[Owasp-austin] Austin OWASP Chapter: October 2006 Meeting

Ernest Mueller Ernest.Mueller at ni.com
Tue Oct 17 10:44:01 EDT 2006

The Open Web Application Security Project (OWASP) is an open community
dedicated to enabling organizations to develop, purchase, and maintain
applications that can be trusted. We advocate approaching application
security as a people, process, and technology problem because the most
effective approaches to application security includes improvements in all
of these areas.

Each month during our chapter meeting, a subject matter expert will present
and discuss one of the OWASP top 10 topics. OWASP chapter meetings are free
and open to anyone interested in application security.

Austin OWASP Chapter: October 2006 Meeting

When:              Tuesday October 31st 2006   (10/31/2006)
Topic:              Web Application Threat Modeling:

                       How to Understand How Attackers will Attempt to
Exploit your App
Presenter:        Cap Diebel from Denim Group
When:             12:00 -1:00
Food:               Cookies and drinks will be provided

Where:            Whole Foods Market

                       (downtown, plaza level, sign in with receptionist)

                       550 Bowie Street

                       Austin, TX 78703-4677
                       Link to Map

Directions:         If you live in Austin and you don’t know where the
Downtown Whole Foods is you need to get out more.

  Sponsored by:

Topic: Web Application Threat Modeling:  How to Understand How Attackers
will Attempt to Exploit your App
Presenter: Cap Diebel and John Dickson of Denim Group, Ltd.

The term "threat modeling" has become quite popular recently. Microsoft has
published a book about their process and includes threat modeling as a key
activity in their Secure Development Lifecycle (SDL).

A threat model is essentially a structured representation of all the
information that affects the security of an application. In essence, it is
a view of the application and its environment through security glasses.

Threat modeling is a process for capturing, organizing, and analyzing all
of this information. Threat modeling enables informed decision-making about
application security risk. In addition to producing a model, typical threat
modeling efforts also produce a prioritized list of security improvements
to the concept, requirements, design, or implementation.

Denim Group will present an overview on the process of making web
applications more secure by identifying attack vectors and designing to
defeat those attacks.  They will provide an overview of threat modeling,
provide examples of how it is relevant to the development process, and will
introduce you to tools and approaches that will enable you to successfully
implement threat modeling techniques within your organizations.

Presenter Bio:
Cap Diebel is a developer and security consultant for Denim Group and has
extensive experience identifying vulnerabilities in web applications.  John
Dickson is a CISSP and is a Principal at Denim Group and works with clients
to quantify the business risk associated that web applications represent.

For the most current information on meetings, times and locations for the
Austin chapter see Local News.

For more information, please call:
Scott Foster
o512-637-9824 c512-590-0185
Email:sfoster at austinnetworking.com

More information about the Owasp-austin mailing list