Export to

Google Calendar
iCalendar file
hCalendar markup
<div class="vevent h-event"> <h1 class="summary p-name">OWASP Chapter Meeting</h1> <div class='date'><time class="dtstart dt-start" title="2014-04-02T18:00:00" datetime="2014-04-02T18:00:00">Wednesday, April 2, 2014 from 6</time>–<time class="dtend dt-end" title="2014-04-02T19:30:00" datetime="2014-04-02T19:30:00">7:30pm</time></div> <div class="location vcard p-location h-card"> <a class="url" href='http://calagator.org/venues/202391809'><span class='fn org p-name'>Jive Software</span></a> <div class="adr p-adr h-adr"> <div class="street-address p-street-address">915 SW Stark St., Suite 400</div> <span class="locality p-locality">Portland</span> , <span class="region p-region">Oregon</span> <span class="postal-code p-postal-code">97205</span> <div class="country-name p-country-name">United States</div> (<a href='https://maps.google.com/maps?q=915%20SW%20Stark%20St.,%20Suite%20400,%20Portland%20Oregon%2097205%20United%20States'>map</a>) </div> </div> <div class="description p-description"> <p><i>Kevin Dyer will be presenting:</i></p> <br><b>High-Profile Password Database Breaches: A Tale of (Avoidable) Blunders</b> <p>Over the last few years, password database breaches reported in mainstream press have increased in frequency and magnitude. There is a typical pattern and service providers, such as Adobe or Yahoo or Snapchat, fail on at least two fronts: first, network perimeters and databases are breached and then, improperly secured user data and passwords are exfiltrated and shared in cleartext. Even if the former can't be prevented, there are security best practices to mitigate the impact of the latter, which are (seemingly) ignored.</p> <p>In this talk, we'll discuss specific case studies and review the essential security best practices for storing sensitive user information. The goal is to show that in every case free, off-the-shelf tools are available, that would have mitigated the scope of the breach and (possibly) the onslaught of negative publicity. As one example, we'll build intuition for why using Scrypt (a memory-hard function) is superior to traditional cryptographic hash functions for storing passwords.</p> <p><b>Kevin P. Dyer</b> is a PhD student at Portland State University. His research focuses on network security and building protocols resistant to traffic-analysis attacks and censorship. Previously, Kevin worked as a software engineer in telecommunications security, web security and network security. He holds an MSc in the Mathematics of Cryptography and Communications from Royal Holloway, University of London, and a BS in Computer Science with Mathematics from Santa Clara University.</p> <hr> <p>The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list:</p> <pre><code> <a href="https://lists.owasp.org/mailman/listinfo/owasp-portland">https://lists.owasp.org/mailman/listinfo/owasp-portland</a> </code></pre> <p>Meetings are free and open to the public.</p> </div> <h3>Links</h3> <ul> <li><a class="url u-url" href="https://www.owasp.org/index.php/Portland">Website</a></li> </ul> </div>

You can edit, clone, or delete this event.

This item was added directly to Calagator
Thursday, March 13, 2014 at 7:42pm and last updated
Wednesday, April 2, 2014 at 11:29am.

OWASP Chapter Meeting

Wednesday, April 2, 2014 from 6–7:30pm

Jive Software

915 SW Stark St., Suite 400

Portland, Oregon 97205, United States (map)

Public WiFi

The front door will be locked after 5pm, but someone will be there to let you in. Take the elevator to the 5th floor cafeteria. If you have trouble getting in or finding the room, call 503.389.3192 for assistance.

Jive has graciously offered to provide pizza and tasty beverages for the event!

Website

https://www.owasp.org/index.php/Portland

Description

Kevin Dyer will be presenting:

High-Profile Password Database Breaches: A Tale of (Avoidable) Blunders

Over the last few years, password database breaches reported in mainstream press have increased in frequency and magnitude. There is a typical pattern and service providers, such as Adobe or Yahoo or Snapchat, fail on at least two fronts: first, network perimeters and databases are breached and then, improperly secured user data and passwords are exfiltrated and shared in cleartext. Even if the former can't be prevented, there are security best practices to mitigate the impact of the latter, which are (seemingly) ignored.

In this talk, we'll discuss specific case studies and review the essential security best practices for storing sensitive user information. The goal is to show that in every case free, off-the-shelf tools are available, that would have mitigated the scope of the breach and (possibly) the onslaught of negative publicity. As one example, we'll build intuition for why using Scrypt (a memory-hard function) is superior to traditional cryptographic hash functions for storing passwords.

Kevin P. Dyer is a PhD student at Portland State University. His research focuses on network security and building protocols resistant to traffic-analysis attacks and censorship. Previously, Kevin worked as a software engineer in telecommunications security, web security and network security. He holds an MSc in the Mathematics of Cryptography and Communications from Royal Holloway, University of London, and a BS in Computer Science with Mathematics from Santa Clara University.

The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list:

 https://lists.owasp.org/mailman/listinfo/owasp-portland

Meetings are free and open to the public.

Export to

OWASP Chapter Meeting

Website

Description

Share

Tags