OWASP DC March Meeting March 24, 2010

Our next meeting will be March 24th at 6:30 PM, at 801 22nd Street NW, Room B149 on the GWU campus in Washington DC

(*NOTE NEW LOCATION*)

Refreshments will be provided. Our Agenda is as follows:

* Jeff Ennis from Veracode will be presenting on Application Risk Management
* Dan Philpott will be briefing on the upcoming NIST SP covering Web Application Security
* Chuck Willis will be giving an update on the OWASP BWA project and releasing and update to BWA
* Doug Wilson will update on plans for future meetings and upcoming events.

About our Speakers

Jeff Ennis

Jeff Ennis is a Solutions Architect for Veracode, Inc. He has more than 20 years experience in information technology. He recently served as Security Solutions Manager for the Federal Division of IBM Internet Security Systems, where he and his team of security architects assisted DoD, Civilian, and Intel agencies with addressing their security requirements as they dealt with an ever-changing threat landscape.. Throughout his career he has represented both the end user and vendor communities, including Nortel Networks, UUNET, and Lockheed Martin.

Abstract

Application Risk Management - Application vulnerabilities are steeply on the rise. At $350 billion per year software is the largest manufacturing industry in the world yet there are no uniform standards or insight into security, risk or liability of the final product. The development environment is becoming increasingly complex – application origin ranges from internally developed code, outsourced, 3rd party, Open Source, and Commercial Off the Shelf software. Ensuring that these entities are creating secure software is becoming a daunting task. Lots of emphasis is placed on IT controls, patching, etc, but the new attack vector is your application. During this presentation we will recap the state of software security today, discuss some initiatives which are requiring application risk management, and provide suggestions on how you can begin managing the application risk at your organization.

Dan Philpott

Dan is the maintainer of fismapedia.org, and a recognized expert in IT standards and policy in the DC Metro Area. Dan routinely helps review and contribute to NIST SP and Report documents.

Chuck Willis

Chuck is a Technical Director with MANDIANT, and the founder of the OWASP Broken Web Application Project (OWASP BWA). Chuck has presented on the OWASP BWA at AppSecDC 2009 and at DoD Cyber Crime 2010, and will be releasing an updated version of OWASP BWA at this meeting.

Note on Transportation and Parking

Parking on campus is at a premium and visitors are encouraged to use public transportation when visiting the campus. The nearest METRO stop, Foggy Bottom/GWU located on the Orange/Blue lines, is a short 3 block walk from the Marvin Center

The Marvin Center Garage operates from 7am - midnight Monday through Friday and is closed on weekends. Make sure you have your car out by 11:45pm. A visitor's parking garage is located between 23rd and 22nd Streets and H and Eye Streets. The visitor entrance is on Eye Street.

Official Website: http://www.owasp.org/index.php/Washington_DC