Adnan Masood, a Machine Learning Phd's musings on Life, Technology, Research & Development
Threat modeling and diversion tactics; a good high level overview on software security. There are only a handful of threat modeling approaches in the industry which are difficult to implement due to the subjective guidelines. Our training session will focus on best practices and a hands-on approach that will provide attendees a better understanding of…
I spoke to LA C# User group last night in Pasadena on the topic of Web Application Security with OWASP. The slide deck of my talk can be downloaded from here. LA C# OWASP Presentation Links from the talk follow. Open Web Application Security Project IIS Lockdown tool Configuring SSL on IIS7 Disabling the directory browing…
Andrew Karcher, SQL Server MVP invited me to speak to San Diego .NET user group this Tuesday. The topic of my talk was Secure Code Top 10 (OWASP) for Service Oriented Architectures and the presentation slides can be downloaded from here. Links from the talk follow. Web Service Security Cheat Sheet https://www.owasp.org/index.php/Web_Service_Security_Cheat_Sheet OWASP web Goat.NET https://www.owasp.org/index.php/Category:OWASP_WebGoat.NET WCF…
OWASP's Top 10, the Open Web Application Security Project's top 10 most critical web application security risks. A new list for 2013 has been published. OWASP top 10 list was last updated in 2010; in this update the importance of cross-site scripting (XSS) and cross-site request forgery (CRSF) has been reduced while risks related to broken…
I had to dig these up in the context of a conversation around the (in)security of currency regimes such as BitCoin where presumed ownership of currency is built solely upon asymmetric cryptography. You may find some of these links to be of interest as well. Textbook RSA is insecure and other interesting observations... http://crypto.stanford.edu/~dabo/courses/cs255_winter00/RSA.pdf…
Exploring Distributed in DDoS - Social Engineering aspects of an 'Anonymous' style DDoS attack Recorded 24 April 2013. Abstract: With the proliferation of social media and mobile devices to masses, protecting against distributed denial of service attacks has become an arduous technical challenge. Even though we expect much more sophistication, research reports show that majority…
Hacking Web Apps - Detecting and Preventing Web Application Security Problems - by Mike Shema is a contemporary guide on web application security. Mike's labor of love, as he likes to call this book, contains very relevant and distilled information on modern day web application attacks. The book is different from your garden variety web-application-top-n-style…
I recently spoke to 11th SecureIT conference on "OWASP Web Services Security - Securing your Service Oriented Architecture". This annual event was hosted by UC San Bernardino at Sheraton Fairplex Hotel. This SecureIT Conference conference provides focus and opportunities to higher education staff meeting the challenges of providing a secure information technology environment for campus communities. The…
I am confirmed to speak to SecureIT 2013 Conference with OWASP Los Angeles chapter leader, Tin Zaw. Following is the abstract from my talk. Abstract: Any Service-Oriented Architecture (SOA) needs to support security features that provide auditing, authentication, authorization, confidentiality, and integrity for the messages exchanged between the client and the service. Microsoft Windows Communication…
I had a great time last night speaking to OWASP Los Angeles November Monthly Meeting on the topic of WCF Security – Securing your Service Oriented Architecture. The abstract of the talk, presentation slides and code follows. Abstract: Any Service-Oriented Architecture (SOA) needs to support security features that provide auditing, authentication, authorization, confidentiality, and integrity for the messages exchanged between the client and the…