OWASP Denver will be holding our October meeting along with the SANS Secure DevOps Summit on October 10th. RSVP at https://www.meetup.com/preview/Denver-OWASP/events/243732613
Please join us for a reception and presentation hosted by the SANS Institute on October 10 th at the Sheraton – Denver Tech Center. SANS will be holding its inaugural Secure DevOps Summit on October 10-11. The Summit will bring together SecDevOps experts from leading organizations to share theirideas, methods, and tools for building and delivering secure software using DevOps. Any OWASP member interested in attending the event will receive a $400 discount when they use the OWASPDENVER discount code. More information about the Summit here: http://www.sans.org/u/w8b
Regardless of whether you attend the Summit, all OWASP Denver members are invited to attend an evening reception on October 10th from 5:00 – 6:15pm followed by a presentation by Eric Johnson of SANS. Come join us for an evening of networking, food, drinks, and an in-depth talk about leveraging the power of Continuous Integration and Continuous Delivery to improve security posture.
Secure DevOps: A Puma’s Tail DevOps is changing the way that organizations design, build, deploy and operate online systems. Engineering teams are making hundreds, or even thousands, of changes per day, and traditional approaches to security are struggling to keep up. Security must be reinvented in a DevOps world and take advantage of the opportunities provided by continuous integration and delivery pipelines.
In this talk, we start with a case study of an organization trying to leverage the power of
Continuous Integration (CI) and Continuous Delivery (CD) to improve their security posture.
After identifying the key security checkpoints in the pre-commit, commit, acceptance, and
deployment lifecycle phases, we will explore how unit testing and static analysis fit into
SecDevOps. Live demonstrations will show how to identify vulnerabilities pre-commit inside the Visual Studio development environment, and how to enforce security unit tests and static analysis in a Jenkins continuous integration (CI) build pipeline. Attendees will walk away with a better understanding of how security fits into DevOps, and an open source .NET static analysis engine to help secure your organization’s applications.
Eric Johnson is a Principal Security Consultant at Cypress Data Defense where he leads secure software development lifecycle consulting, web and mobile application penetration testing, secure code review assessments, static source code analysis, security research, and security tools development. He also founded the Puma Scan static analysis open source project, which allows software engineers to run security-focused .NET static analysis rules during development and in continuous integration pipelines. As a Certified Instructor with the SANS Institute, Eric authors application security courses on DevOps,
cloud security, secure coding, and defending mobile apps. He serves on the advisory board for the SANS
Securing the Human Developer awareness training program, delivers security training around the world, and has presented his security research at conferences including SANS, BlackHat, OWASP, BSides, JavaOne, UberConf, and ISSA.
Eric completed a bachelor of science degree in Computer Engineering and a master of
science degree in Information Assurance at Iowa State University, and currently holds the CISSP, GWAPT, GSSP-.NET, and GSSP-Java certifications. He is located in West Des Moines, IA and outside the office he enjoys spending time with his family, attending Iowa State athletic events, and playing golf.