OWASP Pittsburgh Chapter Q2 MeetUp
Details
OWASP Pittsburgh Chapter Q2 MeetUp
Topic:
Security Code Review - A Radical Departure from everything you know and love [to hate] about code review. How can you change the way you apply source code review using modern and freely available tools in order to provide high-quality review. What, specifically, can you do to avoid the critical flaws we commonly find? How do you scale the effort up to an Enterprise worth of applications? … And down to the space in which a 2 week sprint lives? … Apply it to continuous deployment?
Presenters:
John Steven - CTO
John’s expertise runs the gamut of software security from threat modeling and architectural risk analysis, through static analysis (with an emphasis on automation), to security testing. He has been leading source code analysis for over 15 years, reviewing everything from kernels, to hypervisors and virtual machines, to massive 20+MLoC web sites and mobile apps. He’s researched static analysis tools and aspect compilers extensively and helped design and build the HP/Fortify SCA tool. As a software developer he’s led design and development of security services and business-critical production applications for large organizations in a range of verticals. As a consultant, John has provided strategic direction to many multi-national corporations, and his keen interest in automation keeps Cigital technology at the cutting edge. He has served as co-editor of the Building Security In department of IEEE Security & Privacy magazine, and as the leader of the Northern Virginia OWASP chapter. He speaks regularly at conferences and trade shows.
Kevin Glavin – Senior Consultant
Kevin Glavin is a Senior Consultant who has over 10 years of experience in a variety of roles including Lead Developer, Software Assurance Specialist, and Software Security Analyst. Kevin has worked with a number of Fortune 250 and multi-national companies, as well as government agencies. As a consultant at Cigital, he has led secure code review, penetration testing (hardware, software, and network), and architectural risk analysis of systems built from a few thousand lines of code to systems containing tens of millions of lines of code. He specializes in integrating security testing techniques into existing tools and SDLC methodologies, and leveraging DevOps practices for consistency and agility.
