This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit


Revision as of 23:43, 30 April 2008 by Swisseman (talk | contribs) (Next Meeting)

Jump to: navigation, search

OWASP Washington VA

Welcome to the Washington VA chapter homepage. The chapter leader is Stan Wisseman


OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.


Btn donate SM.gif to this chapter or become a local chapter supporter. Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG

Last Month

In April we had two good talks/discussions:

- SANS Software security institute and the GSSP certification. Ed Tracy is an Associate of Booz Allen. Ed has been very involved with the SANS software security activities and the creation of the GSSP-J certification which is the first of its kind. We had a great discussion about what SANS is doing and some of the challenges in putting together this exam.

- "Building Usable Security" by Zed Abbadi. Zed believes that one of the main reasons why application security violations continue to rise is the fact that many deployed security mechanism are not user friendly, limiting their effectiveness. He had some good examples.

I mentioned a useful Web site one of the participants recent stood up to help those in the NoVA area be aware of local infosec events. Here is the link:

Next Meeting

Our next meeting will be on 8 May from 6-9pm at the Booz Allen Herndon facility.

- Attend a private viewing of the film, “The New Face of CyberCrime,” by Academy Award-nominated Filmmaker Fredric Golding. This revealing documentary features candid interviews with criminal hackers and those industry executives taking steps against their persistent attacks. The film is 20 minutes in length and we will follow up with discussion.

- “Integrating Security Into the QA Group”, Robert Rachwald, Director of Product Management, Fortify Software.

Abstract: Until recently, Web Application Testing was left to security teams and ethical hackers who used advanced tools, such as Web application scanners, to analyze running Web applications. However, security groups are becoming overburdened by product releases, and many organizations are attempting to move security testing earlier in the development cycle. The QA group is a natural candidate, since it generally has the infrastructure in place to test applications for quality issues. However, for many organizations, integrating security into the QA group has been incredibly difficult. The process of running a security test is a learned skill, and not something one can teach a QA tester in a matter of days. On top of that, most security testing tools were designed for penetration testers (since they require an in-depth knowledge of application security theory) and are not generally usable by QA professionals. As a result, very few QA groups have successfully adopted security testing.

Rob is a 10-year veteran of the high tech industry. Rob started his tech career at Intel, where he worked on automating their complex supply chain. Rob managed U.S. product marketing for Commerce One and managed their marketing efforts in Asia Pacific. Rob, then, managed marketing for Coverity and joined Fortify as the Director of Product Marketing focusing on security and financial services.

Pizza is being provided by Fortify this month. If you need/want to provide a contribution, you can. If you plan on attending, RSVP so I can get you badge processing started.


To Booz Allen's One Dulles facility:

13200 Woodland Park Road Herndon, VA 20171

From Tyson's Corner:

1. Take LEESBURG PIKE / VA-7 WEST 2. Merge onto VA-267 WEST / DULLES TOLL ROAD (Portions Toll) 3. Take the VA-657 Exit (Exit Number 10 towards Herndon / Chantilly) 4. Take the ramp toward CHANTILLY 5. Turn Left onto CENTERVILLE ROAD (at end of ramp) 6. Turn Left onto WOODLAND PARK ROAD (less than 1⁄2 mile) 7. End at 13200 WOODLAND PARK ROAD