fbpx Extending the Security Testing with an Application Privacy Assessments approach | SG Buzz

Extending the Security Testing with an Application Privacy Assessments approach

In the year 2014 we got to know a large list of scandalous news about security breaches on companies of every size, very dangerous vulnerabilities discovered, and a huge debate on the loss of user privacy rights and mass surveillance done by companies and nation states. As systems collect an ever growing set of data, there are no longer small breaches as a single vulnerability or design error could expose user records in the range of hundreds of thousands.

It is a challenge to build applications secure enough to withstand the harsh environment of the open internet and now it is required that application and services provided to large sets of users must be designed with a privacy by design focus and it is necessary to create a corresponding testing approach of the handling of private user data.

Acerca del conferencista

• 22 years as computer and network security professional covering all the body of knowledge topics described in the CISSP, OWASP, ISO 17799/27002, ISO 27001, HIPAA/HITECH, PCI/DSS, COBIT, Private Data Protection, Risk and Vulnerability Assessment, Penetration testing, and CERT/CC incident respond procedures among others.
• 12 years as research and development computer scientist with 10 published peer reviewed white papers and over 70 lectures and conferences presented in academic conventions covering software engineering, ethical hacking, e-crime, intellectual property and law enforcement.
• 12 years as pregrade and postgraduate professors with over 2,500 hours of class room time in several topics such as basic and advanced computer programming, secure software engineering and testing , network and system security architectures, cryptography and e-commerce secure protocols, malicious software detection and eradication, intrusion detection and security incident response.
• 10 years as consultant and auditor for high critical and high availability cloud systems in federal and state democratic election procedures.
• Member of international technology and political internet professional organizations such as IEEE, CompSoc, CRIPTORED, Internet Society, internet user privacy rights and open source movement.
• Named by the Electronic Frontier Foundation as one of the notable privacy activists in Latin America https://www.eff.org/deeplinks/2012/09/privacy-activism-latin-america