Security Innovation Making a Splash at OWASP AppSec California 2016
January 25, 2016 – Security Innovation, a cybersecurity provider and leader in the 2015 Gartner Magic Quadrant for Security Awareness Training, will be showcasing their expertise during training sessions and presentations at OWASP AppSec California 2016. The company was asked to run a capture the flag training event as well as speak on automated and connected cars as well as web authorization testing.
Security Innovation’s President and CEO, Ed Adams will be leading a seminar entitled Connected Cars: What Could Possibly Go Wrong? Millions of cars with tens of millions of lines of code are already on the road talking to servers and very soon, talking to each other. Clearly a lot can go wrong. Adams’ session will address the trade-off between safety, security and convenience as well as the steps that need be taken by the automotive manufacturers before we can trust our cars to let the transportation ecosystem deliver the promised benefits of connected services.
“The ’Talking Cars’ (aka V2V) program is a massive safety-of-life program sponsored by the US Department of Transportation and ETSI (European Telecommunications Standards Institute), yet most people are still unaware of it. In August of this year, all 2017 Cadillacs (and all cars to follow shortly thereafter) will be broadcasting their speed and location coordinates constantly. There are obvious security and privacy concerns that people want to be made aware of.”
Ed Adams is an IT and application security expert with over 20 years of experience in the field. He is a Ponemon Institute Fellow and a go-to cybersecurity expert for New England Cable News.
In addition to Adams’ presentation, Security Innovation will be hosting an all-day “capture the flag” training event for developers attending AppSec California, called Attack Techniques and Hands-On CTF. The training will be led by Joe Basirico, Security Innovation’s VP of Services and Mick Ayzenberg, Security Engineer. This interactive training session is a simulation of real-world ecommerce, HR, and banking websites, designed to encourage friendly competition with real-time scoring and reporting. With guidance assets and vulnerabilities of varying difficulty, users can immediately be immersed in a “find the vulnerabilities” game where they quickly learn and apply hacking techniques in a safe environment.
Mick Ayzenberg will also be presenting on authorization testing in his session: AuthMatrix: Simplified Authorization Testing for Web Applications. In this presentation, Ayzenberg will take participants through the process of designing a tool capable of simplifying testing methodology I order to reduce the redundancy between testing unique targets. In addition to discussing some of the common authorization insecurity patterns and challenges faced by pen-testers, Ayzenberg will introduce AuthMatrix, a new extension to the Burp Suite testing utility designed to simplify authorization test cases in a clear and reproducible manner.
“I've designed AuthMatrix to provide an intuitive and simple way to validate the authorization protections of a web service or application. The application enables engineers to construct a role based permissions table, similar to what is used in common threat modeling methodologies.”
Mick’s years of security industry experience have included consulting on dozens of mid-to-long term projects for well-known technology companies. He has done extensive work in network protocol analysis, reversing, and fuzzing of both software applications and network communications.
About Security Innovation
Since 2002, Security Innovation has been the trusted partner for cybersecurity risk analysis and mitigation for the world’s leading companies, including Microsoft, Sony, GM, Disney, Google and Dell. Recognized as a Leader in the Gartner Magic Quadrant for Security Awareness Computer-Based Training for the second year in a row, Security Innovation is dedicated to securing and protecting sensitive data in the most challenging environments - automobiles, desktops, web applications, mobile devices and in the cloud. Security Innovation is privately held and headquartered in Wilmington, MA USA. For more information, visit www.securityinnovation.com.