Events for Basel II Capital Accord (Basel II)

SANS WhatWorks in Application Security Summit 2007

Managers from more than a hundred and fifty user organizations are getting together to share the lessons learned in their application security initiatives. Two dozen pioneering companies such as Cisco, Depository Trust, USAID, Deloitte & Touche, TSA, J.C. Penney, and Sovereign Bank will provide case studies of their application security initiatives and answer dozens of questions including:

1. Which application security tools work best: application firewalls, web application scanners, code analyzers and challenges have users have found in implementing them?
2. What is the most effective way to meet the PCI requirement for application security?
3. How can you gain confidence in the security of outsourced application development? How do you verify the skills of the outsourced programmers? How do you embed application security testing into the outsourcer's process? How do you ensure the outsourcer has adequate but tightly limited access to your own networks?
4. What works best in getting programmers and project managers to actually fix the applications that are flawed?
5. How can we ensure our programmers know the common security flaws and can consistently eliminate them from the code we are deploying? Training? Testing? Hiring?
6. How can contracting be used to improve the security of applications at minimum cost? What specific contract clauses work best?
7. What's the right relationship between the security staff and the development team?
8. What are the primary attack vectors criminals are using to compromise applications and which programming errors account for the vast majority of those attacks?

View the Event

Share or bookmarklet this web page at: