Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Thursday, November 21 • 10:00am - 10:50am
Leveraging OWASP in Open Source Projects - CAS AppSec Working Group

Sign up or log in to save this to your schedule and see who's attending!

Tweet Share
Register
Video of session:
https://www.youtube.com/watch?v=Zf9xSsRHRNo&list=PLpr-xdpM8wG8ODR2zWs06JkMmlRiLyBXU&index=34

The CAS AppSec Working Group is a diverse volunteer team of builders, breakers, and defenders that is working to improve the security of Jasig CAS, an open source WebSSO project.  This presentation will show how the team is leveraging OWASP resources to improve security, provide security artifacts for potential adopters, and implementing policy and processes for vulnerability analysis and notification.  The story is significant in that it directly addresses OWASP A9 "Using components with Known Vulnerabilities / Secure Coding", and points towards a model that other open source projects could adopt.
Speakers
avatar for David Ohsie

David Ohsie

David came to EMC 2005 in its acquisition of SMARTS. At SMARTS, he devised and implemented the lastest version of its automated root cause analysis algorithm. David received his Phd in Computer Sciences from Columbia University in 1997. | | 4 years experience in product security assessment and architecture for EMC applications. David Ohsie works on authentication and security architecture for a number of software applications produced by the... Read More →
avatar for Bill Thompson

Bill Thompson

IAM Director, Unicon
Bill is the Director of the IAM Practice at Unicon, and leads a team of professionals providing IT consulting services to the Higher Education community with a focus on Identity and Access Management, CAS, Shibboleth, and Grouper. Prior to joining Unicon, Bill served as the Senior Associate Director for the Office of Development at Princeton University, providing leadership and direction for web application development, systems integration... Read More →
avatar for Aaron Weaver

Aaron Weaver

Principal Security Analyst, Pearson Education
Aaron Weaver is Principal Security Analyst at Pearson Education, the leading learning and publishing company. He has played various roles including software developer, system engineer, embedded developer to IT security. He also leads OWASP Philadelphia. Experience includes mobile security, web application security, penetration testing and embedded development. Aaron has also worked on developer and QA awareness to increase security in the... Read More →

Thursday November 21, 2013 10:00am - 10:50am
Salon 4 (5th Floor Ballroom) NY Marriott Marquis
  Management-Metrics

Attendees (26)