[Owasp-austin] REMINDER: OWASP Meeting - June 24th, 11:30am @ National Instruments - Securely Handling Sensitive Configuration Data

James Wickett wickett at gmail.com
Tue Jun 24 10:57:50 EDT 2008


*When:* June 24th, 2008, 11:30am - 1:00pm

*Who:* Matt Tesauro (presenting) and A.J. Scotka, Texas Education Agency

Matt's Bio: Matt Tesauro has worked in web application development and
security since 2000. He's worn many different hats, from developer to DBA to
sys admin to university lecturer to pen tester. Currently, he's focused on
web application security and developing a Secure SDLC for TEA. Outside work,
he is the project lead for the OWASP SoC Live CD project:
https://www.owasp.org/index.php/OWASP_Summer_of_Code_2008_Applications#OWASP_Live_CD_2008_Project

A.J.'s Bio: A. J. Scotka Senior Software Quality Engineer, Texas Education
Agency As an ASQ Certified Software Quality Engineer (CSQE), A. J. is
currently responsible for quality reviews on design and code, software
configuration management process, build engineering process, release
engineering process, verification and validation throughout the life cycle
and over all quality improvement across all areas of enterprise code
manufacturing.


*Topic: * Securely Handling Sensitive Configuration Data.

One of the age old problems with web applications was keeping sensitive data
available on a need to know basis. The classic case of this is database
credentials. The application needs them to connect to the database but
developers shouldn't have direct access to the DB - particularly the
production DB. The presentation will discuss how we took on this specific
problem, our determination that this was a specific case of a more general
problem and how we solved that general problem. In our solution, sensitive
data is only available to the application and trusted 3rd parties (e.g.
DBAs). We will then cover our implementation of that solution in a .Net 2.0
environment and discuss some options for J2EE environments. So far, we used
our .Net solution successfully for database credentials and private
encryption keys used in XML-DSig. Sensitive data is only available to the
application and trusted 3rd parties (e.g. DBAs).

*Where:* National Instruments, 11500 N Mopac, Building C which is the
tallest building on campus (8 levels). There will be signs posted in the
lobby to direct you where to go and the receptionists will be able to assist
you as well. See directions to National
Instruments<http://maps.google.com/maps?f=q&hl=en&q=11500+N+Mo-Pac+Expy,+Austin,+TX+78759&ie=UTF8&ll=30.406377,-97.726135&spn=0.017211,0.036778&om=1>.


*Cost:* Always Free

*Questions or help with Directions...* call: Scott Foster 512-637-9824.
CPE's are available.

-- 
J. H. Wickett
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-austin/attachments/20080624/5496b906/attachment.html 


More information about the Owasp-austin mailing list