Invalid quantity. Please enter a quantity of 1 or more.
The quantity you chose exceeds the quantity available.
Please enter your name.
Please enter an email address.
Please enter a valid email address.
Please enter your message or comments.
Please enter the code as shown on the image.
Please select the date you would like to attend.
Please enter an email address.
Please enter a valid email address in the To: field.
Please enter a subject for your message.
Please enter a message.
You can only send this invitations to 10 email addresses at a time.
$$$$ is not a properly formatted color. Please use the format #RRGGBB for all colors.
Please limit your message to $$$$ characters. There are currently ££££.
$$$$ is not a valid email address.
Please enter a promotional code.
N/A
Sold Out
Pending
You have exceeded the time limit and your reservation has been released.
The purpose of this time limit is to ensure that registration is available to as many people as possible. We apologize for the inconvenience.
This is option is not available anymore. Please choose a different option.
Please read and accept the waiver.
All fields marked with * are required.
Please double check your email address. The email address format does not appear valid.
$$$$ requires a number between ££££ and §§§§
US Zipcodes need to be 5 digits.
Please double check your website URL.
All fields marked with * are required.
Your credit card expiration date is in the past.
Your credit card CSC needs to be 4 digits.
Please confirm your order:
$$$$
You have selected to Pay by Check.
Click OK to confirm your order.
Please confirm your order:
$$$$
You have selected to Pay at the Door.
Click OK to confirm your order.
Please confirm your order:
$$$$
You have selected to Pay upon Receiving an Invoice.
Click OK to confirm your order.
Your credit card CSC needs to be 3 digits.
Your billing zip code needs to be 5 digits.
There was a problem saving your address.
There was a problem saving your credit card info.
There was a problem saving your personal information.
Please select the date you would like to attend.
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams.
Copying Prohibited by Law - McAfee Secure is a Trademark of McAfee, Inc.
Unknown card type.
No card number provided.
Credit card number is in invalid format.
Wrong card type or credit card number is invalid.
Credit card number has an inappropriate number of digits.
Please enter numbers here.
Please enter an integer value.
Numbers must be less or equal to $$$$
All the required fields have not been filled out. Click OK to proceed without all the required information, or click Cancel to finish entering the missing data.
Sorry, invalid event registration form.
Sorry, invalid event or database error.
Sorry, quantity must be a positive integer.
Sorry, you did not select a valid ticket.
Sorry, invalid event organizer email address.
Your order was canceled.
Thank You. Your order has been successfully completed. Your name and email address have been added to the list of event attendees.
Sorry, that option is sold out.
Sorry, that option is no longer available.
Sorry, there are only tickets of that type still available.
Sorry, you entered an invalid quantity. Please enter a quantity of 1 or more next to the type or types of tickets you would like to purchase.
Sorry, you did not select any tickets to purchase. Please enter a quantity of 1 or more next to the type or types of tickets you would like to purchase.
Sorry, there are no tickets left for this event.
The tickets, ticket quantity or date and time you've requested are no longer available, due to previous sales. Please choose a different date, time or number of tickets and place your order again.
Sorry, one or more of the tickets you requested are no longer available for purchase.
Sorry, you need to select the date you want to attend.
Sorry, the promotional code you entered is not valid yet.
Sorry, the promotional code you entered has expired.
Sorry, the promotional code you entered is not valid.
Your session has expired. Try ordering again.
Sorry, your requested ticket quantity exceeds the number provided by your promotional code.
Sorry, the tickets you are trying to order are not currently available.
Sorry, the payment type chosen is invalid for this event.
Sorry, there is only 1 ticket left for this event.
Sorry, there are only tickets left for this event.
We're sorry, this invitation is invalid.
We're sorry, this invitation has already been used.
We're sorry, you already have an order being processed for this event. Please wait a few minutes and try again.
We're sorry, there is a problem with your invitation. Please try again.
Invalid quantity of tickets selected.
Invalid donation amount.
Sorry, the promotional code you entered has been claimed.
Sorry, the payment type chosen is invalid for this event.
Sorry, your billing address was not saved properly, please try again.
Sorry, we experienced an internal error, please try again.
The captcha you entered is invalid. Please try again.
Invalid credit card selected. You have been logged out.
Sorry, your team selection was not valid.
Sorry, the payment type chosen is invalid for this event.
Sorry, your billing address was not saved properly, please try again.
Sorry, we experienced an internal error, please try again.
State
Zip Code
Province
Postal Code
County
State/Territory
State/Province
Event Details
OWASP MSP PRESENTS
Darren Meyer
Selling Static Analysis: How to Start Fast and Finish Strong
Date: Monday, June 27, 2011
Agenda:
6:00 PM Room opens for networking, CPE signup
6:25 PM Welcome: OWASP chapter updates
6:30 PM Darren Meyer
7:30 PM Upcoming events reminder and meeting wrap-up
Thank You: Concord for sponsoring our meeting location. Please contact Lorna at lorna.alamri@owasp.org or 651-338-0243 if you would like to sponsor a meeting or meeting location for an upcoming OWASP MSP meeting.
The Presentation:
Static Code Analysis tools are a wonderful addition to a strong application security program for any large-scale development effort - but their expense often causes management heartburn. This talk addresses how to:
1. Convince management of the value a Static Code Analysis tool can provide
2. Sell process over product
3. Get development teams on your side
4. Get a "quick and dirty" Static Code Analysis program up and running
5. Expand that nascent program into a mature part of a Secure SDLC
5a. Use Static Code Analysis to drive building a Secure SDLC if you don't have one
The material covered is based on the speaker's personal experience trying, failing, trying, and finally succeeding in accomplishing these things.
Part 1 - Convincing management
This segment covers approaches to articulating value of a Static Code Analysis tool - with or without an existing Secure SDLC program - to organization decision makers. In other words, this segment covers how to do a good sales job by showing managers things they care about.
FUD is discouraged.
Part 2 - Selling process over product
This segment emphasizes the importance of building good process - and advertising it - over selecting any particular product.
Part 3 - Getting development teams on your side
This segment covers various techniques to successfully market Static Code Analysis tools and processes to development teams. Successful marketing means that developers are pressuring their management to support adopting an Static Code Analysis process.
Included are common responses developers have to proposals to integrate Static Code Analysis toolkits and processes to their workflow, and responses that do and don't work.
Part 4 - Quick start
This segment covers rapidly and inexpensively building a proof of concept Static Code Analysis that highlights the need for sound process, but still returns a great deal of provable value. It also covers useful metrics and reporting to capture that can bolster the argument for an organization-wide adoption.
Risks and trade-offs of taking this approach are discussed.
Part 5 - Integrating into the SDLC
This segment covers "where to go from here" after a successful proof of concept. Considerations for integrating with Secure SDLCs at various points of maturity are provided, as well as discussions of making processes adaptable to various development lifecycle frameworks (e.g. waterfall, agile, etc.).
Also covered is how to use support for Static Code Analysis to drive building a Secure SDLC in an organization that's resistant to SDLC changes.
Throughout each section, security as an aspect of overall quality is emphasized, as well as the social aspects of successfully building this component of a Secure SDLC.
The Speaker:
Darren Meyer
Darren is a senior technical architect working in application security at a large company in the Twin Cities area. He has over a decade of software development experience that informs his desire to support and educate developers in application security practice.
Thank you to our meeting sponsor, Concord.
Location: Concord, 509 2nd Avenue S, Hopkins MN 55343. [Main Entrance Lobby]
Registration closes at 3:00 PM Central Time on the day of the meeting.
Registration is required.
When & Where
Concord
509 2nd Avenue S
Hopkins,
MN 55343
Monday, June 27, 2011 from 6:00 PM to 8:00 PM (CDT)
Add to my calendar
In order to purchase these tickets in installments, you'll need an Eventbrite account. Log in or sign up for a free account to continue.
