RSA Conference Brochure 2008

dEvEloping With sEcurity tuEsday, april 8 1:30 p.m. – 2:40 p.m. DEV-105 WEdnEsday, april 9 8:00 a.m. – 8:50 a.m. DEV-201 (S) real-World Key Management: News from the Trenches MODERATOR: Jon Oltsik | Senior Analyst, Enterprise Strategy Group (ESG) PANELISTS: Michael Gabriel | CISO Career Education Corporation Kam Golpariani | Director, Security Operations, First Advantage Tom Goschütz | CTO, Bertelsmann AG Steve Schoenfeld | Vice President, PGP Corporation (T2) implementing a Secure SDlC: From Principle to Practice Robert Lincourt | Principle Engineer, EMC Fred Stock | Principle Engineer, EMC Since the dawn of encryption, there has always been the need to manage encryption keys. Why then are IT security managers and even executives outside of IT talking more than ever about key management? In this panel of industry vanguards and seasoned practitioners, learn how organizations are tackling key management challenges today and planning for the future. 3:00 p.m. – 3:50 p.m. DEV-106 How do you implement a secure SDLC? This case study examines the impact of the practices and tools typically advocated as part of a secure SDLC. This session provides practical insight into secure SDLC implementation, including changes to the testing process, from gap analysis and threat modeling through the deployment of static analysis tools. 9:10 a.m. – 10:20 a.m. DEV-202 (T2) Software Assurance: Driving Global (T2) Cryptographic Security for Alex Alten | Sr. Staff Security Engineer, Narus, Inc. Software Security and integrity ruby on rails Web Services This presentation describes integrating security using cryptography with the Model-View-Controller, object-relational mapping and Ajax architecture of the Ruby on Rails application framework for implementing Web 2.0 software systems and appliances. This presentation will examine how to apply cryptography properly to protect Ruby objects, SQL records, HTTP sessions, HTML pages and Ajax queries, as well as how to integrate SSL and SSH VPNs. 4:10 p.m. – 5:20 p.m. DEV-107 MODERATOR: Paul Nicholas | Executive Director, SAFECode PANELISTS: Eric Baize | Senior Director, EMC Wesley Higaki | Director, Product Certifications, Symantec Corporation Steven Lipner | Senior Director of Security Engineering, Microsoft Corporation The general concern about software security now includes the integrity of the global supply chains that support today’s modern cyber ecosystem and critical infrastructures. Come learn the proven practices for developing more secure software and managing integrity controls across globally distributed design, development and production. It is not about where — but how — software is made. 10:40 a.m. – 11:50 a.m. DEV-203 (T2) Security Usability: The New Challenge MODERATOR: Phillip Hallam-Baker | Principal Scientist, VeriSign Inc. PANELISTS: Rachna Dhamija | Postdoctoral Fellow, Harvard University Thomas Roessler | Security Activity Lead, W3C Mary Ellen Zurko | IBM Lotus Security Strategy, IBM (T2) Mass HysteriA: rich internet Application Security Patterns and Anti-Patterns Bryan Sullivan | Development Manager, HP Software, Application Security Center Ten years after the first applications with cryptographic security were perpetrated on an unsuspecting public, only a tiny minority of users know how to use them. Shelfware stops no criminals, and cryptology has failed to meet its promise of preventing Internet crime. The panelists will describe real security usability failures, their causes, how criminals exploit them and how to fix them. 5:40 p.m. – 6:30 p.m. DEV-108 Rich Internet Application (RIA) frameworks such as Ajax, Flash and Silverlight represent a marriage of the best aspects of both web and desktop applications. This presentation will show appropriate security patterns concerning RIA issues such as state management, data retrieval, caching and authentication/authorization that should be followed in order to thwart the hacker barbarians. (T2) Beyond the Coding Errors: The Complete View of Software Security Jack Danahy | Founder and CTO, Ounce Labs While security professionals and vendors typically focus on vulnerabilities caused by coding errors, they often overlook improper implementation of critical design elements that may cause even greater risk of exposure. This course offers a checklist of baseline security and design policies as well as a step-by-step look at how to assess software security before it is deployed. 24 sEssion classification (S) Strategic (T) Technical Futures (T1) Advanced Technical (T2) Intermediate Technical See page 5 for complete level descriptions.

Table of Contents Feed for the Digital Edition of RSA Conference Brochure 2008

Table of Contents Who Should Attend & Why Keynote Speakers Agenda At-A-Glance Session Classification Special Events & Activities Connect & Network Highlights 1-Day Pre-Conference Tutorials 2-Day Pre-Conference Tutorials Tracks & Sessions Authentication Consumer Protection Business Trends & Impact Case Studies Cryptographers Deployment Strategies Developing with Security Enterprise Defense Hackers & Threats 1 Hackers & Threats 2 Identity & Access Management Industry Experts Law & Liability Policy & Government Professional Development Security-Oriented Architecture Standards Wireless Sponsor Sessions List of Exhibitors Registration Information Sponsors

For optimal viewing of this digital publication, please enable JavaScript and then refresh the page. If you would like to try to load the digital publication without using Flash Player detection, please click here.