Bishop Fox named “Leader” in 2024 GigaOm Radar for Attack Surface Management. Read the Report ›

Rhett Greenhagen and Rob Ragan to Give Opening Keynote Presentation at CanSecWest

Date:
Past Event
Illustration for Cansecwest

Bishop Fox's own Rob Ragan, Principal Security Researcher, and Rhett Greenhagen, Senior Security Associate, will be delivering the opening keynote presentation at CanSecWest 2020.

In their keynote “Funneling Trust: Designing Better Database Access” Rob and Rhett will demonstrate how to protect data in Amazon Web Services (AWS) for engineers that are new to cloud security, the latest techniques, and the ever-changing features and functionality of AWS.

CanSecWest, the world's most advanced conference focusing on applied digital security, is about bringing the industry luminaries together in a relaxed environment which promotes collaboration and social networking. The conference lasts for three days and features a single track of thought provoking presentations, each prepared by an experienced professional and talented educator who is at the cutting edge of his or her field. CanSecWest gives preference to new and innovative material, highlighting important, emergent technologies, techniques, or best industry practices.

See more details on the presentation below.

Funneling Trust: Designing Better Database Access

Synopsis:

The features and functionality of AWS are always changing. Seeing demonstrations of how to protect data will help engineers new to cloud security understand the latest techniques.

Abstract:

As modern applications collect larger datasets, the task of protecting the integrity and confidentiality of our records also increases in complexity. Protecting that data starts with considering its classification and building security zone modeling into the architecture to establish and secure trust boundaries.

Let’s examine the do’s and don’ts of cloud-based preventative controls to better understand what can go wrong and what will help engineers correct those wrongs. Security design patterns and anti-patterns for IAM, infrastructure hardening, encryption, and tokenization should all be factored into security requirements during design and then properly evaluated once in implementation. If the high availability (five-nines) of data access in large-scale applications is also a priority, consider exploring DoS protection.

By building smart to limit the points of interaction between users, the application, and the database, we can maintain our security objectives even as our datasets scale. Examples in this talk will come from AWS and other cloud integrations for securing sensitive data.
Rob Ragan

About the speaker, Rob Ragan

Principal Researcher

Rob Ragan is a Principal Researcher at Bishop Fox. Rob focuses on pragmatic solutions for clients and technology. He oversees strategy for continuous security automation. Rob has presented at Black Hat, DEF CON, and RSA. He is also a contributing author to Hacking Exposed Web Applications 3rd Edition. His writing has appeared in Dark Reading and he has been quoted in publications such as Wired.

Rob has more than a decade of security experience and once worked as a Software Engineer at Hewlett-Packard's Application Security Center. Rob was also with SPI Dynamics where he was a software engineer on the dynamic analysis engine for WebInspect and the static analysis engine for DevInspect.

More by Rob
Rhett

About the speaker, Rhett Greenhagen

Senior Security Associate

Rhett Greenhagen was a Senior Security Associate at Bishop Fox, where he served as a member of the research and development team. Rhett has over a decade of red teaming and network security experience. His focuses encompass open source intelligence, cyber counterintelligence, profiling, exploitation, and malware analysis in addition to technical research and development. An accomplished speaker, Rhett has spoken at numerous conferences, such as Black Hat USA and DEF CON on a variety of security and related topics.

More by Rhett

Ready to get started? We can help.

Contact Us

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.