Registration:  For further details regarding the meeting and to register, please click the following URL:

 http://isaca-denver.org/meetings/FEB_2010_CHPT_MTG.shtml

February Chapter Meeting

Thursday, February 25, 2010

Web Application Firewalls and Application Security Risks

ISACA Denver Chapter is pleased to announce our February meeting on an exciting security topic. The presentation will be focused on emerging application security risks and the role of web application firewalls in mitigating application security exploits. The presentation will also focus on selection of right web application firewalls and technical challenges in implementation and operational support. This session is open to both the members of ISACA Denver Chapter and non-members. Our February meeting will include a presentation and a panel discussion comprising SMEs and industry practitioners in the web application security area. Please review the content below for additional registration details.

CPE Credits: 1.5

Who should attend?

Internal Auditors

Security Professionals

IT Governance Professionals

Security and Auditing Managers

CISOs

CIOs

IT Development Managers

Topic Summary

Application security is very much about analyzing traffic in both directions, Requests arriving at the web-site and Responses leaving it. Sometimes error messages and diagnostics are being displayed to the public (and malicious users) that reveal critical infrastructure information that then allows the hackers to create targeted, perfectly designed for your environment, attacks. It is very common for attacks to be driven very much from the errors that are leaving your environment. Do you know what your applications are showing the hackers?

Application Security Assessment

Secure Code Review

Application Threat Modeling

Web Application Firewall Technology

Hurry and make your reservation today!

For further details regarding the reservation, please click the following URL: http://isaca-denver.org/meetings/FEB_2010_CHPT_MTG.shtml

About the Speaker

Benjamin Stephan, Director of Incident Management, FishNet Security

Benjamin Stephan comes to FishNet Security with several years of experience in various technical roles. His experience as a security audit professional, senior forensic examiner, and administrator bolster his security expertise as Director of Incident Management. Most recently, Benjamin has maintained a focus on issues regarding digital forensics and breach analysis. He is capable of masterfully assessing both internal and external exposures, identification of critical evidence, and profiling an event based on digital forensics. Benjamin is also an expert at analysis of incident exposures to identify true cause or high risk vulnerabilities; and how to remediate threats in an environment to minimize the risk of continued exposure.

In his current role as Director of Incident Management, Benjamin is active is multiple PCI QIRA projects for Visa, MasterCard, American Express, and Discover. Benjamin also plays an active role as a PCI QSA and PA-QSA. In this role he provides a wide variety of compliance expertise from assessing corporate environments’ adherence to standards, creating gap analyses for current strategies as compared to standard requirements, and advising remediation strategies based on industry best practices.About the Panel Members

Mark Porter, Director – Systems Engineering, Breach Security

Mark Porter is the Director of Systems Engineering at Breach Security. Mark is a seasoned professional with over 20 years of application development experience prior to moving into the security field. His combination of development and security expertise was instrumental in helping develop the company’s Application Security Assessment program that are conducted at Fortune 100 and SME companies that have helped hundreds of companies assess and remediate their application security

About the Panel Members

Mark Porter, Benjamin Stephen and David Bonvillain

David Bonvillain, CISSP,Vice President – Accuvant LABS - Accuvant, Inc

David Bonvillain, is the Vice President of Accuvant Labs. David is resonsible for providing leadership to the Accuvant Labs assessment practice area and ensures the ongoing world-class capabilities of the Accuvant Labs team.

Mr. Bonvillain has been providing security consulting services for over nine years. During that time, he has served clients in a variety of industries, including financial services, insurance, health care, retail, state and federal government, manufacturing, application service providers, global telecommunications, gaming, Internet start-ups, and Internet service providers. In his tenure with Accuvant, David has had a variety of consulting and managerial responsibilities, ranging from implementing security technologies and architectures to performing enterprise assessments for some of the largest multi-national corporations in the world. He has led teams of consultants in performing multi-site enterprise security assessments of some of the nation’s largest enterprise organizations. David has performed numerous web application security assessments for a variety of financial and health care institutions, ensuring secure deployment of e-commerce infrastructures and protection of customer and user data.

Prior to joining Accuvant in early 2002, David was a senior consultant with Internet Security Systems’ X-Force professional services, where he received multiple awards for exceptional performance, including membership in the 2000 ISS presidents club. Before that, he was a senior security consultant with Netrex, where his primary responsibilities included the installation, configuration and management of CheckPoint security products and the OPSEC solutions that integrate with their perimeter software products.

Having presented at multiple regional and national security conferences such as BlackHat, ISSA, TRISC, CIMA and AHIA/CHAN, as well as being published in multiple publications such as CSOonline, BBB, Twin-cities business magazine, and multiple others.

David is a Certified Information Systems Security Professional (CISSP), a Checkpoint Certified Security Engineer (CCSE), a NetScreen Certified Security Associate (NCSA), a Microsoft Certified Professional (MCP), and an ISS-Certified Engineer.

David holds a Bachelor of Music degree in Business/Performance from James Madison University.

Agenda

11:00 AM - 12:15 PM Registration; Lunch & Networking

12:15 PM – 12:30 PM ISACA Board Announcements

12:30 PM - 01:20 PM Presentation on application security risks and Web Application Firewalls (WAF)

01:20 PM - 02:00 PM Panel Discussion

Fees

ISACA Members: $25

Non-Members: $35

Walk-in members and non-members must pay by cash/check and will be charged an additional $10.00 fee above the normal member / non-member fee.

Walk-ins may be turned away if space is not available.

Location (This is a new location that we are trying out. Please note the address below!)

The Summit Conference & Event Center

411 Sable Blvd., Aurora, Colorado 80011

Sponsors and Exhibitors for the February Meeting are Accuvant and FishNet Security

Registration 

For further details regarding the program and to make your reservation, please click the following URL: http://isaca-denver.org/meetings/FEB_2010_CHPT_MTG.shtml