[OWASP-Portland] August and September meetings and 2018 Training Day

Bhushan Gupta bhushan.gupta at comcast.net
Mon Aug 6 16:00:08 UTC 2018


Thank you very much for taking care of these two months. Really appreciate it.


I am back everyone.

Bhushan

> On July 31, 2018 at 11:21 AM Ian Melven <ian.melven at gmail.com> wrote:
> 
> 
>     More details on the September meeting can be found here :  http://calagator.org/events/1250474069
> 
>     cheers,
>     ian
> 
> 
>     On Tue, Jul 31, 2018 at 11:20 AM, Ian Melven <ian.melven at gmail.com mailto:ian.melven at gmail.com > wrote:
> 
>         > > 
> >         Hello !
> > 
> >         August's meeting is 8/9 at 6 pm. The speaker is Anna Lorimer @securitanna presenting "Security Internships: Bringing up the next generation of hackers". 
> > 
> >         Software engineering internships are increasingly popular and are becoming an integral part of career development for newcomers to the tech scene.They’re also valuable to any organization because they give senior engineers the opportunity to pass on knowledge and make it easier to find full time hires down the road. While there’s plenty of information about how to run a software engineering internship, the same can’t be said for security internships. In this talk I’ll discuss how security internships differ from regular software engineering internships, how to find interns, and how to structure internships to set up both your organization and the intern(s) for success.
> > 
> >         Bio:
> > 
> >         Anna Lorimer is an undergraduate student studying math and computer science at the University of Waterloo in Waterloo, Canada. She’s done 5 internships over the course of her undergraduate career and is currently doing her sixth with New Relic’s Product Security Team in Portland. She is also the co-founder of StarCon, a technology conference focused on the joy of technology and building a community around sharing technical knowledge.
> > 
> >         We'll be hosted by New Relic. More details here:  http://calagator.org/events/1250474068 http://calagator.org/events/1250474068
> > 
> >         ------
> > 
> >         September's meeting will be 9/18 at 6pm, hosted by @simple. The speaker will be John L. Whiteman presenting "SAST and the Bad Human Code Project" comparing static analysis tools and promoting a new project to help test them. 
> > 
> >         Static application security testing (SAST) is the automated analysis of source code both in its text and compiled forms. Lint is considered to be one of the first tools to analyze source code and this year marks its 40th anniversary. Even though it wasn't explicitly searching for security vulnerabilities back then, it did flag suspicious constructs. Today there are a myriad of tools to choose from both open source and commercial. We did a comparative analysis of scanners specifically focused on web application vulnerabilities. We then turned our attention to finding additional ways to aggregate and correlate data from other sources such as git logs, code complexity analyzers and even a roster of students who completed a secure coding class. We wanted to go beyond just triaging in isolation the vulnerable code snippets reported by the SAST scanners. People write the code so why not use these added data features in an attempt to build a predictive vulnerability model if possible. We are not there yet but learned many things along the way.
> > 
> >         We also want to call attention to a new open source initiative called The Bad Human Code Project. We need people to contribute intentionally vulnerable code snippets in as many programming languages as possible. Furthermore, we encourage folks to scan this project's repository and upload the results so others can review them for their SAST needs.
> > 
> >         Speaker's Bio:
> > 
> >         John L. Whiteman is a web application security engineer at Oregon Health and Science University. He builds security tools and teaches a hands-on secure coding class to developers, researchers and anyone else interested in protecting data at the institution. He previously worked as a security researcher for Intel's Open Source Technology Center. John recently completed a Master of Computer Science at Georgia Institute of Technology specializing in Interactive Intelligence. He loves talking with like-minded people who are interested in building the next generation of security controls using technologies such as machine learning and AI.
> > 
> >         ------
> > 
> >         More details on Training Day 2018 will be coming up soon! In addition to adding a 4th track with 2 more classes, we also have a brand new awesome venue for this year. We can't wait to show you the amazing classes we have lined up this year. You can take a look at last year's info here:  https://www.owasp.org/index.php/OWASP_Portland_2017_Training_Day https://www.owasp.org/index.php/OWASP_Portland_2017_Training_Day
> > 
> >         cheers,
> >         ian
> > 
> > 
> > 
> >     > 
>     --
>     OWASP-portland mailing list
>     https://lists.owasp.org/mailman/listinfo/owasp-portland
>     Please contact owasp-portland-owner at lists.owasp.org prior to posting any advertisements.
>     A sincere thanks to our chapter supporters:
>     https://owasp.org/index.php/Portland#Chapter_Supporters
> 
> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-portland/attachments/20180806/54c68c6f/attachment.html>


More information about the OWASP-portland mailing list