Minneapolis St Paul

Local News
Next meeting: Tuesday, October 16, 6:00pm at Metropolitan State University MNSCU, Minneapolis

Agenda October 16
6:00pm - Food, Introduction and optional sign-in for CISSP credits. 6:10pm - GSSP Certification initiative Gov/SANS (Joe Teff) 6:20pm - Continuous Testing (Andre Gironda) 7:05pm – Java Open Review OWASP project (Fredrick Lee) 7:50pm - Book Giveaway: (Secure Programming with Static Analysis) 7:55pm - Upcoming Events

Continuous Testing: Andre Gironda
Continuous testing presents methodologies and tools that developers, quality engineers, and security professionals can all share and use effectively to their own unique approach. The tools presented are cross-discipline, meaning they can be utilized by a developer as a development tool, by a qa-tester as a quality assurance tool, and by a vulnerability assessor as a security assurance tool. Whether you're trying to build better code faster, demonstrate the power of automated testing using a data-driven test framework, or find security-related defects - Continuous testing has something for you.

Java Open Review: OWASP & Fortify
Fortify has sought to develop a set of metrics that combine lessons learned from our experience working on various enterprise code bases and our work on the Java Open Review project. The metrics are designed to incorporate diverse criteria, including the size of the application, and the types of vulnerabilities identified. The metrics provide a mechanism to rate software components for security concerns and enable enterprises to: - Evaluate which open source projects offer an acceptable level of security - Compare competing open source software solutions based on their security - Measure internal development efforts against open source counterparts

Speaker Bios : Andre Gironda
Andre Gironda is an independent security researcher involved mostly in web application security projects. His recent contributions include the OWASP Top Ten 2007, OWASP Tools team, and speaking engagements at local OWASP events on topics ranging from automated scanning tools to problems with trusting the same-origin policy. Andre has worked for a number of companies in security-qa-developer or network testing roles, including labs deep within Cisco Systems and many years in an operations role at a major online auction site.

Speaker Bios: Fredrick Lee
Fredrick Lee is a member of Fortify Software's Security Research Group, where he manages the Java Open Review Project. Scanning the code of over 100 applications so far, Fredrick is helping assess and improve the security of open source software. Fredrick also helps the Security Research Group develop the secure coding rules that are used to run Fortify's suite of products. Prior to joining Fortify Software, Fredrick was a Senior Information Security Engineer at Bank of America, where he helped roll out a secure development framework, performed security assessments, and developed enterprise security solutions.

Fredrick graduated from the University of Oklahoma, with a BS in Computer Engineering.

Location:
Metropolitan State University, Minneapolis MEC Building, 2nd floor, Room M2800.

Check the .pdf map to see which building is the MEC building. I've waited for a meter (free after 6) but had the best success parking in the ramp, then crossing Hennepin (skyway) then crossing Spruce (street-level) the the MEC building.

Directions:
From West: Exit at Lyndale/Hennepin Avenue. Veer right following the Lyndale and Lyndale North signs. Once on Lyndale North, stay in one of the two right lanes until you reach the third stoplight (Hennepin Avenue). Turn right and follow Hennepin to the MCTC parking ramp on the left side of the street.

From East: I.394. Exit onto Dunwoody Blvd/Hennepin Avenue (Dunwoody Blvd. changes into Hennepin Avenue). Follow Hennepin to the MCTC parking ramp on the left side of the street.

From East: I.94. Exit onto Hennepin /Lyndale Avenue. At the first stoplight (Dunwoody Blvd.), turn left (Dunwoody Blvd. changes into Hennepin Avenue). Follow Hennepin to the MCTC parking ramp on the left side of the street.

Map here: http://www.metrostate.edu/bldgservices/location.html#mpls

Book Giveaway:
Thanks to Fortify for supplying a copy of the new book: Securing Software through Static Analysis by Brian Chess and Jacob West.  Thanks to Ray Kaplan for yet another book: SOA in Practice - The art of distributed system design by Nicolai Josuttis O'Reilly - 2007 There will be a drawing for any books. You must be present but you do not need to provide your contact information to win.

Upcoming Events:
OWASP Nov 12-15 at eBay in San Jose http://www.owasp.org/index.php/OWASP_%26_WASC_AppSec_2007_Conference Add your event here, Wiki registration is required. Approval of a new Chapter Leader, the passing of the password.

Food:
The food is provided by Integral Business Solutions. Bring an appetite.