1. Matt Wood
    Sunera

    JavaScript applications continue to become more and more complex. With real-time collaboration in mind and entire applications becoming supported by a "single UI page," a new buzzword for these applications has arisen over the last few years, Reactive Applications/JavaScript. Stated simply, this is the separation of the HTML/CSS UI from the real-time event-driven data-backend. There are many compelling reasons for these advances/changes, unfortunately many of the same application design mistakes are being made that the industry saw when AJAX heavy applications first entered the majority (the over exposure of the data API). While some frameworks allow for secure deployment, it is not easy or intuitive in all cases. Many researchers and framework developers have put a lot of effort into the security design of these "reactive" frameworks, but application developers are not utilizing these features effectively, or worse, do not know it is necessary. This presentation will offensively review some of the new technologies employed, how to identify these event-driven backends, review several OWASP attack classes in the context of "Reactive" frameworks (MeteorJS/RxJS/Microsoft Data API/Angular) and finally how to address data-security within these "Reactive" frameworks. Attendees will witness poorly secured reactive frameworks dumping sensitive information, effective injection techniques against various reactive endpoints and finally what a security professional needs to know and look for to identify and secure "Reactive" endpoints across several frameworks.

    # vimeo.com/136340913 Uploaded 28 Plays 0 Comments
  2. Roy Wattanasin
    MITM
    The time has begun. You have already heard about these warnings from the news and from your security intelligence infrastructure.

    The FBI had warned that hackers are or will be targeting your healthcare organization. 2014 was a rough year for data security in the healthcare industry. About 43 percent of breaches came from healthcare per the Ponemon Institute. 2015 has been a trickier and rougher year with one of the largest healthcare breaches reported to date. This talk highlights and walks you through the top four healthcare breaches.

    It plans to dive in to the role as a security investigator (using public information), review how/why the breach happened, when it was discovered, how many people were impacted, whom had discovered it and what the organization(s) did to assist and help with the breach. Additionally, the open talk hopes to provide recommendations on how to help prevent the breaches and get comments and feedback from the audience. All references and sources will be provided from the research that has been done. “Time is inevitable, but knowledge and pro-activeness is on your side. “

    # vimeo.com/139852734 Uploaded 14 Plays 0 Comments
  3. # vimeo.com/139851845 Uploaded 2 Plays 0 Comments
  4. Wade Woolwine
    Josh Feinblum
    Rapid7
    How can you effectively leverage a third party provider in your incident response program? In this talk the speakers will provide an inside look at how incident response programs can succeed, drawing from years of experience and real-world scenarios to share what works when you’re evaluating a vendor – as well as what doesn’t, and the steps you can take to ensure an effective third-party partnership, including how to classify assets, users and data and the importance of practicing response scenarios.

    # vimeo.com/140566514 Uploaded 5 Plays 0 Comments
  5. Michael Roytman
    risk.io
    Security Metrics are often about the performance of information security professionals - tranditional ones are centered around vulnerability close rates, timelines, or criticality ratings. But how does one measure if those metrics are the rights ones? How does one measure risk reduction, or how sucecssful your metrics program is at operationalizing that which is necessary to prevent a breach?

    This talk will borrow concepts from epidemeology, repeated game theory, classical and causal probability theory in order to demonstrate some inventive metrics for evaluating vulnerability management stategies. Not all vulnerabilities are at risk of being breached. Not all people are at risk for catching the flu. By analogy, we are trying to be effective at catching the "disease" of vulenrabilities which are succeseptible to breaches, and not all are. How do we determine what is truly critical? How do we determine if we are effective at remediating what is truly critical? Because the incidence of disease is unknown, the absolute risk can not be calculated. This talk will introduce some concepts from other fields for dealing with infosec uncertainty.

    # vimeo.com/139861061 Uploaded 380 Plays 0 Comments

Source Boston 2015

p larson Plus

Browse This Channel

Shout Box

Heads up: the shoutbox will be retiring soon. It’s tired of working, and can’t wait to relax. You can still send a message to the channel owner, though!

Channels are a simple, beautiful way to showcase and watch videos. Browse more Channels.