! http://www.owasp.org! Where we are.. Where we are going!! International Board of Directors! OWASP Foundation" " ~ Quick Update ~" Mission! Make application security visible so that
OWASP Romania Chapter
OWASP EU Tour Bucharest 2013 The OWASP Foundation http://www.owasp.org OWASP Romania Chapter Chirita Ionel Application Security Analyst @ EA Romania Chapter Board Member chirita.ionel@gmail.com Copyright
OWASP Review. Amherst Security Group June 14, 2017 Robert Hurlbut.
OWASP Review Amherst Security Group June 14, 2017 Robert Hurlbut RobertHurlbut.com @RobertHurlbut Robert Hurlbut Software Security Consultant, Architect, and Trainer Owner / President of Robert Hurlbut
OWASP Global AppSec Conference Sponsorship
OWASP Global AppSec Conference Sponsorship Open Web Application Security Project (OWASP) is a global open source application security project composed of corporations, educational organizations, and individuals
OWASP IRELAND CONFERENCE 2012
Introduction OWASP Sponsorship Options, Trinity College, Dublin. September 4 th -6 th 2012 Open Web Application Security Project (OWASP) is an open-source application security project made up of corporations,
V Conference on Application Security and Modern Technologies
V Conference on Application Security and Modern Technologies In collaborazione con Venezia, Università Ca Foscari 6 Ottobre 2017 1 Matteo Meucci OWASP Nuovi standard per la sicurezza applicativa 2
OWASP - SAMM. OWASP 12 March The OWASP Foundation Matt Bartoldus Gotham Digital Science
OWASP - SAMM Matt Bartoldus Gotham Digital Science OWASP 12 March 2009 Copyright The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP
Membership Categories and Benefits
Membership Categories and Benefits As a participant in ISASecure, you are working with thought leaders who are taking action to improve our world. ISASecure promotes and certifies robust and secure technology
OWASP CISO Survey Report 2015 Tactical Insights for Managers
OWASP CISO Survey Report 2015 Tactical Insights for Managers Disclaimer The views and opinions expressed in this presentation are those of the author and not of any organisation. Everything I say is my
Emergency Management BC Update
Emergency Management BC Update Provincial Emergency Program Emergency Management BC Update on Initiatives Union of BC Municipalities 2016 Conference September 29, 2016 Agenda Emergency Management BC Overview
Open Web Application Security Project
The OWASP Foundation http://www.owasp.org Open Web Application Security Project Antonio Fontes antonio.fontes@owasp.org SWISS CYBER STORM Conference May 2011 Rapperswil Copyright The OWASP Foundation Permission
ISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION
ISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION Cathy Bates Senior Consultant, Vantage Technology Consulting Group January 30, 2018 Campus Orientation Initiative and Project Orientation Project
,000+ What is the BCI Corporate Partnership? What are the benefits of becoming a Corporate Partner? Levels of Partnership
www.thebci.org 1 What is the? The enables organizations to work more closely with the BCI to help raise the profile of the discipline, and to promote the highest standards of professional competence in
Why Should I become a Member?
KC PMI Mid-America Chapter Welcome to the Kansas City PMI Mid-America Chapter Information Session Why Should I become a Member? KC PMI Mid-America Chapter Event Agenda 2:00 pm - 2:15 pm Ice Breaker/Networking
OWASP Top 10 The Ten Most Critical Web Application Security Risks
OWASP Top 10 The Ten Most Critical Web Application Security Risks The Open Web Application Security Project (OWASP) is an open community dedicated to enabling organizations to develop, purchase, and maintain
SANS Vendor Events. SANS offers a variety of events which bring you in touch with the highly qualified SANS community.
SANS Vendor Events SANS offers a variety of events which bring you in touch with the highly qualified SANS community. SANS National Events over 1200 profession IT Security attendees and over 45 SANS classes
SystemC Standardization Update Including UVM for SystemC Accellera Systems Initiative SystemC Standards Update. Andy Goodrich, Cadence Design Systems
SystemC Standardization Update Including UVM for SystemC Accellera Systems Initiative SystemC Standards Update Andy Goodrich, Cadence Design Systems Presentation Overview Accellera Overview Membership
Presentation Overview
Presentation Overview Basic Application Security (AppSec) Fundamentals Risks Associated With Vulnerable Applications Understanding the Software Attack Surface Mean Time to Fix (MTTF) Explained Application
OWASP London Chapter Meeting 18th May 2017
OWASP London Chapter Meeting 18th May 2017 London Chapter Chapter Leaders: Sam Stepanyan (@securestep9) Sherif Mansour (@kerberosmansour) Keeping In Touch: Join the OWASP London mailing list Follow @OWASPLondon
Building a Resilient Security Posture for Effective Breach Prevention
SESSION ID: GPS-F03B Building a Resilient Security Posture for Effective Breach Prevention Avinash Prasad Head Managed Security Services, Tata Communications Agenda for discussion 1. Security Posture 2.
Embedding GDPR into the SDLC. Sebastien Deleersnyder Siebe De Roovere
Embedding GDPR into the SDLC Sebastien Deleersnyder Siebe De Roovere Who is Who? Sebastien Deleersnyder 5 years developer experience 15+ years information security experience Application security consultant
Aguascalientes Local Chapter. Kickoff
Aguascalientes Local Chapter Kickoff juan.gama@owasp.org About Us Chapter Leader Juan Gama Application Security Engineer @ Aspect Security 9+ years in Appsec, Testing, Development Maintainer of OWASP Benchmark
Feb 28, :01-02:30 Welcome note & Introduction to OWASP : Somen Das, OWASP BBSR Chapter Lead
Agenda Feb 28, 2014 Time (PM) Web Application Security Education Program 01:15-01:45 Arrival, Registration and Coffee 01:45-02:00 Inaugural Address by Jibitesh Mishra HOD IT Dept. CET Bhubaneswar 02:01-02:30
In collaborazione con
In collaborazione con 1. Software Security Introduction 2. SDLC frameworks: how OWASP can help on software security 3. OWASP Software Security 5 Dimension Framework 4. Apply the models to a real
Mitigating Risk with Ongoing Cybersecurity Risk Assessment. Scott Moser CISO Caesars Entertainment
Mitigating Risk with Ongoing Cybersecurity Risk Assessment Scott Moser CISO Caesars Entertainment CSO50 Presentation Caesars Entertainment Cybersecurity Risk Management Scott Moser Chief Information Security
Sponsorship Opportunities
Sponsorship Opportunities OWASP AppSec Brasil 2010 Courses: November 16-17 Event: November 18-19 Venue: CPQD Foundation Campinas, SP OWASP AppSec Conference Cycles About OWASP The Open Web Application
SDLC Maturity Models
www.pwc.com SDLC Maturity Models SecAppDev 2017 Bart De Win Bart De Win? 20 years of Information Security Experience Ph.D. in Computer Science - Application Security Author of >60 scientific publications
Embedding GDPR into the SDLC
Embedding GDPR into the SDLC Sebastien Deleersnyder Siebe De Roovere Toreon 2 Who is Who? Sebastien Deleersnyder Siebe De Roovere 5 years developer experience 15+ years information security experience
Access Control and Physical Security Management. Contents are subject to change. For the latest updates visit
Access Control and Physical Security Management Page 1 of 6 Why Attend Today s security landscape requires individuals and businesses to take the threat to safety and security seriously. Safe and secure
Introduction to PeeringDB
Introduction to PeeringDB Arnold Nipper arnold@peeringdb.com 2018-02-08 Capacity India & SAARC 2018, New Delhi, India 1 Agenda 1. Organization 2. Strategic Goals and Organizational Objectives 3. How to
European Cyber Security Challenge
European Cyber Security Challenge Greek National Cyber Security Team Systems Security Laboratory (http://ssl.ds.unipi.gr/) Member of the European Cyber Security Challenge Steering Committee Department
IANS Pragmatic Threat Modeling. Michael Pinch, IANS Faculty
IANS Pragmatic Threat Modeling Michael Pinch, IANS Faculty Agenda What Is Threat Modeling? Who Should Be Considering Threat Modeling? Methodologies for Threat Modeling Common Pitfalls Introduction of IANS
Current procedures, challenges and opportunities for collection and analysis of Criminal Justice statistics CERT-GH
Current procedures, challenges and opportunities for collection and analysis of Criminal Justice statistics CERT-GH International Workshop on Criminal Justice Statistics on Cybercrime and Electronic Evidence
Common Ground. The CRM solution for nonprofits. Presented by: Tompkins Spann Convio, Inc. Page 1
Common Ground The CRM solution for nonprofits 2009 Convio, Inc. Page 1 Presented by: Tompkins Spann About Common Ground More than a donor database! A CRM solution with donor and relationship management
Site Certification another step to improve the CC process and to reduce costs
another step to improve the CC process and to reduce costs Hans-Gerd Albertsen, NXP Semiconductors Germany GmbH Jürgen Noller, Infineon Technologies AG 9th ICCC, Sep 23-25, Jeju, Korea 1 Agenda Motivation
Professional Services Overview
Professional Services Overview Internet of Things (IoT) Security Assessment and Advisory Services IOT APPLICATION MOBILE CLOUD NETWORK Company Overview HISTORY HISTORY Founded in 2010 Headquartered in
CyberSecurity. Penetration Testing. Penetration Testing. Contact one of our specialists for more information CYBERSECURITY SERVICE DATASHEET
DATASHEET Gavin, Technical Director Ensures Penetration Testing Quality CyberSecurity Penetration Testing CHESS CYBERSECURITY CREST-ACCREDITED PEN TESTS PROVIDE A COMPREHENSIVE REVIEW OF YOUR ORGANISATION
Microsoft Refurbisher Programs. Program Overview for MAR & RRP
Microsoft Refurbisher Programs Program Overview for MAR & RRP Programs Overview Microsoft Refurbisher Programs offer refurbishers reduced royalty software licenses for genuine Microsoft software, tools
Cybersecurity. Anna Chan, Marketing Director, Akamai Technologies
Grow revenue opportunities with fast, personalized web experiences and manage complexity from peak demand, mobile Business devices and Continuity data collection. & Cybersecurity Anna Chan, Marketing Director,
Dan Lobb CRISC Lisa Gable CISM Katie Friebus
Dan Lobb CRISC Lisa Gable CISM Katie Friebus AGENDA Meet the speakers Compliance between QSA visits - Dan Lobb Transitioning from PCI DSS 3.1-3.2 - Katie Friebus Tips for Managing a PCI Compliance Program
Certified in Risk and Information Systems ControlTM Certification Training - Brochure
Certified in Risk and Information Systems ControlTM Certification Training - Brochure Manage IT risks to control Information Systems effectively Course Name : CRISC Certification Training Version : INVL_CRISC_BR_1.0
OWASP TOP 10 vs OWASP ASVS. Joe Blanchard St. Louis OWASP Chapter
OWASP TOP 10 vs OWASP ASVS Joe Blanchard St. Louis OWASP Chapter The OWASP Top Ten The OWASP Top 10 provides a list of the 10 Most Critical Web Application Security Risks. (since 2004) Project members
APNIC History and Overview
APNIC History and Overview AfriNIC Meeting Cape Town, May 2000 APNIC History and Overview Formation and development Current status Resource status Meetings and coordination Questions APNIC History 1992
Global Institute for Risk Management Standards
Global Institute for Risk Management Standards Survey Courses Conference Linkedin Group ISO TC 262 Certification Contact!: Alex Dali, Msc, ARM Email!: Alex.Dali@G31000.org Phone: +33 660 4542 80 Disclaimer:
Engaging Executives and Boards in Cybersecurity Session 303, Feb 20, 2017 Sanjeev Sah, CISO, Texas Children s Hospital Jimmy Joseph, Senior Manager,
Engaging Executives and Boards in Cybersecurity Session 303, Feb 20, 2017 Sanjeev Sah, CISO, Texas Children s Hospital Jimmy Joseph, Senior Manager, Deloitte & Touche LLP 1 Speaker Introduction Sanjeev
Applying Open Source Methodology to IT Examinations. Dru Lavigne, Chair, BSD Certification Group
Applying Open Source Methodology to IT Examinations Dru Lavigne, Chair, BSD Certification Group Outline - Who we are - Why should we bother? - How IT certifications work - Why change the status quo? -
Program Overview. Oregon Government Finance Officers Association Professional Finance Officer Certification Program
Program Overview Oregon Government Finance Officers Association Professional Finance Officer Certification Program OGFOA Administrative Services 6745 SW Hampton, Suite 101 Portland, OR 97223 Phone: 503-601-2777
ERS IT Portfolio Report
Administration and Operations Committee ERS IT Portfolio Report January 21 st, 2014 1 Agenda Information Technology Projects Summary 2013 End of Year Metrics Project Management Office CMERS Website Applications
National State Auditors Association Vulnerability Management: An Audit Primer September 20, 2018
Office of the Legislative Auditor State of Minnesota National State Auditors Association Vulnerability Management: An Audit Primer September 20, 2018 Christopher Buse Deputy Legislative Auditor Boot Camp
Getting Ready. I have copies on flash drives Uncompress the VM. Mandiant Corporation. All rights reserved.
Getting Ready In order to get the most from this session, please download / install: OWASP ZAP, which requires a Java runtime A virtualization package, such as the free VirtualBox, free VMware Player,
Technical Vulnerability and Patch Management Policy Document Number: OIL-IS-POL-TVPM
Technical Vulnerability and Patch Management Policy Document Number: OIL-IS-POL-TVPM Document Details Title Description Version 1.1 Author Classification Technical Vulnerability and Patch Management Policy
Substance, Product, Organisation and Referential (SPOR) communication update
Substance, Product, Organisation and Referential (SPOR) communication update December 2016 Presented by: Agnieszka Laka SPOR Change Team An agency of the European Union Agenda Update on key communication
DUBAI ENERGY EFFICIENCY TRAINING PROGRAM
DUBAI ENERGY EFFICIENCY TRAINING PROGRAM The Dubai Energy Efficiency Training Program is an initiative by Dubai Supreme of Energy and led by TAQATI In partnership with: TRAINING Fundamentals of Energy
software.sci.utah.edu (Select Visitors)
software.sci.utah.edu (Select Visitors) Web Log Analysis Yearly Report 2002 Report Range: 02/01/2002 00:00:0-12/31/2002 23:59:59 www.webtrends.com Table of Contents Top Visitors...3 Top Visitors Over Time...5
21st May, 2016 Wuhan China
OWASP AppSec ASIA 2016 21st May, 2016 Wuhan China About OWASP Open Web Application Security Project (OWASP) is an open-source project made up of corporations, public section organizations and individuals
Reasons to Become CISSP Certified. Keith A. Watson, CISSP CERIAS
Reasons to Become CISSP Certified Keith A. Watson, CISSP CERIAS Overview Certification review Organizational needs Individual needs Get paid more! See the world! CISSP requirements Common Body of Knowledge
German OWASP Day 2016 CarIT Security: Facing Information Security Threats. Tobias Millauer
German OWASP Day 2016 CarIT Security: Facing Information Security Threats Tobias Millauer Daimler Business Units German OWASP Day 2016 CarIT Security: Facing Information Security Threats Tobias Millauer
Information Security In Pakistan. & Software Security As A Quality Aspect. Nahil Mahmood, Chairman, Pakistan Cyber Security Association (PCSA)
Information Security In Pakistan & Software Security As A Quality Aspect Nahil Mahmood, Chairman, Pakistan Cyber Security Association (PCSA) Software Quality [Includes Security] LETS OWN SECURITY! Agenda
½Elements of a Profession ½Professionalism ½Introducing CIPS ½Becoming and I.S.P.
Agenda ½Elements of a Profession ½Professionalism ½Introducing CIPS ½Becoming and I.S.P. 1 Elements of a Profession Building a Profession How do we ensure our IT industry practitioners have the correct
COSS and COSM Recertification Guide
COSS and COSM Recertification Guide Introduction This recertification guide covers the requirements and processes for maintaining the Certified Occupational Safety Specialist (COSS) and Certificate for
BENEFITS of MEMBERSHIP FOR YOUR INSTITUTION
PROFILE The Fiduciary and Investment Risk Management Association, Inc. (FIRMA ) is the leading provider of fiduciary and investment risk management education and networking to the fiduciary and investment
Action Plan Developed by The Iranian Institute of Certified Accountants (IICA) BACKGROUND NOTE ON ACTION PLANS
BACKGROUND NOTE ON ACTION PLANS Action Plans are developed by IFAC members and associates to address policy matters identified through their responses to the IFAC Compliance Self-Assessment Questionnaire.
CSIRT in general CSIRT Service Categories Reactive Services Proactive services Security Quality Management Services CSIRT. Brmlab, hackerspace Prague
Brmlab, hackerspace Prague Lightning talks, November 2016 in general in general WTF is an? in general WTF is an? Computer Security in general WTF is an? Computer Security Incident Response in general WTF
Case Deflection at Sophos: a Case Study
Case Deflection at Sophos: a Case Study Sophos Global Support Services Webinar Hosted By www.servicestrategies.com info@servicestrategies.com 858.674.4864 Corporate Office Presenter Dave Jobling Global
Developing a culture of security awareness: Based on your culture
SANS STH Security Awareness Summit 2016 Developing a culture of security awareness: Based on your culture Akshay Shetty Information Security Program Manager 2016 Autodesk Autodesk and Me Leader in 3D design,
Comprehensive DDoS Attack Protection: Cloud-based, Enterprise Grade Mitigation F5 Silverline
Comprehensive DDoS Attack Protection: Cloud-based, Enterprise Grade Mitigation F5 Silverline PRESENTED BY: RICH BIBLE, EMEA SILVERLINE SA November 22, 2018 1 2018 F5 NETWORKS DDoS and Application Attack
DIGITAL ACCOUNTANCY FORUM CYBER SESSION. Sheila Pancholi Partner, Technology Risk Assurance
DIGITAL ACCOUNTANCY FORUM CYBER SESSION Sheila Pancholi Partner, Technology Risk Assurance Section 1: The background World s biggest data breaches 10 years ago 2007 2006 accidentally published hacked inside
Strategic Plan Report
Strategic Plan Report 2015 2016-2017 The Central Alberta Crime Prevention Centre () Change will not come if we wait for some other person or some other time. We are the ones we ve been waiting for. We
2CENTRE A collaborative model for capacity building against cybercrime. Cormac Callanan 2CENTRE Industry Liaison
2CENTRE A collaborative model for capacity building against cybercrime Cormac Callanan 2CENTRE Industry Liaison cormac.callanan@2centre.eu What is 2CENTRE? An embryonic network of National Cybercrime Centres
Media Pack 2017 OVER REACHING 14,000 SOFTWARE TESTING AND QA PROFESSIONALS
Media Pack 2017 TEST Magazine was specifically created as a voice for the modern-day software testing and quality assurance professional. Launched in 2008 and published in print and online, the publication
Name Title Employer Address to which all correspondence should be sent: Telephone: Fax: Credit card number
2018 South Carolina Certified Economic Developer Recertification Form South Carolina Economic Developers Association Please completely read application instructions before filling out application. Section
COURSE BROCHURE CISA TRAINING
COURSE BROCHURE CISA TRAINING What is CISA? The CISA, Certified Information Systems Auditor, is a professional designation which provides great benefits and increased influence for an individual within
Structure of Membership Grades and Accreditation Criteria:
Structure of Membership Grades Accreditation Criteria: Below is an explanation of the different levels of membership available to applicants 1. Ordinary Member Open to all studying, or working in functional
Expanding Cyber Security Management for Critical Infrastructure
Expanding Cyber Security Management for Critical Infrastructure ISSE Wednesday 15 th November 17, Brussels Dr Andrew Hutchison, Telekom Security andrew.hutchison@t-systems.com OVERVIEW Attack Surface expands
appsecapac.org/2014 (Japanese version)
appsecapac.org/2014 (Japanese version) appsecapac.org (English version) The OWASP Foundation The Open Web Application Security Project is an international open community that aims to solve a wide array
Information Security Keeping Up With DevOps
Connecting People. Delivering Security. Information Security Keeping Up With DevOps Stas Filshtinkskiy - Applied Mathematics degree - 20 years in Information Security - 10 years of that in software development
Bringing Cybersecurity to the Boardroom Bret Arsenault
SESSION ID: CXO-T11 Bringing Cybersecurity to the Boardroom Bret Arsenault Corporate Vice President & CISO Microsoft Security has Transcended from to a an 3 How Microsoft Approaches Security Reinventproductivity
Establishing a Credible Cybersecurity Program. September 2016
Establishing a Credible Cybersecurity Program September 2016 Ali Pabrai, MSEE, CISSP (ISSAP, ISSMP) Member FBI InfraGard AFTERNOON PLENARY SESSION AGENDA Cyber Risk = Disruptive Business Risk Breaches:
Audit Report. Mineral Products Qualifications Council (MPQC) 31 March 2014
Audit Report Mineral Products Qualifications Council (MPQC) 31 March 2014 Note Restricted or commercially sensitive information gathered during SQA Accreditation s quality assurance activities is treated
Too Little Too Late: Top Reasons Why You Got Hacked
TUESDAY MAY 23,2017 2:00-3:15 PM Too Little Too Late: Top Reasons Why You Got Hacked MODERATOR SPEAKERS John Gross Director of Financial Management, City of Long Beach, CA Chad Alvarado Supervisory Special
Volume 2014, Number 4. Volunteers Needed!
Volume 2014, Number 4 Volunteers Needed! Volunteering for NJ ISACA is a great opportunity to expand your professional contacts and your IT knowledge base. NJ ISACA needs talented professionals like you
Architecture-Driven Penetration Testing against an Identity Access Management (IAM) System
Architecture-Driven Penetration Testing against an Identity Access Management (IAM) System CAE Tech Talk Thursday, September 201, 2018 Dr. Sam Chung, Professor/Director Information Security Program Center
INFORMATION SESSION. MS Software Engineering, specialization in Cybersecurity
INFORMATION SESSION MS Software Engineering, specialization in Cybersecurity Presenter Afifa Hamad Program Specialist Graduate & Extended Studies Charles W. Davidson College of Engineering San Jose State
OWASP ASVS for NFTaaS in Financial Services OLEKSANDR KAZYMYROV, TECHNICAL TEST ANALYST
OWASP ASVS for NFTaaS in Financial Services OLEKSANDR KAZYMYROV, TECHNICAL TEST ANALYST Agenda Chapter I - Brief Introduction Chapter II - Why OWASP ASVS? Chapter III - OWAS ASVS in Practice Chapter IV
ISACA Central Ohio Chapter Academic Scholarship 2018
ISACA Central Ohio Chapter Academic Scholarship 2018 What is ISACA? ISACA is a worldwide association of IS governance professionals ISACA advances global business leaders in technology, information and
Sneak Peak at CIS Critical Security Controls V 7 Release Date: March Presented by Kelli Tarala Principal Consultant Enclave Security
Sneak Peak at CIS Critical Security Controls V 7 Release Date: March 2018 2017 Presented by Kelli Tarala Principal Consultant Enclave Security 2 Standards and Frameworks 3 Information Assurance Frameworks
SECURE CODING PART 1 MAGDA LILIA CHELLY ENTREPRENEUR CISO ADVISOR CYBERFEMINIST PEERLYST BRAND AMBASSADOR TOP 50 CYBER CYBER
SECURE CODING PART 1 MAGDA LILIA CHELLY ENTREPRENEUR CISO ADVISOR CYBERFEMINIST PEERLYST BRAND AMBASSADOR TOP 50 CYBER INFLUENCER @RESPONSIBLE CYBER 1 AGENDA 1. Introduction: What is security? How much
ISO Professional Services Guide to Implementation and Certification AND
ISO 27001 Professional Services Guide to Implementation and Certification AND 1 DEKRA Company Overview Founded in Stuttgart, Germany in 1925 In more than 50 countries around the world GLOBAL PARTNER FOR
General Instructions
Project Management Professional (PMP) General Instructions Introduction: Being a project manager in the organization is an ideal post that employees dream of. Don t let your dreams vanish in the air; stop
Cisco Optimization Services
Service Overview Cisco Optimization Services Cisco Optimization Services help very large enterprises to improve performance, availability, security, and quality of service; integrate advanced technologies;
Information Security Forum Hvad er nyt fra ISF?
Information Security Forum Hvad er nyt fra ISF? v. Christian Kjær, ISF Chapter Agent Danmark Sikkerhed & Revision 7. September 2018 1 Agenda Kort introduktion til Information Security Forum Hvad interesserer
Putting Customers at the Heart of our Business
Putting Customers at the Heart of our Business Expertise at Work Our commitment to service excellence - ITIL PSU follows the globally recognised ITIL (Information Technology Infrastructure Library) best
Keeping Your Digital Business Running
Keeping Your Digital Business Running Brian Proffitt CTO May 2017 In the future I invented time travel Agenda Keeping Your Digital Business Running 1. Safety What we ve been doing Making your business
Corporate Membership
Corporate Membership Introduction Welcome to the Cloud Security Alliance. The CSA is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within
A Working Paper of the EastWest Institute Breakthrough Group. Increasing the Global Availability and Use of Secure ICT Products and Services
A Working Paper of the EastWest Institute Breakthrough Group Increasing the Global Availability and Use of Secure ICT Products and Services August 5, 2015 The EastWest Institute (EWI) is leading a Global
STAFF REPORT. January 26, Audit Committee. Information Security Framework. Purpose:
STAFF REPORT January 26, 2001 To: From: Subject: Audit Committee City Auditor Information Security Framework Purpose: To review the adequacy of the Information Security Framework governing the security
Introduction to CMA Program. Saqib Khalil, CFA, ACCA 3 rd July 2018
Introduction to CMA Program Saqib Khalil, CFA, ACCA 3 rd July 2018 AGENDA What is CMA, Why CMA, Who is it for? How does the exam work? About Kaplan Genesis How can we help you? Why Kaplan Genesis? CMA
SANS Vendor Offerings Detail
SANS Vendor Offerings Detail» About SANS» Conference Events» Media Products SANS Vendor Programs Conference Events Booths and Tabletops events Speaking Opportunities Sponsorship Programs Media Products