Cloudy with a chance of 0-day - Revision history

Jeremy.long at 02:21, 31 July 2009

2009-07-31T02:21:13Z

Jeremy.long at 02:14, 31 July 2009

2009-07-31T02:14:13Z

Jeremy.long at 01:57, 31 July 2009

2009-07-31T01:57:13Z

Jeremy.long: Created page with '== The presentation == This talk provides a brief overview of cloud computing, and reveals the security risks of moving into the clouds. The concept behind cloud computing is si…'

2009-07-31T01:49:06Z

Created page with '== The presentation == This talk provides a brief overview of cloud computing, and reveals the security risks of moving into the clouds. The concept behind cloud computing is si…'

New page

== The presentation ==

This talk provides a brief overview of cloud computing, and reveals the security risks of moving into the clouds. The concept behind cloud computing is simple: use a hosting provider's IT resources to expand or shrink to meet your needs, and only for pay what you need when you need it. This architecture appeals to many IT managers as it reduces the initial startup costs, maintenance costs, and overhead required to run systems. Got slashdotted? Not a problem. Your cloud presence will seamlessly expand to push your business to the next level. However, as with all new technology, there are inherent risks. This talk will discuss the security risks related to cloud application code, architecture, runtime environment, and development environment, and will include demo applications to illustrate the security risks.

== The speakers ==
Jon Rose is a security consultant for Trustwave - SpiderLabs. Jon has close to a decade of experience performing network and application security assessments, including network penetration testing, blackbox application testing, and code reviews across a wide range of programming languages and technologies. Jon has also led IT policy, standards, and guideline projects, as well as providing IT security remediation support for commercial and government clients. His security expertise also includes building enterprise security programs, providing guidance in an enterprise security architect role, and building security into organizations existing software development lifecycle. Jon has created and delivered security-training courses covering topics such as security awareness, defensive programming (Java and .Net), secure architecture and design, penetration testing, and code analysis.

Tom Leavey is a security consultant for Trustwave - SpiderLabs. Tom Leavey is a Security Consultant with Trustwave. He has many years of industry experience in conducting application security reviews, code reviews, and network penetration tests. Tom is also a security hobbyist and enjoys researching new security frontiers, being particularly interested in physical security and physical penetration testing. Tom believes in public service and has lobbied congress for a personal bailout package consisting mainly of scotch and cigars.

[[Category:OWASP_AppSec_DC_09]][[Category:OWASP_Conference_Presentations]]

@@ Line 1: / Line 1: @@
 == The presentation  ==
-This talk provides a brief overview of cloud computing, and reveals the security risks of moving into the clouds. The concept behind cloud computing is simple: use a hosting provider's IT resources to expand or shrink to meet your needs, and only for pay what you need when you need it. This architecture appeals to many IT managers as it reduces the initial startup costs, maintenance costs, and overhead required to run systems. Got slashdotted? Not a problem. Your cloud presence will seamlessly expand to push your business to the next level. However, as with all new technology, there are inherent risks. This talk will discuss the security risks related to cloud application code, architecture, runtime environment, and development environment, and will include demo applications to illustrate the security risks.<br>
+[[Image:Owasp_logo_normal.jpg|right]]This talk provides a brief overview of cloud computing, and reveals the security risks of moving into the clouds. The concept behind cloud computing is simple: use a hosting provider's IT resources to expand or shrink to meet your needs, and only for pay what you need when you need it. This architecture appeals to many IT managers as it reduces the initial startup costs, maintenance costs, and overhead required to run systems. Got slashdotted? Not a problem. Your cloud presence will seamlessly expand to push your business to the next level. However, as with all new technology, there are inherent risks. This talk will discuss the security risks related to cloud application code, architecture, runtime environment, and development environment, and will include demo applications to illustrate the security risks.<br>
 == The speakers  ==
 Jon Rose is a security consultant for Trustwave - SpiderLabs. Jon has close to a decade of experience performing network and application security assessments, including network penetration testing, blackbox application testing, and code reviews across a wide range of programming languages and technologies. Jon has also led IT policy, standards, and guideline projects, as well as providing IT security remediation support for commercial and government clients. His security expertise also includes building enterprise security programs, providing guidance in an enterprise security architect role, and building security into organizations existing software development lifecycle. Jon has created and delivered security-training courses covering topics such as security awareness, defensive programming (Java and .Net), secure architecture and design, penetration testing, and code analysis.<br>
 Tom Leavey is a security consultant for Trustwave - SpiderLabs. Tom Leavey is a Security Consultant with Trustwave. He has many years of industry experience in conducting application security reviews, code reviews, and network penetration tests. Tom is also a security hobbyist and enjoys researching new security frontiers, being particularly interested in physical security and physical penetration testing. Tom believes in public service and has lobbied congress for a personal bailout package consisting mainly of scotch and cigars.
 [[Category:OWASP_AppSec_DC_09]] [[Category:OWASP_Conference_Presentations]]

@@ Line 1: / Line 1: @@
 == The presentation  ==
-[[Image:OWASP IL 2008 01 Ofer Shezaf.jpg|right]] This talk provides a brief overview of cloud computing, and reveals the security risks of moving into the clouds. The concept behind cloud computing is simple: use a hosting provider's IT resources to expand or shrink to meet your needs, and only for pay what you need when you need it. This architecture appeals to many IT managers as it reduces the initial startup costs, maintenance costs, and overhead required to run systems. Got slashdotted? Not a problem. Your cloud presence will seamlessly expand to push your business to the next level. However, as with all new technology, there are inherent risks. This talk will discuss the security risks related to cloud application code, architecture, runtime environment, and development environment, and will include demo applications to illustrate the security risks.<br>
+This talk provides a brief overview of cloud computing, and reveals the security risks of moving into the clouds. The concept behind cloud computing is simple: use a hosting provider's IT resources to expand or shrink to meet your needs, and only for pay what you need when you need it. This architecture appeals to many IT managers as it reduces the initial startup costs, maintenance costs, and overhead required to run systems. Got slashdotted? Not a problem. Your cloud presence will seamlessly expand to push your business to the next level. However, as with all new technology, there are inherent risks. This talk will discuss the security risks related to cloud application code, architecture, runtime environment, and development environment, and will include demo applications to illustrate the security risks.<br>
 == The speakers  ==
-Jon Rose is a security consultant for Trustwave - SpiderLabs. Jon has close to a decade of experience performing network and application security assessments, including network penetration testing, blackbox application testing, and code reviews across a wide range of programming languages and technologies. Jon has also led IT policy, standards, and guideline projects, as well as providing IT security remediation support for commercial and government clients. His security expertise also includes building enterprise security programs, providing guidance in an enterprise security architect role, and building security into organizations existing software development lifecycle. Jon has created and delivered security-training courses covering topics such as security awareness, defensive programming (Java and .Net), secure architecture and design, penetration testing, and code analysis.Tom Leavey is a security consultant for Trustwave - SpiderLabs. Tom Leavey is a Security Consultant with Trustwave. He has many years of industry experience in conducting application security reviews, code reviews, and network penetration tests. Tom is also a security hobbyist and enjoys researching new security frontiers, being particularly interested in physical security and physical penetration testing. Tom believes in public service and has lobbied congress for a personal bailout package consisting mainly of scotch and cigars.
+Jon Rose is a security consultant for Trustwave - SpiderLabs. Jon has close to a decade of experience performing network and application security assessments, including network penetration testing, blackbox application testing, and code reviews across a wide range of programming languages and technologies. Jon has also led IT policy, standards, and guideline projects, as well as providing IT security remediation support for commercial and government clients. His security expertise also includes building enterprise security programs, providing guidance in an enterprise security architect role, and building security into organizations existing software development lifecycle. Jon has created and delivered security-training courses covering topics such as security awareness, defensive programming (Java and .Net), secure architecture and design, penetration testing, and code analysis.<br>
 [[Category:OWASP_AppSec_DC_09]] [[Category:OWASP_Conference_Presentations]]