This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP Minneapolis St Paul 2009 Conference"

From OWASP
Jump to: navigation, search
m (Modifying wording slightly for correctness on posting of presetnations.)
m (fixed typo)
 
(48 intermediate revisions by 3 users not shown)
Line 1: Line 1:
The [[Minneapolis St Paul | OWASP Minneapolis-St. Paul (MSP) chapter]] is pleased to announce an afternoon of information security presentations on August 24, 2009 at the [http://www1.umn.edu/twincities/maps/StCen/StCen-map.html St. Paul Student Center] [http://www.spsc.umn.edu/about/directory/lower.php Auditorium/Theater] on the [http://www1.umn.edu/twincities/index.php University of Minnesota - Twin Cities] campus.
+
The [[Minneapolis St Paul | OWASP Minneapolis-St. Paul (OWASP MSP) chapter]] wants to say thanks again for another year to all who joined us for an afternoon of information security presentations on August 24, 2009 at the [http://www1.umn.edu/twincities/maps/StCen/StCen-map.html St. Paul Student Center] [http://www.spsc.umn.edu/about/directory/lower.php Auditorium/Theater] on the [http://www1.umn.edu/twincities/index.php University of Minnesota - Twin Cities] campus. '''[http://vimeo.com/channels/owaspmsp Watch the video at Vimeo]'''.
  
Presentations will be posted shortly after the event. Links to the presentation material will be provided below at that time.
 
  
== Registration and Directions to Event ==
+
== Thank You to Our Sponsors ==
 +
 
 +
 
 +
 
 +
Contact '''[mailto:[email protected] Lorna]''' at '''[mailto:[email protected] [email protected]]''' to sponsor future events.
 +
 
 +
A big thank you goes out to the '''Office of Internal Audit and OIT Security at the University of Minnesota''' for sponsoring the event location.
 +
 
 +
A special thank you goes out to Platinum Sponsors '''[http://www.bestbuy.com/ Best Buy]''', '''[http://www.strategicit.org/ Center for Strategic Information Technology and Security (MnSCU)]''', and '''[http://www.go-integral.net/ Integral]'''.
 +
 
  
A registration link will be provided shortly. On site registration the day of the event is not expected to be available due to anticipated demand, so please register prior to the event to guarantee your seat at this event.
+
[[Image:Best_Buy_logo.jpg|link=http://www.bestbuy.com/]]      [[Image:Center_for_strategic_it_n_security.png|60px|link=http://www.strategicit.org/]]      [[Image:Integral_logo.png|90px|link=http://www.go-integral.net/]]
  
[http://maps.google.com/maps?q=2017+Buford+Avenue+St.+Paul,+MN+55108&oe=utf-8&client=firefox-a&ie=UTF8&split=0&gl=us&ei=KahSStPfHJK4Ncr0mN8I&z=16&iwloc=A '''Google Maps Directions to the St. Paul Student Center''']
 
  
== Thank You to Our Sponsors ==
+
Thank you to the following sponsors for their financial support of this event and the OWASP MSP chapter!
 +
 
 +
 
 +
[[Image:Integral_logo.png|114px|link=http://www.go-integral.net/]] [[Image:New_Symantec_Logo.jpg|link=http://www.symantec.com/]] [[Image:Imperva_Logo.gif|link=http://www.imperva.com/]] [[Image:secure360_logo.png|link=http://www.secure360.org/]]        [[Image:Center_for_strategic_it_n_security.png|100px|link=http://www.strategicit.org/]]
 +
 
 +
 
 +
[[Image:Breach_logo.gif‎|link=http://www.breach.com/]]      [[Image:Netspi_logo.png|120px|link=http://www.netspi.com/]]                 [[Image:F5_logo.png|80px|link=http://www.f5.com/]]                  [[Image:Mn-issa_logo.png|120px|link=http://www.mn-issa.org/]]         [[Image:Fortify_Logo_(Medium).jpg|125px|link=http://www.fortify.com/]]
 +
 
 +
 
 +
== Social Media ==
 +
 
 +
'''Share''' the OWASP MSP 2009 Half Day Conference on your favorite social media sites:
  
The event coordinators are currently finalizing sponsorship details.
+
[[Image:Linkedin_mini.png|link=http://www.linkedin.com/shareArticle?mini=true&url=http%3A%2F%2Fwww.owasp.org%2Findex.php%2FOWASP_Minneapolis_St_Paul_2009_Conference&title=OWASP%20Minneapolis-St.%20Paul%20(OWASP%20MSP)%202009%20Half%20Day%20Conference&summary=The%20%20OWASP%20Minneapolis-St.%20Paul%20(MSP)%20chapter%20is%20pleased%20to%20announce%20an%20afternoon%20of%20information%20security%20presentations%20on%20August%2024%2C%202009%20at%20the%20St.%20Paul%20Student%20Center%20Auditorium%2FTheater%20on%20the%20University%20of%20Minnesota%20-%20Twin%20Cities%20campus.%20&source=OWASPMSP]]
 +
[[Image:Twitter_mini.png|link=http://twitter.com/home?status=OWASP%20MSP%202009%20Conference%20-%2024%20August%202009%20-%20http%3A%2F%2Fwww.owasp.org%2Findex.php%2FOWASP_Minneapolis_St_Paul_2009_Conference]] [[Image:Facebook_mini.png|link=http://www.facebook.com/sharer.php?u=http%3A%2F%2Fwww.owasp.org%2Findex.php%2FOWASP_Minneapolis_St_Paul_2009_Conference&t=OWASP%20Minneapolis-St.%20Paul%20(OWASP%20MSP)%202009%20Half%20Day%20Conference]] [[Image:Digg_mini.png|link=http://digg.com/submit?phase=2&url=http%3A%2F%2Fwww.owasp.org%2Findex.php%2FOWASP_Minneapolis_St_Paul_2009_Conference&title=OWASP%20Minneapolis-St.%20Paul%20(OWASP%20MSP)%202009%20Half%20Day%20Conference&bodytext=The%20%20OWASP%20Minneapolis-St.%20Paul%20(MSP)%20chapter%20is%20pleased%20to%20announce%20an%20afternoon%20of%20information%20security%20presentations%20on%20August%2024%2C%202009%20at%20the%20St.%20Paul%20Student%20Center%20Auditorium%2FTheater%20on%20the%20University%20of%20Minnesota%20-%20Twin%20Cities%20campus.%20]] [[Image:Delicious_mini.png|link=http://del.icio.us/post?url=http%3A%2F%2Fwww.owasp.org%2Findex.php%2FOWASP_Minneapolis_St_Paul_2009_Conference&title=OWASP%20Minneapolis-St.%20Paul%20(OWASP%20MSP)%202009%20Half%20Day%20Conference]] [[Image:Reddit_mini.png|link=http://reddit.com/submit?url=http%3A%2F%2Fwww.owasp.org%2Findex.php%2FOWASP_Minneapolis_St_Paul_2009_Conference&title=OWASP%20Minneapolis-St.%20Paul%20(OWASP%20MSP)%202009%20Half%20Day%20Conference]] [[Image:Myspace_mini.png|link=http://www.myspace.com/Modules/PostTo/Pages/?l=1&u=http%3A%2F%2Fwww.owasp.org%2Findex.php%2FOWASP_Minneapolis_St_Paul_2009_Conference&t=OWASP%20Minneapolis-St.%20Paul%20(OWASP%20MSP)%202009%20Half%20Day%20Conference]]
  
== Agenda ==
 
<table width="80%" border="0">
 
<tr>
 
<td style="background-color:#AEB7D5; padding: 5px; width: 120px">12:30 PM - 1:30 PM</td>
 
<td style="background-color:#D5B4AE; padding: 5px;">Registration / Check-In</td>
 
</tr>
 
  
<tr>
+
'''Follow''' OWASP MSP on your favorite social media sites:
<td  style="background-color:#AEB7D5; padding: 5px;">1:30 PM - 1:45 PM</td>
 
<td style="background-color:#D5B4AE; padding: 5px;">
 
'''Kuai Hinojosa'''
 
  
OWASP MSP President
+
[[Image:Linkedin_mini.png|link=http://www.linkedin.com/groupInvitation?groupID=2184116]]
 +
[[Image:Twitter_mini.png|link=http://twitter.com/owaspmsp]] [[Image:Facebook_mini.png|link=http://www.facebook.com/pages/OWASP-Minneapolis-St-Paul-OWASP-MSP-OWASPMSP/113583361381]] [[Image:Digg_mini.png|link=http://digg.com/users/owaspmsp]] [[Image:Delicious_mini.png|link=http://delicious.com/owaspmsp]] [[Image:Reddit_mini.png|link=http://www.reddit.com/user/owaspmsp]] [[Image:Myspace_mini.png|link=http://www.myspace.com/owaspmsp]]
  
'''Topic:''' Event Introduction
 
  
The OWASP MSP chapter has had a successful year, and will be looking ahead to even more participation in the global OWASP community.
 
  
'''Bio:''' Speaker provided bio.
+
== Agenda  ==
</td>
 
</tr>
 
  
<tr>
+
* Talks now available on [http://vimeo.com/channels/owaspmsp Vimeo Video Archive ]
<td style="background-color:#AEB7D5; padding: 5px;">1:45 PM - 2:30 PM</td>
 
<td style="background-color:#D5B4AE; padding: 5px;">
 
'''Speaker TBD'''
 
  
Position, Organization with Link
+
{| border="0" width="80%"
 +
|-
 +
| style="padding: 5px; background-color: rgb(174, 183, 213); width: 120px;" | 12:30 PM - 1:30 PM
 +
| style="border: 1px solid rgb(174, 183, 213); padding: 5px;" | Check-In
 +
|-
 +
| style="padding: 5px; background-color: rgb(174, 183, 213);" | 1:30 PM - 1:45 PM
 +
| style="border: 1px solid rgb(174, 183, 213); padding: 5px;" |
 +
'''Kuai Hinojosa'''
  
'''Topic:''' Topic TBD.
+
OWASP MSP President  - [http://vimeo.com/6502372 Video Archive ]
  
The speaker in this time slot will be discussing OWASP and the PCI-DSS.
+
'''Topic:''' Event Introduction
  
'''Bio:''' Speaker provided bio.
+
The OWASP MSP chapter has had a successful year, and will be looking ahead to even more participation in the global OWASP community. 
</td>
+
|-
</tr>
+
| style="padding: 5px; background-color: rgb(174, 183, 213);" | 1:45 PM - 2:30 PM
 +
| style="border: 1px solid rgb(174, 183, 213); padding: 5px;" |
 +
'''Seth Peter'''  
  
<tr>
+
Chief Technology Officer, [http://www.netspi.com/ NetSPI] - [http://vimeo.com/6495344 Video Archive ]
<td style="background-color:#AEB7D5; padding: 5px;">2:30 PM - 2:45 PM</td>
 
<td style="background-color:#D5B4AE; padding: 5px;">Break</td>
 
</tr>
 
  
<tr>
+
'''Topic:''' The Developers Guide to PCI DSS and PA-DSS Requirements
<td style="background-color: #AEB7D5; padding: 5px;">2:45 PM - 3:30 PM </td>
 
<td style="background-color: #D5B4AE; padding: 5px;">
 
'''Pravir Chandra'''
 
  
Director of Strategic Services, [http://www.fortify.com/ Fortify]
+
The Payment Card Industry (PCI) Data Security Standard (DSS) has a large number of requirements pertaining to the development and maintenance of payment applications. The requirements span development, maintenance, support, access controls, auditing &amp; logging, security awareness, assessment, and policies. Not only does this apply to the systems within a cardholder environment but also to supporting applications and your organization’s overall SDLC. Furthermore, these application specific requirements are often overlooked or misunderstood by development and information security departments. Within this presentation, we will review the most relevant PCI requirements that developers and application owners must focus on and how your organization can confidently comply.  
  
'''Topic:''' OpenSAMM
+
'''Bio:''' (From [http://www.nesspi.com/ netspi.com]) ''Seth Peter is a computer security expert with extensive experience with all aspects of information security. He was a founder of the computer forensics team at Kroll Ontrack where he provided expert witness testimony and depositions regarding high profile computer security cases. As the founder and CTO of NetSPI, he is a national leader in risk management and security program assessment. Seth has provided consulting to over 100 different organizations within financial services, government, health care, education, nuclear energy, and retail. Seth is a Payment Card Industry Qualified Security Assessor and Visa Qualified Payment Application Security Professional. Seth holds a B.A. degree in Mathematics from Kenyon College.''
  
The Software Assurance Maturity Model (SAMM) is an open framework to help organizations formulate and implement a strategy for software security that is tailored to the specific risks facing the organization. Pravir Chandra, creator and leader of the project, will be discussing OpenSAMM. For more information on OpenSAMM, visit [http://www.opensamm.org/ http://www.opensamm.org/].
+
|-
 +
| style="padding: 5px; background-color: rgb(174, 183, 213);" | 2:30 PM - 2:45 PM
 +
| style="border: 1px solid rgb(174, 183, 213); padding: 5px;" | Break
 +
|-
 +
| style="padding: 5px; background-color: rgb(174, 183, 213);" | 2:45 PM - 3:30 PM
 +
| style="border: 1px solid rgb(174, 183, 213); padding: 5px;" |
 +
'''Pravir Chandra'''
  
'''Bio:''' (From [http://www.fortify.com fortify.com]) ''Chandra is widely recognized in the industry for his expertise in software security, security training, and code analysis, and also for his ability to apply technical knowledge strategically from a business perspective. Most recently, Chandra was an independent consultant where he worked with clients to build and optimize software security programs. Prior to that, he was affiliated with Cigital as a Principal Consultant where he developed role-based training curricula and led large software security programs at Fortune 500 companies. Chandra was also Co-Founder and Chief Security Architect at Secure Software, Inc. before the company was acquired by Fortify Software.''
+
Director of Strategic Services, [http://www.fortify.com/ Fortify] - [http://vimeo.com/6495398 Video Archive ]
</td>
 
</tr>
 
  
<tr>
+
'''Topic:''' Software Assurance Maturity Model (OpenSAMM)
<td style="background-color:#AEB7D5; padding: 5px;">3:30 PM - 3:45 PM</td>
 
<td style="background-color:#D5B4AE; padding: 5px;">Break</td>
 
</tr>
 
  
<tr>
+
The Software Assurance Maturity Model (SAMM) ([http://www.opensamm.org/ http://www.opensamm.org/]) is a flexible and prescriptive framework for building security into a software development organization. Covering more than typical SDLC-based models for security, SAMM enables organizations to self-assess their security assurance program and then use recommended roadmaps to improve in a way that's aligned to the specific risks facing the organization. Beyond that, SAMM enables creation of scorecards for an organization's effectiveness at secure software development throughout the typical governance, development, and deployment business functions. Scorecards also enable management within an organization to demonstrate quantitative improvements through iterations of building a security assurance program. This workshop will introduce the SAMM framework and walk through useful activities such as assessing an assurance program, mapping an existing organization to a recommended roadmap, and iteratively building an assurance program. Time allowing, additional case studies will also be discussed. OpenSAMM is an open a free project and has recently been donated to the Open Web Application Security Project (OWASP) Foundation. For more information on OpenSAMM, visit [http://www.opensamm.org/ http://www.opensamm.org/].
<td style="background-color: #AEB7D5; padding: 5px;">3:45 PM - 4:45 PM</td>
 
<td style="background-color: #D5B4AE; padding: 5px;">'''Bruce Schneier'''<br />[http://www.schneier.com/ schneier.com]
 
  
'''Topic:''' The Future of the Security Industry:  IT is Rapidly Becoming a Commodity'''
+
'''Bio:''' (From [http://www.fortify.com/ fortify.com]) ''Pravir Chandra is Director of Strategic Services at Fortify Software and works with clients on software security assurance programs. Pravir is recognized for his expertise in software security, code analysis, and his ability to strategically apply technical knowledge. Prior to Fortify, he was a Principal Consultant affiliated with Cigital and led large software security programs at Fortune 500 companies. Pravir Co-Founded Secure Software, Inc. and was Chief Security Architect prior to its acquisition by Fortify. He recently created and led the Open Software Assurance Maturity Model (OpenSAMM) project with the OWASP Foundation, leads the OWASP CLASP project, and also serves as member of the OWASP Global Projects Committee. Pravir is author of the book Network Security with OpenSSL.''  
  
More companies are outsourcing their IT infrastructure -- treating it as a service more like electricity, office cleaning, or tax preparation -- and this has profound implications for IT security. Organizational users care less about the technical details of security. Products and services change their focus from the end user to the outsourcer. Industry consolidation results, as non-security IT infrastructure companies seek to bolster their security credentials. Even the profession changes, as jobs move from individual organizations to the outsourcing companies, and in some cases overseas. This talk looks at the future of IT security in a mature IT infrastructure industry.
+
|-
 +
| style="padding: 5px; background-color: rgb(174, 183, 213);" | 3:30 PM - 3:45 PM
 +
| style="border: 1px solid rgb(174, 183, 213); padding: 5px;" | Break
 +
|-
 +
| style="padding: 5px; background-color: rgb(174, 183, 213);" | 3:45 PM - 4:45 PM
 +
| style="border: 1px solid rgb(174, 183, 213); padding: 5px;" | '''Bruce Schneier'''<br>[http://www.schneier.com/ schneier.com] - [http://vimeo.com/6495257 Video Archive ]
 +
'''Topic:''' The Future of the Security Industry: IT is Rapidly Becoming a Commodity
  
'''Bio''': (From [http://www.schneier.com/ schneier.com]) ''Bruce Schneier is an internationally renowned security technologist and author. Described by The Economist as a "security guru," he is best known as a refreshingly candid and lucid security critic and commentator. When people want to know how security really works, they turn to Schneier.''</td>
+
More companies are outsourcing their IT infrastructure -- treating it as a service more like electricity, office cleaning, or tax preparation -- and this has profound implications for IT security. Organizational users care less about the technical details of security. Products and services change their focus from the end user to the outsourcer. Industry consolidation results, as non-security IT infrastructure companies seek to bolster their security credentials. Even the profession changes, as jobs move from individual organizations to the outsourcing companies, and in some cases overseas. This talk looks at the future of IT security in a mature IT infrastructure industry.
</tr>
+
'''Bio''': (From [http://www.schneier.com/ schneier.com]) ''Bruce Schneier is an internationally renowned security technologist and author. Described by The Economist as a "security guru," he is best known as a refreshingly candid and lucid security critic and commentator. When people want to know how security really works, they turn to Schneier.''
 +
|-
 +
| style="padding: 5px; background-color: rgb(174, 183, 213);" | 4:45 PM
 +
| style="border: 1px solid rgb(174, 183, 213); padding: 5px;" | Event Closing
 +
|}
  
<tr>
+
[[Category:Minnesota]]
<td  style="background-color:#AEB7D5; padding: 5px;">4:45 PM</td>
 
<td style="background-color:#D5B4AE; padding: 5px;">Event Closing</td>
 
</tr>
 
</table>
 

Latest revision as of 20:52, 12 September 2009

The OWASP Minneapolis-St. Paul (OWASP MSP) chapter wants to say thanks again for another year to all who joined us for an afternoon of information security presentations on August 24, 2009 at the St. Paul Student Center Auditorium/Theater on the University of Minnesota - Twin Cities campus. Watch the video at Vimeo.


Thank You to Our Sponsors

Contact Lorna at [email protected] to sponsor future events.

A big thank you goes out to the Office of Internal Audit and OIT Security at the University of Minnesota for sponsoring the event location.

A special thank you goes out to Platinum Sponsors Best Buy, Center for Strategic Information Technology and Security (MnSCU), and Integral.


Best Buy logo.jpg      Center for strategic it n security.png      Integral logo.png


Thank you to the following sponsors for their financial support of this event and the OWASP MSP chapter!


Integral logo.png New Symantec Logo.jpg Imperva Logo.gif Secure360 logo.png        Center for strategic it n security.png


Breach logo.gif      Netspi logo.png                 F5 logo.png                  Mn-issa logo.png         Fortify Logo (Medium).jpg


Social Media

Share the OWASP MSP 2009 Half Day Conference on your favorite social media sites:

Linkedin mini.png Twitter mini.png Facebook mini.png Digg mini.png Delicious mini.png Reddit mini.png Myspace mini.png


Follow OWASP MSP on your favorite social media sites:

Linkedin mini.png Twitter mini.png Facebook mini.png Digg mini.png Delicious mini.png Reddit mini.png Myspace mini.png


Agenda

12:30 PM - 1:30 PM Check-In
1:30 PM - 1:45 PM

Kuai Hinojosa

OWASP MSP President - Video Archive

Topic: Event Introduction

The OWASP MSP chapter has had a successful year, and will be looking ahead to even more participation in the global OWASP community.

1:45 PM - 2:30 PM

Seth Peter

Chief Technology Officer, NetSPI - Video Archive

Topic: The Developers Guide to PCI DSS and PA-DSS Requirements

The Payment Card Industry (PCI) Data Security Standard (DSS) has a large number of requirements pertaining to the development and maintenance of payment applications. The requirements span development, maintenance, support, access controls, auditing & logging, security awareness, assessment, and policies. Not only does this apply to the systems within a cardholder environment but also to supporting applications and your organization’s overall SDLC. Furthermore, these application specific requirements are often overlooked or misunderstood by development and information security departments. Within this presentation, we will review the most relevant PCI requirements that developers and application owners must focus on and how your organization can confidently comply.

Bio: (From netspi.com) Seth Peter is a computer security expert with extensive experience with all aspects of information security. He was a founder of the computer forensics team at Kroll Ontrack where he provided expert witness testimony and depositions regarding high profile computer security cases. As the founder and CTO of NetSPI, he is a national leader in risk management and security program assessment. Seth has provided consulting to over 100 different organizations within financial services, government, health care, education, nuclear energy, and retail. Seth is a Payment Card Industry Qualified Security Assessor and Visa Qualified Payment Application Security Professional. Seth holds a B.A. degree in Mathematics from Kenyon College.

2:30 PM - 2:45 PM Break
2:45 PM - 3:30 PM

Pravir Chandra

Director of Strategic Services, Fortify - Video Archive

Topic: Software Assurance Maturity Model (OpenSAMM)

The Software Assurance Maturity Model (SAMM) (http://www.opensamm.org/) is a flexible and prescriptive framework for building security into a software development organization. Covering more than typical SDLC-based models for security, SAMM enables organizations to self-assess their security assurance program and then use recommended roadmaps to improve in a way that's aligned to the specific risks facing the organization. Beyond that, SAMM enables creation of scorecards for an organization's effectiveness at secure software development throughout the typical governance, development, and deployment business functions. Scorecards also enable management within an organization to demonstrate quantitative improvements through iterations of building a security assurance program. This workshop will introduce the SAMM framework and walk through useful activities such as assessing an assurance program, mapping an existing organization to a recommended roadmap, and iteratively building an assurance program. Time allowing, additional case studies will also be discussed. OpenSAMM is an open a free project and has recently been donated to the Open Web Application Security Project (OWASP) Foundation. For more information on OpenSAMM, visit http://www.opensamm.org/.

Bio: (From fortify.com) Pravir Chandra is Director of Strategic Services at Fortify Software and works with clients on software security assurance programs. Pravir is recognized for his expertise in software security, code analysis, and his ability to strategically apply technical knowledge. Prior to Fortify, he was a Principal Consultant affiliated with Cigital and led large software security programs at Fortune 500 companies. Pravir Co-Founded Secure Software, Inc. and was Chief Security Architect prior to its acquisition by Fortify. He recently created and led the Open Software Assurance Maturity Model (OpenSAMM) project with the OWASP Foundation, leads the OWASP CLASP project, and also serves as member of the OWASP Global Projects Committee. Pravir is author of the book Network Security with OpenSSL.

3:30 PM - 3:45 PM Break
3:45 PM - 4:45 PM Bruce Schneier
schneier.com - Video Archive

Topic: The Future of the Security Industry: IT is Rapidly Becoming a Commodity

More companies are outsourcing their IT infrastructure -- treating it as a service more like electricity, office cleaning, or tax preparation -- and this has profound implications for IT security. Organizational users care less about the technical details of security. Products and services change their focus from the end user to the outsourcer. Industry consolidation results, as non-security IT infrastructure companies seek to bolster their security credentials. Even the profession changes, as jobs move from individual organizations to the outsourcing companies, and in some cases overseas. This talk looks at the future of IT security in a mature IT infrastructure industry. Bio: (From schneier.com) Bruce Schneier is an internationally renowned security technologist and author. Described by The Economist as a "security guru," he is best known as a refreshingly candid and lucid security critic and commentator. When people want to know how security really works, they turn to Schneier.

4:45 PM Event Closing