SecurityTubeBeta Watch ... Learn ... Contribute |
 |
 |
 |
 |
 |
  |
|
Building an Effective Application Security Program (Louisville Infosec)
This is the video of the talk "Compliance Strategy and Planning – Building an Effective Application Security Program" given at Louisville Infosec by John Pavone.
Abstract: Compliance doesn’t make you secure, but a good application security program can ensure your applications are compliant with all major regulations, including PCI, FISMA, SOX, and HIPAA. Application security is no longer a choice. Between increasing number of attacks and regulatory pressures, organizations must demonstrate their capability to secure their applications. Given the staggering number of applications and lines of code already in production, many organizations are struggling to identify a cost-effective and compliant approach to gaining this assurance.
Through a series of case studies and scenarios, John will provide awareness of application security vulnerabilities and verification techniques, compare pros/cons of remediation approaches taken, and provide a practical and tried method in establishing a positive application security program. A program based on four simple balanced focus areas that leverage people, process, and technology to build the capability to reliably produce secure applications. Together, these areas with established practices will enable your organization to successfully manage, improve and sustain an application security initiative in a cost effective and regulatory compliant manner.
Speaker Bio: John Pavone is Aspect Security's Acceleration Services Practice Lead, specializing in the enablement of application security within organizations. John has been an IT professional for over 20 years. In the last 12 years, John has concentrated solely on Information and IT Infrastructure Security.
Abstract: Compliance doesn’t make you secure, but a good application security program can ensure your applications are compliant with all major regulations, including PCI, FISMA, SOX, and HIPAA. Application security is no longer a choice. Between increasing number of attacks and regulatory pressures, organizations must demonstrate their capability to secure their applications. Given the staggering number of applications and lines of code already in production, many organizations are struggling to identify a cost-effective and compliant approach to gaining this assurance.
Through a series of case studies and scenarios, John will provide awareness of application security vulnerabilities and verification techniques, compare pros/cons of remediation approaches taken, and provide a practical and tried method in establishing a positive application security program. A program based on four simple balanced focus areas that leverage people, process, and technology to build the capability to reliably produce secure applications. Together, these areas with established practices will enable your organization to successfully manage, improve and sustain an application security initiative in a cost effective and regulatory compliant manner.
Speaker Bio: John Pavone is Aspect Security's Acceleration Services Practice Lead, specializing in the enablement of application security within organizations. John has been an IT professional for over 20 years. In the last 12 years, John has concentrated solely on Information and IT Infrastructure Security.
Related Videos from: Louisville Infosec 2009 (2)
.jpg) | .jpg) | -(Louisville-Infosec).jpg) | .jpg) | .jpg) | |
You are Viewing this Video Now! | |||||
2378 views | 2596 views | 3427 views | 2421 views | 3131 views |
Author
Vivek Ramachandran is a security evangelist and has been working in computer security related fields for the past 7 years. In 2007, Vivek spoke at world renowned conferences Defcon (WEP Cloaking Exposed) and Toorcon (The Caffe Latte Attack). The discovery of the Caffe Latte Attack was covered by CBS5 news, BBC online, Network World etc news agencies.In 2006, Vivek was announced as one of winners of the Microsoft Security Shootout contest held in India among 65,000 participants. He has also been a recipient of a Team Achievement at Cisco Systems for his work on 802.1x and Port Security modules on the Catalyst 6500 switches. Currently he spends all of his time maintaining Security- Freak.Net , SecurityTube.Net and is the co-founder of Axonize. Vivek, is a Bachelor in Electronics and Communications Engineering from the prestigious Indian Institute of Technology, Guwahati.You can contact him at vivek[at]securitytube.net
©2007 Freak Labs |