Webinar: WMQ Security for QSA's April 15th

I will be presenting a webinar on April 15th, hosted by the fine folks at PCI Knowledgebase. The purpose of the webinar will be to introduce Qualified Security Assessors, or QSA’s as they are known, to the concept of WebSphere MQ and give them tools to audit the configurations.

If you have read anything I’ve EVER written you are probably aware that WMQ security is not well implemented in general. But I’ve recently worked with a number of clients who were either card payment processors or merchants, all of whom had been declared PCI compliant but were running WMQ wide open. It became clear to me that the assessment and enforcement folks could benefit from the same WMQ security outreach that has up to now I have directed to administrators and developers.

For more info or to sign up for the webinar, go to PCI Knowledgebase at this link.

This entry was posted in News, WMQ, WMQ Security and tagged , , , , , . Bookmark the permalink.

3 Responses to Webinar: WMQ Security for QSA's April 15th

  1. T.Rob says:

    Thanks for the feedback, guys. I was worried that I didn’t know the audience well enough to make the content compelling so it’s nice to hear back that it was. Of course, when you throw the words “remote code execution” into a room full of security assessors you have to expect some reaction. πŸ™‚

  2. Graham Saltern says:

    Even though I’ve been following your podcasts and posts on the listserve for over a year, when you started listing the security weaknesses that MQ has out of the box it seemed like a very chill wind blew down the wires.

    The only protection any qm has is based on is depth within the nework infrastructure, if deep enough then it maybe hidden, but if exposed as with the gateway examples then they’re wide open.

    Great webinar should be a base intro for all admins and ops managers.

  3. T-Rob, Great webinar. One of the best and valuable I’ve ever attended. Thanks!

Leave a Reply