[OWASP-Portland] August and September meetings and 2018 Training Day

Ian Melven ian.melven at gmail.com
Tue Jul 31 18:20:01 UTC 2018

Hello !

August's meeting is 8/9 at 6 pm. The speaker is Anna Lorimer @securitanna
presenting "Security Internships: Bringing up the next generation of

Software engineering internships are increasingly popular and are becoming
an integral part of career development for newcomers to the tech
scene.They’re also valuable to any organization because they give senior
engineers the opportunity to pass on knowledge and make it easier to find
full time hires down the road. While there’s plenty of information about
how to run a software engineering internship, the same can’t be said for
security internships. In this talk I’ll discuss how security internships
differ from regular software engineering internships, how to find interns,
and how to structure internships to set up both your organization and the
intern(s) for success.


Anna Lorimer is an undergraduate student studying math and computer science
at the University of Waterloo in Waterloo, Canada. She’s done 5 internships
over the course of her undergraduate career and is currently doing her
sixth with New Relic’s Product Security Team in Portland. She is also the
co-founder of StarCon, a technology conference focused on the joy of
technology and building a community around sharing technical knowledge.

We'll be hosted by New Relic. More details here:


September's meeting will be 9/18 at 6pm, hosted by @simple. The speaker
will be John L. Whiteman presenting "SAST and the Bad Human Code Project"
comparing static analysis tools and promoting a new project to help test

Static application security testing (SAST) is the automated analysis of
source code both in its text and compiled forms. Lint is considered to be
one of the first tools to analyze source code and this year marks its 40th
anniversary. Even though it wasn't explicitly searching for security
vulnerabilities back then, it did flag suspicious constructs. Today there
are a myriad of tools to choose from both open source and commercial. We
did a comparative analysis of scanners specifically focused on web
application vulnerabilities. We then turned our attention to finding
additional ways to aggregate and correlate data from other sources such as
git logs, code complexity analyzers and even a roster of students who
completed a secure coding class. We wanted to go beyond just triaging in
isolation the vulnerable code snippets reported by the SAST scanners.
People write the code so why not use these added data features in an
attempt to build a predictive vulnerability model if possible. We are not
there yet but learned many things along the way.

We also want to call attention to a new open source initiative called The
Bad Human Code Project. We need people to contribute intentionally
vulnerable code snippets in as many programming languages as possible.
Furthermore, we encourage folks to scan this project's repository and
upload the results so others can review them for their SAST needs.

Speaker's Bio:

John L. Whiteman is a web application security engineer at Oregon Health
and Science University. He builds security tools and teaches a hands-on
secure coding class to developers, researchers and anyone else interested
in protecting data at the institution. He previously worked as a security
researcher for Intel's Open Source Technology Center. John recently
completed a Master of Computer Science at Georgia Institute of Technology
specializing in Interactive Intelligence. He loves talking with like-minded
people who are interested in building the next generation of security
controls using technologies such as machine learning and AI.


More details on Training Day 2018 will be coming up soon! In addition to
adding a 4th track with 2 more classes, we also have a brand new awesome
venue for this year. We can't wait to show you the amazing classes we have
lined up this year. You can take a look at last year's info here:

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-portland/attachments/20180731/ff3025bf/attachment.html>

More information about the OWASP-portland mailing list