selected topics:
‣ Improving Code with Destructive Data (Heikki Kortti and Jukka Taimisto)
‣ Security Audit and Hardening of Java based Software (Marc Schoenefeld)
‣ The Exploit Laboratory (Saumil Udayan Shah)
‣ Design and Implementation of Security Awareness Campaigns (Stefan Schumacher)
‣ Advanced Malware Deobfuscation (Scott Lambert)
‣ Protocol and Traffic Analysis for Snort Signature (Matt Jonkman)
‣ Secure Application Coding for Enterprise Software (Vimal Patel)
List of speakers with presentations:
• Access control in web applications
• Web services security
• Browser security
• Privacy in web applications
• Standards, certifications and security evaluation criteria for web applications
• Application security awareness and education
• Security for the mobile web
• Attacks and Vulnerability Exploitation
Paper Submission Instructions
Authors should submit an original paper in English, carefully checked for correct grammar and spelling, using the on-line submission procedure (http://www.easychair.org/conferences/?conf=ibwas10). Please check the paper formats so you may be aware of the accepted paper page limits (12 pages, in accordance to a supplied template: ftp://ftp.springer.de/pub/tex/latex/llncs/word/LNCS-Office2007.zip).
prevent security professionals from actually enhancing security and
distract employees from working. This includes policy tidbits and
factoids for employees to see everywhere from posters in the bathroom
to mouse pad messages on their desks to screensaver quizzes they need
to answer prior to login. Even organizations that eschew formal
security awareness for the more often seen "IT guy complaining about
security and stupid users to anyone who will listen" are also part of
this threat. The security awareness threat will cause a loss of
productivity and cost of materials to businesses worldwide that will
most likely exceed the loss due to un-security-aware employee security
blunders. They'd be better off spending that time and money on user
We have published a preliminary schedule which can be found on our web site:
https://deepsec.net/schedule/
The topics include social engineering, security of the GSM air interface,
design of secure protocols, physical security, Web 2.0, exploit/malware
analysis & design, security awareness, abusing device drivers, #twitter
risks, attacks on smart-card secured online banking, security risks and
defence for developers, advanced database exploits, abusing firmware,
security analysis of the TCP & IP protocols, key management, incident
response, e-voting, advanced keyboard sniffing, malware for routers,
large-scale network attack simulation, cloud computing, next generation
> focus on what is an acceptable attack surface rather than on which are
> accepted products. -Based on OSSTMM, government organizations could also
> determine which environmental controls are required for the
> infrastructure to prevent employees with a lack of security knowledge or
> focus from making bad security decisions as opposed to which brand of
> security awareness training will be need to be bought. It could also
> mean vendors would need to reach higher to surpass the bar set by the
> law instead of forcing the law to stoop down to what the vendor can
> provide.
>
> People who want to support getting the OSSTMM 3 into the ISO family can
focus on what is an acceptable attack surface rather than on which are
accepted products. -Based on OSSTMM, government organizations could
also determine which environmental controls are required for the
infrastructure to prevent employees with a lack of security knowledge
or focus from making bad security decisions as opposed to which brand
of security awareness training will be need to be bought. It could
also mean vendors would need to reach higher to surpass the bar set by
the law instead of forcing the law to stoop down to what the vendor
can provide.
People who want to support getting the OSSTMM 3 into the ISO family
We need you to talk to the parents of children you know, talk to
schools, and talk to after-school clubs (an Italian Judo class for
kids submitted 8 pictures) to get kids to draw what they think bad
people look like. Please get involved in making this a security
awareness project that encompasses security online and offline for
kids. Translations of the pdf are also welcome!
Thanks!
http://www.isecom.org/mirror/badpeopleproject.pdf
software developers, security researchers and sysadmins:
‣ Improving Code with Destructive Data (Heikki Kortti and Jukka Taimisto)
‣ Security Audit and Hardening of Java based Software (Marc Schoenefeld)
‣ The Exploit Laboratory (Saumil Udayan Shah)
‣ Design and Implementation of Security Awareness Campaigns (Stefan Schumacher)
‣ Advanced Malware Deobfuscation (Scott Lambert)
‣ Protocol and Traffic Analysis for Snort Signature (Matt Jonkman)
‣ Secure Application Coding for Enterprise Software (Vimal Patel)
The DeepSec IDSC is sponsored by CERT.at, Cisco, Microsoft, Sec Consult, Global
DEFENSE includes ways to defend against online/offline attacks against
passwords, including IDS, logging, ciphers, policies, awareness etc.
USABILITY includes user interaction designs, password policies, security
awareness, password reset / recovery from a user perspective, statistics
and so on.
== HOW TO SUBMIT ==
Send your proposal to per@thorsheim.net. Submissions will be reviewed
by people from the Selmer Center and me (Per Thorsheim). Submissions
