Top 10 Talks on Application Security from RSA Conference USA 2018

Our editorial team has handpicked the best of the best talks at RSA Conference - one of the largest IT Security Conference in the world. Following is the list of top talks on Application Security at RSA Conference USA 2018.

RSA Conference held its event in San Francisco, CA at the Moscone Center & Marriott Marquis and brought together a record number of 50,000 attendees.Attendees experienced keynotes, peer-to-peer sessions, top notch track sessions, tutorials and seminars. Keynotes, sessions and debates focused on New Attack Technique, Encryption, Artificial Intelligence, Machine Learning, Internet Of Things, Cloud Security & Virtualization & many more.

(Source: RSA Conference USA 2018)

1. Efficacy of Layered Application Security through the Lens of Hacker

Speakers: Dr. Bill Chen, Gyan Prakash

Discussion will start on web app threat model, sharing the effectiveness analysis of common app sec tools including SAST, DAST, IAST, RASP, WAF, bot detection, DB monitoring, open source scan and bin composition analysis. The discussion will cover the strategy to build cost-effective SDLC stack to minimize the appsec exposure and emerging risks from AI-assisted hacking tools with actionable recommendations.

>> Go To Presentation

2. Realizing Software Security Maturity: The Growing Pains and Gains

Speakers: Kelby Ludwig, Mark Stanislav

Software security is often boiled down to the “OWASP Top 10,” resulting in an ineffective sense of what maturity-focused, comprehensive application security could be like. How then should an organization consider building a holistic program that seeks to grow in maturity over time? Come hear how one team has taken on this challenge and learn what has, and has not, worked on their own journey.

>> Go To Presentation

3. Lost in the Ether: How Ethereum Hacks Are Shaping the Blockchain Fu...

Speaker: Marc Laliberte

Valued at over $24 billion in total, Ether is the second largest crypto currency, only behind Bitcoin. In the last two years, cybercriminals have exploited code flaws, web app vulnerabilities and social engineering to steal over $100 million in Ether crypto currency. This session will cover smart contracts and the Ethereum Virtual Machine as well as a history of how these heists have shaped Ethereum.

>> Go To Presentation

4. Order vs. Mad Science: Analyzing Black Hat Swarm Intelligence

Speaker: Derek Manky

White hat defense systems continue to improve on supervised learning sets using machine and deep learning neural networks to defend against an exploding attack surface. Zombies that require commands from botnet herders are becoming intelligent, capable of their own decisions as we saw with Hajime in 2017. Swarm intelligence can be used to enhance these networks. What can we do to defend?

>> Go To Presentation

5. The Unexpected Attack Vector: Software Updaters

Speaker: Elia Florio

Every day millions of computers perform silently a simple task with great risk exposure: download and execute code through a software updater. An updater introduces a dangerous attack surface represented by unsafe code practice, unsecure protocols or server infrastructure not adequately protected. This talk will dive into incidents like CCleaner, ShadowPad and Medoc, and tools used to hijack updaters.Every day millions of computers perform silently a simple task with great risk exposure: download and execute code through a software updater. An updater introduces a dangerous attack surface represented by unsafe code practice, unsecure protocols or server infrastructure not adequately protected. This talk will dive into incidents like CCleaner, ShadowPad and Medoc, and tools used to hijack updaters.

>> Go To Presentation

6. CCleaner APT Attack: A Technical Look Inside

Speaker: Ondrej Vlcek

Avast CTO Ondrej Vlček breaks down the sophisticated CCleaner supply-chain malware attack, providing new unpublished findings about the unique stealth, steganography and exfiltration techniques used by the attackers. Avast will dissect the malicious payload, inner workings of the CnC server environment, and analyze how the attack went unnoticed by the global security industry—for almost a month.

>> Go To Presentation

7. Common Infrastructure Exploits in AWS/GCP/Azure Servers and Containers

Speaker: Alexi Papaleonardos

IaaS clouds transformed datacenter security architecture by enabling programmatic detection of flaws, making the cloud more transparently secure than any legacy architecture. But security practitioners who assume congruence to legacy designs miss where attack surface and visibility has changed. With concrete examples, this talk will explore the practical risks posed by misunderstanding VPC DNS and more.

>> Go To Presentation

8. Early Detection of Malicious Activity—How Well Do You Know Your DNS?

Speaker: Merike Kaeo

The Domain Name System is deceptively simple and often underutilized as a security tool. Once you start looking under the cover there is a wealth of detail that can be used as an early warning system to predict new targeted attacks. In this session Farsight Security CTO Merike Kaeo will provide a detailed look at how DNS information can be used to indicate suspicious activity and prevent attacks.

>> Go To Presentation

9. Exfiltrating Data through IoT

Speakers: Chet Hosmer, Michael Raggo

IoT offers a plethora of new protocols and frequencies over which communication travels. Protocols and services such as SSDP, P25, Zigbee, Z-Wave, WiFi and more provide countless ways to exfiltrate data or infiltrate the network. Through real-world examples, sample code and demos, presenters will bring to light these threats and new methods for detecting aberrant behavior emanating to/from these devices.

>> Go To Presentation

10. Poison Pixels—Combatting Image Steganography in Cybercrime

Speaker: Simon Wiseman

Image steganography is becoming the attack vector of choice for cyber criminals. This session explains what Stegware is, how it is being used (anti-virus evasion, covert command & control channels, data exfiltration), how it works (redundant data, LSB injection, ordering), why detection strategies will continue to fail to tackle the problem and how transformation can annihilate it.

>> Go To Presentation

Your Complete Guide To Top Talks @RSA Conference 2018 (USA)

Get your FREE Guide on Top Talks @ RSA Conference 2018 (USA) . Our editorial team has gone through all the talks and handpicked the best of the best talks at RSA Conference into a single guide. Get your Free copy today.

>>Click Here To Get Your FREE Guide

 

 

Views: 209

Join the Discussion ...

You need to be a member of CISO Platform to join the discussion!

Join CISO Platform

© 2019   Created by CISO Platform.   Powered by

Badges  |  Report an Issue  |  Privacy Policy  |  Terms of Service

Related Posts