15min Speed Talks - Tuesday March 27, 2007

Technical Level: All Levels (Mostly technical)Topic: Introductions Presentation: Click here for PPTSpeaker: Fred HopperTopic: PCI DSS 101An introduction to the Payment Card Industry (PCI) Security Standards Council's Data Security Standard - what it is, where it came from and why your shop may find it useful, even if you do not process credit card data.Presentation: Click here for PPT

---

Speaker: Derek Browne Topic: Fundamentals of Identity Management'Scenario-based’ role engineering, discussion about provisioning accounts, overview of the technology and required processes.Presentation: Email Derek for a copy. Email: derek at derekbrowne.ca

---

Speaker: Chuck Ben-Tzur Topic: Application Threat Modeling using STRIDE and DREAD -Threat risk modeling is an essential process for secure application development. This process allows organizations to determine risk levels and the most effective controls and countermeasures. This presentation will introduce the STRIDE and DREAD approaches used in Application Threat Modeling, and also discuss how it can be applied to other security fields.Presentation: Click here for PPT

---

Speaker: Chris Chromiak Topic: Google Hacking Google hacking is the term used when a hacker tries to find exploitable targets and sensitive data by using search engines. The Google Hacking Database (GHDB) is a database of queries that identify sensitive data. This presentation will talk about some of the queries that can be performed to find sensitive information through Google.Presentation: Click here for PPT

---

Speaker: Sander Smith Topic: Securing Home Based Web ServersThis talk will look at the emerging issue of securing the web servers that are being embedded into consumer-oriented devices such as network webcams and home automation systems. We’ll look at several different methods that are currently in use by manufacturers to secure these devices, as well as AutoSSL, a new technology that allows trusted SSL certificates to be installed automatically.Presentation: Click here for PPT

---

Speaker: Paul Wouters Topic: From 99 to 0 in one dayA drop-in anti-spam solution - Anti-spam software is a flourishing business. Prices are highly variable depending on solution. Paul will show the solution he has deployed at Xelerance in Canada, and his former Dutch ISP in The Netherlands, and show that cleverness is much more important then bulk hardware or overly complex software - and that anyone can do it with a couple of PC's in a couple of days.Presentation: Click here for PPT

---

Speaker: Dr. Tatiana Outkina Topic: Secure Software DevelopmentA review of key elements of secure software development, which will include brief overview of SecSDLC, threat modeling and secure software design principles.Presentation: Click here for PPT

---

Speaker: Ross Barrett Topic: Cisco IOS Versioning Talk will focus on interpreting and understanding Cisco security advisories from the point of view of the administrator asking "Are my systems vulnerable?" and "My system is vulnerable, what version should I migrate to in order to resolve the issue?". Talk will go as deep as possible (in under 15 minutes) into explaining the structure and reasoning behind Cisco IOS versions, and how a security or IT administrator can interpret information in a Cisco security advisory.Presentation: Click here for PPT

---

Speaker: Eldon Sprickerhoff Topic: Wireless HoneypotsEldon will discuss his adventures with wireless honeypots over the last year. Watch as otherwise savvy users freely relinquish their email, user credentials and passwords, and offer themselves up to attack!Presentation: Click here for PPTSource: task