Shape Security @ WaffleJS October 16

My talk from Digital Elite Day 2020 (Conversion Elite track). I go over the main changes in browser tracking protections since as early as 2003 (Safari version 1). Then I discuss the impact these tracking protections have on digital analytics, advertising, and experimentation.

Using private proxy software can protect your personal information and online activity from criminals and companies by hiding your IP address and encrypting your data. Without seeing your actual IP address and online data, criminals cannot steal your identity and companies cannot create detailed profiles about you to target advertising. Private proxy software allows you to browse anonymously and securely online by routing your traffic through an encrypted proxy server to conceal your digital tracks from potential threats.

We all use passwords; for our banking cards, for our emails, to log into our work environment, to access our computers and mobile devices and for all the various apps on those devices, for our social media account, and more. They have become commonplace in our society, yet provide us with a false sense of security. This presentation will discuss the inherent failures when using passwords, how they are now being used against us to commit cyber-crimes, what we need to be doing currently to protect ourselves, and what the future of passwords may hold. Main points covered: • How criminals are using our passwords to commit cyber-crimes • Managing passwords and current ways to protect your data • What the future may hold for our passwords Presenter: Ryan Duquette is passionate about digital forensic investigations and with keeping others from being victimized. He's a seasoned digital forensic examiner with many years of experience in law enforcement and the private sector. He founded Hexigent Consulting which is a firm focusing on digital investigations, cyber security consulting services and litigation support. Ryan works closely with clients involved in workplace investigations and civil litigation matters including intellectual property theft, HR investigation and data breaches He is a sessional lecturer at the University of Toronto teaching digital forensics, holds a Master of Science degree in Digital Forensics Management, and several digital forensics and fraud certifications. Ryan is a director for the Toronto chapter of the Association of Certified Fraud Examiners, has been qualified as an “expert witness” on numerous occasions, and is a frequent presenter at fraud, digital forensics, cybersecurity and investigative conferences worldwide. Recorded webinar: https://youtu.be/WTIImiEu078

Penetration tests of iOS applications usually require jailbreak. On the other hand, software developers often enforce a new version of iOS to run the application. Unfortunately, as history shows, with the release of subsequent versions of the iOS system, pentesters have to wait longer and longer for a stable jailbreak. Finally, by testing iDevices, we become participants of the Russian roulette - remain with an out-of-date iOS with the hope that there won’t be an application requiring a newer version; or take the risk of updating and maybe never get the new jailbreak version? During my presentation, I will show you that it is not necessary to put iRevolver to the head and I will present the techniques of conducting the penetration tests without the need to have a jailbreak. The presentation will also include a live demo presenting the solution to the problem of access to protected application resources on the latest version of iOS.

On multiple lines of defense, how to implement them in your typical web app, and why. Explained on passwords and Cross-Site Scripting.

The Retail Strategy and Planning Series is designed to provide retail executives with the tactical tips, insights, metrics and trend data needed to guide 2017 strategies. Tune into Are Bot Operators Eating Your Lunch? and learn how to protect your brand image, reputation and SEO rankings from bad bots: rtou.ch/2c5cPmx.

Did you know 30% of Ecommerce website visitors are unsavory competitors, hackers, and fraudsters? Fact is, online retailers are particularly susceptible to the effects of advanced bot threats, including competitive tactics like price scraping, product matching, variation tracking and availability targeting. Even worse, security breaches such as transaction fraud and account takeovers endanger the overall security of your website, customer base, and brand. When aggressive scrapers caused repeated site slowdowns, Brian Gress, Director of IT Systems & Governance at Hayneedle, said enough was enough. Key takeaways include how to: - Stop competitors from scraping your prices and monitoring your inventory - Reduce chargeback fees due to transaction fraud, carding and account hijacking - Optimize your conversion funnel and enjoy clean analytics and KPIs - Protect your brand image, reputation and SEO rankings

1) Cybercrime costs billions globally each year in direct losses and downtime, with the greatest transfer of wealth coming from cyber espionage of industrial and intellectual property. Nearly $1 trillion was spent in 2012 on cybercrime protection. 2) Traditional annual penetration tests only provide minimal security due to changing software and many variables. Comprehensive security requires strategies like threat modeling, ongoing testing, and vulnerability management. 3) Applications often incorporate many third party libraries and components that may contain known vulnerabilities, but these dependencies are rarely tested or covered by patch management. A holistic approach considering the entire "software food chain" is needed.

A free application security class delivered by world renowned experts: Eoin Keary and Jim Manico. This class has been delivered to over 1000 people in 2014 alone.