This page contains a Flash digital edition of a book.
TRACK SESSIONS TRACK SESSIONS
RESEARCH & THREATS RESEARCH & THREATS (CONTINuED)
In this track you’ll hear Google-Hacking and Google-Shielding Day: Monday 27th October Crash Course: Day: Wednesday 29th October
discussions about
One of the most prominent threats to online applications is the
Start: 13.15 End: 14.15 ID: RT-106
How to Become a Successful Online Fraudster
Start: 10.30 End: 11.30 ID: RT-302
social engineering
unintentional leakage of sensitive information through search
Learn how to defraud your favourite fi nancial service! Uncover
(spam, phishing,
engines. Recently, automated tools have been published that make
Amichai Shulman, Co-Founder Uri Rivner, Head of New Technology,
the latest tools, methods and best practices! Scalable Phishing
pharming, etc.),
the exploitation of this issue even easier for malicious individuals.
& CTO, Imperva RSA, The Security Division of EMC
techniques; Crimeware you can afford; Defeating 2-factor
vulnerabilities,
This session describes the two primary risk components associated
exploits (whether
with search engine exploitation or Google-Hacking.
IT
authentication. Or - if you happen to be on the other side - use
these insights to develop a better strategy for protecting your
“theoretical” or in the
S
consumers against fraud.
wild) and research
into these topics.
Evolving Threat Landscape: Do We Have to Trade Off Day: Monday 27th October
Browser Functionality for Security and Privacy?
Start: 14.30 End: 15.30 ID: RT-107
SECuRITy SERvICES (ConTInUED on nEXT PAGE)
Click here for all Consumers and site owners are faced with an evolving threat
Craig Spiezle, Director, Security &
Track Session
landscape, compromising online confi dence, trust and data this
Sponsored by: Digital Identity and Service-Oriented Day: Monday 27th October
Privacy Product Management, Microsoft
information
session discusses emerging browser-based countermeasures to Architecture - Hope and Glory
Start: 11.30 End: 12.30 ID: SEC-105
restore trust and confi dence including social engineering exploits,
Adoption of federated identity technology has been slower than
new defences against web server-based attacks, and additional
Ronald Williams, Product Architect,
AT
the hype might indicate, despite the maturity of standards such as
improvements to address historic browser-based exploits.
Access and Federated Identity
SAML 2.0 and Web Services Security. This session examines the
RE
In this track you’ll
distinct business and technical identity management issues in both
Management, IBM Corporation
G hear about access
N
IS
TE
The State of Spyware Day: Monday 27th October
commercial and user-centric spheres, and important catalysts to
OW
R
control, including
Cybercrime staged a signifi cant counterattack in 2006 and 2007,
drive successful deployment.
IT
Start: 16.00 End: 17.00 ID: RT-108 authentication
CL
making it the FBI’s number three priority. The session provides
ICK
(identifi es the
H
E
R
E
up-to-date research on spyware, as well as insight into changing
Gerhard Eschelbeck, Chief Technology
user), authorisation
What Role Will OpenID & Emerging Day: Monday 27th October
attack trends from automated worms to adware, Trojans and
Offi cer, Webroot Software
(determines Shared Credential Schemes Play?
Start: 13.15 End: 14.15 ID: SEC-106
system monitors. It describes how spyware writers take advantage
IT
which resources
All sites aim to protect themselves and their customers. But do
of security fl aws and offers best practice for reducing risk.
and services an
Louie Gasparini, CTO, SafePage
they care what happens to customers at other legitimate sites?
authenticated
How do consumers manage access to fi nancial, shopping, social
SQL Smuggling: The Attack That Wasn’t There Day: Tuesday 28th October
user may access),
and information sites? This session reviews current practices,
SQL Injection is a common application-level attack against
Start: 09.00 End: 10.00 ID: RT-201
accounting (keeps
emerging products and industry standards, and possible scenarios
databases. Several mechanisms exist for protecting from these
track of time and data
bF
for consumer authentication across the Web.
attacks. This session discusses where these mechanisms fall
Avi Douglen, Senior Application Security
resources used for
short, and why the conventional outlook on validation fi lters, and
Consultant, Comsec Consulting
billing and analysis)
fi lter-bypass techniques, is lacking. It presents new techniques to
and the management
Out with Traditional Authentication and Protection Day: Monday 27th October
bypass these protection mechanisms by exploiting differences in
of such through - In with the New Data-Centric Security and
IT
Start: 14.30 End: 15.30 ID: SEC-107
interpretation between systems.
identity management
Aggregated Authentication
Dennis McCallam, Chief Security
and provisioning.
The shift from perimeter protection to data centric approaches has not
Examples of other
Architect, Northrop Grumman Corporation
Blinded by Flash: Widespread Security Day: Tuesday 28th October
been clear. This session describes how to achieve a cost-effective
security services
data-centric enterprise approach including aggregating authentication
Risks Flash Developers Don’t See
Start: 10.15 End: 11.15 ID: RT-202 include data leakage
tokens to provide superior security. User cases demonstrate the
In a rush to adopt Flash and deliver rich Internet applications,
Prajakta Jagdale, Security Researcher,
protection, enterprise
operational fl exibility and signifi cant security advantages.
AT
developers too often use quick and dirty hacks to integrate it into
Hewlett-Packard
rights management,
their applications, bypassing security. This session examines Flash forensics, and
applications that are the result of insecure development practices
IT
visualisation.
Why Settle with Conventional Authentication When Day: Monday 27th October
and demonstrates the ease with which they can be compromised. Behaviometrics Go Beyond It?
Start: 16.00 End: 17.00 ID: SEC-108
Click here for all
Conventional login credentials function as a gatekeeper against
Neil Costigan, Technical Advisor,
Threat Horizon 2010+ - To Infi nity and Beyond Day: Tuesday 28th October
Track Session intrusions. But what happens if an intruder has acquired the
BehavioSec
This session presents a generic framework that can be used to
Start: 11.45 End: 12.45 ID: RT-203
information
password or operates post log in? Behaviometrics adds a new
identify future information security-related threats. The future
layer that protects the entire session post log in. The active user’s
Peder Nordström, CTO, BehavioSec
threats identifi ed world-wide by over 100 organisations are
Moderator: behaviour is verifi ed continuously to make sure that it is the
analysed by a panel of senior industry information security
Andrew Jones, Principal Research authenticated user.
IT
professionals who provide commentary on the reality and
Consultant, Information Security Forum
potential impact of the threats. Panelist: Trust in Mashups, the Complex Key Day: Tuesday 28th October
Jason Creasey, Head of Research, ISF
Mashups represent a different business model for on-line business
Start: 09.00 End: 10.00 ID: SEC-201
Guy Bunker, Chief Scientist,
and require a specifi c approach to trust. This session sets out why
Distinguished Engineer, Symantec UK
Mashups are different, describes how trust should be incorporated
John Sluiter, Managing Security
into the Mashup-based service using Jericho Forum models and
Architect, Capgemini
Iain Andrews, Head of Information
presents three fi rst steps for incorporating trust appropriately into
Security (Corporate), Fujitsu TF
new Mashup services.
TF
Malware 2.0 Day: Wednesday 29th October
Mobile Banking and Identity Theft: Day: Tuesday 28th October
Browsers compete with operating systems as the next application
Start: 09.00 End: 10.00 ID: RT-301
Can Your Phone Protect Your Identity?
Start: 10.15 End: 11.15 ID: SEC-202
development platform. The rapid development of Web 2.0 pushes Financial institutions around the world are expanding service
Patrick Bedwell, Director of Product
browser developers into implementing advanced features to
Itzik Kotler, Security Operation Center
offerings to full-service banking via mobile phones. However,
Marketing, Arcot Systems, Inc.
support interactive multimedia applications. This creates a
Team Leader, Radware
mobile banking has the potential to accelerate identity theft and
fertile environment for a new breed of malware that is OS and Jonathan Rom, Security Researcher, fraud. This session looks at different mobile banking models and
architecture independent, covert and implemented through a Radware Ltd.
series of APIs and high-level OOP languages.
AT RE
G
IS
TE
R
b
y
their relative strengths and weaknesses in the context of protecting
bF
users’ identities.
26
TH
S
EP
T
EM
B
E
R
1
0
0
& S
A
v
E £
Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18
Produced with Yudu - www.yudu.com. Publish online for free with YUDU Freedom - www.yudufreedom.com.