Difference between revisions of "Italy OWASP Day 2012"

In this talk, Marco Morana, will show an example of data breach and the business impact on a Company. Marco will discuss the importance of adopting the OWASP Guide for CISO that could be useful to mitigate the next impacts by adopting a strategic approach to application security. This approach is focused on risk management, IS governance and software security assurance.

Marco Morana with more than 16 years of professional experience in application security (6 years of it in the financial sector) in diverse professional roles such as technology officer, program manager, business partner and company founder, team leader, security architect, security consultant, software contractor and engineer.

Marco is SVP of Technology Risks & Controls in Citigroup Institutional Clients Group (ICG) EMEA, with the role of Senior Security Analyst. Previously, Marco was VP of Information Security Citigroup Global Consumer North America, with the role of Information Technology Security Officer (TISO). For previously at Citigroup, Mark has gained more than 10 years of experience in the field of security software in Foundstone consulting company McAfee Inc. In 2002, he founded the consulting firm of application security CerbTech LLC and has contributed to the development of security services and applications for various clients such as VISA and Data Processing Services CompuCredit. In 2001 he assumed the position of European Operations Manager for EWA IIT and carried out activities of project management for information security in the consortium Thyreaus Datamat SpA and EWA IIT. Between 1998 and 2001 he worked as a software engineer for IBM Internet Security Systems and developed several products for the security of the network as SafeSuite Decision and Internet Security Scanner (ISS). Between 1996 and 1998 he worked at the NASA Ames center in California where he developed the first commercial application of secure email based on Technology and Entrust S / MIME protocol. For this application, Marco obtained a patent and an honorary degree for his contribution to the security of infrastructures NASA (1996). Marco has a Masters in Computer Systems Engineering at the Northwestern Politechnic University and a degree in Mechanical Engineering (Dr Eng) at the University of Padova (Italy).

Abstract: This talk will analyze recent trends in the mobile threats landscape, suggest effective strategies to mitigate these issues and try to gauge what the future looks like for companies and organizations seeking to protect themselves. Specifically the talk will highlight how mobile poses a totally different set of problems that have very little similarities with desktops and why the security community at large has to make a mindset shift to handle them. Finally assisted by data collected in the past few years we will discuss future trends and threats.

Bio: Vincenzo Iozzo leads the collection and analysis of vulnerability intelligence at Trail of Bits. Prior to Trail of Bits, Vincenzo founded Tiqad, an information security consulting firm, worked as a penetration tester for Secure Network srl and was a reverse engineer for Zynamics GmbH. Vincenzo serves as a committee member on the Black Hat Review Board and is a co-author of the "iOS Hacker's Handbook" (Wiley, 2012). He is perhaps best known for his participation in Pwn2Own, where he co-wrote the exploits for BlackBerryOS and iOS that won the contest in 2010 and 2011 and where he co-wrote exploits for Firefox, Internet Explorer, and Safari that placed second in 2012.