Last week, zvelo sent a couple of its cybersecurity team members to SnowFROC (Front Range OWASP Conference) — Denver’s premier application security conference, organized by the Open Web Application Security Project (OWASP) foundation. OWASP is a community led group that works closely with industry experts to lead educational and training conferences designed to help developers and technologists improve the security of software.
Below is a brief recap of the sessions attended by zvelo’s cybersecurity team members. Also included, are the links to the presentations which have been made available through the SnowFROC conference website.
Active Countermeasures gave an amazing threat hunting training that gave an in-depth discussion on tactics & techniques to monitor network traffic to identify Command and Control (C2) communication.
Patch Production Now!
Presentation by Frank S Rietta
Frank Rietta led a great session on application development. During this session, he highlighted the critical nature of testing code before production as well as the importance of automating this aspect of development. Manually validating code before production is not feasible, so automating the testing before production is key to improving overall security. Unfortunately, this is an aspect often overlooked when it comes to application development — highlighting a necessary and crucial area for continued improvement.
A pdf version of the presentation may be accessed via the following link: https://www.snowfroc.com/2020_Presentations/PatchProductionNow.pdf
AppData Oh My…Oh No!
Presentation by Nick Weibelhaus
This was an eye opening discussion on vulnerabilities inherent in storing data client side, such as storing passwords in browsers and password managers. The discussion also revolved around the location and methods to steal passwords from the misconfigured applications. Finally, the discussion went into the default setting of powershell logging and the potential data that can be found there and lead to a compromise.
A pdf version of the presentation may be accessed via the following link: https://www.snowfroc.com/2020_Presentations/AppData%20Oh%20My…%20Oh%20No!.pdf
Overall, the SnowFROC conference was packed with deeply valuable information and insights. And while our cybersecurity team members were not able to attend all the available sessions, the conference organizers have graciously made all presentation content available in pdf format.
The full list of presentations may be accessed here: https://www.snowfroc.com/#talks.
By sharing the latest training and educational materials designed for cybersecurity professionals, we hope to continuously drive forward our mission to make the internet safer and more secure. Please let us know if you have any questions on how to best leverage the information provided in these presentations, or if you would like to discuss security strategies and best practices with our cybersecurity team.