Next-Generation Technologies & Secure Development

Application Security Testing and OCC Bulletin 2008-16 Compliance

Application Security Testing and OCC Bulletin 2008-16 Compliance
Manage your application security risk and comply with OCC Bulletin 2008-16 cost-effectively...
  • Hear about how leading organizations are leveraging Bulletin 2008-16 as a blueprint for securing third party applications

  • Learn about contract language you can use in SLAs to demand secure software from third parties

  • Learn how you can cost-effectively manage the risk of built, bought or outsourced code without additional hardware, software or personnel investments

Your IT organization - no matter what the size - is learning to do more with less. Yet whether you choose to build applications internally, purchase third party software or outsource your needs, the burden of managing IT security risk - and specifically application security risk - has not reduced.

This webinar will discuss cost-effective measures your organization can take to secure your applications, comply with OCC Bulletin 2008-16 and develop an effective, comprehensive application security strategy.


Recently, the Comptroller of the Currency (OCC) took the extraordinary step of issuing a bulletin (OCC Bulletin 2008-16) to alert financial institutions of the risks posed by insecure software and recommend steps banks should take to reduce risk and protect their critical data.

This follows on new industry regulations from the Payment Card Industry requiring application security testing for merchants, service providers and payment application vendors along with a recent advisory from Gartner that "Application security testing should be mandatory for outsourced development and maintenance."

Perhaps most notable in the OCC Bulletin is the scope of the recommendations. Not only are banks advised about internally developed applications, but they need to mitigate risk from commercial software, outsourced development, and contracted software for both internal and web-facing applications.

This webinar will discuss cost-effective means you can comprehensively assess your entire portfolio of software applications whether bought, built internally or outsourced without the addition of new hardware, software or time-consuming (and costly) manual testing.

Special guest presenter, John Jacott, PCI-QSA, IRCA Lead Auditor for ISMS, will provide insights as to what auditors may be looking for and how to generally leverage the framework of Bulletin 2008-16 as an overall blueprint for application security.

Webinar Registration

Premium Members Only

OnDemand access to this webinar is restricted to Premium Members.

Join Now to Access
Have an account? Sign in.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.