[OWASP-Portland] August and September meetings and 2018 Training Day

Ian Melven ian.melven at gmail.com
Tue Jul 31 18:21:46 UTC 2018

More details on the September meeting can be found here :


On Tue, Jul 31, 2018 at 11:20 AM, Ian Melven <ian.melven at gmail.com> wrote:

> Hello !
> August's meeting is 8/9 at 6 pm. The speaker is Anna Lorimer @securitanna
> presenting "Security Internships: Bringing up the next generation of
> hackers".
> Software engineering internships are increasingly popular and are becoming
> an integral part of career development for newcomers to the tech
> scene.They’re also valuable to any organization because they give senior
> engineers the opportunity to pass on knowledge and make it easier to find
> full time hires down the road. While there’s plenty of information about
> how to run a software engineering internship, the same can’t be said for
> security internships. In this talk I’ll discuss how security internships
> differ from regular software engineering internships, how to find interns,
> and how to structure internships to set up both your organization and the
> intern(s) for success.
> Bio:
> Anna Lorimer is an undergraduate student studying math and computer
> science at the University of Waterloo in Waterloo, Canada. She’s done 5
> internships over the course of her undergraduate career and is currently
> doing her sixth with New Relic’s Product Security Team in Portland. She is
> also the co-founder of StarCon, a technology conference focused on the joy
> of technology and building a community around sharing technical knowledge.
> We'll be hosted by New Relic. More details here: http://calagator.org/
> events/1250474068
> ------
> September's meeting will be 9/18 at 6pm, hosted by @simple. The speaker
> will be John L. Whiteman presenting "SAST and the Bad Human Code Project"
> comparing static analysis tools and promoting a new project to help test
> them.
> Static application security testing (SAST) is the automated analysis of
> source code both in its text and compiled forms. Lint is considered to be
> one of the first tools to analyze source code and this year marks its 40th
> anniversary. Even though it wasn't explicitly searching for security
> vulnerabilities back then, it did flag suspicious constructs. Today there
> are a myriad of tools to choose from both open source and commercial. We
> did a comparative analysis of scanners specifically focused on web
> application vulnerabilities. We then turned our attention to finding
> additional ways to aggregate and correlate data from other sources such as
> git logs, code complexity analyzers and even a roster of students who
> completed a secure coding class. We wanted to go beyond just triaging in
> isolation the vulnerable code snippets reported by the SAST scanners.
> People write the code so why not use these added data features in an
> attempt to build a predictive vulnerability model if possible. We are not
> there yet but learned many things along the way.
> We also want to call attention to a new open source initiative called The
> Bad Human Code Project. We need people to contribute intentionally
> vulnerable code snippets in as many programming languages as possible.
> Furthermore, we encourage folks to scan this project's repository and
> upload the results so others can review them for their SAST needs.
> Speaker's Bio:
> John L. Whiteman is a web application security engineer at Oregon Health
> and Science University. He builds security tools and teaches a hands-on
> secure coding class to developers, researchers and anyone else interested
> in protecting data at the institution. He previously worked as a security
> researcher for Intel's Open Source Technology Center. John recently
> completed a Master of Computer Science at Georgia Institute of Technology
> specializing in Interactive Intelligence. He loves talking with like-minded
> people who are interested in building the next generation of security
> controls using technologies such as machine learning and AI.
> ------
> More details on Training Day 2018 will be coming up soon! In addition to
> adding a 4th track with 2 more classes, we also have a brand new awesome
> venue for this year. We can't wait to show you the amazing classes we have
> lined up this year. You can take a look at last year's info here:
> https://www.owasp.org/index.php/OWASP_Portland_2017_Training_Day
> cheers,
> ian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-portland/attachments/20180731/21fa1b10/attachment.html>

More information about the OWASP-portland mailing list