[Owasp-denver] Reminder: Denver OWASP Meeting tomorrow

Steve Kosten steve.kosten at owasp.org
Mon Oct 9 17:37:05 UTC 2017


RSVP at https://www.meetup.com/Denver-OWASP/events/243732613/

OWASP Denver will be holding our October meeting along with the SANS Secure
DevOps Summit on October 10th.

Please join us for a reception and presentation hosted by the SANS
Institute on October 10th at the Sheraton – Denver Tech Center. SANS will
be holding its inaugural Secure DevOps Summit on October 10-11. The Summit
will bring together SecDevOps experts from leading organizations to share
their ideas, methods, and tools for building and delivering secure software
using DevOps. Any OWASP member interested in attending the event will
receive a $400 discount when they use the OWASPDENVER discount code. More
information about the Summit here: http://www.sans.org/u/w8b


Regardless of whether you attend the Summit, all OWASP Denver members are
invited to attend an evening reception on October 10th from 5:00 – 6:15pm
followed by a presentation by Eric Johnson of SANS. Come join us for an
evening of networking, food, drinks, and an in-depth talk about leveraging
the power of Continuous Integration and Continuous Delivery to improve
security posture.


*Topic: Secure DevOps: A Puma’s Tail*

DevOps is changing the way that organizations design, build, deploy and
operate online systems. Engineering teams are making hundreds, or even
thousands, of changes per day, and traditional approaches to security are
struggling to keep up. Security must be reinvented in a DevOps world and
take advantage of the opportunities provided by continuous integration and
delivery pipelines.

In this talk, we start with a case study of an organization trying to
leverage the power of Continuous Integration (CI) and Continuous Delivery
(CD) to improve their security posture. After identifying the key security
checkpoints in the pre-commit, commit, acceptance, and deployment lifecycle
phases, we will explore how unit testing and static analysis fit into
SecDevOps. Live demonstrations will show how to identify vulnerabilities
pre-commit inside the Visual Studio development environment, and how to
enforce security unit tests and static analysis in a Jenkins continuous
integration (CI) build pipeline. Attendees will walk away with a better
understanding of how security fits into DevOps, and an open source .NET
static analysis engine to help secure your organization’s applications.

*Speaker: Eric Johnson *
Eric Johnson is a Principal Security Consultant at Cypress Data Defense
where he leads secure software development lifecycle consulting, web and
mobile application penetration testing, secure code review assessments,
static source code analysis, security research, and security tools
development. He also
founded the Puma Scan static analysis open source project, which allows
software engineers to run security-focused .NET static analysis rules
during development and in continuous integration pipelines.


As a Certified Instructor with the SANS Institute, Eric authors application
security courses on DevOps, cloud security, secure coding, and defending
mobile apps. He serves on the advisory board for the SANS Securing the
Human Developer awareness training program, delivers security training
around the world, and has presented his security research at conferences
including SANS, BlackHat, OWASP, BSides, JavaOne, UberConf, and ISSA.


Eric completed a bachelor of science degree in Computer Engineering and a
master of science degree in Information Assurance at Iowa State University,
and currently holds the CISSP, GWAPT, GSSP-.NET, and GSSP-Java
certifications. He is located in West Des Moines, IA and outside the office
he enjoys spending time with his family, attending Iowa State athletic
events, and playing golf.

Steve Kosten
OWASP Denver Chapter Leader
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-denver/attachments/20171009/4a0dd127/attachment.html>


More information about the OWASP-DENVER mailing list