[Owasp-austin] OWASP February meeting - Web Application Security in the Airline Industry

James Wickett wickett at gmail.com
Tue Feb 3 17:17:01 EST 2009

*When:* February 27, 2009, 11:30am - 1:00pm

*Topic: * Web Application Security in the Airline Industry: Stealing the
Airlines' Online Data

In this session, attendees will learn about the types of airline data that
is at risk of being stolen by online data thieves. In addition, the
following topics will be further explored:

1. Important attack scenarios and Web-based vulnerabilities accompanied by
examples of how these attacks can be mitigated by deploying comprehensive
defense solutions;

2. Protection strategies and tools, such as Web application scanners and Web
application firewalls, which help equalize the gap between the advanced Web
hacker and the security professional; and

3. Compliance and Software development life cycle approaches.

Following the September 11 attacks, the airline industry recognized its need
to 'webify' online ticket reservation systems, crew scheduling, and
passenger profiles in order to enhance operational efficiency. This
ultimately served to decrease the airlines' operating costs, thereby
increasing their operating profits. However, the following questions remain:
At what costs? What are the information systems and customer data security
risks associated with the airline 'webification' process?

Please join in this presentation, which will outline some of the challenges
that members of the airlines industry may face when attempting to protect
their online services. Additionally, attendees will discover methodologies
that airlines may utilize to identify, assess, and protect against the
various risks associated with Web-based application attacks.

*Who:* Quincy Jackson

Quincy Jackson, a CISSP and Certified Ethical Hacker, has more than 15 years
of experience in the Information Technology ("IT") profession, which include
8 years in Information Security. In addition, Quincy has 15 years in the
aviation industry. His career in the aviation industry began in the United
States Army as an Avionics System Specialist. Quincy began to explore his
passion for IT Security as Sr. Manager - Information Security for
Continental Airlines. Over his 8-year tenure at Continental Airlines, Quincy
was instrumental in the development of the Company's first Information
Security Program. Quincy currently serves as the IT Security Manager for
Universal Weather and Aviation, Inc. ("UWA"). UWA provides business aviation
operators various aviation support services, including flight coordination,
ground handling, fuel arrangement and coordination, online services, and
weather briefings. Quincy enjoys both learning about and sharing his
knowledge of Web application security with others, including ISSA and OWASP

*Where:* National Instruments, 11500 N Mopac, Building C which is the
tallest building on campus (8 levels). There will be signs posted in the
lobby to direct you where to go and the receptionists will be able to assist
you as well. See directions to National

*Cost:* Always Free

*Questions or help with Directions...* call: Scott Foster 512-637-9824.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-austin/attachments/20090203/f0cd3272/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/calendar
Size: 4808 bytes
Desc: not available
Url : https://lists.owasp.org/pipermail/owasp-austin/attachments/20090203/f0cd3272/attachment.bin 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: invite20090227T113000.ics
Type: application/ics
Size: 4885 bytes
Desc: not available
Url : https://lists.owasp.org/pipermail/owasp-austin/attachments/20090203/f0cd3272/attachment-0001.bin 

More information about the Owasp-austin mailing list