If the handout download links from within past event articles are broken, please navigate to Chapter->Downloads to obtain the document.

2012 January - Control And Security of Web Applications

The Board of Directors of the ISACA Research Triangle Chapter is proud to announce the January 4, 2012 full day training session.

Dates: January 4, 2012 8:00 a.m. to 5:00 p.m.

Material: Link has been emailed to registered users. No hardcopy will be provided.

Lunch: Lunch will NOT be provided

Registration: Closed

Location: RTI Building 08 Multipurpose Room, RTI International


ISACA Member - $50
ISACA Partners(IIA, ISSA, Infragard etc.,) - $75
Non-Members - $100

CPEs: Upto 8

Session Synopsis

Now that the Internet is a part of everyday life, web applications are an essential component of every business activity.  Customers and trading partners expect fast, accurate and secure applications with robust functionality.  Companies want sites that are easy to maintain and update, yet cost effective.    Auditors and security officers want to ensure that the web applications are controlled and that there is strong data integrity.  All of these requirements need to be blended to ensure that each web application meets the company’s goals, satisfies the customers and trading partners, and is secure and reliable.  This seminar is specifically designed to explain and provide auditors and security officers with an approach to assist them in auditing and controlling web applications.   Throughout the course, the participants will be taken through a series of simulations and exercises  designed to build the knowledge to safely and sanely use available tools.   Participants will gain hands‐on knowledge of the  vulnerabilities threatening their Internet presence, such as cross‐site scripting and SQL injection, learn techniques required to assist them with their web application audits and security assessments, and will receive an audit guide to assist them with their  next web application audit.


Speaker: Kevin Nibler, Sr. Manager, Security & Services, Canaudit

Kevin Nibler, an Associate of (ISC)2 , is Senior Manager of Security and Audit Services at Canaudit.   He has been with Canaudit for over five years and holds a Bachelor of Science in Computer Science from California State University of Northridge.  Part of his responsibility as Senior Manager is heading the company’s research and development.  In this capacity, he directs staff in Canaudit’s efforts to identify new IT audit and security risks and develop new tools to automate audits.

Kevin is experienced in a broad range of penetration and security auditing techniques.  Since starting at Canaudit, he has  specialized in the audit and penetration testing of client’s Internet, web applications and web mail and has helped develop many of the tools used.    He is also responsible for managing Internet audits, web application assessments and external vulnerability testing.

As a member of the Canaudit Penetration Team, Kevin is adept at identifying vulnerabilities.    In the Windows environment, he is easily able to discover the single flaw in a machine that has the capability of compromising the entire domain.   Kevin is also well versed in networking technologies.   His work on Cisco, Nortel and Juniper vulnerability identification and assessment enables him to quickly determine needed improvements in client networks.   In addition to his capabilities as a member of the Canaudit Penetration Team, Kevin developed the Canaudit audit approach and security baseline regimen for Voice over Internet Protocol (VoIP).    His approach enables the speedy identification of configuration flaws that can lead to the VoIP network being compromised.    Kevin also developed and implemented the enhanced Canaudit Microsoft SQL audit approach.  His software enhancements and scripts simplify the process of digging deeply into the database structure to assess the controls and suggest improvements in the configuration, security and other database controls.

Kevin has accomplished much during his career at Canaudit and continues to expand his knowledge in order to create the tools needed to pioneer innovative new techniques in technical auditing and IT security.