In this edition of SANS Community Night scheduled on 14 March 2018 in Singapore, two exciting talks will be featured. SANS Fellow Hal Pomeranz will give a talk titled “Understanding and Defeating Current Cyber Attack Trends” while SANS Community Instructor Joshua Barone will give a talk titled “Security is QA: My Path from Developer to Pen Tester”.
The synopsis of the talks are as follows:
Security is QA: My Path from Developer to Pen Tester
Web Application Development is a craft, and like all craftsman I sought to produce the highest quality code I could as well as help the other developers around me produce higher quality code as well. I worked on my coding skills diligently and never stopped learning or practicing. And eventually I got my first introduction into the world of web application security. It was this that started me down a path of realizing that security and secure coding practices are an integral part to code quality. In this presentation, I will share my journey from developer to penetration tester, while pointing out the important lessons learned along the way. I will also be sharing tips an tools to help practice and hone your skills as well.
Joshua Barone is a software developer and web application penetration tester, or as he would call himself, a code monkey and security aficionado. Over the course of his career, he has developed in numerous languages on multiple platforms using a plethora of tools and frameworks along the way. Along the way, Joshua found and fell in love with the world of information security, which lead Joshua to find a focus on application security, particularly it’s design and development practices. This interest led to Joshua earning his Masters in Computer Science as well as a collection of professional certifications (CISSP, GSEC, GCIA, GCIH, GWAPT, GPEN). He currently applies his craft to the development of digital forensics software with BlackBag Technologies. As well as providing third party web application penetration tests, because hacking is fun. Joshua Barone is currently a Community Instructor for the SANS Institute.
Understanding and Defeating Current Cyber Attack Trends
Given the low cost of entry and minimal risk to the operators, malicious cyber attacks have become the go-to strategy for nation states and criminals. Stockpiles of exploits continue to leak into public usage and everything from critical infrastructure to your television and dish washer is at risk. Can we examine existing cyber attack trends and predict the future? What are the critical steps you should take now to defend your organization from the next wave of exploits?
Hal Pomeranz is an independent digital forensic investigator who has consulted on cases ranging from intellectual property theft, to employee sabotage, to organized cybercrime and malicious software infrastructures. He has worked with law enforcement agencies in the United States and Europe, and with global corporations. Hal is a SANS faculty fellow and the creator and primary instructor for the Securing Linux/Unix (SEC506) course. In the SANS DFIR curriculum he teaches Advanced Digital Forensics, Incident Response, and Threat Hunting (FOR508), Advanced Network Forensics and Analysis (FOR572), Mac Forensics Analysis (FOR518), and Reverse-Engineering Malware: Malware Analysis Tools and Techniques (FOR610). Hal holds the GIAC certification for the following courses: GCUX, GCFA, GNFA, and GREM.
Date: 14 March 2018
Time: 6:00PM – 7:30PM
Venue: Level 3 – Grand Copthorne Waterfront Hotel, 392 Havelock Road, Singapore 169663
To register for the talk, please click here and log in with your SANS account to complete the registration.