This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Netherlands October 31, 2013"

From OWASP
Jump to: navigation, search
(Created page with "; OWASP Netherland Wiki ; All OWASP NL Events 2013 = October 31, 2013 = "To be decided" ==Programme== :18:30 - 19:15 R...")
 
m (Presentations)
 
(4 intermediate revisions by the same user not shown)
Line 2: Line 2:
 
;[[Netherlands_Previous_Events_2013 | All OWASP NL Events 2013]]
 
;[[Netherlands_Previous_Events_2013 | All OWASP NL Events 2013]]
 
= October 31, 2013 =
 
= October 31, 2013 =
"To be decided"
 
 
==Programme==
 
==Programme==
 
:18:30 - 19:15  Registration & Pizza
 
:18:30 - 19:15  Registration & Pizza
:19:15 - 20:00  1st talk - 1st speaker
+
:19:15 - 20:00  Third Party Java Libraries for Secure Development - Jim Manico
 
:20:00 - 20:15  Break
 
:20:00 - 20:15  Break
:20:15 - 21:00  2nd talk - 2nd speaker
+
:20:15 - 21:00  From the Trenches: Real-World Agile SDLC - Chris Eng & Ryan O’Boyle
 
:21:00 - 21:30  Networking
 
:21:00 - 21:30  Networking
  
 
==Presentations==
 
==Presentations==
===To be decided===
+
===Top 10 Java Defenses for Website Security===
 +
by Jim Manico
  
 +
Do not build your own web application security controls from scratch!
 +
This presentation describes the use of several OWASP, Apache and Google
 +
open source Java projects that are essential tools to help you construct
 +
a secure web applications.
 +
*[[Media:Top_10_Java_Defenses_for_Website_Security-Jim_Manico.pdf | Download the presentation as PDF]]
 +
 +
===From the Trenches: Real-World Agile SDLC===
 +
by Chris Eng & Ryan O’Boyle
 +
Ideally, all organizations would incorporate security into their Agile development processes; however, best-practices Agile SDL models typically assume a simplified, idealized model of how software is built. These models also impose impractical requirements without providing the necessary support or expertise. In reality, software development often involves multiple Agile teams working on various components of a larger product, and only the most well-resourced enterprises or ISVs have the bandwidth to execute on the ideal Agile SDL, while smaller organizations are forced to adapt and make tradeoffs.
 +
 +
In this session, we’ll discuss how Veracode has incorporated security into our own Agile development lifecycle for a product that involves anywhere from two to seven Scrum teams working in concert to ship monthly releases. We do this without designating any security experts full-time to the project. We’ll explain how we’ve evolved our practices to optimize the way our security research team interacts with our engineering teams and accommodates their processes. We’ll also talk about some of the lessons we’ve learned along the way, including things that haven’t worked or wouldn’t scale, and how other organizations can use our experience to integrate security practices into their own Agile development programs.
 +
*[https://www.its.fh-muenster.de/owasp-appseceu13/rooms/Grosser_Saal/high_quality/OWASP-AppsecEU13-ChrisEngRyanOBoyle-FromtheTrenchesReal-WorldAgileSDLC_720p.mp4 Recording at AppSec-EU]
 +
*[[Media:Agile SDLC v1.1 - OWASP NL.pdf | Download the presentation as PDF]]
  
 
==Speakers==
 
==Speakers==
===[[User:EoinKeary |Eoin Keary]]===
 
CTO and founder of BCC Risk Advisory Ltd.
 
 
 
===[[User:Jmanico|Jim Manico]]===
 
===[[User:Jmanico|Jim Manico]]===
Jim Manico is the VP of Security Architecture for WhiteHat Security, a web security firm. He authors and delivers developer security awareness training for WhiteHat Security and has a background as a software developer and architect. Jim is also a global board member for the OWASP foundation. He manages and participates in several OWASP projects, including the OWASP cheat sheet series and the OWASP podcast series.  
+
'''Jim Manico''' is the VP of Security Architecture for WhiteHat Security, a web and application security firm. He authors and delivers developer security awareness training for WhiteHat Security and has a 20 year history building software as a developer and architect. Jim is also a global board member for the OWASP foundation where he helps drive the strategic vision for the organization. He manages and participates in several OWASP projects, including the OWASP cheat sheet series and several secure coding projects.  
 
+
For more information, see http://www.linkedin.com/in/jmanico.
===Chris Eng===
+
===[[User:Chris_Eng |Chris Eng]]===
 +
Chris Eng is Vice President of Research at Veracode. Chris is a sought after speaker at industry conferences, and has presented at events such as BlackHat, RSA, OWASP, and CanSecWest. In addition to presenting on a diverse set of application security topics, including cryptographic attacks, testing methodologies, mobile application security, and security metrics, Chris frequently comments on software security trends for media outlets worldwide. Throughout his career at organizations such as NSA, @stake, and Veracode, Chris has led projects breaking, building and defending software
 +
===Ryan O’Boyle===
 +
'''Ryan O’Boyle''' is a Principal Security Researcher at Veracode, and a certified ScrumMaster. Prior to joining Veracode, he helped create the internal penetration testing team at Fidelity Investments, where he was focused not only on finding vulnerabilities but helping engineers fix them and avoid them altogether.
  
 
==Venue==
 
==Venue==
To be decided
+
[http://www.surfnet.nl/nl/organisatie/Pages/routebeschrijving.aspx SURFnet - Radboudkwartier 273, 3511 CK Utrecht]
 
==Sponsor==
 
==Sponsor==

Latest revision as of 22:35, 4 November 2013

OWASP Netherland Wiki
All OWASP NL Events 2013

October 31, 2013

Programme

18:30 - 19:15 Registration & Pizza
19:15 - 20:00 Third Party Java Libraries for Secure Development - Jim Manico
20:00 - 20:15 Break
20:15 - 21:00 From the Trenches: Real-World Agile SDLC - Chris Eng & Ryan O’Boyle
21:00 - 21:30 Networking

Presentations

Top 10 Java Defenses for Website Security

by Jim Manico

Do not build your own web application security controls from scratch! This presentation describes the use of several OWASP, Apache and Google open source Java projects that are essential tools to help you construct a secure web applications.

From the Trenches: Real-World Agile SDLC

by Chris Eng & Ryan O’Boyle Ideally, all organizations would incorporate security into their Agile development processes; however, best-practices Agile SDL models typically assume a simplified, idealized model of how software is built. These models also impose impractical requirements without providing the necessary support or expertise. In reality, software development often involves multiple Agile teams working on various components of a larger product, and only the most well-resourced enterprises or ISVs have the bandwidth to execute on the ideal Agile SDL, while smaller organizations are forced to adapt and make tradeoffs.

In this session, we’ll discuss how Veracode has incorporated security into our own Agile development lifecycle for a product that involves anywhere from two to seven Scrum teams working in concert to ship monthly releases. We do this without designating any security experts full-time to the project. We’ll explain how we’ve evolved our practices to optimize the way our security research team interacts with our engineering teams and accommodates their processes. We’ll also talk about some of the lessons we’ve learned along the way, including things that haven’t worked or wouldn’t scale, and how other organizations can use our experience to integrate security practices into their own Agile development programs.

Speakers

Jim Manico

Jim Manico is the VP of Security Architecture for WhiteHat Security, a web and application security firm. He authors and delivers developer security awareness training for WhiteHat Security and has a 20 year history building software as a developer and architect. Jim is also a global board member for the OWASP foundation where he helps drive the strategic vision for the organization. He manages and participates in several OWASP projects, including the OWASP cheat sheet series and several secure coding projects. For more information, see http://www.linkedin.com/in/jmanico.

Chris Eng

Chris Eng is Vice President of Research at Veracode. Chris is a sought after speaker at industry conferences, and has presented at events such as BlackHat, RSA, OWASP, and CanSecWest. In addition to presenting on a diverse set of application security topics, including cryptographic attacks, testing methodologies, mobile application security, and security metrics, Chris frequently comments on software security trends for media outlets worldwide. Throughout his career at organizations such as NSA, @stake, and Veracode, Chris has led projects breaking, building and defending software

Ryan O’Boyle

Ryan O’Boyle is a Principal Security Researcher at Veracode, and a certified ScrumMaster. Prior to joining Veracode, he helped create the internal penetration testing team at Fidelity Investments, where he was focused not only on finding vulnerabilities but helping engineers fix them and avoid them altogether.

Venue

SURFnet - Radboudkwartier 273, 3511 CK Utrecht