[Owasp-leaders] OWASP NoVA Chapter Meeting

[John Steven]

All,

We in Northern Virginia too will be hosting Dan Cornell for a talk in
August. We'll follow the DC chapter, hosting Dan Thursday August 6th.
We're going to return in earnest to our normal format of a talk
followed by a spirited panel.

While I await Dan's final abstract, which he and I have been refining,
I'd like to request those experienced in apply manual code assessment
techniques. Previously, we've gotten a lot of great commentary from
IRS, Booz, and others. Anyone want to throw their hat in to step in
front of the crowd?

We'll be addressing questions like,

1.  Chicken and egg: When conducting an assessment, which do you do
first pen-testing or code review? Does it depend and how does one
inform the other?
2.  How much do you and yours rely on checklists, vs intuition, vs.
methodology vs. tools?
3.  How do you address deployments tools can't handle (non-port 80,
non Java/.NET/C...)

...and more.

Please respond to me privately. We'd love to have you,
-jOHN