[Owasp-rochester-announce] May meeting

Andrea Cogliati andreac at dollos.it
Mon May 12 10:06:59 EDT 2008


May meeting will be held on Monday May 19th, 6pm at Bryant & Stratton  
College and will feature a presentation by our Chapter Leader, Ralf  
Durkee, on database encryption and key management. Insecure  
Cryptographic Storage is issue #8 in OWASP Top Ten 2007 and it's an  
integral part of conformance to various national and international  
data protection and privacy laws.


Presenter: Ralph Durkee
Topic: Protecting Information with Database Encryption

After briefly defining common cryptographic terms, we'll look at a  
variety of threat vectors that may expose our sensitive information.  
For each threat vector, we'll examine which database encryption and  
key management architectures are best suited to protect sensitive  
information processed in applications. We'll discuss the Payment Card  
Industry PCI-DSS standard and how to meet it's requirements for  
protecting card holder information. We'll discuss alternatives and  
best practice for when, and how to perform encryption with specific  
technologies provided by Oracle and MS SQL Server. We'll recommend  
encryption algorithms and specific programmer API's and techniques  
for best practice.


Attendance to the meeting is free and open to anyone.

Take care,

Andrea


The third Rochester Security Summit will be held on October 29-30.  
Keep an eye on http://rochestersecurity.org/ web site for an exciting  
agenda! 


More information about the Owasp-rochester-announce mailing list