April Austin OWASP Meeting Remotely: Anatomy of Advanced Email Attacks

Source: https://www.owasp.org/index.php/Austin > Upcoming events

April OWASP Chapter Meeting

When: April 24th, from 11:30a-1:00pm

Topic:: Anatomy of Advanced Email Attacks (Aaron Estes, Cigital)

Abstract:  Email attacks comprise an overwhelming majority of the daily attacks on modern enterprise.  The leading mitigation strategy is a combination of user awareness training and email filtering.  This talk outlines a proposed solution that brings email risk and awareness information down to the client level in order to better equip end users in making secure decisions when using email.

Anti-spam capabilities have been incorporated into email client applications for some time now.  These are usually in the form of junk boxes or email filters that attempt to identify spam or other unwanted email.  Most anti-spam clients use bayesian filtering to determine whether an email is spam or not spam, typically using word combinations and statistical analysis to make a determination.  Many experts also advise wary email users to examine the raw email headers in order to attempt to find evidence of an email attack.  While this is not bad advise, it is however a highly technical process and one cannot expect the majority of email users to be able to carry out and act upon this advice.  This is the problem that the proposed Advanced Email Risk Classification and Recipient Decision Assistance solution attempts to solve.  The operating name for this solution is Phish Finder.

Speaker: Aaron Estes, Cigital

Aaron Estes came to Cigital from Lockheed Martin where he spend 10 years in the software engineering and security engineering fields. He began his information security career as a system security engineer on the F-35 program.  Aaron has spent the last 5 years as a security engineer and penetration tester for Lockheed Martin Enterprise Business Services specializing in application penetration testing and user awareness/social engineering testing.  Aaron is also a professor at Southern Methodist University in Dallas where he teaches senior and graduate level security courses.  He has nearly completed his Doctor of Engineering in Software Engineering at Southern Methodist University, has a Masters in Software Engineering from Southern Methodist University and has a Bachelors in Computer Science from University of Texas.  Aaron is a Certified Information System Security Professional.

Cost: Free, of course, but please RVSV!

Food: Oh yeah, Taco Deli time! Please RSVP so we’ll be sure to have enough for all!

Location: National Instruments, 11500 N. Mopac.

Questions? call: David Hughes (512) 589-4623

RSVP: http://www.eventbrite.com/event/3182987401

Attend Remotely!

Attend remotely at:

1.  Please join meeting.https://www3.gotomeeting.com/join/299008790

2.  Use your microphone and speakers (VoIP) – a headset is recommended.  Or, call in using your telephone.

Belgium (toll-free): 0 800 26116 Belgium: +32 (0) 28 08 4368


Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s