ISSA - Metro Atlanta Chapter of Information Systems Security Ass    
 
HomeInformation Security Atlanta
EventsInformation Security Atlanta
MembershipInformation Security Atlanta
Career ResourcesInformation Security Atlanta
SponsorshipInformation Security Atlanta
Contact UsInformation Security Atlanta
 
Chris Eng

Chris Eng

Attacking Crypto in Web Applications Veracode

Chris Eng, Sr. Director of Security Research
Veracode

Presentation Abstract:
This presentation will discuss penetration testing techniques for assessing encrypted data in web applications and demonstrate how such data can be compromised through pattern recognition and only a high-level understanding of cryptography concepts. Techniques will be illustrated through a series of detailed, step-by-step case studies drawn from the presenter's penetration testing experience. This is not a talk on brute forcing encryption keys, nor is it a discussion of weaknesses in cryptographic algorithms. There will be no math. Rather, the case studies will demonstrate how encryption mechanisms in web applications were compromised without ever obtaining the keys or even identifying the underlying ciphers.

Bio:
Chris Eng, Senior Director of Security Research at Veracode, is responsible for integrating security expertise into Veracode’s technology. He monitors attack trends, analysis techniques, and other advances in application security to ensure Veracode’s analysis service addresses timely and relevant threats. Mr. Eng has over 10 years of professional experience in information security. Prior to joining Veracode, he was a Technical Manager for Symantec Professional Services, where he led security assessments for Fortune 100 companies, and served as a technical leader and global facilitator for Symantec’s Attack and Penetration Center of Excellence.

Before joining Symantec through acquisition in 2004, Mr. Eng was a Principal Consultant and then Technical Director of @stake, Inc. In addition to consulting, he led the development of @stake WebProxy, a precursor to today’s proxy-based web application security tools. He also authored internal whitepapers on penetration testing which laid the groundwork for @stake’s delivery methodologies.

Prior to @stake, Mr. Eng was an Electrical Engineer for the US Department of Defense. As a member of the National Security Agency’s “Red Team,” he conducted vulnerability research and performed penetration tests to strengthen the security of US government and military networks.

Mr. Eng earned his Bachelor of Science degree in Electrical Engineering and Computer Science from the University of California in Berkeley, CA.


top | previous page email page | print

Speakers
ISSA Metro Atlanta Chapter Sponsors

Cyber-Ark

Excelovation

Fishnet Security
Infoblox

Kaspersky Lab

PricewaterhouseCoopersMcAfee

Mission Critical Systems

NitroSecurity

Qualys
Sourcefire 

Stonesoft 

TippingPoint 
 
     
ISSA - Information Systems Security Association - Metro Atlanta Chapter
Events · Membership · Career Resources · Sponsorship · Annual Conference
Register ·
User Account · search · Home · Contact Us

Website Strategy and Implementation
provided by Excelovation, Inc.
Computer security and web hosting
provided by Emerald Data Networks