[Owasp-bostonfinancialdist] OWASP Boston Feb 3 mtg - Microsoft Waltham

Weiler, Jim Jim.Weiler at starwoodhotels.com
Fri Jan 29 15:33:49 EST 2010

Yes, we are having our regular Feb. meeting, even tho it's just 6 days
after the Jan. meeting.




Date - Feb. 3


Time - 6:30 p.m.


Main Topic - New Technology, Same Old Vulnerabilities

Technology often creates new, exciting and more efficient ways of doing
business. The added efficiency and lower costs frequently drives a
strong desire to implement the latest and greatest technology.  The down
side is that we often jump into new technology without fully considering
the security implications, and inadvertently implement the same old
vulnerabilities time and again.


Web services are a great example of this.   Web services are a means of
adding a web-based programming interface to nearly any legacy enterprise
application, and they are being implemented across many industries at a
rapid pace. In many cases we have seen that the implementers are not
considering security at all, but merely functionality.  This leads to a
wealth of subtle security vulnerabilities.


In this talk, Rob Cheyne of Safelight Security Advisors will explore
some ways that we consistently add risk to our organizations, uncover
some ticking time bombs, and discuss some ways to improve the situation.
He will explore ways that we can better apply security in the
development lifecycle when implementing new technologies.  Along the
way, he will provide examples of classical vulnerabilities that show up
in new technologies.  




Rob Cheyne is founder and CEO of Safelight Security Advisors, a leading
information security training company.  He is an application security
expert who has taught security training classes to over 10,000
developers, architects, and managers, and executives.  He has 20 years
of information technology experience and has been working in information
security since 1998. Rob has a solid combination of business and
technical expertise, and over the years, he has played the role of
software developer, systems integrator, security expert, consultant,
trainer and entrepreneur.  

Rob's ability to bridge the communication gap between business and
technology has led to him consulting for some of the largest and most
respected global brands.  He has worked for many top-tier organizations
in the financial services, health care, retail and government sectors.
As a security educator, he has made significant improvements to
information security training techniques, incorporating accelerated
learning into security courses to significantly increase their

Prior to Safelight, Rob was a co-founder of @stake, a highly regarded
pioneer in information security consulting. In this role, he led and
conducted secure architecture and design reviews, secure code reviews,
application penetration tests, and security audits for numerous Fortune
500 companies.  He helped develop at stake's application security
assessment methodologies, and led @stake's Application Security Center
of Excellence for two years. Rob was also a co-author of the
award-winning L0phtCrack password auditing software and he worked on
@stake's SmartRisk Analyzer team, which was successfully spun-off as

Location and Directions - 


Microsoft offices at the Waltham Weston Corporate Center, 201 Jones Rd.,
Sixth Floor Waltham, MA


>From Rt. 128 North take exit 26 toward Waltham, East up the hill on Rt.
20. From Rt 128 South take exit 26 but go around the rotary to get to 20
East to Waltham. Follow signs for Rt. 117 (left at the second light).
When you get to 117 turn left (West). You will cross back over Rt. 128.
Jones Rd. (look for the Waltham Weston Corporate Center sign) is the
second left, at a blinking yellow light, on Rt. 117 going west about 0.1
miles from Rt. 128 (I95). The office building is at the bottom of Jones
Rd. Best parking is to turn right just before the building and park in
the back. Knock on the door to get the security guard to open it. The
room is MPR C.


Pizza provided by Safelight 


Jim Weiler   CISSP  CSSLP

Starwood Hotels and Resorts

Sr. Mgr. Information Security Risk Assessment

Office - 781 356 0067

Cell - 781 654 6048

This electronic message transmission contains information from the Company that may be proprietary, confidential and/or privileged. 
The information is intended only for the use of the individual(s) or entity named above.  If you are not the intended recipient, be 
aware that any disclosure, copying or distribution or use of the contents of this information is prohibited.  If you have received 
this electronic transmission in error, please notify the sender immediately by replying to the address listed in the "From:" field. 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-bostonfinancialdist/attachments/20100129/d38211ec/attachment.html 

More information about the Owasp-bostonfinancialdist mailing list