OWASP EU Summit in Portugal: Thursday

IMG_2162

I must admit – by Thursday I was feeling a little rough.  Mostly because of the two evening soccer (football?) games.  That’s far too much running in too short a period of time for me.  Regardless, Thursday shaped up to be another great day with some great project presentations and working groups.  Projects I saw Thursday included:

  • James Walden – Source Code Review Project – The Open Review Project (ORPRO) has been working with James Walden and his folks to get all OWASP projects run through at least an automated security source code review.  James presented on his work over the summer getting workflows set up and working with the automated review platform.
  • Stephan Evans – Securing WebGoat with mod_security – This was a very interesting presentation on how to address the security vulnerabilities in WebGoat using mod_security rules.  It was cool to see how Lua scripting can be used to address issues that go beyond the typical technical vulnerabilities like SQL injection and cross site scripting (XSS).
  • Arturo Busleiman – Enigform and mod_OpenPGP Project – This is an interesting approach to securing web communications that leverages the PGP infrastructure rather than relying on SSL.
  • Marcin Wielgoszewski – AntiSamy.NET Project – This is a port of the AntiSamy project to work for .NET environments.

Working groups I attended were:

  • Intra-Government Working Group – Lots of great ideas here in two areas.  First – how to get OWASP involved with governmental standards bodies so that we can act as a resource as well as influence standards and practices.  Second – how to better communicate with government consumers on how to best use OWASP resources to make their infrastructures safer.
  • OWASP Strategic Planning –  Too many topics to mention here – the results should be coming out in a press release and a summary of the event.
  • Chapter Leaders Working Group – It was great to have an opportunity to interact with chapter leaders running chapters in a variety of state of maturity.  Certainly lots of good suggestions that I can bring back to use for the San Antonio chapter.

Mercifully, the Chapter Leaders session ran all the way until our late dinner time so we couldn’t play another game of soccer.

–Dan
dan _at_ denimgroup.com

About Dan Cornell

A globally recognized application security expert, Dan Cornell holds over 15 years of experience architecting, developing and securing web-based software systems. As the Chief Technology Officer and a Principal at Denim Group, Ltd., he leads the technology team to help Fortune 500 companies and government organizations integrate security throughout the development process. He is also the original creator of ThreadFix, Denim Group's industry leading application vulnerability management platform.
More Posts by Dan Cornell

Leave a Reply

Your email address will not be published. Required fields are marked *