[Owasp-denver] Invitation: August OWASP Meeting, Wednesday 20 Aug 08 @ 6pm @ Raytheon Polar, Centennial CO
dcampbell at owasp.org
Thu Aug 7 13:25:32 EDT 2008
Dan Cornell: Static Analysis Techniques for Testing Application Security
Static Analysis of software refers to examining source code and other
software artifacts without executing them. This presentation looks at
how these techniques can be used to identify security defects in
applications. Approaches examined will range from simple keyword search
methods used to identify calls to banned functions through more
sophisticated data flow analysis used to identify more complicated
issues such as injection flaws. In addition, a demonstration will be
given of two freely-available static analysis tools: FindBugs for the
Java platform and FXCop for the .NET platform. Finally, some approaches
will be presented on how organizations can start using static analysis
tools as part of their development and quality assurance processes.
Dan Cornell has over ten years of experience architecting and developing
web-based software systems. He leads Denim Group’s security research
team in investigating the application of secure coding and development
techniques to improve web-based software development methodologies.
Dan was the founding coordinator and chairman for the Java Users Group
of San Antonio (JUGSA) and is currently the San Antonio chapter leader
of the Open Web Application Security Project (OWASP). He is a recognized
expert in the area of web application security for
SearchSoftwareQuality.com and the primary author of Sprajax, OWASP’s
open source tool for assessing the security of AJAX-enabled web
6-6:30 Dinner (at Raytheon Polar; pizza provided by Business Partner
6:30 - 6:40 Chapter business
6:40 - 8:00 Presentation and Q&A
Following the meeting we will have informal discussions over beverages
at JD's Bait Shop.
Management, Developers, Security Professionals – can only result in one
thing…… better security.
More information about the OWASP-DENVER