1.00p.m - 2.00p.m - Arrival Participant2.00p.m - 2.10p.m - Opening Speech by CSM VVIP2.10p.m - 2.20p.m - Speech by OWASP Malaysia Chapter Leader2.20.pm - 2.45p.m - Speeh by MyCERT - Activity Hacking & Report 20122.45p.m - 3.45p.m - Speech by Jim Manico - Top 10 Web Security Defense3.45p.m - 4.10p.m - Tea Break4.10p.m - 4.45p.m - Q&A with the presenter (MyCERT, Jim & OWASP)4.45p.m - 5.00p.m - Social Network
Title : Capturing Web Application Threats - Virtual CMS Honeypot
Opensource Content Management System (CMS) is very popular and widely used by web administrators around the world nowadays because of their simplicity for the instant web application solution. Consequently, web applications have increasingly been the focus of attackers because of the unintentional web vulnerabilities that comes from the newly introduced functionality. This project aims at enhancing the level of security for CMS inside the Universiti Teknologi MARA (UiTM) network by providing the most extensive way on developing Virtual CMS Honeypots. The outcome is hoped to ease the web administrators to monitor any kind of computer threats such as hackers, worms and viruses in more comfortable and efficient way. The results also will provide the administrator some form of countermeasures for security purposes and traffic analysis. Using Customize Awstats, Snort, AcidBase and Proxy will provide a Honeypot for a rapidly expandable network and suit for the web administratorespecially at UiTM to monitor webserver traffic activity and any latest computer threats.
BIO : (TBA)
Title: Introducing Application Security in Your Organization - Think Like a Developer by Sandeep Nain
To protect your enterprise from application layer attacks, your application security program needs to be goal-oriented and should be supported by a central team of professionals enabled with the best of the breed technologies; following effective processes. If you are wondering, how you can build such an application security program that effectively leverages secure development methodologies while being scalable and effective for a complex organization, this is the session to attend. In this session Speaker will cover:
1. How to build secure development lifecycle for development teams using modern software development methodologies2. Challenges of enforcing secure development lifecycle at an enterprise scale3. Reasons why most application security programmes fail and how we can collaborate with development teams for easier enterprise adoption
BIO : Sandeep Nain is Managing Principal in HP Enterprise Security Products and leads Fortify Solution Consulting Services. In this role, he is responsible for the business growth and delivery of software security solutions for South Pacific and Asia region. Sandeep and his team help customers understand their business requirement for application security programme, assess their current security maturity state, design solutions which fit their need and deliver outcomes that exceed expectations.
Before joining HP, Sandeep was a Managing Partner at Appsecure, an application security specialist firm where he built and led the application security consulting team to provide enterprise grade application security solutions to Australian market. Prior to this, Sandeep held various security consulting positions at Pure Hacking, Fortify, IBM and Accenture. With an IT career spanning over 13 years, Sandeep is an accomplished Application Security Expert. He has worked alongside many high-profile national and international organisations, enabling them to produce secure software. He has extensive experience with enterprise grade software languages, software development frameworks, mobile platforms and security and risk management frameworks which makes him a perfect security advisor to our clients.
Sandeep has been actively involved in industry open source projects such as OWASP and is active in the development of papers and initiatives published through the community. Sandeep has presented on application and database security at a number of national and international conferences. Academically, Sandeep holds a Master of Technology degree in Information Technology with specialization in Distributed Computing and several industry certifications including CISSP, CSSLP and CEH.