SFISSA & OWASP Joint Meeting October 2014

Save the date South Florida: Wednesday 10/15/14 5:30pm – 7:30pm!
Our October 2014 meeting will be the annual joint meeting between the South Florida ISSA chapter the South Florida OWASP chapter. We have an excellent line up of speakers, topics, and networking scheduled for you so plan ahead and mark your calendars!

We would like to thank our sponsors for this meeting: HP

South Florida’s ISSA & OWASP joint meeting will be on Wednesday, October 15th, 2014 at Nova Southeastern University. The meeting will take place in the Carl DeSantis Building from 5:30pm – 7:30pm, followed by our usual networking event at the Falcon Pub sponsored by HP!

Two great speakers and talks lined up! First we have Bruce Jenkins from HP talking about Software Security Assurance: Keeping your security program on the rails. He will be followed by one of the founders of OWASP, Jeff Williams, who will talk to use about AppSec at DevOps Speed and Portfolio Scale.

You don’t want to miss this one!

Software Security Assurance: Keeping your security program on the rails – Bruce Jenkins
In working with dozens of organizations across all industries, a common theme has emerged as it relates to effective implementation of software security assurance programs: they generally are not effective. In fact, in numerous cases, programs are often shelved outright after several years of multiple implementation attempts. An obvious downside of this failure is a lack of return on security technology investments. The reasons for failure vary, but it often comes down to an absence of management commitment, a lack of focus, or simply insufficient awareness and education amongst stakeholders. This presentation explores why programs do not get off the ground or flounder after launch, and what can and should be done to prevent or correct those situations. Developers, project leads, architects and information security managers will benefit from discussions about the key elements to effective security program implementation.

Bruce C Jenkins, CISSP, leads HP Fortify’s Software Security Assurance (SSA) enablement strategy and works regularly with customers on SSA program development and measurement. He is a 28-year US Air Force veteran who has been a Fortify evangelist and builder of SSA solutions since 2007. He has supported more than 60 professional services engagements and collected data on more than 350 security assessments across all industry sectors. Bruce hold a BS in computer science and MS in management science.

AppSec at DevOps Speed and Portfolio Scale – Jeff Williams
Software development is moving much faster than application security with new platforms, languages, frameworks, paradigms, and methodologies like Agile and Devops.

Unfortunately, software assurance hasn’t kept up with the times. For the most part, our security techniques were built to work with the way software was built in 2002. Here are some of the technologies and practices that today’s best software assurance techniques *can’t*handle: JavaScript, Ajax, inversion of control, aspect-oriented programming, frameworks, libraries, SOAP, REST, web services, XML, JSON, raw sockets, HTML5, Agile, DevOps, WebSocket, Cloud, and more. All of these rest pretty much at the core of modern software development.

Although we’re making progress in application security, the gains are much slower than the stunning advances in software development. After 10 years of getting further behind every day, software *assurance* is now largely incompatible with modern software *development*. It’s not just security tools — application security processes are largely incompatible as well. And the result is that security has very little influence on the software trajectory at all.

Unless the application security community figures out how to be a relevant part of software development, we will continue to lag behind and effect minimal change. In this talk, I will explore a radically different approach based on instrumenting an entire IT organization with passive sensors to collect realtime data that can be used to identify vulnerabilities, enhance security architecture, and (most importantly) enable application security to generate value. The goal is unprecedented real-time visibility into application security across an organization’s entire application portfolio, allowingall the stakeholders in security to collaborate and finally become proactive.

Jeff Williams is a founder and CEO of Aspect Security and recently launched Contrast Security, a new approach to application security analysis. Jeff was an OWASP Founder and served as Global Chairman from 2004 to 2012, contributing many projects including the OWASP Top Ten, WebGoat, ESAPI, ASVS, and more. Jeff is passionate about making it possible for anyone to do his or her own continuous application security in real time.

Nova Southeastern University – Carl DeSantis Building
Room TBA
3301 College Avenue
Fort Lauderdale, Florida 33314
Phone: 800-541-6682