October 2012 OWASP NoVA Meeting
Thursday, October 4, 2012 from 6:00 PM to 8:00 PM (EDT)
San Francisco, California
London, United Kingdom
The October 2012 OWASP NoVa Chapter meeting will be held at LivingSocial in Reston, VA.
We will have food, soda, and beer as always. This month, we will be drinking awesome fall beers.
Our presenter for October is Dan Cornell. His presentation is titled "Benchmarking Web Application Scanners for YOUR Organization"
Abstract: Web applications pose significant risks for organizations. The selection of an appropriate scanning product or service can be challenging because every organization develops their web applications differently and decisions made by developers can cause wide swings in the value of different scanning technologies. To make a solid, informed decision, organizations need to create development team- and organization-specific benchmarks for the effectiveness of potential scanning technologies. This involves creating a comprehensive model of false positives, false negatives and other factors prior to mandating analysis technologies and making decisions about application risk management. This presentation provides a model for evaluating application analysis technologies, introduces an open source tool for benchmarking and comparing tool effectiveness, and outlines a process for making organization-specific decisions about analysis technology selection.
Speaker Bio: Dan Cornell has over 15 years experience architecting and developing web-based software systems. As CTO, he leads Denim Group's security research team in investigating the application of secure coding and development techniques to improve web-based software development methodologies. He also heads the Denim Group security research team, investigating the application of secure coding and development techniques to the improvement of web-based software development methodologies. Dan currently serves as the OWASP San Antonio chapter leader, member of the OWASP Global Membership Committee and co-lead of the OWASP Open Review Project. Dan has spoken at numerous security conferences, such as RSA in San Francisco, OWASP EU Research in Athens and OWASP AppSec USA in Minneapolis.