[Owasp-bostonfinancialdist] OWASP Boston Tues Nov 17 meeting - 2 presentations

Weiler, Jim Jim.Weiler at starwoodhotels.com
Tue Nov 3 11:10:23 EST 2009



Date - Tuesday, Nov 17


Time - 6:30 p.m.  Microsoft Waltham offices


Double Feature - Two presentations by OWASP members - 


Jim Weiler  - Web Application Vulnerability Scanners - What's out there?
I'll present my experience using and evaluating these tools, both
commercial and free, and summarize the conversations and emails I've had
with other users and evaluators. I'm assuming everyone knows what these
are, so we'll go right into architecture, technology differences,
reporting, configuration choices etc. I think we'll have plenty of
audience participation discussion too. I'll also report what I learned
at the OWASP AppSec conference in Washington DC.



Mush Hakhinian - Secure coding with no money down: unleashing the power
of open-source code analysis tools


Static code analysis is indispensible for uncovering coding errors
before they reach production. Two major obstacles - high price and steep
learning curve of the available commercial tools, hamper the adoption,
however. In the tool evaluation phase the 'ease of integration'
typically translates into how easy it is to kick-off the analysis from
existing build environment. Then, after all the excitement for the novel
tool and the sticker shock have passed, come the pains of making people
do things differently in their day-to-day work. Enter open-source Sonar
that makes process changes less painful by using familiar plug-ins and
blows away the price obstacle. 

Sonar is a code quality management platform that allows for pretty
robust static code analysis. In this presentation we will demonstrate
how to configure it to cover most of known vulnerabilities using open
source plug-ins and to track trends. By using Sonar and code analysis
plug-ins we are introducing automated code review to the development
process without spending a dime



Mush Hakhinian has been managing security initiatives for the past 16
years and is an active member of OWASP Boston Chapter. He leads the
application security practice at IntraLinks, a SaaS solution for secure
collaboration and communication inside and outside the firewall.



Location and Directions - 


Microsoft offices at the Waltham Weston Corporate Center, 201 Jones Rd.,
Sixth Floor Waltham, MA


>From Rt. 128 North take exit 26 toward Waltham, East up the hill on Rt.
20. From Rt 128 South take exit 26 but go around the rotary to get to 20
East to Waltham. Follow signs for Rt. 117 (left at the second light).
When you get to 117 turn left (West). You will cross back over Rt. 128.
Jones Rd. (look for the Waltham Weston Corporate Center sign) is the
second left, at a blinking yellow light, on Rt. 117 going west about 0.1
miles from Rt. 128 (I95). The office building is at the bottom of Jones
Rd. Best parking is to turn right just before the building and park in
the back. Knock on the door to get the security guard to open it. The
room is MPR C.


Pizza provided by IntraLinks


Jim Weiler   CISSP  CSSLP

Starwood Hotels and Resorts

Sr. Mgr. Information Security Risk Assessment

Office - 781 356 0067

Cell - 781 654 6048

This electronic message transmission contains information from the Company that may be proprietary, confidential and/or privileged. 
The information is intended only for the use of the individual(s) or entity named above.  If you are not the intended recipient, be 
aware that any disclosure, copying or distribution or use of the contents of this information is prohibited.  If you have received 
this electronic transmission in error, please notify the sender immediately by replying to the address listed in the "From:" field. 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-bostonfinancialdist/attachments/20091103/dcfb4330/attachment.html 

More information about the Owasp-bostonfinancialdist mailing list