Welcome to the RISSPA seminar on April 20

On April 20, experts in the field of information security will gather at the Mail.Ru Group office at the RISSPA association seminar "Secure application development and protection."

The meeting will feature reports:

- “Product Security Incident Response Team (PSIRT) - From within Cisco PSIRT,” Alexey Lukatsky, Business Security Consultant, Cisco Systems.
')
Alexey will talk about Cisco PSIRT, the vulnerability management life cycle, and Cisco PSIRT user interactions. Two cases will also be disassembled: "Heartbleed" and "Software Implant in Cisco IOS".

- “Practice of Software Security in Sbertech” , Dmitry Yanchenko and Yuri Shabalin, experts of the department of information security testing of applications, Sberbank-Technologies JSC.

The report is devoted to the strategy, goals, main tasks, priorities and methods used in the practice of Software Security of Sberbank-Technologies JSC.

- “Static analysis: pride and prejudice” , Alexey Kuzmenko, analyst at IB Digital Security.

Code analysis is one of the effective approaches to detecting defects at the software development stage. Allows you to avoid trivial and not very mistakes that can lead to the appearance of vulnerabilities. There are a number of approaches used in analyzers, on the basis of which the analysis is made, allowing to reduce risks. However, a number of preconceptions arise, for the warning of the analyzer is not always a real defect, especially since not every defect is a vulnerability.

- “Identification, authentication, authorization - built-in functions of applications or tasks of a specialized service of an organization?” , Mikhail Vanin, General Director, REAK SOFT LLC.

The report discusses possible approaches to solving problems of identification, authentication and authorization at the infrastructure level of the organization.

Protection of the application requires the presence of built-in user identification / authentication / authorization functions. However, it becomes difficult to rely on embedded functions when it is necessary to provide users with a variety of applications deployed inside the organization and in the cloud, and also give users access from a variety of devices (PCs, mobile devices) and from the organization’s network, and outside its perimeter. In such cases, the task of providing identification / authentication / authorization should be solved at the infrastructure level of the organization.

Collection of participants: 17:30

Reports start: 18:00

Address: Leningradsky prospect, 39, building 79 (metro station Aeroport).

To participate, you must register and receive an invitation, the number of seats is limited. Registration is carried out through the portal IT.Mail.Ru. For those who will not be able to attend in person, videos of speeches will be published.