OWASP San Antonio September: Agile and Secure

September’s OWASP meeting is going to be a sneak-preview of a talk that Denim Group folks are giving at the national OWASP AppSec 2006 conference.  This should be a great meeting.  Details are:

San Antonio

OWASP Chapter: September 2006 Meeting

Topic: Agile and Secure: Can We Be Both?

Date: 9/27/2006, 11:30am – 1:00pm

Location: San Antonio Technology Center

3463 Magic Drive

 

San Antonio, TX 78229

 

http://maps.google.com/maps?f=q&hl=en&q=3463+Magic+Drive,+San+Antonio,+TX+78229

Abstract:

Software development organizations find themselves being pulled in two directions. Agile software development methodologies such as eXtreme Programming and Scrum have allowed organizations to be more responsive to business concerns by involving the customer, increasing the pace of stable releases and decreasing the time required before new features are deployed. In addition, a more aggressive regulatory environment as well as an increased focus on security requires that organizations more reliably produce secure software applications. Traditional approaches to security and compliance are very top-down and document-centric, but these approaches often run counter to the spirit of agile software development methodologies.

This presentation examines the goals of both agility and security and discusses strategies for making the two compatible – or at least for minimizing the conflict between them. First, the fundamentals of secure software development are outlined to provide a baseline that any methodology – traditional or agile – must follow. The practices of agile development are examined from the viewpoint of providing security assurance. Potential modifications to those practices are discussed that provide an approach to creating the artifacts required for compliance and security assurance with a minimum of impact on the typically documentation-light agile development practices. Finally, the unavoidable conflicts between security and agility are discussed and recommendations are provided so that organizations can make the tough decisions appropriate to their environment in order to enforce the requisite amount of security while still remaining responsive to business concerns.

 Sodas and snacks will be provided. Feel free to bring a brown-bag lunch.

Please RSVP: E-mail owasprsvp _at_ denimgroup.com or call (210) 572-4400.

Hope to see folks there.  This should be one of our better-attended meetings so please RSVP.

–Dan
dan _at_ denimgroup.com

About Dan Cornell

A globally recognized application security expert, Dan Cornell holds over 15 years of experience architecting, developing and securing web-based software systems. As the Chief Technology Officer and a Principal at Denim Group, Ltd., he leads the technology team to help Fortune 500 companies and government organizations integrate security throughout the development process. He is also the original creator of ThreadFix, Denim Group's industry leading application vulnerability management platform.
More Posts by Dan Cornell

Leave a Reply

Your email address will not be published. Required fields are marked *