Loading…

Log in to bookmark your favorites and sync them to your phone or calendar.

Builder [clear filter]
Wednesday, October 18
 

10:10

Authentication Without Authentication
Authentication is important, but how do you authenticate when user interaction is not an option? For example, an IoT app without a user interface. We need to authenticate the app - without any predefined credentials. Want to see how? Join me for this session, including a live demo on Raspberry Pi!

Speakers
avatar for Dirk Wetter

Dirk Wetter

Dirk Wetter (Ph.D.) is an independent security consultant with more than 20 years of professional experience in information security. He has a broad technical and information security management background. He has published over 60 articles in computer magazines.His primary focus... Read More →



Wednesday October 18, 2017 10:10 - 10:55
Main Auditorium

11:05

Bleeding Secrets!
We do our best to protect the servers' information using security controls like TLS communication, Firewall and advanced security cloud services, but then they bleed secrets (arbitrary pieces of memory are leaked to a potential attacker).

This talk observes three zero days found within security solutions (two from this year) that can be the cause for data breaches like the one from May 31 where OneLogin was breached and encrypted secrets were stolen in clear text.
We will review code, understand the vulnerabilities, assess the root cause, challenge a few assumptions (on open-source, security solutions and others) and review some best practices that can help prevent such vulnerabilities.

Speakers
avatar for Ofer Rivlin

Ofer Rivlin

Product Security Lead, CyberArk
Leading the product security at CyberArk. 10 years of experience as a cybersecurity architect of enterprise, cloud, connected cars and security products, as well as a senior security researcher. 10 years of experience as a developer and architect before entering the security domain.Led... Read More →



Wednesday October 18, 2017 11:05 - 11:50
Main Auditorium
  • Technical Level All

12:15

Infusing Security Awareness in Agile Product Management
The goal of our session is to inspire organizations to increase their security conscience, by addressing the security from both process and content points of view.
As part of the Shift Left movement in the world of security,we'd like to suggest a surprising security ambassador: The Product Manager.

Speakers
avatar for Elena Kravchenko

Elena Kravchenko

ADM BU Security Lead, Micro Focus (former HPE Software)
Elena represents the Security side of the project and brings vast experience in both development and security areas. She is responsible for a department developing 12 products ( ~400 developers) HPE Software Security Lead for HPE's Application Delivery Management (ADM) Business... Read More →
avatar for Efrat Wasserman

Efrat Wasserman

Product manager, Intel
Efrat is a Product Manager at Intel. Efrat brings deep knowledge and experience in both software development and project/product management areas. Efrat's former position was a Senior Program Manager at HPE SW, Efrat holds a BSc in Computer Science and Mathematics and an MBA in... Read More →


Wednesday October 18, 2017 12:15 - 13:00
Main Auditorium
  • Technical Level All

13:10

Stranger Danger: Addressing Security Risk in Open Source Code

Open source modules, maven and python packages, ruby gems and especially npm, are undoubtedly awesome. However, they also represent an undeniable and massive risk. You’re introducing someone else’s code into your system, often with little or no scrutiny. The wrong package can introduce severe vulnerabilities into your application, exposing your application and your users data.

The security risk from vulnerable open source binaries is well understood. While still often mishandled, there are good practices for tackling it, and industry trends like Serverless & PaaS all but eliminate it.

Vulnerabilities in open source code packages, however, get practically no air time. These packages, pulled from the likes of npm, RubyGems and Maven, are just as prevalent, outdated and hard to manage. More importantly, they’re just as vulnerable!

In this talk I’ll share details and demonstrate several vulnerabilities in popular packages. For each issue, I’ll explain why it happened, show its impact, and – most importantly – see how to avoid or fix it.


Speakers
avatar for Danny Grander

Danny Grander

Security, Snyk
Danny Grander is a veteran security researcher and the cofounder of Snyk.io, where he works on open source security and leads Snyk’s security research. Previously, Danny was the CTO of Gita Technologies and a lead researcher and developer for a few startups. Danny is a frequent... Read More →



Wednesday October 18, 2017 13:10 - 13:35
Main Auditorium

15:25

Securing Your Systems With Vault
In the modern cloud, highly available and reliable data is key to orchestration of independent services which need to pop in & out of existence, seemingly at random, but how do we secure shared configuration and application secrets? In this talk I'll introduce a tool designed just for this purpose!

Speakers
IG

Issac Goldstand

Principal Enterprise Architect, ironSource
Issac has been involved in the Web community for over 15 years. With a strong background in the Apache Web Server internals, and optimizing web applications, Issac continues to churn out highly optimized web applications in a variety of languages and servers, as well as mentoring... Read More →


Wednesday October 18, 2017 15:25 - 16:10
Room 10 - CS and Communications Building
  • Technical Level All

16:30

Are you ready for OpenID Connect?
Do you know what is the OpenID Connect protocol?
Do you want to understand why Google, Microsoft and other internet companies use it?
Do you want to enable the OpenID Connect protocol authentication server in your organization?
You need to come to this lecture to get answers to these questions.

Speakers
MF

Michael Furman

Security Architect, Tufin
I have over 10 years of experience with application security. During the last 3+ years I am the Lead Security Architect for Tufin which is the leading provider of security policy orchestration solutions. I am responsible for the overall security of Tufin Orchestration Suite which... Read More →



Wednesday October 18, 2017 16:30 - 17:15
Room 10 - CS and Communications Building
  • Technical Level All