OWASP STL Meetup, Thur July 12th

Join us for an evening of networking, tech talks, DRINKS and pool. Come as you are and bring a friend.

6:00pm - Tour w/ the Brewmaster

6:30pm - Social/Networking (Food & Beverages PROVIDED)

7:00pm - Secure Devops

Presented by Eric Johnson -Principal Security Engineer, Puma Security

DevOps is changing the way that organizations design, build, deploy and operate online systems. Engineering teams are making hundreds, or even thousands, of changes per day, and traditional approaches to security are struggling to keep up. Security must be reinvented in a DevOps world and take advantage of the opportunities provided by continuous integration and delivery pipelines.

In this talk, we start with a case study of an organization trying to leverage the power of Continuous Integration (CI) and Continuous Delivery (CD) to improve their security posture. After identifying the key security checkpoints in the pre-commit, commit, acceptance, and deployment lifecycle phases, we will explore how unit testing and static analysis fit into DevSecOps. Live demonstrations will show how to identify vulnerabilities pre-commit inside the Visual Studio development environment, and how to enforce security unit tests and static analysis in a Jenkins continuous integration (CI) build pipeline. Attendees will walk away with a better understanding of how security fits into DevOps, and an open source .NET static analysis engine to help secure your organization’s applications.

Break

8:00pm - Could a few lines of code it all up!

Presented by: Igor Matlin - Director Product Evangelism, Checkmarx

Recently, an anonymous open source developer decides to remove his code (left-pad) from a public repository.

Shortly thereafter, several large organizations felt the impact of his actions. Facebook, AirBnB and others experienced errors impacting the functionality of their services. Packages using “left-pad” wouldn’t properly execute.

Today, we embrace both the open source community and the growth of open source projects, modules and packages but… Dependencies and recursive dependencies might become a risk or even a new attack vector which we didn’t foresee.

Could there be other cases of common and popular open source packages depending on open source modules that might not be there tomorrow or, even worse, could they be maliciously modified?

Drinks & Pool, until they kick us out.

CE Credits will be issued upon request.

Sponsored by Checkmarx.
http://www.checkmarx.com