What Could It Hurt: How Framework and Library Dependence is Weakening our Development

Presented at Wild West Hackin' Fest 2018, Oct. 26, 2018, 4 p.m. (50 minutes)

When we look at the progress things like the OWASP Top 10 and other reports show we may begin to think the the fight to secure our systems and applications is well on its way to victory. As we discuss topics like the latest and greatest technology stack and how it implements solutions for our security woes, are we sure we understand what we are being protected from and how it is doing that? In this presentation, Kevin Johnson of Secure Ideas will discuss how security works, why we do the things we do and where platforms and libraries can be both good and bad. This will be done through a series of real world examples directly from his testing and assessment of modern applications and the SDLC. Attendees will be able to understand where it is important to understand fundamental security and technology topics and how to safely lean on the shoulders of others to improve everything.

Presenters:

• Kevin Johnson - Secure Ideas
  Kevin Johnson is the Chief Executive Officer of Secure Ideas. Kevin has a long history in the IT field including system administration, network architecture and application development. He has been involved in building incident response and forensic teams, architecting security solutions for large enterprises and penetration testing everything from government agencies to Fortune 100 companies. In addition, Kevin is a faculty member at IANS and was an instructor and author for the SANS Institute . Kevin has performed a large number of trainings, briefings and presentations for both public events and internal trainings. He is the author of three SANS Institute classes: SEC542: Web Application Penetration Testing and Ethical Hacking, SEC642: Advanced Web Application Penetration Testing and SEC571: Mobile Device Security. Kevin has also presented at a large number of conventions, meetings and industry events. Some examples of these are: DerbyCon, ShmooCon, DEFCON, Blackhat, ISACA, Infragard and ISSA. Kevin is also very involved in the open source community. He runs a number of open source projects. These include SamuraiWTF; a web pen-testing environment, Laudanum; a collection of injectable web payloads, Yokoso; an infrastructure fingerprinting project and a number of others. Kevin is also involved in MobiSec and SH5ARK. Kevin was the founder and lead of the BASE project for Snort before transitioning that to another developer. In his free time, Kevin enjoys spending time with his family and is an avid Star Wars fan and member of the 501st Legion (Star Wars charity group).

Links:

• https://wwhf18.sched.com/event/FoAa/what-could-it-hurt-how-framework-and-library-dependence-is-weakening-our-development
• https://infocon.org/cons/Wild West Hackin Fest/Wild West Hackin Fest - Deadwood 2018/What Could It Hurt.mp4
• https://infocon.org/cons/Wild West Hackin Fest/Wild West Hackin Fest - Deadwood 2018/What Could It Hurt.eng.srt (subtitles)

Similar Presentations:

• DeepSec 2016 „Ten“ / Malicious Hypervisor Threat - Phase Two: How to Catch the Hypervisor
• Kiwicon 2038AD: The Dystopic Future is Now (2018) / Moving Fast and Securing Things
• DeepSec 2015 „DeepSec No. 9“ / Have We Penetrated Yet??