Dancornell: /* The Speaker: Dan Cornell */

2010-05-20T15:10:51Z

‎The Speaker: Dan Cornell

Dc: Created page with '==The Presentation: "Application Security Program Management with Vulnerability Manager"== Using free Java-based software, application security managers can now have increased v…'

2010-05-12T21:06:49Z

Created page with '==The Presentation: "Application Security Program Management with Vulnerability Manager"== Using free Java-based software, application security managers can now have increased v…'

New page

==The Presentation: "Application Security Program Management with Vulnerability Manager"==

Using free Java-based software, application security managers can now have increased visibility into and control of enterprise security programs as well as the data that can be used to support sophisticated conversations with their managers and executives. Denim Group's Vulnerability Manager works through a centralized system to allow security teams to import and consolidate application-level vulnerabilities, automatically generate virtual patches, monitor attack attempts, communicate with defect tracking systems, and evaluate team maturity. Vulnerability Manager is a Java-based web application available for free under the Mozilla Public License.

This demonstration will cover the major functional areas of the Vulnerability Manager:
• Application portfolio management – Creating a portfolio of application under management and tracking critical information about those applications such as associated technologies and sensitivity of data under management.
• Vulnerability import and merging – Importing results of both static and dynamic scans of code, de-duplicating results and merging the output from multiple tools into a unified view of the security state of an application.
• Automated virtual patch generation – Automatically creating IDS/IPS and WAF rules to provide real-time protection for certain classes of vulnerabilities as well as consuming log results from WAF/IDS/IPS in order to identify which vulnerabilities are under active attack.
• Defect tracker integration – Bundling multiple vulnerabilities into packages, sending them to software defect tracking systems, and monitoring the defects to identify when software developers have closed them out.
• Team maturity evaluation – Tracking interviews with development teams related to the security practices they have adopted based on maturity models such as OpenSAMM.

In addition, the presentation will explain the internals of the Vulnerability Manager software – the design decisions made as well as opportunities to extend the system to support additional technologies.

==The Speaker: Dan Cornell==

Dan Cornell has over twelve years of experience architecting and developing web-based software systems. He leads Denim Group’s security research team in investigating the application of secure coding and development techniques to improve web-based software development methodologies.

Dan was the founding coordinator and chairman for the Java Users Group of San Antonio (JUGSA) and currently serves as the OWASP San Antonio chapter leader, member of the OWASP Global Membership Committee and co-lead of the OWASP Open Review Project. Dan has spoken at such international conferences as ROOTs in Norway, RSA Conference and OWASP EU Summit in Portugal.

[http://www.owasp.org/index.php/Front_Range_OWASP_Conference_2010#tab=Agenda Back to Conference Agenda]

← Older revision		Revision as of 15:10, 20 May 2010
Line 14:		Line 14:


−	==The Speaker: ~~Dan Cornell~~==	+	==The Speaker: Bryan Beverly==
−
−	Dan Cornell has over twelve years of experience architecting and developing web-based software systems. He leads Denim Group’s security research team in investigating the application of secure coding and development techniques to improve web-based software development methodologies.
−
−	Dan was the founding coordinator and chairman for the Java Users Group of San Antonio (JUGSA) and currently serves as the OWASP San Antonio chapter leader, member of the OWASP Global Membership Committee and co-lead of the OWASP Open Review Project. Dan has spoken at such international conferences as ROOTs in Norway, RSA Conference and OWASP EU Summit in Portugal.
−

		+	Bryan Beverly is Lead Consultant at Denim Group with thirteen years of business application development experience. At Denim Group, Bryan is responsible for defining and enforcing development processes and for performing black box and white box scans for clients in the public and private sectors. An on-site trainer for secure development best practices, Bryan has trained internal development teams for the military, commercial software developers, and financial institutions. Bryan is a co-developer and provides technical leadership on the Open Source Denim Group [http://vulnerabilitymanager.denimgroup.com/ Vulnerability Manager] project.

	[http://www.owasp.org/index.php/Front_Range_OWASP_Conference_2010#tab=Agenda Back to Conference Agenda]		[http://www.owasp.org/index.php/Front_Range_OWASP_Conference_2010#tab=Agenda Back to Conference Agenda]

FROC2010 Abstract Cornell - Revision history

Dancornell: /* The Speaker: Dan Cornell */

Dc: Created page with '==The Presentation: "Application Security Program Management with Vulnerability Manager"== Using free Java-based software, application security managers can now have increased v…'