[Owasp-austin] **REMINDER** MEETING TODAY** Austin OWASP Meeting - Denim Group Threat Modeling Presentation

Foster, Scott sfoster at austinnetworking.com
Tue Oct 31 09:35:26 EST 2006

Please distribute to your respective organizations that attendees will
need to enter at the Plaza Level 

The Open Web Application Security Project (OWASP) is an open community
dedicated to enabling organizations to develop, purchase, and maintain
applications that can be trusted. We advocate approaching application
security as a people, process, and technology problem because the most
effective approaches to application security includes improvements in
all of these areas.
Each month during our chapter meeting, a subject matter expert will
present and discuss one of the OWASP top 10
<http://www.owasp.org/index.php/OWASP_Top_Ten>  topics. OWASP chapter
meetings are free and open to anyone interested in application security.
Austin OWASP Chapter <http://www.owasp.org/index.php/Austin> : October
2006 Meeting

When:              Tuesday October 31st 2006   (10/31/2006) 
Topic:              Web Application Threat Modeling:  

                       How to Understand How Attackers will Attempt to
Exploit your App
Presenter:       John Dickson and Cap Diebel from Denim Group
When:             12:00 -1:00
Food:               Cookies and drinks will be provided
Where:            Whole Foods Market 

                       (downtown, plaza level, sign in with

                       550 Bowie Street

                       Austin, TX 78703-4677
                       Link to Map <http://tinylink.com/?chLCAmvxKA> 

Directions:         If you live in Austin and you don't know where the
Downtown Whole Foods is you need to get out more.
 Topic: Web Application Threat Modeling:  How to Understand How
Attackers will Attempt to Exploit your App
Presenter: Cap Diebel and John Dickson of Denim Group, Ltd.


The term "threat modeling" has become quite popular recently. Microsoft
has published a book about their process and includes threat modeling as
a key activity in their Secure Development Lifecycle (SDL).

A threat model is essentially a structured representation of all the
information that affects the security of an application. In essence, it
is a view of the application and its environment through security

Threat modeling is a process for capturing, organizing, and analyzing
all of this information. Threat modeling enables informed
decision-making about application security risk. In addition to
producing a model, typical threat modeling efforts also produce a
prioritized list of security improvements to the concept, requirements,
design, or implementation. 

Denim Group will present an overview on the process of making web
applications more secure by identifying attack vectors and designing to
defeat those attacks.  They will provide an overview of threat modeling,
provide examples of how it is relevant to the development process, and
will introduce you to tools and approaches that will enable you to
successfully implement threat modeling techniques within your

Presenter Bios:

Cap Diebel is a developer and security consultant for Denim Group and
has extensive experience identifying vulnerabilities in web
applications.  John Dickson is a CISSP and is a Principal at Denim Group
and works with clients to quantify the business risk associated that web
applications represent.


Scott Foster
o512-637-9824 c512-590-0185
Email:sfoster at austinnetworking.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.owasp.org/pipermail/owasp-austin/attachments/20061031/bb0924a8/attachment-0003.html 

More information about the Owasp-austin mailing list