The early bird discount for LDC 2014 expires in five days:
http://www.lassosoft.com/LDC-newmarket-2014 It's always difficult to judge the value of a conference without having the finalized conference schedule. So in case it helps, I'm planning to talk on the following: -- During the conference -- 1) "Anti-Automation, Step-Up Authentication, and Velocity Controls" - You hate CAPTCHAs, your customers hate CAPTCHAs, but you hate automated attacks even more. I'll discuss the concept of "step-up authentication" that seeks to reward trusted users with less friction, and malicious users with more friction. 2) "Why Are You Hitting Yourself? Clickjacking attacks and defenses" - Clickjacking forces the victims into attacking themselves, but you can protect your users with a security header (and for older browsers, a JavaScript framebuster). I'll go over the attack, the protection mechanisms, and your options when you have to allow framing on your site. 3) "OWASP Top Ten" - while there are a variety of threats to your web application, I'll cover the top-ten threats as determined by OWASP. -- The Morning of October 1 (prior to the official conference start) -- For those arriving early, I'm having an informal "workshop" on the following: 3) Security testing with Burp Proxy - Ever wonder what it would be like to be a pentester? Or do you want to improve the security posture of your application? I'll cover using the Burp proxy (a free, Java-based cross-platform proxy) to manually test a webapp for common vulnerabilities (XSS, SQLi, CSRF). This will be hands-on, so please bring your laptop. -- Some final thoughts -- I'm looking forward to seeing everyone again this year. If you haven't registered yet, I suggest doing so now while the costs are lower and there are still rooms available at the hotel. On a personal note, I'm going on the Saturday excursion, but we'll need enough people to make it happen, so consider staying Saturday and hanging out with the cool kids. - Bil ############################################################# Attend the Lasso Developer Conference 2014! October 1-3, 2014 at Treefrog HQ, Newmarket, Ontario, Canada http://www.lassosoft.com/LDC-newmarket-2014 ############################################################# This message is sent to you because you are subscribed to the mailing list Lasso [hidden email] Official list archives available at http://www.lassotalk.com To unsubscribe, E-mail to: <[hidden email]> Send administrative queries to <[hidden email]> |
Hi Bil,
Are your talks going to be recorded for those of us not able to attend? Best, Peter On Jun 25, 2014, at 5:04 PM, Bil Corry <[hidden email]> wrote: > The early bird discount for LDC 2014 expires in five days: > > http://www.lassosoft.com/LDC-newmarket-2014 > > It's always difficult to judge the value of a conference without having the > finalized conference schedule. So in case it helps, I'm planning to talk > on the following: > > > -- During the conference -- > > 1) "Anti-Automation, Step-Up Authentication, and Velocity Controls" - You > hate CAPTCHAs, your customers hate CAPTCHAs, but you hate automated attacks > even more. I'll discuss the concept of "step-up authentication" that seeks > to reward trusted users with less friction, and malicious users with more > friction. > > 2) "Why Are You Hitting Yourself? Clickjacking attacks and defenses" - > Clickjacking forces the victims into attacking themselves, but you can > protect your users with a security header (and for older browsers, a > JavaScript framebuster). I'll go over the attack, the protection > mechanisms, and your options when you have to allow framing on your site. > > 3) "OWASP Top Ten" - while there are a variety of threats to your web > application, I'll cover the top-ten threats as determined by OWASP. > > > -- The Morning of October 1 (prior to the official conference start) -- > > For those arriving early, I'm having an informal "workshop" on the > following: > > 3) Security testing with Burp Proxy - Ever wonder what it would be like to > be a pentester? Or do you want to improve the security posture of your > application? I'll cover using the Burp proxy (a free, Java-based > cross-platform proxy) to manually test a webapp for common vulnerabilities > (XSS, SQLi, CSRF). This will be hands-on, so please bring your laptop. > > > -- Some final thoughts -- > > I'm looking forward to seeing everyone again this year. If you haven't > registered yet, I suggest doing so now while the costs are lower and there > are still rooms available at the hotel. > > On a personal note, I'm going on the Saturday excursion, but we'll need > enough people to make it happen, so consider staying Saturday and hanging > out with the cool kids. > > > - Bil > ############################################################# > Attend the Lasso Developer Conference 2014! > October 1-3, 2014 at Treefrog HQ, Newmarket, Ontario, Canada > http://www.lassosoft.com/LDC-newmarket-2014 > > ############################################################# > > This message is sent to you because you are subscribed to > the mailing list Lasso [hidden email] > Official list archives available at http://www.lassotalk.com > To unsubscribe, E-mail to: <[hidden email]> > Send administrative queries to <[hidden email]> ############################################################# Attend the Lasso Developer Conference 2014! October 1-3, 2014 at Treefrog HQ, Newmarket, Ontario, Canada http://www.lassosoft.com/LDC-newmarket-2014 ############################################################# This message is sent to you because you are subscribed to the mailing list Lasso [hidden email] Official list archives available at http://www.lassotalk.com To unsubscribe, E-mail to: <[hidden email]> Send administrative queries to <[hidden email]> |
Hi Peter,
Sorry to hear you can't make it. I don't know if the sessions are being recorded this year, that's a question for LassoSoft. I do know that I'll make my decks available on SlideShare after the presentations, like I did last year. - Bil On Fri, Jun 27, 2014 at 4:17 PM, Peter D Bethke <[hidden email]> wrote: > Hi Bil, > > Are your talks going to be recorded for those of us not able to attend? > > Best, > > Peter > > On Jun 25, 2014, at 5:04 PM, Bil Corry <[hidden email]> wrote: > > > The early bird discount for LDC 2014 expires in five days: > > > > http://www.lassosoft.com/LDC-newmarket-2014 > > > > It's always difficult to judge the value of a conference without having > the > > finalized conference schedule. So in case it helps, I'm planning to talk > > on the following: > > > > > > -- During the conference -- > > > > 1) "Anti-Automation, Step-Up Authentication, and Velocity Controls" - You > > hate CAPTCHAs, your customers hate CAPTCHAs, but you hate automated > attacks > > even more. I'll discuss the concept of "step-up authentication" that > seeks > > to reward trusted users with less friction, and malicious users with more > > friction. > > > > 2) "Why Are You Hitting Yourself? Clickjacking attacks and defenses" - > > Clickjacking forces the victims into attacking themselves, but you can > > protect your users with a security header (and for older browsers, a > > JavaScript framebuster). I'll go over the attack, the protection > > mechanisms, and your options when you have to allow framing on your site. > > > > 3) "OWASP Top Ten" - while there are a variety of threats to your web > > application, I'll cover the top-ten threats as determined by OWASP. > > > > > > -- The Morning of October 1 (prior to the official conference start) -- > > > > For those arriving early, I'm having an informal "workshop" on the > > following: > > > > 3) Security testing with Burp Proxy - Ever wonder what it would be like > to > > be a pentester? Or do you want to improve the security posture of your > > application? I'll cover using the Burp proxy (a free, Java-based > > cross-platform proxy) to manually test a webapp for common > vulnerabilities > > (XSS, SQLi, CSRF). This will be hands-on, so please bring your laptop. > > > > > > -- Some final thoughts -- > > > > I'm looking forward to seeing everyone again this year. If you haven't > > registered yet, I suggest doing so now while the costs are lower and > there > > are still rooms available at the hotel. > > > > On a personal note, I'm going on the Saturday excursion, but we'll need > > enough people to make it happen, so consider staying Saturday and hanging > > out with the cool kids. > > > > > > - Bil > > ############################################################# > > Attend the Lasso Developer Conference 2014! > > October 1-3, 2014 at Treefrog HQ, Newmarket, Ontario, Canada > > http://www.lassosoft.com/LDC-newmarket-2014 > > > > ############################################################# > > > > This message is sent to you because you are subscribed to > > the mailing list Lasso [hidden email] > > Official list archives available at http://www.lassotalk.com > > To unsubscribe, E-mail to: <[hidden email]> > > Send administrative queries to <[hidden email]> > > ############################################################# > Attend the Lasso Developer Conference 2014! > October 1-3, 2014 at Treefrog HQ, Newmarket, Ontario, Canada > http://www.lassosoft.com/LDC-newmarket-2014 > > ############################################################# > > This message is sent to you because you are subscribed to > the mailing list Lasso [hidden email] > Official list archives available at http://www.lassotalk.com > To unsubscribe, E-mail to: <[hidden email]> > Send administrative queries to <[hidden email]> > Attend the Lasso Developer Conference 2014! October 1-3, 2014 at Treefrog HQ, Newmarket, Ontario, Canada http://www.lassosoft.com/LDC-newmarket-2014 ############################################################# This message is sent to you because you are subscribed to the mailing list Lasso [hidden email] Official list archives available at http://www.lassotalk.com To unsubscribe, E-mail to: <[hidden email]> Send administrative queries to <[hidden email]> |
Free forum by Nabble | Edit this page |