[Owasp-twincities] January Agenda Ideas

Sam Buchanan Sam.Buchanan at so.mnscu.edu
Fri Jan 6 10:32:10 EST 2006


Bob Sullivan wrote:
> Ideas for the January Meeting (1/10 6:00pm Golden Valley Library)

Thank you, Bob, for digging in and making these suggestions. 

I like the idea of going through a WebGoat lesson or two. If I didn't
have a baby due any day now and could be confident that I'll be at
Tuesday's meeting, I'd volunteer. Maybe for a future month. I'll tell
you what I'd be interested in seeing: exploiting thread safety problems.
That's an area I'm not nearly adequately familiar with.

As for security books... the Web Application Security Consortium has a
list specific to web apps:
http://www.webappsec.org/web_security_books.shtml 

I would be very much interested in hearing someone's experiences with
threat modeling. It's a practice I'm trying to introduce to our
development process, but all I really have to go on is what I've read of
Microsoft's experiences. These are detailed enough and useful, but I'd
like to hear from anyone on the group who has more direct experience
with threat modeling.

Question: monthly meetings don't seem to be working for us right now.
Should we try for bimonthly until there's more active and assured
partication?

Thanks again, Bob.
Sam




More information about the Owasp-twincities mailing list