Back To Schedule
Monday, November 18 • 9:00am - 5:00pm
2 Day Pre-Conference Training: Running A Software Security Program On Open Source Tools

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

2 Day Class running Monday Nov 18 and Tuesday Nov 19

Using the Software Assurance Maturity Model (OpenSAMM) as a framework, this course walks through the major components of a comprehensive software security program and highlights open source and other freely-available tools that can be used to help implement the activities involved in such a program. The focus of the course is on providing hands-on demonstrations of the tools with an emphasis on integrating tool results into the overall software security program. Featured tools include: ESAPI, Microsoft Web Protection Library, FindBugs, Brakeman, Agnitio, w3af, OWASP Zed Attack Proxy (ZAP), and ThreadFix as well as other educational resources from OWASP. Attendees should finish the course with a solid understanding of the various components of a comprehensive software security program as well as hands-on experience with a variety of freely-available tools that they can use to implement portions of these programs.
Outline: • So You Want To Roll Out A Software Security Program?
• The Software Assurance Maturity Model (OpenSAMM)
• ThreadFix: Overview
• Governance: Strategy and Metrics • ThreadFix: Reporting

• Governance: Policy and Compliance
• Governance: Education and Guidance • OWASP Development Guide
• OWASP Cheat Sheets
• OWASP Secure Coding Practices

• Construction: Threat Assessment
• Construction: Security Requirements
• Construction: Secure Architecture • ESAPI overview
• Microsoft Web Protection Library (Anti-XSS) overview

• Verification: Design Review • Microsoft Threat Analysis and Modeling Tool

• Verification: Code Review • FindBugs
• Brakeman
• Agnitio

• Verification: Security Testing • w3af
• OWASP Zed Attack Proxy (ZAP)

• Deployment: Vulnerability Management • ThreadFix: Defect Tracker Integration

• Deployment: Environment Hardening • Microsoft Baseline Security Analyzer (MBSA)

• Deployment: Operational Enablement • mod_security

avatar for Dan Cornell

Dan Cornell

CTO, Denim Group
A globally recognized application security expert, Dan Cornell holds over 20 years of experience architecting, developing and securing web-based software systems. As Chief Technology Officer and Principal at Denim Group, Ltd., he leads the technology team to help Fortune 500 companies... Read More →

Monday November 18, 2013 9:00am - 5:00pm EST
Gotham (7th Floor) NY Marriott Marquis

Attendees (0)