OWASP DC August Meeting August 5, 2009

The meeting this month is in Room 553 D on the 5th floor of Duques Hall at the George Washington University, which is located at 2201 G St. NW Washington, DC 20037

This month, we will have

* Dan Cornell of the Denim Group speaking on Vulnerability Management in an Application Security World

* Mike Smith of Deloitte speaking on SCAP and how it can integrate with web application security.

* Doug Wilson will also give an update on AppSecDC 2009, and where the conference is in terms of development.

About our speakers:

Dan Cornell has over twelve years of experience architecting and developing web-based software systems. He leads Denim Group's security research team in investigating the application of secure coding and development techniques to improve web-based software development methodologies.

Dan was the founding coordinator and chairman for the Java Users Group of San Antonio (JUGSA) and currently serves as the OWASP San Antonio chapter leader, member of the OWASP Global Membership Committee and co-lead of the OWASP Open Review Project. Dan has spoken at such international conferences as ROOTs in Norway and OWASP EU Summit in Portugal.

Vulnerability Management in an Application Security World

This presentation outlines strategies security teams can use for communicating with development teams to manage and ultimately correct application-level vulnerabilities. Similarities and differences between the security practice of vulnerability management and the development practice of defect management are also addressed.

Michael Smith is a manager in Deloitte's Security and Privacy Practice. His current engagement is as an Information System Security Officer working with a government agency integrating embedded devices with a web application command and control system. He blogs at http://www.guerilla-ciso.com/ and covers security management, public policy, regulations and laws, and technical solutions.

SCAP is the Security Content Automation Protocol, a set of XML schemas designed to automate information security flows between vulnerability, patch management, and data center automation tools. Michael will be giving us an introduction to SCAP and its applicability to web application security with a call to action to make web application security products and processes compatible with SCAP.

Note on Transportation and Parking

Parking on campus is at a premium and visitors are encouraged to use public transportation when visiting the campus. The nearest METRO stop, Foggy Bottom/GWU located on the Orange/Blue lines, is a short 3 block walk from the Marvin Center

The Marvin Center Garage operates from 7am - midnight Monday through Friday and is closed on weekends. Make sure you have your car out by 11:45pm. A visitor's parking garage is located between 23rd and 22nd Streets and H and Eye Streets. The visitor entrance is on Eye Street.

Official Website: http://www.owasp.org/index.php/Washington_DC