San Antonio OWASP Chapter: October 21, 2009
Topic: Rolling Out an Enterprise Source Code Review Program
Presenter: Dan Cornell, Principal at Denim Group
Date: October 21, 2009 11:30 a.m. – 1:00 p.m.
San Antonio Technology Center (Web Room)
3463 Magic Drive
San Antonio, TX 78229
Source code review technology has rapidly advanced over the past several years and offers great promise of helping organizations detect and address software security defects. However, many organizations stumble as they try to roll out these technologies because they fail to understand the people and process issues that must also be addressed. This talk will present lessons learned from the creation of several enterprise source code review programs, including: identifying all sources of custom code in an organization including custom extensions to ERP systems and enterprise portals, selecting the first round of applications to scan and successfully interpreting results and driving resolution to identified issues.
Dan Cornell has over ten years of experience architecting and developing web-based software systems. As CTO of Denim Group, he leads the organization’s technology team overseeing methodology development and project execution for Denim Group’s customers. He also heads the Denim Group security research team, investigating the application of secure coding and development techniques to the improvement of web-based software development methodologies.
Dan Cornell has performed as the CTO of BrandDefense, as founder and Vice President of Engineering for Atension prior to its acquisition by Rare Medium, Inc. and as the Vice
President, Global Competency Leader for Rare Medium’s Java and Unix Competency Center. Cornell has also developed simulation applications for the Air Force with Southwest
Dan was the founding coordinator and chairman for the Java Users Group of San Antonio (JUGSA) and is currently the chapter leader of the San Antonio chapter of the Open Web Application Security Project (OWASP). He is a recognized expert in the area of web application security for SearchSoftwareQuality.com and the primary author of Sprajax, Denim Group’s open source tool for assessing the security of AJAX-enabled web applications.
Sodas and snacks will be provided. Feel free to bring a brown-bag lunch.
Please RSVP: E-mail firstname.lastname@example.org or call (210) 572-4400.