ISSA LA & OWASP LA Sept Dinner Meeting: Register tonight at the venue
Wednesday, September 18, 2013 from 6:15 PM to 8:30 PM (PDT)
Topic: Demonstration of Common Web Vulnerabilities using WebGoat.NET
Developers cannot defend against unknown threats. Understanding vulnerabilities and security controls is an absolute necessity – not only for developers, but for Architects, QA and anyone else involved in the creation of software. This talk starts by making a strong argument for developer education, and how it fits into any organization’s SDLC. From there, we discuss other OWASP resources and projects dedicated to developer education, and an in-depth discussion of OWASP WebGoat.NET – an ASP.NET specific re-design of OWASP which meets the needs and addresses the challenges of modern application security training programs.
Speaker: Jerry Hoff
Jerry Hoff is the VP of the Static Code Analysis Divison at WhiteHat Security where he oversees the development of WhiteHat’s cloud-based static application security testing (SAST) service. Prior to WhiteHat, Mr. Hoff was co-founder and managing partner of Infrared Security, a leading application security professional services firm. Jerry has worked at a number of financial institutions such as Morgan Stanley and has 15+ years of application security, web development and technical instruction experience. Jerry is highly involved in OWASP as is the lead of the OWASP Appsec Tutorial Series, which has garnered over 170,000 views and 2,800 subscribers. He is also the project lead of the security training tool WebGoat.NET and AntiSamy .NET, a rich-text input validator.
Sponsors: Trend Micro and Checkmarx
Trend Micro Incorporated, a global leader in security software, strives to make the world safe for exchanging digital information. Our solutions for consumers, businesses and governments provide layered content security to protect information on mobile devices, endpoints, gateways, servers and the cloud. Trend Micro enables the smart protection of information, with innovative security technology that is simple to deploy and manage, and fits an evolving ecosystem. Leveraging these solutions, organizations can protect their end users, their evolving data center and cloud resources, and their information threatened by sophisticated targeted attacks. All of solutions are powered by cloud-based global threat intelligence, the Trend Micro™ Smart Protection Network™, and are supported by over 1,200 threat experts around the globe. For more information, visit www.trendmicro.com.
Checkmarx provides the best way for organizations to introduce security into their Software Development Lifecycle (SDLC) which systematically eliminates software risk. The product enables developers and auditors to easily scan un-compiled / un-built code in all major coding languages and identify its security vulnerabilities. Static Code Analysis (SCA) delivers security and the requirement of incorporating security into the software development lifecycle (SDLC). It is the only proven method to cover the entire code base and identify all the vulnerable areas in the software. In static code analysis the entire code base is abstracted and all code properties and code data-flows are exposed. With Checkmarx's CxSuite, auditors and developers have immediate access to the code analysis results and remediation advice. We provide user friendly, high productivity, flexible and accurate risk intelligence platform that ensures your application remains hacker-proof. For more information, visit www.checkmarx.com.
Register early online before the Monday prior to the the event, and get a $5 discount!
ISSA-LA Members & Members of other ISSA chapters, OWASP, ISC2, CSA & Students: $30