Front Range Web Application Security Summit Planning Page - Revision history

Andylew: /* Laz */

2008-04-24T21:51:15Z

‎Laz

Andylew at 21:50, 24 April 2008

2008-04-24T21:50:34Z

Andylew: /* FROCo8 Proposed Schedule – June 10th 2008 */

2008-04-24T21:18:54Z

‎FROCo8 Proposed Schedule – June 10th 2008

Andylew: /* FROCo8 Proposed Schedule – June 10th 2008 */

2008-04-23T22:31:25Z

‎FROCo8 Proposed Schedule – June 10th 2008

Andylew: /* FROCo8 Proposed Schedule – June 10th 2008 */

2008-04-23T16:26:06Z

‎FROCo8 Proposed Schedule – June 10th 2008

Andylew: /* Melissa Tondi Senior Manager, Software Quality Engineering and SQuAD Board Member */

2008-04-23T16:22:02Z

‎Melissa Tondi Senior Manager, Software Quality Engineering and SQuAD Board Member

Andylew: /* Mike Zusman, Sr Consultant, Intrepidus Group - Abusing SSL VPNs & Open Reverse Proxies */

2008-04-23T16:21:06Z

‎Mike Zusman, Sr Consultant, Intrepidus Group - Abusing SSL VPNs & Open Reverse Proxies

Andylew: /* Mike Zusman, Sr Consultant, Intrepidus Group - Abusing SSL VPNs & Open Reverse Proxies */

2008-04-23T16:20:31Z

‎Mike Zusman, Sr Consultant, Intrepidus Group - Abusing SSL VPNs & Open Reverse Proxies

Andylew: /* Melissa Tondi, QA Manager, eCollege - distinguished panelist */

2008-04-23T16:20:02Z

‎Melissa Tondi, QA Manager, eCollege - distinguished panelist

Andylew: /* Melissa Tondi, QA Manager, eCollege */

2008-04-23T16:07:21Z

‎Melissa Tondi, QA Manager, eCollege

@@ Line 170: / Line 170: @@
 === Laz ===
-With more than 20 years of technology, security product development, business development, and marketing experience, Laz works with organizations to identify potential IT security/compliance gaps and recommendations for remediation efforts. His experience with Call Centers, E-Industry, Financial Institutions, Healthcare, Insurance, Retail, Travel, and Utilities have him working with
+With more than 20 years of technology, security product development, business development, and marketing experience, Laz works with organizations to identify potential IT security/compliance gaps and recommendations for remediation efforts. His experience with Call Centers, E-Industry, Financial Institutions, Healthcare, Insurance, Retail, Travel, and Utilities have him working with clients internationally.
 Laz has been involved with starting up several organizations that work in the areas of IT,  security, compliance. He was one of the original members of the ReddShell Corporation after the firm  acquired his start up organization.  Both organizations focused on performing independent third-party  IT Security vulnerability assessments based on regulatory initiatives (BS-7799, COBIT, COSO, FDIC, GLBA, HIPAA, ISO-17799, Personally Identifiable Information (PII), Privacy, and VISA PCI). In  addition, both organizations evolved to developing security and compliance software.  Laz is the inventor of several patents for controlling personally identifiable information and Information Security. His involvement with technology and security initiatives includes contributions for standards and policies regarding compliance and Information Security methodologies, policies, and web application security. As a recognized IT and security expert, Laz is a frequent speaker at industry conferences and has contributed to writing about how to deal with real-world technology, compliance, security challenges for Computerworld as well as co-authoring [http://www.amazon.com/Cover-Your-Assets-Building-Applications/dp/1583940731 Cover Your Assets - Building and Managing Secure Internet Applications].

@@ Line 169: / Line 169: @@
 individual company's culture.
 [https://www.owasp.org/index.php/Denver Back to OWASP Denver]
 [https://www.owasp.org/index.php/Boulder Back to OWASP Boulder]

@@ Line 28: / Line 28: @@
 |-
 | style="width:10%; background:#7B8ABD" | 14:30-15:30 || style="width:30%; background:#BC857A" align="left" | "Abusing SSL VPNs & Open Reverse Proxies"  ''Mike Zusman''
-  | style="width:30%; background:#BCA57A" align="left" | Panel Discussion "Best-practices and lessons learned from integrating security into the SDLC"
+  | style="width:30%; background:#BCA57A" align="left" | '''Panel Discussion''' "Best-practices and lessons learned from integrating security into the SDLC"
 ''Speaker list: Melissa Tondi, Ed Bellis, Akshay Aggarwal, Laz, Mike Walter''
 |-

@@ Line 29: / Line 29: @@
 | style="width:10%; background:#7B8ABD" | 14:30-15:30 || style="width:30%; background:#BC857A" align="left" | "Abusing SSL VPNs & Open Reverse Proxies"  ''Mike Zusman''
   | style="width:30%; background:#BCA57A" align="left" | Panel Discussion "Best-practices and lessons learned from integrating security into the SDLC"
-''Speaker list: Melissa Tondi, Ed Bellis, Akshay Aggarwal, "The" Laz, Mike Walter''
+''Speaker list: Melissa Tondi, Ed Bellis, Akshay Aggarwal, Laz, Mike Walter''
 |-
 |-

@@ Line 19: / Line 19: @@
   | style="width:10%; background:#7B8ABD" | 9:40-10:40 || colspan="2" style="width:80%; background:#BB88BB" align="center" | '''Business Logic Flaws – Seven Deadly Web Exploits '''  - ''Jeremiah Grossman, CTO & Founder of WhiteHat Security''
   |-
-  | style="width:10%; background:#7B8ABD" | 10:50-11:50  || colspan="2" style="width:80%; background:#BB88BB" align="center" | '''The Evolution of Application Security in Online Banking''' - ''Taylor McKinley, Product Manager, & Troy Stewart, District Manager, Fortify Software''
+  | style="width:10%; background:#7B8ABD" | 10:50-11:50  || colspan="2" style="width:80%; background:#BB88BB" align="center" | '''The Evolution of Application Security in Online Banking''' - ''Robert Rachwald Fortify Software''
   |-
   | style="width:10%; background:#7B8ABD" | 11:50-13:00 || colspan="2" style="width:80%; background:#C2C2C2" align="center" | '''1 HR BREAK / TECH EXPO / LUNCH BREAK'''

@@ Line 157: / Line 157: @@
 '''Summary:''' Internet-facing SSL VPNs and Open Reverse Proxies can be abused to perform reconnaissance, data extraction, or general mischief INSIDE the Corporate Intranet and on SSL VPN clients.  This presentation will discuss programming and infrastructure flaws permitting this abuse as well as countermeasures.
-=== Melissa Tondi Senior Manager, Software Quality Engineering and SQuAD Board Member ===
+=== Melissa Tondi - Senior Manager, Software Quality Engineering and SQuAD Board Member - Management Panelist ===
 Melissa has over 12 years experience in Quality Assurance and Testing