This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Atlanta Member Meeting 10.13.09"

From OWASP
Jump to: navigation, search
 
Line 13: Line 13:
 
In this presentation, Jeremiah Grossman will discuss the two prevailing but opposing security religions - Depth Religion and Breadth Religion. Jeremiah will then review the common misconceptions associated with each religion as it pertains to website security.  
 
In this presentation, Jeremiah Grossman will discuss the two prevailing but opposing security religions - Depth Religion and Breadth Religion. Jeremiah will then review the common misconceptions associated with each religion as it pertains to website security.  
  
[http://www.slideshare.net/jeremiahgrossman/security-religions-risk-windows Slides from the talk]
+
[http://www.owasp.org/images/5/52/OwaspAtl_Grossman_Security_Religions_10.13.09.pdf Download Presentation]
  
  
 
'''''COST''''': No costs, but all donations will be accepted as it helps pay for meeting related materials and provisions. Best way to support the chapter is to become a member.
 
'''''COST''''': No costs, but all donations will be accepted as it helps pay for meeting related materials and provisions. Best way to support the chapter is to become a member.

Latest revision as of 01:26, 30 October 2009

WHAT:: Security Religions & Risk Windows

WHERE:: TSRB auditorium : Web : Directions : Google-Maps

WHEN:: October 13, 2009 6-8pm

WHO:: Jeremiah Grossman, CTO WhiteHat Security

ABSTRACT:: Information security threats are way up, fraud losses continue to rise, regulatory fines are increasingly common, and budget dollars to solve these myriad problems are in short supply. Hampered by a sluggish economy, organizations simply cannot afford to hire all the talent they need, implement every best-practice, or buy every blinking-light widget on the market. Sacrifices are unavoidable, and still risk must be managed. Each organization must decide for itself the level of risk it is willing to accept.

There is a difference between what is possible and what is probable, something we often lose sight of in the world of information security. For example, a vulnerability represents a possible way for an attacker to exploit an asset, but remember not all vulnerabilities are created equal. Obviously, we must also keep in mind that a vulnerability's mere existence does not necessarily mean it will be exploited, or indicate by whom or to what extent. Some vulnerabilities are more difficult to exploit than others and therefore attract different attackers. Autonomous worms & viruses may attack one type of issue, while a sentient targeted attacker may prefer another path. Better understanding of these factors enables us to make informed business decisions about website risk management and what is probable.

In this presentation, Jeremiah Grossman will discuss the two prevailing but opposing security religions - Depth Religion and Breadth Religion. Jeremiah will then review the common misconceptions associated with each religion as it pertains to website security.

Download Presentation


COST: No costs, but all donations will be accepted as it helps pay for meeting related materials and provisions. Best way to support the chapter is to become a member.