bangalore
Date
  • weekwid: false
  • widHeader: false
  • orgName: electronicsforyou
  • orwid: false
https://www.eventshigh.com/detail/bangalore/36ec92b2c5479a1067eb7c313ed8a64c-risc-2017

RISC 2017

12.9503575,77.6985419
Tue, 20 Jun 2017 9:00AM - 6:00PM
Rs 10999 onwards
426 people viewed this event.
I Am Interested

Get notified when the event happens next time.

Details

Details

RISC ’17 focuses on helping you discover innovative techniques, get actionable insights, and learn recognised best practices at workshops to secure your internet of things or cyber physical system; all of which are delivered by cyber security professionals leveraging their real-world successes or failures.

Booking now open.

Login to View Organizer Details
Like this event ? Share it with your friends !!
Show

What’s the scene?

What’s the scene?

72% of security professionals believe that lack of security is IoT’s biggest challenge. As IoT solutions transition from hype to real deployments, the need for developers to be trained on real-world techniques and practices to manage security is paramount.

Future of IoT requires everyone from chip vendors to software developers, through ODM’s to service providers to be involved in securing systems. What’s more, maintaining security goes beyond good encryption and will need every party in the supply chain to implement it in all systems and processes.

Join RISC ’17 to learn how to respond to the security concerns that hammer products today, and to find smart solutions to the most common security threats.

Show

Conference Overview

Conference Overview

Full-Day Conference: One full day of conference sessions, delivered by top industry experts.

We follow the “Chatham House Rule”: When a meeting, or part thereof, is held under the Chatham House Rule, participants are free to use the information received, but neither the identity nor the affiliation of the speaker(s), nor that of any other participant, may be revealed.

A whole day of workshops: Multiple workshops in parallel with the conference providing highly interactive learning (laptops to be brought by delegates).

Discover opportunities: Connect with 300+ delegates from the industry, who are passionate about cyber security, hacking, protocols and standards.

Understand how you can grow: Interact with senior pros as well as the hands-on expert techies. Young as well as mid-level techies can use this event to enhance hands-on skills as well as understand what is expected of them as they grow.

Urban Art of Living: Our venue, Park Plaza Bengaluru, is a 5-star hotel that offers elegant décor and a range of amenities including high-quality food and snacks to keep our delegates energised.

“There’s no silver bullet solution with cyber security, a layered defense is the only viable defense.”
― James Scott

Show

Speakers & Conference Topics

Speakers & Conference Topics

1. Insecurity of Things: By Minatee Mishra, Lead Engineer at Security Center of Excellence (ScoE), Philips HealthTech.

IoT is there to remain and grow at a phenomenal rate. In this hurry to build the IoT devices, security doesn’t seem to be one of the major considerations. Security flaws in IoT devices would render millions of devices vulnerable and easy targets for large scale malicious attacks. With some case studies the security aspects of IoT devices would be explored and suggestions on possible mitigations would be given.

Key takeaways:

  • Why IoT devices are easy targets.
  • Common flaws and what are the best practices in securing the devices.
  • What are the best practices to secure IoT devices and its connected ecosystem.

2. Secure Coding for IoT Devices: By Deepu Chandran, Sr. Technical Consultant, LDRA Technology Pvt. Ltd., and Priyasloka Arya, Senior Technical Manager, LDRA Certification Services.

Due to increase in connectivity and complexity of devices in modern world, end users need assurance that their devices are safe and secure. This session covers the transition from traditional reactive to proactive testing for IoT devices and the role of Secure coding guidelines in achieving an early stage detection of vulnerabilities.

Key takeaways:

  • Understanding the importance of coding standards (CERT C) for Secure coding.
  • Understanding the latest trends in safe and secure code testing.
  • Discussion on IoT Standardization and Implementation Challenges, needfor standard model.

 

Show

Themes

Themes
• What are the aspects related to cyber security for embedded systems that people need to know if they are building an IoT or embedded product for Indian, American or European markets?

• Unsung security tools that are currently available and effective, but unused to secure information

• How to get away with hacking — the legal do’s and don’t of working in the cyber security segment for embedded devices

• How should we respond to a breach or other vulnerability?

• Tools and best practices for high-risk users — myths vs. reality for the same

• How to ensure security as small firms scale up devices from prototype to full scale production?

• Using open source tools for securing systems and devices

• What are the cyber security techniques that may be illegal if implemented — things that firms ought to correct in the ideation stage itself?

• Statistics 101 for security: How to read your data and evaluate research results

• Learning from the environment—what’s actually working in securing information?

• Secure vs. cheaper vs. faster—what are the tradeoffs, and how do you work with the business side of your organisation to discuss these?

• How to secure consumer appliances and devices?

• How to fix certain existing vulnerabilities?

• The standards that if implemented could have solved common problems

• Building security in: Dev/Test/Integration tools and processes that help develop secure software

• Hands-on: How to hack a smart bulb, a smart car key fob and a smart home security system.
Show

Speakers at R I S C

Speakers at R I S C

1. Faud Khan
Designation: Chief Security Analyst
Company: TwelveDot, Canada
Faud Khan is an industry veteran with more than 20 years of IT security experience with network equipment manufacturers, managed security services provider, financial services, and government agencies. As the CSA for TwelveDot and TwelveDot Labs, Faud is responsible for product strategy, architecture, deployment, and service delivery. Faud is active in ISO/IEC standardization and is the Chair of SMC-SC27 the mirror committee to SC27 in Canada. He is working on the development of standards related to cloud computing, vulnerability disclosure, smart grid and IoT. His expertise and personable approach are fundamental to providing secure, cutting edge solutions for his clients.

2. Mishi Choudhary
Designation: Legal Director
Company: Software Freedom Law Center, New York
At SFLC, Mishi is the primary legal representative of many of the
world’s most significant free software developers and non-profit
distributors, including Debian, the Apache Software Foundation, and OpenSSL.
In 2010, she founded SFLC.in, since which time she has divided her time between New York and New Delhi. Under her direction, SFLC.in has become the premier non-profit organization representing the rights of Internet users and free software developers in India. She was one of the lead counsels in the Supreme Court of India’s landmark Shreya Singhal. Union of India judgment on internet free speech. She consults regularly with the Government of India on issues of internet freedom,Free and Open Source Software, Software Patents, Privacy and Network Neutrality.

3. Minatee Mishra
Designation: Lead Engineer
Company: Security Center of Excellence at Philips
Minatee leads the Security Center of Excellence (ScoE) in Philips HealthTech and has been instrumental in setting up the SCoE within Philips. The SCoE , which is a central organization which is responsible for doing cutting edge work in the field of security testing, doing secure code analysis , finding the vulnerable components within the software and more. Minatee has been in the field of software for 18 years right from designing and architecting systems to securing in systems, She is a Masters from IIT Kharagpur. She holds CISSP, GCIH, CEH certifications.

4. Arun Magesh
Designation: IoT Security Expert
Company: Attify
Arun Magesh works as an IoT security expert with Attify and has worked on numerous smart devices pentest in the past couple of years. He serves as a core committee member for several IoT local chapters and hackerspaces in India, where he also regularly delivers talks and hands-on workshops. He has 5+ years hands-on experience in both building and breaking IoT devices and has been previously awarded for India’s Top 25 under 25 technologist and Intel Software Innovator. He is also the lead content creator for Offensive IoT Exploitation and Practical SDR Exploitation for IoT device courses and has delivered training to numerous governmental and private organizations around the world.

5. Deepu Chandran
Designation: Sr. Technical Consultant
Company: LDRA Technology Pvt. Ltd
DeepuChandran is a Sr. Technical Consultant with LDRA’s India office. Deepu specializes in the development, integration and certification of mission- and safety-critical systems in avionics, nuclear, industrial safety and security. With a solid background in development and testing tools, Deepu guides organizations for more than 10 years in selecting, integrating, and supporting their embedded systems from development through certification.His paper on “Building Secure Embedded software” is published in international journals and he is active in presenting papers on Verification and Validation of Secure and Safe Embedded Systems.

6. Mounish P
Designation: IoT Security Expert
Company: Attify
Mounish is an IoT penetration tester and security researcher at Attify. During his work at Attify, he created and developed hardware devices such as Attify Badge and Damn Vulnerable IoT device. He has researched extensively on serial interfacing techniques, exploiting communication protocols such as Zigbee, Zwave and 6LoWPAN. In his previous roles, he was involved in developing embedded systems for automated water treatment plants and solar plant monitoring. He is an active speaker at local IoT chapters and Embedded device development meetups.

7. Priyasloka Arya
Designation: Senior Technical Manager
Company: LDRA Certification Services
Priyasloka Arya has 16 years of professional experience in Defence and Aerospace domains. He has served Honeywell and Defence Research Development Organization (DRDO) in various capacities as a leader and as well as an individual contributor. Arya is PMP, PRINCE2, ITIL, Six Sigma Black Belt, AS9100 (Internal Auditor), CPRE (IREB), ISTQB and ASEP (INCOSE) certified professional. Arya has worked as a certification specialist In Honeywell with delegation to approve airborne software (complying with DO-178B/C, DO-297, DO-330, DO-332) of various Communication, Navigation and Surveillance projects. Arya has worked in multiple system development projects complying with ARP-4754A as a candidate certification specialist.

Show

Workshops

Workshops

“As the world is increasingly interconnected, everyone shares the responsibility of securing cyberspace.”
― Newton Lee

WORKSHOP: Hacking IoT Devices 101 – Pentester Edition

By Arun Magesh, IoT security researcher at Attify and Mounish P, IoT security researcher at Attify

Hacking IoT Devices 101 – Pentester edition training class is built for anyone who wants to get started with Internet of Things Exploitation and Security Assessment of the so-called “smart devices”. During this class, attendees will get familiar with the tools and techniques that are used by practitioners to identify vulnerabilities in IoT devices.

WORKSHOP: Early Detection of Security Vulnerability in IOT Devices

By Deepu Chandran, Sr. Technical Consultant, LDRA Technology Pvt. Ltd

This workshop is aimed at providing hands-on experience to developers and testers in embedded domain or application security domain using C/C++ language as their language for development. Example code in the workshop refers to CERT C guidelines to deal with detection of runtime errors at an early stage.

Show

Workshop: Hacking IoT 101

Workshop: Hacking IoT 101

Hacking IoT Devices 101 – Pentester edition training class is built for anyone who wants to get started with Internet of Things Exploitation and Security Assessment of the so-called “smart devices." During this class, attendees will get familiar with the tools and techniques that are used by practitioners to identify vulnerabilities in IoT devices. This is a beginner friendly course and attendees don’t need to have previous experience in either IoT or penetration testing. During this 1-day workshop class, we will begin with the fundamentals and gradually move towards advanced topics such as analyzing firmware, mobile app exploitation for IoT, hacking a smart switch and additional demos and attacks on various surfaces.

Subtopics:

1. Getting Started with IoT Security: Introduction to IoT Security Architecture, Getting familiar with IoT security and components, Case studies of IoT Vulnerabilities, Attack vectors for smart devices.
2. Firmware analysis: Firmware Extraction Techniques, Analyzing and Backdooring Firmware, Emulating Firmwares and Binaries, Identifying vulnerabilities in a Firmware.
3. Smart Device Hacking: Reverse Engineering a Mobile app, Firmware analysis, Conventional attack techniques, Analyzing ARM binaries, Getting around with encryption, Taking over a Smart device.
4. Advanced Exploitation: Taking over Smart bulb, Taking over smart Home Security system, Hacking a Car’s Key Fob.

Prerequisites:

  • Basic understanding of networking concepts.
  • Familiarity with Linux.
  • Experience of scripting languages will be a plus.
  • Prerequisite material.
  • Bring your own laptop installed with a Virtualisation software.
  • Ensure that you have admin access on the system.
  • Minimum 25 GB disk space and 4GB RAM is required in order to run the VM smoothly.

What participants will be provided with

  • IoT exploitation VM.
  • Course material and slides.
  • Commercial Smart Devices and other tools to use in class.

Speaker Profile:
1. Arun Magesh: Arun Magesh works as an IoT security expert with Attify and has worked on numerous smart devices pentest in the past couple of years. With an electrical engineering academic background, he serves as a core committee member for several IoT local chapters and hackerspaces in India, where he also regularly delivers talks and hands-on workshops. He has 5+ years hands-on experience in both building and breaking IoT devices and has been previously awarded for India’s Top 25 under 25 technologist and Intel Software Innovator. His main focus area in IoT is embedded device and SDR security. He has also built and contributed to a number of projects such as Brain-Computer interfacing and Augmented Reality solutions. He is also the lead content creator for Offensive IoT Exploitation and Practical SDR Exploitation for IoT device courses and has delivered training to numerous governmental and private organizations around the world.
2. Mounish P: Mounish is an IoT penetration tester and security researcher at Attify. During his work at Attify, he created and developed hardware devices such as Attify Badge and Damn Vulnerable IoT device. He has researched extensively on serial interfacing techniques, exploiting communication protocols such as Zigbee, Zwave and 6LoWPAN. In his previous roles, he was involved in developing embedded systems for automated water treatment plants and solar plant monitoring. He is an active speaker at local IoT chapters and Embedded device development meetups.

Show

Workshop: Early Detection of IoT Vulnerabilities

Workshop: Early Detection of IoT Vulnerabilities

This workshop is aimed at providing hands-on experience to developers and testers in embedded domain or application security domain using C/C++ language as their language for development. Example code in the workshop refers to CERT C guidelines to deal with detection of run-time errors at an early stage.

Key takeaways:

  • Hands-on session on LDRA tool suite keeping CERT C coding standard as reference.
  • Static analysis for early detection, defensive coding and runtime errors.
  • Discussion on different types of reports generated, which helps in certifying a product.

Trainer’s Profile
Deepu Chandran is a Sr. Technical Consultant with LDRA’s India office. Deepu specializes in the development, integration and certification of mission- and safety-critical systems in avionics, nuclear, industrial safety and security. With a solid background in development and testing tools, Deepu guides organizations for more than 10 years in selecting, integrating, and supporting their embedded systems from development through certification. His paper on “Building Secure Embedded software” is published in international journals and he is active in presenting papers on Verification and Validation of Secure and Safe Embedded Systems.

Cost

RISC Conference pass holders will not be charged for this workshop. They still need to sign up for the pass below, to reserve a seat (for free). If you have not bought a conference pass yet, you can buy it here.

Show

Map & Directions

Map & Directions
Park Plaza Bengaluru 90-4 Marathahalli Outer Ring Road Marathahalli village, Marathahalli Bengaluru, Karnataka 560037
Reviews
Reviews
No reviews available
Write a review
Be the first one to review! Share your experience.
Show

Frequently Asked Questions

FAQs
Have any query? Drop your questions here !!
Show
EventsHigh Specials, cyber security, internet of things, Electronics For You, classes and workshops, tech workshops,