[Owasp-sanantonio] Bring a developer to Wednesday's OWASP San Antonio meeting

Dan Cornell dan at denimgroup.com
Mon Nov 11 16:19:06 UTC 2013


All:

The next OWASP San Antonio meeting with be Wed November 13th from 11:30 -
1:00pm at the San Antonio Technology Center. Specific details available
below and also from the OWASP San Antonio page:
https://www.owasp.org/index.php/San_Antonio


Mac Collins and I will be talking about some of the DHS-funded research
we've been working on and how we're using it to make security testing
tools and developer tools work better together. I've said it before but
this time I really mean it - if you're a security person, please bring a
developer. If you're a developer, please bring a security person.

Also as always - FREE LUNCH!



Thanks,

Dan

=======

San Antonio OWASP Chapter: Wednesday, November 13, 2013

Topic: Hybrid Analysis Mapping: Making Security and Development Tools Play
Nice Together
Presenters: Dan Cornell and Mac Collins
Date: Wednesday, November 13, 2013
Time: 11:30am-1:00pm
Location: San Antonio Technology Center (Web Room)
3463 Magic Drive
San Antonio, TX 78229
http://maps.google.com/maps?f=q&hl=en&q=3463+Magic+Drive,+San+Antonio,+TX+7
8229

Abstract:
Developers want to write code and security testers want to break it and
both groups have specialized tools supporting these goals. The problem is
security testers need to know more about application code to do better
testing and developers need to be able to quickly address problems found
by security testers. This presentation looks at both groups and their
respective toolsets and explores ways they can help each other out.
Two different interactions are examined:
€	How can knowledge of code make application scanning better?
€	How can application scan results be mapped back to specific lines of
code?
Using open source examples built on OWASP ZAP, ThreadFix and Eclipse, the
presentation walks through the process of seeding web applications scans
with knowledge gleaned from code analysis as well as the mapping of
dynamic scan results to specific line of code. The end result is a
combination of testing and remediation workflows that help both security
testers and software developers be more effective. Particular attention is
give to Java/JSP applications and Java/Spring applications and how teams
using these frameworks can best benefit from these interactions.
Lunch will be provided. Please RSVP: E-mail owasprsvp at denimgroup.com or
call (210) 572-4400.









More information about the Owasp-sanantonio mailing list