LDC 2014 - my talks this year
- 1 Messages
- Collapse All
- Expand All
- Subscribe
Jun 25
Bil Corry LDC 2014 - my talks this year
Jun 25, 2014; 23:04
Bil Corry
LDC 2014 - my talks this year
The early bird discount for LDC 2014 expires in five days:
http://www.lassosoft.com/LDC-newmarket-2014
It's always difficult to judge the value of a conference without having the
finalized conference schedule. So in case it helps, I'm planning to talk
on the following:
-- During the conference --
1) "Anti-Automation, Step-Up Authentication, and Velocity Controls" - You
hate CAPTCHAs, your customers hate CAPTCHAs, but you hate automated attacks
even more. I'll discuss the concept of "step-up authentication" that seeks
to reward trusted users with less friction, and malicious users with more
friction.
2) "Why Are You Hitting Yourself? Clickjacking attacks and defenses" -
Clickjacking forces the victims into attacking themselves, but you can
protect your users with a security header (and for older browsers, a
JavaScript framebuster). I'll go over the attack, the protection
mechanisms, and your options when you have to allow framing on your site.
3) "OWASP Top Ten" - while there are a variety of threats to your web
application, I'll cover the top-ten threats as determined by OWASP.
-- The Morning of October 1 (prior to the official conference start) --
For those arriving early, I'm having an informal "workshop" on the
following:
3) Security testing with Burp Proxy - Ever wonder what it would be like to
be a pentester? Or do you want to improve the security posture of your
application? I'll cover using the Burp proxy (a free, Java-based
cross-platform proxy) to manually test a webapp for common vulnerabilities
(XSS, SQLi, CSRF). This will be hands-on, so please bring your laptop.
-- Some final thoughts --
I'm looking forward to seeing everyone again this year. If you haven't
registered yet, I suggest doing so now while the costs are lower and there
are still rooms available at the hotel.
On a personal note, I'm going on the Saturday excursion, but we'll need
enough people to make it happen, so consider staying Saturday and hanging
out with the cool kids.
- Bil
#############################################################
Attend the Lasso Developer Conference 2014!
October 1-3, 2014 at Treefrog HQ, Newmarket, Ontario, Canada
http://www.lassosoft.com/LDC-newmarket-2014
#############################################################
This message is sent to you because you are subscribed to
the mailing list Lasso Lasso@lists.lassosoft.com
Official list archives available at http://www.lassotalk.com
To unsubscribe, E-mail to: <Lasso-unsubscribe@lists.lassosoft.com>
Send administrative queries to <Lasso-request@lists.lassosoft.com>
http://www.lassosoft.com/LDC-newmarket-2014
It's always difficult to judge the value of a conference without having the
finalized conference schedule. So in case it helps, I'm planning to talk
on the following:
-- During the conference --
1) "Anti-Automation, Step-Up Authentication, and Velocity Controls" - You
hate CAPTCHAs, your customers hate CAPTCHAs, but you hate automated attacks
even more. I'll discuss the concept of "step-up authentication" that seeks
to reward trusted users with less friction, and malicious users with more
friction.
2) "Why Are You Hitting Yourself? Clickjacking attacks and defenses" -
Clickjacking forces the victims into attacking themselves, but you can
protect your users with a security header (and for older browsers, a
JavaScript framebuster). I'll go over the attack, the protection
mechanisms, and your options when you have to allow framing on your site.
3) "OWASP Top Ten" - while there are a variety of threats to your web
application, I'll cover the top-ten threats as determined by OWASP.
-- The Morning of October 1 (prior to the official conference start) --
For those arriving early, I'm having an informal "workshop" on the
following:
3) Security testing with Burp Proxy - Ever wonder what it would be like to
be a pentester? Or do you want to improve the security posture of your
application? I'll cover using the Burp proxy (a free, Java-based
cross-platform proxy) to manually test a webapp for common vulnerabilities
(XSS, SQLi, CSRF). This will be hands-on, so please bring your laptop.
-- Some final thoughts --
I'm looking forward to seeing everyone again this year. If you haven't
registered yet, I suggest doing so now while the costs are lower and there
are still rooms available at the hotel.
On a personal note, I'm going on the Saturday excursion, but we'll need
enough people to make it happen, so consider staying Saturday and hanging
out with the cool kids.
- Bil
#############################################################
Attend the Lasso Developer Conference 2014!
October 1-3, 2014 at Treefrog HQ, Newmarket, Ontario, Canada
http://www.lassosoft.com/LDC-newmarket-2014
#############################################################
This message is sent to you because you are subscribed to
the mailing list Lasso Lasso@lists.lassosoft.com
Official list archives available at http://www.lassotalk.com
To unsubscribe, E-mail to: <Lasso-unsubscribe@lists.lassosoft.com>
Send administrative queries to <Lasso-request@lists.lassosoft.com>
Jun 27
Peter D Bethke Re: LDC 2014 - my talks this year
Jun 27, 2014; 10:17
Peter D Bethke
Re: LDC 2014 - my talks this year
Jun 27
Bil Corry Re: LDC 2014 - my talks this year
Jun 27, 2014; 23:58
Bil Corry
Re: LDC 2014 - my talks this year
Search
Thread Keywords
No keywords defined. Log in to define appropriate keywords
Lasso Programming
This site manages and broadcasts several email lists pertaining to Lasso Programming and technologies related and used by Lasso developers. Sign up today!