Presentation Slide Decks
Internet of Things
The Internet of Things: We've Got to Chat
(Mark Stanislav & Zach Lanier)
This presentation will examine some of the recent failures of IoT security, engineering challenges facing entrepreneurs, and a look at the IoT security researcher quandary.
Details will be given about a new effort to help all parties involved proceed with the IoT in a safer, more successful manner. Whether you're a security researcher, software engineer,
or product designer, this presentation will represent the thoughtful look at the state of IoT security we desperately need.
Securing the Internet of Things
This deck addresses a number of aspects of security for IoT devices and applications and also looks at using federated identity for IoT including MQTT.
Web Application Security
Putting Web Security Issues to REST
This session will cover some common classes of mistakes in developing and using secure web APIs, and show how reinventing the wheel can sometimes be dangerous. Along the way, we'll cover
problems with authentication and authorization, information leakage, and (im)proper uses of transport-layer security, among others.
Evolution of Web Security
An overview of well-known exploitation methods (XSS, CSRF, etc.) combined with insight into how web technologies can be defeated. Discussion of some ideas for the future, such as evaluating
trends to identify suspicious activity and understanding human tendencies and behavior to help provide a better, more secure user experience will also be provided.
Web App Security - OWASP Top 10 2013
A quick overview about the OWASP Top 10 (2013 Edition) including examples of how many of the threats work and what to do about them.
Mobile Application Security
Common Security Pitfalls in Android Applications
Identifying common failures of security when building Android applications. Content includes discussion on information leakage, insecure data storage, WebView security, SQL injection, and more.
Secure Development On iOS
Advice for developers and penetration testers across functional areas of iOS security including Objective-C basics, security-related APIs, UDIDs, and common attack scenarios.
Technical Guidance and Standards Documents
Internet of Things
Security Guidance for Early Adopters of the Internet of Things
This document provides guidance for the secure implementation of Internet of Things-based systems. We have provided the guidance in this document to aid implementers of the IoT in deploying and using IoT in a secure manner. Traditional enterprise security solutions do not sufficiently address the security needs of the IoT as the IoT introduces new challenges.
An Implementers’ Guide to Cyber-Security for Internet of Things Devices and Beyond
This white paper outlines a set of practical and pragmatic security considerations for organisations designing, developing and, testing Internet of things (IoT) devices and solutions. The purpose of this white
paper is to provide practical advice for consideration as part of the product development lifecycle.
Careful Connections: Building Security in the Internet of Things
Businesses and law enforcers have a shared interest in ensuring that consumers’ expectations about the security of these new products are met. Like any other industry in its infancy,
the Internet of Things must prove itself worthy of consumer confidence. Is your company taking reasonable steps to protect consumers’ devices from hackers, snoops, and thieves?
OWASP Internet of Things Top Ten Project
The OWASP Internet of Things (IoT) Top 10 is a project designed to help manufacturers, developers, and consumers better understand the security issues associated with the Internet of Things,
and to enable users in any context to make better security decisions when building, deploying, or assessing IoT technologies.
Amazon Web Services, Security Best Practices
This white paper provides security best practices that will help you define your Information Security Management System (ISMS) and build a set of security policies and processes for your
organization so you can protect your data and assets in the AWS Cloud.
SSL/TLS Deployment Best Practices
Our aim here is to provide clear and concise instructions to help overworked administrators and programmers spend the minimum time possible to deploy a secure site or web application.
In pursuit of clarity, we sacrifice completeness, foregoing certain advanced topics.
Serial Hook-ups: A Comparative Usability Study of Secure Device Pairing Methods
In this paper, we present results of the first comprehensive and comparative study of eleven notable secure device pairing methods. We present overall results and identify problematic
methods for certain classes of users as well as methods best-suited for various device configurations.
Mobile Application Security
Mobile Application Integrity Protection Handbook
Provides key insights from security experts on a new generation of mobile attacks as well as risk mitigation strategies to support secure mobile app development and defend against
integrity risks and attacks.
Best Practices for Android Security
Android has security features built into the operating system that significantly reduce the frequency and impact of application security issues. Following these practices as general coding habits
will reduce the likelihood of inadvertently introducing security issues that adversely affect your users.
iOS Security Guide
This document provides details about how security technology and features are implemented within the iOS platform. It will also help organizations combine iOS platform security technology and features
with their own policies and procedures to meet their specific security needs.
Security Guidance for Critical Areas of Focus in Cloud Computing
This effort provides a practical, actionable road map to managers wanting to adopt the cloud paradigm safely and securely. Domains have been rewritten to emphasize security, stability and privacy,
ensuring corporate privacy in a multi-tenant environment.
Operating System Security
NixOS: A Purely Functional Linux Distribution
In this paper we show that we can overcome these problems by moving to a purely functional system configuration model. We have implemented this model in NixOS, a non-trivial Linux distribution
that uses the Nix package manager to build the entire system configuration from a purely functional specification.
Unikernels: Library Operating Systems for the Cloud
We present unikernels, a new approach to deploying cloud services via applications written in high-level source code. Unikernels are single-purpose appliances that are compile-time specialised
into standalone kernels, and sealed against modification when deployed to a cloud platform.
Guidelines for how to process and resolve potential vulnerability information in a product or online service. Applicable to vendors involved in handling vulnerabilities.
Guidelines for the disclosure of potential vulnerabilities in products and online services. It details the methods a vendor should use to address issues related to vulnerability disclosure.