[Owasp-ireland] OWASP Event: Define Security Requirements - A Practical Approach

fabio.e.cerullo at aib.ie fabio.e.cerullo at aib.ie
Mon May 31 08:59:51 EDT 2010

Hello everyone,

This is a reminder for the forthcoming OWASP Ireland chapter meeting to be 
held on June 30th at 6:30pm-7:30pm (show up at venue between 

As usual our location are the Ernst & Young offices in Dublin who kindly 
agreed to host our event:
- Ernst & Young, Harcourt Street, Dublin 2, Opposite the Odeon Pub, 
Dublin, Ireland

Google Map location here:

As last time, we should have plenty of time to have a talk and a few 
drinks afterwards.

If you are planning to attend you must RSVP at 
http://owasp-ireland-june.eventbrite.com. Note, please enter your real 
name, as this will be given to Ernst & Young building security. If you 
don't RSVP, you may not be let into the building.  

A certificate of participation will be provided to those attending the 

Also, if you are no longer able to attend, please email anyone below so 
your space can be released for someone else.

Fabio at fcerullo at owasp.org 
Eoin at eoin.keary at owasp.org 
Rahim at rahim.jina at owasp.org 

** If you would like to be a sponsor of this or a future event please 
contact Fabio directly by mail for further details. 

See you there! 

== Talk ==

Title: Define Security Requirements - A practical approach

The Data Protection Act states that "appropriate security measures" must 
be taken to protect personal data. How do you specify the appropriate 
security measures for a website which processes personal data? It is an 
important step in a development project, but is often neglected. In this 
talk, Alexis will descibe his own experiences of assessing web 
application, and will also look in more detail at what the Data Protection 
Commissioner says. He will then take a fictional website and look at a 
practical approach to specifying the security requirements that the 
fictional application should meet. This will use the kind of risk-based 
techniques outlined by OWASP or the Microsoft Secure Development Lifecycle 
(SDL). Issues discussed will include encryption, authentication, access 
control, audit, etc. The result will be a list of security requirements 
that can be carried into the design and development phases. Attendees 
should be able to apply the ideas to their own development projects.

== Presenters == 

Alexis FitzGerald

For the last six years Alexis has worked for Rits Information Security 
Group, where he performs application penetration testing assignments as 
well as advising clients on application security issues. Before that, he 
spent many years as a developer (mainly in the financial sector), and he 
continues to be involved in development. Alexis holds an MSc in 
Information Security from the University of London, Royal Holloway.
Further details and schedule for the night will be available on the 
chapter page ( https://www.owasp.org/index.php/Ireland ). 

This document is strictly confidential and is intended for use by the addressee unless otherwise indicated.

This email has been scanned by an external email security system.

Allied Irish Banks

AIB and AIB Group are registered business names of Allied Irish Banks p.l.c. Allied Irish Banks, p.l.c. is regulated by the Financial Regulator.  Registered Office: Bankcentre, Ballsbridge, Dublin 4. Tel: + 353 1 6600311; Registered in Ireland: Registered No. 24173

Please consider the environment before printing this e-mail. 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-ireland/attachments/20100531/f3bcb8c7/attachment.html 

More information about the Owasp-ireland mailing list