<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=windows-1255">
<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">

<head>

<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<style>
<!--
 /* Font Definitions */
 @font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:11.0pt;
        font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:purple;
        text-decoration:underline;}
span.EmailStyle17
        {mso-style-type:personal-compose;
        font-family:"Calibri","sans-serif";
        color:windowtext;}
.MsoChpDefault
        {mso-style-type:export-only;}
@page Section1
        {size:8.5in 11.0in;
        margin:1.0in 1.0in 1.0in 1.0in;}
div.Section1
        {page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
 <o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
 <o:shapelayout v:ext="edit">
  <o:idmap v:ext="edit" data="1" />
 </o:shapelayout></xml><![endif]-->
</head>

<body lang=EN-US link=blue vlink=purple>

<div class=Section1>

<p class=MsoNormal>As a quick reminder, donít forget to RSVP to attend
the Dallas OWASP Chapterís meeting next Wednesday at lunchtime. ††How do
you RSVP?† Send an email to <span style='color:#1F497D'><a
href="mailto:OWASP.DFW.RSVP@denimgroup.com">OWASP.DFW.RSVP@denimgroup.com</a></span>.†
This will ensure we have enough food for the group.† In the meantime, if you
would like to invite your friends and colleagues, you can point them to the
meeting flyer posted here:<span style='color:#1F497D'> </span><span
class=MsoHyperlink><a
href="https://www.owasp.org/images/3/39/Dallas_OWASP_Flyer.pdf"
title="Dallas OWASP Flyer.pdf">Dallas_OWASP_Flyer.pdf</a></span><span
class=MsoHyperlink><span style='font-family:"Arial","sans-serif"'>ż.<o:p></o:p></span></span></p>

<p class=MsoNormal><o:p>&nbsp;</o:p></p>

<p class=MsoNormal><b><span style='font-size:14.0pt;font-family:"Arial","sans-serif"'>Dallas
OWASP Chapter: Wednesday, February 25, 2009<o:p></o:p></span></b></p>

<p class=MsoNormal><i><span style='font-family:"Arial","sans-serif"'>Topic</span></i><span
style='font-family:"Arial","sans-serif"'>: <b>Vulnerability Management in an Application
Security World</b></span><b><span style='font-size:12.0pt;font-family:"Arial","sans-serif"'><o:p></o:p></span></b></p>

<p class=MsoNormal><i><span style='font-family:"Arial","sans-serif"'>Presenter</span></i><span
style='font-family:"Arial","sans-serif"'>: Dan Cornell, Principal, Denim Group<o:p></o:p></span></p>

<p class=MsoNormal><i><span style='font-family:"Arial","sans-serif"'>Date</span></i><span
style='font-family:"Arial","sans-serif"'>: Wednesday, February 25, 2009 11:30am
Ė 1:30pm. Lunch will be provided.<o:p></o:p></span></p>

<p class=MsoNormal><i><span style='font-family:"Arial","sans-serif"'>Location</span></i><span
style='font-family:"Arial","sans-serif"'>:<o:p></o:p></span></p>

<p class=MsoNormal><span lang=EN style='font-size:12.5pt;font-family:"Arial","sans-serif";
color:black'>UTD Campus - Galaxy Room of the Student Union, Room SU 2.602<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>800 West
Campbell Road<br>
Richardson, TX 75080-3021<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'><a
href="http://www.utdallas.edu/map/">http://www.utdallas.edu/map/</a> <o:p></o:p></span></p>

<p class=MsoNormal><i><span style='font-family:"Arial","sans-serif"'>Please
RSVP:</span></i><span style='color:#1F497D'> </span><span style='font-size:
10.0pt;font-family:"Arial","sans-serif";color:#1F497D'><a
href="mailto:OWASP.DFW.RSVP@denimgroup.com">OWASP.DFW.RSVP@denimgroup.com</a><o:p></o:p></span></p>

<p class=MsoNormal><i><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></i></p>

<p class=MsoNormal><i><span style='font-family:"Arial","sans-serif"'>Abstract</span></i><span
style='font-family:"Arial","sans-serif"'>:<o:p></o:p></span></p>

<p class=MsoNormal>Identifying application-level vulnerabilities via
penetration tests and code reviews is only the first step in actually
addressing the underlying risk.&nbsp; Managing vulnerabilities for applications
is more challenging than dealing with traditional infrastructure-level
vulnerabilities because they typically require the coordination of security
teams with application development teams and require security managers to
secure time from developers during already-cramped development and release
schedules.&nbsp; In addition, fixes require changes to custom application code
and application-specific business logic rather than the patches and
configuration changes that are often sufficient to address infrastructure-level
vulnerabilities.<span style='font-family:"Times New Roman","serif"'><o:p></o:p></span></p>

<p class=MsoNormal>This presentation details many of the pitfalls organizations
encounter while trying to manage application-level vulnerabilities as well as
outlines strategies security teams can use for communicating with development
teams.&nbsp; Similarities and differences between security teamsí
practice of vulnerability management and development teamsí practice of
defect management will be addressed in order to facilitate healthy
communication between these groups.<o:p></o:p></p>

<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>

<p class=MsoNormal><i><span style='font-family:"Arial","sans-serif"'>Presenter
Bio</span></i><span style='font-family:"Arial","sans-serif"'>:<o:p></o:p></span></p>

<p class=MsoNormal>Dan Cornell has over ten years of experience architecting,
developing and securing web-based software systems. As a Principal of Denim
Group, he leads the organizationís technology team overseeing methodology
development and project execution for Denim Groupís customers. He also
heads the Denim Group application security research team, investigating the
application of secure coding and development techniques to the improvement of
web based software development methodologies. He is also the primary author of
sprajax, Denim Groupís open source tool for assessing the security of
AJAX-enabled web applications.<span style='font-family:"Times New Roman","serif"'><o:p></o:p></span></p>

<p class=MsoNormal><o:p>&nbsp;</o:p></p>

<p class=MsoNormal><o:p>&nbsp;</o:p></p>

<p class=MsoNormal>Look forward to seeing you next week!† <o:p></o:p></p>

<p class=MsoNormal><o:p>&nbsp;</o:p></p>

<p class=MsoNormal>Andrea<o:p></o:p></p>

<p class=MsoNormal><o:p>&nbsp;</o:p></p>

<p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:#30527B'>Andrea Wendeln, CISSP <o:p></o:p></span></b></p>

<p class=MsoNormal><span style='font-size:18.0pt;font-family:"Arial","sans-serif";
color:#BB3E19'>------------------------------------------</span><span
style='font-size:18.0pt;color:#1F497D'><o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:#676542'>email&nbsp;&nbsp;&nbsp; <a href="mailto:andrea@denimgroup.com"><span
style='color:blue'>andrea.wendeln@denimgroup.com</span></a><br>
office&nbsp;&nbsp; 469.619.5710</span><span style='font-size:10.0pt;color:#1F497D'><o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:#676542'>cellular&nbsp; 214.914.2077<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:#676542'>fax&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 469.533.1670<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:18.0pt;font-family:"Arial","sans-serif";
color:#BB3E19'>&nbsp;------------------------------------------</span><span
style='font-size:18.0pt;color:#BB3E19'><o:p></o:p></span></p>

<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif";color:#30527B'>DENIM
GROUP</span></b><b><span style='font-family:"Arial","sans-serif";color:#1F497D'>
</span></b><b><span style='font-family:"Arial","sans-serif";color:#BB3E19'>| </span></b><span
style='font-family:"Arial","sans-serif";color:#30527B'>Build Integrate Secure</span><span
style='font-size:12.0pt;font-family:"Arial","sans-serif";color:#30527B'><o:p></o:p></span></p>

<p class=MsoNormal><span style='font-family:"Arial","sans-serif";color:#30527B'><a
href="http://www.denimgroup.com"><span style='color:blue'>www.denimgroup.com</span></a>
</span><span style='font-family:"Times New Roman","serif";color:#1F497D'><o:p></o:p></span></p>

<p class=MsoNormal><o:p>&nbsp;</o:p></p>

<p class=MsoNormal><o:p>&nbsp;</o:p></p>

</div>

</body>

</html>