Presented at
AppSec USA 2013,
Nov. 21, 2013, 10:30 a.m.
(390 minutes).
Take part in building the next generation of the Enterprise Security API. In this hackathon we will focus on building modular security controls that can be plugged in to the brand new ESAPI 3.0 framework allowing developers to quickly and easily integrate the security controls they need into their projects. During the hackathon, the ESAPI leaders will be on-site to get the effort kicked off, join in the coding fun, and to present awards for submitted components on the final day! Join us to leave your mark on one of the most visible OWASP Code Projects in our arsenal, and help make tomorrow's applications more secure!
Presenters:
-
Chris Schmidt
- Chief Architect - Contrast Security
Chris is currently the Project Leader for the OWASP ESAPI Projects and also served on the OWASP Global Projects Committee. He has been involved with OWASP for 6 years and has spoken at many OWASP events about the benefits of the Enterprise Security API as well as participated in Leadership discussions amongst the organization. During the day, Chris is Chief Architect for Contrast Security where he has been since fall 2010. Prior to joining the team at Contrast Security he spent 5 years as 'Black Ops Beef' for ServiceMagic Inc with the official title of Software Engineer. Before getting involved in software professionally, Chris worked in hardware as a Senior Field Service Engineer providing hardware and software support for PC's, Servers, Midrange Systems and Peripherals for 9 years.
-
Jeff Williams
- Co-founder and CTO - Contrast Security
I've been in security since the late 1980's and have been blessed with the opportunity to help start three great organizations: Aspect Security (recently sold to EY), OWASP, and Contrast Security.
I'm coming to AppSec EU to meet *you*. I'm easy to find :-) and love to talk about basketball, boomerang design, DevSecOps, security instrumentation, replacing SAST/DAST/WAF with IAST/RASP/SCA, cost-effective appsec programs, OWASP history, and Dad-life (four kids, two in college). I am convinced that appsec as we know it must change and that DevSecOps is the path forward. I'd love your help!
-
Kevin Wall
- Information Security Engineer - Wells Fargo
Kevin Wall has been involved in application security for the past 15+ years, but he still considers himself a developer first and an appsec engineer second. During most of those 15+ years, Kevin has specialized in applied cryptography and web appsec. Before transitioning to appsec, Kevin spent 17 years at (now Nokia, then AT&T) Bell Labs, leaving there as a DMTS in 1996 to become an independent consultant in C++ and Java. Kevin became involved in the OWASP Enterprise Security API (ESAPI) project in early fall of 2009, and after redesigning and rewriting all the symmetric cryptography related classes, he somehow found himself "elected" as co-project lead of ESAPI in 2011. Kevin also spent from 2000-2007 as an adjunct faculty member on the Franklin University CS staff where he taught Distributed Operating Systems and Computer Security. Kevin has been working on the Wells Fargo Secure Code Review team for just over of 3 years; he figures it is about as close to code as any company will let him get, which is why he stays active in the development of ESAPI. When Kevin is not around code, he waxes eloquently on 3-4 page TL;DR discourses that he posts various mailing lists or hangs out with other dinosaur friends at local watering holes discussing appsec, coding, sports, and quantum physics.
Links:
Similar Presentations: