[Owasp-denver] Invitation: August OWASP Meeting, Wednesday 20 Aug 08 @ 6pm @ Raytheon Polar, Centennial CO

David Campbell dcampbell at owasp.org
Thu Aug 7 13:25:32 EDT 2008


Dan Cornell: Static Analysis Techniques for Testing Application Security

Static Analysis of software refers to examining source code and other 
software artifacts without executing them. This presentation looks at 
how these techniques can be used to identify security defects in 
applications. Approaches examined will range from simple keyword search 
methods used to identify calls to banned functions through more 
sophisticated data flow analysis used to identify more complicated 
issues such as injection flaws. In addition, a demonstration will be 
given of two freely-available static analysis tools: FindBugs for the 
Java platform and FXCop for the .NET platform. Finally, some approaches 
will be presented on how organizations can start using static analysis 
tools as part of their development and quality assurance processes.

Dan Cornell has over ten years of experience architecting and developing 
web-based software systems. He leads Denim Group’s security research 
team in investigating the application of secure coding and development 
techniques to improve web-based software development methodologies.

Dan was the founding coordinator and chairman for the Java Users Group 
of San Antonio (JUGSA) and is currently the San Antonio chapter leader 
of the Open Web Application Security Project (OWASP). He is a recognized 
expert in the area of web application security for 
SearchSoftwareQuality.com and the primary author of Sprajax, OWASP’s 
open source tool for assessing the security of AJAX-enabled web 
applications.


Agenda:

6-6:30 Dinner (at Raytheon Polar; pizza provided by Business Partner 
Solutions.)

6:30 - 6:40 Chapter business

6:40 - 8:00 Presentation and Q&A

Following the meeting we will have informal discussions over beverages 
at JD's Bait Shop.


-- 
Management, Developers, Security Professionals – can only result in one 
thing…… better security.

http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference  Sept 
22nd-25th 2008


More information about the OWASP-DENVER mailing list