The Open Web Application Security Project (OWASP) Los Angeles Chapter is teaming up with the Orange County, San Diego, SF Bay Area, and the Inland Empire chapters to bring you the FIFTH Annual AppSec California. The event is a one of a kind experience for information security professionals, developers, and QA and testing professionals, as they gather at the beach from around the world to learn and share knowledge and experiences about secure systems and secure development methodologies.

One and Two-day training sessions on various subjects by expert trainers kick off the conference on January 28th. World renown speakers follow on days three and four.

There will be four concurrent tracks throughout the day on both January 30 and 31, addressing a variety of topics to enhance knowledge.

Back To Schedule
Tuesday, January 30 • 11:45am - 12:35pm
Leveraging Cloud SDNs to Solve OWASP Top Ten

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Abstract :
Historically, implementing network security controls within a virtualized cloud environment have been difficult to implement requiring tricky networking and hypervisor integration. Advancements in software-defined networking (SDN) now allow virtualized security controls to be implemented within virtual layer 2 (media link) network reducing the complexity. Through the use of SDN defined service chains, network traffic can be required to flow through security controls allowing policy to be implemented within the virtual network itself. This presentation illustrates how common security functions (such as Snort) can be virtualized and injected within layer 2 of a virtual network without requiring any layer 3 (IP) networking changes.

This presentation elaborates on the open-source technologies available to make implementing networking virtualized web security a reality. The presentation culminates in a walk-through of a full workshop available via GitHub for those that are interested in trying out the full implementation. This work has been completed using open-source software including Linux (CentOS), Snort, nginx, and OpenStack.

avatar for John Studarus

John Studarus

Cloud Engineer, Packet
John merges his interests in computing infrastructure, networking, and software security. His background includes leading product teams, writing prototype code and examining distributed systems at Fortune 500s and startups alike. He brings a rare combination of technical expertise... Read More →

Tuesday January 30, 2018 11:45am - 12:35pm PST
Sand and Sea Room