Jun 25, 2014; 23:04
Bil Corry
LDC 2014 - my talks this year
The early bird discount for LDC 2014 expires in five days:
http://www.lassosoft.com/LDC-newmarket-2014
It's always difficult to judge the value of a conference without having the
finalized conference schedule. So in case it helps, I'm planning to talk
on the following:
-- During the conference --
1) "Anti-Automation, Step-Up Authentication, and Velocity Controls" - You
hate CAPTCHAs, your customers hate CAPTCHAs, but you hate automated attacks
even more. I'll discuss the concept of "step-up authentication" that seeks
to reward trusted users with less friction, and malicious users with more
friction.
2) "Why Are You Hitting Yourself? Clickjacking attacks and defenses" -
Clickjacking forces the victims into attacking themselves, but you can
protect your users with a security header (and for older browsers, a
JavaScript framebuster). I'll go over the attack, the protection
mechanisms, and your options when you have to allow framing on your site.
3) "OWASP Top Ten" - while there are a variety of threats to your web
application, I'll cover the top-ten threats as determined by OWASP.
-- The Morning of October 1 (prior to the official conference start) --
For those arriving early, I'm having an informal "workshop" on the
following:
3) Security testing with Burp Proxy - Ever wonder what it would be like to
be a pentester? Or do you want to improve the security posture of your
application? I'll cover using the Burp proxy (a free, Java-based
cross-platform proxy) to manually test a webapp for common vulnerabilities
(XSS, SQLi, CSRF). This will be hands-on, so please bring your laptop.
-- Some final thoughts --
I'm looking forward to seeing everyone again this year. If you haven't
registered yet, I suggest doing so now while the costs are lower and there
are still rooms available at the hotel.
On a personal note, I'm going on the Saturday excursion, but we'll need
enough people to make it happen, so consider staying Saturday and hanging
out with the cool kids.
- Bil
#############################################################
Attend the Lasso Developer Conference 2014!
October 1-3, 2014 at Treefrog HQ, Newmarket, Ontario, Canada
http://www.lassosoft.com/LDC-newmarket-2014
#############################################################
This message is sent to you because you are subscribed to
the mailing list Lasso Lasso@lists.lassosoft.com
Official list archives available at http://www.lassotalk.com
To unsubscribe, E-mail to: <Lasso-unsubscribe@lists.lassosoft.com>
Send administrative queries to <Lasso-request@lists.lassosoft.com>
Jun 27, 2014; 10:17
Peter D Bethke
Re: LDC 2014 - my talks this year
Jun 27, 2014; 23:58
Bil Corry
Re: LDC 2014 - my talks this year