BestTechVideos: Tag security Videos

Emerging Security Vulnerabilities & the Impact to Business

scoundrel — Thu, 13 Mar 2008 16:21:34 GMT

Google Tech Talks
November, 12 2007

ABSTRACT

This talk discusses how IT professionals can go about
learning what they need to know to prevent the most significant
emerging data security vulnerabilities, and the impact these
vulnerabilities are having on electronic commerce. In this talk,
I will review how attacks such as XSRF (Cross-Site-Request-Forgery)
and SQL Injection work, and how to properly defend against them.
Then, I will present some industry-wide statistics on software
security vulnerabilities reported to various databases, and
emerging trends in the field of software security. Finally, it will
discuss the current state of security education, and provide
pointers to certification programs, books, and
organizations where you can learn more.

Speaker: Neil Daswani
Neil has served in a variety of research , development, teaching,
and managerial roles at Google, Stanford University , DoCoMo USA Labs,
Yodlee, and Bellcore (now Telcordia Technologies). His areas of
expertise include security, wireless data technology, and peer-to-peer
systems. He has published extensively in these areas, frequently is invited
to give talks at industry and academic conferences, and has been granted
several U.S. patents. He received a Ph.D. and a master's in computer
science from Stanford University , and earned a bachelor's in computer
science with honors with distinction from Columbia University.

Read more about this video…

Want to control this feed contents? Sign up here and create your own feed!

Want more on these topics?
Browse the archive of posts filed under Techtalks, Google, Lectures

Theory and Practice of Cryptography

scoundrel — Thu, 20 Dec 2007 04:36:34 GMT

Google Tech Talks

Topics include: Introduction to Modern Cryptography, Using Cryptography in Practice and at Google, Proofs of Security and Security Definitions and A Special Topic in Cryptography

This talk is one in a series hosted by Google University: Wednesdays, 11/28/07 - 12/19/07 from 1-2pm

Speaker: Steve Weis
Steve Weis received his PhD from the Cryptography and Information Security group at MIT, where he was advised by Ron Rivest. He is a member of Google's Applied Security (AppSec) team and is the technical lead for Google's internal cryptographic library, KeyMaster.

Read more about this video…

Want to control this feed contents? Sign up here and create your own feed!

Want more on these topics?
Browse the archive of posts filed under Conferences, Companies, Broadcasting, Science, Techtalks, Google, Lectures, Computer Science

Railscast: OpenID Authentication

scoundrel — Fri, 12 Oct 2007 19:37:23 GMT

Ever wonder how to implement OpenID authentication in your Rails app? This episode will show you how to add it to a site with an existing authentication system.

Read more about this video…

Want to control this feed contents? Sign up here and create your own feed!

Want more on these topics?
Browse the archive of posts filed under Web 2.0, Development, Frameworks, Ruby, Screencasts, Ruby On Rails

Railscast: restful_authentication

scoundrel — Fri, 12 Oct 2007 19:34:53 GMT

Need multiple user authentication? If so, the restful_authentication plugin is a great way to go. It will generate some basic authentication code for you which is good starting point to your authentication system. Watch this episode for details.

Read more about this video…

Want to control this feed contents? Sign up here and create your own feed!

Want more on these topics?
Browse the archive of posts filed under Databases, Development, Frameworks, Ruby, Screencasts, Ruby On Rails

From Desktops to Donuts: Object-Caps Across Scales

scoundrel — Fri, 12 Oct 2007 03:27:16 GMT

Google TechTalks
July 26, 2006

Marc Stiegler
Visiting Scholar Hewlett-Packard Laboratories

Mr. Stiegler is the developer of CapDesk, a graphical desktop system invulnerable to traditional computer viruses that first explored the secure cooperation concepts now being used by the Polaris secure desktop system for Windows XP.

ABSTRACT

In this last presentation in our series on the Authorization Based Access Control (ABAC) school of thought, we start with an object-capability desktop, CapDesk. CapDesk yields better security, greater functionality, and superior ease of use, all at the same time (and was the original development platform for the ideas that inspired Polaris, demonstrated earlier in this series).

Scaling out from the desktop to include basic Internet connectivity, we then look at how a CapDesk interacts with the network using the DarpaBrowser. In the DarpaBrowser, object-capability confinement mitigates the need for the ever-popular "critical security patch update" that now plagues all web browser technologies. The same object-capability infrastructure that makes the browser breach-resistant also enables the browser to launch web-based applications with functionality still not achievable with AJAX.

Read more about this video…

Want to control this feed contents? Sign up here and create your own feed!

Want more on these topics?
Browse the archive of posts filed under OS, Conferences, Technologies, Companies, Windows, Techtalks, Google, Lectures

Reverse engineering techniques to find security bugs: A case study of the ANI

scoundrel — Sat, 16 Jun 2007 04:46:44 GMT

Google Tech Talks
May 21, 2007

ABSTRACT

Alex Sotirov is a vulnerability engineer at determina. He will discuss some latest techniques in reverse engineering software to find vulnerabilities. Particularly, he'll discuss his technique that lead him to find the ANI bug (a critical new bug in WinXP and Vista).

Alex will describe the tools he uses for reverse engineering and show how he reverse engineered ANI Bug. He will continue to discussed Windows security mechanisms (ASLR, /GS) and describe how ANI exploit bypasses them.

Read more about this video…

Want to control this feed contents? Sign up here and create your own feed!

Want more on these topics?
Browse the archive of posts filed under Conferences, Companies, Broadcasting, Techtalks, Google, Lectures

MySQL Boston May User Group: Auditing MySQL for Security and Compliance

scoundrel — Thu, 31 May 2007 05:13:39 GMT

Mehlam Shakir, CTO of RippleTech, discusses a practical approach for auditing MySQL databases to meet security and compliance regulations. Hear real-world cases and see a live demonstration of how RippleTech's Informant solution compliments MySQL by adding a security layer without any performance impact.

Read more about this video…

Want to control this feed contents? Sign up here and create your own feed!

Want more on these topics?
Browse the archive of posts filed under Databases, Development, Broadcasting, Practices, MySQL, Lectures

Railscast: Cross Site Scripting

scoundrel — Fri, 04 May 2007 11:24:17 GMT

Another common security issue is cross site scripting. In this episode you will see why it is so important to escape any HTML a user may submit.

Read more about this video…

Want to control this feed contents? Sign up here and create your own feed!

Want more on these topics?
Browse the archive of posts filed under Databases, Development, Broadcasting, Frameworks, Javascript, Ruby, Screencasts, Ruby On Rails

Railscast: Hackers Love Mass Assignment

scoundrel — Wed, 02 May 2007 08:45:38 GMT

Your site may be at risk! When using mass assignment, you are giving the user complete control over that model and its associations. See how a hacker might use this vulnerability and learn how to stop it in this episode.

Read more about this video…

Want to control this feed contents? Sign up here and create your own feed!

Want more on these topics?
Browse the archive of posts filed under Databases, Development, Broadcasting, Frameworks, Ruby, Screencasts, Ruby On Rails

LinuxConf.Au: Routing and IPSEC Lookup Scaling in the Linux Kernel

scoundrel — Wed, 04 Apr 2007 13:18:02 GMT

Finding the appropriate path for a packet is the single most important task the kernel networking stack partakes in for every frame sent. For sockets, we can be smart and only do a lookup once for that socket when a new connection is created. But for general routing and IPSEC traffic we must incur a lookup for every packet.

Therefore it is crucial that the lookup of this path be as efficient as possible. The goal is to incur the minimum possible number of cpu memory references during this lookup operation.

On the other hand, it is also important to make sure that route and IPSEC rule changes are efficient as well, and that such changes do not have adverse effects upon the lookup engine under normal circumstances.

The author will discuss his work on the scaling of the IPSEC subsystem data structures. Interesting work on "active garbage collection" in the IPv4 routing cache by Robert Olsson will be presented as well. Finally, the ongoing work investigating a move to a "grand unified flow cache" for all packet path lookups will also be presented. In fact, the lessons learned from the IPSEC scaling and active garbage collection work provide important theoretical groundwork for any unified flow cache scheme.

The ancilliary topic of the impliciation that highly multithreaded cores, such as Sun's Niagara, have upon routing lookup performance will be touched upon as well.

Read more about this video…

Want to control this feed contents? Sign up here and create your own feed!

Want more on these topics?
Browse the archive of posts filed under OS, Conferences, Broadcasting, Networking, Linux, LinuxConf.AU, Lectures, TCP/IP