[Owasp-chicago] Next chapter meeting: February 2

Cory Scott cory at crazypenguin.com
Mon Jan 11 12:29:59 EST 2010

Next Chapter Meeting: February 2, 2010 - NEW LOCATION
The next quarterly Chicago OWASP Chapter meeting will be February 2nd,  
2010 in the Monadnock Building conference room (53 W Jackson, 8th  
floor) at 6pm.

Please RSVP to cory.scott at owasp.org by February 1st so we can enter  
your name into the building's security system.

6:00 - Refreshments and Welcome

6:15 - Protecting Your Applications from Backdoors: How to Secure Your  
Business Critical Applications from Time Bombs, Backdoors & Data -  
Erik Peterson, Veracode

7:15 - Open Software Assurance Maturity Model (OpenSAMM) - Pravir  
Chandra, Fortify



Protecting Your Applications from Backdoors: How to Secure Your  
Business Critical Applications from Time Bombs, Backdoors & Data


With the increasing practice of outsourcing and using 3rd party  
libraries, it is nearly impossible for an enterprise to identify the  
pedigree and security of the software running its business critical  
applications. As a result backdoors and malicious code are  
increasingly becoming the prevalent attack vector used by hackers.  
Whether you manage internal development activities, work with third  
party developers or are developing a COTS application for enterprise,  
your mandate is clear- safeguard your code and make applications  
security a priority for internal and external development teams. In  
this session we will cover;

	• Prevalence of backdoors and malicious code in third party attacks
	• Definitions and classifications of backdoors and their impact on  
your applications
	• Methods to identify, track and remediate these vulnerabilities

Erik Peterson from Veracode will be presenting.

Open Software Assurance Maturity Model (OpenSAMM)


The Open Software Assurance Maturity Model (SAMM) (http://www.opensamm.org/ 
) is a flexible and prescriptive framework for building security into  
a software development organization. Covering more than typical SDLC- 
based models for security, SAMM enables organizations to self-assess  
their security assurance program and then use recommended roadmaps to  
improve in a way that's aligned to the specific risks facing the  
organization. Beyond that, SAMM enables creation of scorecards for an  
organization's effectiveness at secure software development throughout  
the typical governance, development, and deployment business  
functions. Scorecards also enable management within an organization to  
demonstrate quantitative improvements through iterations of building a  
security assurance program. This workshop will introduce the SAMM  
framework and walk through useful activities such as assessing an  
assurance program, mapping an existing organization to a recommended  
roadmap, and iteratively building an assurance program. Time allowing,  
additional case studies will also be discussed. OpenSAMM is an open a  
free project and has recently been donated to the Open Web Application  
Security Project (OWASP) Foundation. For more information on OpenSAMM,  
visit http://www.opensamm.org/.


Pravir Chandra is Director of Strategic Services at Fortify Software  
and works with clients on software security assurance programs. Pravir  
is recognized for his expertise in software security, code analysis,  
and his ability to strategically apply technical knowledge. Prior to  
Fortify, he was a Principal Consultant affiliated with Cigital and led  
large software security programs at Fortune 500 companies. Pravir Co- 
Founded Secure Software, Inc. and was Chief Security Architect prior  
to its acquisition by Fortify. He recently created and led the Open  
Software Assurance Maturity Model (OpenSAMM) project with the OWASP  
Foundation, leads the OWASP CLASP project, and also serves as member  
of the OWASP Global Projects Committee. Pravir is author of the book  
Network Security with OpenSSL.

More information about the Owasp-chicago mailing list