[Owasp-denver] October OWASP Denver joint meeting w/ SANS DevOps Summit

Steve Kosten steve.kosten at owasp.org
Thu Sep 28 02:51:43 UTC 2017


OWASP Denver will be holding our October meeting along with the SANS Secure
DevOps Summit on October 10th.  RSVP at
https://www.meetup.com/preview/Denver-OWASP/events/243732613

Please join us for a reception and presentation hosted by the SANS
Institute on October 10 th at the Sheraton – Denver Tech Center. SANS will
be holding its inaugural Secure DevOps Summit on October 10-11. The Summit
will bring together SecDevOps experts from leading organizations to share
theirideas, methods, and tools for building and delivering secure software
using DevOps. Any OWASP member interested in attending the event will
receive a $400 discount when they use the OWASPDENVER discount code. More
information about the Summit here: http://www.sans.org/u/w8b

Regardless of whether you attend the Summit, all OWASP Denver members are
invited to attend an evening reception on October 10th from 5:00 – 6:15pm
followed by a presentation by Eric Johnson of SANS. Come join us for an
evening of networking, food, drinks, and an in-depth talk about leveraging
the power of Continuous Integration and Continuous Delivery to improve
security posture.

*Topic:*
Secure DevOps: A Puma’s Tail DevOps is changing the way that organizations
design, build, deploy and operate online systems. Engineering teams are
making hundreds, or even thousands, of changes per day, and traditional
approaches to security are struggling to keep up. Security must be
reinvented in a DevOps world and take advantage of the opportunities
provided by continuous integration and delivery pipelines.

In this talk, we start with a case study of an organization trying to
leverage the power of
Continuous Integration (CI) and Continuous Delivery (CD) to improve their
security posture.
After identifying the key security checkpoints in the pre-commit, commit,
acceptance, and
deployment lifecycle phases, we will explore how unit testing and static
analysis fit into
SecDevOps. Live demonstrations will show how to identify vulnerabilities
pre-commit inside the Visual Studio development environment, and how to
enforce security unit tests and static analysis in a Jenkins continuous
integration (CI) build pipeline. Attendees will walk away with a better
understanding of how security fits into DevOps, and an open source .NET
static analysis engine to help secure your organization’s applications.

*Speaker:*
Eric Johnson is a Principal Security Consultant at Cypress Data Defense
where he leads secure software development lifecycle consulting, web and
mobile application penetration testing, secure code review assessments,
static source code analysis, security research, and security tools
development. He also founded the Puma Scan static analysis open source
project, which allows software engineers to run security-focused .NET
static analysis rules during development and in continuous integration
pipelines. As a Certified Instructor with the SANS Institute, Eric authors
application security courses on DevOps,
cloud security, secure coding, and defending mobile apps. He serves on the
advisory board for the SANS

Securing the Human Developer awareness training program, delivers security
training around the world, and has presented his security research at
conferences including SANS, BlackHat, OWASP, BSides, JavaOne, UberConf, and
ISSA.

Eric completed a bachelor of science degree in Computer Engineering and a
master of
science degree in Information Assurance at Iowa State University, and
currently holds the CISSP, GWAPT, GSSP-.NET, and GSSP-Java certifications.
He is located in West Des Moines, IA and outside the office he enjoys
spending time with his family, attending Iowa State athletic events, and
playing golf.

Steve Kosten
OWASP Denver Chapter Leader
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-denver/attachments/20170927/7f1a65bf/attachment.html>


More information about the OWASP-DENVER mailing list