Security-in-Agile - June 24, 2009

Topic: Security-in-Agile Speaker: Tatiana Outkina, PhD, CISSP, CSSLP, TOGAFAgile development methodology affects the framework of SecSDLC. While the concept of SecSDLC remains the same, the approach and the solutions must provide the ability to develop secure systems within the agile development framework. A certain number of contradictions must be resolved to ensure the appropriate security level of each and every Sprint.In our message, we present the Agile-SecSDLC framework to outline IT security risks management, deliverables, impact to project management, and other aspects of security-in-agile delivery.

---

Topic: Security Auditing at the Source Level Speaker: Edmund Dengler, eSentireImagine doing a full audit of a 10,000 page website in under an hour (yes, that is slightly exaggerated for marketing purposes)! A brief introduction to performing security audits of applications (and especially web applications) via the source code rather than black box testing methods typical of most vulnerability assessments. This presentation will include some background on limitations of black box testing, some of the history and evolution of tools, current state of the art, and how to get that 10,000 page site done.Source: task