This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Toronto"

From OWASP
Jump to: navigation, search
(Past Presentations For Download)
(Upcoming Meeting, June 21st 2007)
Line 7: Line 7:
  
  
<B>Topic: </B>Incorporating security into the SDLC
+
<B>Topic: </B><br/>Application Security At the Enterprise Level <br/><br/>
 +
<br/>
 +
<B>Description:</B>
  
<B>Description</B>: Incorporating security into the SDLC has been the subject of academic studies for years.  However, as hacking has evolved from a hobbyist's sport to organized professionals focused on monetization, enterprises have been forced to take concerted countermeasures.  Banks, often the target of cyber attacks, have set an example for responsible security strategies by adopting SDLCs that shift from a reactive response to the
+
The benefit of conducting and managing business via the Internet is immeasurable.  However, the risk and threat of cyber attacks is real. This often results in direct financial and reputation loss. Organizations traditionally concentrate on general protection measures such as encryption, access control, and network security. However, these general countermeasures have proven to be inadequate in protecting Internet applications.
latest attack to the proactive development of software systems that are among the most secure in today's world. How do the world's leading
 
financial institutions balance risk against the pressures of delivering software to customers quickly?  How are developers trained to write code
 
securely?  How are software security tools, such as dynamic and static analysis, deployed for optimal use?
 
  
<B>Presenter</B> : <br/>
+
The cost of securing a flawed application is far more expensive than building it securely the first time around. To remain competitive, organizations must understand and mitigate software security risks when they acquire, outsource, implement or host applications. This pressure stems from customer, business partner, and employee expectations of trust, as well as stringent security and privacy regulations.
  
Matt Rose, Senior Software Security Consultant
+
This session will highlight the elements of secure software, and explain how organizations can effectively acquire, integrate, outsource, develop, assess, and manage secure software by:
 +
<br/>
 +
<br/>
 +
<br/>
 +
•      Aligning software security with business objectives and enterprise security policies <br/>
 +
•      Identifying threats and mitigating controls <br/>
 +
•      Integrating security with enterprise processes such as SDLC, PMLC, and quality assurance <br/>
 +
•      Assessing the security posture of enterprise applications <br/>
 +
•      Managing application security risks within the enterprise <br/>
 +
•      Implementing privacy compliant software<br/>
 +
<br/>
  
Matt Rose has 10 years of software development experience that includes Sun, Bea, and Plumtree Software.  His development experience includes .NET (VB.NET & C#) as well as Java. Matt has lead SDLC implementations and development projects onsite with clients across many industry verticals. These verticals include but are not limited to Financial,  Retail, Insurance, and Healthcare.
 
  
<br/>Randy Schmitz, District Manager
+
<B>Presenter</B> : <br/>
  
Randy Schmitz has over 10 years experience in software sales. Randy has been instrumental in creating awareness and sales in the New England States and Eastern Canadian markets over the last 2 years.  Prior to his experience at Fortify Software, Randy also worked the same geographic region for Embarcadero Technologies supporting database and development tools sales.
+
Reza Kopaee is a senior manager in Deloitte’s Enterprise Risk services. He leads the web application security and quality practice. Reza assists organizations across various industries in reviewing and building security capabilities into their critical software and the supporting processes.
  
 
== Sponsorship ==
 
== Sponsorship ==

Revision as of 13:53, 21 June 2007

OWASP Toronto

Welcome to the Toronto chapter homepage. The chapter leader is Nish Bhalla


Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

Btn donate SM.gif to this chapter or become a local chapter supporter. Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG


The mailing list archive can be accessed from here.

Upcoming Meeting, June 21st 2007

The next chapter meeting will be held on June 21st at 20the floor, 79 Wellington Street West, Toronto, ON M5K 1B9 .


Topic:
Application Security At the Enterprise Level


Description:

The benefit of conducting and managing business via the Internet is immeasurable. However, the risk and threat of cyber attacks is real. This often results in direct financial and reputation loss. Organizations traditionally concentrate on general protection measures such as encryption, access control, and network security. However, these general countermeasures have proven to be inadequate in protecting Internet applications.

The cost of securing a flawed application is far more expensive than building it securely the first time around. To remain competitive, organizations must understand and mitigate software security risks when they acquire, outsource, implement or host applications. This pressure stems from customer, business partner, and employee expectations of trust, as well as stringent security and privacy regulations.

This session will highlight the elements of secure software, and explain how organizations can effectively acquire, integrate, outsource, develop, assess, and manage secure software by:


• Aligning software security with business objectives and enterprise security policies
• Identifying threats and mitigating controls
• Integrating security with enterprise processes such as SDLC, PMLC, and quality assurance
• Assessing the security posture of enterprise applications
• Managing application security risks within the enterprise
• Implementing privacy compliant software


Presenter :

Reza Kopaee is a senior manager in Deloitte’s Enterprise Risk services. He leads the web application security and quality practice. Reza assists organizations across various industries in reviewing and building security capabilities into their critical software and the supporting processes.

Sponsorship

Many thanks to Deloitte & Touche LLP. for sponsoring the location and food for these meetings.


Speakers

We are always looking for speakers to present on their topic of choice. If you are interested please contact Nish Bhalla


OWASP Toronto Chapter Committee

The OWASP Toronto Chapter has formed a committee which would help with direction of the chapter. Deloitte & Touches' Application Security Group and Security Compass's Professional Services Group are helping lead this initiative. We are looking for additional members to expand our chapter.


Current Committe Members

Nish Bhalla
Reza Kopaee

Meetings

Everyone is welcome to join us at our chapter meetings. These meetings are held every Second Wednesday of the month. We meet at the conference room at Deloitte & Touche. Beverages and snacks are provided.


Address and Directions to the meeting are:

20th floor, the TLC Room (signs will be provided on the floor)
TD Centre, TD Waterhouse Tower
79 Wellington Rd. W.
Toronto



Directions to the meetings

OWASP Toronto chapter meetings are open to the public RSVP is requested by sending an email

Past Presentations For Download

The past presentations are avaiable for download from here. If you have any comments on the presentations please send them to us.

Basic Web Application Testing Methodology by Nish Bhalla Security Compass

Basic Web Services Security by Rohit Sethi Security Compass

Authentication Security by Hui Zhu

Identity Management Basics by Derek Browne

Retrieved from "https://wiki.owasp.org/index.php?title=Toronto&oldid=19252"