[Owasp-sanantonio] September meeting: Agile and Secure

Dan Cornell dan at denimgroup.com
Thu Sep 7 02:32:37 EDT 2006


The September OWASP San Antonio meeting is going to be a great one!  We
will be having a sneak-preview of a talk being given to the national
OWASP AppSec 2006 conference on integrating security into Agile
methodologies.  Details are below.  Please make plans to attend and
invite anyone who you think might be interested.

Also because we are expecting high turnout for this event, please RSVP
to brittany at denimgroup.com so we can better plan for venue and snacks.




San Antonio OWASP Chapter: September 2006 Meeting
Topic: Agile and Secure: Can We Be Both?
Presenter: Keith Landrus
Date: 9/27/2006, 11:30am - 1:00pm
San Antonio Technology Center (Web Room)
3463 Magic Drive
San Antonio, TX 78229

Software development organizations find themselves being pulled in two
directions.  Agile software development methodologies such as eXtreme
Programming and Scrum have allowed organizations to be more responsive
to business concerns by involving the customer, increasing the pace of
stable releases and decreasing the time required before new features are
deployed.  In addition, a more aggressive regulatory environment as well
as an increased focus on security requires that organizations more
reliably produce secure software applications.  Traditional approaches
to security and compliance are very top-down and document-centric, but
these approaches often run counter to the spirit of agile software
development methodologies.

This presentation examines the goals of both agility and security and
discusses strategies for making the two compatible - or at least for
minimizing the conflict between them.  First, the fundamentals of secure
software development are outlined to provide a baseline that any
methodology - traditional or agile - must follow.  The practices of
agile development are examined from the viewpoint of providing security
assurance.  Potential modifications to those practices are discussed
that provide an approach to creating the artifacts required for
compliance and security assurance with a minimum of impact on the
typically documentation-light agile development practices.  Finally, the
unavoidable conflicts between security and agility are discussed and
recommendations are provided so that organizations can make the tough
decisions appropriate to their environment in order to enforce the
requisite amount of security while still remaining responsive to
business concerns.

Sodas and snacks will be provided.  Feel free to bring a brown-bag

Please RSVP: E-mail owasprsvp at denimgroup.com  or call (210) 572-4400.

More information about the Owasp-sanantonio mailing list