Boulderchaptermeetings2008.html - Revision history

Andylew at 22:02, 20 March 2009

2009-03-20T22:02:37Z

Andylew at 04:59, 19 September 2008

2008-09-19T04:59:25Z

Andylew: /* July 2008 '''''Intro to Grendel - a WebApp PenTesting Tool (WebApp Pentesting for Dummies?)'' David Byrne and Eric Duprey''' */

2008-09-05T04:30:47Z

‎July 2008 '''''Intro to Grendel - a WebApp PenTesting Tool (WebApp Pentesting for Dummies?)'' David Byrne and Eric Duprey'''

Andylew: /* Aug 2008 '''''Static Analysis Techniques for Testing Application Security'' (Dan Cornell of The Denim Group)''' */

2008-09-05T04:24:33Z

‎Aug 2008 '''''Static Analysis Techniques for Testing Application Security'' (Dan Cornell of The Denim Group)'''

Andylew: /* July 2008 '''''Intro to Grendel - a WebApp PenTesting Tool (WebApp Pentesting for Dummies?)'' David Byrne and Eric Duprey''' */

2008-09-05T04:19:37Z

‎July 2008 '''''Intro to Grendel - a WebApp PenTesting Tool (WebApp Pentesting for Dummies?)'' David Byrne and Eric Duprey'''

Andylew: /* July 2008 '''''Intro to Grendel - a WebApp PenTesting Tool (WebApp Pentesting for Dummies?)'' David Byrne and Eric Duprey''' */

2008-09-05T04:18:56Z

‎July 2008 '''''Intro to Grendel - a WebApp PenTesting Tool (WebApp Pentesting for Dummies?)'' David Byrne and Eric Duprey'''

Andylew at 04:16, 5 September 2008

2008-09-05T04:16:55Z

Andylew: /* '''''Static Analysis Techniques for Testing Application Security'' (Dan Cornell of The Denim Group)''' */

2008-09-05T04:08:43Z

‎'''''Static Analysis Techniques for Testing Application Security'' (Dan Cornell of The Denim Group)'''

Andylew: /* '''Static Analysis Techniques for Testing Application Security (Dan Cornell of The Denim Group)''' */

2008-09-05T04:07:48Z

‎'''Static Analysis Techniques for Testing Application Security (Dan Cornell of The Denim Group)'''

Andylew: /* ''''Static Analysis Techniques for Testing Application Security (Dan Cornell of The Denim Group)'''' */

2008-09-05T04:07:11Z

‎''''Static Analysis Techniques for Testing Application Security (Dan Cornell of The Denim Group)''''

@@ Line 1: / Line 1: @@
 == Notes From Boulder OWASP 2008 Meetings ==
 === Sept 2008 - Black Box vs. White Box: Different App Testing Strategies (John Dickson of Denim Group) ===
@@ Line 113: / Line 133: @@
 Mr. Garg holds an MBA from University of Texas Austin, a Masters in Electrical Engineering from Texas A&M University, and a bachelors in Electrical Engineering from Indian Institute of Technology, Kanpur. His interests are in network security and network performance testing arenas. His research work on mitigating Denial of Service attacks has been cited by several academic journals.
 == Chapter Leader Links ==

@@ Line 1: / Line 1: @@
 == Notes From Boulder OWASP 2008 Meetings ==
 === Aug 2008 '''''Static Analysis Techniques for Testing Application Security'' (Dan Cornell of The Denim Group)''' ===
 Static Analysis of software refers to examining source code and other software artifacts without executing them. This presentation looks at how these techniques can be used to identify security defects in applications. Approaches examined will range from simple keyword search methods used to identify calls to banned functions through more sophisticated data flow analysis used to identify more complicated issues such as injection flaws. In addition, a demonstration will be given of two freely-available static analysis tools: FindBugs for the Java platform and FXCop for the .NET platform. Finally, some approaches will be presented on how organizations can start using static analysis tools as part of their development and quality assurance processes.

@@ Line 15: / Line 15: @@
 David Byrne is an infosec veteran, with experience ranging from penetration testing for Fortune 100's to architecting security solutions for large  multinational financials to consulting for government agencies. David is presently part of the team at Trustwave.
 Eric Duprey is a Senior Security Engineer for Dish Network Corporation and co-leader of the Denver OWASP Chapter.
-The [http://www.grendel-scan.com/blog/ Grendel blog] is the place to go to stay current, download updates, etc.
+The [http://www.grendel-scan.com/blog/ Grendel blog] is the place to go to stay current, download updates, etc. if you can't find it on the [http://www.grendel-scan.com/ Grendel homepage].
 === '''''May 2008 Meeting Notes - David C Campbell and Eric Duprey - Cross Site Scripting, Exploits and Defenses ===

@@ Line 2: / Line 2: @@
 === Aug 2008 '''''Static Analysis Techniques for Testing Application Security'' (Dan Cornell of The Denim Group)''' ===
 Static Analysis of software refers to examining source code and other software artifacts without executing them. This presentation looks at how these techniques can be used to identify security defects in applications. Approaches examined will range from simple keyword search methods used to identify calls to banned functions through more sophisticated data flow analysis used to identify more complicated issues such as injection flaws. In addition, a demonstration will be given of two freely-available static analysis tools: FindBugs for the Java platform and FXCop for the .NET platform. Finally, some approaches will be presented on how organizations can start using static analysis tools as part of their development and quality assurance processes.
 Dan Cornell has over ten years of experience architecting and developing web-based software systems. He leads Denim Group’s security research team in investigating the application of secure coding and development techniques to improve web-based software development methodologies.
-Dan was the founding coordinator and chairman for the Java Users Group of San Antonio (JUGSA) and is currently the San Antonio chapter leader of the Open Web Application Security Project (OWASP). He is a recognized expert in the area of web application security for SearchSoftwareQuality.com and the primary author of Sprajax, OWASP’s open source tool for assessing the security of AJAX-enabled web applications.
+'''Dan Cornell''' has over ten years of experience architecting and developing web-based software systems. He leads Denim Group’s security research team in investigating the application of secure coding and development techniques to improve web-based software development methodologies.
 === July 2008 '''''Intro to Grendel - a WebApp PenTesting Tool (WebApp Pentesting for Dummies?)'' David Byrne and Eric Duprey''' ===

@@ Line 11: / Line 11: @@
 David Byrne is an infosec veteran, with experience ranging from penetration testing for Fortune 100's to architecting security solutions for large  multinational financials to consulting for government agencies. David is presently part of the team at Trustwave.
 Eric Duprey is a Senior Security Engineer for Dish Network Corporation and co-leader of the Denver OWASP Chapter.
-The [http://www.grendel-scan.com/blog/ Grendel blog]
+The [http://www.grendel-scan.com/blog/ Grendel blog] is the place to go to stay current, download updates, etc.
 === '''''May 2008 Meeting Notes - David C Campbell and Eric Duprey - Cross Site Scripting, Exploits and Defenses ===