This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Minneapolis St Paul"
(→Agenda October 16) |
(→Speaker Bios) |
||
Line 13: | Line 13: | ||
7:55pm - Upcoming Events | 7:55pm - Upcoming Events | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
=== Continuous Testing: Andre Gironda === | === Continuous Testing: Andre Gironda === | ||
Line 33: | Line 24: | ||
testing using a data-driven test framework, or find security-related | testing using a data-driven test framework, or find security-related | ||
defects - Continuous testing has something for you. | defects - Continuous testing has something for you. | ||
+ | === Java Open Review: OWASP & Fortify === | ||
+ | Fortify has sought to develop a set of metrics that combine lessons learned from our experience working on various enterprise code bases and our work on the Java Open Review project. The metrics are designed to incorporate diverse criteria, including the size of the application, and the types of vulnerabilities identified. The metrics provide a mechanism to rate software components for security concerns and enable enterprises to: | ||
+ | - Evaluate which open source projects offer an acceptable level of security | ||
+ | - Compare competing open source software solutions based on their security | ||
+ | - Measure internal development efforts against open source counterparts | ||
+ | |||
+ | |||
+ | == Speaker Bios == | ||
+ | Andre Gironda is an independent security researcher involved mostly in | ||
+ | web application security projects. His recent contributions include | ||
+ | the OWASP Top Ten 2007, OWASP Tools team, and speaking engagements at | ||
+ | local OWASP events on topics ranging from automated scanning tools to | ||
+ | problems with trusting the same-origin policy. Andre has worked for a | ||
+ | number of companies in security-qa-developer or network testing roles, | ||
+ | including labs deep within Cisco Systems and many years in an | ||
+ | operations role at a major online auction site | ||
+ | |||
+ | Frederick Lee is a member of Fortify Software's Security Research Group, where he manages the Java Open Review Project. Scanning the code of over 100 applications so far, Fredrick is helping assess and improve the security of open source software. Fredrick also helps the Security Research Group develop the secure coding rules that are used to run Fortify's suite of products. | ||
+ | Prior to joining Fortify Software, Fredrick was a Senior Information Security Engineer at Bank of America, where he helped roll out a secure development framework, performed security assessments, and developed enterprise security solutions. | ||
+ | |||
+ | Fredrick graduated from the University of Oklahoma, with a BS in Computer Engineering. | ||
== Location: == | == Location: == |
Revision as of 03:28, 6 October 2007
OWASP Minneapolis/St. Paul
Welcome to the Minneapolis/St. Paul chapter homepage. The chapter leader is Robert Sullivan
Participation
OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.
Sponsorship/Membership
to this chapter or become a local chapter supporter. Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member?
Local News
Next meeting: Tuesday, October 16, 6:00pm at Metropolitan State University MNSCU, Minneapolis
Agenda October 16
6:00pm - Food, Introduction and optional sign-in for CISSP credits.
6:10pm - GSSP Certification initiative Gov/SANS (Joe Teff)
6:20pm - Continuous Testing (Andre Gironda)
7:05pm – Java Open Review OWASP project (Frederick Lee)
7:50pm - Book Giveaway: (Secure Programming with Static Analysis)
7:55pm - Upcoming Events
Continuous Testing: Andre Gironda
Continuous testing presents methodologies and tools that developers, quality engineers, and security professionals can all share and use effectively to their own unique approach. The tools presented are cross-discipline, meaning they can be utilized by a developer as a development tool, by a qa-tester as a quality assurance tool, and by a vulnerability assessor as a security assurance tool. Whether you're trying to build better code faster, demonstrate the power of automated testing using a data-driven test framework, or find security-related defects - Continuous testing has something for you.
Java Open Review: OWASP & Fortify
Fortify has sought to develop a set of metrics that combine lessons learned from our experience working on various enterprise code bases and our work on the Java Open Review project. The metrics are designed to incorporate diverse criteria, including the size of the application, and the types of vulnerabilities identified. The metrics provide a mechanism to rate software components for security concerns and enable enterprises to:
- Evaluate which open source projects offer an acceptable level of security - Compare competing open source software solutions based on their security - Measure internal development efforts against open source counterparts
Speaker Bios
Andre Gironda is an independent security researcher involved mostly in web application security projects. His recent contributions include the OWASP Top Ten 2007, OWASP Tools team, and speaking engagements at local OWASP events on topics ranging from automated scanning tools to problems with trusting the same-origin policy. Andre has worked for a number of companies in security-qa-developer or network testing roles, including labs deep within Cisco Systems and many years in an operations role at a major online auction site
Frederick Lee is a member of Fortify Software's Security Research Group, where he manages the Java Open Review Project. Scanning the code of over 100 applications so far, Fredrick is helping assess and improve the security of open source software. Fredrick also helps the Security Research Group develop the secure coding rules that are used to run Fortify's suite of products. Prior to joining Fortify Software, Fredrick was a Senior Information Security Engineer at Bank of America, where he helped roll out a secure development framework, performed security assessments, and developed enterprise security solutions.
Fredrick graduated from the University of Oklahoma, with a BS in Computer Engineering.
Location:
Metropolitan State University, Minneapolis MEC Building, 2nd floor, Room M2800.
Check the .pdf map to see which building is the MEC building. I've waited for a meter (free after 6) but had the best success parking in the ramp, then crossing Hennepin (skyway) then crossing Spruce (street-level) the the MEC building.
Directions:
From West: Exit at Lyndale/Hennepin Avenue. Veer right following the Lyndale and Lyndale North signs. Once on Lyndale North, stay in one of the two right lanes until you reach the third stoplight (Hennepin Avenue). Turn right and follow Hennepin to the MCTC parking ramp on the left side of the street.
From East: I.394 . Exit onto Dunwoody Blvd/Hennepin Avenue (Dunwoody Blvd. changes into Hennepin Avenue). Follow Hennepin to the MCTC parking ramp on the left side of the street.
From East: I.94 . Exit onto Hennepin /Lyndale Avenue. At the first stoplight (Dunwoody Blvd.), turn left (Dunwoody Blvd. changes into Hennepin Avenue). Follow Hennepin to the MCTC parking ramp on the left side of the street.
Map here: http://www.metrostate.edu/bldgservices/location.html#mpls
Book Giveaway:
Please bring a copy of a good security book that you can contribute. There will be a drawing for any books.
Upcoming Events:
OWASP Nov 12-15 at eBay in San Jose http://www.owasp.org/index.php/OWASP_%26_WASC_AppSec_2007_Conference
Food:
The food is provided by Integral Business Solutions. Bring an appetite.