This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Tuesday, November 19 • 9:00am - 5:00pm
2 Day Pre-Conference Training: Running A Software Security Program On Open Source Tools

Sign up or log in to save this to your schedule and see who's attending!

2 Day Class running Monday Nov 18 and Tuesday Nov 19

Using the Software Assurance Maturity Model (OpenSAMM) as a framework, this course walks through the major components of a comprehensive software security program and highlights open source and other freely-available tools that can be used to help implement the activities involved in such a program. The focus of the course is on providing hands-on demonstrations of the tools with an emphasis on integrating tool results into the overall software security program. Featured tools include: ESAPI, Microsoft Web Protection Library, FindBugs, Brakeman, Agnitio, w3af, OWASP Zed Attack Proxy (ZAP), and ThreadFix as well as other educational resources from OWASP. Attendees should finish the course with a solid understanding of the various components of a comprehensive software security program as well as hands-on experience with a variety of freely-available tools that they can use to implement portions of these programs.
Outline: • So You Want To Roll Out A Software Security Program?
• The Software Assurance Maturity Model (OpenSAMM)
• ThreadFix: Overview
• Governance: Strategy and Metrics • ThreadFix: Reporting

• Governance: Policy and Compliance
• Governance: Education and Guidance • OWASP Development Guide
• OWASP Cheat Sheets
• OWASP Secure Coding Practices

• Construction: Threat Assessment
• Construction: Security Requirements
• Construction: Secure Architecture • ESAPI overview
• Microsoft Web Protection Library (Anti-XSS) overview

• Verification: Design Review • Microsoft Threat Analysis and Modeling Tool

• Verification: Code Review • FindBugs
• Brakeman
• Agnitio

• Verification: Security Testing • w3af
• OWASP Zed Attack Proxy (ZAP)

• Deployment: Vulnerability Management • ThreadFix: Defect Tracker Integration

• Deployment: Environment Hardening • Microsoft Baseline Security Analyzer (MBSA)

• Deployment: Operational Enablement • mod_security

avatar for Dan Cornell

Dan Cornell

CTO, Denim Group
A globally recognized application security expert, Dan Cornell holds over 15 years of experience architecting, developing and securing web-based software systems. As Chief Technology Officer and Principal at Denim Group, Ltd., he leads the technology team to help Fortune 500 companies and government organizations integrate security throughout the development process.

Tuesday November 19, 2013 9:00am - 5:00pm
Gotham (7th Floor) NY Marriott Marquis

Attendees (19)