Events  Deals  Jobs  SF Climate Week 2024 
 
  Sign in  
 
 
Discovering critical vulnerabilities & protecting against hackers.
Mon, Dec 07, 2015 @ 06:00 PM   FREE   Goldman Sachs, 200 W St
 
 
 
 
 
              

      
 
Sign up for our awesome New York
Tech Events weekly email newsletter.		    
LOCATION
EVENT DETAILS

CLICK LEARN MORE FOR AGENDA

The Open Web Application Security Project (OWASP) is a501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of software. Our mission is to make software securityvisible, so thatindividuals and organizations worldwide can make informed decisions about true software security risks.OWASP does not endorse or recommend commercial products or services, allowing our community to remain vendor neutral with the collective wisdom of the best minds in software security worldwide.

To access thousands of hours of video content, hundreds of projects visitwww.owasp.org today.

===AGENDA===

6:00pm - 6:15pm - Check-In, 50/50 Social Networking

6:15pm - 6:45pm - Session 1

I've already been breached - why should I care?,Gus Anagnos

The question, Why do we even try to protect ourselves against hackers? has certainly crossed Gus Anagnos mind more than once. As a security leader and survivor of the 2014 eBay data breach, Gus emerged from the chaos a more adamant supporter of proactive security measures, which is interesting considering his post-breach time was dominated by defining reactive, cleanup strategy.

The desire to shift funds away from proactive security initiatives toward building better reactive capabilities has captured growing mindshare of security buyers in recent years. This reality has crystallized for companies that have experienced a breach and understand the flurry of reactive options that can easily consume budget - intrusion detection, incident response, and insurance.

In the aftermath of any breach, security leaders become hyper-focused on reacting to what has already happened - replaying all prior decisions in pursuit of the one that may have opened the door to the attackers. Even the best leaders, in the heat of battle, realize that its nearly impossible for internal security teams to maintain a real-time, holistic understanding of their digital attack surface without access to an ongoing adversarial perspective. This is why its so critical to invest in proactive security solutions that can provide visibility into what your organization looks like to an attacker on a continuous basis.



7:00pm - 7:15pm - Session 2


New York Chapter Global and Local Updates

7:30pm - 8:00pm - Session 3

How the crowd is discovering critical vulns missed by traditional methods,Leif Dreizler

State of the art security programs are turning to bug bounties to leverage a vast array of skill-sets and knowledge. Learn why these programs work, when to deploy them, and how you can bring these new application security testing capabilities into your own organization. The speaker will discuss real world examples from bug bounties and focus on cases where business logic flaws and high priority vulnerabilities were found ... even with existing security testing processes in place.

Attendees will learn:

Testing methods deployed by our crowd that help them find bugs the scanners miss

Examples of the high quality of bugs our crowd is finding, including P1's
Trends which vulnerability types are found most often and why
What is the ROI on the pay for performance model
Where does the SDLC merge into crowdsourced testing


==============================================

Special thanks to our venue host Goldman Sachs and all of ourlocal chapter supporters. If you enjoythis community projects, events and activities CLICK HERE to join our membership today.
 
 
 
 
© 2024 GarysGuide      About    Feedback    Press    Terms