Rootconf Pune edition
Rootconf For members

Rootconf Pune edition

On security, network engineering and distributed systems

Make a submission

Accepting submissions till 21 Aug 2019, 10:30 AM

St. Laurn Hotel, Pune

Tickets

Loading…

##About Rootconf Pune:

Rootconf Pune is a conference for:

  1. DevOps engineers
  2. Site Reliability Engineers (SRE)
  3. Security and DevSecOps professionals
  4. Software engineers
  5. Network engineers

The Pune edition will cover talks on:

  1. InfoSec and application security for DevOps programmers
  2. DNS and TLS 1.3
  3. SRE and distributed systems
  4. Containers and scaling

Speakers from Flipkart, Hotstar, Red Hat, Trusting Social, Appsecco, InfraCloud Technologies, among others, will share case studies from their experiences of building security, SRE and Devops in their organizations.

##Workshops:

Two workshops will be held before and after Rootconf Pune:

  1. Full-day Prometheus training workshop on 20 September, conducted by Goutham V, contributor to Prometheus and developer at Grafana Labs. Details about the workshop are available here: https://hasgeek.com/rootconf/2019-prometheus-training-pune/
  2. Full-day DNS deep dive workshop on 22 September by Ashwin Murali: https://hasgeek.com/rootconf/2019-dns-deep-dive-workshop-pune/

##Event venue:
Rootconf Pune will be held on 21 September at St. Laurn Hotel, Koregaon Park, Pune-411001.

#Sponsors:

Click here to view the Sponsorship Deck.
Email sales@hasgeek.com for bulk ticket purchases, and sponsoring the above Rootconf Series.


Rootconf Pune 2019 sponsors:


#Platinum Sponsor

CloudCover

#Bronze Sponsors

upcloud SumoLogic TrustingSocial

#Community Partner

Shreshta IT Hotstar

##To know more about Rootconf, check out the following resources:

  1. hasgeek.com/rootconf
  2. hasgeek.com/rootconf/2019
  3. https://hasgeek.tv/rootconf/2019

For information about the event, tickets (bulk discounts automatically apply on 5+ and 10+ tickets) and speaking, call Rootconf on 7676332020 or write to info@hasgeek.com

Hosted by

Rootconf is a community-funded platform for activities and discussions on the following topics: Site Reliability Engineering (SRE). Infrastructure costs, including Cloud Costs - and optimization. Security - including Cloud Security. more
Arjun BM

Arjun BM

@arjunbm

The Art of Exfiltration : Digital Skimming

Submitted Jul 4, 2019

The explosion of online digital e-commerce platforms has triggered a race for customer acquisition which no retailer wants to lose or be left out of. As businesses look to deliver faster, easier and better services, security has always been an important factor in the customer value-chain. E-commerce websites continue to be lucrative targets to threat actors, who seek to compromise sensitive guest information. Several high-profile data breaches of ecommerce sites in 2018 has once again forced security researchers to don their thinking hats. New threat actors and vectors are emerging, making online shopping a riskier proposition. While not sacrificing customer experience, how can businesses stay safe in a highly competitive and ever-changing environment? What can be done to safeguard customer data and promote online shopping confidence?
A “digital skimmer” is a malicious JavaScript code embedded into checkout page of hacked websites, to capture payment information of customers. The talk provides an introduction to digital skimming and its recent history, highlighting why this poses high risk to businesses. The workflow of digital skimming operations uncovers how stolen data is monetized in underground markets. The talk will next explore various threat actors involved and attack techniques employed in this type of attack. Diving deeper into code will provide insights into the nuts and bolts of a digital skimmer. Digital skimming being a complex threat, has various challenges in understanding and dealing with it. Lastly, we will look at various counter-measures that can be implemented to reduce the risk of digital skimmers, which can help protect customer data and brand reputation.

Outline

Digital skimming is a threat which many CISOs admit, keeps them up at night. This talk is a comprehensive analysis, articulated from a rare combination of theoretical understanding and applied practical experience of this threat. The real-life hands-on operational experience the speaker has had in dealing with this threat is invaluable information. The talk is crisp, concise and purposeful - focused at providing key take-aways to the audience and equipping them with the capability to strengthen security controls within their own organization.

INTRODUCTION TO DIGITAL SKIMMING
WHAT IS A DIGITAL SKIMMING ATTACK?
MODUS OPERANDI OF THE ATTACK
THREAT ACTORS AND ATTACK VECTORS
ANATOMY OF A DIGITAL SKIMMING ATTACK
CHALLENGES IN DEALING WITH THIS ATTACK
COUNTERMEASURES AND REMEDIATION STEPS
CONCLUSION

Speaker bio

Arjun is a Lead Information Security Analyst at Target Corporation. He is a security professional with diverse experience in architecting, designing, implementing & supporting IT Security & Vulnerability Management solutions in Enterprise & Cloud environments. He is an information security enthusiast with diverse experience in areas like Application Security, Security Architecture, DevSecOps, Cloud Security & Machine Learning. Currently, Arjun is working as a Security Analyst ensuring end-to-end implementation, design and governance of security measures for Target’s Digital & Marketing e-commerce platforms, aimed at brand protection and improving guest confidence. He has been closely following the digital skimming threat and is actively involved within his organization to research upon and ensure that defenses are in place to counter this threat.

Slides

https://www.slideshare.net/ArjunBM3/root-conf-digitalskimmingv4arjunbm

Comments

{{ gettext('Login to leave a comment') }}

{{ gettext('Post a comment…') }}
{{ gettext('New comment') }}
{{ formTitle }}

{{ errorMsg }}

{{ gettext('No comments posted yet') }}

Make a submission

Accepting submissions till 21 Aug 2019, 10:30 AM

St. Laurn Hotel, Pune

Hosted by

Rootconf is a community-funded platform for activities and discussions on the following topics: Site Reliability Engineering (SRE). Infrastructure costs, including Cloud Costs - and optimization. Security - including Cloud Security. more