Workshop / Tutorial #1
Keeping Your Web Apps Secure: The OWASP Top 10 & Beyond
Tuesday July 19, 2011
10:00 am – 1:00 pm
Instructor: Robert H’obbes’ Zakon
Chief Technology Officer & Director of Creative Technology Solutions
Zakon Group LLC
North Conway, New Hampshire, USA
Abstract: The Open Web Application Security Project (OWASP) Top 10 provides an overview of the most critical web application security risks. This tutorial introduces the OWASP Top 10 along with other risks, and discusses the techniques and practices to protect against them. References to software tools and other secure coding resources will also be provided. This tutorial is a must if you are developing web applications, managing developers, researching web security, or simply are a security enthusiast. Some understanding of web application development may be helpful when discussing risk mitigation techniques.
Presenter Bio: Mr. Robert Zakon is a technology consultant and developer who has been programming web applications since the Web's infancy. In addition to developing web applications for web sites receiving millions of daily hits, he works with organizations in an interim CTO capacity, and advises corporations, non-profits and government agencies on technology, information, and security architecture and infrastructure. Robert is a former Principal Engineer with MITRE's Information Security Center, CTO of an Internet consumer portal and application service provider, and Director of a university research lab. He is a Senior Member of the IEEE, and holds BS & MS degrees from Case Western Reserve University in Computer Engineering & Science. Robert has been is an Internet Society member and has maintained IETF RFC 2235: Hobbes' Internet Timeline since 1993. He has taught through Case Western and the MITRE Institute on assorted computer and Internet related topics, as well as provided infosec-related training at conferences such as ACSAC, ACM CCS, and OWASP AppSec. His interests are diverse and can be explored at http://www.Zakon.org where his vitae is available.
Workshop / Tutorial #2
Ethical Hacking and Network Forensics Investigation Techniques
Tuesday July 19, 2011
3:00 pm – 6:00 pm
Instructor: Dr. Issa Traore
University of Victoria
Department of Electrical and Computer Engineering
Victoria, BC, Canada
Abstract: While in the early days of the Internet, hacking activities were carried mostly by script kiddies and isolated individuals out of curiosity or for fun, the last decade has witnessed a dramatic shift in hackers’ demography and motives. More and more hacking incidents are originating from organized groups with varying motives including financial, political, and military. Hacking activities have been taken to a new dimension due to the unprecedented level of sophistication and scalability reached by current hacking techniques and tools. A single individual can now enslave millions of machines around the world and use these machines to participate in mass attack at any time.
This tutorial will cover two complementary areas of knowledge that should be part of the skills of today’s network security officers in anticipating and responding effectively to hacking threats. These include network forensics analysis and ethical hacking techniques.
Understanding the motives, techniques, and tools used in hacking activities is a necessary step toward strengthening network defence and preventing future attacks from succeeding. This is the main purpose of network and computer forensics analysis, which represent a dedicated investigative infrastructure that extract evidences from various logs (i.e. firewall, IDS, audit trails) to reconstruct and attribute hacking incidents appropriately.
Ethical hacking consists of enacting or simulating hacking scenarios against an existing network in order to identify possible weaknesses and take appropriate measures to address them before a real hacker can exploit these weaknesses.
The tutorial will involve three main themes:
- Network hacking techniques and tools
- Forensics investigation techniques and tools
- Case study
Presenter Bio: Dr. Issa Traore obtained a PhD in Software Engineering in 1998 from Institute Nationale Polytechnique (INPT)-LAAS/CNRS, Toulouse, France. He has been with the faculty of the Department of Electrical and Computer Engineering of the University of Victoria since 1999. He is currently an Associate Professor and the Coordinator of the Information Security and object Technology (ISOT) Lab (http://www.isot.ece.uvic.ca) at the University of Victoria. His research interests include biometrics technologies, computer intrusion detection, network forensics, software security, and software quality engineering. He has published over 90 technical papers in computer security and software engineering and supervised 23 Master and PhD graduate students in the last 10 years. He is currently serving as Associate Editor for the International Journal of Communication Networks and Distributed Systems (IJCNDS). Dr. Traore is also a co-founder and CEO of Plurilock Security Solutions Inc. (http://www.plurilock.com), a network security company which provides innovative authentication technologies, and is one of the pioneers in bringing continuous authentication products to the market.