Difference between revisions of "Podcast 40"

From OWASP
Jump to: navigation, search
m
m
 
(6 intermediate revisions by 2 users not shown)
Line 3: Line 3:
 
OWASP Interview with Rohit Sethi<br/>
 
OWASP Interview with Rohit Sethi<br/>
 
Recorded July 27, 2009<br/>
 
Recorded July 27, 2009<br/>
 +
Published Sept 23, 2009<br/>
  
 
  [http://itunes.apple.com/WebObjects/MZStore.woa/wa/viewPodcast?id=300769012 http://www.owasp.org/download/jmanico/itunes.jpg] [http://www.owasp.org/download/jmanico/podcast.xml https://www.owasp.org/images/d/d3/Feed-icon-32x32.png] [http://www.owasp.org/download/jmanico/owasp_podcast_40.mp3 mp3]
 
  [http://itunes.apple.com/WebObjects/MZStore.woa/wa/viewPodcast?id=300769012 http://www.owasp.org/download/jmanico/itunes.jpg] [http://www.owasp.org/download/jmanico/podcast.xml https://www.owasp.org/images/d/d3/Feed-icon-32x32.png] [http://www.owasp.org/download/jmanico/owasp_podcast_40.mp3 mp3]
Line 8: Line 9:
 
==Participants==
 
==Participants==
 
<ul>
 
<ul>
<li><b>Rohit Sethi,</b> Manager of Professional Services, Security Compass, is a specialist in threat modeling, application security reviews, and building security controls into the software development life cycle (SDLC). Mr. Sethi is a frequent guest speaker and instructor at several conferences, including RSA, Shmoocon, and CSI. He has written articles for Security Focus and the Web Application Security Consortium (WASC), and has been quoted as an expert in application security for ITWorldCanada and Computer World.
+
<li><b>Rohit Sethi,</b> Director of Professional Services, Security Compass, is a specialist in threat modeling, application security reviews, and building security controls into the software development life cycle (SDLC). Mr. Sethi is a frequent guest speaker and instructor at several conferences, including RSA, Shmoocon, and CSI. He has written articles for Security Focus and the Web Application Security Consortium (WASC), and has been quoted as an expert in application security for ITWorldCanada and Computer World.
 
At Security Compass, Rohit teaches students various topics on web application security in cities across North America. He has also managed and performed extensive threat analysis, source code reviews, and penetration testing for clients in financial services, utilities, telecommunications and healthcare. He is often consulted for his dual expertise in information security and software engineering.</li>
 
At Security Compass, Rohit teaches students various topics on web application security in cities across North America. He has also managed and performed extensive threat analysis, source code reviews, and penetration testing for clients in financial services, utilities, telecommunications and healthcare. He is often consulted for his dual expertise in information security and software engineering.</li>
 
</ul>
 
</ul>
 +
 +
[http://www.owasp.org/index.php/Category:OWASP_Security_Analysis_of_Core_J2EE_Design_Patterns_Project Click here to see the OWASP Project page]
 +
 +
==Questions==
 +
*  How did your team come up with the idea of writing this paper?
 +
*  How does the security analysis of Core J2EE patterns differ from the Core Security patterns book? Do we need both?
 +
*  Why did you choose the J2EE Core Design patterns and not the Gang of Four Design Patterns?
 +
*  What value does this analysis have? Who is actually going to use this stuff?
 +
*  How does this design pattern analysis differ from the most popular design-time security activity: threat modeling?
 +
*  The analysis doesn’t have a notion of “risk” –  it doesn’t articulate the difference between say an application on Intranet versus one on the Internet. 
 +
*  What are the next steps for this OWASP project?
 +
*  How can people contribute to the project?

Latest revision as of 14:28, 30 September 2009

OWASP Podcast Series #40

OWASP Interview with Rohit Sethi
Recorded July 27, 2009
Published Sept 23, 2009

itunes.jpg Feed-icon-32x32.png mp3

Participants

  • Rohit Sethi, Director of Professional Services, Security Compass, is a specialist in threat modeling, application security reviews, and building security controls into the software development life cycle (SDLC). Mr. Sethi is a frequent guest speaker and instructor at several conferences, including RSA, Shmoocon, and CSI. He has written articles for Security Focus and the Web Application Security Consortium (WASC), and has been quoted as an expert in application security for ITWorldCanada and Computer World. At Security Compass, Rohit teaches students various topics on web application security in cities across North America. He has also managed and performed extensive threat analysis, source code reviews, and penetration testing for clients in financial services, utilities, telecommunications and healthcare. He is often consulted for his dual expertise in information security and software engineering.

Click here to see the OWASP Project page

Questions

  • How did your team come up with the idea of writing this paper?
  • How does the security analysis of Core J2EE patterns differ from the Core Security patterns book? Do we need both?
  • Why did you choose the J2EE Core Design patterns and not the Gang of Four Design Patterns?
  • What value does this analysis have? Who is actually going to use this stuff?
  • How does this design pattern analysis differ from the most popular design-time security activity: threat modeling?
  • The analysis doesn’t have a notion of “risk” – it doesn’t articulate the difference between say an application on Intranet versus one on the Internet.
  • What are the next steps for this OWASP project?
  • How can people contribute to the project?