RE: OWASP NYC Chapter Meeting - Sept 28th

["Stan Guzik" <SGuzik () ImmediaTech com>]

The OWASP NYC meetings are 4 times per year.  I agree once a month would
be a little excessive.

-----Original Message-----
From: bugtraq () cgisecurity net [mailto:bugtraq () cgisecurity net] 
Sent: Thursday, September 15, 2005 11:21 AM
To: peter.stern () owasp org
Cc: webappsec () securityfocus com
Subject: Re: OWASP NYC Chapter Meeting - Sept 28th

I mean this with total respect but why must owasp announce every monthly
meeting to securityfocus's list? I mean
I can understand new chapters being formed and wanting to spread the
word but is 'webappsec' an appropriate list
for 'monthly meeting announcements'? I'd think this would be more
appropriate on the owasp website or on an owasp 
list. 

Respek
- z
http://www.cgisecurity.com


> We are excited to provide details of the next OWASP NYC Meeting that
will
> be taking place at PricewaterhouseCoopers 300 Madison Ave (BETWEEN
EAST
> 41ST AND E. 42nd St.)on Wednesday, September 28th from 6PM - 9PM.  It
> promises to be a full program with 2 experts in their fields, as well
as
> all of your participation.
>
>
>
> Please RSVP to peter.stern () owasp org
>
>
>
> PROGRAM WILL INCLUDE THE FOLLOWING 2 PRESENTATIONS:
------------------------------------------------------------------------
-
> FEISAL NANJI (Ernst & Young) will speak on the Value of the SDLC
within
> Application Security
>
> Understanding security vulnerabilities within the context of the SDLC
> involves a variety of assessment techniques including threat models,
> design reviews, security tests, and code reviews. Since enterprise
> software development is a complicated undertaking, tools that help in
> automating the discovery, analysis, reporting, and remediation of
security
> vulnerabilities are central to security process development and
security
> assessment. The presentation provides a description of processes and
the
> necessary tools to significantly improve security while applications
are being developed.
>
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+
> PETER GIEN (Secure Software) will speak on Bringing Developers to the
Water and Making them Drink
> Regulatory and legal forces are driving coding standards and practices
in
> large enterprises, particularly financial institutions. Some
> financial institutions are meeting this challenge by developing
Control
> Standards that govern the development of critical software. In
addition,
> security has become an important activity through all phases of the
SDLC.
> Finally, compliance with Control Standards is now being forced by
policy
> driven, automated analysis of source code. Many institutions are
adopting
> frameworks for authentication, authorization and role-based access
> control. In these cases, we are finding that significant levels of
> vulnerability exist in the frameworks themselves, no matter if they
are
> internally developed or based on Open Source. In this talk we will
give
> examples of Control Standards that can be enforced through
> automated analysis, as well as some examples that still have to be
done
> the old-fashioned way in a code review. We will also present a summary
of
> the automated analysis of some popular Open Source frameworks (Java
and C)
>
========================================================================
> BIOS:
>
> PETER GIEN
>
> Peter Gien has been engaged in helping large financial institutions
> improve their SDLC through education of project teams in all matters
of
> security, and in particular through the strategic deployment of
automated
> code-scanning technology. Recently, Peter has served as a Principal
> Consultant at Secure Software. Prior to this, Peter worked for
Microsoft
> Corporation in the National Practices as a security and PKI expert.
During
> his tenure at Microsoft, Peter was involved in many PKI consulting
> engagements with Fortune 100 companies and government agencies. Before
> Joining Microsoft, Peter was employed at Identrus, a global banking
PKI
> consortium where he authored the Identrus Smart Card Requirements and
> Digital Signature specifications. In spite of holding a Ph.D in
Aerospace
> Engineering, Peter has enjoyed a technical career involving computers
from
> the 8088 era onwards.
>
>
>
> FEISAL NANJI
> Senior Manager, Security and Technology Solutions (STS)
>
> Feisal has 18 years of experience in Information Technology markets,
> specifically in Software, Hardware, Semiconductors, and Information
> Delivery. At Ernst & Young He leads Ernst & Young's Application
Security
> Advisory (ASA) service line focused on helping clients improve
security
> within the software development lifecycle. He is responsible for
process
> methodology, client delivery, and adoption of new technologies. At
Ernst &
> Young, Feisal has worked on numerous security assignments for global
> banks, investment houses, telecommunications firms, and media
companies
> focusing on application security, corporate governance, and security
> policy development.
> Prior to Ernst & Young, he was Vice President of Business Development
at
> Primeon Inc, an Application Security Specialist, where he was
responsible
> for revenue generation targeting Wall Street and developing technology
> alliances. Feisal also has extensive experience in software
development as
> Product Manager of Software at Berkeley Process Control, where he was
> responsible for product strategy. He has also served in the role of
> Director of Research at Devonshire Partners, as well as Director of
> Research at Skow Inc. where he was an investment analyst focusing on
> information technology.
> At Skow, Inc. Feisal was instrumental in helping launch Vermeer
> Technologies, creator of FrontPage software that was eventually
purchased
> by Microsoft Corporation for inclusion into its Office suite.
>
> Education, Certifications and Affiliations
> Feisal has a Master's in Public Policy from Harvard and is a Certified
> Information Systems Security Professional (CISSP).
========================================================================
===
> We look forward to seeing everyone!!!