[Owasp-sanantonio] Next Meeting: Wed Nov 13 - Making Security and Development Tools Play Nice Together
dan at denimgroup.com
Wed Nov 6 20:42:56 UTC 2013
The next OWASP San Antonio meeting with be Wed November 13th from 11:30 -
1:00pm at the San Antonio Technology Center. Specific details available
below and also from the OWASP San Antonio page:
Mac Collins and I will be talking about some of the DHS-funded research
we've been working on and how we're using it to make security testing
tools and developer tools work better together. I've said it before but
this time I really mean it - if you're a security person, please bring a
developer. If you're a developer, please bring a security person.
Also as always - FREE LUNCH!
San Antonio OWASP Chapter: Wednesday, November 13, 2013
Topic: Hybrid Analysis Mapping: Making Security and Development Tools Play
Presenters: Dan Cornell and Mac Collins
Date: Wednesday, November 13, 2013
Location: San Antonio Technology Center (Web Room)
3463 Magic Drive
San Antonio, TX 78229
Developers want to write code and security testers want to break it and
both groups have specialized tools supporting these goals. The problem is
security testers need to know more about application code to do better
testing and developers need to be able to quickly address problems found
by security testers. This presentation looks at both groups and their
respective toolsets and explores ways they can help each other out.
Two different interactions are examined:
€ How can knowledge of code make application scanning better?
€ How can application scan results be mapped back to specific lines of
Using open source examples built on OWASP ZAP, ThreadFix and Eclipse, the
presentation walks through the process of seeding web applications scans
with knowledge gleaned from code analysis as well as the mapping of
dynamic scan results to specific line of code. The end result is a
combination of testing and remediation workflows that help both security
testers and software developers be more effective. Particular attention is
give to Java/JSP applications and Java/Spring applications and how teams
using these frameworks can best benefit from these interactions.
Lunch will be provided. Please RSVP: E-mail owasprsvp at denimgroup.com or
call (210) 572-4400.
More information about the Owasp-sanantonio