[Owasp-dallas] ISSA Meeting on 6/16:The State of WebApplicationSecurity

Peloquin, Joseph (Dallas) Joseph.Peloquin at fishnetsecurity.com
Wed Jun 15 13:24:24 EDT 2011


Why should security vendors be exempt from criticism?  Furthermore, what's the harm in discussing it?
Is it too much to believe I simply stated something others were thinking, but wouldn't say for some
reason?

It's relevant in this situation, given the speaker works for a vendor that purports to protect against
SQLi attacks, and yet was a victim themselves.  I liken this to SOE trying to tell us how to protect
websites and the PS network from breaches, after having just been victims themselves.  So, no, I'm not
interested in hearing Barracuda's lessons learned, which will/would obviously be clouded with spin.
On the other hand, I _would_ be very keen to hear lessons learned from the incident response folks
that cleaned up the mess, identified root-cause, and influenced the remediation plan.

My sincere apologies to those offended by my opinion.

Joey Peloquin | Director, Mobile Security | FishNet Security | 214.909.0763


-----Original Message-----
From: owasp-dallas-bounces at lists.owasp.org [mailto:owasp-dallas-bounces at lists.owasp.org] On Behalf Of
Andrea Wendeln
Sent: Wednesday, June 15, 2011 11:44 AM
To: owasp-dallas at lists.owasp.org
Subject: Re: [Owasp-dallas] ISSA Meeting on 6/16:The State of WebApplicationSecurity

What I SHOULD HAVE said was:  In case you're interested in MOCKING a
vendor I thought I would pass this along.

I'm actually interested in lessons learned from what they've gone
through, aren't you?


On Wed, Jun 15, 2011 at 11:28 AM, Peloquin, Joseph (Dallas)
<Joseph.Peloquin at fishnetsecurity.com> wrote:
> Thanks for sharing, but I fail to see how a WAF vendor that was recently the victim of SQL Injection
> attacks themselves will be able to tell me something I don't already know.
>
> Joey Peloquin | Director, Mobile Security | FishNet Security | 214.909.0763
>
>
> -----Original Message-----
> From: owasp-dallas-bounces at lists.owasp.org [mailto:owasp-dallas-bounces at lists.owasp.org] On Behalf
Of
> Andrea Wendeln
> Sent: Wednesday, June 15, 2011 11:17 AM
> To: owasp-dallas at lists.owasp.org
> Subject: [Owasp-dallas] ISSA Meeting on 6/16:The State of Web ApplicationSecurity
>
> In case you're interested I thought I would pass this along. A link to
> register is below.
>
>
>
>  **REMINDER**ISSA North Texas June Meeting - June 16th at 11:30 - Register Now
>
> Join us for the Information Systems Security Association North Texas
> Chapter Meeting
> ISSA NTX - June Meeting 2011
>
> Maggiano's Little Italy
> 6001 W. Park Blvd.
> Plano, TX 75093 Thursday, June 16, 2011
> 11:30 AM  - 1:00 PM
>
> Topic:  The State of Web Application Security
>
> Summary:
> It's no secret that more and more commerce is being conducted via Web
> applications. Web-based applications are convenient for consumers and
> allow vendors to get applications online quickly to reach those
> consumers. This trend has also created a variety of privacy and
> security concerns that affect all companies transacting business over
> the Web.  Recently, Barracuda networks co-sponsored a research study
> conducted by the Ponemon Institute titled "The State of Web
> Application Security" that revealed that these concerns are keenly
> felt by web application administrators.  However, a major disconnect
> exists as appropriate countermeasures to these threats are either
> ineffective or completely non-existent.  Join us for an informative
> seminar to learn:
> *       More about our revealing research
> *       Why Web applications are under attack
> *       What hackers are doing to compromise Web applications
> *       How to mitigate this risk
>
> Speaker:  Grant Murphy, Vice President of Enterprise Solutions,
> Barracuda Networks
>
> Grant Murphy is Vice President of Enterprise Solutions managing
> worldwide sales for the Barracuda Web Application Firewall and the Web
> Filtering products at Barracuda Networks. Murphy brings significant
> experience in the Web proxy/cache market and how these technologies
> can be used to secure employee\'s Internet Access as well as the sites
> they are accessing.  He has been a frequent speaker at many security
> industry events worldwide over the past four years.  Prior to joining
> Barracuda, he was responsible for sales of McAfee\'s Web and Email
> filtering products.   Murphy earned his CISSP accreditation in March
> of 2006.
>
> Sponsor: Barracuda Networks
>
> Register Here:  https://www.acteva.com/go/ISSA-NorthTX
> **Online registration ends at 9:00 am on day of meeting.**
> _______________________________________________
> OWASP-Dallas mailing list
> OWASP-Dallas at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-dallas
> _______________________________________________
> OWASP-Dallas mailing list
> OWASP-Dallas at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-dallas
>
_______________________________________________
OWASP-Dallas mailing list
OWASP-Dallas at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-dallas


More information about the OWASP-Dallas mailing list