[Owasp-denver] ISACA Denver Chapter - February Meeting Details

Ramadoss, Ram Ram.Ramadoss at qwest.com
Thu Feb 11 00:12:56 EST 2010

Hi David,

Could you please forward our ISACA Feb meeting information to OWASP members?


Prabhakaran (Ram) Ramadoss
CISSP, CISA, CIPP,GPEN (GIAC Certified Penetration Tester)
Principal Information Security Engineer
Risk Management / Information Security
Work: 720 578 3336
Cell: 720 624 9613

February Chapter Meeting
Thursday, February 25, 2010
Web Application Firewalls and Application Security Risks
ISACA Denver Chapter is pleased to announce our February meeting on an exciting security topic. The presentation will be focused on emerging application security risks and the role of web application firewalls in mitigating application security exploits. The presentation will also focus on selection of right web application firewalls and technical challenges in implementation and operational support. This session is open to both the members of ISACA Denver Chapter and non-members. Our February meeting will include a presentation and a panel discussion comprising SMEs and industry practitioners in the web application security area. Please review the content below for additional registration details.
CPE Credits: 1.5
Who should attend?
Internal Auditors
Security Professionals
IT Governance Professionals
Security and Auditing Managers
IT Development Managers
Topic Summary
Application security is very much about analyzing traffic in both directions, Requests arriving at the web-site and Responses leaving it. Sometimes error messages and diagnostics are being displayed to the public (and malicious users) that reveal critical infrastructure information that then allows the hackers to create targeted, perfectly designed for your environment, attacks. It is very common for attacks to be driven very much from the errors that are leaving your environment. Do you know what your applications are showing the hackers?

Application Security Assessment
Secure Code Review
Application Threat Modeling
Web Application Firewall Technology
Hurry and make your reservation today!
For further details regarding the reservation, please click the following URL: http://isaca-denver.org/meetings/FEB_2010_CHPT_MTG.shtml
About the Speaker
Benjamin Stephan, Director of Incident Management, FishNet Security
Benjamin Stephan comes to FishNet Security with several years of experience in various technical roles. His experience as a security audit professional, senior forensic examiner, and administrator bolster his security expertise as Director of Incident Management. Most recently, Benjamin has maintained a focus on issues regarding digital forensics and breach analysis. He is capable of masterfully assessing both internal and external exposures, identification of critical evidence, and profiling an event based on digital forensics. Benjamin is also an expert at analysis of incident exposures to identify true cause or high risk vulnerabilities; and how to remediate threats in an environment to minimize the risk of continued exposure.
In his current role as Director of Incident Management, Benjamin is active is multiple PCI QIRA projects for Visa, MasterCard, American Express, and Discover. Benjamin also plays an active role as a PCI QSA and PA-QSA. In this role he provides a wide variety of compliance expertise from assessing corporate environments' adherence to standards, creating gap analyses for current strategies as compared to standard requirements, and advising remediation strategies based on industry best practices.About the Panel Members
Mark Porter, Director - Systems Engineering, Breach Security
Mark Porter is the Director of Systems Engineering at Breach Security. Mark is a seasoned professional with over 20 years of application development experience prior to moving into the security field. His combination of development and security expertise was instrumental in helping develop the company's Application Security Assessment program that are conducted at Fortune 100 and SME companies that have helped hundreds of companies assess and remediate their application security
About the Panel Members
Mark Porter, Benjamin Stephen and David Bonvillain
David Bonvillain, CISSP,Vice President - Accuvant LABS - Accuvant, Inc

David Bonvillain, is the Vice President of Accuvant Labs. David is responsible for providing leadership to the Accuvant Labs assessment practice area and ensures the ongoing world-class capabilities of the Accuvant Labs team.
Mr. Bonvillain has been providing security consulting services for over nine years. During that time, he has served clients in a variety of industries, including financial services, insurance, health care, retail, state and federal government, manufacturing, application service providers, global telecommunications, gaming, Internet start-ups, and Internet service providers. In his tenure with Accuvant, David has had a variety of consulting and managerial responsibilities, ranging from implementing security technologies and architectures to performing enterprise assessments for some of the largest multi-national corporations in the world. He has led teams of consultants in performing multi-site enterprise security assessments of some of the nation's largest enterprise organizations. David has performed numerous web application security assessments for a variety of financial and health care institutions, ensuring secure deployment of e-commerce infrastructures and protection of customer and user data.
Prior to joining Accuvant in early 2002, David was a senior consultant with Internet Security Systems' X-Force professional services, where he received multiple awards for exceptional performance, including membership in the 2000 ISS presidents club. Before that, he was a senior security consultant with Netrex, where his primary responsibilities included the installation, configuration and management of CheckPoint security products and the OPSEC solutions that integrate with their perimeter software products.
Having presented at multiple regional and national security conferences such as BlackHat, ISSA, TRISC, CIMA and AHIA/CHAN, as well as being published in multiple publications such as CSOonline, BBB, Twin-cities business magazine, and multiple others.
David is a Certified Information Systems Security Professional (CISSP), a Checkpoint Certified Security Engineer (CCSE), a NetScreen Certified Security Associate (NCSA), a Microsoft Certified Professional (MCP), and an ISS-Certified Engineer.

David holds a Bachelor of Music degree in Business/Performance from James Madison University.
11:00 AM - 12:15 PM Registration; Lunch & Networking
12:15 PM - 12:30 PM ISACA Board Announcements
12:30 PM - 01:20 PM Presentation on application security risks and Web Application Firewalls (WAF)
1:20 PM - 02:00 PM Panel Discussion
ISACA Members: $25
Non-Members: $35
Walk-in members and non-members must pay by cash/check and will be charged an additional $10.00 fee above the normal member / non-member fee.
Walk-ins may be turned away if space is not available.
Location (This is a new location that we are trying out. Please note the address below!)

The Summit Conference & Event Center
411 Sable Blvd., Aurora, Colorado 80011
Sponsors and Exhibitors for the February Meeting are Accuvant and FishNet Security
For further details regarding the program and to make your reservation, please click the following URL: http://isaca-denver.org/meetings/FEB_2010_CHPT_MTG.shtml

This communication is the property of Qwest and may contain confidential or
privileged information. Unauthorized use of this communication is strictly
prohibited and may be unlawful. If you have received this communication
in error, please immediately notify the sender by reply e-mail and destroy
all copies of the communication and any attachments.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-denver/attachments/20100210/bc8be6aa/attachment.html 

More information about the OWASP-DENVER mailing list