[Owasp-austin] Broadcast: Automated vs. Manual Security: You can't filter The Stupid - OWASP Meeting (Apr 27 11:30 AM CDT in National Instruments - Building C - Conference Room 1S13)

Josh Sokol josh.sokol at ni.com
Thu Apr 15 17:01:46 EDT 2010


                                                                                                                                                
               Broadcast: Automated vs. Manual Security: You can't filter The Stupid - OWASP Meeting                                            
                                                                                                                                                
               04/27/2010 -                                                                                                                     
                                                                                                                                                
                                                                                                                                                
                                                                                                                                                
               Chair:                                                                                                                           
                        Josh Sokol/AUS/NIC                                                                                                      
               Sent By:                                                                                                                         
                        josh.sokol at ni.com                                                                                                       
                                                                                                                                                
                                                                                                                                                
               Location:                                                                                                                        
                        National Instruments - Building C - Conference Room 1S13                                                                
                                                                                                                                                
                                                                                                                                                
                                                                                                                                                



                                                                            
                                                                            
                                                                            
                                                                            
  josh.sokol                                                                
                       Josh Sokol has invited you to a meeting.  You have   
                       not added this entry to your calendar.               
                                                                            
                                                                            
                                                                            
                                                                            
                                                                            
                                                                            
                                                                            
                                                                            
                                                                            
                                                                            
                                                                            
                                                                            
                                                                            
                                                                            
  FYI:                                                                      
                                                                            
                                                                            
                                                                            


                                                                            
                                                                            
                                                                            
                                                                            
   When: April 27, 2010, 11:30am - 1:00pm                                   
                                                                            
                                                                            
  Topic: Automated vs. Manual Security: You can't filter The Stupid         
                                                                            
                                                                            
  Everyone wants to stretch their security budget, and automated            
  application security tools are an appealing choice for doing so. However, 
  manual security testing isn’t going anywhere until the HAL application    
  scanner comes online. This presentation will use often humorous,          
  real-world examples to illustrate the relative strengths and weaknesses   
  of automated solutions and manual techniques.                             
                                                                            
                                                                            
                                                                            
  Automated tools have some strengths, namely low incremental cost,         
  detecting simple vulnerabilities, and performing highly repetitive tasks. 
  However, automated solutions are far from perfect. There are entire       
  classes of vulnerabilities that are theoretically impossible for          
  automated software to detect. Examples include complex information        
  leakage, race conditions, logic flaws, design flaws, and multistage       
  process attacks. Beyond that, there are many vulnerabilities that are too 
  complicated or obscure to practically detect with an automated tool.      
                                                                            
                                                                            
  Who: Charles Henderson (Trustwave)                                        
                                                                            
                                                                            
  Charles Henderson has been in the security industry for over 15 years and 
  manages the Application Security Practice at Trustwave. He has            
  specialized in application security testing and application security      
  assessment throughout his career but has also worked in physical security 
  testing and network security testing.                                     
                                                                            
                                                                            
  Where: National Instruments, 11500 N Mopac, Building C which is the       
  tallest building on campus (8 levels). There will be signs posted in the  
  lobby to direct you where to go and the receptionists will be able to     
  assist you as well. See directions to National Instruments.               
                                                                            
                                                                            
  Cost: Always Free                                                         
                                                                            
                                                                            
  Questions or help with Directions... call: Josh Sokol (512) 619-6716.     
                                                                            
                                                                            
  RSVP on the Austin OWASP Ning Site                                        
                                                                            
                                                                            
                                                                            

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-austin/attachments/20100415/bf519765/attachment-0002.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/calendar
Size: 3222 bytes
Desc: not available
Url : https://lists.owasp.org/pipermail/owasp-austin/attachments/20100415/bf519765/attachment-0001.bin 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pic08385.gif
Type: image/gif
Size: 2430 bytes
Desc: not available
Url : https://lists.owasp.org/pipermail/owasp-austin/attachments/20100415/bf519765/attachment-0001.gif 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-austin/attachments/20100415/bf519765/attachment-0003.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: c160147.ics
Type: application/octet-stream
Size: 3222 bytes
Desc: not available
Url : https://lists.owasp.org/pipermail/owasp-austin/attachments/20100415/bf519765/attachment-0001.obj 


More information about the Owasp-austin mailing list