Adam Muntner is speaking on the topic of Application Security at the SecureSD conference in San Diego, California. SecureSD is presented by (ISC)² and the San Diego chapter of ISSA. It is part of the (ISC)2 Security Leadership Seminar series.
This event will be held on Nov. 2nd in San Diego.

For more information, visit:

https://www.isc2.org/events/sandiego.html

Abstract:
Schrodinger’s Hack - Removing Uncertainty from Application Security
Recognizing the competitive advantage of speed to market, organizations are under pressure to develop and deploy applications as rapidly as possible. According to Gartner Group, 75% of attacks are now focused against the application layer. The combination of rapid development deadlines with the most targeted attack vector often leads to insufficient security analysis, testing, and validation through the entire software development lifecycle. The results are predictable - regulatory compliance headaches, erosion of customer confidence, and ultimately financial loss.

By learning the tools and techniques used by crackers to penetrate applications, participants will learn how to write code resistant against these techniques. Examples covered include SQL injection, LDAP injection, cross site scripting, parameter manipulation, Google hacking, and web services hacking.

About the Speaker:
Mr. Muntner is a Partner of QuietMove, Inc., an information security consultancy specializing in enterprise risk assessment. He has over a decade of combined information technology experience in information security, application development, systems architecture, and security operations management. Before founding QuietMove, Mr. Muntner had managed and performed over 100 risk assessments for government agencies, health care systems, public utilities, and private enterprise. Previously, he was an IBM Penetration Testing Subject Matter Expert and founding member of IBM’s Ethical Hacking Center of Competency. Later, Mr. Muntner was the Information Security Officer for a publicly traded company with offices in 12 countries. Mr. Muntner has been evangelizing web application security since 1998 and speaks regularly at Information Security conferences and for private audiences.

About (ISC)²
The International Information Systems Security Certification Consortium, or (ISC)²®, is the internationally recognized Gold Standard for educating and certifying information security professionals throughout their careers. (ISC)²® has certified over 42,000 information security professionals in more than 110 countries.

Founded in 1989 by industry leaders, (ISC)² issues the Certified Information Systems Security Professional (CISSP®) and related concentrations: Information Systems Security Architecture Professional (ISSAP®), Information Systems Security Management Professional (ISSMP®) and Information Systems Security Engineering Professional (ISSEP®); the Certification and Accreditation Professional (CAP CM); and the Systems Security Certified Practitioner (SSCP®) credentials to those meeting the necessary competency requirements. Several of (ISC)²’s credentials meet the stringent requirements of ANSI/ISO/IEC Standard 17024, a global benchmark for assessing and certifying personnel.

(ISC)² also offers a portfolio of education products and services based upon (ISC)²’s CBK®, a compendium of industry best practices for information security professionals, and is responsible for the annual (ISC)² Global Information Security Workforce Study.

QuietMove is an experienced provider of Web Application Security Testing, Risk Assessment, and Education.

Adam Muntner is speaking on the topic of Application Security at the Inland Empire ISSA meeting at Cal State Bernadino on Tuesday, August 22. His presentation is scheduled to begin at 11:30 AM.

Click here to open IE ISSA Meeting Information and Directions in a new window

Abstract:
Schrodinger’s Hack - Removing Uncertainty from Application Security
Recognizing the competitive advantage of speed to market, organizations are under pressure to develop and deploy applications as rapidly as possible. According to Gartner Group, 75% of attacks are now focused against the application layer. The combination of rapid development deadlines with the most targeted attack vector often leads to insufficient security analysis, testing, and validation through the entire software development lifecycle. The results are predictable - regulatory compliance headaches, erosion of customer confidence, and ultimately financial loss.

By learning the tools and techniques used by crackers to penetrate applications, participants will learn how to write code resistant against these techniques. Examples covered include SQL injection, LDAP injection, cross site scripting, parameter manipulation, Google hacking, and web services hacking.

About the Speaker:
Mr. Muntner is a Partner of QuietMove, Inc., an information security consultancy specializing in enterprise risk assessment. He has over a decade of combined information technology experience in information security, application development, systems architecture, and security operations management. Before founding QuietMove, Mr. Muntner had managed and performed over 100 risk assessments for government agencies, health care systems, public utilities, and private enterprise. Previously, he was an IBM Penetration Testing Subject Matter Expert and founding member of IBM’s Ethical Hacking Center of Competency. Later, Mr. Muntner was the Information Security Officer for a publicly traded company with offices in 12 countries. Mr. Muntner has been evangelizing web application security since 1998 and speaks regularly at Information Security conferences and for private audiences.

About ISSA
The Information Systems Security Association (ISSA)® is a not-for-profit, international organization of information security professionals and practitioners. It provides educational forums, publications and peer interaction opportunities that enhance the knowledge, skill and professional growth of its members.

With active participation from individuals and chapters all ver the world, the ISSA is the largest international, ot-for-profit association specifically for security professionals. Members include practitioners at all levels of the security field in a broad range of industries, such as communications, education, healthcare, manufacturing, financial and government.

The ISSA international board consists of some of the most influential people in the security industry, with representatives from Dell Computer Corporation, EDS, Forrester Research Inc., Symantec and Washington Mutual. With an international communications network developed throughout the industry, the ISSA is focused on maintaining its position as The Global Voice of Information Security.

Find out more about our MasterCard SDP and PCI Data Security Standard testing and payment card industry security services.
Scottsdale, AZ (July 18, 2006) - QuietMove, an Information Security consultancy recognized as an innovator in assessing enterprise risk, penetration testing, application security, and information security education, announced today that it successfully completed the rigorous MasterCard Site Data Protection (SDP) scanning vendor compliance process. This certification demonstates that QuietMove has the appropriate technical expertise, tools, methodology and reporting processes to deliver an SDP compliant scanning solution. This scanning solution is now mandatory for processors of MasterCard and Visa credit cards.

By completing the MasterCard SDP Scanning Vendor certification process, QuietMove is now approved to officially certify it’s customers compliance with the Payment Card Industry (PCI) Data Security Standard (DSS) on a quarterly basis. QuietMove is now allowed to perform security scans which evaluate the security perimeter of Merchants, Service Providers, Third Party Processors (TPP), and Data Storage Entities (DSE) web sites and Internet presence. PCI standards require that all online merchants processing 20,000 or more e-commerce transactions per year must undergo regular, quarterly testing by a SDP Compliant third party scanning vendor such as QuietMove.

It is extremely important that Merchants, Service Providers, TP, and DSE become compliant with the PCI Data Security Standard to avoid potential fines and being barred from processing credit cards. Visa and Mastercard can impose fines of up to $500,000 per event for non compliance and security compromises. QuietMove is now certified to provide the testing and documentation that it’s customers have taken due care to support their information assets.

“Achieving MasterCard SDP approved Scanning Vendor status demonstrates our commitment to investing in vertically focused regulatory compliance security solutions,” said Jeffrey Rassas, CEO of QuietMove. “We will continue to invest in our portfolio of comprehensive security solutions which identify, analyze, model, and reduce threats to our customers information assets. We are excited to have achieved recognition of our efforts by MasterCard.”

“We recognize that our clients expect more than an automated scanner. Our PCI services treat compliance as more than a checkbox,” said Adam Muntner, a certified CISSP and President of QuietMove. “By utilizing our experienced, professional consultants to use two PCI Approved automated scanning solutions to help eliminate false positives and negatives, performing manual validation of all results, identifying strategic changes which will prevent new vulnerabilities from being introduced into our customers environments in the future, and reviewing the results with our customers to ensure they have the skills and knowlege to remediate them, we offer a true consultative service. I designed our methodology to help our clients get in front of the threat rather than just telling them which patches to apply on a quarterly basis. We fill the gap between compliance and true security.”

About QuietMove
QuietMove is a trusted provider of risk assessment and security solutions designed to protect our customer’s information assets and business processes with end to end, multi-layered security solutions that align security resources with business risk. We secure the nexus between people, technology, and data to protect our clients from known and emerging threats.Founded by IT Security and e-Commerce industry veterans with decades of experience, QuietMove is uniquely qualified to advise our clients on the deployment of their security resources where they matter most.

About MasterCard SDP
The MasterCard Site Data Protection Program is a proactive, cost-effective, global solution offered by MasterCard through its acquiring members. The program provides acquiring customers with the ability to deploy security compliance programs, assisting online merchants and Member Service Providers to better protect against hacker intrusions and account data compromises. The program takes a proactive approach to security by identifying common possible vulnerabilities in a merchant web site and makes recommendations for short-and long-term security improvements. The solution addresses the security issues that online merchants and their acquiring banks face in the virtual world, and concerns arising from these issues, such as Internet fraud, chargebacks, brand image damage, consumer information safety and privacy and the cost of replacing stolen account numbers.

QuietMove’s SDP Certified Scanning Vendor Certificate Number is 4140-01-02.