Event Date / Time: 10th Dec 2019 – 5:00pm to 7:30pm (AEDT) @ EY, 8 Exhibition Street, Melbourne CBD

***  NOTE … event start time advanced by 30 mins. Thank you.  ***

+++  Holidays Period Event – Door Price Bonanza 🙂   +++

 

ISACA Melbourne Chapter is happy to offer a double speaker, professional development session.

 

Session 1: DevSecOps and SABSA Fusion

Digitally disruptive technologies are rapidly converging. These technologies are fundamentally shaping value propositions and operating models.

In order to compete in the digital economy, enterprises are increasingly competing on time-to-market. The pace of change observed in digital solutions necessitates that security be built in instead of bolted on.

New threat landscape

  • Technology disruption is making online services more open and accessible to customers and attackers alike.
  • The advent of the connected world, and the inherent interconnectivity of people, devices and organizations, opens up a whole new playing field of vulnerabilities.
  • Critical information assets of organizations are more exposed to targeted attacks than ever.

Quick iterative releases

  • Typical sprint cycle for technology deployment is less than 30 days compared to 6-12 months for Waterfall SDLC.
  • Short, time-boxed development iterations of small functional stories.
  • Traditional security activities such as manual penetration testing don’t fit short iterative sprints.
  • Development team are only focused on changes for that iteration.

Automated tools challenge

  • Tools need to be configured and tuned to get adequate coverage of critical application functionality and different testing strategies need to be used.
  • Too many different types of tools and approaches available.
  • Too many false positives from traditional security tools for the developer to deal with.

In response to the challenges facing the inclusion of security testing into Devops Pipelines and the requirement to be able to perform automated security testing early on in the development lifecycle EY developed a platform that can infuse automated security testing into development pipelines. The Team leveraged the SABSA framework to define the business problem as well as drive the business case for development of the platform.

The presentation will cover history of DevOps leading into DevSecOps and will present how the SABSA framework can be leveraged to solve a Business Problem.

by Rahul Lobo
Director, Ernst & Young (Australia)

Rahul is an experienced Cyber Threat Management professional with 16 years of experience, involved in attack and penetration testing, application security, vulnerability assessment, IT security risk management and mitigation, IT security remediation, security architecture and security consulting. He currently manages a team of penetration testers and security architects at the EY Advanced Security Centre in Melbourne and is an MBA-Systems, CISA, CISSP, CISSP-ISSAP, OSCP, Crest Registered Tester and is SABSA SCF.

 

Session 2: Application Security Breaches

Open-source software (OSS) has transformed the way we build software, for the better. It’s designed for reusability, transparency, ease and allows you to incorporate components into your own applications as dependencies. Most of the companies and applications we rely on today, are only made possible because of OSS.

But, the power of OSS did not come without also introducing significant risk. Open-source projects have vulnerabilities. In fact, last year 51% of JavaScript packages downloaded had a known vulnerability and 12.1% of Java packages had a known vulnerability. Or, they could be maliciously attacked by bad actors, compromising any applications that depend on those projects. Dependencies hosted in public repositories can disappear, breaking your builds. Complexity can obscure the true surface area of your application, making it difficult to spot security holes in your apps. The list goes on.

The good news – all of the risks can be prevented with responsible building practices. In this session learn how to:

– Pick trusted sources for OSS components, and why it’s important
– Get started with free tools to begin checking for issues in components
– Improve the speed/reliability of your build pipeline
– Automate your OSS security, from 25 days of manual work, down to 5 minutes.

Demo’s will include:
– Google hacking to find vulnerable frameworks on public Websites.
– Exploiting Vulnerable Python Framework (PyPI)
– Exploiting Vulnerable Javascript Framework (npm)
– Remediation workflow and release automation

by Cameron Townshend

Cameron Townshend BSc, MSysDev, MCP CP Snr, MCSD – has
extensive experience building large mission critical applications.
Developed the WeatherChannel.com.au website and backend
integration. This site won 2010 Kentico site of the year for
Integration and 2011 Astra award for Most Outstanding Use of
Technology. Initial project lead on NSW Biosecurity Information
System. He is both a hands-on developer and a skilled
communicator and leader of project teams.

 

CPE Hours

1.5 hours, based on the assumption you have signed the attendance sheet when attending.

 

Registration and Admittance

  • Due to our sponsoring partner’s facilities, access requirements and for catering purposes, we request that you register for this event to ensure you are able to attend.
  • Registration to this session is open and free of charge to all current and prospective ISACA members.
  • Guests and prospective members are encouraged to attend.  Please enter “Non-Member” in the ISACA Member Number Field to complete registration.  Thank you.
  • If you register please do attend, this is very important for the Chapter and the Sponsors.
  • Registration door prizes will be drawn from the list of duly registered attendees.

 

Agenda

*** NOTE … event start time advanced by 30 mins. Thank you. ***

5.00pm – Registration and session sign-in – required to receive applicable CPE credits
5:30pm – START – Welcome, Introductions, Agenda
5:35pm – Session 1, Questions & Answers
6:15pm – Session 2, Questions & Answers
7:00pm – The Soapbox – Chapter Updates, Announcements and Issues of interest to members, Door Price Draw
7:05pm – Networking opportunity – drinks and finger food to be served
7.30pm – Event Ends

 

Event Date / Time: 10th Dec 2019 – 5:00pm to 7:30pm (AEDT) @ EY, 8 Exhibition Street, Melbourne CBD

*** NOTE … event start time advanced by 30 mins. Thank you. ***

 

  • 10 December 2019
    5:00 pm - 7:30 pm

Venue:  

Address:
8 Exhibition Street, Melbourne, Victoria, 3000, Australia