[Owasp-boston] OWASP RI: May 12 - Two Great Presentations!

Patrick Laverty patrick.laverty at owasp.org
Mon May 2 13:34:18 UTC 2016

Hi all,

OWASP RI has a couple great meetings coming up. On May 12, we will have two
guests! Steve Carmody come to speak about Single Sign On (SSO) mechanisms
and Federated Identity. We will also have Nat Kopcyk and April Lorenz to
talk about their ongoing research project, Testing Strategies for Faster
Cyber Security Notification.

As always, the meeting will be held at Upserve (formerly Swipely) 10
Dorrance St in Providence, 6:30 pm. Please RSVP for the meeting here:

Steve Carmody is the project lead for the Internet2's Shibboleth (
http://www.internet2.edu/products-services/trust-identity/shibboleth/) and
an IT Architect at Brown University. Steve will speak on single sign on
mechanisms and the idea of federated identity. If you have ever chosen to
use your Google account, Facebook account or Twitter account to log in to
other services, you are familiar with the idea of federated identity. Come
hear more about the projects on May 12.

April and Nat's presentation is  Research: Testing Strategies for Faster
Cyber Security Notification

This is a 3 year research-only project and we have nothing to sell (!) :)

Focus of the project is speed up awareness of IOC/IOV (Indicators of
Compromise or Vulnerability) in the supply chain to critical
infrastructure. Companies that provide goods or services to critical
infrastructure are often too small to join an ISAC and typically don't yet
have a process for effectively handling IOC/IOV notifications.

Then on June 9, we will have Robert Hurlbut talking about Threat Modeling
for Secure Software Design

Threat modeling is a way of thinking about what could go wrong and how to
prevent it. Instinctively, we all think this way in regards to our own
personal security and safety. When it comes to building software, some
software shops either skip the important step of threat modeling in secure
software design or, they have tried threat modeling before but haven't
quite figured out how to connect the threat models to real world software
development and its priorities. In this session, you will learn practical
strategies in using threat modeling in secure software design and how to
apply risk management in dealing with the threats.

It's an exciting couple months and I hope you can attend. See you all on
Thursday, May 12!

Patrick Laverty
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-boston/attachments/20160502/8db8162a/attachment.html>

More information about the Owasp-boston mailing list