Dates
Conferences
Tags
Sort by:
Most recent
Conference: Global AppSec Dublin 2023
Authors: SergiyYakymchuk
2023-02-15
tldr - powered by Generative AI
The presentation discusses the importance of problem definition and looking at cybersecurity from different perspectives. It emphasizes the need to address user mistakes and vulnerabilities, and the importance of collecting attack vectors information.
- Technical people often jump to solutions without investing enough time in problem definition and looking at the problem from different perspectives.
- Cyber criminals are pragmatic and use minimum technology to reach their financial goals.
- User mistakes are a weak link in the cybersecurity chain and need to be addressed.
- Attack vectors information is priceless and can be used to train people and improve machine learning mechanisms.
Tags:
Conference: OWASP 20th Anniversary Event
Authors: Brian Reed
2021-09-24
tldr - powered by Generative AI
The presentation discusses the creation of a certification and testing regime for IoT connected mobile apps and VPNs using the 20 years of history and documentation of OWASP.
- Mobile apps dominate usage in the market and have security vulnerabilities.
- The OAuth Mobile Project was created to address mobile app security issues.
- The prevalence of insecure data storage and network connections in mobile apps is similar to cross-site scripting in web apps.
- The IOXT organization created a standard for certifying the security of IoT devices and expanded to include mobile connected apps.
- The 20 years of history and documentation of OWASP were used to create a certification and testing regime for IoT connected mobile apps and VPNs.
- The speaker's company is a financial sponsor of the OAuth Mobile Project and participates in creating tools and standards for mobile app security.