[OWASP-Philadelphia] Next meeting - July 30, 11:30am-1pm in Kennet Square
Justin Klein Keane
justin at madirish.net
Tue Jul 21 19:03:18 UTC 2015
our next meeting will be held during lunch on July 30, 11:30am - 1pm
633 E Cypress St
Kennett Square, PA 19348
Parking: Ample parking on site, will not be an issue
We'll be dipping into the chapter funds to provide some pizza. There
will be two roughly 30 minute talks presented:
* Aaron Weaver - "Building an AppSec Pipeline"
Are you currently running an AppSec program? AppSec programs fall into
a odd middle ground; highly technical interactions with the dev and ops
teams yet a practical business focus is required as you go up the org
chart. How can you keep your far too small team efficient while making
sure you meet the needs of the business all while making sure you're
catching vulnerabilities as early and often as possible?
This talk will discuss a real world case study of an AppSec Pipeline.
The pipeline starts with "Bag of Holding", an open source web
application which helps automate and streamline the activities of your
AppSec team. At the end of the pipeline is ThreadFix to manage all the
findings from all the sources. Finally we incorporated a chatbot to tie
all the information into one place. This talk will cover the motivation
behind an AppSec pipeline, its implementation and how it can help you
get the most out of your AppSec program.
* John Baek - "Back to Basics: Application Assessment 101 - Pen Test
Using Proxy Tool (Burp Suite Pro/ZAP)"
We will drill down one aspect of web application assessment: web app
penetration test. We'll discuss a popular tool for performing web app
pen test and what the tester needs to understand to make it a
successful/useful assessment. The techniques presented here can be used
in your SDLC to look for security flaws (hopefully prior to the
Hope to see you all for lunch next Thursday.
Justin C. Klein Keane
More information about the OWASP-Philadelphia