| Open Web Application Security Project OC Local Chapter Meeting. The Rise of Threat Analysis and the Fall of Compliance, Policies, and Standards in mitigating Web Application Security Risks On August 5th of 2009, Federal prosecutors on Monday charged Albert Gonzales with the largest case of credit and debit card data theft ever in the United States: 130 million credit cards numbers by hacking into the systems of Heartland Payment Systems, the New Jersey-based card processing company, as well as Hannaford Brothers, 7-Eleven and two unnamed national retailers. Using a SQL-injection attack, the hackers installed malware on Hannaford Brothers. Hannaford was PCI compliant at the time they were compromise that lets question the validity of regulatory compliance frameworks, and specifically PCI standards as an effective method to reduce data breaches, identity theft, and the proliferation of credit card fraud. This presentation will further analyze how status quo security standards, such as PCI-DSS, as well as other policies, standards, and guidelines truly affect security risk mitigation efforts against cybercrime based threats. These traditional efforts will be compared to threat modeling workflows in order to demonstrate how real risk is mitigated under each scenario. See http://www.owasp.org/index.php/Orange_County#Thursday.2C_September_17th.2C_2009_7:30PM |
RSS