_gaq.push(['_setAccount', 'UA-35754314-2']); _gaq.push(['_setDomainName', 'securityeverafter.com']); _gaq.push(['_trackPageview']); Security Ever After: June 2012 var _gaq = _gaq || []; (function() { var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true; ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s); })();

Tuesday, June 26, 2012

SANS Security 504 Comes to Atlanta

I will be leading a SANS Security 504 -Hacker Techniques, Exploits & Incident Handling course in Atlanta starting September 5th. Mentor style.

You can preview a FREE Excerpt of this course on the SANS Website.

Register using the special promo code of SHARK12 and only spend $2500 for this course!

Atlanta Perimeter Hotel and Suites
formerly: W Atlanta Perimeter
111 Perimeter Center West
Atlanta, GA

6:30 PM - 8:30 PM

Meeting Dates:
September 5th through November 7th 
Mentor classes run for 10 weeks, one evening a week for two hours

Monday, June 18, 2012

Atlanta OWASP June Meeting - New Location

The Atlanta OWASP chapter will meet this Thursday night, June 21st at 6:00pm.

We are excited to announce that this meeting will occur at the Dell SecureWorks headquarters at One Concourse Pkwy, Suite 500, Atlanta, GA 30328.
Please use the following link to RSVP.  

This month we will welcome Rohit Sethi as our guest speaker. Rohit is a specialist in building security controls into the software development life cycle (SDLC). Rohit is a SANS course developer and instructor on Secure J2EE development. He has spoken and taught at FS-ISAC, RSA, OWASP, Shmoocon, CSI National, Sec Tor, Infosecurity New York and Toronto, TASK, the ISC2's Secure Leadership series conferences, and many others. Mr. Sethi has written articles for Dr. Dobb's Journal, TechTarget, Security Focus and the Web Application Security Consortium (WASC), and he has been quoted as an expert in application security for ITWorldCanada and Computer World. He also leads the OWASP Design Patterns Security Analysis project.
Despite years of research on best practices to integrate security into the early phases of the SDLC, most organizations rely on static analysis, dynamic analysis, and penetration testing as their primary means of eliminating vulnerabilities. This approach leads to discovering vulnerabilities late in the development process, thereby either causing project delays or risk acceptance. Neither option is particularly appealing.

This talk is an open discussion about the presence, if any, of scalable, measurable, approaches working to address security into the SDLC. Consideration for how Agile development impacts effectiveness will be explored.

Points of discussion will include:
- Is static analysis sufficient?
- Developer awareness training
- Threat modeling / architecture analysis
- Secure requirements
- Considerations for procured applications

Tuesday, June 5, 2012

SANS@Night Community Evenings in Augusta

SANS invites you to join 2 special complimentary SANS@Night sessions during Community SANS Augusta.  Please plan to join us on Monday June 11 or Thursday June 14 (or  both!).  These evenings will offer informative presentations as well as the opportunity to network with other like-minded Security professionals from the Augusta community, including ISSA members and SANS attendees. 
Earn some CPE's, get great SANS content!

RSVP for either event to coins@sans.org
(include "Augusta" in the subject line)

Registration is still available for our live 6 day classes at Community SANS Augusta!  Visit www.sans.org/community to learn more.

Russell Eubanks
"20 Critical Controls"
A consensus of defensive and offensive security practitioners developed the SANS 20 Security Controls. In their implementation of this program, the United States Department of State demonstrated an 85 percent reduction in vulnerabilities in the first year alone. Small businesses can use practical and often no cost ways to leverage existing security and administration tools to bolster their information security posture. Each control is paired with pragmatic ways for small business to rapidly deploy a continuous monitoring program. By leveraging and leaning into existing tools, the small business can develop a robust continuous monitoring program that is positioned to better recognize and respond to threats.

Doug Burks
"Security Onion"
Traditional Intrusion Detection Systems (IDS) can be costly,
difficult to install, and may not provide all the capabilities that you need to defend your network.  Network Security Monitoring (NSM)combines traditional IDS alerts with additional data to give you a more complete picture of what's happening on your network. This presentation will demonstrate how to deploy NSM in just a few minutes using a free Linux distro called Security Onion.

Thursday, June 14
7:00 to 9:00 pm

Jacob Williams
"Cloud Forensics: The elephant in the room"
​The cloud is here, and it appears to be here to stay.  There is little doubt that mass migration to the cloud will continue by companies large and small alike.  Every time I check my favorite news feeds, I see another eye catching article about a) how to implement cloud security or b) how security in the cloud can’t be achieved.  People however avoid the elephant in the room: forensics.  No matter how good our security is, incidents can and will happen.  When they do, we jump to our forensics teams to help us make sense of it all and prosecute the offenders.  But what process will they use to gather evidence?  Has it been validated by the courts, or even industry as an accepted best practice?  Hint: you can’t use a hardware write blocker on a cloud “drive” since it isn’t a physical drive at all.
​In this talk we’ll consider the implications of forensics “in the cloud” as well as offer some suggested best practices for performing forensic acquisition of assets located in the cloud. We’ll also discuss some things to look for (from a forensic perspective) when selecting a Cloud Service Provider (CSP).  Even if you aren’t directly involved in forensics, this knowledge is a must in understanding what questions to ask when selecting a CSP so you can set correct managerial expectations when the inevitable incident occurs.