Join the Chicago Chapter of the Open Web Application Security Project (OWASP), a worldwide not-for-profit charitable organization focused on improving the security of software. Topics will include Javascript ,Continuous Integration and Continuous Deployment systems.
This event has ended.
Agenda:
6:00-6:30pm - Gather and mingle
(Food & Beverages provided courtesy of sponsor)
Talk 1: Warning Ahead: Security Storms are Brewing In your Javascript
JavaScript controls our lives – we use it to zoom in and out of a map, to automatically schedule doctor appointments and to play online games. But have we ever properly considered the security state of this scripting language?
Before dismissing the (in)security posture of JavaScript on the grounds of a client-side problem, consider the impact of JavaScript vulnerability exploitation to the enterprise: from stealing server-side data to infecting users with malware. Hackers are beginning to recognize this new playground and are quickly adding JavaScript exploitation tools to their Web attack arsenal.
In this talk we explore the vulnerabilities behind Javascript, including:
- A new class of vulnerabilities unique only to JavaScript
- Vulnerabilities in 3rd-party platforms which are exploited through JavaScript code
- A new set of vulnerabilities enabled by HTML5
Talk 2: Avoiding an inCIdent: when CI hurts
Continuous Integration and Continuous Deployment systems are an absolute necessity. Unfortunately common CI systems such as Jenkins have multiple security issues, and once compromised provide a fairly big payoff for an attacker. As helpful as they are, the reality is that your CI is a high risk target. This talk will discuss some common attack methods against Jenkins and other CI systems, and suggest some strategies for architecting a secure solution.
Rob Havelt has been hacking all the things for a really long time. Formerly running a large PenTest team at SpiderLabs, currently doing Merger and Acquisitions security for Salesforce.
