Kansas City September 2007 Meeting

The Kansas_City OWASP chapter met on September 6, 2007 at Centriq Training in Leawood, KS.

Meeting Summary
Chapter Business

Current chapter priorities include the following:
 * Volunteer to give an OWASP presentation
 * Talks can anything from a short review of a whitepaper or presentation you've seen, to a web application security tool or product review, to a longer technical talk about attacks or countermeasures
 * Volunteer your organization to host an OWASP meeting
 * Invite other professionals or students to attend our next OWASP meeting

Speaker 1: Bob Phelps, National Bank Examiner with the Office of the Comptroller of the Currency (OCC)

Bob provided his insights on the financial regulatory environment and how laws lead to specific information security standards and guidance. Through his job he has performed a review of application security practices in about a dozen midsize and large banks. Bob shared the results of this review and provided his recommendations on how to establish a sound application security management program.

At the OCC Bob both works with the Policy division in Washington DC and has bank supervisory responsibilities. He leads and participates in examinations of National Banks in NYC, KC, Omaha, and Minneapolis. His Policy responsibilities include evaluating emerging technologies and their impact on the banking system, evaluating trends in information security, and developing and delivering various training programs to other examiners.

Speaker 2: Bruce K. Marshall, Senior Security Consultant with Security PS

Bruce spoke about how to avoid improperly using challenge questions (e.g. “What is your pet’s name?”) for web app authentication. While challenge questions tend to be user friendly they can also expose your application to new security threats. He shared his experience on both choosing the best challenge questions and how to properly integrate them into your application.

Bruce consults with clients like American Express, Garmin, Microsoft, and Commerce Bank to assess and improve their information security strategies in areas like network security, web app security, authentication, and program management.

Documents

 * Bruce's presentation slides