This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Cloudy with a chance of 0-day"
Jeremy.long (talk | contribs) (Created page with '== The presentation == This talk provides a brief overview of cloud computing, and reveals the security risks of moving into the clouds. The concept behind cloud computing is si…') |
Jeremy.long (talk | contribs) |
||
Line 1: | Line 1: | ||
− | == The presentation == | + | == The presentation == |
− | This talk provides a brief overview of cloud computing, and reveals the security risks of moving into the clouds. The concept behind cloud computing is simple: use a hosting provider's IT resources to expand or shrink to meet your needs, and only for pay what you need when you need it. This architecture appeals to many IT managers as it reduces the initial startup costs, maintenance costs, and overhead required to run systems. Got slashdotted? Not a problem. Your cloud presence will seamlessly expand to push your business to the next level. However, as with all new technology, there are inherent risks. This talk will discuss the security risks related to cloud application code, architecture, runtime environment, and development environment, and will include demo applications to illustrate the security risks. | + | [[Image:OWASP IL 2008 01 Ofer Shezaf.jpg|right]] This talk provides a brief overview of cloud computing, and reveals the security risks of moving into the clouds. The concept behind cloud computing is simple: use a hosting provider's IT resources to expand or shrink to meet your needs, and only for pay what you need when you need it. This architecture appeals to many IT managers as it reduces the initial startup costs, maintenance costs, and overhead required to run systems. Got slashdotted? Not a problem. Your cloud presence will seamlessly expand to push your business to the next level. However, as with all new technology, there are inherent risks. This talk will discuss the security risks related to cloud application code, architecture, runtime environment, and development environment, and will include demo applications to illustrate the security risks.<br> |
+ | == The speakers == | ||
− | + | Jon Rose is a security consultant for Trustwave - SpiderLabs. Jon has close to a decade of experience performing network and application security assessments, including network penetration testing, blackbox application testing, and code reviews across a wide range of programming languages and technologies. Jon has also led IT policy, standards, and guideline projects, as well as providing IT security remediation support for commercial and government clients. His security expertise also includes building enterprise security programs, providing guidance in an enterprise security architect role, and building security into organizations existing software development lifecycle. Jon has created and delivered security-training courses covering topics such as security awareness, defensive programming (Java and .Net), secure architecture and design, penetration testing, and code analysis.Tom Leavey is a security consultant for Trustwave - SpiderLabs. Tom Leavey is a Security Consultant with Trustwave. He has many years of industry experience in conducting application security reviews, code reviews, and network penetration tests. Tom is also a security hobbyist and enjoys researching new security frontiers, being particularly interested in physical security and physical penetration testing. Tom believes in public service and has lobbied congress for a personal bailout package consisting mainly of scotch and cigars. | |
− | Jon Rose is a security consultant for Trustwave - SpiderLabs. Jon has close to a decade of experience performing network and application security assessments, including network penetration testing, blackbox application testing, and code reviews across a wide range of programming languages and technologies. Jon has also led IT policy, standards, and guideline projects, as well as providing IT security remediation support for commercial and government clients. His security expertise also includes building enterprise security programs, providing guidance in an enterprise security architect role, and building security into organizations existing software development lifecycle. Jon has created and delivered security-training courses covering topics such as security awareness, defensive programming (Java and .Net), secure architecture and design, penetration testing, and code analysis. | ||
− | + | [[Category:OWASP_AppSec_DC_09]] [[Category:OWASP_Conference_Presentations]] | |
− | |||
− | [[Category:OWASP_AppSec_DC_09]][[Category:OWASP_Conference_Presentations]] |
Revision as of 01:57, 31 July 2009
The presentation
This talk provides a brief overview of cloud computing, and reveals the security risks of moving into the clouds. The concept behind cloud computing is simple: use a hosting provider's IT resources to expand or shrink to meet your needs, and only for pay what you need when you need it. This architecture appeals to many IT managers as it reduces the initial startup costs, maintenance costs, and overhead required to run systems. Got slashdotted? Not a problem. Your cloud presence will seamlessly expand to push your business to the next level. However, as with all new technology, there are inherent risks. This talk will discuss the security risks related to cloud application code, architecture, runtime environment, and development environment, and will include demo applications to illustrate the security risks.The speakers
Jon Rose is a security consultant for Trustwave - SpiderLabs. Jon has close to a decade of experience performing network and application security assessments, including network penetration testing, blackbox application testing, and code reviews across a wide range of programming languages and technologies. Jon has also led IT policy, standards, and guideline projects, as well as providing IT security remediation support for commercial and government clients. His security expertise also includes building enterprise security programs, providing guidance in an enterprise security architect role, and building security into organizations existing software development lifecycle. Jon has created and delivered security-training courses covering topics such as security awareness, defensive programming (Java and .Net), secure architecture and design, penetration testing, and code analysis.Tom Leavey is a security consultant for Trustwave - SpiderLabs. Tom Leavey is a Security Consultant with Trustwave. He has many years of industry experience in conducting application security reviews, code reviews, and network penetration tests. Tom is also a security hobbyist and enjoys researching new security frontiers, being particularly interested in physical security and physical penetration testing. Tom believes in public service and has lobbied congress for a personal bailout package consisting mainly of scotch and cigars.