San Francisco, California
London, United Kingdom
OWASP MSP Presents
Web Application Cooking with PASTA - Process for Attack Simulation and Threat Assessment
Date: Monday, February 11, 2013
5:30 PM Room opens for networking
6:15 PM Welcome: OWASP chapter update
6:30 PM Tony Uceda-Velez
7:45 PM Wrap-up
Thank You Cargill for sponsoring our meeting location
Talk Title: Web Application Cooking w/ PASTA - Process for Attack Simulation and Threat Assessment
The attack landscape has changed and is too dynamic to apply one dimensional strategies. Mitigation begins with planning and threat modeling is a great and integrated way to enhance greater governance around security via an integrated risk methodology such as PASTA, a risk centric or asset centric threat modeling methodology. Beyond simply attack enumeration and countermeasure development planning, PASTA allows for threat modelers to integrate security to a multitude of fractured security disciplines. Today's shifting attack landscape requires planning as to who your attackers are, what are they after, and why are they attacking you. The methodology of PASTA will be covered and applied to web application technologies for this discussion.
Tony UcedaVelez, CRISC, CISM, CISA, GIAC has more than 14 years of hands-on security and technology experience across government, healthcare, financial, education, and utility sectors. Tony founded VerSprite with the premise of redefining security services to a point that it reflects a hybrid and balanced approach in understanding client needs. Tony has consulted for numerous Fortune 500 organizations as well as large government entities within the areas of application security, security risk management, network security, and governance. Before VerSprite, Tony was the Sr. Director of Policy and Risk Management for a major Fortune 50 information service bureau. Tony's background in IT operations and software development, coupled with security operations, allows him to lead VerSprite with the mission of providing tailored, strategic solutions to its client base. Tony is a frequent speaker/ writer at ISACA, OWASP, and other information security forums around the world and is currently managing the Atlanta OWASP Chapter. He is also currently co-writing a book on application threat modeling via Wiley Life Sciences and has co-developed a patent pending methodology for risk based threat models. Tony is a graduate from Cornell University.
*You must be registered for the event to attend.
Please contact Alex at email@example.com or 651-587-4572 if you would like to sponsor a meeting or meeting location for an upcoming OWASP MSP meeting.
When & Where
The Open Web Application Security Project (OWASP) is an open community dedicated to enabling organizations to conceive, develop, acquire, operate, and maintain applications that can be trusted. All of the OWASP tools, documents, forums, and chapters are free and open to anyone interested in improving application security. We advocate approaching application security as a people, process, and technology problem because the most effective approaches to application security include improvements in all of these areas. The OWASP Minneapolis-St. Paul chapter was host to OWASP AppSec USA 2011 at the Minneapolis Convention Center September 20-23, 2011. Get the presentation material at http://www.appsecusa.org/.