This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "2016 BASC Homepage"

From OWASP
Jump to: navigation, search
(Presentions)
Line 12: Line 12:
 
== Registration ==
 
== Registration ==
  
[https://www.eventbrite.com/e/boston-application-security-conference-basc-2016-tickets-27531266760 Register now.]
+
[https://www.eventbrite.com/e/boston-application-security-conference-basc-2016-tickets-27531266760 Please register now!]
 +
 
 +
Admission to the BASC is free but [https://www.eventbrite.com/e/boston-application-security-conference-basc-2016-tickets-27531266760 registration] is required for breakfast, lunch, and the evening social time. We will do everything possible to accommodate late registrants but the facility and food are limited.
  
 
== Keynote ==
 
== Keynote ==
Line 42: Line 44:
 
The [http://tinyurl.com/basc2016training Call for Training] is open.
 
The [http://tinyurl.com/basc2016training Call for Training] is open.
 
-->
 
-->
 
== Presention Details ==
 
[https://www.owasp.org/index.php/2016_BASC_Presentations Presentation Info]
 
 
== Workshops ==
 
[https://www.owasp.org/index.php/2016_BASC_Training Workshops and Training details]
 
 
== Speaker Details ==
 
[https://www.owasp.org/index.php/2016_BASC_Speakers Speaker Info]
 
 
== OWASP Boston Chapter ==
 
BASC is presented by the [https://www.owasp.org/index.php/Boston OWASP Boston] chapter.
 
 
<!--
 
{{2016 BASC:Section Template | Keynote}}
 
 
'''"How I Teach Security"'''
 
 
Rob Cheyne, CEO, Big Brain Security, Executive Director, SOURCE Conference
 
 
[[File:RobCheyne.jpg|left]]After spending over 10 years as a builder of software systems, and the next five years on the breaking side of things, I then spent over a decade teaching information security concepts to over 25,000 people around the world at leading global organizations.
 
 
Over the course of this work, I’ve noticed some interesting patterns across my body of students and clients.
 
 
In most organizations, I have seen have at least one critical area of the business where basic information security best practices were not implemented where they should be. In many cases, this is because people are either not factoring in an accurate representation of infosec risks into their planning & project life cycles, or they willfully ignore them.
 
 
The reason for this often boils down to one thing: the overall level of security awareness in most places is pretty low, even amongst developers, and even in organizations where you would think it should be a lot higher. Amongst business and management groups, it can be practically non-existent because security is still often assumed to be the purview of the security group, the infrastructure team, or the developers.
 
 
In such an environment, business requirements often take precedence over security requirements, even when the security requirements are truly protecting the best interests of the business.
 
 
I have seen that many people within a typical organization:
 
* have little to no understanding of the actual risks they face.
 
* have no idea how to balance rational security options against business requirements to mitigate those risks.
 
* think that security is somebody else’s job, and ignore it accordingly.
 
* believe that internal systems are somehow safe from attack
 
* think that the data breach will never happen to them
 
 
I have come to believe strongly that this is as much as much our failure to communicate and influence information security initiatives as it is the business' failure to understand. Given the shortage of infosec professionals in the marketplace, I believe the only way we can scale ourselves is to communicate what we know more effectively.
 
 
In short, we need to learn how to communicate what we know much, much better than we are doing today.
 
 
Security is arguably much more of a people problem than a technology problem, and the ability to communicate rational security wisdom to people outside of the “InfoSec echo chamber” is a highly underrated skill. There are many areas of security where we have solid best practices, but they aren’t followed because the people who need to hear the message the most simply never receive it.
 
 
Please join me in this frank & interactive discussion of what it means to communicate information security outside of our echo chamber, and discuss some specific strategies for doing so.
 
  
 
{{2016 BASC:Section Template | The Details}}
 
{{2016 BASC:Section Template | The Details}}
* Date: Saturday, October 3<sup>rd</sup>, 2016
 
* Location: [http://microsoftcambridge.com/Default.aspx NERD]
 
* Directions: [http://microsoftcambridge.com/About/Directions/tabid/89/Default.aspx NERD's website] or [http://maps.google.com/places/us/ma/cambridge/memorial-dr/1/-microsoft-new-england-research-and-development-center?hl=en&gl=us Google Maps]
 
 
* [[2016_BASC_Agenda | Agenda]]
 
* [[2016_BASC_Agenda | Agenda]]
 +
* [[2016_BASC_Presentations | Presentations]]
 +
* [[2016_BASC_Training | Training Workshops]]
 
* [[2016_BASC_Speakers | Speakers]]
 
* [[2016_BASC_Speakers | Speakers]]
* [[2016_BASC_Presentations | Presentations]]
 
* [[2016 BASC InfoSec Communication Workshop|InfoSec Communication Workshop]]
 
 
* LinkedIn [https://www.linkedin.com/groups/Boston-Application-Security-Conference-BASC-4631647 Group]
 
* LinkedIn [https://www.linkedin.com/groups/Boston-Application-Security-Conference-BASC-4631647 Group]
 
* Twitter: Follow [http://twitter.com/#!/BASConf @BASConf] HashTag: #basc2016
 
* Twitter: Follow [http://twitter.com/#!/BASConf @BASConf] HashTag: #basc2016
* [[Media:BASCSponsorship2016.docx|Sponsorship Kit]]
+
* [[Media:BASCSponsorship2016.pdf|Sponsorship Kit]]
 +
* [https://www.eventbrite.com/e/boston-application-security-conference-basc-2016-tickets-27531266760 Registration]
  
{{2016 BASC:Section Template | Registration}}
+
== OWASP Boston Chapter ==
 
+
BASC is presented by the [https://www.owasp.org/index.php/Boston OWASP Boston] chapter.  
Admission to the BASC is free but [http://www.eventbrite.com/e/boston-application-security-conference-basc-2016-tickets-1783483447 registration] is required for breakfast, lunch, and the evening social time. We will do everything possible to accommodate late registrants but the facility and food are limited. [http://www.eventbrite.com/e/boston-application-security-conference-basc-2016-tickets-1783483447 Online registration] is now open and you are encouraged to register early.
 
  
-->
 
  
 
{{2016_BASC:Footer_Template | Welcome}}
 
{{2016_BASC:Footer_Template | Welcome}}

Revision as of 18:09, 16 September 2016

Boston-Banner-468x60.gif
Home | Agenda | Presentations | Workshops | Speakers | Resume Room | Registration | Twitter 32.png
Platinum Sponsors

Checkmarx HPE Rapid7 Veracode


Gold Sponsors

Contrast Security CyberSN

Silver Sponsors

StormpathQualys


Sponsorships are available: See Sponsorship Kit
Please help us keep BASC free by viewing and visiting all of our sponsors.


Welcome

This is the homepage for the 2016 Boston Application Security Conference (BASC). This free conference will take place 8:30am to 6:30pm on Saturday, October 1st at

The BASC will be a free, one day, informal conference, aimed at increasing awareness and knowledge of application security in the greater Boston area. While many of the presentations will cover state-of-the-art application security concepts, the BASC is intended to appeal to a wide-array of attendees. Application security professionals, professional software developers, software quality engineers, computer science students, and security software vendors should be able to come to the BASC, learn, and hopefully enjoy themselves at the same time.

Registration

Please register now!

Admission to the BASC is free but registration is required for breakfast, lunch, and the evening social time. We will do everything possible to accommodate late registrants but the facility and food are limited.

Keynote

JaredDeMott.png
Analyzing NextGen Security Practices and Security Tools

Jared DeMott

Is DevOps worse or better than the waterfall software development methodology for security? Where, and how, should software security ideally take place? And how do all these NextGen endpoint security tools differ from prior gen anti-virus? Are they really better? Dr. DeMott enlightens us on those two critical NextGen topics, with a conversational, but instructional talk.

Dr. DeMott is developing Vision (an EDR product), as the CTO of Binary Defense Systems. Jared is also the founder and regular trainer for vdalabs.com. You'll find fingerprints of his work all across the security industry. From fuzzing, code auditing, and exploitation, to malware and developer security courses on Pluralsight. When he’s not bypassing EMET or CFG, he’s enjoying time with his family, or being active outdoors.



The Details

OWASP Boston Chapter

BASC is presented by the OWASP Boston chapter.


You can find out more about this conference at the 2016 BASC Homepage
or by emailing [email protected]
Twitter 32.png
Retrieved from "https://wiki.owasp.org/index.php?title=2016_BASC_Homepage&oldid=221406"