The next presentation at the ISSA half-day seminar was on the “Cloud Security Alliance” and Security Guidance for Critical Areas of Focus in Cloud Computing by Jeff Reich. Here are my notes from this presentation: Agenda About the Cloud Security Alliance Getting Involved Guidance 1.0 Call to Action About the Cloud Security Alliance Not-for-profit organization […]
This was my third consecutive year attending the TRISC Conference and it gets better and better every year. This year, the location was outstanding, the presenters were top-notch, and the Keynotes were pretty good. This was my first time actually presenting at the TRISC Conference and I thought they did an excellent job from the […]
For my last session of the day at TRISC 2009, I decided to attend Joseph Krull’s presentation on PCI Compliance. Joe works as a consultant for Accenture and has performed 60+ PCI engagements for various companies. If your organization does any processing of credit card information, my notes from that session below should be useful: […]
One of the sessions that I attended during the day on the Tuesday of TRISC 2009 was by Doug Landoll from Lantego on “Security Policy Architecture”. The presentation was a very good overview of how to put good security policies in place that are easily auditable should that need arise and that are as comprehensive […]
For my first session of the day on Tuesday of the TRISC 2009 conference I attended a presentation by Andrew MacFarlane from Data Foundry, Inc. on “Deep Packet Inspection and the Loss of Privacy and Security on the Internet”. While the concept of DPI is nothing new to me and I remember first hearing about […]
Recently I was elected the new Treasurer of the Capitol of Texas Chapter of the Information Systems Security Association. No, that’s not my way to seek your approval, but thanks for the kudos. The reason why I bring this up is that one of the first things I needed to do as the new Treasurer […]
This presentation was on “Cryptography for Penetration Testers” and was by Chris Eng, the Senior Director of Security Research at VeraCode. The Premise How much do you really have to know about cryptography in order to detect and exploit crypto weaknesses in web apps. Goals Learn basic techniques for identifying and analyzing cryptographic data Learn […]
This presentation was by John Steven who is the Senior Director of Advanced Technology Consulting at Cigital, Inc. What is a threat? An agent who attacks you? An attack? An attack’s consequence? A risk? What is a threat model? Depiction of the system’s attack surface, threats who can attack the system, and assets threats may […]
This presentation was by Jian Hui Wang (girl) who is a security professional, but “a nobody in NYC”. Talking about Lotus Notes/Domino web application architecture and security features, web application common development mistakes and fixes, and test methodology. Lotus Notes/Domino History Lotus Notes is client and Domino is the server. Supports multiple protocols with one […]
I was originally planning on going upstairs for the SaaS Security presentation, but I had to come downstairs again to get my lunch and this topic seemed interesting, especially given the prevalence of cross site scripting in websites (see OWASP Top 10). The presentation was by Arshan Dabirsiaghi, the director of research at Aspect Security. […]
