DISA's Application Security and Development STIG: How OWASP Can Help You

The presentation
In July 2008, the Defense Information Systems Agency (DISA) released the first enforceable version of its Application Security and Development (ASD) Security Technical Implementation Guide (STIG). The ASD STIG is a series of application security requirements that apply to "all DoD developed, architected, and administered applications and systems connected to DoD networks." Learn about this new ASD STIG and get a head start for your organization's compliance! What is the ASD STIG? What are the common pitfalls in developing a compliant application? How can effective and efficient validation testing be performed? Jason Li of Aspect Security will be presenting his experiences doing ASD STIG validation testing and point out OWASP resources that can help organizations with addressing the ASD STIG.

The speaker
Jason Li is a Senior Application Security Engineer for Aspect Security where he has performed numerous ASD STIG validation tests of a variety of applications. In addition, he performs application security assessments and architecture reviews, as well as application security training, to a wide variety of financial and government customers. Jason is an active OWASP leader, contributing to several OWASP projects and serving on the OWASP Global Projects Committee. He holds a Post-Masters certificate in Computer Science and concentration in Information Security from Johns Hopkins University and a Masters degree in Computer Science from Cornell University.