Skip to content

Harnessing the Security Champion Model && Codeburner

J
Hosted By
John D. and 3 others
Harnessing the Security Champion Model && Codeburner

Details

Agenda

6:00-6:30pm - Gather and mingle

(Food & Beverages provided courtesy of Checkmarx)

6:30-7:00pm - Intro and chapter business

7:00-7:50pm - Harnessing the Security Champion Model (Joe Blanchard)

8:00-8:50pm - Codeburner - security-focused static code analysis for everyone (Alex Lock)

Harnessing the Security Champion Model

Security Champions have been a common tool amongst enterprises big and small and purpose has ranged from simple scan monkey to fully fledge security warrior. We’ll identify the extremes and discuss the middle ground with a dive into the tools, structure and support that Morningstar has invested into its global security champion program.

Bio: Joe Blanchard is a Senior Information Security Analyst with Morningstar Inc. Having originally started as a developer before transitioning to the dark side of INFOSEC, he has played on both ends of the dial. Joe has spent time working for both the Department of Defense and Financial industries. Pie > Cake.

Codeburner - security-focused static code analysis for everyone

Codeburner is an open source tool developed by the AppSec team at Groupon to answer a simple question: “how can a small security team stay on top of static analysis for a large, globally distributed development organization?”. Sure, you can fire off a bunch of scripts at the end of every CI build, but what do you actually DO with all those results?

Leveraging the OWASP pipeline project, Codeburner performs static analysis on your code using a variety of open source and commercial security scanning tools and provides a unified interface for triaging and acting on the results. Some key features include:

• Asynchronous scanning (via sidekiq) that scales

• Advanced false positive filtering

• Publish issues via GitHub or JIRA

• Track statistics and graph security trends in your applications

• Full REST API for extension and integration with other tools, CI processes, etc.

In this session the primary author of Codeburner, Alex Lock, will cover the genesis of the project and a do a deep dive on the technologies involved behind the scenes, as well as provide a walkthrough of the basic functionality and workflows that can get you started integrating Codeburner in your own environment.

This months sponsor is:

http://photos1.meetupstatic.com/photos/event/a/7/6/600_448922678.jpeg

Events in Chicago, IL
Photo of OWASP Chicago Chapter group
OWASP Chicago Chapter
See more events
OWASP Chicago Chapter
Photo of OWASP Chicago Chapter group
22 W Washington St · Chicago, IL
Photo of OWASP Chicago Chapter group
OWASP Chicago Chapter
public group