San Jose

Next Meeting - Thursday, April 12, 2007
Open to the public, attendance is free

Agenda and Presentations: 6:00pm - 6:30pm ... Check-in and reception (food & bev) 6:30pm - 7:30pm ... Past, Present and Future of Web Application Security in PCI - Bernie Weidel 7:30pm - 8:30pm ... Top Web Application Vulnerabilities, Exploits and Countermeasures - Josh Daymont

Venue: Ariba 807 11th Avenue Sunnyvale, Ca 94089 Map and Directions

Past, Present and Future of Web Application Security in PCI Presented by: Bernie Weidel - PCI Product Manager, Qualys

Abstract: This presentation will start off with a holistic view of Ecommerce Data Security in contrast to the overall scope of Fraud in the Financial Services Industry, thereby giving insights as to why the PCI DSS was created by the Credit Card Brands and developed into its current form. Next, we will explore the current state of Web Application Security in the PCI DSS v1.1 and attempt to bring clarity to some of the more confusing items. We will also outline the structure of the PCI DSS Council; reviewing its key concepts and requirements. Lastly, we will outline methods you can use to proactively get involved in shaping future versions of the PCI DSS.

Bio: Bernie Weidel, Product Manager for QualysGuard PCI is responsible for evaluating customer/partner requirements, integrating them into the product, and driving PCI to market. Bernie has been developing methods to achieve and evidence compliance since 2000, when he designed a HIPAA compliance program for Scarborough Insurance Agency. Prior to joining Qualys, Bernie was an Infrastructure Security Project Manager at Adobe Systems where he implemented, managed and streamlined SOX and PCI compliance programs. He was also responsible for various aspects of security such as Web Application Security, Database Security, PDA Security and Vulnerability Management. Before Adobe, Bernie worked for Symbol Wireless Technologies as a Wireless Systems Analyst; designing, installing and troubleshooting/fine tuning Enterprise Wireless Networks. Top Web Application Vulnerabilities, Exploits and Countermeasures Presented by: Josh Daymont - Sr. Security Consultant, Fortify

Abstract: This presentation will take a look at Web Application Security from the Front lines to the back offices of systems development. First, a look at the top vulnerabilities and how are they exploited. Then look beyond the front lines and explore countermeasures that can be implemented during the development process to protect applications and sensitive data after deployment.

About OWASP Presented by: Brian Bertacini, Volunteer chapter organizer

Abstract: An overview of the Open Web Application Security Project (OWASP), current projects and feedback from the recent WebAppSec Conference in Seattle.

Please RSVP to via email [mailto:brian.bertacini@owasp.org Brian Bertacini], call 408-979-0571 or visit OWASP.Mollyguard.com

Special thanks to Fujitsu Advanced Networking Solutions for hosting this event.