[Owasp-sanantonio] Final reminder: Agile and Secure at OWASP San Antonio

Dan Cornell dan at denimgroup.com
Tue Sep 26 09:03:52 EDT 2006


Tomorrow is the OWASP San Antonio meeting where we will have Keith
Landrus talking about integrating security into Agile development
processes.  This talk is going to be presented at the national OWASP
AppSec 2006 conference so tomorrow is a great opportunity for a
sneak-peak.  Bring a friend - hope to see everyone there.

Details are below.




San Antonio OWASP Chapter: September 2006 Meeting
Topic: Agile and Secure: Can We Be Both?
Presenter: Keith Landrus
Date: 9/27/2006, 11:30am - 1:00pm
San Antonio Technology Center (Web Room)
3463 Magic Drive
San Antonio, TX 78229

Software development organizations find themselves being pulled in two
directions. Agile software development methodologies such as eXtreme
Programming and Scrum have allowed organizations to be more responsive
to business concerns by involving the customer, increasing the pace of
stable releases and decreasing the time required before new features are
deployed. In addition, a more aggressive regulatory environment as well
as an increased focus on security requires that organizations more
reliably produce secure software applications. Traditional approaches to
security and compliance are very top-down and document-centric, but
these approaches often run counter to the spirit of agile software
development methodologies.

This presentation examines the goals of both agility and security and
discusses strategies for making the two compatible - or at least for
minimizing the conflict between them. First, the fundamentals of secure
software development are outlined to provide a baseline that any
methodology - traditional or agile - must follow. The practices of agile
development are examined from the viewpoint of providing security
assurance. Potential modifications to those practices are discussed that
provide an approach to creating the artifacts required for compliance
and security assurance with a minimum of impact on the typically
documentation-light agile development practices. Finally, the
unavoidable conflicts between security and agility are discussed and
recommendations are provided so that organizations can make the tough
decisions appropriate to their environment in order to enforce the
requisite amount of security while still remaining responsive to
business concerns.

Presenter Bio:
Keith Landrus is the Director of Technology of the Denim Group, a
Texas-based consultancy providing software development and application
security services. He leads the development of internal Denim Group
technical standards and consults extensively with organizations on how
to adopt both agility and security in their software development
processes. Prior to his work with Denim Group he has architected and
developed a broad spectrum of applications from biometric access control
software to enterprise web software for the healthcare industry. His
technical background spans both the J2EE and Microsoft .NET development

Sodas and snacks will be provided. Feel free to bring a brown-bag lunch.

Please RSVP: E-mail owasprsvp at denimgroup.com or call (210) 572-4400.

More information about the Owasp-sanantonio mailing list