[Owasp-kansascity] updated wiki: Kansas City June 2013 Meeting

Mat Caughron caughron at gmail.com
Thu May 30 21:23:37 UTC 2013

The chapter wiki page has been updated for the June 20 meeting with
the following information:


"Adding Risk Analysis and KPI Reporting to Your WebApp/Vuln Scanning"

Discovering your enterprise vulnerabilities has become much easier
with scanning tools. However, many organizations still struggle with
handling the vulnerabilities that have been identified. Which ones
should we fix first, and which ones can we ignore? Who should be
responsible for the remediation task, and how can we hold them
accountable? These questions and others common struggles for
organizations large and not-so-large. In this presentation, we will
look at:
Methods to consolidate and de-duplicate scanning results from leading
security tools,
Automatically correlate results with assets, incidents, controls,
policies, and other compliance/security data,
Conduct risk scoring of each vulnerability and calculate
inherent/residual risk scores for the vulnerability, asset, system,
facility, and other records,
Assign remediation workflow for vulnerabilities and hold owners accountable,
Correlate scanning results with industry feeds such as US-CERT's NVD
and iDefense,
Report on Key Performance Indicators (KPIs) such as workflow
performance, trends per webapp/platform/Business Unit/Facility, and
other categories.

Speaker Bio:
 Larry Slobodzian is a Senior Solution Engineer at LockPath and an
Adjunct Professor of Information Systems at Baker University. With
over 16 years of networking, compliance, and security experience,
Larry has broad experience with solving complex business problems
leveraging technology. He is a Veteran Marine with an MBA and
technical certifications, making him one of the most dangerous Doctor
Who fans in Kansas City.

Mat Caughron
Kansas City OWASP volunteer chapter leader
(816) 866-0628

More information about the OWASP-KansasCity mailing list