This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Virginia"

From OWASP
Jump to: navigation, search
(Next Meeting)
(Last Month)
Line 3: Line 3:
 
== Last Month ==
 
== Last Month ==
  
In April we had two good talks/discussions:
+
In May, Fortify Software provided a private viewing of the film “The New Face of CyberCrime,” by Academy Award-nominated Filmmaker Fredric Golding. This was a good film that generated some discussion afterward. A teaser for the video is avaialble at: http://www.fortify.com/security-resources/ If interested in arranging a full viewing, contact Brian Fox ([email protected])
  
- SANS Software security institute and the GSSP certification.  Ed Tracy is an Associate of Booz Allen. Ed has been very involved with the SANS software security activities and the creation of the GSSP-J certification which is the first of its kind. We had a great discussion about what SANS is doing and some of the challenges in putting together this exam.
+
Fortify's Rob Rachwald then gave a presentation entitled “Integrating Security Into the QA Group”.
 
 
- "Building Usable Security" by Zed Abbadi. Zed believes that one of the main reasons why application security violations continue to rise is the fact that many deployed security mechanism are not user friendly, limiting their effectiveness. He had some good examples.
 
 
 
I mentioned a useful Web site one of the participants recent stood up to help those in the NoVA area be aware of local infosec events. Here is the link:
 
 
 
http://www.novainfosecportal.com/
 
  
 
== Next Meeting ==
 
== Next Meeting ==

Revision as of 19:11, 14 May 2008

OWASP Washington VA

Welcome to the Washington VA chapter homepage. The chapter leader is Stan Wisseman


Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

Btn donate SM.gif to this chapter or become a local chapter supporter. Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG


Last Month

In May, Fortify Software provided a private viewing of the film “The New Face of CyberCrime,” by Academy Award-nominated Filmmaker Fredric Golding. This was a good film that generated some discussion afterward. A teaser for the video is avaialble at: http://www.fortify.com/security-resources/ If interested in arranging a full viewing, contact Brian Fox ([email protected])

Fortify's Rob Rachwald then gave a presentation entitled “Integrating Security Into the QA Group”.

Next Meeting

Our next meeting will be on 8 May from 6-9pm at the Booz Allen Herndon facility.

- Attend a private viewing of the film, “The New Face of CyberCrime,” by Academy Award-nominated Filmmaker Fredric Golding. This revealing documentary features candid interviews with criminal hackers and those industry executives taking steps against their persistent attacks. The film is 20 minutes in length and we will follow up with discussion.

- “Integrating Security Into the QA Group”, Robert Rachwald, Director of Product Management, Fortify Software.

Abstract: Until recently, Web Application Testing was left to security teams and ethical hackers who used advanced tools, such as Web application scanners, to analyze running Web applications. However, security groups are becoming overburdened by product releases, and many organizations are attempting to move security testing earlier in the development cycle. The QA group is a natural candidate, since it generally has the infrastructure in place to test applications for quality issues. However, for many organizations, integrating security into the QA group has been incredibly difficult. The process of running a security test is a learned skill, and not something one can teach a QA tester in a matter of days. On top of that, most security testing tools were designed for penetration testers (since they require an in-depth knowledge of application security theory) and are not generally usable by QA professionals. As a result, very few QA groups have successfully adopted security testing.

Rob is a 10-year veteran of the high tech industry. Rob started his tech career at Intel, where he worked on automating their complex supply chain. Rob managed U.S. product marketing for Commerce One and managed their marketing efforts in Asia Pacific. Rob, then, managed marketing for Coverity and joined Fortify as the Director of Product Marketing focusing on security and financial services.

Pizza is being provided by Fortify this month. If you need/want to provide a contribution, you can. If you plan on attending, RSVP so I can get you badge processing started.

Directions

To Booz Allen's One Dulles facility:

13200 Woodland Park Road Herndon, VA 20171

From Tyson's Corner:

1. Take LEESBURG PIKE / VA-7 WEST 2. Merge onto VA-267 WEST / DULLES TOLL ROAD (Portions Toll) 3. Take the VA-657 Exit (Exit Number 10 towards Herndon / Chantilly) 4. Take the ramp toward CHANTILLY 5. Turn Left onto CENTERVILLE ROAD (at end of ramp) 6. Turn Left onto WOODLAND PARK ROAD (less than 1⁄2 mile) 7. End at 13200 WOODLAND PARK ROAD