Application Security

Starts: Tuesday 23 August 2011, 3:00PM

Finishes: Tuesday 23 August 2011, 4:00PM

Venue: Suncorp, Meeting Room 7, Level 28, 226 George Street, Brisbane

Speaker: Pravir Chandra

Pravir Chandra is Director of Strategic Services at Fortify, an HP company, where he leads software security assurance programs for Fortune 500 clients in a number of verticals. He is responsible for setting up the most comprehensive and measurably effective programs in existence today. Creator and leader of the Open Software Security Assurance Maturity Model (OpenSAMM) project, Pravir also works extensively with OWASP and on other open projects to promote effective application security pratices. As a thought leader in the security field for over 10 years, Pravir has written many articles, whitepapers and books, and is routinely invited to speak at businesses and conferences worldwide.

Pravir has volunteered to present for us on "Application Security".

Abstract: The Software Assurance Maturity Model (OpenSAMM)

The Software Assurance Maturity Model (SAMM) is a flexible and prescriptive framework for building security into a software development organisation. Covering more than typical SDLC-based models for security, SAMM enables organisations to self-assess their security assurance program and then use recommended roadmaps to improve in a way that's aligned to the specific risks facing the organisation. Beyond that, SAMM enables the creation of scorecards for an organisation's effectiveness at secure software development throughout the typical governance, development and deployment functions. Scorecards also enable management within an organisation to demonstrate quantitative improvements through iterations of building a security assurance program. This workshop will introduce the SAMM framework and walk through useful activities such as assessing an assurance program, mapping an existing organisation to a recommended roadmap, and iteratively building an assurance program. Time allowing additional case studies will also be discussed. SAMM is an open and free project and has recently been added under the Open Web Application Security Project (OWASP).

Please RSVP. Members of ISACA and OWASP are most welcome to attend this AISA Brisbane event and should RSVP via email to Brisbane@aisa.org.au.

Many thanks to our sponsor: AISA thanks Suncorp for providing the venue for this Brisbane branch meeting.

N.B. Please arrive promptly as we shall start at 3:00pm sharp!