Difference between revisions of "Kansas City September 2007 Meeting"

From OWASP
Jump to: navigation, search
(New page: == Kansas City OWASP Chapter - September 2007 Meeting == We had speakers Here are their presentations)
 
 
(6 intermediate revisions by one user not shown)
Line 1: Line 1:
 +
The [[Kansas_City]] OWASP chapter met on September 6, 2007 at Centriq Training in Leawood, KS.
  
== Kansas City OWASP Chapter - September 2007 Meeting ==
+
=== Meeting Summary ===
  
We had speakers
+
'''Chapter Business'''
  
Here are their presentations
+
Current chapter priorities include the following:
 +
* Volunteer to give an OWASP presentation
 +
** Talks can anything from a short review of a whitepaper or presentation you've seen, to a web application security tool or product review, to a longer technical talk about attacks or countermeasures
 +
* Volunteer your organization to host an OWASP meeting
 +
* Invite other professionals or students to attend our next OWASP meeting
 +
 
 +
 
 +
'''Speaker 1: Bob Phelps, National Bank Examiner with the Office of the Comptroller of the Currency (OCC)'''
 +
 
 +
Bob provided his insights on the financial regulatory environment and how laws lead to specific information security standards and guidance.  Through his job he has performed a review of application security practices in about a dozen midsize and large banks.  Bob shared the results of this review and provided his recommendations on how to establish a sound application security management program.
 +
 
 +
At the OCC Bob both works with the Policy division in Washington DC and has bank supervisory responsibilities.  He leads and participates in examinations of National Banks in NYC, KC, Omaha, and Minneapolis.  His Policy responsibilities include evaluating emerging technologies and their impact on the banking system, evaluating trends in information security, and developing and delivering various training programs to other examiners.
 +
 
 +
 
 +
'''Speaker 2: Bruce K. Marshall, Senior Security Consultant with Security PS'''
 +
 
 +
Bruce spoke about how to avoid improperly using challenge questions (e.g. “What is your pet’s name?”) for web app authentication.  While challenge questions tend to be user friendly they can also expose your application to new security threats.  He shared his experience on both choosing the best challenge questions and how to properly integrate them into your application.
 +
 
 +
Bruce consults with clients like American Express, Garmin, Microsoft, and Commerce Bank to assess and improve their information security strategies in areas like network security, web app security, authentication, and program management.
 +
 
 +
=== Documents ===
 +
 
 +
* Bruce's [http://www.passwordresearch.com/files/AvoidingPoorChallengeQuestionAuthentication-OWASP.pdf presentation slides]

Latest revision as of 10:35, 18 September 2007

The Kansas_City OWASP chapter met on September 6, 2007 at Centriq Training in Leawood, KS.

Meeting Summary

Chapter Business

Current chapter priorities include the following:

  • Volunteer to give an OWASP presentation
    • Talks can anything from a short review of a whitepaper or presentation you've seen, to a web application security tool or product review, to a longer technical talk about attacks or countermeasures
  • Volunteer your organization to host an OWASP meeting
  • Invite other professionals or students to attend our next OWASP meeting


Speaker 1: Bob Phelps, National Bank Examiner with the Office of the Comptroller of the Currency (OCC)

Bob provided his insights on the financial regulatory environment and how laws lead to specific information security standards and guidance. Through his job he has performed a review of application security practices in about a dozen midsize and large banks. Bob shared the results of this review and provided his recommendations on how to establish a sound application security management program.

At the OCC Bob both works with the Policy division in Washington DC and has bank supervisory responsibilities. He leads and participates in examinations of National Banks in NYC, KC, Omaha, and Minneapolis. His Policy responsibilities include evaluating emerging technologies and their impact on the banking system, evaluating trends in information security, and developing and delivering various training programs to other examiners.


Speaker 2: Bruce K. Marshall, Senior Security Consultant with Security PS

Bruce spoke about how to avoid improperly using challenge questions (e.g. “What is your pet’s name?”) for web app authentication. While challenge questions tend to be user friendly they can also expose your application to new security threats. He shared his experience on both choosing the best challenge questions and how to properly integrate them into your application.

Bruce consults with clients like American Express, Garmin, Microsoft, and Commerce Bank to assess and improve their information security strategies in areas like network security, web app security, authentication, and program management.

Documents