[Owasp-twincities] Michael Coates 4/18 and John Steven 4/25

Adam Baso adam.baso at owasp.org
Tue Apr 19 22:46:18 EDT 2011

Hi everybody. The replay of last night's meeting with Michael Coates
on Attack Aware Applications with AppSensor is available.


Don't forget to register for the meeting this upcoming week on Monday,
April 25, 2011 if you haven't done so already - John Steven will be on
site in person discussing threat modeling. Spread the word to a
software architect you know!



Date: Monday, April 25, 2011


6:00 PM Room opens for networking, CPE signup

6:25 PM Welcome: OWASP chapter updates

6:30 PM John Steven, Cigital

8:00 PM Upcoming events reminder and meeting wrap-up

Thank You: Advance IT Minnesota for sponsoring our meeting location.
Please contact Lorna at lorna.alamri at owasp.org or 651-338-0243 if you
would like to sponsor a meeting or meeting location for an upcoming
OWASP MSP meeting.

The Presentation:

Threat Modeling (by example)

How will attackers break your web application? How much security
testing is enough? Do I have to worry about insiders? Threat modeling,
applied with a risk management approach, can answer both of these
questions if done correctly. This talk will present advanced threat
modeling step-wise through examples and exercises using the Java EE
platform and focusing on authentication, authorization, and session
management. Participants will learn, through interactive exercise on
real software architectures, how to use diagramming techniques to
explicitly document threats their applications face, identify how
assets worth protecting manifest themselves within the system, and
enumerate the attack vectors these threats take advantage of.
Participants will then engage in secure design activities, learning
how to use the threat model to specify compensating controls for
specified attack vectors. Finally, we'll discuss how the model can
drive security testing and validate an application resists specified

The Speaker:

John Steven

John Steven, Senior Director, Advanced Technology Consulting, Cigital,
brings to this newly-created division of the company both depth and
breadth in software security. His experience includes research in
static code analysis and hands-on architecture and implementation of
high-performance, scalable Java EE systems. John has provided security
consulting services to a broad variety of commercial clients including
two of the largest trading platforms in the world and has advised
America's largest internet provider in the Midwest on security and
forensics. John led the development of Cigital's architectural
analysis methodology and its approach to deploying enterprise software
security frameworks. He has demonstrated success in building Cigital's
intellectual property for providing cutting-edge security. He brings
this experience and a track record of effective strategic innovation
to clients seeking to change, whether to adopt more cutting-edge
approaches, or to solidify ROI. John currently chairs the SD Best
Practices security track and co-edits the building security in
department of IEEE's Security and Privacy magazine. John has served on
numerous conference panels regarding software security, wireless
security and Java EE system development. He holds a B.S. in Computer
Engineering and an M.S. in Computer Science from Case Western Reserve

Thank you to our meeting sponsor, Advance IT Minnesota.

Location: UAW-Ford-MnSCU Training Center, 966 S Mississippi River
Blvd, Saint Paul, MN 55116

Registration closes at 3:00 PM Central Time on the day of the meeting.

Registration is required.


Adam Baso
OWASP Minneapolis-St. Paul Chapter President

OWASP MSP: Host to OWASP AppSec USA 2011
September 20-23 Training, Talks, CTF, and Showroom
@appsecusa, @owaspmsp

On Mon, Apr 11, 2011 at 10:51 PM, Adam Baso <adam.baso at owasp.org> wrote:
> Great news - we have two awesome speakers lined up two weeks in a row
> for OWASP MSP meetings! Register now.
> Monday, April 18, 2011
> Michael Coates: Attack Aware Applications
> Delivery Method: Live interactive webcast from Mozilla (California)
> Meeting Location: Open Book in Minneapolis
> More Info: http://michaelcoatesappsensor.eventbrite.com/.
> Room opens at 6:00 PM, speaker at 6:30 PM.
> Monday, April 25, 2011
> John Steven: Threat Modeling (by example)
> Delivery Method: Live on site in Highland Park
> Meeting Location: UAW-Ford-MnSCU Training Center
> More Info and Register: http://johnsteventhreatmodeling.eventbrite.com/.
> Room opens at 6:00 PM, speaker at 6:30 PM.
> Thanks to our terrific sponsors: Best Buy, Advance IT Minnesota,
> Accuvant, and Midwave. Your support and the support of our members
> drives our chapter's success.
> I would also like to personally thank Concord Consulting, for hosting
> last month's meeting where I discussed application security in a
> nutshell, and U.S. Bank, for hosting many meetings.
> See you soon!
> --
> Adam Baso
> OWASP Minneapolis-St. Paul Chapter President
> OWASP MSP: Host to OWASP AppSec USA 2011
> September 20-23 Training, Talks, CTF, and Showroom
> www.appsecusa.org
> @appsecusa, @owaspmsp

More information about the Owasp-twincities mailing list