AppSec USA 2014 in Denver, CO on September 16-19
It may seem far off, but AppSec USA 2014 is just around the corner. Join the OWASP community in Denver, CO, September 16-19 at this world-class software security conference. Thousands of security professionals from the around the country will be gathering at the Denver Marriott City Center in downtown Denver to share the latest research and practices within the software security world. Along with several insightful keynotes and over 50 sessions, AppSec USA 2014 will offer two days of in-depth training sessions. Don’t forget to join in on the extensive Capture the Flag competition created exclusively for AppSec USA 2014. There will also be an opportunity to dust off those resumes at the Career Fair, where you can skip the online application and converse directly with security officers and recruiters. Finally, it wouldn’t be a Denver event without a home-brewed beer competition to add to the conference fun. Registration is open now to all OWASP members and non-members. For more information, check out the AppSec USA 2014 website: http://2014.appsecusa.org/2014/.
OWASP is a not for profit charitable organization focused on improving the security of software. Our mission is to make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks. Learn more about OWASP at owasp.org.
Packt’s celebrates 10 years with a special $10 offer
This month marks 10 years since Packt Publishing embarked on its mission to deliver effective learning and information services to IT professionals. In that time it’s published over 2000 titles and helped projects become household names, awarding over $400,000 through its Open Source Project Royalty Scheme.
To celebrate this huge milestone, from June 26th Packt is offering all of its eBooks and Videos at just $10 each for 10 days – this promotion covers every title and customers can stock up on as many copies as they like until July 5th.
Dave Maclean, Managing Director explains ‘From our very first book published back in 2004, we’ve always focused on giving IT professionals the actionable knowledge they need to get the job done. As we look forward to the next 10 years, everything we do here at Packt will focus on helping those IT professionals, and the wider world, put software to work in innovative new ways.
We’re very excited to take our customers on this new journey with us, and we would like to thank them for coming this far with this special 10-day celebration, when we’ll be opening up our comprehensive range of titles for $10 each.
If you’ve already tried a Packt title in the past, you’ll know this is a great opportunity to explore what’s new and maintain your personal and professional development. If you’re new to Packt, then now is the time to try our extensive range – we’re confident that in our 2000+ titles you’ll find the knowledge you really need , whether that’s specific learning on an emerging technology or the key skills to keep you ahead of the competition in more established tech.’
More information is available at www.packtpub.com/10years
Modern Honey Network (MHN)
The Modern Honey Network (MHN) software, created by the Google Ventures-backed startup ThreatStream, automates much of the process of setting up and monitoring honeypots, as well as gleaning threat intelligence from them. An API allows it to integrate with IDSes, IPSes, application-layer firewalls, SIEM, and other security tools to set up defenses against attacks it detects.
Honeypots — basically lures posing as machines that let organizations gather intelligence and study the behaviors of attackers — long have been a popular and valuable tool for security researchers. There are plenty of open-source honeypot tools available today, but the high maintenance and complexity of deploying and running these lures have made them unrealistic security options for most businesses.
Open-Source Tool Aimed At Propelling Honeypots Into the Mainstream
An interesting article by Kelly Jackson Higgins of Darkreading.com:
Researchers have built a free open-source honeypot software program aimed at propelling the hacker decoys into security weapons for everyday organizations.
The Modern Honey Network (MHN) software, created by the Google Ventures-backed startup ThreatStream, automates much of the process of setting up and monitoring honeypots, as well as gleaning threat intelligence from them. An API allows it to integrate with IDSes, IPSes, application-layer firewalls, SIEM, and other security tools to set up defenses against attacks it detects.
Honeypots — basically lures posing as machines that let organizations gather intelligence and study the behaviors of attackers — long have been a popular and valuable tool for security researchers. There are plenty of open-source honeypot tools available today, but the high maintenance and complexity of deploying and running these lures have made them unrealistic security options for most businesses.
“Honeypots have never truly taken off in the enterprise,” says Greg Martin, CEO of ThreatStream, which provides a software-as-a-service threat intelligence system for large organizations like Northrop Grumman and SAIC. The goal of MHN is to simplify honeypot deployment and ultimately to make these tools a mainstream, inherent part of the security arsenal for companies in various industries.
“You can deploy 29 honeypots with the click of a button” with the open-source tool, Martin says. “With a VMware server, you can do 30 or 40.”
Read the rest here.
Interview with Aamir Lakhani Co-Author of Web Penetration Testing with Kali Linux
Aamir Lakhani is a leading Cyber Security and Cyber Counterintelligence architect. He is responsible for providing IT security solutions to major commercial and federal enterprise organizations.
Lakhani leads projects that implement security postures for Fortune 500 companies, the US Department of Defense, major healthcare providers, educational institutions, and financial and media organizations. Lakhani has designed offensive counter defense measures for defense and intelligence agencies, and has assisted organizations in defending themselves from active strike back attacks perpetrated by underground cyber groups. Lakhani is considered an industry leader in support of detailed architectural engagements and projects on topics related to cyber defense, mobile application threats, malware, and Advanced Persistent Threat (APT) research, and Dark Security. Lakhani is the author and contributor of several books, and has appeared on National Public Radio as an expert on Cyber Security.
Writing under the pseudonym Dr. Chaos, Lakhani also operates the DrChaos.com blog. In their recent list of 46 Federal Technology Experts to Follow on Twitter, Forbes magazine described Aamir Lakhani as “a blogger, infosec specialist, superhero…, and all around good guy.”
