It took a month but we’ve done it; after ShmooCon 2010, we decided to pay homage to our local speakers at the conference. We had Doug Wilson speaking on Friday and Trevor Hawthorn, Richard Goldberg and Pete Markowsky on Saturday. All four speakers are respected in their fields and have been in the field for more than five years. Below is a brief description of what they talked about.
Doug Wilson discussed an OWASP project that combine a variety of vulnerable web applications on a virtual machine that can be used for testing web application security tools and techniques. The project is entirely free and open source. The project is also useful for testing white box tools and techniques such as source code analysis.
Trevor Hawthorn’s talk “The New World of Smartphone Security” tackled security concerns that are not being discussed and have not been publicly disclosed. In the talk he examined mobile-to-mobile attacks within cellular IP networks, specifically focusing on iPhone attack surfaces, worms, location-based gaming privacy concerns, and web application security.
Richard Goldberg’s discussion was about the less obvious legal risks inherent in storing and accessing data in the cloud. He focused on real-world problems and solutions.
“The aim is to foster a greater understanding of the relevant issues, legal and privacy risks, potential solutions, and which problems do not have solutions.”
Finally, Pete Markowsky covered the differences among reviews system management mode and the relationship between SMM and Virtualization on the AMD-V platform and how to install a SMI handler.
See InfosecEvent’s ShmooCon 2010 – Wrap Up post for a complete list of all conference coverage.