[Owasp-austin] [Invitation] June OWASP Meeting @ Tue Jun 24 11:30 – 13:00 ()

James Wickett wickett at gmail.com
Thu Jun 19 15:34:31 EDT 2008

owasp-austin at lists.owasp.org, you are invited to

Title: June OWASP Meeting 
Time: Tue Jun 24 11:30 – 13:00 (Timezone: Central Time)
Where: National Instruments, 11500 N. Mopac, Austin TX
Description: When: June 24th, 2008, 11:30am - 1:00pm 
Who: Matt Tesauro (presenting) and A.J. Scotka, Texas Education Agency
Matt's Bio:  Matt Tesauro has worked in web application development and
security since 2000.  He's worn many different hats, from developer to
DBA to sys admin to university lecturer to pen tester.  Currently, he's
focused on web application security and developing a Secure SDLC for
TEA.  Outside work, he is the project lead for the OWASP SoC Live CD
project: https://www.owasp.org/index.php/OWASP_Summer_of_Code_2008_Applications#OWASP_Live_CD_2008_Project
A.J.'s Bio:  A. J. Scotka Senior Software Quality Engineer, Texas
Education Agency
As an ASQ Certified Software Quality Engineer (CSQE), A. J. is currently
responsible for quality reviews on design and code, software
configuration management process, build engineering process, release
engineering process, verification and validation throughout the life
cycle and over all quality improvement across all areas of enterprise
code manufacturing. 

Topic:  Securely Handling Sensitive Configuration Data.
One of the age old problems with web applications was keeping sensitive
data available on a need to know basis.  The classic case of this is
database credentials.  The application needs them to connect to the
database but developers shouldn't have direct access to the DB -
particularly the production DB.  The presentation will discuss how we
took on this specific problem, our determination that this was a
specific case of a more general problem and how we solved that general
problem.  In our solution, sensitive data is only available to the
application and trusted 3rd parties (e.g. DBAs).  We will then cover our
implementation of that solution in a .Net 2.0 environment and discuss
some options for J2EE environments.  So far, we used our .Net solution
successfully for database credentials and private encryption keys used
in XML-DSig.  Sensitive data is only available to the application and
trusted 3rd parties (e.g. DBAs).
Where: National Instruments, 11500 N Mopac, Building C
which is the tallest building on campus (8 levels). There will be signs
posted in the lobby to direct you where to go and the receptionists
will be able to assist you as well. See directions to National Instruments.
Cost: Always Free
Questions or help with Directions... call: Scott Foster 512-637-9824.
CPE's are available.-- J. H. Wickett

You can view this event at http://www.google.com/calendar/event?action=VIEW&eid=aHR2MGs3aHFoaXI1OGxvaHUxYTYyb203OTggb3dhc3AtYXVzdGluQGxpc3RzLm93YXNwLm9yZw&tok=MTcjd2lja2V0dEBnbWFpbC5jb20yZGMzYTk2M2E4OTVjZjc0MmYwNGMwN2M1MzUxZGFkNTU1MDFiNDU4&ctz=America%2FChicago&hl=en

You are receiving this courtesy email at the account owasp-austin at lists.owasp.org because you are an attendee of this event.

To stop receiving future notifications for this event, decline this event. Alternatively you can sign up for a Google account at http://www.google.com/calendar/ and control your notification settings for your entire calendar.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-austin/attachments/20080619/7f9132a5/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/calendar
Size: 4402 bytes
Desc: not available
Url : https://lists.owasp.org/pipermail/owasp-austin/attachments/20080619/7f9132a5/attachment.bin 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: invite.ics
Type: application/ics
Size: 4402 bytes
Desc: not available
Url : https://lists.owasp.org/pipermail/owasp-austin/attachments/20080619/7f9132a5/attachment-0001.bin 

More information about the Owasp-austin mailing list