[Owasp-twincities] March 16th OWASP Meeting -Dan Cornell - Vulnerability Management in an Application Security World

Lorna Alamri lalamri at go-integral.com
Wed Mar 4 16:09:54 EST 2009


When: Monday, March 16, 2009 5:30 PM-8:00 PM (GMT-06:00) Central Time (US & Canada).
Where: MnScu MEC M.1600, (1st Floor of the Management Education Center) MnScu Minneapolis Campus http://www.minneapolis.edu/campusmaps/

*~*~*~*~*~*~*~*~*~*

March OWASP Meeting -Dan Cornell
Topic Overview: 
Vulnerability Management in an Application Security World

Identifying application-level vulnerabilities via penetration tests and code reviews is only the first step in actually addressing the underlying risk. Managing vulnerabilities for applications is more challenging than dealing with traditional infrastructure-level vulnerabilities because they typically require the coordination of security teams with application development teams and require security managers to secure time from developers during already-cramped development and release schedules. In addition, fixes require changes to custom application code and application-specific business logic rather than the patches and configuration changes that are often sufficient to address infrastructure-level vulnerabilities.
This presentation details many of the pitfalls organizations encounter while trying to manage application-level vulnerabilities as well as outlines strategies security teams can use for communicating with development teams. Similarities and differences between security teams' practice of vulnerability management and development teams' practice of defect management will be addressed in order to facilitate healthy communication between these groups.
Speaker Bio: 
Dan Cornell has over ten years of experience architecting, developing and securing web-based software systems. As a Principal of Denim Group, he leads the organization's technology team overseeing methodology development and project execution for Denim Group's customers. He also heads the Denim Group application security research team, investigating the application of secure coding and development techniques to the improvement of web based software development methodologies. He is also the primary author of sprajax, Denim Group's open source tool for assessing the security of AJAX-enabled web applications. 
Date: Monday March 16, 2009
Time: 5:30 p.m.
Location: MEC M.1600, (1st Floor of the Management Education Center) MnScu Minneapolis Campus http://www.minneapolis.edu/campusmaps/
Address: 1501 Hennepin Avenue, Minneapolis, MN 55403 
Directions: http://www.minneapolis.edu/directions.cfm
Agenda:
5:30 pm - Networking and optional sign-in for CISSP credits
6:00 pm - Introduction and Welcome: OWASP chapter updates 
6:15 pm - Dan Cornell
8:00 pm - Upcoming Events reminder and meeting wrap-up 
Announcements - Secure 360: 
Mark your calendars, Secure 360 will be held this May on May 12th and 13th. This is the premier security event in the region. Educational Keynote speakers Howard Schmidt  <http://www.secure360.org/pages/howard-schmidt> and David Kansas <http://www.secure360.org/pages/dave-kansas>  will present on the most relevant security issues of the day:  Government Security and Financial Sector Risk.

Whitfield Diffie is our special guest during the Featured Speaker Sessions on Tuesday, May 12th.

Our Featured Speakers <http://www.secure360.org/pages/featured-speakers>  cover the depth and breadth of current topics in security and risk management.  Tracks include:  Career Development, Enterprise, Future Trends, Resilience, Governance, and Security Technology.  (Additional Information Available at Educational Sessions. <http://www.secure360.org/pages/educational-sessions> )

Register by March 15, 2009 to attend the Secure 360 conference for only $259. The OWASP discount code is OWASP2009
http://guest.cvent.com/EVENTS/Info/Summary.aspx?i=a9d47649-a085-4680-93de-79d134d41ff7 to register by midnight on March 15th.

Conference information available at our website www.secure360.org.

For the latest on the conference read the conference newsletter at http://www.secure360.org/newsletter.

Thank you: 
http://www.strategicit.org/
Center for Strategic Information Technology and Security  <http://www.strategicit.org/> for sponsoring our meeting location. 
We currently are looking for a meeting sponsor for refreshments for the meeting and for the book give-away. 
Call Lorna at 651-338-0243 if you need directions or have questions. 

Lorna Alamri 
VP Twin Cities OWASP Group

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-twincities/attachments/20090304/7059f522/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/calendar
Size: 6107 bytes
Desc: not available
Url : https://lists.owasp.org/pipermail/owasp-twincities/attachments/20090304/7059f522/attachment.bin 


More information about the Owasp-twincities mailing list