|
PRESENTATION:
|
Cloud Security Through Threat Modeling
|
|
PRESENTER(S):
|
Robert Zigweid
|
|
CONFERENCE:
|
|
|
LOCATION:
|
Culver City, California, US
|
|
DATE & TIME:
|
May 28, 2014 at 7:00 PM
|
One of the most effective tools developers can integrate into their security development lifecycle programs is threat modeling. In this presentation, Robert will cover how effective threat modeling techniques enable developers to uncover security vulnerabilities before even a single line of code is written. He will then discuss how threat modeling can be applied to cloud environments. Whether you are building a hybrid model, purely commodity cloud, or Virtual Private Cloud (VPC) environment, threat modeling will help identify the attack surface area and potential threat vectors. Finally, Robert will explain to those in attendance that the concept of threat modeling allows developers and operations personnel to address vulnerabilities as new and older enterprises migrate to the cloud.
About Robert Zigweid
As an IOActive Director of Services and an accomplished developer and application tester, Robert Zigweid is responsible for making sure that the performance and quality of engagements is of the highest standard. During an engagement, Zigweid works closely with clients as well as using his vast experience and array of advanced skills that cover the creation and analysis of system architecture and threat modeling, to help them pinpoint and solve network and application problems that threaten their businesses assets and goals.
In addition to his direct involvement on penetration tests, security reviews, and network and application audits, Zigweid contributes to the development of new, robust, and secure systems through his own research and development. His research and the resultant presentations at top industry conferences continues to promote the understanding of application and network security among audiences across the world with varying levels of technical fluency.
Zigweid also helped develop IOActive’s secure coding and Software Development Lifecycle training courses, sharing his profound understanding of industry best practices and guidelines to aid our clients in developing applications capable of resisting both internal and external threats.
About OWASP Los Angeles
The Open Web Application Security Project (OWASP) is a not-for-profit, worldwide organization focused on improving the security of application software. Our mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.
The OWASP Los Angeles chapter typically meets on the 4th Wednesday every month for dinner, a great security-related speaker and great networking. We frequently go out for post-talk drinks to socialize and understand what security is really about. Join the movement today!