Back To Schedule
Thursday, November 21 • 10:00am - 10:50am
Leveraging OWASP in Open Source Projects - CAS AppSec Working Group

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Video of session:

The CAS AppSec Working Group is a diverse volunteer team of builders, breakers, and defenders that is working to improve the security of Jasig CAS, an open source WebSSO project.  This presentation will show how the team is leveraging OWASP resources to improve security, provide security artifacts for potential adopters, and implementing policy and processes for vulnerability analysis and notification.  The story is significant in that it directly addresses OWASP A9 "Using components with Known Vulnerabilities / Secure Coding", and points towards a model that other open source projects could adopt.

avatar for David Ohsie

David Ohsie

David came to EMC 2005 in its acquisition of SMARTS. At SMARTS, he devised and implemented the lastest version of its automated root cause analysis algorithm. David received his Phd in Computer Sciences from Columbia University in 1997.4 years experience in product security assessment... Read More →
avatar for Bill Thompson

Bill Thompson

IAM Director, Unicon
Bill is the Director of the IAM Practice at Unicon, and leads a team of professionals providing IT consulting services to the Higher Education community with a focus on Identity and Access Management, CAS, Shibboleth, and Grouper. Prior to joining Unicon, Bill served as the Senior... Read More →
avatar for Aaron Weaver

Aaron Weaver

Principal Security Analyst, Pearson Education
Aaron Weaver is Principal Security Analyst at Pearson Education, the leading learning and publishing company. He has played various roles including software developer, system engineer, embedded developer to IT security. He also leads OWASP Philadelphia. Experience includes mobile... Read More →

Thursday November 21, 2013 10:00am - 10:50am EST
Salon 4 (5th Floor Ballroom) NY Marriott Marquis

Attendees (0)