The McColo Takedown and PCI Source Review – November 26, 2008

Topic: The McColo Takedown – How taking out one ISP cured spam
Speaker: Matt Sergeant
On Tuesday the 11th November, 2008 at around 10pm UTC a small San Jose ISP was taken off the air in an action known as “de-peering”. Almost immediately spam levels dropped by around 80%. In this talk we look at who McColo were, how this take down happened, and why it had such drastic effects on global spam volumes. Of course this isn’t the end of the story, so we also examine: What happens now?

Topic: Achieving 6.6: PCI and Source Code Review
Speaker: Rohit Sethi
Organizations involved with processing payment card data are no doubt very familiar with Requirement 6.6 of the Payment Card Industry Data Security Standard (PCI DSS): Web applications that deal with PCI data must protect themselves by either installing a web application firewall or completing a source code review. While many are familiar with firewalls, how does one set out to meet 6.6 with a source code review? Moreover, how is a source code review conducted in the context of application security?

In this presentation, consultants from Security Compass discuss how secure source code review fits into a complete application security program. The presentation will cover how to approach and prioritize source code reviews, compare and contrast source code reviews and web application firewalls, and demonstrate how to uncover the logic errors buried deep in code that slip by the eyes of automated scanners, using actual case studies. With an organized, informed approach to code review, you’ll be one step closer to achieving 6.6!
Source: task

Posted in Events.