[Owasp-sanantonio] OWASP San Antonio March Meeting - Web Application Remediation

Dan Cornell dan at denimgroup.com
Tue Feb 27 13:53:00 EST 2007


All:

Sorry for the lag time since the last meeting but we are now gearing up
for the 2007 series of OWASP San Antonio meetings.  The first meeting
will be March 28th at 11:30 and the presentation will be on web
application remediation.  See below for specific details and please feel
free to invite anyone who might be interested.

Thanks,

Dan

=======================================================

San Antonio OWASP Chapter: March 2007 Meeting
Topic: Web Application Remediation
Presenter: Dan Cornell
Date: March 28th, 11:30am - 1:00pm
Location:
San Antonio Technology Center (Web Room)
3463 Magic Drive
San Antonio, TX 78229
http://maps.google.com/maps?f=q&hl=en&q=3463+Magic+Drive,+San+Antonio,+T
X+78229

Abstract:
What do you do when the dust settles after a web application assessment
or penetration test?  You know you have applications with
vulnerabilities and you know your organization is exposed to risks.  How
do you go about addressing these risks while still making progress on an
already aggressive development schedule?  What issues need to be fixed
and which can be ignored until later.

This presentation will discuss strategies for organizations remediating
vulnerable web applications.  It focuses on practical concerns for
planning and executing a successful remediation effort.
*	Classifying risks and ranking the severity of web application
vulnerabilities using tools such as STRIDE and DREAD
*	Making challenging tradeoff decisions about which
vulnerabilities to address and which risks to live with
*	Planning and executing remediation tasks and integrating these
with existing project plans and timelines
*	Integrating lessons learned from the assessment and remediation
back into your organization's SDLC

Presenter Bio:
Dan Cornell is a Principal of the Denim Group, a Texas-based consultancy
providing software development and application security services.  He
has extensive experience architecting and developing enterprise web
applications on a variety of platforms as well as training and mentoring
development teams on application security and secure coding techniques.
Dan is the creator and primary author of the sprajax open source AJAX
security assessment tool.  He is an MCSD as well as a Java 2 Certified
Programmer.

Sodas and snacks will be provided.  Feel free to bring a brown-bag
lunch.

Please RSVP: E-mail owasprsvp at denimgroup.com  or call (210) 572-4400.


More information about the Owasp-sanantonio mailing list