addressalign-toparrow-leftarrow-rightbackbellblockcalendarcameraccwchatcheckchevron-downchevron-leftchevron-rightchevron-small-downchevron-small-leftchevron-small-rightchevron-small-upchevron-upcircle-with-checkcircle-with-crosscircle-with-pluscrossdots-three-verticaleditemptyheartexporteye-with-lineeyefacebookfolderfullheartglobegmailgoogleimageimagesinstagramlinklocation-pinmagnifying-glassmailminusmoremuplabelShape 3 + Rectangle 1outlookpersonplusprice-ribbonImported LayersImported LayersImported Layersshieldstartickettrashtriangle-downtriangle-uptwitteruseryahoo

June 2012 - Is There An End to Testing Ourselves Secure?

  • Jun 21, 2012 · 6:00 PM
  • This location is shown only to members


Please sign in for the meeting in the lobby of the 5th floor!


1. Please join my meeting, Thursday, June 21, 2012 at 6:00 PM Eastern Daylight Time.

2. Join the conference call:

United States (toll-free):[masked]

United States: +1 (510)[masked]

Despite years of research on best practices to integrate security into the early phases of the SDLC, most organizations rely on static analysis, dynamic analysis, and penetration testing as their primary means of eliminating vulnerabilities. This approach leads to discovering vulnerabilities late in the development process, thereby either causing project delays or risk acceptance. Neither option is particularly appealing.
This talk is an open discussion about the presence, if any, of scalable, measureable, approaches working to address security into the SDLC. Consideration for how Agile development impacts effectiveness will be explored.

Points of discussion include:
- Is static analysis sufficient?
- Developer awareness training
- Threat modeling / architecture analysis
- Secure requirements
- Considerations for procured applications

WHO:: Rohit Sethi
Vice President, Product Development, SD Elements

Rohit Sethi is a specialist in building security controls into the software development life cycle (SDLC). Rohit is a SANS course developer and instructor on Secure J2EE development. He has spoken and taught at FS-ISAC, RSA, OWASP, Shmoocon, CSI National, Sec Tor, Infosecurity New York and Toronto, TASK, the ISC2's Secure Leadership series conferences, and many others. Mr. Sethi has written articles for Dr. Dobb's Journal, TechTarget, Security Focus and the Web Application Security Consortium (WASC), and he has been quoted as an expert in application security for ITWorldCanada and Computer World. He also leads the OWASP Design Patterns Security Analysis project.

Join or login to comment.

  • A former member
    A former member

    As a marketing person I learned a lot about secure SDLC plus more on how it fits into SCRUM and AGILE. This information increases my ability to influence business prospects decisions on interactive internet marketing and website development.

    June 22, 2012

  • Dan M.

    Good discussion and presentation to spark the interest of the user community.

    June 22, 2012

  • Brooks G.

    Excellent presentation on the need to shift application security away from reactive posture and into proactive. Rohit did an excellent job of guiding and promoting discussion rather than simply presenting a slide deck. Overall a great night.

    June 22, 2012

  • Shauvik Roy C.

    Rohit's twitter handle is @rksethi

    June 21, 2012

28 went

Our Sponsors

  • MailChimp

    Food, Location, and Financial Support! Thanks MailChimp!

  • VerSprite

    Meetup site sponsor for 2014 and WebEx sponsor for remote meetings.

  • Checkmarx

    Financial Sponsorship of ATL Chapter

People in this
Meetup are also in:

Sign up

Meetup members, Log in

By clicking "Sign up" or "Sign up using Facebook", you confirm that you accept our Terms of Service & Privacy Policy