OWASP Chapters All Day – Hawaii Chapter
June 6, 2020 @ 12:00 pm - 1:00 pm HST
OWASP Chapters All Day is a 24 hour live event where chapters in each time zone around the world present at 12PM in their local time zone to complete a full day of presentations.
The OWASP Hawai’i chapter has 2 great talks linked up to represent us….you know since who else is going to do HST 😀
We have the following two great talks from local folks that we’re super stoked about:
Lyft Cartography: Using Graphs to Improve and Scale Security Decision-Making
Alex Chantavy (@alexchantavy)
This talk highlights how we leverage Cartography (https://github.com/lyft/cartography) at Lyft to improve and scale security decision-making. Attendees of this session will be introduced to our platform and shown a broad set of compelling scenarios including reducing security debt, tracking and alerting on infrastructure changes, and enabling teams to see and better understand their security risk.
Cartography is a free open-source tool that consolidates your technical assets and the relationships between them in an intuitive graph database to enable quick exploration, repeatable decisions, and automated workflows.
We hope that sharing our approach to these problems with Cartography will help you achieve these same outcomes in your own organizations. We have been thrilled to grow the community in our first couple years as an open source project and look forward to hearing your feedback!
Alex Chantavy is a software engineer on Lyft’s security team (and also happens to be from Makakilo, HI). As one of the developers on Cartography, his security interests are understanding cloud permissions relationships and finding opportunities for lateral movement. In previous roles, Alex has performed red teaming as well as security tool development. In short, he enjoys learning easy ways to make computers do what they’re not supposed to do, making robots do his homework, and showing others how to do the same.
Content Security Policy: Going From Idea to Afterthought
Neil Matatall (@ndm)
Content security policy (CSP) is a browser feature that allows an application to tell a browser what is allowed to happen on a given page. It can be a very powerful tool when used correctly. But it’s a tricky beast with a lot of complexity, esoteric details, gotchas, and is still not widely adopted by most of the Internet, by any measure.
Any random article on CSP will talk about its features and behaviors. Some talk about the “report-only” mode for testing out CSP and analyzing reports. But how do you go from no CSP to a solid CSP? A light overview of CSP with a focus on mitigating cross-site scripting will be followed by an explanation of strategies to create an effective and dynamic policy including code samples taken directly from the GitHub codebase.
Neil Matatall is a product security engineer at GitHub that focuses on account security and security UX. Having started off in development with two separate development stints in between, the majority of his work has been in the application security space hardening frameworks, creating libraries, and working with standards bodies. Neil is often considered a hipster because he likes Ruby on Rails. He is also the first user to ever get locked out of their Twitter account because of 2FA.
Full Event Details: https://owasp.org/www-community/social/chapters_all_day/
Full Speaker/Abstract List: https://owasp.org/www-community/pages/social/chapters_all_day/speakers/
The OWASP Hawai’i Chapter will be streaming on YouTube starting at 12PM HST.
Lastly, in light of this weeks events. On behalf of myself as an individual organizer, I would like to recognize the #blacklivesmatter and #antiracism movements as we watch our brothers and sisters across the nation fight to advance our nation’s civil rights. ♥