Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Thursday, October 25 • 2:00pm - 2:45pm
AppSec Training, Securing the SDLC, WebGoat.NET and the Meaning of Life

Sign up or log in to save this to your schedule and see who's attending!

One of the most vital pieces of a secure SDLC is security training – not only for developers, but for Architects, QA and anyone else involved in the creation of software. Too frequently, this is minimized, overlooked or completely absent within an organization. In some cases, the very idea of application security is dismissed as unnecessary.

This talk starts by making a strong argument for developer education, and how it fits into any organization’s SDLC. Training will be put into the context of NIST’s “Security considerations in System Development Life Cycle” Document, Microsoft’s Simplified SDL, BSIMM3 and OWASP Open SAMM.

From there, we discuss other OWASP resources and projects dedicated to developer education, and an in-depth discussion of OWASP WebGoat.NET – an ASP.NET specific re-design of OWASP which meets the needs and addresses the challenges of modern application security training programs.

Lecture will be delivered by Jerry Hoff, VP of Static Code Analysis Division at WhiteHat Security. Jerry is the leader of the OWASP Appsec Tutorial Series, WebGoat.NET and AntiSamy.NET. Jerry is a former developer, author, and has over 10,000 hours delivering technical training. Jerry holds a Masters degree in Computer Science from Washington University in St. Louis.

Key Points:
- Developers need a better way to be education in AppSec
- Equip participants with the tools and evidence they need make an irrefutable case for developer security training
- Analysis of tools/docuemnts/videos that OWASP provides for training
- Introduction of WebGoat.NET: OWASP’s latest tool to help education developers
- Interactive demonstration of WebGoat.NET with full audience participation


Speakers
avatar for Jerry Hoff

Jerry Hoff

VP, Static Code Analysis Division, WhiteHat Security
Jerry Hoff is the VP of the Static Code Analysis Division at WhiteHat Security. In addition to WhiteHat, he is a co-founder and managing partner at Infrared Security. Jerry has worked at a number of fortune ten financial firms, along with years of hands-on security consulting, where he specialized in manual code review, web application penetration testing, and architecture reviews. Jerry also has years of development and teaching experience. He... Read More →


Thursday October 25, 2012 2:00pm - 2:45pm
Gemalto Room - Hill Country C Hyatt Regency Austin, 208 Barton Springs Road, Austin, TX, 78704

Attendees (45)