[Owasp-boston] Dec 5 meeting

Jim+Lisa Weiler lisajimbo at rcn.com
Sun Dec 2 21:28:50 EST 2007


Hi Folks,
We've had lots of presentations on what to do or avoid and how to do or avoid it, but in order to actually get these things done and into production, you often have to get other people to actually implement the changes, otherwise you still haven't increased your security. Scott Matsumoto will talk about his experiences getting developers to implement security code changes, and discuss some web app security techniques. So bring any situations you want advice on or web app sec implementation difficulties and see if Scott can help.

You Say Tomayto and I Say Tomahto - Talking to Developers about Application Security

Talking to developers about Web application security is often like the Gershwin song lyrics - you feel like you're saying the same thing; just differently.  And like the song, the frustration makes you wonder if it's we should "call the whole thing off".  At Cigital we believe that the way to build secure applications is to change the way applications are developed and this means learning to talk to developers about web-application security in a way that makes sense to them.  This talk describes many of the lessons we've learned in our interactions with developers about how to describe application security problems and solutions.  The question and answer period will be for you to bring up specific problems you're having with talking to your developers

Scott Matsumoto is a Principal Consultant at Cigital. Mr. Matsumoto brings over 20 years of commercial software product development experience to the company. His experience encompasses development of component-based middleware, performance management systems, graphical UIs, language compilers, database management systems and operating system kernels.

Most recently Mr. Matsumoto was the CTO of Spring Street Networks. Prior to Spring Street Networks, he was co-founder and CTO of Xtremesoft, which provided component-based application monitoring for Microsoft technology-based applications. Mr. Matsumoto has held positions at other major software companies such as systems architect for Lotus Development. Prior to Lotus, Mr. Matsumoto was a principal at Working Set, Inc., the software company that designed and implemented Digital Equipment Corp.'s SQL compiler. He was also one of the original designers of Digital's Relational Database system


Pizza will be provided by Cigital.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-boston/attachments/20071202/11422b8e/attachment.html 


More information about the Owasp-boston mailing list