This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP AppSec DC 2012/AMI Security"
Mark.bristow (talk | contribs) (Created page with "<noinclude>{{:OWASP AppSec DC 2012 Header}}</noinclude> __NOTOC__ == The Presentation == rightAdvanced Metering Infrastructure (AMI) is the mo...") |
Mark.bristow (talk | contribs) |
||
(One intermediate revision by the same user not shown) | |||
Line 2: | Line 2: | ||
__NOTOC__ | __NOTOC__ | ||
== The Presentation == | == The Presentation == | ||
− | + | Advanced Metering Infrastructure (AMI) is the most exposed part of the Smart Grid. Public-facing devices include smart meters on the sides of businesses and houses and aggregation points on the top of telephone poles. But the risks and vulnerabilities do not stop here. The back-end resources of an AMI implementation are still potentially vulnerable to all of the same threat vectors as everyday web-based business solutions. Cross-site scripting, cross site request forgery, insufficient network monitoring, and questionable web server and database configurations all play a part in increasing the risk to the AMI deployment and the electrical grid itself. This presentation will outline these vulnerabilities and provide recommendations that will increase the security of an AMI deployment and increase the reliability of the electrical infrastructure it supports. This presentation will cover the following topics:<br>- AMI implementation overview from Smart Meters to the back-end resources - Smart meter hacking techniques and mitigations - FHSS analysis techniques and mitigations - Network configuration and monitoring concerns and mitigations - Web application vulnerabilities and mitigations | |
== The Speakers == | == The Speakers == | ||
− | John Sawyer and Don Weber | + | <table> |
+ | <tr> | ||
+ | <td> | ||
+ | ===John Sawyer=== | ||
+ | [[Image:AppSecDC12-Sawyer.jpg|left]]John Sawyer is a Senior Security Analyst with InGuardians specializing in network and web application penetration testing. John's experience in enterprise IT security includes penetration testing, system and network hardening, intrusion analysis, and digital forensics. | ||
+ | |||
+ | John has developed and taught cyber security training for a large university and spoken at events for industry and law enforcement. He has consulted with federal, state, and local law enforcement agencies on malware analysis, hacker attacks, and digital forensics. John is the author of the popular blog, "Evil Bytes", at DarkReading.com, and a member of the winning team from DEF CON 14 and 15's Capture the Flag competition. | ||
+ | </td> | ||
+ | </tr> | ||
+ | <tr> | ||
+ | <td> | ||
+ | ===Don Weber=== | ||
+ | [[Image:AppSecDC12-Webber.jpg|left]]Jack of All Trades and hardware analysis expert for the InGuardians. Don specializes in physical and information technology penetration testing, web assessments, wireless assessments, architecture review, incident response/digital forensics, product research, hardware research, code review, security tool development, and the list goes on. Don is currently focusing on hardware research specifically in the technologies surrounding products comprising the SMART GRID. He has focused on implementing various communication protocols and microprocessor disassembers/emulators for research, testing, risk assessment, and anything else you can think of with these technologies. | ||
+ | </td> | ||
+ | </tr> | ||
+ | </table> | ||
<noinclude>{{:OWASP AppSec DC 2012 Footer}}</noinclude> | <noinclude>{{:OWASP AppSec DC 2012 Footer}}</noinclude> |
Latest revision as of 00:44, 13 March 2012
Registration Now OPEN! | Hotel | Schedule | Convention Center | AppSecDC.org
The Presentation
Advanced Metering Infrastructure (AMI) is the most exposed part of the Smart Grid. Public-facing devices include smart meters on the sides of businesses and houses and aggregation points on the top of telephone poles. But the risks and vulnerabilities do not stop here. The back-end resources of an AMI implementation are still potentially vulnerable to all of the same threat vectors as everyday web-based business solutions. Cross-site scripting, cross site request forgery, insufficient network monitoring, and questionable web server and database configurations all play a part in increasing the risk to the AMI deployment and the electrical grid itself. This presentation will outline these vulnerabilities and provide recommendations that will increase the security of an AMI deployment and increase the reliability of the electrical infrastructure it supports. This presentation will cover the following topics:
- AMI implementation overview from Smart Meters to the back-end resources - Smart meter hacking techniques and mitigations - FHSS analysis techniques and mitigations - Network configuration and monitoring concerns and mitigations - Web application vulnerabilities and mitigations
The Speakers
John SawyerJohn Sawyer is a Senior Security Analyst with InGuardians specializing in network and web application penetration testing. John's experience in enterprise IT security includes penetration testing, system and network hardening, intrusion analysis, and digital forensics.John has developed and taught cyber security training for a large university and spoken at events for industry and law enforcement. He has consulted with federal, state, and local law enforcement agencies on malware analysis, hacker attacks, and digital forensics. John is the author of the popular blog, "Evil Bytes", at DarkReading.com, and a member of the winning team from DEF CON 14 and 15's Capture the Flag competition. |
Don WeberJack of All Trades and hardware analysis expert for the InGuardians. Don specializes in physical and information technology penetration testing, web assessments, wireless assessments, architecture review, incident response/digital forensics, product research, hardware research, code review, security tool development, and the list goes on. Don is currently focusing on hardware research specifically in the technologies surrounding products comprising the SMART GRID. He has focused on implementing various communication protocols and microprocessor disassembers/emulators for research, testing, risk assessment, and anything else you can think of with these technologies. |
Gold Sponsors |
||||
Silver Sponsors |
||||
Small Business |
||||
Exhibitors |