Source: https://www.owasp.org/index.php/Austin > Upcoming events
April OWASP Chapter Meeting
When: April 24th, from 11:30a-1:00pm
Topic:: Anatomy of Advanced Email Attacks (Aaron Estes, Cigital)
Abstract: Email attacks comprise an overwhelming majority of the daily attacks on modern enterprise. The leading mitigation strategy is a combination of user awareness training and email filtering. This talk outlines a proposed solution that brings email risk and awareness information down to the client level in order to better equip end users in making secure decisions when using email.
Anti-spam capabilities have been incorporated into email client applications for some time now. These are usually in the form of junk boxes or email filters that attempt to identify spam or other unwanted email. Most anti-spam clients use bayesian filtering to determine whether an email is spam or not spam, typically using word combinations and statistical analysis to make a determination. Many experts also advise wary email users to examine the raw email headers in order to attempt to find evidence of an email attack. While this is not bad advise, it is however a highly technical process and one cannot expect the majority of email users to be able to carry out and act upon this advice. This is the problem that the proposed Advanced Email Risk Classification and Recipient Decision Assistance solution attempts to solve. The operating name for this solution is Phish Finder.
Speaker: Aaron Estes, Cigital
Aaron Estes came to Cigital from Lockheed Martin where he spend 10 years in the software engineering and security engineering fields. He began his information security career as a system security engineer on the F-35 program. Aaron has spent the last 5 years as a security engineer and penetration tester for Lockheed Martin Enterprise Business Services specializing in application penetration testing and user awareness/social engineering testing. Aaron is also a professor at Southern Methodist University in Dallas where he teaches senior and graduate level security courses. He has nearly completed his Doctor of Engineering in Software Engineering at Southern Methodist University, has a Masters in Software Engineering from Southern Methodist University and has a Bachelors in Computer Science from University of Texas. Aaron is a Certified Information System Security Professional.
Cost: Free, of course, but please RVSV!
Food: Oh yeah, Taco Deli time! Please RSVP so we’ll be sure to have enough for all!
Location: National Instruments, 11500 N. Mopac.
Questions? call: David Hughes (512) 589-4623
Attend remotely at:
1. Please join meeting.https://www3.gotomeeting.com/join/299008790
2. Use your microphone and speakers (VoIP) – a headset is recommended. Or, call in using your telephone.
Belgium (toll-free): 0 800 26116 Belgium: +32 (0) 28 08 4368