June 2012 - Is There An End to Testing Ourselves Secure?

IMPORTANT:

Please sign in for the meeting in the lobby of the 5th floor!

GOT2MEETING DETAILS::

1. Please join my meeting, Thursday, June 21, 2012 at 6:00 PM Eastern Daylight Time.

https://www3.gotomeeting.com/join/350499566

2. Join the conference call:

United States (toll-free): 1 877 568 4106

United States: +1 (510) 201-0319

ABSTRACT::
Despite years of research on best practices to integrate security into the early phases of the SDLC, most organizations rely on static analysis, dynamic analysis, and penetration testing as their primary means of eliminating vulnerabilities. This approach leads to discovering vulnerabilities late in the development process, thereby either causing project delays or risk acceptance. Neither option is particularly appealing.
This talk is an open discussion about the presence, if any, of scalable, measureable, approaches working to address security into the SDLC. Consideration for how Agile development impacts effectiveness will be explored.

Points of discussion include:

• Is static analysis sufficient?
• Developer awareness training
• Threat modeling / architecture analysis
• Secure requirements
• Considerations for procured applications

WHO:: Rohit Sethi
Vice President, Product Development, SD Elements

SPEAKER BIO:
Rohit Sethi is a specialist in building security controls into the software development life cycle (SDLC). Rohit is a SANS course developer and instructor on Secure J2EE development. He has spoken and taught at FS-ISAC, RSA, OWASP, Shmoocon, CSI National, Sec Tor, Infosecurity New York and Toronto, TASK, the ISC2's Secure Leadership series conferences, and many others. Mr. Sethi has written articles for Dr. Dobb's Journal, TechTarget, Security Focus and the Web Application Security Consortium (WASC), and he has been quoted as an expert in application security for ITWorldCanada and Computer World. He also leads the OWASP Design Patterns Security Analysis project.