John Dickson's Reflections on BlackHat

By Dan Cornell

Check out this YouTube video for reflections from John Dickson on BlackHat 2009.

And don't forget to follow John on Twitter: @johnbdickson

--Dan
dan _at_ denimgroup.com
@danielcornell

John Dickson and Sheridan Chambers at BlackHat

By Dan Cornell

John Dickson and Sheridan Chambers will be out at BlackHat this week. Follow John on Twitter @johnbdickson  Here is a video regarding some of John's plans at BlackHat:

--Dan
dan _at_ denimgroup.com
@danielcornell

John Dickson's RSA Abstract Video Online

By Dan Cornell

John Dickson's video abstract for his RSA talk on "What You Don't Know Can Hurt You: Security Professionals and Custom Apps" is now up online:

See you all in San Francisco next week!

--Dan
dan _at_ denimgroup.com

John Dickson at RSA: What You Don’t Know Can Hurt You: Security Professionals and Custom Apps

By Dan Cornell

John Dickson will be presenting at RSA this year about "What You Don’t Know Can Hurt You: Security Professionals and Custom Apps"  The abstract for the talk is:

Security managers rarely have software backgrounds. However, they get the blame when unsecure software is exploited and a breach occurs. This session will help security managers better characterize different software development approaches and identify risks associated with building custom applications. Software assessment strategies and secure SDLC improvements will be discussed in depth.

The session is PROF-402 and the talk is scheduled for:

Friday, April 24 10:10 AM Purple 3

More info can be found on the RSA 2009 conference website.  Also - follow John on Twitter @johnbdickson for updates about RSA and more.

--Dan
dan _at_ denimgroup.com

Dan Cornell at RSA: Building an Organizational Application Security Competency

By Dan Cornell

I will be presenting at RSA this year about "Building an Organizational Application Security Competency"

We have a video abstract online:

The talk is scheduled to be held:

Friday, April 24 09:00 AM
Purple 305

And the session code is: PROF-401

Hope to see folks there!  I'll be in San Francisco and at RSA all week.  Follow me on Twitter @danielcornell for more updates.  If you are going to be in San Francisco and/or at RSA I'd love to meet up.

--Dan
dan _at_ denimgroup.com

TRISC Slide Decks Online

By Dan Cornell

John Dickson's slide deck for "The Permanent Campaign: Driving a Software Security Initiative in the Enterprise" from the Texas Regional Infrastructure Security Conference (TRISC) is now online.

Also, my slide deck for "Securing SharePoint" at TRISC is also online.

Last week was a crazy week for Denim Group between TRISC, the DIR Information Security Forum 2009 and TASSCC TEC 2009 Web 2.0 conference as well as an even with WhiteHat.  I will keep posting materials from those events as I can get them online.

--Dan
dan _at_ denimgroup.com

SnowFROC Video Online

By Dan Cornell

This came out a couple of days ago, but I have been kind of busy.  John Dickson and I's presentation at SnowFROC about Vulnerability Management in an Application Security World is available via video online.

This was a great conference - 1 day, 2 tracks, lots of great presenters, well-attended and very informative.  Can't wait for next year.

--Dan
dan _at_ denimgroup.com

All the Denim You Could Possibly Want

By Dan Cornell

Next week is going to be a busy one for Denim Group - we have four speaking slots spread across three conferences and we also have an event in Houston.  If you are in Austin or Houston next week come on by.

First up is the Texas Regional Infrastructure Security Conference (TRISC).  This runs Monday March 23, 2009 through Wednesday March 25, 2009 in Austin, TX.  We will have a booth in the expo area and John Dickson will be speaking Tuesday at 1:45 in the Amphitheater with a talk titled "The Permanent Campaign: Driving a Secure Software Initiative in the Enterprise."  I will be speaking Tuesday at 3:15 in Ballroom B about "Securing Sharepoint."  As mentioned here before, OWASP Members get $100 off their admission.

Next up is the Texas Department of Information Resources (DIR) 9th Annual Information Security Forum on Wednesday March 25, 2009.  John Dickson will be giving a talk on "The Anatomy of a Web Application Intrusion"

Then we have the Texas Association of State Systems for Computing and Communications (TASSCC) Technology and Education Conference (TEC) on Web 2.0 - Services and Innovation in the Public Sector on Thursday March 26, 2009.  (You have to love the acronyms...)  I will be giving another version of my talk on "Securing SharePoint" at 2pm.

Finally, John and Linda will be at the WhiteHat event in Houston at the Intercontinental Hotel on Thursday March 26, 2009.

Busy week.  You can follow John (@johnbdickson) or I (@danielcornell) on Twitter for individual updates.

--Dan
dan _at_ denimgroup.com

Virtual Application Security Track at TRISC

By Dan Cornell

There isn't a formal application security track at TRISC (yet!), so I thought I would put together a list of the application security-focused talks.

Please be sure to check out John Dickson's talk Tuesday at 1:45 in the Amphitheatre titled "The Permanent Campaign: Driving a Secure Software Initiative" and also check out my talk on "Securing SharePoint" Tuesday at 3:15 in Ballroom B.

Monday:

• 1:00: Ballroom A: Rohyt Belani - Phishing 2.0, Ballroom B: David Lissberger - Hacking Through a Firewall
• 2:00: Ballroom B: Josh Sokol - Using Proxies to Secure Applications and More
• 3:15: Ballroom B: Robert Hansen & Rob MacDougal - Assessing Your Web App Manually Without Hacking It

Tuesday:

• 8:30: Keynote: Johnny Long
• 12:45: Ballroom A: Trey Ford - Top Website Vulnerabilities: Trends, Business Effects, How To Fight Them, Ballroom B: Mano Paul - Web 0wn3d (OWASP Top 10) In Depth & Demonstrated
• 1:45: Amphitheater: John Dickson - The Permanent Campaign: Driving a Secure Software Initiative in the Enterprise, Ballroom B: Matt Tesauro - OWASP Live CD: An Open Environment for Web Application Security
• 3:15: Ballroom B: Dan Cornell - Securing SharePoint
• 4:15: Ballroom A: Joseph Krull - PCI Compliance - Convert Drudgery Into a Powerful Security Framework, Ballroom B: Erhan Kartaltepe & Ravi Ganesan - A New Standard for Establishing Trust in Cross Domain XHR

As I have mentioned before, OWASP members get a $100 discount on TRISC 2009 attendance.  Seeing as how OWASP membership now costs $50 that is a great deal.  Bailout!  Contact me for more specific info.  For OWASP San Antonio we will be treating TRISC as our March meeting (regular meetings to resume in April).

TRISC website: http://www.trisc.org/
OWASP Membership Website: http://www.owasp.org/index.php/Membership

--Dan
dan _at_ denimgroup.com

OWASP and TRISC

By Dan Cornell

If you are planning on attending the Texas Regional Infrastructure Security Conference (TRISC) this year, we have it set up so that OWASP members get a $100 discount on their registration.  Seeing as how OWASP individual membership is only $50 this is a pretty good deal!

More information about becoming an OWASP member can be found here.

When you go to register for TRISC indicate that you are an OWASP member and include your OWASP membership number.  If you have only recently become a member put "NUMBER PENDING" in the member number field and I will work with the TRISC folks and Kate Hartmann to make sure you are actually a member.

This is going to be a great conference - hope to see folks there.

Thanks,

Dan