[OWASP-Portland] August and September meetings and 2018 Training Day
russell.adam.m at gmail.com
Tue Jul 31 21:47:01 UTC 2018
Is that the most recent page for training day? That appears to be for
2017. Is there one for 2018 yet?
On Tue, Jul 31, 2018 at 11:22 AM Ian Melven <ian.melven at gmail.com> wrote:
> More details on the September meeting can be found here :
> On Tue, Jul 31, 2018 at 11:20 AM, Ian Melven <ian.melven at gmail.com> wrote:
>> Hello !
>> August's meeting is 8/9 at 6 pm. The speaker is Anna Lorimer @securitanna
>> presenting "Security Internships: Bringing up the next generation of
>> Software engineering internships are increasingly popular and are
>> becoming an integral part of career development for newcomers to the tech
>> scene.They’re also valuable to any organization because they give senior
>> engineers the opportunity to pass on knowledge and make it easier to find
>> full time hires down the road. While there’s plenty of information about
>> how to run a software engineering internship, the same can’t be said for
>> security internships. In this talk I’ll discuss how security internships
>> differ from regular software engineering internships, how to find interns,
>> and how to structure internships to set up both your organization and the
>> intern(s) for success.
>> Anna Lorimer is an undergraduate student studying math and computer
>> science at the University of Waterloo in Waterloo, Canada. She’s done 5
>> internships over the course of her undergraduate career and is currently
>> doing her sixth with New Relic’s Product Security Team in Portland. She is
>> also the co-founder of StarCon, a technology conference focused on the joy
>> of technology and building a community around sharing technical knowledge.
>> We'll be hosted by New Relic. More details here:
>> September's meeting will be 9/18 at 6pm, hosted by @simple. The speaker
>> will be John L. Whiteman presenting "SAST and the Bad Human Code Project"
>> comparing static analysis tools and promoting a new project to help test
>> Static application security testing (SAST) is the automated analysis of
>> source code both in its text and compiled forms. Lint is considered to be
>> one of the first tools to analyze source code and this year marks its 40th
>> anniversary. Even though it wasn't explicitly searching for security
>> vulnerabilities back then, it did flag suspicious constructs. Today there
>> are a myriad of tools to choose from both open source and commercial. We
>> did a comparative analysis of scanners specifically focused on web
>> application vulnerabilities. We then turned our attention to finding
>> additional ways to aggregate and correlate data from other sources such as
>> git logs, code complexity analyzers and even a roster of students who
>> completed a secure coding class. We wanted to go beyond just triaging in
>> isolation the vulnerable code snippets reported by the SAST scanners.
>> People write the code so why not use these added data features in an
>> attempt to build a predictive vulnerability model if possible. We are not
>> there yet but learned many things along the way.
>> We also want to call attention to a new open source initiative called The
>> Bad Human Code Project. We need people to contribute intentionally
>> vulnerable code snippets in as many programming languages as possible.
>> Furthermore, we encourage folks to scan this project's repository and
>> upload the results so others can review them for their SAST needs.
>> Speaker's Bio:
>> John L. Whiteman is a web application security engineer at Oregon Health
>> and Science University. He builds security tools and teaches a hands-on
>> secure coding class to developers, researchers and anyone else interested
>> in protecting data at the institution. He previously worked as a security
>> researcher for Intel's Open Source Technology Center. John recently
>> completed a Master of Computer Science at Georgia Institute of Technology
>> specializing in Interactive Intelligence. He loves talking with like-minded
>> people who are interested in building the next generation of security
>> controls using technologies such as machine learning and AI.
>> More details on Training Day 2018 will be coming up soon! In addition to
>> adding a 4th track with 2 more classes, we also have a brand new awesome
>> venue for this year. We can't wait to show you the amazing classes we have
>> lined up this year. You can take a look at last year's info here:
> OWASP-portland mailing list
> Please contact owasp-portland-owner at lists.owasp.org prior to posting any
> A sincere thanks to our chapter supporters:
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-portland