We have an excellent talk lined up by Boglarka on MFA and a second speaker should be confirmed in the near future. If you are attending please register so we can keep an eye on the numbers.
To attend, please register here for the event.
Twice the pride, double the fall – why 2FA / MFA isn’t the cure we all thought it was.
Speaker: Boglarka Ronto
The security industry has been preaching the mantra of MFA for almost a decade. Indeed, many implementations have surfaced, some better than others, with all of these intending to add to the level of security of an existing solution (i.e. external logon interface).
The trust in such services appears to be unquestioned: companies are looking for cheap, simple and easily manageable solutions and rarely consider the actual level of security associated with the product of their choice.
This talk discusses ways of testing MFA solutions and includes a few case studies of broken and poor MFA implementations, including one which allowed SMS validation to be bypassed completely at an application level (no physical proximity or cloned phones required).
Speaker no. 2 TBC
More details: www.owasp.org
Tickets: owasp-scotland-chapter-meeting-may-2017-tickets.eventbrite.co.uk
University of Edinburgh Informatics Forum, 10 Crichton Street, Edinburgh, EH8 9AB