Dinis Cruz to Present at OWASP San Antonio: Friday August 13, 2010

The San Antonio chapter of OWASP is lucky to be hosting a special meeting with a presentation from OWASP Board Member Dinis Cruz on Friday August 13th, 2010.  Dinis is doing a whirlwind tour of US-based OWASP chapters to talk about two big topics:

1.    How OWASP Works / Guided Tour of OWASP Projects

2.    Using the O2 Platform to Consume OWASP Projects

More information below:

Sponsored by:

San Antonio OWASP Chapter: Fri. August 13, 2010

Topic: 1)How OWASP Works and Guided Tour of OWASP Projects /

           2) Using the O2 Platform to Consume OWASP projects

Presenter: Dinis Cruz

Date: Friday, August 13, 2010, 2010 11:30am – 1:00pm

Location:

San Antonio Technology Center (Web Room)

3463 Magic Drive

San Antonio, TX 78229


View Larger Map

 

Abstract:

1) How OWASP Works and Guided Tour of OWASP Projects – This presentation will focus on my experience in getting things done at OWASP, what resources are available and what types of initiatives should the local chapters be doing. In addition to a quick overview of a number of key OWASP projects, this talk will also provide a tutorial on how the OWASP WIKI (MediaWiki based) can be used as a database (using the MediaWiki templates technology)

2) Using the O2 Platform to Consume OWASP projects – This presentation will focus on how to consume the OWASP Wiki and a number of OWASP projects using the OWASP O2 Platform. The O2 Platform has powerful technology and capabilities for both BlackBox and WhiteBox analysis and this presentation will provide examples on how to use O2 with: WebGoat, WebScarab, Code Crawler, Dir Buster,  Testing Guide, Code Review Guide and OpenSAMM

The O2 Platform is focused on automating application security knowledge and workflows. It is specifically designed for developers and security consultants to be able to perform quick, effective and thorough ‘source-code-driven’ application security reviews (BlackBox + WhiteBox). In addition to the manual findings created/discovered by security consultants, the OWASP O2 Platform allows the easy consumption of results from multiple OWASP  projects and commercial scanning tools. This allows security consultants to find, exploit and automate (via Unit Tests) security vulnerabilities usually dismissed by the community as impossible to find/recreate. More importantly, it provides the Security Consultants a mechanism to: a) ‘talk’ with developers (via UnitTest) ,  b) give developers a way to replicate + “check if it’s fixed” the vulnerabilities reported and c) engage on a two-way conversion on the best way to fix/remediate those vulnerabilities.

 

Presenter Bio:

Dinis Cruz is a Security Consultant based in London (UK) and specialized in: ASP.NET/J2EE Application Security, Application Security audits and .NET Security Curriculum Development.

For the past years Dinis has focused on the field of Static Source Code analysis, from May 2007 to Dec 2009 he worked as a independent consultant for Ounce Labs (bought by IBM in July 2009) where during active security engagements using Ounce’s technology he developed the Open Source codebase which now is the foundation of the OWASP O2 Platform.

Dinis is currently focused on making the O2 Platform the industry standard for consuming, instrumenting and data-sharing between the multiple WebAppSec tools, the Security consultants and the final developers.

Dinis is a also active trainer on .Net security having written and delivered courses for IOActive, Foundstone, Intense School and KPMG (at multiple locations including BlackHat), and has delivered a number of presentations and keynote speeches at multiple OWASP and Security related conferences

At OWASP, Dinis is the leader of the OWASP O2 Platform project, member of the OWASP Global Projects Committee, chair of the OWASP Connections Committee and member of the OWASP Board.

Sodas and snacks will be provided.  Feel free to bring a brown-bag lunch.

 

Please RSVP: E-mail owasprsvp@denimgroup.com  or call (210) 572-4400.

–Dan

dan _at_ denimgroup.com

@danielcornell

Posted via email from Denim Group’s Posterous

About Dan Cornell

A globally recognized application security expert, Dan Cornell holds over 15 years of experience architecting, developing and securing web-based software systems. As the Chief Technology Officer and a Principal at Denim Group, Ltd., he leads the technology team to help Fortune 500 companies and government organizations integrate security throughout the development process. He is also the original creator of ThreadFix, Denim Group's industry leading application vulnerability management platform.
More Posts by Dan Cornell

Categories: Uncategorized

Leave a Reply

Your email address will not be published. Required fields are marked *