Annual Conference IT Audit & Controls 2009

Conducting workshop and talk ...

W3 Conducting an Enterprise Application Audit DEMO
Date: Monday, 12 October 2009
Time: 9am - 5pm

The focus of this workshop is to analyze applications within an enterprise architecture to discover vulnerabilities. You will learn scanning, auditing and source code review methodologies – all critical tools to enable application analysis. The workshop features real-life cases, demonstrations, scanning tools and defense plans.
This workshop will cover:
• The most common vulnerabilities and proven methodologies for their detection
• Auditing for compliance and standards like PCI-DSS, OWASP Top 10 and CVE/CWE Top 25 errors
• Common programming errors and source-code scanning methodologies
• Conducting an architecture and design audit to ensure security
• Securing SDLC with best practices
• Effective scanning tools and approaches
• Mitigation strategies and frameworks

5 Auditing and Securing Web/Enterprise 2.0 Applications and Architectures
Date: Tuesday, 13 October 2009
Time: 10:30am - 12pm

• Web 2.0 threats, hacks and incidents
• Auditing and assessing the security of Web 2.0 architectures and design
• Web 2.0 vulnerabilities and mitigation
• Discovering JSON-based SQL injections, XML-driven XSS, CSRF 2.0, RSS feed injections, widget exploits, mashup hacks and more
• Auditing Web 2.0 source code and frameworks
• New tools, methodologies and audit strategies for Web 2.0