LDC 2014 - my talks this year

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

LDC 2014 - my talks this year

Bil Corry-3
The early bird discount for LDC 2014 expires in five days:

http://www.lassosoft.com/LDC-newmarket-2014

It's always difficult to judge the value of a conference without having the
finalized conference schedule.  So in case it helps, I'm planning to talk
on the following:


-- During the conference --

1) "Anti-Automation, Step-Up Authentication, and Velocity Controls" - You
hate CAPTCHAs, your customers hate CAPTCHAs, but you hate automated attacks
even more.  I'll discuss the concept of "step-up authentication" that seeks
to reward trusted users with less friction, and malicious users with more
friction.

2) "Why Are You Hitting Yourself? Clickjacking attacks and defenses" -
Clickjacking forces the victims into attacking themselves, but you can
protect your users with a security header (and for older browsers, a
JavaScript framebuster).  I'll go over the attack, the protection
mechanisms, and your options when you have to allow framing on your site.

3) "OWASP Top Ten" - while there are a variety of threats to your web
application, I'll cover the top-ten threats as determined by OWASP.


-- The Morning of October 1 (prior to the official conference start) --

For those arriving early, I'm having an informal "workshop" on the
following:

3) Security testing with Burp Proxy - Ever wonder what it would be like to
be a pentester?  Or do you want to improve the security posture of your
application?  I'll cover using the Burp proxy (a free, Java-based
cross-platform proxy) to manually test a webapp for common vulnerabilities
(XSS, SQLi, CSRF).  This will be hands-on, so please bring your laptop.


-- Some final thoughts --

I'm looking forward to seeing everyone again this year.  If you haven't
registered yet, I suggest doing so now while the costs are lower and there
are still rooms available at the hotel.

On a personal note, I'm going on the Saturday excursion, but we'll need
enough people to make it happen, so consider staying Saturday and hanging
out with the cool kids.


- Bil
#############################################################
Attend the Lasso Developer Conference 2014!
October 1-3, 2014 at Treefrog HQ, Newmarket, Ontario, Canada
http://www.lassosoft.com/LDC-newmarket-2014

#############################################################

This message is sent to you because you are subscribed to
  the mailing list Lasso [hidden email]
Official list archives available at http://www.lassotalk.com
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: LDC 2014 - my talks this year

Peter D Bethke
Hi Bil,

Are your talks going to be recorded for those of us not able to attend?

Best,

Peter

On Jun 25, 2014, at 5:04 PM, Bil Corry <[hidden email]> wrote:

> The early bird discount for LDC 2014 expires in five days:
>
> http://www.lassosoft.com/LDC-newmarket-2014
>
> It's always difficult to judge the value of a conference without having the
> finalized conference schedule.  So in case it helps, I'm planning to talk
> on the following:
>
>
> -- During the conference --
>
> 1) "Anti-Automation, Step-Up Authentication, and Velocity Controls" - You
> hate CAPTCHAs, your customers hate CAPTCHAs, but you hate automated attacks
> even more.  I'll discuss the concept of "step-up authentication" that seeks
> to reward trusted users with less friction, and malicious users with more
> friction.
>
> 2) "Why Are You Hitting Yourself? Clickjacking attacks and defenses" -
> Clickjacking forces the victims into attacking themselves, but you can
> protect your users with a security header (and for older browsers, a
> JavaScript framebuster).  I'll go over the attack, the protection
> mechanisms, and your options when you have to allow framing on your site.
>
> 3) "OWASP Top Ten" - while there are a variety of threats to your web
> application, I'll cover the top-ten threats as determined by OWASP.
>
>
> -- The Morning of October 1 (prior to the official conference start) --
>
> For those arriving early, I'm having an informal "workshop" on the
> following:
>
> 3) Security testing with Burp Proxy - Ever wonder what it would be like to
> be a pentester?  Or do you want to improve the security posture of your
> application?  I'll cover using the Burp proxy (a free, Java-based
> cross-platform proxy) to manually test a webapp for common vulnerabilities
> (XSS, SQLi, CSRF).  This will be hands-on, so please bring your laptop.
>
>
> -- Some final thoughts --
>
> I'm looking forward to seeing everyone again this year.  If you haven't
> registered yet, I suggest doing so now while the costs are lower and there
> are still rooms available at the hotel.
>
> On a personal note, I'm going on the Saturday excursion, but we'll need
> enough people to make it happen, so consider staying Saturday and hanging
> out with the cool kids.
>
>
> - Bil
> #############################################################
> Attend the Lasso Developer Conference 2014!
> October 1-3, 2014 at Treefrog HQ, Newmarket, Ontario, Canada
> http://www.lassosoft.com/LDC-newmarket-2014
>
> #############################################################
>
> This message is sent to you because you are subscribed to
>  the mailing list Lasso [hidden email]
> Official list archives available at http://www.lassotalk.com
> To unsubscribe, E-mail to: <[hidden email]>
> Send administrative queries to  <[hidden email]>

#############################################################
Attend the Lasso Developer Conference 2014!
October 1-3, 2014 at Treefrog HQ, Newmarket, Ontario, Canada
http://www.lassosoft.com/LDC-newmarket-2014

#############################################################

This message is sent to you because you are subscribed to
  the mailing list Lasso [hidden email]
Official list archives available at http://www.lassotalk.com
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: LDC 2014 - my talks this year

Bil Corry-3
Hi Peter,

Sorry to hear you can't make it.  I don't know if the sessions are being
recorded this year, that's a question for LassoSoft.

I do know that  I'll make my decks available on SlideShare after the
presentations, like I did last year.


- Bil


On Fri, Jun 27, 2014 at 4:17 PM, Peter D Bethke <[hidden email]>
wrote:

> Hi Bil,
>
> Are your talks going to be recorded for those of us not able to attend?
>
> Best,
>
> Peter
>
> On Jun 25, 2014, at 5:04 PM, Bil Corry <[hidden email]> wrote:
>
> > The early bird discount for LDC 2014 expires in five days:
> >
> > http://www.lassosoft.com/LDC-newmarket-2014
> >
> > It's always difficult to judge the value of a conference without having
> the
> > finalized conference schedule.  So in case it helps, I'm planning to talk
> > on the following:
> >
> >
> > -- During the conference --
> >
> > 1) "Anti-Automation, Step-Up Authentication, and Velocity Controls" - You
> > hate CAPTCHAs, your customers hate CAPTCHAs, but you hate automated
> attacks
> > even more.  I'll discuss the concept of "step-up authentication" that
> seeks
> > to reward trusted users with less friction, and malicious users with more
> > friction.
> >
> > 2) "Why Are You Hitting Yourself? Clickjacking attacks and defenses" -
> > Clickjacking forces the victims into attacking themselves, but you can
> > protect your users with a security header (and for older browsers, a
> > JavaScript framebuster).  I'll go over the attack, the protection
> > mechanisms, and your options when you have to allow framing on your site.
> >
> > 3) "OWASP Top Ten" - while there are a variety of threats to your web
> > application, I'll cover the top-ten threats as determined by OWASP.
> >
> >
> > -- The Morning of October 1 (prior to the official conference start) --
> >
> > For those arriving early, I'm having an informal "workshop" on the
> > following:
> >
> > 3) Security testing with Burp Proxy - Ever wonder what it would be like
> to
> > be a pentester?  Or do you want to improve the security posture of your
> > application?  I'll cover using the Burp proxy (a free, Java-based
> > cross-platform proxy) to manually test a webapp for common
> vulnerabilities
> > (XSS, SQLi, CSRF).  This will be hands-on, so please bring your laptop.
> >
> >
> > -- Some final thoughts --
> >
> > I'm looking forward to seeing everyone again this year.  If you haven't
> > registered yet, I suggest doing so now while the costs are lower and
> there
> > are still rooms available at the hotel.
> >
> > On a personal note, I'm going on the Saturday excursion, but we'll need
> > enough people to make it happen, so consider staying Saturday and hanging
> > out with the cool kids.
> >
> >
> > - Bil
> > #############################################################
> > Attend the Lasso Developer Conference 2014!
> > October 1-3, 2014 at Treefrog HQ, Newmarket, Ontario, Canada
> > http://www.lassosoft.com/LDC-newmarket-2014
> >
> > #############################################################
> >
> > This message is sent to you because you are subscribed to
> >  the mailing list Lasso [hidden email]
> > Official list archives available at http://www.lassotalk.com
> > To unsubscribe, E-mail to: <[hidden email]>
> > Send administrative queries to  <[hidden email]>
>
> #############################################################
> Attend the Lasso Developer Conference 2014!
> October 1-3, 2014 at Treefrog HQ, Newmarket, Ontario, Canada
> http://www.lassosoft.com/LDC-newmarket-2014
>
> #############################################################
>
> This message is sent to you because you are subscribed to
>   the mailing list Lasso [hidden email]
> Official list archives available at http://www.lassotalk.com
> To unsubscribe, E-mail to: <[hidden email]>
> Send administrative queries to  <[hidden email]>
>
#############################################################
Attend the Lasso Developer Conference 2014!
October 1-3, 2014 at Treefrog HQ, Newmarket, Ontario, Canada
http://www.lassosoft.com/LDC-newmarket-2014

#############################################################

This message is sent to you because you are subscribed to
  the mailing list Lasso [hidden email]
Official list archives available at http://www.lassotalk.com
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>