Our editorial team has handpicked the best of the best talks at RSA Conference - one of the largest IT Security Conference in the world. Following is the list of top talks on Application Security at RSA Conference USA 2018.
RSA Conference held its event in San Francisco, CA at the Moscone Center & Marriott Marquis and brought together a record number of 50,000 attendees.Attendees experienced keynotes, peer-to-peer sessions, top notch track sessions, tutorials and seminars. Keynotes, sessions and debates focused on New Attack Technique, Encryption, Artificial Intelligence, Machine Learning, Internet Of Things, Cloud Security & Virtualization & many more.
(Source: RSA Conference USA 2018)
Speakers: Dr. Bill Chen, Gyan Prakash
Discussion will start on web app threat model, sharing the effectiveness analysis of common app sec tools including SAST, DAST, IAST, RASP, WAF, bot detection, DB monitoring, open source scan and bin composition analysis. The discussion will cover the strategy to build cost-effective SDLC stack to minimize the appsec exposure and emerging risks from AI-assisted hacking tools with actionable recommendations.
Speakers: Kelby Ludwig, Mark Stanislav
Software security is often boiled down to the “OWASP Top 10,” resulting in an ineffective sense of what maturity-focused, comprehensive application security could be like. How then should an organization consider building a holistic program that seeks to grow in maturity over time? Come hear how one team has taken on this challenge and learn what has, and has not, worked on their own journey.
Speaker: Marc Laliberte
Valued at over $24 billion in total, Ether is the second largest crypto currency, only behind Bitcoin. In the last two years, cybercriminals have exploited code flaws, web app vulnerabilities and social engineering to steal over $100 million in Ether crypto currency. This session will cover smart contracts and the Ethereum Virtual Machine as well as a history of how these heists have shaped Ethereum.
Speaker: Derek Manky
White hat defense systems continue to improve on supervised learning sets using machine and deep learning neural networks to defend against an exploding attack surface. Zombies that require commands from botnet herders are becoming intelligent, capable of their own decisions as we saw with Hajime in 2017. Swarm intelligence can be used to enhance these networks. What can we do to defend?
Speaker: Elia Florio
Every day millions of computers perform silently a simple task with great risk exposure: download and execute code through a software updater. An updater introduces a dangerous attack surface represented by unsafe code practice, unsecure protocols or server infrastructure not adequately protected. This talk will dive into incidents like CCleaner, ShadowPad and Medoc, and tools used to hijack updaters.Every day millions of computers perform silently a simple task with great risk exposure: download and execute code through a software updater. An updater introduces a dangerous attack surface represented by unsafe code practice, unsecure protocols or server infrastructure not adequately protected. This talk will dive into incidents like CCleaner, ShadowPad and Medoc, and tools used to hijack updaters.
Speaker: Ondrej Vlcek
Avast CTO Ondrej Vlček breaks down the sophisticated CCleaner supply-chain malware attack, providing new unpublished findings about the unique stealth, steganography and exfiltration techniques used by the attackers. Avast will dissect the malicious payload, inner workings of the CnC server environment, and analyze how the attack went unnoticed by the global security industry—for almost a month.
Speaker: Alexi Papaleonardos
IaaS clouds transformed datacenter security architecture by enabling programmatic detection of flaws, making the cloud more transparently secure than any legacy architecture. But security practitioners who assume congruence to legacy designs miss where attack surface and visibility has changed. With concrete examples, this talk will explore the practical risks posed by misunderstanding VPC DNS and more.
Speaker: Merike Kaeo
The Domain Name System is deceptively simple and often underutilized as a security tool. Once you start looking under the cover there is a wealth of detail that can be used as an early warning system to predict new targeted attacks. In this session Farsight Security CTO Merike Kaeo will provide a detailed look at how DNS information can be used to indicate suspicious activity and prevent attacks.
Speakers: Chet Hosmer, Michael Raggo
IoT offers a plethora of new protocols and frequencies over which communication travels. Protocols and services such as SSDP, P25, Zigbee, Z-Wave, WiFi and more provide countless ways to exfiltrate data or infiltrate the network. Through real-world examples, sample code and demos, presenters will bring to light these threats and new methods for detecting aberrant behavior emanating to/from these devices.
Speaker: Simon Wiseman
Image steganography is becoming the attack vector of choice for cyber criminals. This session explains what Stegware is, how it is being used (anti-virus evasion, covert command & control channels, data exfiltration), how it works (redundant data, LSB injection, ordering), why detection strategies will continue to fail to tackle the problem and how transformation can annihilate it.
Get your FREE Guide on Top Talks @ RSA Conference 2018 (USA) . Our editorial team has gone through all the talks and handpicked the best of the best talks at RSA Conference into a single guide. Get your Free copy today.