Date: July 12th, 2011

Time: 6:00 – 9:00 PM

Location: Quarry Oaks Atrium, Bldg. 2 – 2nd Fl., 10900 S. Stonelake Blvd. Austin, TX  78759

Speaker: James Wickett, OWASP Austin Chapter Vice President, http://theagileadmin.com

Speaker: Matt Tesauro, OWASP Board Member and WTE Project Lead, http://praetorian.com

Title: Building Security into the Next Iteration

Description

The implicit requirement of be secure is simply not good enough. But how can we implement security requirements while maintaining our nimbleness, short code sprints, and tight budgets? There is a movement in the security community that is gaining traction wherein the goal is not ‘security’ features but to produce Rugged Software. Once exposed to the Internet, complex multi-tenant Web systems encounter a wide range of input from a variety of sources but still have to be long running and behave resiliently in the face of failures.

Using the OWASP Web Test Environment (WTE) we will demo open source tools and projects and show best practices and examples to design and test your software for ruggedness. The OWASP Web Test Environment (WTE) is a free, publicly available, pre-configured security testing environment built for developers of web apps. Two years and over 300,000 downloads later, OWASP WTE has enabled security developers and professionals to amp up their testing game. Utilizing the tools available from OWASP WTE, you can incorporate security testing into your next iteration.

Speaker Bio

James graduated from the University of Oklahoma in 2004 with a BBA in MIS, where he also ran a Web startup company. He joined the IT division of National Instruments, where he helped run the NI Web site, ni.com, for several years. In 2007 he moved on to lead the Web division of a rapidly growing local publisher, Community Impact. In 2010, he came back to NI, this time to the LabVIEW R&D group, where he leads up security and operations for several cloud-based SaaS products. Over the last several years, James has been involved in the Austin chapter of OWASP as the Chapter President (2007-2009) and as the Chapter VP (2010-present). With his involvement in OWASP, he also co-chaired the Lonestar Application Security Conference (LASCON) which was the first OWASP conference in Austin. He is a security expert, bearing CISSP, GCFW, GWAS, and CCSK certifications.

Matt Tesauro has been involved in the Information Technology industry for more than 10 years. Prior to joining Praetorian, Matt was a Security Consultant at Trustwave’s Spider Labs. Matt’s focus has been in application security including testing, code reviews, design reviews and training. His background in web application development and system administration helped bring a holistic focus to Secure SDLC efforts he’s driven. He has taught both graduate level university courses and for large financial institutions. Matt has presented and provided training a various industry events including DHS Software Assurance Workshop, AppSec EU, AppSec US, AppSec Academia, and AppSec Brazil. Matt is currently on the board of the OWASP Foundation and highly involved in many OWASP projects and committees. Matt is the project leader of the OWASP WTE (Web Testing Environment) which is the source of the OWASP Live CD Project and Virtual Machines pre-configured with tools and documentation for testing web applications. Industry designations include the Certified Information Systems Security Professional (CISSP) and Certified Ethical Hacker (CEH). Matt Tesauro has a B.S. in Economics and a M.S in Management Information Systems from Texas A&M University.

Additional Information

Cost: Free

Map & Directions: Quarry Oaks Atrium in located off Braker Ln between 183 and Mopac.

From 183: exit Braker Ln West, turn left at W. Balcones Center Dr.

From Mopac: exit Braker Ln East, turn right at W. Balcones Center Dr.

More Info: info@AgileAustin.org

Agenda:                       Sign-in and Networking 6:00 – 6:30 PM

Announcements, Presentation 6:30 – 8:00 PM

Q&A and Networking 8:00 – 8:15 PM

SIG Open Space 8:15 – 9:00 PM

Proof of Attendance forms will be provided for PMI (PDU), ASQ (RU) and PDMA (PDH) re-certifications

To pre-register for this event and skip the lines, go to https://spreadsheets.google.com/spreadsheet/viewform?formkey=dHlpWWEzb3IxRmpRYUtzSmhJbHVVUlE6MA before 5:00 pm on the day of the event.  You can also register at the event.