Print Page   |   Contact Us   |   Sign In   |   Register
Application Security: Is That Malware in Your Package?

Application Security: Is That Malware in Your Package?

Live Event:
September 25, 2012
Start Time: 9:00 a.m. US Pacific/ 12:00 p.m. US Eastern/ 5:00 p.m. London

Click here to view on-demand.

Click here for presentation slides.

Generously supported by:

Web Conference Overview:

Buffer overflows, injection attacks, worms, viruses and social engineering have all shown us one thing.  The issue is usually not the hardware.  As a matter of fact, when was the last time we heard of the actual hardware being hacked?  It is usually a program or application that is attacked.  This raises the question – what are software providers doing to address this issue?  How are they trying to improve the inherent security of their applications and in some cases even the operating systems?  This session will attempt to provide answers to all of these questions and more.


Joe Jarzombek
Director for Software Assurance, National Cyber Security Division, US Dept of Homeland Security

Kimberly Madia
Worldwide Product Marketing Manager, IBM

Kimberly Madia is a worldwide product marketing manager for the InfoSphere Guardium and Optim solutions. She has been with IBM for over 10 years and earned an MBA in Marketing and Information Management at Carnegie Mellon University. During her career at IBM she has worked as a technical support representative and a business partner enablement manager. Currently she is focused on developing client solutions across software brands to support compliance, to improve business processes and to help organizations protect data.

Presentation Overview: Protecting applications and preventing fraud

Multi-tier enterprise applications contain an organization’s most sensitive financial, customer, employee, and intellectual property information. These systems are often the most difficult to secure especially with modern trends in enterprise computing, the rise of social media, the cloud, mobility and the era of big data. Organizations must protect both data and applications against external and internal threats across a complex security landscape. The primary purpose of application-layer monitoring is to detect fraud that occurs via enterprise applications, rather than via direct access to the database. This level of monitoring is often required for data governance requirements such as SOX (in addition to monitoring direct database connections by privileged users). In this session, we’ll show you how to positively identify application users associated with specific database queries and transactions, protect valuable business assets, foster secure and efficient collaboration, and effectively integrate security into existing business processes.

Michael F. Angelo

Chief Security Architect, NetIQ

Michael F. Angelo, CRISC, is currently the Chief Security Architect for NetIQ and the Chair of the ISSA Web Conferences Committee.  Amongst his many accomplishments he was a Staff Fellow at Compaq and HP,  a Sigma-Xi distinguished Lecturer, and named Inventor of the Year for the City of Houston (with 52 granted patents in the area of security). In addition, he was named ISSA Security Professional of the Year for 2011. His blogs can be found on the NetIQ Community site.

Presentation Overview: Historical Perspective of Software Security

Yesterday’s computer security expert was focused on keeping bad people out and preventing bad things from happening to their systems. This was reasonably easy to do when we could put firewalls and intrusion detection software in place. Then we discovered we needed to do network packet inspection, and now in the light of APT and attacks like FLAME we need to rethink even this strategy. Ultimately these attacks attempt to circumvent security on the system by hacking the user. But is hacking the user really the issue, or is it potential holes in the software? What if the next line in defense is the software on the system. That is if a program is not susceptible to injection attacks or buffer overflows… what’s next… This presentation will review the past and current trends in secure software development and look at some of the new directions that are just around the bend.

Phillip H. Griffin
ISSA Web Conference Committee, Session Moderator

Phillip H. Griffin, CISM has over 18 years of information assurance experience. Phil has served as a trusted security advisor, security architect, and consultant with leading corporations. He has acted as committee chair, editor, and head of delegation in the development of international security standards, and he currently serves on the ISSA Educational Advisory Council, and on the board of the Raleigh ISSA Chapter. At Booz Allen Hamilton, his work encompasses authentication technologies, access control policy, and message schema. Phil has eight patents pending in the area of biometric security, and has spoken at leading security conferences around the world.

Community Search
Sign In
Sign In securely

5/2/2018 » 5/4/2018
ISSA Los Angeles Summit X

ISSA Thought Leadership Series: Why Automation is Essential to Vulnerability Management

ISSA Mid-Altantic Conference

Copyright © 2016, Information Systems Security Association, All Rights Reserved
Privacy PolicyCopyright Information