Difference between revisions of "Salt Lake"

From OWASP
Jump to: navigation, search
 
(56 intermediate revisions by the same user not shown)
Line 1: Line 1:
{{Chapter Template|chaptername=Salt_Lake|extra=The chapter leader is [mailto:dmitry.dessiatnikov@gmail.com Dmitry Dessiatnikov]
+
== ''The next meeting is scheduled for Thursday January 5th, 2017 in conjunction with [http://www.utahsec.org UtahSec]'' ==
  
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-Salt_Lake|emailarchives=http://lists.owasp.org/pipermail/owasp-Salt_Lake}}
 
  
== Local News ==
+
'''''Date:'''''
 +
 
 +
''' Thursday January 5th, 2017'''
 +
 
  
 +
'''''Time:'''''
  
== ''The next meeting is scheduled for  Thursday, May 2nd in conjunction with [http://www.utahsec.org UtahSec]'' ==
+
'''6 - 8 pm'''
  
  
'''''Date:'''''
+
'''''Meeting location:'''''
 +
 
 +
'''LDS Riverton Office Building'''
  
''' Thursday, May 2nd 2013'''
+
'''3740 W 13400 S'''
  
 +
'''Riverton, UT 84065'''
  
'''''Time:'''''
+
'''(Inform security guard at the front desk that you are attending OWASP)'''
  
'''6 - 8 pm'''
 
  
 +
'''''Presentations:'''''
  
'''''Meeting location:'''''
+
'''''"ISACA is presenting first.'''''"
  
'''440 S 700 E SLC, Suite 102'''
+
'''''"Followed by OWASP: How to integrate security into Agile SDLC using OWASP Application Security Verification Standard and how data is exfiltrated out of your web applications "'''''
  
 +
'''By Dmitry Dessiatnikov of Security Aim'''
  
'''''Presentation:'''''
+
'''''Agenda: '''''
  
'''''Practical Encryption and Privacy Tools'''''
+
OWASP Top 10 awareness document debuted in 2003, but it only covers top 10 risks, what about #11? Now in 2017 meet OWASP Application Security Verification Standard (ASVS) v.3.0.1.
  
'''Presenter: DC801'''
+
This is an introductory presentation about what OWASP ASVS is and how to use it to integrate security into the aspects of Agile software development process. Such activities as definition of security-focused user stories, both functional and non-functional requirements will be discussed. The presentation will cover how to inject security and privacy considerations into the early phases of the Agile software development process to address the risks of security bugs pushed to production during frequent releases.
  
'''Food Sponsor: HP'''
+
As a bonus we will discuss a Same Origin Policy bypass that allows data exfultration that most applications are not protected from.
  
'''Everyone is welcome to join us at our chapter meetings'''
+
''Everyone is welcome to join us at our chapter meetings'''
  
 
== Past Meetings ==
 
== Past Meetings ==

Latest revision as of 21:21, 1 January 2017

The next meeting is scheduled for Thursday January 5th, 2017 in conjunction with UtahSec

Date:

Thursday January 5th, 2017


Time:

6 - 8 pm


Meeting location:

LDS Riverton Office Building

3740 W 13400 S

Riverton, UT 84065

(Inform security guard at the front desk that you are attending OWASP)


Presentations:

"ISACA is presenting first."

"Followed by OWASP: How to integrate security into Agile SDLC using OWASP Application Security Verification Standard and how data is exfiltrated out of your web applications "

By Dmitry Dessiatnikov of Security Aim

Agenda:

OWASP Top 10 awareness document debuted in 2003, but it only covers top 10 risks, what about #11? Now in 2017 meet OWASP Application Security Verification Standard (ASVS) v.3.0.1.

This is an introductory presentation about what OWASP ASVS is and how to use it to integrate security into the aspects of Agile software development process. Such activities as definition of security-focused user stories, both functional and non-functional requirements will be discussed. The presentation will cover how to inject security and privacy considerations into the early phases of the Agile software development process to address the risks of security bugs pushed to production during frequent releases.

As a bonus we will discuss a Same Origin Policy bypass that allows data exfultration that most applications are not protected from.

Everyone is welcome to join us at our chapter meetings'

Past Meetings

OpenSAMM Project - Alan Jex - 3 Jan 2013

Alan discussed the Open Security Assurance Maturity Model (OpenSAMM) including his success at leveraging it to do a successful crawl/walk/run expansion of AppSec at his day job. HP hosted and served food (thanks!). Slides are available by clicking here.