[Owasp-sanantonio] 2nd notice - Agile and Secure at San Antonio OWASP

Dan Cornell dan at denimgroup.com
Thu Sep 21 22:42:43 EDT 2006


This is just a heads-up that next Wednesday is the September meeting of
the San Antonio OWASP.  This is going to be a fantastic presentation in
preparation for the national OWASP conference in Seattle in mid-October.
The topic is how to integrate security in Agile development processes.
Please RSVP because we should have quite a crowd and we want to be sure
to have enough room.  More info is below.  Hope to see everyone there.




San Antonio OWASP Chapter: September 2006 Meeting
Topic: Agile and Secure: Can We Be Both?
Presenter: Keith Landrus
Date: 9/27/2006, 11:30am - 1:00pm
San Antonio Technology Center (Web Room)
3463 Magic Drive
San Antonio, TX 78229

Software development organizations find themselves being pulled in two
directions.  Agile software development methodologies such as eXtreme
Programming and Scrum have allowed organizations to be more responsive
to business concerns by involving the customer, increasing the pace of
stable releases and decreasing the time required before new features are
deployed.  In addition, a more aggressive regulatory environment as well
as an increased focus on security requires that organizations more
reliably produce secure software applications.  Traditional approaches
to security and compliance are very top-down and document-centric, but
these approaches often run counter to the spirit of agile software
development methodologies.

This presentation examines the goals of both agility and security and
discusses strategies for making the two compatible - or at least for
minimizing the conflict between them.  First, the fundamentals of secure
software development are outlined to provide a baseline that any
methodology - traditional or agile - must follow.  The practices of
agile development are examined from the viewpoint of providing security
assurance.  Potential modifications to those practices are discussed
that provide an approach to creating the artifacts required for
compliance and security assurance with a minimum of impact on the
typically documentation-light agile development practices.  Finally, the
unavoidable conflicts between security and agility are discussed and
recommendations are provided so that organizations can make the tough
decisions appropriate to their environment in order to enforce the
requisite amount of security while still remaining responsive to
business concerns.

Presenter Bio:
Keith Landrus is the Director of Technology of the Denim Group, a
Texas-based consultancy providing software development and application
security services.  He leads the development of internal Denim Group
technical standards and consults extensively with organizations on how
to adopt both agility and security in their software development
processes.  Prior to his work with Denim Group he has architected and
developed a broad spectrum of applications from biometric access control
software to enterprise web software for the healthcare industry.  His
technical background spans both the J2EE and Microsoft .NET development

Sodas and snacks will be provided.  Feel free to bring a brown-bag

Please RSVP: E-mail owasprsvp at denimgroup.com  or call (210) 572-4400.

More information about the Owasp-sanantonio mailing list