Mar 122012
 

Web apps that handle credit card information can be challenging for developers and auditors who must comply with PCI requirements.  GaryMcCully and David Sopata’s presentation “I’m a Hacker…and I’m a QSA (Hacking PCI Requirement 6.6. Why Your Web Applications are Still Not Secure)” will demonstrate some of the problems as well as ways to protect your web apps.

Who do you feel would benefit most from your presentation?

  • Merchants and Service Providers that have to become PCI Compliant
  • People who use Web Application Firewalls
  • Web Application Developers
  • People who are interested in web application vulnerabilities

What one concept or viewpoint would you like Notacon participants to walk away with?
There are no silver bullets when it comes to Web Applications Security. Organizations should take a layered approach with Secure Web Software Development Life Cycle (SDLC) processes, regular web application assessments, proper hardening of systems, proper tuning of web application firewalls, proper log and monitoring of systems. All of these action combined together can greatly strengthen web applications however allow they are easily bypassed.

When did you become interested in hacker culture and hacker conferences?

David Sopata:
When I took my first Visual Basic 6 class with a few of my friends in high school.

Gary McCully:
When I took my first course in Java Programming.

What other passions do you have, besides those covered in your presentation?

Gary McCully:
Vulnerability Management Program Development, Researching SSL Vulnerabilities, Exploit Development, Researching techniques used to exploit Web Application Vulnerabilities

What excites you most about Notacon 9?
Gary McCully:
I am excited to share some of my research with the Hacker community. I am also looking forward to seeing old friends and meeting new people.

You can’t see Gary and David’s presentation unless you’re at Notacon 9! Register now!

 Posted by at 7:00 am

Sorry, the comment form is closed at this time.