This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Los Angeles/2009 Meetings/July 21

Jump to: navigation, search

Topic: Lock picks, BumpKeys, and Hackers oh my! How secure is your application?

Speaker: David M. N. Bryan

David M. N. Bryan, NetSPI has 10 years of computer security experience, including consulting, engineering, and administration. He has performed security assessment projects in the healthcare, nuclear, manufacturing, pharmaceutical, banking and educational sectors.
As an active participant in the information security community, he volunteers at DEFCON, where he designs and implements the firewall and network for what is said to be the most hostile network environment in the world. This network allows speakers, press, vendors, and others to gain access to the Internet, without being hacked. In his spare time he and his wife run the local DEFCON group, DC612 and participate in the Minneapolis OWASP chapter.

Abstract: Lock picks, BumpKeys, and Hackers oh my! How secure is your application?

This talk will focus on physical security controls, weaknesses, and counter measures. I will present on what lock picking is, how bump keys work, and ways to subverting electronic locks. We will also go into what are good controls, and what is often overlooked when designing secure environments. Many of the topics covered apply to application security, as the methods for securing these devices is by using obscurity. In the application world with automated tools and scripts, this does not hold water for very long.