[Owasp-cincinnati] Next OWASP meeting February 26th, Please RSVP

Marco M. Morana marco.morana at owasp.org
Mon Feb 18 13:24:21 EST 2008

Fellow OWASP Cincinnati chapter meeting attendees


We currently have 32 members subscribing the OWASP Cincinnati chapter
mailing list (herein included) so I am looking for a good participation to
the next meeting next Tuesday, February 26th, 2008, 6.45pm - 7:45pm at
Citigroup in Blue Ask.


Please provide your RSVP to me by replying to this email. Also if you have
not subscribed the OWASP Cincinnati mailing list, please do so.

The meeting session topic is: OWASP Top Ten Vulnerabilities and Software
Root Causes: Solving The Software Security Problem From an Information
Security Perspective. 

Presenter: Marco Morana (Citigroup, TISO, OWASP Chapter Leader, Security
Blogger). Abstract of the presentation: Before to diagnose the disease and
provide the cure a doctor looks at the root causes of the sickness, the risk
factors and the symptoms. In case of application security the majority of
the root causes of the security issues are in-secure software, the risk
factors can be found in how bad the application is designed, the software is
coded and the application is tested and the symptoms in how the application
vulnerabilities are exposed. The presentation will articulate the problem of
secure software, the costs, the software security risks and how these are
typically dealt with by most organizations. Solving the problem of software
security requires people, process and tools. From the information security
perspective we will look at ways to enforcing software security by looking
at risks that threat agents (attacks) can exploit vulnerabilities due to
insecure software and the resulting impact on company assets. Implementing a
set of software security requirements is the best place to start to address
the root causes of web application vulnerabilities. With a categorization of
web application vulnerabilities as weakness in application security
controls, it is easier to describe the root cases as coding errors. A good
place to start documenting software security requirements is the OWASP Top
Ten, for each of these vulnerabilities we will discuss the threat, the risk
factors, the software root causes of the vulnerability, how to find if you
are vulnerable and if you are which countermeasures need to be implemented.

Presentation start 7.00 pm

Consult the OWASP chapter web page for more details. The presentation will
be uploaded on the site.



Hope to see you there.




Marco Morana

OWASP Cincinnati Chapter Leader


 <http://securesoftware.blogspot.com> http://securesoftware.blogspot.com



Marco Morana

OWASP Cincinnati Chapter Leader





-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-cincinnati/attachments/20080218/21e08f00/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OWASP_ParticipantList_2_18_08.xls
Type: application/vnd.ms-excel
Size: 21504 bytes
Desc: not available
Url : https://lists.owasp.org/pipermail/owasp-cincinnati/attachments/20080218/21e08f00/attachment.xls 

More information about the Owasp-cincinnati mailing list