The talk will cover the new nPA and related software like the AusweisApp with a special focus on possible use cases in the enterprise (“have the government run your corporate PKI” ;-) ). Besides outlining prerequisites for an integration of the nPA within an organization, it will also answer questions about legal aspects that have to be considered and threats and risks that must be controlled and mitigated. Furthermore we will give a short overview about our own security research of the AusweisApp.
Friedwart Kuhn is a renowned expert for Active Directory security and has performed a huge number of projects both in the concept and design space and in the pentesting and incident analysis field.
Michael Thumann is Chief Security Officer and head of the ERNW application security team. He has published security advisories regarding topics like ‘Cracking IKE Preshared Keys’ and Buffer Overflows in Web Servers/VPN Software/VoIP Software. Michael enjoys sharing his self-written security tools (e.g. ‘tomas – a Cisco Password Cracker’, ‘ikeprobe – IKE PSK Vulnerability Scanner’ or ‘dnsdigger – a dns information gathering tool’) and his experience with the community. Besides numerous articles and papers he wrote the first (and only) German Pen-Test Book that has become a recommended reading at german universities.
In addition to his daily pentesting tasks he is a regular conference-speaker (e.g. Blackhat, HITB and RSA Conference) and has also contributed exploit code to the Metasploit Framework. With more than 10 years of experience in computer security Michaels’ main interest is to uncover vulnerabilities and security design flaws from the network to the application level and reverse almost everything to understand the inner working.