Virginia

Last Month
In April we had two good talks/discussions:

- SANS Software security institute and the GSSP certification. Ed Tracy is an Associate of Booz Allen. Ed has been very involved with the SANS software security activities and the creation of the GSSP-J certification which is the first of its kind. We had a great discussion about what SANS is doing and some of the challenges in putting together this exam.

- "Building Usable Security" by Zed Abbadi. Zed believes that one of the main reasons why application security violations continue to rise is the fact that many deployed security mechanism are not user friendly, limiting their effectiveness. He had some good examples.

I mentioned a useful Web site one of the participants recent stood up to help those in the NoVA area be aware of local infosec events. Here is the link:

http://www.novainfosecportal.com/

Next Meeting
Our next meeting will be on 8 May from 6-9pm at the Booz Allen Herndon facility.

- Attend a private viewing of the film, “The New Face of CyberCrime,” by Academy Award-nominated Filmmaker Fredric Golding. This revealing documentary features candid interviews with criminal hackers and those industry executives taking steps against their persistent attacks. The film is 20 minutes in length and we will follow up with discussion.

- “Integrating Security Into the QA Group”, Robert Rachwald, Director of Product Management, Fortify Software.

Abstract: Until recently, Web Application Testing was left to security teams and ethical hackers who used advanced tools, such as Web application scanners, to analyze running Web applications. However, security groups are becoming overburdened by product releases, and many organizations are attempting to move security testing earlier in the development cycle. The QA group is a natural candidate, since it generally has the infrastructure in place to test applications for quality issues. However, for many organizations, integrating security into the QA group has been incredibly difficult. The process of running a security test is a learned skill, and not something one can teach a QA tester in a matter of days. On top of that, most security testing tools were designed for penetration testers (since they require an in-depth knowledge of application security theory) and are not generally usable by QA professionals. As a result, very few QA groups have successfully adopted security testing. Rob is a 10-year veteran of the high tech industry. Rob started his tech career at Intel, where he worked on automating their complex supply chain. Rob managed U.S. product marketing for Commerce One and managed their marketing efforts in Asia Pacific. Rob, then, managed marketing for Coverity and joined Fortify as the Director of Product Marketing focusing on security and financial services.

Pizza is being provided by Fortify this month. If you need/want to provide a contribution, you can. If you plan on attending, RSVP so I can get you badge processing started.

Directions
To Booz Allen's One Dulles facility:

13200 Woodland Park Road Herndon, VA 20171

From Tyson's Corner:

1. Take LEESBURG PIKE / VA-7 WEST 2. Merge onto VA-267 WEST / DULLES TOLL ROAD (Portions Toll) 3. Take the VA-657 Exit (Exit Number 10 towards Herndon / Chantilly) 4. Take the ramp toward CHANTILLY 5. Turn Left onto CENTERVILLE ROAD (at end of ramp) 6. Turn Left onto WOODLAND PARK ROAD (less than 1⁄2 mile) 7. End at 13200 WOODLAND PARK ROAD