OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.
Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member?
Our next meeting is June 20, 2012, 5:00 - 7:00 pm NYSTEC 540 Broadway 3rd Floor, Albany, New York.
Since we will be serving refreshments, please RSVP no later than June 18, 2012 to me at the link above by clicking on Susanna Bezold.
I am pleased to announce Mr. Brian Miller, Product Line Manager, HP Enterprise Security will be speaking on the topic: Gray, the New Black: Gray-Box Vulnerability Testing.
Brian Miller is the Product Line Manager of Enterprise Dynamic Security as part of the Enterprise Security division at Hewlett-Packard. In this role, Brian is responsible for providing large scale dynamic security testing products for organizations. Previously Brian held the position of Technical Product Manager for dynamic security testing tools such as WebInspect, QAInspect, DevInspect (hybrid), and AMP. Brian joined the HP team as part of the SPI Dynamics acquisition in 2007. Prior to product management, Brian was a software developer for 10 years and holds a B.S. from Kennesaw State University and is currently obtaining an M.B.A. from the Georgia Institute of Technology.
Over the years, two key techniques have emerged as the most effective for finding security vulnerabilities in software: Dynamic Application Security Testing (DAST) and Static Application Security Testing (SAST). While DAST and SAST each possess unique strengths, the “Holy Grail” of security testing is thought to be “hybrid” – a technique that combines and correlates the results from both testing methods, maximizing the advantages of each. Until recently, however, a critical element has been missing from first generation hybrid solutions: information about the inner workings and behavior of applications undergoing DAST and SAST analysis.
This presentation will introduce you to the next generation of hybrid security analysis – what it is, how it works, and the benefits it offers. It will also address (and dispel) the claims against hybrid, and leave you with a clear understanding of how the new generation of hybrid will enable organizations to resolve their most critical software security issues faster and more cost-effectively than any other available analysis technology.
Please feel free to contact me by clicking on Susanna Bezold above if you have questions.
Special thanks to those at NYSTEC and HP.
Thank you and look forward to meeting you.
Susanna Bezold, CISSP, CISA, CISM Chapter Founder and Leader