This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Los Angeles

From OWASP
Revision as of 06:11, 30 August 2010 by Richard greenberg (talk | contribs)

Jump to: navigation, search

Local News

Please follow @appsec2010for the latest updates on AppSec USA 2010 conference.

http://www.AppSecUSA.org

AppSec Logo.jpg

Next Chapter Meeting: Special Joint Meeting with ISSA-LA: Wednesday, September 22, 2010 6:00 P.M. to 8:30 P.M.


Secure Coding Practices and Procedures, and Threat Modeling at Symantec

Meeting Location
The Olympic Collection Banquet & Conference Center
11301 West Olympic Boulevard
West Los Angeles, CA 90064
(310) 575-4585

Please RSVP via the ISSA Los Angeles Chapter website: http://www.issa-la.org/Default.aspx?id=1242


Description:
Secure Coding Practices and Procedures: Organizations process information over web applications that can be often classified as sensitive, confidential, or considered intellectual property. Web Application Firewalls (WAF) provide protection for business critical data and web applications with an automated and transparent approach to monitor and protect enterprise data as it is accessed and transacted through applications.

To augment WAF filtering and vulnerability monitoring, many organizations have developed or outsource secure code reviews and development. Information Security at Newegg established their own .NET C# secure coding standard, train and test our developers on secure coding, and do their own secure code reviews with WebInspect and manual code reviews. They started to develop a web application threat modeling approach but it is still in its infancy. This presentation focuses on the secure coding standard, satisfying PCI requirements for such, and training / testing of developers in secure coding practices using OWASP Top 10 Vulnerabilities as its foundation.


Description:
Threat Modeling at Symantec: Threat Modeling is one of the most important security activities that a development/QA team needs to perform as part of a Security Development Lifecycle. This activity allows the team to build a complete security profile of the system being built. Threat Modeling is not always easy to get going for a team that has little or no security experience. In this presentation we’ll take a look at why Threat Modeling is so important; we’ll explore the process behind it, and how the process is being implemented and followed across Symantec.


Speakers:
Mike O. Villegas, CISA, CISSP, GSEC, Director of Information Security, Newegg.com

Miguel (Mike) O. Villegas is the Director of Information Security at Newegg, Inc. and is responsible for Information Security, Business Continuity Management, and PCI DSS (Payment Card Industry Data Security Standard) compliance. Newegg, Inc. is a PCI Level 1 Merchant and Service Provider. It is one of the fastest growing E-Commerce companies established in 2001 and exceeded revenues of over $2.6 Billion in 2009.

Mike has over 30 years of Information Systems security and IT audit experience. Mike was previously Vice President & Technology Risk Manager for Wells Fargo Services responsible for IT Regulatory Compliance and was previously a partner at Arthur Andersen and Ernst & Young for their information systems security and IS audit groups over a span of nine years. Mike is a CISA, CISSP, and GSEC.

Mike is the current LA ISACA Chapter President and was the SF ISACA Chapter President during 2005-2006. He was the SF Fall Conference Co-Chair from 2002–2007 and also served for two years as Vice President on the Board of Directors for ISACA International.


Edward Bonver, CISSP, CSSLP, Principal Software Engineer, Product Security Symantec Corporation

Edward Bonver is a principal software engineer on the product security team, which is part of Symantec Research Labs under the Office of the CTO at Symantec Corporation. In this capacity, Edward is responsible for working with software developers and quality assurance (QA) professionals across Symantec to continuously enhance the company’s software security practices through the adoption of methodologies, procedures and tools for secure coding and security testing. Within Symantec, Edward teaches secure coding and security testing classes for Symantec engineers, and also leads the company’s QA Security Task Force, which he founded. Prior to joining Symantec, Edward held software engineering and QA roles at Digital Equipment Corporation, and small networking companies.

Edward is a Certified Information Systems Security Professional (CISSP), a Certified Secure Software Lifecycle Professional (CSSLP), and is a professional member of the Institute of Electrical and Electronics Engineers (IEEE) and the Association of Computing Machinery (ACM). He holds a masters degree in computer science from California State University, Northridge, and a bachelors degree in computer science from Rochester Institute of Technology. Edward is a Ph.D. student at NOVA Southeastern University.


Sponsor: 

Whitehat.jpg


Would you like to speak at an OWASP Los Angeles Meeting?

Call for Papers (CFP) is NOW OPEN. To speak at upcoming OWASP Los Angeles meetings please submit your BIO and talk abstract via email to Tin Zaw. When we accept your talk, it will be required to use the Powerpoint OWASP Template.

Archives of Previous Meetings

A list of previous presentations conducted at the Los Angeles Chapter can be found here.

Los Angeles Chapter

Retrieved from "https://wiki.owasp.org/index.php?title=Los_Angeles&oldid=88165"