|
PST2011 July 19-21, 2011 Workshops and Tutorials Workshop / Tutorial #1 Instructor: Robert H’obbes’ Zakon Abstract: The Open Web Application Security Project (OWASP) Top 10 provides an overview of the most critical web application security risks. This tutorial introduces the OWASP Top 10 along with other risks, and discusses the techniques and practices to protect against them. References to software tools and other secure coding resources will also be provided. This tutorial is a must if you are developing web applications, managing developers, researching web security, or simply are a security enthusiast. Some understanding of web application development may be helpful when discussing risk mitigation techniques. Presenter Bio: Mr. Robert Zakon is a technology consultant and developer who has been programming web applications since the Web's infancy. In addition to developing web applications for web sites receiving millions of daily hits, he works with organizations in an interim CTO capacity, and advises corporations, non-profits and government agencies on technology, information, and security architecture and infrastructure. Robert is a former Principal Engineer with MITRE's Information Security Center, CTO of an Internet consumer portal and application service provider, and Director of a university research lab. He is a Senior Member of the IEEE, and holds BS & MS degrees from Case Western Reserve University in Computer Engineering & Science. Robert has been is an Internet Society member and has maintained IETF RFC 2235: Hobbes' Internet Timeline since 1993. He has taught through Case Western and the MITRE Institute on assorted computer and Internet related topics, as well as provided infosec-related training at conferences such as ACSAC, ACM CCS, and OWASP AppSec. His interests are diverse and can be explored at http://www.Zakon.org where his vitae is available.
Workshop / Tutorial #2 Abstract: While in the early days of the Internet, hacking activities were carried mostly by script kiddies and isolated individuals out of curiosity or for fun, the last decade has witnessed a dramatic shift in hackers’ demography and motives. More and more hacking incidents are originating from organized groups with varying motives including financial, political, and military. Hacking activities have been taken to a new dimension due to the unprecedented level of sophistication and scalability reached by current hacking techniques and tools. A single individual can now enslave millions of machines around the world and use these machines to participate in mass attack at any time.
Presenter Bio: Dr. Issa Traore obtained a PhD in Software Engineering in 1998 from Institute Nationale Polytechnique (INPT)-LAAS/CNRS, Toulouse, France. He has been with the faculty of the Department of Electrical and Computer Engineering of the University of Victoria since 1999. He is currently an Associate Professor and the Coordinator of the Information Security and object Technology (ISOT) Lab (http://www.isot.ece.uvic.ca) at the University of Victoria. His research interests include biometrics technologies, computer intrusion detection, network forensics, software security, and software quality engineering. He has published over 90 technical papers in computer security and software engineering and supervised 23 Master and PhD graduate students in the last 10 years. He is currently serving as Associate Editor for the International Journal of Communication Networks and Distributed Systems (IJCNDS). Dr. Traore is also a co-founder and CEO of Plurilock Security Solutions Inc. (http://www.plurilock.com), a network security company which provides innovative authentication technologies, and is one of the pioneers in bringing continuous authentication products to the market.
|