Web Application Remediation – OWASP San Antonio Meeting Tomorrow

I will be presenting to the San Antonio chapter of OWASP tomorrow.  The topic is Web Application Remediation.  The abstract for the talk is:

What do you do when the dust settles after a web application assessment or penetration test? You know you have applications with vulnerabilities and you know your organization is exposed to risks. How do you go about addressing these risks while still making progress on an already aggressive development schedule? What issues need to be fixed and which can be ignored until later.

This presentation will discuss strategies for organizations remediating vulnerable web applications. It focuses on practical concerns for planning and executing a successful remediation effort.

  • Classifying risks and ranking the severity of web application vulnerabilities using tools such as STRIDE and DREAD
  • Making challenging tradeoff decisions about which vulnerabilities to address and which risks to live with
  • Planning and executing remediation tasks and integrating these with existing project plans and timelines
  • Integrating lessons learned from the assessment and remediation back into your organization’s SDLC

The presentation will be at the San Antonio Technology Center in the Web Room and will run from 11:30am through 1:00pm.  The event is open to all so feel free to attend and bring anyone who might be interested.

–Dan
dan _at _denimgroup.com

About Dan Cornell

A globally recognized application security expert, Dan Cornell holds over 15 years of experience architecting, developing and securing web-based software systems. As the Chief Technology Officer and a Principal at Denim Group, Ltd., he leads the technology team to help Fortune 500 companies and government organizations integrate security throughout the development process. He is also the original creator of ThreadFix, Denim Group's industry leading application vulnerability management platform.
More Posts by Dan Cornell

Leave a Reply

Your email address will not be published. Required fields are marked *