[Owasp-austin] [Invitation] Stop hackers at the design phase through Threat Modeling ... @ Tue Jan 27 11:30am – 1:30pm (owasp-austin at lists.owasp.org)

James Wickett wickett at gmail.com
Mon Dec 29 16:42:00 EST 2008


owasp-austin at lists.owasp.org, you are invited to

Title: Stop hackers at the design phase through Threat Modeling - OWASP  
Meeting
Time: Tue Jan 27 11:30am – 1:30pm (Timezone: Central Time)
Where: National Instruments, 11500 N Mopac, Building C, Austin, TX
Calendar: owasp-austin at lists.owasp.org
Owner/Creator: wickett at gmail.com

Description: When: January 27, 2009, 11:30am - 1:00pm
Topic: Stop hackers at the design phase through Threat Modeling
Over the last few years, significant progress has been made in
back end SDLC security controls. Vendors have developed sophisticated
analysis tools focusing on code inspection and application testing and
organizations are incorporating both automated and manual assessment
methods into the latter half of their development process. However,
adoption of architectural risk analysis has not been as widespread.
Although threat modeling is not a new concept and approaches such as
Microsoft's STRIDE are well known, companies have not internalized and
adopted design related security controls with the same vigor. Threat  
modeling in the web app space is becoming increasingly
important. The purpose of this presentation is to provide an
understanding of what threat modeling is, why it is important, teach
you how to do it and champion its benefits.
This meeting will be slightly different from most OWASP
meetings, because we will be breaking up into small groups and complete
a Threat Modeling mini-workshop. The Threat Modeling mini-workshop includes:
- Understand the function and security objectives of the application
- Breakdown the application by component
- Identify and threats by category
- Incorporate opposing countermeasures
- Prioritize vulnerabilities by risk and effort
This class will also cover the OWASP documentation  
(http://www.owasp.org/index.php/Threat_Risk_Modeling) and it is suggested  
reading before the class.

Who: Nathan Sportsman
Nathan Sportsman is a Managing Partner and founder of
Praetorian. Over the years, he has worked across most industry sectors
and clients have ranged from Wall St and Silicon Valley to government
intelligence agencies and renowned educational institutions. Nathan is
a contributing author to the 6th Edition of the best selling book
Hacking Exposed and is a frequent public speaker. He has lectured on
the latest hacking techniques for the National Security Agency, served
as an instructor for the Ultimate Hacking Series at Black Hat, and is a
regular speaker for various security organizations such as ISSA,
Infragard, and OWASP.Industry designations include the Certified  
Information Systems
Security Professional (CISSP) and GIAC Certified Incident Handler
(GCIH). Nathan holds a BS in Electrical & Computer Engineering from
The University of Texas at Austin.
Where: National Instruments, 11500 N Mopac, Building C
which is the tallest building on campus (8 levels). There will be signs
posted in the lobby to direct you where to go and the receptionists
will be able to assist you as well. See directions to National Instruments.
Cost: Always Free
Questions or help with Directions... call: Scott Foster 512-637-9824.
-- J. H. Wickett


You can view this event at  
http://www.google.com/calendar/event?action=VIEW&eid=Z3E5NTVzNXBydnY5Ymw2MW9xMDZrZzByaWsgb3dhc3AtYXVzdGluQGxpc3RzLm93YXNwLm9yZw&tok=MTcjd2lja2V0dEBnbWFpbC5jb21mMzliNjRmYTIyZjUwYWQyMGE0MmZlZjVlMzNhZjE5NDIzMjlkYzYx&ctz=America%2FChicago&hl=en



You are receiving this courtesy email at the account  
owasp-austin at lists.owasp.org because you are an attendee of this event.

To stop receiving future notifications for this event, decline this event.  
Alternatively you can sign up for a Google account at  
http://www.google.com/calendar/ and control your notification settings for  
your entire calendar.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-austin/attachments/20081229/e09eff37/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/calendar
Size: 4859 bytes
Desc: not available
Url : https://lists.owasp.org/pipermail/owasp-austin/attachments/20081229/e09eff37/attachment-0002.bin 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: invite.ics
Type: application/ics
Size: 4937 bytes
Desc: not available
Url : https://lists.owasp.org/pipermail/owasp-austin/attachments/20081229/e09eff37/attachment-0003.bin 


More information about the Owasp-austin mailing list