This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Dealing with Web Application Security, Regulation Style

Jump to: navigation, search


Registration | Hotel | Walter E. Washington Convention Center

The presentation

Andrew Weidenhamer.jpg
The fact that many organizations don't perform security unless they have to, significantly contributes to more than 80% of all web applications being exposed to vulnerabilities. In comes regulation. There are a number of different industries other than financial and healthcare that deal with PII and PHI but either are not regulated at all or are regulated very loosely. This presentation will discuss the various regulations (PCI, SOX, HIPAA, etc) and what each does to address web application security, if any, as well as the shortcomings of each. Finally, it will address further industries that need to be more strictly regulated in order to better protect personal information.

Andrew Weidenhamer

Andrew Weidenhamer (CISA, QSA) joined SecureState as a professional hire in January 2008. As a former member of the Profiling Team, Andrew performed technical security assessments on a weekly basis. These assessments included Internal and External Attack and Penetration Assessments, Wireless Penetration Assessments, Web Application Security Reviews, Physical Penetration Tests, and Social Engineering Assessments. Currently, Andrew manages the Audit and Compliance Team, where he performs Enterprise Risk Assessments, Audits, Pre-Audits, and Gap Assessments (PCI, HIPAA, etc).

Prior to SecureState, Andrew worked at Key Bank as a Security Analyst. Andrew is a graduate of Ohio University with a BS in Computer Engineering and a minor in Mathematics