OT: OWASP

Top Page
Attachments:
Message as email
+ (text/plain)
+ (text/html)
+ (text/plain)
Delete this message
Reply to this message
Author: Lisa Kachold
Date:  
To: Main PLUG discussion list, PLUG Applcations List
Subject: OT: OWASP
Phoenix OWASP - Open Web Application Security
Project<http://www.facebook.com/group.php?gid=213776715005>
Date: Tuesday, October 6, 2009
Time: 6:30pm - 7:30pm
Location: Executrain - WEST side of bldg
Street: 3600 E University Dr # A1400
City/Town: Phoenix, AZ

*Andre Gironda will be back in Phoenix to present some great information
about using OWASP resources to build an effective Application Security
lifecycle/program, followed by SUNSEC Happy Hour at Casey Moore's, at 7:30!*
*
**
Using ASVS with the Code Review Guide, Testing Guide, and Time Management*

The OWASP Application Security Verification Standards, which defines four
levels of web application security verification, lays down a framework for
security architecture review. While the ASVS includes many requirements for
controls, it does not suggest which tools, techniques, timeline or
methodologies to utilize. The OWASP Code Review and Testing Guides provide
the technical practices and suggest or hint at tools, but also lack the
timeline and methodology necessary to complete an application
penetration-test or SDLC integration project for proper application security
hygiene.

This presentation will provide the 1000 foot view all the way down to the
nitty gritty details of how to perform ASVS activities using OWASP
resources, as well as some OWASP and non-OWASP tools (freeware or demoware).
Example timelines for typical ASVS activities, including reports, will be
discussed so that any sort of application security project can be scoped
properly, delivered on-time, and within budget.

*Andre Gironda* is an application security specialist with a global security
consulting firm providing IT security services to the Fortune 500 and
financial institutions as well as U.S. and foreign governments. Prior to his
current employment, Andre held a number of payment application security
positions in addition to working for the largest online auction website. He
is currently a leader for the Open Web Application Security Project (OWASP),
where he co-produces the global OWASP News Podcast.



--
(623)239-3392
(503)754-4452 www.obnosis.com
http://www.obnosis.com/bt4.html
http://www.obnosis.com/motivatebytruth/gnu-people.jpg
---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss