Advertise on ITWeb         Sat, 20 Oct, 13:47:02 PM

Practical Security: Solutions for challenging times
Don't miss out, book your seat today!

Dates: 11 - 13 May 2010

Venue: Sandton Convention Centre

 
DAY 2: 12 May 2009 (Wednesday)
 
Technical/operational security – Top 10 hacks, botnets, trojans, smartphone security, cloud computing, virtualisation, SaaS, practical return-oriented programming techniques, web application server attacks, defeating SSL, exploiting Microsoft DEP and more ...
 
07:30 ARRIVAL AND REGISTRATION

08:30 Opening Address from the Conference Chair
 
08:40 Joe GrandPerspectives from the L0pht
Joe Grand
, President, Grand Idea Studio
  This session is a look back at Joe's experiences growing up in one of the most recognised hacker groups in the world during the burgeoning days of the computer security industry and how the industry has changed, or stayed the same, since then. For nearly a decade, Joe Grand (aka Kingpin) was a member of the infamous hacker collective known as L0pht Heavy Industries in Boston, Massachusetts.

Starting in the early 1990s as a clubhouse for local hackers to store computer equipment, tinker with projects, and just hang out, the L0pht ended up as seven close-knit friends changing the face of computer security vulnerability research and disclosure. The group would discover security flaws in software applications and hardware products and challenge the vendors to not only acknowledge the problems, but to fix them - a feat practically unheard of at the time.

In 1998, they gained public attention testifying before the United States Senate Governmental Affairs Committee and were praised as "modern day Paul Reveres" for their warnings of computer security weaknesses. In an anticlimactic ending in 2000, the L0pht was sold to a security consulting start-up and the original members eventually went their separate ways.

 
A look back at the early days of the computer security industry
Perspectives on how the industry has changed, or stayed the same
 
09:25 A Web Hacking Odyssey – The Top Ten Hacks of the Year
Jeremiah Grossman
, Founder & CTO, White Hat Security
  Every year, powerful new Web hacking techniques are revealed, many of which are highly sophisticated and esoteric. Staying up-to-date on these threats is a full-time job. This session separates the best from the rest and selects the top 10 to cover in technical detail. The session will explore how Web security is impacted, the business risks posed, which are likely to be used maliciously and some of the prevalent security issues emerging in 2010.
 
The top 10 Web hacking techniques
How Web security is impacted
The business risks posed
The prevalent security issues emerging in 2010
 
10:10 MORNING REFRESHMENTS & NETWORKING
 
10:40 Charlie MillerSmartphone security: The past, present and the future
Charlie Miller, Principal Analyst, Software Security, Independent Security Evaluators
  Charlie will discuss smartphone security from a historical perspective. He will begin by outlining the threats posed by smartphones and what makes smartphone payloads unique. Then, he will discuss the security architectures of a few platforms. Finally, Charlie will demonstrate attacks that have been successful in the past and how they worked. He will end by making wild speculations about the future of smartphone security.
 
The smartphone threat evolution
Security architectures of a new platforms
Successful smartphone attacks and how they worked
The future of smartphone security
 
  PANEL: The ultimate defence - think like a hacker
11:25 PANELLISTS: Felix FX Lindner, Recurity Labs; Dino Dai Zovi, Independant security reasearcher; Charlie Miller, Independent Security Evaluators; Moxie Marlinspike, Independent Computer Security Researcher
Felix Lindner Charlie Miller Moxie Marlinspike
   
  Sometimes it seems like the criminals will always have the upper hand. No matter what we do and how much we spend they still steal our data, our credit cards and even our identities. Why does this happen? It’s because criminals know how to “think outside the box” - to automatically look for the back door or the hidden weaknesses. We'll ask our panel of experts to think like a hacker and offer their ideas for defending against them effectively in 2010.
 
 
(T1) TRACK 1: Technical Hands-on
(T2) TRACK 2: Technical/Operations
(T3) TRACK 3: Technology Insight

  TRACK 1: Technical Hands-on

(T1) Exploiting Windows DEP using Return-Oriented Programming
Dino Dai Zovi, Independent security researcher
 
 
The importance of preventing malicious computations
Practical applications of return-oriented techniques
   
(T1) Encoding, character sets and security
Marco Slaviero, SensePost
 
 
The impact of poor encoding support and security implications
Methods for resolving character set issues and common bugs
Practical advice for developers for future application development
   
(T1) Hardware is the new software: High-profile attacks against electronic devices
Joe Grand, President, Grand Idea Studio
 
 
Understanding the hardware hacking process
A look at high-profile attacks against electronic devices
   
(T1) Moxie MarlinspikeSome tricks for defeating SSL in practice
Moxie Marlinspike, Independent Computer Security Researcher
 
 
How to exploit BasicConstraints vulnerabilities
How to exploit SSL stripping
How to exploit null-prefix attacks on X.509 certificates
   
(T1) Attacking web application servers
Ian de Villiers
, Associate Security Analyst, Sensepost
 
 
Shortcomings within web application frameworks and portal applications
Scenarios where remote attackers can exploit vulnerable applications

  TRACK 2: Technical/Operations

(T2) Security is easy, in theory
Felix FX Lindner, Owner, Recurity Labs and Computer & Network Security Consultant
 
 
Fault-free Software
Global Authentication
Common Interface Formats
Encryption and Integrity
Authorization
Availability
   
(T2) Security as a service: Hands-on? Hands-off?..or somewhere in-between?
Jonathan Wilkinson,
Director, Hosted Security, Websense
 
 
Learn what’s driving the growing demand for SaaS and hybrid security offerings
Hear how other organisations have implemented SaaS security, what lessons they learned and how they’ve managed to reduce costs without sacrificing security
Discover which traditional security applications make sense as a SaaS offering and which do not
   
 (T2) Maeson MaherryChange Happens: Building security with a business roadmap
Maeson Maherry, Director, L@Wtrust
 
A case study of fraud management
The principles of business, law and information security
Mitigating risks and building a secure business foundation
From PKI to compliance and process streamlining
   
(T2) Securing the mobile enterprise
Samresh Ramjith, CTO, Dimension Data Security
 
 
Policy and strategy development to create a secure mobile workplace
A proactive plan to address mobile security challenges
The benefits once a secure mobile workforce is achieved
   
(T2) Seamless and compliant management of your encryption keys
  Tony Acharia, senior pre-sales consultant, Becrypt UK
 
Standards and technologies for encryption key management
Best practice management of encryption keys to ensure regulatory compliance
Compliance requirements in accordance with the PCI DSS Standard
The importance of key management to maintain data confidentiality
Key management as an element of corporate governance and the relevance to King III

  TRACK 3: Technology Insight

(T3) Cleaning up Africa as we join the 21st century: Botnets and the new economy
Barry Irwin, Department of Computer Science, Rhodes University
 
 
Security challenges facing African countries in the coming years
Skills and user education required to deal with the threats
Emerging and future risks for the African continent
Possible means of remediation and prevention
   
(T3) From infection to cashout - how the new breed of trojans operate
Etay Maor, Project Manager, RSA FraudAction Research Lab
 
 
Trojan discussions in the fraudster underground
New infection methods (including infection rate statistics)
MITB Trojans w/w.o session hijacking (OTP bypassing)
Different types of HTML injection
Auto transfers to static and dynamic mules
A short discussion about Mobile Trojans
How to fight back
   
(T3) Putting the trust back into email & web
Ed Rowley,
field product manager EMEA, M86 Security
 
 
Understanding and identifying critical Web and email security risks
Steps to take to reduce overall cost and minimise the risks of gateway security breaches
   
(T3) Why in-the-cloud security technologies are the answer
Rik Ferguson, Senior Security Advisor, Trend Micro
 
 
Why is security moving into-the-cloud?
How is security evolving to address the new threat landscape and is the Cloud solution the best?
Does an In-The-Cloud security strategy reduce your risk and can it reduce your TCO?
Integrating an In-The-Cloud security strategy into your business.
   
(T3)

Security in the virtualised environment

  Justin Lee, Territory Manager-Africa, Juniper Networks

 
END OF DAY TWO & BEER FEST Sponsored by

Click here to view day three

 

EVENT SPONSOR

PLATINUM SPONSOR

GOLD SPONSORS

SILVER SPONSORS

BRONZE SPONSORS

DISPLAY SPONSORS

   

BEERFEST SPONSOR

SPONSORS

TECHNICAL ADVISORY COMMITTEE



 

EVENT SPONSOR
SecureData offers extended value-add to customers, resellers and vendors alike. Our multi-centric, best-practice security solutions span the perimeter, network, endpoint, storage application and data protection - all supported by SecureData’s highly skilled technical, product, marketing and sales teams, enabling our partners to deliver high-quality security solutions and services.


Who should attend?
Those accountable for information security within their areas of expertise, including
> CIOs
> IT/MIS Staff
> Internet Security Managers
> Systems Planners and Analysts
> Security Analysts
> Systems Administrators
> Software and Application Developers
> Engineers
> Technical and Support Specialists
> Systems Integrators
> Web Masters
> Strategic Planners
> Security Vendors

BENEFITS OF ATTENDING
For security professionals and practitioners:
> Get practical, technical advice to solve your information security business challenges
> Find out what works, and what doesn't for securing your web applications
> Examine attack patterns and the increased precision of modern attacks
> Find out the most efficient, effective ways to protect your data and applications
> Make sure your security policies and procedures meet future business and legal requirements
> Witness live demonstrations of hacker tools and techniques
> Exchange ideas with industry experts in the field of information security

What can you expect?
> Cutting-edge educational programme featuring the latest developments in information security
> Keynote addresses delivered by some of the world’s leading IT organisations and security experts
> Expert advice on emerging threats, the key challenges ahead and all things security; from compliance to data protection and vulnerability management
> Bespoke itinerary allowing you to choose from more than 30 individual sessions
> Hands-on demonstrations of the latest solutions from specialist suppliers
> Excellent networking opportunities with your peers, global security experts and leading vendors
> Meet over 30 solution providers who showcase their latest solutions in the Security Solutions Centre
  Complimentary lunch and refreshments with a social cocktails evening at the end of each day

TECHNICAL ADVISORY COMMITTEE
ITWeb is committed to keeping the Security Summit at the forefront of both local and global trends in IT Security. To achieve this we have enlisted a team of esteemed South African practitioners to assist us in planning for the event. Lead by SensePost, this team's role is to advise us on theme, tracks, topics and speakers and, finally, to review and provide input on talks and papers.