Kansas City

Upcoming Meetings
The next Kansas City chapter meeting will take place on September 6, 2007 from 6:00 PM to 8:30 PM CDT. Add the event to your calendar today so you don't miss this opportunity to learn about web application security and network with your peers.

September 6 Meeting
Speaker 1: Bob Phelps, National Bank Examiner with the Office of the Comptroller of the Currency (OCC)

Bob will provide his insight on the financial regulatory environment and how laws lead to specific information security standards and guidance. Through his job he has performed a review of application security practices in about a dozen midsize and large banks. Bob will share the results of this review and provide his recommendations on how to establish a sound application security management program.

At the OCC Bob both works with the Policy division in Washington DC and has bank supervisory responsibilities. He leads and participates in examinations of National Banks in NYC, KC, Omaha, and Minneapolis. His Policy responsibilities include evaluating emerging technologies and their impact on the banking system, evaluating trends in information security, and developing and delivering various training programs to other examiners.

Speaker 2: Bruce K. Marshall, Senior Security Consultant with Security PS

Bruce will be speaking about how to avoid improperly using challenge questions (e.g. “What is your pet’s name?”) for web app authentication. While challenge questions tend to be user friendly they can also expose your application to new security threats. He will share his experience on both choosing the best challenge questions and how to properly integrate them into your application.

Bruce consults with clients like American Express, Garmin, Microsoft, and Commerce Bank to assess and improve their information security strategies in areas like network security, web app security, authentication, and program management.

Location: Centriq Training 8700 State Line Road Suite 200 Leawood, KS 66206 (913) 322-7000

PLEASE NOTE
 * Attendance at an OWASP chapter meeting is free and open to anyone interested in web application security
 * No registration is required, although RSVPs to the chapter leader are appreciated
 * Professionals with CISSPs, or other certifications, can earn CPE credits by attending

We meet at least once a quarter to discuss application security. If you have an interesting topic you'd like to present or discuss at future meetings, please send an email to bmarshall[at]securityps com. Or, get a discussion going by posting a message to our mailing list.

Past Meetings
Thanks to the speakers and attendees at our past chapter meetings:


 * September 2007 Meeting
 * June 2007 meeting
 * March 2007 meeting
 * December 2006 meeting