[Owasp-rochester-announce] November Meeting, etc

Michael Starks owaspmaillist at michaelstarks.com
Mon Oct 30 14:03:16 EST 2006

Hello Everyone,

Well, I told you that we had something special planned for November.
Now it's time to get the word out.  Our special guest in November will
be Matt Rose from Fortify Software.  Matt will be flying in especially
for OWASP Rochester to give a presentation on automated source code
analysis.  This should be a very interesting presentation.  And it
certainly doesn't hurt that Fortify will be providing food for the
evening.  Details can be found at the end of this message and, of
course, at the web site: https://www.owasp.org/index.php/Rochester

Due to limited space, we're asking that you RSVP if you'd like to
attend.  Of course, everyone is welcome.  Just give a holler to
fortifyrsvp at michaelstarks.com to let us now that you, and perhaps a
friend or co-worker, will be attending.

A note about the mailing lists:
Most chapters have only one mailing list.  We have chosen to have two:
one for announcements and one for general discussion.  For this month,
and this month *only*, I am sending announcements to both lists.
Starting next month, if you would like to receive notifications about
meeting announcements and other important chapter information, please
make sure you are subscribed to at least the announce list.  The URL to
subscribe can be found here:
http://lists.owasp.org/mailman/listinfo/owasp-rochester-announce  And
don't forget, the discussion list is for everyone to post on.  If you
see something interesting in the world of web app security, be sure to
let everyone know!

For those of you that missed the October presentation on 'The First of
the OWASP Top Ten: Unvalidated Input', by Steve Buck, it is now
available at the web site.

Hope to see you in November!

Michael Starks, CISSP
Rochester OWASP Webmaster & Communications

Presentation: Making Source Code Analysis Part of the Security Review
Process, by Matt Rose, Fortify Software.

How do you know if your software applications are secure? Manual audits
only cover a small percentage of the source code base and periodic
checks only provide a snapshot in time. Source code analysis allows
development organizations to manage software security by leveraging
well-documented best practices that can be automated. This session will
reveal how source code analysis can be a powerful tool for software
security architects, developers and QA professionals by pinpointing
security vulnerabilities throughout an entire code base as an integral
part of the development cycle, or as part of software security audits in
order to significantly improve application security. The session will
describe the ins and outs of the technology, including its limitations
and newly explored areas. Real life examples from actual engagements
will be used throughout.

More information about the Owasp-rochester-announce mailing list