Here is some information regarding this week’s Thursday OWASP – VA Local Chapter infosec meetup event. If you plan on attending, RSVP to Jeremy Epstein (email available in their post – linked below) so they can get your badge processing started.
- Who: Nadya Bartol, Booz Allen Hamilton & Paco Hope, Cigital
- What:
- Bartol – Framework for Software Assurance: Nadya’s presentation will provide an update on the Software Assurance Forum efforts to establish a comprehensive framework for software assurance (SwA) and security measurement. The Framework addresses measuring achievement of SwA goals and objectives within the context of individual projects, programs, or enterprises. It targets a variety of audiences including executives, developers, vendors, suppliers, and buyers. The Framework leverages existing measurement methodologies, including Practical Software and System Measurement (PSM); CMMI Goal, Question, Indicator, Measure (GQ(I)M); NIST SP 800-55 Rev1; and ISO/IEC 27004 and identifies commonalities among the methodologies to help organizations integrate SwA measurement in their overall measurement efforts cost-effectively and as seamlessly as possible, rather than establish a standalone SwA measurement effort within an organization. The presentation will provide an update on the SwA Forum Measurement Working Group work, present the current version of the Framework and underlying measures development and implementation processes, and propose example SwA measures applicable to a variety of SwA stakeholders. The presentation will update the group on the latest NIST and ISO standards on information security measurement that are being integrated into the Framework as the standards are being developed.
- Hope – The Web Security Testing Cookbook: The Web Security Testing Cookbook (O’Reilly & Associates, October 2008) gives developers and testers the tools they need to make security testing a regular part of their development lifecycle. Its recipe style approach covers manual, exploratory testing as well automated techniques that you can make part of your unit tests or regression cycle. The recipes cover the basics like observing messages between clients and servers, to multi-phase tests that script the login and execution of web application features. This book complements many of the security texts in the market that tell you what a vulnerability is, but not how to systematically test it day in and day out. Leverage the recipes in this book to add significant security coverage to your testing without adding significant time and cost to your effort.
- When: 11/13, 6:00 – 8:30 PM EST
- Where: Booz Allen, One Dulles Facility (13200 Woodland Park Road; Herndon, VA 20171)
For more information on the OWASP – VA Local Chapter, see its description in our NoVA Meetups section. View our Calendar for a complete list of infosec events in and around the NoVA area. Here is a link to the page with information on this meetup.
No related posts.
