[Owasp-austin] Invitation: Application Assessments Reloaded - OWASP Meeting (Aug 31 11:30 AM CDT in National Instruments - Building C - Conference Room 1S13)

Josh Sokol josh.sokol at ni.com
Thu Aug 19 14:56:15 EDT 2010


                                                                                                                                                
               Invitation: Application Assessments Reloaded - OWASP Meeting                                                                     
                                                                                                                                                
               08/31/2010 -                                                                                                                     
                                                                                                                                                
                                                                                                                                                
                                                                                                                                                
               Chair:                                                                                                                           
                        Josh Sokol/AUS/NIC                                                                                                      
               Sent By:                                                                                                                         
                        Josh_Sokol/AUS/NIC%NIC at amer.corp.natinst.com                                                                            
                                                                                                                                                
                                                                                                                                                
               Location:                                                                                                                        
                        National Instruments - Building C - Conference Room 1S13                                                                
                                                                                                                                                
                                                                                                                                                
                                                                                                                                                



                                                                            
                                                                            
                                                                            
                                                                            
  Josh_Sokol                                                                
                       Josh Sokol has invited you to a meeting.  You have   
                       not yet responded.                                   
                                                                            
                                                                            
                                                                            
                                                                            
                                                                            
                                                                            
                                                                            
                                                                            
                                                                            
                                                                            
                                                                            
                                                                            
                                                                            
                                                                            
  FYI:                                                                      
                                                                            
                                                                            
                                                                            


                                                                            
                                                                            
                                                                            
                                                                            
   When: August 31, 2010, 11:30am - 1:00pm                                  
                                                                            
                                                                            
  Topic: Application Assessments Reloaded                                   
                                                                            
  Trying to integrate Business Software Assurance into Enterprise Risk      
  Management and Information Security Management programs has had issues    
  over the years. Penetration-testing was announced dead over a year ago,   
  but it's still the number one choice of application security              
  professionals when starting out. Can the activities from                  
  penetration-testing be re-used and turned into something innovative?      
                                                                            
                                                                            
  Tools (especially application scanners and secure static analysis tools)  
  have error rates so high, they are useless in the hands of newcomers      
  (even for peripheral security testing). Some organizations have built     
  entire applications around or on top of existing appsec tools. Others are 
  looking to use other kinds of tools, such as process/methodology/workflow 
  tools, to enhance their classic penetration-testing tools.                
                                                                            
                                                                            
  Even the testing/inspection methodologies themselves are outdated and     
  we're finding that they are challenging or repetitive in many             
  environments. How do current appsec tools and testing/inspection methods  
  work in the cloud? If we re-run the same kinds of tests during dev-test,  
  software quality, and application security cycles, aren't we wasting      
  valuable time and effort?                                                 
                                                                            
                                                                            
  This presentation will provide discussion around how to solve many of     
  these and other challenges in application security. The focus will be on  
  web applications that use common technologies (HTTP, SQL, Classic         
  XML/HTML, Javascript, Flash) but also updated to today's standards        
  (RESTful transactions, NoSQL, HTML5, Ajax/Json, Flex2).                   
                                                                            
                                                                            
  Who: Andre Gironda                                                        
                                                                            
  Andre got his start on Unix-TCP/IP hacking before the September that      
  never ended. Bored of embedded platform research by the time the dot-Bomb 
  happened, he joined the largest online auction company, worked as an      
  appsec consultant for many years, and recently joined a large online      
  gaming company. He is known for his quirky mailing-list posts and blog    
  comments -- and at one time wrote for tssci-security.com.                 
                                                                            
                                                                            
  Where: National Instruments, 11500 N Mopac, Building C which is the       
  tallest building on campus (8 levels). There will be signs posted in the  
  lobby to direct you where to go and the receptionists will be able to     
  assist you as well. See directions to National Instruments.               
                                                                            
                                                                            
  Cost: Always Free                                                         
                                                                            
                                                                            
  Questions or help with Directions... call: Josh Sokol (512) 619-6716.     
                                                                            
                                                                            
  RSVP on the Austin OWASP Ning Site                                        
                                                                            
                                                                            
                                                                            

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-austin/attachments/20100819/b4dedcfa/attachment-0002.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/calendar
Size: 3827 bytes
Desc: not available
Url : https://lists.owasp.org/pipermail/owasp-austin/attachments/20100819/b4dedcfa/attachment-0001.bin 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ecblank.gif
Type: image/gif
Size: 45 bytes
Desc: not available
Url : https://lists.owasp.org/pipermail/owasp-austin/attachments/20100819/b4dedcfa/attachment-0002.gif 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pic01688.gif
Type: image/gif
Size: 2430 bytes
Desc: not available
Url : https://lists.owasp.org/pipermail/owasp-austin/attachments/20100819/b4dedcfa/attachment-0003.gif 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-austin/attachments/20100819/b4dedcfa/attachment-0003.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: c135615.ics
Type: application/octet-stream
Size: 3827 bytes
Desc: not available
Url : https://lists.owasp.org/pipermail/owasp-austin/attachments/20100819/b4dedcfa/attachment-0001.obj 


More information about the Owasp-austin mailing list