Security Day 2016

Security Web

The massive rate of online data breaches are bringing security to the forefront, not just for technology professionals but increasingly for consumers too. Security incidents are impacting everyone, either directly as people find themselves in data breaches or indirectly as they're confronted by it in the mainstream news on a daily basis. We need to improve our online security posture and this is where you come in – the good guys building the systems. The internet needs you to step up and build your security prowess so that we can better protect everyone who uses the web.

Join us for a day of security education where we'll look at all sorts of different aspects of how we can better protect the web. There'll be a broad range of topics presented by industry leaders to help you understand where the threats are, the impact they're having on consumers and what you can do to help make the internet a safer place.

Agenda:

09:00-10:00 - What I've Learned from 220 Million Breached Records - Troy Hunt

We can learn a huge amount about security by reviewing the failures of those who have come before us. In maintaining the data breach notification service "Have I been pwned?", I've dealt with literally hundreds of millions of breached records over time and have seen some fascinating things. In this talk we'll look at the patterns organisations who suffered data breaches were using, the types of data that were exposed and the things they could have done to protect themselves from malicious actors.

--- 15 Minutes Break---

10:15-11:15 - Web Security Essentials by Example - Troy Hunt

There's a huge amount of information to absorb when it comes to web security but as broad as the discipline is, there are common patterns to look for. In this talk on the "essentials" of web security, we'll look beyond the headlines of commonly discussed risks and delve into details and demonstrations. It's a very practical look at online security in a way that everyone can absorb and take back to their everyday work with them. Many of the demos use real world websites and data breaches as examples – this is a very "real world" talk about the importance of web security.

--- 15 Minutes Break---

11:30-12:30 - Broken Crypto is Broken - Erlend Oftedal

In this day and age cryptography is becoming more important than ever. However there are many mistakes we can make when adding cryptographic functions to our applications. We'll look at some common misconceptions about cryptography, some mistakes developers make and how these can be exploited, and finally how to fix the problems.

--- 1 Hour Lunch Break---

13:30-14:30 - Security in the Media - Einar Otto Stangvik

Experiences and practical takeaways from working security, operations and data digging in one of Norway's most popular news publications. How we've handled DDoS threats, massive attacks, secure communications and do our day-to-day work in a secure way.

--- 15 Minutes Break---

14:45-15:45 - Both Sides of the Attack - Troy Hunt & Niall Merrigan

An Aussie and an Irishman walk into a room in Oslo and suddenly all hell breaks loose!

In this session, Troy and Niall will show you a number of different attacks from both the attack and victims perspective. They will demonstrate some of the common exploits found in the wild and show how to recognise what is happening so it doesn't happen to you.

--- 15 Minutes Break---

16:00-17:00 - Q&A Session Using Sli.do

Ask the speakers questions and vote on the questions you want them to address using the sli.do app.

17:00-19:00 - Social Mingling

Tid

09:00-17:00

Social Mingling:

17:00-19:00