If you want a simple explanation of how to protect your Websites from hacking attacks, then you need to attend this free Web seminar on November 20.  By listening this LIVE event, you’ll get to ask the presenters questions as well as learn:

• The latest trends in hacking (such as Clickjacking),
• How to detect if you’ve been hacked (or are more susceptible than average),
• Simple demonstrations on how hackers exploit a Website (e.g. XSS, Clickjacking, CSRF, and SQL disclosure), 
• Easy ways to remediate such problems, and
• Key take-away items for future best practices. 

Hacking 101 Web Seminar Details

For:  Security, Dev, and QA professionals in charge of protecting Websites from Hacker Attacks
Date: Thursday, Nov 20, 2008
Time: 11 AM Pacific (2 PM Eastern)
Duration: 1 hour
Cost: Complimentary

Sign up today.

by
Erin Swanson, Marketing
ESwanson@cenzic.com

Paymetric (the software provider for managing payment card transactions for enterprise companies using SAP), has chosen Cenzic’s SaaS solution to attain PCI compliance 6.6 and to protect their Website from hacker attacks.  

When Paymetric was determining the best solution to secure their Website from hacker attacks as well as enabling PCI compliance for 6.6, they chose Cenzic due to its hybrid model of offering both software and SaaS solutions.  They recognized the benefit of “jump starting” their security posture within one week, while having the option down the future to purchase traditional software that would integrate seamlessly into their SaaS product if they so desired.  It's like having the best of both worlds. 

by
Erin Swanson
Eswanson@cenzic.com

As a vendor at this year’s OWASP AppSec Conference in New York City, I had a difficult time escaping booth duty to attend the many presentations on Web Application Security.  However, OWASP did a great job of compiling video footage of all the presentations. 

Here are a few of my favorites:

1.   Security of Software-as-a-Service (SaaS)
James Landis (AutoDesk)

2.  Cross-Site Scripting Filter Evasion
Alexios Fakos

3.  Mastering PCI Section 6.6
Taylor McKinley (Fortify) and Jacob West (Amazon)

There’s also a photo library – so take a look at the vendors and all the participants at the largest OWASP AppSec conference in history.

by
Erin Swanson, Marketing
Eswanson@cenzic.com

I’m in New York City for tomorrow’s Information Security Executive Awards event.  It’ll be an honor to speak with all the information security industry’s top professionals as they get recognized for all their hard work.  If you happen to be one of these executives, please know that Cenzic has a table at the event – so stop by for a copy of our Q2 Trends Report and even a demo of our software and SaaS offerings. 

There will be 1 Winner, 4 finalists, and 1 people’s choice award winner announced at the Awards Gala.  Just being nominated is a huge accomplishment in this competitive field.  So good luck to everyone!

ISE Northeast Awards Agenda

6:00 – 7:30 PM            
Sponsor Pavilion and Gourmet Dinner Buffet

7:30 – 9:00 PM              
Awards Gala

9:00 – 10:00 PM            
Afterglow Reception

by
Paul Goughan, Sales 
PGoughan@cenzic.com

I just arrived in Raleigh tonight as I’m presenting on behalf of Cenzic at NC State University’s OIT Expo.  Be sure to catch my talk on Web Applications Security for Universities and visit our table for more literature on the topic.  I look forward to seeing you there - event and presentation details are below. 

If you want a copy of the slides, send an email to Erin Swanson in our corporate marketing department:  Eswanson@cenzic.com 

OIT Expo Event Details

Date / Time: 
Thursday, October 9, 2008
9:00 am - 3:00 pm

Location: 
NC State University
Talley Student Center
2610 Cates Avenue
NC State University
Raleigh, NC 27695

Cenzic Presentation Time:  12:40 PM

Cenzic Presentation Abstract
Are Your Web Applications Secure? Think Again! The growing threat of hackers and breaches in application security is a fact of life for educational organizations and universities; and though finding vulnerabilities fast and adapting to increased government regulations is the name of the game, just keeping up can leave you behind.  In this very informative session, we'll show you how to:

• Manage application vulnerabilities 
• Strengthen your application security posture
• Maximize resources with the right tools
• Protect sensitive data and maintain corporate reputation
• Identify vulnerabilities quickly and reduce outsourcing

by
Tom Tucker
Ttucker@cenzic.com

OWASP held its annual international event in New York at the Park Plaza Hotel in September.  With about 650 attendees, it set a new record by almost doubling the attendance from the last year's event in San Jose.  Many people braved the obscene hotel rates of New York (typical during the Fall season) and represented various geographies within the U.S. but also from all over the world.

The enthusiasm around Web application security is contagious.  People were very energized and most of the sessions (3 concurrent tracks on both days) were packed with the audience.  Topics ranged from Google Hacking to Forrester Research to PCI to things you need to know about appsec employment (most employers were trying to keep their employees away from that session).  The industry panel with representatives from Goldman Sachs, Citigroup, DTCC, Lehman Brothers, Bank of America, Barclays Capital, and Euronet was interesting - thankfully the questions were around app security only.  All the slides, pictures, and videos will soon be up on the OWASP site.  Check them out.

A reasonable and manageable number of sponsor vendors on the trade show floor including my company Cenzic, that displayed their latest technolgies and had good discussions with the potential buyers.

All in all, I thought Tom Brennan, the NY Chapter leader and the team did a great job of hosting the event with limited resources.  With a few minor glitches here and there the event ran smoothly with excellent content, good location, and great participation.  Now, only if he had gotten a 50% subsidy on the hotel rooms - just slide it into the bail-out bill ;-)

I am amazed but not surprised with the enthusiasm of all the volunteers of OWASP (I happen to be a volunteer as well).  It's a non-profit organization run by all volunteers with one purpose - build awareness for Web application security.  The board members including Jeff Williams, Dinis Cruz, Dave Wichers, Tom Brennan, and Sebastien Deleersynder  along with a very small adminstrative staff of Kate Hartmann, Paulo Coimbra, and Alison Shrader have done a great job of growing this organization into a successful and credible association.  All the chapter leaders in each region in the U.S. and in each continent dedicate their time and energy to OWASP's cause and to make it even more succesful.

My challenge, as the chapter leader for the San Francisco Bay Area, is to double the attendance we had in New York next year when the annual conference comes back to the West in 2009.  I'm looking for volunteers!  

by
Mandeep Khera, Chief Marketing Officer
Mandeep@cenzic.com