Synopsis: Minor oversights in public-facing web applications can lead to major security disasters. This talk will highlight real-life cases where such vulnerabilities, including logic flaws, insecure direct object references (IDOR), and API security lapses, could have resulted in massive data breaches and financial losses. Through interactive hacking demos, the session will illustrate the potential for millions in losses from retail giants and sensitive data exposure, such as passport information leaks.
Mike Skurko will lead a panel discussion consisting of a maximum four people with an all inclusive Q&A to get the audience talking about what they see as crucial to their success in 2024. This includes what they would like to learn and the types of topics at the Silicon Valley ISSA meetings for 2024
Holiday Greetings from the ISSA Silicon Valley Chapter Board
In warm appreciation of our association membership
we invite you to come enjoy food and drinks and network with peers at the
2023 SV-ISSA Winter Holiday Event on December 12, 2023 at 5:30 p.m.
The Oxford Kitchen & Gastropub
195 S Murphy Avenue,
Sunnyvale, CA 94086
Please be sure to RSVP
Space is limited
Cloud has a value problem. Cloud’s value is perceived to come from the speed of deployment and security. Then why do cloud journeys take weeks if not months? Or generate a whole host of security and compliance issues, a leaky ship problem? Cloud security, compliance and expertise are at the heart of it. Security risks are high when cloud environments are not deployed properly. We will begin by level setting on current processes, practices and tools that address these risks. We will then discuss the potential future scenarios and practices that will move the needle on cloud security.
The cloud and digital transformation have fundamentally changed the way organizations build and run business applications. Companies are running massive amounts of critical workloads while storing personal and sensitive information in their cloud-native environments, making them valuable targets for bad actors. Attackers are using stolen credentials, supply chain attacks, and other forms of advanced attacks to gain access to data and applications in the cloud.
Formal methods play a crucial role in raising the security and safety level of firmware, which is an essential component of modern computing systems. Firmware, being the low-level software responsible for controlling hardware devices, presents unique challenges due to its direct interaction with critical system functionalities. This talk highlights the importance of employing formal methods as a means to enhance the security and safety aspects of firmware development.
Building on Shaky Ground: Unveiling the Vulnerabilities of Firmware
In this talk, we shine a spotlight on the often underestimated realm of firmware security. We will delve into the crucial yet frequently overlooked role of firmware in technology and the potential security threats it poses.
Abstract: In the world of cybersecurity, communicating complex technical information to stakeholders can be a daunting task. As highly technical practitioners, it can be challenging to convey the importance of new projects, request additional resources, or persuade stakeholders to take action. However, mastering the art of storytelling can help you convey your message with impact, clarity, and inspiration.