Securing the Spark Fire Hose

Jack Mannino and Abdullah Munawar at LASCON 2016, 11/04/2016

Apache Spark is an awesome cluster computing framework used in big data analytics for stream and batch processing. Spark is used for machine learning and predictive analytics using large, streaming data sets from a variety of sources. Spark is often deployed with a distributed messaging system like Kafka, with a high-throughput NoSQL database like Cassandra, and distributed across a cluster of resources with Mesos. As you would imagine, each of these components can hold or process critical data at any given time and each plays a unique role in keeping our data rolling smoothly through the pipeline. We want to make sure that data remains safe at all times, jobs finish in a timely manner, and things remain stable when something goes wrong.

On being an Eeyore in Infosec

Stefan Edwards at GrrCON 2016, 10/07/2016

This talk will discuss why everything from clients to technology to community are completely broken, and how to accept this fact in order to lead a better more fruitful life. This talk focuses on what potential tools and policies exist that are "better", and discusses why they're not in general use. Click here to view slides.

DevOops Redux

Ken Johnson at DerbyCon 2016, 09/23/2016

In a follow-up to the duo's offensive focused talk "DevOops, How I hacked you?", they discuss defensive countermeasures and real experiences in preventing attacks that target flaws in your DevOps environments. In this talk, Chris and Ken describe common ways in which DevOps environments fall prey to malicious actors with a focus on preventative steps. Click here to view slides.

AWS Security

Ken Johnson at nVisium AWS Security Webinar, 06/15/2016

nVisium CTO, Ken Johnson, discusses his lessons learned and approach for hardening, monitoring, and disaster recovery as it applies to AWS Security. Click here to view slides.

Secure Coding with Node.js

Seth Law at JS.LA April 2016, 04/28/2016

As we all knew it would, JavaScript has finally overtaken the server. This departure from the client to the server introduces a number of security issues and problems that the language does not handle by default. This talk will cover and demonstrate prevalent security vulnerabilities in Node.js applications. In addition, it will address existing security controls within JavaScript code through the use of an intentionally vulnerable Node.js application.

It's 10pm, Do You Know Where Your Access Keys Are? (slides only)

Ken Johnson at AWS Loft NYC Meetup, 02/24/2016

We know that a large number of organizations are using AWS or are planning to. We also know that hackers are targeting organization’s AWS infrastructure. What you may not know, is how hackers are doing this and what you can do about it.

Testing Tools for iOS Applications (slides only)

David Lindner at OWASP MSP February Chapter Meeting, 02/17/2016

With the surge of mobile applications into the forefront of most any organization, making sure the applications are secure is becoming a pain point. Both internally developed and 3rd party mobile applications are being used by all sorts of businesses to be faster and more efficient in their day-to-day work. However, how do we test for vulnerabilities? What tools exist for testing of such mobile applications?

Swift-ly Secure

Seth Law at SF Swift Meetup, 01/14/2016

With the recent open-sourcing of Swift, the barrier to entry to create iOS and OS X apps has been lowered, but old vulnerabilities still exist and developers still make mistakes that violate users’ privacy and expose an organization to additional risk.

Mobile Top Ten Security Risks - iOS (slides only)

David Lindner at OWASP MSP January Chapter Meeting, 01/13/2016

With over 3.1 million applications in the Apple AppStore and Google Play Store, and more than 7.5 billion mobile subscribers in the world, mobile application security has been shoved into the forefront of many organizations. The Open Web Application Security Project (OWASP) has aimed to help organizations understand the most prevalent mobile risks with their released OWASP Mobile Top Ten Risks of 2014.

Battle-Hardened: Secure your Code (slides only)

David Vo at Austin Droids Meetup, 12/15/2015

Security, particularly in the mobile space, has become ever more vital. Most experts agree that app development is not doing enough to protect user data.

  Contact Us