[Owasp-boston] Boston OWASP June Meeting - Tools of the Trade

Weiler, Jim Jim.Weiler at Staples.com
Mon May 23 16:40:33 EDT 2005


When  - Wed. June 1, 6:30 Microsoft Waltham   (directions at

PIZZA will be provided by Fishnet Security 

Please reply to me if you think you will be coming.

There will be some books and software to raffle off too. 

******************   Topic -    Tools of the Trade       *******************

Application Security has become the hot topic of choice in today's technical
information security landscape. Unfortunately there is little information
about what the elusive quality known as "security" in applications really
means; how to test for or evaluate this quality, and what tools can help
automate the testing process. Most of the information available is provided
by product or service vendors; most of the metrics available to support
their claims are dubious at best.
Enter the OWASP Taxonomy and Tools Project. Because there exists no clearly
defined taxonomy for the different methods of application security
testing/analysis, and no clear information on where tools of automation help
or what said tools actually do, OWASP (www.owasp.org) has started a project
to classify and categorize application security testing and tools. The
purpose of this project is to provide people with a free, objective, and
international resource for understanding what the different ways are to test
an application, and what tools purport to provide what automation benefits.
This presentation will provide a categorically different overview of what
application security is, introduce a taxonomy that discusses different ways
to evaluate the security quality of an application, and break down the tools
current available on the market; commercial, open-source, and freeware in
regards to where they fit in the testing taxonomy that will be introduced.
The attendee should walk away with a better understanding of the strengths
and weakness of various approaches to testing software, and a clearer
ability to peer through the vendor-biased claims made for the abilities (or
limitations) of automated testing tools.

*************************  Presenter   **********************************

Arian Evans, National Practice Lead & Senior Security Engineer, Fishnet

Arian Evans has spent the last seven years pondering information security,
with a focus on application security and intrusion detection. He is an
International speaker on the subject of application security, presenting new
and innovative research at security conferences in Europe, including OWASP
2005 and BlackHat Europe 2005. He is the chapter head of OWASP Kansas City,
and helped start the Omaha, Minneapolis, and St. Louis OWASP chapters, and
speaks at OWASP chapters around the United States. Mr. Evans performs
independent vulnerability research, including the discovery and disclosure
of the only major vulnerability found in Nokia's IPSO security platform and
several unique vulnerabilities in web servers. He continues to publish
whitepapers on new vulnerabilities, attack vectors, and application defense
techniques. Arian is also very active on various forums including the
SecurityFocus WebApplicationSecurity forum.

Jim Weiler
Staples North American Application Services
Application Architect
508 2533884

More information about the Owasp-boston mailing list