LDC 2014 - my talks this year

> The early bird discount for LDC 2014 expires in five days:
>
> http://www.lassosoft.com/LDC-newmarket-2014
>
> It's always difficult to judge the value of a conference without having the
> finalized conference schedule.  So in case it helps, I'm planning to talk
> on the following:
>
>
> -- During the conference --
>
> 1) "Anti-Automation, Step-Up Authentication, and Velocity Controls" - You
> hate CAPTCHAs, your customers hate CAPTCHAs, but you hate automated attacks
> even more.  I'll discuss the concept of "step-up authentication" that seeks
> to reward trusted users with less friction, and malicious users with more
> friction.
>
> 2) "Why Are You Hitting Yourself? Clickjacking attacks and defenses" -
> Clickjacking forces the victims into attacking themselves, but you can
> protect your users with a security header (and for older browsers, a
> JavaScript framebuster).  I'll go over the attack, the protection
> mechanisms, and your options when you have to allow framing on your site.
>
> 3) "OWASP Top Ten" - while there are a variety of threats to your web
> application, I'll cover the top-ten threats as determined by OWASP.
>
>
> -- The Morning of October 1 (prior to the official conference start) --
>
> For those arriving early, I'm having an informal "workshop" on the
> following:
>
> 3) Security testing with Burp Proxy - Ever wonder what it would be like to
> be a pentester?  Or do you want to improve the security posture of your
> application?  I'll cover using the Burp proxy (a free, Java-based
> cross-platform proxy) to manually test a webapp for common vulnerabilities
> (XSS, SQLi, CSRF).  This will be hands-on, so please bring your laptop.
>
>
> -- Some final thoughts --
>
> I'm looking forward to seeing everyone again this year.  If you haven't
> registered yet, I suggest doing so now while the costs are lower and there
> are still rooms available at the hotel.
>
> On a personal note, I'm going on the Saturday excursion, but we'll need
> enough people to make it happen, so consider staying Saturday and hanging
> out with the cool kids.
>
>
> - Bil
> #############################################################
> Attend the Lasso Developer Conference 2014!
> October 1-3, 2014 at Treefrog HQ, Newmarket, Ontario, Canada
> http://www.lassosoft.com/LDC-newmarket-2014
>
> #############################################################
>
> This message is sent to you because you are subscribed to
>  the mailing list Lasso [hidden email]
> Official list archives available at http://www.lassotalk.com
> To unsubscribe, E-mail to: <[hidden email]>
> Send administrative queries to  <[hidden email]>

> Hi Bil,
>
> Are your talks going to be recorded for those of us not able to attend?
>
> Best,
>
> Peter
>
> On Jun 25, 2014, at 5:04 PM, Bil Corry <[hidden email]> wrote:
>
> > The early bird discount for LDC 2014 expires in five days:
> >
> > http://www.lassosoft.com/LDC-newmarket-2014
> >
> > It's always difficult to judge the value of a conference without having
> the
> > finalized conference schedule.  So in case it helps, I'm planning to talk
> > on the following:
> >
> >
> > -- During the conference --
> >
> > 1) "Anti-Automation, Step-Up Authentication, and Velocity Controls" - You
> > hate CAPTCHAs, your customers hate CAPTCHAs, but you hate automated
> attacks
> > even more.  I'll discuss the concept of "step-up authentication" that
> seeks
> > to reward trusted users with less friction, and malicious users with more
> > friction.
> >
> > 2) "Why Are You Hitting Yourself? Clickjacking attacks and defenses" -
> > Clickjacking forces the victims into attacking themselves, but you can
> > protect your users with a security header (and for older browsers, a
> > JavaScript framebuster).  I'll go over the attack, the protection
> > mechanisms, and your options when you have to allow framing on your site.
> >
> > 3) "OWASP Top Ten" - while there are a variety of threats to your web
> > application, I'll cover the top-ten threats as determined by OWASP.
> >
> >
> > -- The Morning of October 1 (prior to the official conference start) --
> >
> > For those arriving early, I'm having an informal "workshop" on the
> > following:
> >
> > 3) Security testing with Burp Proxy - Ever wonder what it would be like
> to
> > be a pentester?  Or do you want to improve the security posture of your
> > application?  I'll cover using the Burp proxy (a free, Java-based
> > cross-platform proxy) to manually test a webapp for common
> vulnerabilities
> > (XSS, SQLi, CSRF).  This will be hands-on, so please bring your laptop.
> >
> >
> > -- Some final thoughts --
> >
> > I'm looking forward to seeing everyone again this year.  If you haven't
> > registered yet, I suggest doing so now while the costs are lower and
> there
> > are still rooms available at the hotel.
> >
> > On a personal note, I'm going on the Saturday excursion, but we'll need
> > enough people to make it happen, so consider staying Saturday and hanging
> > out with the cool kids.
> >
> >
> > - Bil
> > #############################################################
> > Attend the Lasso Developer Conference 2014!
> > October 1-3, 2014 at Treefrog HQ, Newmarket, Ontario, Canada
> > http://www.lassosoft.com/LDC-newmarket-2014
> >
> > #############################################################
> >
> > This message is sent to you because you are subscribed to
> >  the mailing list Lasso [hidden email]
> > Official list archives available at http://www.lassotalk.com
> > To unsubscribe, E-mail to: <[hidden email]>
> > Send administrative queries to  <[hidden email]>
>
> #############################################################
> Attend the Lasso Developer Conference 2014!
> October 1-3, 2014 at Treefrog HQ, Newmarket, Ontario, Canada
> http://www.lassosoft.com/LDC-newmarket-2014
>
> #############################################################
>
> This message is sent to you because you are subscribed to
>   the mailing list Lasso [hidden email]
> Official list archives available at http://www.lassotalk.com
> To unsubscribe, E-mail to: <[hidden email]>
> Send administrative queries to  <[hidden email]>
>