15min Speed Talks – Tuesday March 27, 2007

Technical Level: All Levels (Mostly technical)

Topic: Introductions
Presentation: Click here for PPT

Speaker: Fred Hopper
Topic: PCI DSS 101

An introduction to the Payment Card Industry (PCI) Security Standards Council’s Data Security Standard – what it is, where it came from and why your shop may find it useful, even if you do not process credit card data.
Presentation: Click here for PPT


Speaker: Derek Browne
Topic: Fundamentals of Identity Management

‘Scenario-based’ role engineering, discussion about provisioning accounts, overview of the technology and required processes.
Presentation: Email Derek for a copy. Email: derek at derekbrowne.ca


Speaker: Chuck Ben-Tzur
Topic: Application Threat Modeling using STRIDE and DREAD –

Threat risk modeling is an essential process for secure application development. This process allows organizations to determine risk levels and the most effective controls and countermeasures. This presentation will introduce the STRIDE and DREAD approaches used in Application Threat Modeling, and also discuss how it can be applied to other security fields.
Presentation: Click here for PPT


Speaker: Chris Chromiak
Topic: Google Hacking 

Google hacking is the term used when a hacker tries to find exploitable targets and sensitive data by using search engines. The Google Hacking Database (GHDB) is a database of queries that identify sensitive data. This presentation will talk about some of the queries that can be performed to find sensitive information through Google.
Presentation: Click here for PPT


Speaker: Sander Smith
Topic: Securing Home Based Web Servers

This talk will look at the emerging issue of securing the web servers that are being embedded into consumer-oriented devices such as network webcams and home automation systems. We’ll look at several different methods that are currently in use by manufacturers to secure these devices, as well as AutoSSL, a new technology that allows trusted SSL certificates to be installed automatically.
Presentation: Click here for PPT


Speaker: Paul Wouters
Topic: From 99 to 0 in one day

A drop-in anti-spam solution – Anti-spam software is a flourishing business. Prices are highly variable depending on solution. Paul will show the solution he has deployed at Xelerance in Canada, and his former Dutch ISP in The Netherlands, and show that cleverness is much more important then bulk hardware or overly complex software – and that anyone can do it with a couple of PC’s in a couple of days.
Presentation: Click here for PPT


Speaker: Dr. Tatiana Outkina
Topic: Secure Software Development

A review of key elements of secure software development, which will include brief overview of SecSDLC, threat modeling and secure software design principles.
Presentation: Click here for PPT


Speaker: Ross Barrett
Topic: Cisco IOS Versioning

Talk will focus on interpreting and understanding Cisco security advisories from the point of view of the administrator asking “Are my systems vulnerable?” and “My system is vulnerable, what version should I migrate to in order to resolve the issue?”. Talk will go as deep as possible (in under 15 minutes) into explaining the structure and reasoning behind Cisco IOS versions, and how a security or IT administrator can interpret information in a Cisco security advisory.
Presentation: Click here for PPT


Speaker: Eldon Sprickerhoff
Topic: Wireless Honeypots

Eldon will discuss his adventures with wireless honeypots over the last year. Watch as otherwise savvy users freely relinquish their email, user credentials and passwords, and offer themselves up to attack!
Presentation: Click here for PPT

Source: task

Posted in Events.