[Owasp-bostonfinancialdist] OWASP Boston Oct 6 + Dec 1 meetings

Weiler, Jim Jim.Weiler at starwoodhotels.com
Sun Sep 26 21:02:01 EDT 2010

Next meeting - Wed. Oct 6. Microsoft Waltham. This is the first of a 2
part session. The second part will be Wed. Dec. 1.


We will still have a November meeting, featuring Pravir Chandra, project
leader for OWASP Open SAMM.




In this highly interactive two-part workshop, Rob Cheyne of Safelight
Security will show you the basics of conducting a real-world
architecture & design review. 

This workshop draws from Safelight's Security Architecture Fundamentals
training course, a two-day course frequently used to teach Fortune 500
companies how to look at their system architectures from both the
hacker's and the designer's point of view.  

First session:

In the first session on October 6, Rob discusses a practical approach to
architecture review and threat modeling using real-world examples. This
session lays the foundation for participants to participate in a
real-world architecture review in the December session. 

Attendees will learn:

            - How to holistically examine a system architecture for
security issues from both the designer's and the hacker's point of view

            - To identify frequently overlooked areas where security
vulnerabilities commonly occur

            - Tips for assessing a system at the host-level, network
level, and application level

            - Practical ways to apply threat modeling to help manage

Second session:

In the December 1st session, Rob will conduct a sample architecture
assessment against a real-world system, and in the process, teach
participants how to conduct an architecture of their own.  Brave
volunteers will be welcome to share their own architectures and have
them reviewed. This is an opportunity to get free consulting that
typically costs thousands of dollars.  There is limited time, so not
every one will get chosen.  If you are interested in this, please
contact Rob Cheyne (rcheyne at safelightsecurity.com) directly.

 Who should attend?

Anyone can participate and learn from the discussion in this accessible
and dynamic workshop.  Whether you are an architect, a developer, or a
manager, there will be something here for you.  Come learn to challenge
your assumptions.

Additional information:

Penetration testing is a common way to evaluate an application's
security.  Yet a comprehensive architecture and design assessment can
uncover critical security issues that often cost far less to resolve
early on in a project.  Many companies overlook this element of system

Rob was one of a select few at security consulting company @stake who
regularly led and conducted full-blown enterprise-level architecture
assessments for Fortune 500 companies.  Drawing from his experience with
dozens of real-world architecture assessments over the past 12 years,
and his 20 years as a software developer, architect, and consultant, Rob
teaches students to challenge assumptions that frequently lead to
long-term security and reliability problems. 



Date - Oct. 6


Time - 6:30 p.m.

Location and Directions - 


Microsoft offices at the Waltham Weston Corporate Center, 201 Jones Rd.,
Sixth Floor Waltham, MA


>From Rt. 128 North take exit 26 toward Waltham, East up the hill on Rt.
20. From Rt 128 South take exit 26 but go around the rotary to get to 20
East to Waltham. Follow signs for Rt. 117 (left at the second light).
When you get to 117 turn left (West). You will cross back over Rt. 128.
Jones Rd. (look for the Waltham Weston Corporate Center sign) is the
second left, at a blinking yellow light, on Rt. 117 going west about 0.1
miles from Rt. 128 (I95). The office building is at the bottom of Jones
Rd. Best parking is to turn right just before the building and park in
the back. Knock on the door to get the security guard to open it. The
room is MPR C.



Jim Weiler   CISSP  CSSLP  GSSP-Java

Starwood Hotels and Resorts

Sr. Mgr. Information Security Risk Assessment

Office - 781 356 0067

Cell - 781 654 6048


This electronic message transmission contains information from the Company that may be proprietary, confidential and/or privileged. 
The information is intended only for the use of the individual(s) or entity named above.  If you are not the intended recipient, be 
aware that any disclosure, copying or distribution or use of the contents of this information is prohibited.  If you have received 
this electronic transmission in error, please notify the sender immediately by replying to the address listed in the "From:" field. 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-bostonfinancialdist/attachments/20100926/87e5c058/attachment.html 

More information about the Owasp-bostonfinancialdist mailing list