[Owasp-boston] OWASP Boston two Sept mtgs - 7th at MS Waltham, 14th in Boston

Weiler, Jim Jim.Weiler at starwoodhotels.com
Fri Sep 2 16:04:05 EDT 2011

We'll be having 2 meetings this month - 


Wed. Sept 7 at MS Waltham  6:30

Adriel Desautels -  Differences between Web Application Penetration
Testing and Vulnerability Scanning


Adriel T. Desautels is the President and CTO of Netragard, LLC. Among
other things Adriel specializes in the delivery of advanced, high-threat
anti-hacking services and covert network penetration methodologies.
Prior to founding Netragard Adriel founded the internationally
recognized SNOsoft Research Team, which quickly became the think tank
for Secure Network Operations, Inc. Today SNOsoft is owned and operated
by Netragard LLC. 

Adriel also has extensive experience and expertise in the design and
deployment of sophisticated Intrusion Detection and Intrusion Prevention
(IDS/IPS) systems. In early 2002 Adriel designed an IDS/IPS technology
with powerful event correlation capabilities capable of accurately
identifying real events buried in a high volume of noise. That
technology was later acquired by a private third party. As a result of
his expertise Adriel has acted as an expert witness in U.S. Federal

Today Adriel's responsibilities at Netragard include but are not limited
to the design and management of all of Netragard's professional
services. Adriel's secondary responsibility is to run and maintain
Netragard's Exploit Acquisition Program (EAP). EAP is designed to
acquire bleeding edge, high value research and intelligence from the
hacking community



Wed. Sept 14, Jobspring offices, 545 Boyleston St. 6th floor,  Boston

Dinis Cruz

OWASP O2 Platform
Dinis Cruz

The O2 Platform is focused on automating application security knowledge
and workflows. It is specifically designed for developers and security
consultants to be able to perform quick, effective and thorough source
code-driven application security reviews (blackbox + whitebox). In
addition to the manual findings created/discovered by security
consultants, the OWASP O2 Platform allows the easy consumption of
results from multiple OWASP projects and commercial scanning tools. This
allows security consultants to find, exploit and automate (via Unit
Tests) security vulnerabilities usually dismissed by the community as
impossible to find/recreate. More importantly, it provides security
consultants a mechanism to: (a) "talk" with developers (via UnitTest),
(b) give developers a way to replicate + "check if it's fixed" the
vulnerabilities reported and (c) engage in a two-way conversion on the
best way to fix/remediate those vulnerabilities. For more details
<https://www.owasp.org/index.php/OWASP_O2_Platform> , to download binary
or source goto http://code.google.com/p/o2platform/downloads/list

Dinis Cruz is a Security Consultant based in London (UK) and specialized
in: ASP.NET/J2EE Application Security, Application Security audits and
.NET Security Curriculum Development.
For the past couple years Dinis has focused on the field of Static
Source Code Analysis and Dynamic Website Assessments (aka penetration
testing), and is the main developer of the OWASP O2 Platform which is an
Open Source project that is focused on 'Automating Security Consultants
Knowledge/Workflows' and 'Allowing non-security experts to access and
consume Security Knowledge'. Dinis is currently focused on making the O2
Platform the industry standard for consuming, instrumenting and
data-sharing between: the multiple WebAppSec tools, the Security
consultants and the final users (from management to developers).
<https://www.owasp.org/index.php/User:Dinis.cruz> )



Jim Weiler       CISSP   CSSLP   GSSP - Java

Sr. Mgr.  Information Security Risk Assessment

Starwood Hotels      1505 Washington St.   Braintree MA. 02184

desk - 781 356 0067

mobile - 7816546048


This electronic message transmission contains information from the Company that may be proprietary, confidential and/or privileged. 
The information is intended only for the use of the individual(s) or entity named above.  If you are not the intended recipient, be 
aware that any disclosure, copying or distribution or use of the contents of this information is prohibited.  If you have received 
this electronic transmission in error, please notify the sender immediately by replying to the address listed in the "From:" field. 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-boston/attachments/20110902/14ed8a86/attachment.html 

More information about the Owasp-boston mailing list