Abusing bleeding edge web standards for appsec glory
Through cooperation between browser vendors and standards bodies in the recent past, numerous standards have been created to enforce stronger client-side control for web applications. As web appsec
The Art of defence: How vulnerabilities help shape security features and mitigations in android
Information security is ever evolving, and Android's security posture is no different. Android users faces threats from a variety of sources, from the mund
Breaking paravirtualized devices
Instead of simply emulating old and slow hardware, modern hypervisors use paravirtualized devices to provide guests access to virtual hardware. Bugs in the privileged backend components can allow an attacker to break o
Samsung pay: tokenized numbers flaws and issues
Samsung announced many layers of security to its Pay app. Without storing or sharing any type of user's credit card information, Samsung Pay is trying to become one of the most secure approaches offering
Hardening AWS environment and automating incidence response for AWS compromises
Incident Response procedures differ in the cloud versus when performed in traditional, on-premise, environments. The cloud offers the ability to respond to an incident by
Bad for Enterprise: Attacking BYOD enterprise mobility security solutions
The global market for Bring Your Own Device (BYOD) and enterprise mobility is expected to quadruple in size over the next four years, hitting $284 billion by 2019. BYOD software
Behind the scenes with IOS security
With over a billion active devices and in-depth security protections spanning every layer from silicon to software, Apple works to advance the state of the art in mobile security with every release of iOS. We will
The year in Flash
Adobe Flash continues to be a popular target for attackers in the wild. As an increasing number of bug fixes and mitigations are implemented, increasingly complex vulnerabilities and exploits are coming to light. This talk describes
OAuth has become a highly influential protocol due to its swift and wide adoption in the industry. The initial objective of the protocol was specific: it serves the authorization needs for websites. However, the protocol has been significantly repurp
CANSPY: A platform for auditing CAN devices
In the past few years, several tools have been released allowing hobbyists to connect to CAN buses found in cars. This is welcomed as the CAN protocol is becoming the backbone for embedded computers found in
HEIST: HTTP encrypted information can be stolen through TCP windows
Over the last few years, a worryingly number of attacks against SSL/TLS and other secure channels have been discovered. Fortunately, at least from a defenders perspective, these att
Speakers
Detailed Presentation:
(Source: Black Hat USA 2016, Las Vegas)
Pirating AVS to bypass exploit mitigation
Put a low-level security researcher in front of hooking mechanisms and you get industry-wide vulnerability notifications, affecting security tools such as Anti-Virus, Anti-Exploitations and DLP, as well as non
Speakers
Detailed Presentation:
(Source: Black Hat USA 2016, Las Vegas)
A Cloud Access Security Broker (CASB) is a solution to secure SaaS apps end-to-end, from cloud to device. Today, most CASBs focus only on software as a service (SaaS), although they can enforce best practices and security policies across all cloud se
HTTP cookie hijacking in the wild: security and privacy implications
The widespread demand for online privacy, also fueled by widely-publicized demonstrations of session hijacking attacks against popular websites (see Firesheep), has spearheaded the i
We are happy to announce that CISO Platform and TiE’s IoT Forum has partnered to create and foster fresh thinking around Security for IOT (Internet of Things). This includes reports, position paper and working papers and presentations and publication
This Guide examined the field of security architecture from the point of view of security governance. It explains how security architecture governance can be created as a sub-field of security governance and how the principles and structure of the sa
Speaker: Reinhold Wochner @ Raiffeisen Bank International
Please Note - Speaker presentations represent the views of the individual speakers
Speaker: Nilanjan De, Principal Archietect @ Cigital, Inc & Devesh Bhatt, Security Researcher @ Anon
Please Note - Speaker presentations rep
The Atlanta Pen Test Chapter has officially begun and is now actively underway.
Atlanta CISOs and security teams have kicked off Pen Test Chapter #1 (Virtual), an ongoing working series focused on drafting Pen Test Maturity Model v0.1, designed for an intel-led, exploit-validated, and AI-assisted security reality. The chapter was announced at …
