[OWASP-Philadelphia] Next meeting - July 30, 11:30am-1pm in Kennet Square

Justin Klein Keane justin at madirish.net
Tue Jul 21 19:03:18 UTC 2015


Hello all,

   our next meeting will be held during lunch on July 30, 11:30am - 1pm 
at:

Giordano's Pizza

633 E Cypress St
Kennett Square, PA 19348

Parking: Ample parking on site, will not be an issue

We'll be dipping into the chapter funds to provide some pizza.  There 
will be two roughly 30 minute talks presented:

* Aaron Weaver - "Building an AppSec Pipeline"

Are you currently running an AppSec program?  AppSec programs fall into 
a odd middle ground; highly technical interactions with the dev and ops 
teams yet a practical business focus is required as you go up the org 
chart.  How can you keep your far too small team efficient while making 
sure you meet the needs of the business all while making sure you're 
catching vulnerabilities as early and often as possible?

This talk will discuss a real world case study of an AppSec Pipeline. 
The pipeline starts with "Bag of Holding", an open source web 
application which helps automate and streamline the activities of your 
AppSec team.  At the end of the pipeline is ThreadFix to manage all the 
findings from all the sources. Finally we incorporated a chatbot to tie 
all the information into one place. This talk will cover the motivation 
behind an AppSec pipeline, its implementation and how it can help you 
get the most out of your AppSec program.

* John Baek - "Back to Basics: Application Assessment 101 - Pen Test 
Using Proxy Tool (Burp Suite Pro/ZAP)"

We will drill down one aspect of web application assessment: web app 
penetration test. We'll discuss a popular tool for performing web app 
pen test and what the tester needs to understand to make it a 
successful/useful assessment. The techniques presented here can be used 
in your SDLC to look for security flaws (hopefully prior to the 
production release).


Hope to see you all for lunch next Thursday.

Cheers,

-- 

Justin C. Klein Keane
http://www.MadIrish.net


More information about the OWASP-Philadelphia mailing list