OWASP Dallas January Meeting

Title:

Helping Developers Embrace Security with OWASP Tools

Description:

Securing applications is no longer the sole domain of the security team. With such rapid development approaches and frequent deployments, all members of an organization need to be equipped to embrace security. In the past, security practices were often seen as hindrances to the coding process. OWASP tools are helping to overcome this issue.

This presentation is designed to help security practitioners train and conduct knowledge transfer so that everyone is on the same page. We will start by laying out the basics with Proactive Controls and the Code Review Guide which provide the foundation for the rest of the materials. The next section is how to create some testing VMs so that developers, QA testers, and new security team members can all get hands-on practice with vulnerable web applications. A complete standalone environment can be created using CentOS 7, MariaDB, and Apache Tomcat. Vulnerable web applications provided by OWASP (bodgeit, WebGoat, and Security Shepherd) can be tested with OWASP ZAP (Zed Attack Proxy). Since many QA teams use synthetic testing scripts to perform UAT (user acceptance testing), it makes sense to leverage that approach with penetration testing. Using Selenium in conjunction with ZAP helps bridge that gap. The last portion of the presentation will cover how to make ZAP part of the build chain to make continuous integration a reality.

Bio:

Joseph Konieczka is a Lead Technology Solutions Specialist on the Remedy on Demand infrastructure team at BMC Software. He is an individual lifetime member of OWASP and a leader of the Houston, TX OWASP Chapter. Over the course of his career, he has played a variety of different roles and has been involved in systems administration, monitoring, management, and security since the early 1990s. His first program was written in Atari Basic on an Atari 400 way back in the day. You can find some of his prior presentations on SlideShare, most of which include photos of Lego mini figures and sets to add humor to a potentially dry topic.

Sponsorship:

The meeting food & drinks will be sponsored by Cigital.

IMPORTANT Meeting Notes:

The Goldman office is a gun-free zone. Please do not attempt to bring in any guns, holsters, ammo, etc. into their office space. Also, backpacks, suitcases, and other bags larger than a small purse cannot be brought into the building by guests.