Presentation Slide Decks
Internet of Things
The Internet of Things: We've Got to Chat (Mark Stanislav & Zach Lanier)
This presentation will examine some of the recent failures of IoT security, engineering challenges facing entrepreneurs, and a look at the IoT security researcher quandary.
Details will be given about a new effort to help all parties involved proceed with the IoT in a safer, more successful manner. Whether you're a security researcher, software engineer,
or product designer, this presentation will represent the thoughtful look at the state of IoT security we desperately need.
Securing the Internet of Things (Paul Fremantle)
This deck addresses a number of aspects of security for IoT devices and applications and also looks at using federated identity for IoT including MQTT.
Web Application Security
Putting Web Security Issues to REST (Adam Goodman)
This session will cover some common classes of mistakes in developing and using secure web APIs, and show how reinventing the wheel can sometimes be dangerous. Along the way, we'll cover
problems with authentication and authorization, information leakage, and (im)proper uses of transport-layer security, among others.
Evolution of Web Security (Chris Shiflett)
An overview of well-known exploitation methods (XSS, CSRF, etc.) combined with insight into how web technologies can be defeated. Discussion of some ideas for the future, such as evaluating
trends to identify suspicious activity and understanding human tendencies and behavior to help provide a better, more secure user experience will also be provided.
Web App Security - OWASP Top 10 2013 (Driss Amri)
A quick overview about the OWASP Top 10 (2013 Edition) including examples of how many of the threats work and what to do about them.
Mobile Application Security
Common Security Pitfalls in Android Applications (Aditya Gupta)
Identifying common failures of security when building Android applications. Content includes discussion on information leakage, insecure data storage, WebView security, SQL injection, and more.
Secure Development On iOS (David Thiel)
Advice for developers and penetration testers across functional areas of iOS security including Objective-C basics, security-related APIs, UDIDs, and common attack scenarios.
Technical Guidance and Standards Documents
Internet of Things
An Implementers’ Guide to Cyber-Security for Internet of Things Devices and Beyond
This white paper outlines a set of practical and pragmatic security considerations for organisations designing, developing and, testing Internet of things (IoT) devices and solutions. The purpose of this white
paper is to provide practical advice for consideration as part of the product development lifecycle.
Cloud Security
Amazon Web Services, Security Best Practices
This white paper provides security best practices that will help you define your Information Security Management System (ISMS) and build a set of security policies and processes for your
organization so you can protect your data and assets in the AWS Cloud.
Network Security
SSL/TLS Deployment Best Practices
Our aim here is to provide clear and concise instructions to help overworked administrators and programmers spend the minimum time possible to deploy a secure site or web application.
In pursuit of clarity, we sacrifice completeness, foregoing certain advanced topics.
Let’s Encrypt Available at SiteGround
SiteGround web hosting is one of the first major hosts to offer Let’s Encrypt SSL certificates to their customers. Let's Encrypt is a free, automated, and open certificate authority (CA) that issues domain-validated security certificates.
Mobile Application Security
Mobile Application Integrity Protection Handbook
Provides key insights from security experts on a new generation of mobile attacks as well as risk mitigation strategies to support secure mobile app development and defend against
integrity risks and attacks.
Best Practices for Android Security
Android has security features built into the operating system that significantly reduce the frequency and impact of application security issues. Following these practices as general coding habits
will reduce the likelihood of inadvertently introducing security issues that adversely affect your users.
iOS Security Guide
This document provides details about how security technology and features are implemented within the iOS platform. It will also help organizations combine iOS platform security technology and features
with their own policies and procedures to meet their specific security needs.
Security Guidance for Critical Areas of Focus in Cloud Computing
This effort provides a practical, actionable road map to managers wanting to adopt the cloud paradigm safely and securely. Domains have been rewritten to emphasize security, stability and privacy,
ensuring corporate privacy in a multi-tenant environment.
Industry Standards
ISO/IEC 30111:2013
Guidelines for how to process and resolve potential vulnerability information in a product or online service. Applicable to vendors involved in handling vulnerabilities.
ISO/IEC 29147:2014
Guidelines for the disclosure of potential vulnerabilities in products and online services. It details the methods a vendor should use to address issues related to vulnerability disclosure.