[Owasp-germany] Chapter-Meeting am 17.05 - bitte anmelden!

Tobias Glemser tobias.glemser at owasp.org
Fri May 3 07:32:42 UTC 2013

Hallo zusammen,

zur Erinnerung: Hiermit laden wir Euch nochmals herzlich zum Chapter Meeting
des OWASP German Chapters
(https://www.owasp.org/index.php/Germany/Chapter_Meetings) ein.

Wer sich aktiv in die Gestaltung des Chapters einbringen möchte, ist hier
genau richtig. Die Chapter-Meetings richten sich an all diejenigen, die
aktiv am Chapter geschehen teilhaben möchten. Wir stellen die Weichen, um
OWASP in Deutschland noch präsenter zu machen und freuen uns auf Deinen
Beitrag! OWASP lebt von der Community, von der aktiven Beteiligung.

Für die bessere Planung bitte ich um Anmeldung. Danke =>

* 14.00h Tobias Glemser, OWASP German Chapter Lead (30 min): Warme
Willkommensworte und Rückblick auf Chapter-Aktivitäten 2012
* 14:30h Laurent Levi von Checkmarx (45 min): DevOps and Security: It's
Happening. Right Now.
* 15:15h Dirk Wetter, OWASP German Chapter Board Member und AppSec EU
Research Conference Chair (30 min): Rückblick OWASP Day 2012 und Ausblick
AppSec EU Research 2013
* 15:45h Pause (15 min)
* 16.00h Jim Manico, OWASP Board Member (45 min): Top Ten Web Defenses
* 16.45h Torsten Gigler, OWASP German Chapter (15 min): OWASP Top 10 fuer
* 17.00h Tobias Glemser, OWASP German Chapter Lead (15 min): Chapter Board
* 17.15h offene Runde (30 min): OWASP Germany im kommenden Jahr
* Gegen 17.30 Uhr Ende und wer mag im Anschluss noch einen Absacker im
benachbarten Griechen. 

Wer zum Griechen mitgehen möchte bitte bei der Anmeldung
(https://reg.owasp.de/) in das Notizfeld eintragen.

Viele Grüße und bis bald in Frankfurt


Abstracts/Bios Fachvorträge 
DevOps and Security: It's Happening. Right Now.

How do you integrate security within a Continuous Deployment (CD)
environment - where every 5 minutes a feature, an enhancement, or a bug fix
needs to be released? Traditional application security tools which require
lengthy periods of configuration, tuning and application learning have
become irrelevant in these fast-pace environments. Yet, falling back only on
the secure coding practices of the developer cannot be tolerated. Secure
coding requires a new approach where security tools become part of the
development environment – and eliminate any unnecessary code analysis
overhead. By collaborating with development teams, understanding their needs
and requirements, you can pave the way to a secure deployment in minutes.
Steps include:

* Re-evaluate existing security tools and consider their integration within
a CD environment
* Deliver a secured development framework and enforce its usage
* Pinpoint precise security code flaws and provide optimal fix

Laurent Levi Laurent is an experienced security professional with extensive
technical knowledge in all aspects of application security. Over the last 6
years, Laurent has been managing Checkmarx's professional services team and
prior to that led the code audit team of Lexsi in France. Laurent has
extensive software development experience and has a post graduate degree in
AI from Paris VI Université Pierre et Marie Curie.
Top Ten Web Defenses

We cannot “firewall” or “patch” our way to secure websites. In the past,
security professionals thought firewalls, Secure Sockets Layer (SSL),
patching, and privacy policies were enough. Today, however, these methods
are outdated and ineffective, as attacks on prominent, well-protected
websites are occurring every day. Citigroup, PBS, Sega, Nintendo, Gawker,
AT&T, the CIA, the US Senate, NASA, Nasdaq, the NYSE, Zynga, and thousands
of others have something in common – all have had websites compromised in
the last year. No company or industry is immune. Programmers need to learn
to build websites differently. This talk will review the top coding
techniques developers need to master in order to build a low-risk,
high-security web application.

Jim Manico is the VP of Security Architecture for WhiteHat Security, a web
security firm. He authors and delivers developer security awareness training
for WhiteHat Security and has a background as a software developer and
architect. Jim is also a global board member for the OWASP foundation. He
manages and participates in several OWASP projects, including the OWASP
cheat sheet series and the OWASP podcast series.

More information about the Owasp-germany mailing list