This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP Minneapolis St Paul 2009 Conference"
Webappsecguy (talk | contribs) m (Adding platinum sponsors to start of page.) |
Webappsecguy (talk | contribs) m (fixed typo) |
||
(8 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
− | The [[Minneapolis St Paul | OWASP Minneapolis-St. Paul (OWASP MSP) chapter]] | + | The [[Minneapolis St Paul | OWASP Minneapolis-St. Paul (OWASP MSP) chapter]] wants to say thanks again for another year to all who joined us for an afternoon of information security presentations on August 24, 2009 at the [http://www1.umn.edu/twincities/maps/StCen/StCen-map.html St. Paul Student Center] [http://www.spsc.umn.edu/about/directory/lower.php Auditorium/Theater] on the [http://www1.umn.edu/twincities/index.php University of Minnesota - Twin Cities] campus. '''[http://vimeo.com/channels/owaspmsp Watch the video at Vimeo]'''. |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | [http:// | ||
Line 15: | Line 6: | ||
− | Contact '''[mailto:[email protected] Lorna]''' at '''[mailto:[email protected] [email protected]]''' to sponsor | + | Contact '''[mailto:[email protected] Lorna]''' at '''[mailto:[email protected] [email protected]]''' to sponsor future events. |
A big thank you goes out to the '''Office of Internal Audit and OIT Security at the University of Minnesota''' for sponsoring the event location. | A big thank you goes out to the '''Office of Internal Audit and OIT Security at the University of Minnesota''' for sponsoring the event location. | ||
Line 49: | Line 40: | ||
− | == Agenda | + | == Agenda == |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | + | * Talks now available on [http://vimeo.com/channels/owaspmsp Vimeo Video Archive ] | |
− | + | {| border="0" width="80%" | |
+ | |- | ||
+ | | style="padding: 5px; background-color: rgb(174, 183, 213); width: 120px;" | 12:30 PM - 1:30 PM | ||
+ | | style="border: 1px solid rgb(174, 183, 213); padding: 5px;" | Check-In | ||
+ | |- | ||
+ | | style="padding: 5px; background-color: rgb(174, 183, 213);" | 1:30 PM - 1:45 PM | ||
+ | | style="border: 1px solid rgb(174, 183, 213); padding: 5px;" | | ||
+ | '''Kuai Hinojosa''' | ||
− | + | OWASP MSP President - [http://vimeo.com/6502372 Video Archive ] | |
− | |||
− | |||
− | + | '''Topic:''' Event Introduction | |
− | |||
− | |||
− | |||
− | + | The OWASP MSP chapter has had a successful year, and will be looking ahead to even more participation in the global OWASP community. | |
− | + | |- | |
− | + | | style="padding: 5px; background-color: rgb(174, 183, 213);" | 1:45 PM - 2:30 PM | |
− | ''' | + | | style="border: 1px solid rgb(174, 183, 213); padding: 5px;" | |
+ | '''Seth Peter''' | ||
− | + | Chief Technology Officer, [http://www.netspi.com/ NetSPI] - [http://vimeo.com/6495344 Video Archive ] | |
− | '''Topic:''' | + | '''Topic:''' The Developers Guide to PCI DSS and PA-DSS Requirements |
− | The | + | The Payment Card Industry (PCI) Data Security Standard (DSS) has a large number of requirements pertaining to the development and maintenance of payment applications. The requirements span development, maintenance, support, access controls, auditing & logging, security awareness, assessment, and policies. Not only does this apply to the systems within a cardholder environment but also to supporting applications and your organization’s overall SDLC. Furthermore, these application specific requirements are often overlooked or misunderstood by development and information security departments. Within this presentation, we will review the most relevant PCI requirements that developers and application owners must focus on and how your organization can confidently comply. |
− | '''Bio:''' (From [http://www. | + | '''Bio:''' (From [http://www.nesspi.com/ netspi.com]) ''Seth Peter is a computer security expert with extensive experience with all aspects of information security. He was a founder of the computer forensics team at Kroll Ontrack where he provided expert witness testimony and depositions regarding high profile computer security cases. As the founder and CTO of NetSPI, he is a national leader in risk management and security program assessment. Seth has provided consulting to over 100 different organizations within financial services, government, health care, education, nuclear energy, and retail. Seth is a Payment Card Industry Qualified Security Assessor and Visa Qualified Payment Application Security Professional. Seth holds a B.A. degree in Mathematics from Kenyon College.'' |
− | |||
− | |||
− | + | |- | |
− | + | | style="padding: 5px; background-color: rgb(174, 183, 213);" | 2:30 PM - 2:45 PM | |
− | + | | style="border: 1px solid rgb(174, 183, 213); padding: 5px;" | Break | |
− | + | |- | |
+ | | style="padding: 5px; background-color: rgb(174, 183, 213);" | 2:45 PM - 3:30 PM | ||
+ | | style="border: 1px solid rgb(174, 183, 213); padding: 5px;" | | ||
+ | '''Pravir Chandra''' | ||
− | + | Director of Strategic Services, [http://www.fortify.com/ Fortify] - [http://vimeo.com/6495398 Video Archive ] | |
− | |||
− | |||
− | '''Topic:''' | + | '''Topic:''' Software Assurance Maturity Model (OpenSAMM) |
− | + | The Software Assurance Maturity Model (SAMM) ([http://www.opensamm.org/ http://www.opensamm.org/]) is a flexible and prescriptive framework for building security into a software development organization. Covering more than typical SDLC-based models for security, SAMM enables organizations to self-assess their security assurance program and then use recommended roadmaps to improve in a way that's aligned to the specific risks facing the organization. Beyond that, SAMM enables creation of scorecards for an organization's effectiveness at secure software development throughout the typical governance, development, and deployment business functions. Scorecards also enable management within an organization to demonstrate quantitative improvements through iterations of building a security assurance program. This workshop will introduce the SAMM framework and walk through useful activities such as assessing an assurance program, mapping an existing organization to a recommended roadmap, and iteratively building an assurance program. Time allowing, additional case studies will also be discussed. OpenSAMM is an open a free project and has recently been donated to the Open Web Application Security Project (OWASP) Foundation. For more information on OpenSAMM, visit [http://www.opensamm.org/ http://www.opensamm.org/]. | |
− | '''Bio''' | + | '''Bio:''' (From [http://www.fortify.com/ fortify.com]) ''Pravir Chandra is Director of Strategic Services at Fortify Software and works with clients on software security assurance programs. Pravir is recognized for his expertise in software security, code analysis, and his ability to strategically apply technical knowledge. Prior to Fortify, he was a Principal Consultant affiliated with Cigital and led large software security programs at Fortune 500 companies. Pravir Co-Founded Secure Software, Inc. and was Chief Security Architect prior to its acquisition by Fortify. He recently created and led the Open Software Assurance Maturity Model (OpenSAMM) project with the OWASP Foundation, leads the OWASP CLASP project, and also serves as member of the OWASP Global Projects Committee. Pravir is author of the book Network Security with OpenSSL.'' |
− | |||
− | + | |- | |
− | + | | style="padding: 5px; background-color: rgb(174, 183, 213);" | 3:30 PM - 3:45 PM | |
− | + | | style="border: 1px solid rgb(174, 183, 213); padding: 5px;" | Break | |
− | + | |- | |
− | + | | style="padding: 5px; background-color: rgb(174, 183, 213);" | 3:45 PM - 4:45 PM | |
+ | | style="border: 1px solid rgb(174, 183, 213); padding: 5px;" | '''Bruce Schneier'''<br>[http://www.schneier.com/ schneier.com] - [http://vimeo.com/6495257 Video Archive ] | ||
+ | '''Topic:''' The Future of the Security Industry: IT is Rapidly Becoming a Commodity | ||
+ | More companies are outsourcing their IT infrastructure -- treating it as a service more like electricity, office cleaning, or tax preparation -- and this has profound implications for IT security. Organizational users care less about the technical details of security. Products and services change their focus from the end user to the outsourcer. Industry consolidation results, as non-security IT infrastructure companies seek to bolster their security credentials. Even the profession changes, as jobs move from individual organizations to the outsourcing companies, and in some cases overseas. This talk looks at the future of IT security in a mature IT infrastructure industry. | ||
+ | '''Bio''': (From [http://www.schneier.com/ schneier.com]) ''Bruce Schneier is an internationally renowned security technologist and author. Described by The Economist as a "security guru," he is best known as a refreshingly candid and lucid security critic and commentator. When people want to know how security really works, they turn to Schneier.'' | ||
+ | |- | ||
+ | | style="padding: 5px; background-color: rgb(174, 183, 213);" | 4:45 PM | ||
+ | | style="border: 1px solid rgb(174, 183, 213); padding: 5px;" | Event Closing | ||
+ | |} | ||
[[Category:Minnesota]] | [[Category:Minnesota]] |
Latest revision as of 20:52, 12 September 2009
The OWASP Minneapolis-St. Paul (OWASP MSP) chapter wants to say thanks again for another year to all who joined us for an afternoon of information security presentations on August 24, 2009 at the St. Paul Student Center Auditorium/Theater on the University of Minnesota - Twin Cities campus. Watch the video at Vimeo.
Thank You to Our Sponsors
Contact Lorna at [email protected] to sponsor future events.
A big thank you goes out to the Office of Internal Audit and OIT Security at the University of Minnesota for sponsoring the event location.
A special thank you goes out to Platinum Sponsors Best Buy, Center for Strategic Information Technology and Security (MnSCU), and Integral.
Thank you to the following sponsors for their financial support of this event and the OWASP MSP chapter!
Social Media
Share the OWASP MSP 2009 Half Day Conference on your favorite social media sites:
Follow OWASP MSP on your favorite social media sites:
Agenda
- Talks now available on Vimeo Video Archive
12:30 PM - 1:30 PM | Check-In |
1:30 PM - 1:45 PM |
Kuai Hinojosa OWASP MSP President - Video Archive Topic: Event Introduction The OWASP MSP chapter has had a successful year, and will be looking ahead to even more participation in the global OWASP community. |
1:45 PM - 2:30 PM |
Seth Peter Chief Technology Officer, NetSPI - Video Archive Topic: The Developers Guide to PCI DSS and PA-DSS Requirements The Payment Card Industry (PCI) Data Security Standard (DSS) has a large number of requirements pertaining to the development and maintenance of payment applications. The requirements span development, maintenance, support, access controls, auditing & logging, security awareness, assessment, and policies. Not only does this apply to the systems within a cardholder environment but also to supporting applications and your organization’s overall SDLC. Furthermore, these application specific requirements are often overlooked or misunderstood by development and information security departments. Within this presentation, we will review the most relevant PCI requirements that developers and application owners must focus on and how your organization can confidently comply. Bio: (From netspi.com) Seth Peter is a computer security expert with extensive experience with all aspects of information security. He was a founder of the computer forensics team at Kroll Ontrack where he provided expert witness testimony and depositions regarding high profile computer security cases. As the founder and CTO of NetSPI, he is a national leader in risk management and security program assessment. Seth has provided consulting to over 100 different organizations within financial services, government, health care, education, nuclear energy, and retail. Seth is a Payment Card Industry Qualified Security Assessor and Visa Qualified Payment Application Security Professional. Seth holds a B.A. degree in Mathematics from Kenyon College. |
2:30 PM - 2:45 PM | Break |
2:45 PM - 3:30 PM |
Pravir Chandra Director of Strategic Services, Fortify - Video Archive Topic: Software Assurance Maturity Model (OpenSAMM) The Software Assurance Maturity Model (SAMM) (http://www.opensamm.org/) is a flexible and prescriptive framework for building security into a software development organization. Covering more than typical SDLC-based models for security, SAMM enables organizations to self-assess their security assurance program and then use recommended roadmaps to improve in a way that's aligned to the specific risks facing the organization. Beyond that, SAMM enables creation of scorecards for an organization's effectiveness at secure software development throughout the typical governance, development, and deployment business functions. Scorecards also enable management within an organization to demonstrate quantitative improvements through iterations of building a security assurance program. This workshop will introduce the SAMM framework and walk through useful activities such as assessing an assurance program, mapping an existing organization to a recommended roadmap, and iteratively building an assurance program. Time allowing, additional case studies will also be discussed. OpenSAMM is an open a free project and has recently been donated to the Open Web Application Security Project (OWASP) Foundation. For more information on OpenSAMM, visit http://www.opensamm.org/. Bio: (From fortify.com) Pravir Chandra is Director of Strategic Services at Fortify Software and works with clients on software security assurance programs. Pravir is recognized for his expertise in software security, code analysis, and his ability to strategically apply technical knowledge. Prior to Fortify, he was a Principal Consultant affiliated with Cigital and led large software security programs at Fortune 500 companies. Pravir Co-Founded Secure Software, Inc. and was Chief Security Architect prior to its acquisition by Fortify. He recently created and led the Open Software Assurance Maturity Model (OpenSAMM) project with the OWASP Foundation, leads the OWASP CLASP project, and also serves as member of the OWASP Global Projects Committee. Pravir is author of the book Network Security with OpenSSL. |
3:30 PM - 3:45 PM | Break |
3:45 PM - 4:45 PM | Bruce Schneier schneier.com - Video Archive Topic: The Future of the Security Industry: IT is Rapidly Becoming a Commodity More companies are outsourcing their IT infrastructure -- treating it as a service more like electricity, office cleaning, or tax preparation -- and this has profound implications for IT security. Organizational users care less about the technical details of security. Products and services change their focus from the end user to the outsourcer. Industry consolidation results, as non-security IT infrastructure companies seek to bolster their security credentials. Even the profession changes, as jobs move from individual organizations to the outsourcing companies, and in some cases overseas. This talk looks at the future of IT security in a mature IT infrastructure industry. Bio: (From schneier.com) Bruce Schneier is an internationally renowned security technologist and author. Described by The Economist as a "security guru," he is best known as a refreshingly candid and lucid security critic and commentator. When people want to know how security really works, they turn to Schneier. |
4:45 PM | Event Closing |