Loading…
Attending this event?
Back To Schedule
Wednesday, November 1 • 9:00am - 5:00pm
1-Day Training:Application Security Testing: Verifying the Right Things Were Done Right

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Tweet Share
Software Security Testing is a key component of any organization’s software assurance program. The importance of these practices is reflected by their presence throughout OWASP's Software Assurance Maturity Model (SAMM), where they're represented by two of the model's 15 core Practices (Requirement-driven Testing and Security Testing), and factor into numerous activities in the remaining Practices.


This class covers recommended Application Security Testing (AST) practices, along with supporting AST tools and ways to better leverage penetration testing, to verify and validate an application’s security features:

  • Verify – How do we confirm our application’s security features were built right?
  • Validate – How do we confirm we built the right security features, to secure the application's functionality?
Topic coverage will include establishing your overall AST strategy and aligning it with the OWASP ASVS; defining and implementing security tests cases; utiliizing AST tools; and using third-party penetration tests effectively within your testing strategy.

Speakers
avatar for Dr. John DiLeo

Dr. John DiLeo

Solution Architect, IriusRisk
Dr. John DiLeo is the Auckland-area leader of the OWASP New Zealand Chapter and, for his day job, is a lead Solution Architect at IriusRisk, covering the Asia/Pacific region. Before joining IriusRisk, John led the Application Security Services team at Datacom, providing support and... Read More →

Wednesday November 1, 2023 9:00am - 5:00pm EDT
TBA
  1-Day Training
  • Audience Beginner
  • about Dr. John DiLeo is the Auckland-area leader of the OWASP New Zealand Chapter and, for his day job, is a lead Solution Architect at IriusRisk, covering the Asia/Pacific region. Before joining IriusRisk, John led the Application Security Services team at Datacom, providing support and guidance to clients in launching, managing, and maturing their enterprise software assurance programs.<br><br>Before turning to full-time roles in security, John was active as a Java enterprise architect and Web application developer. In earlier lives, John has been a full-time professor, and had specialised in developing discrete-event simulations of large distributed systems.<br><br>John is on the core team for the OWASP Software Assurance Maturity Model (SAMM) Project, leads the OWASP State of AppSec Survey Project, and is a member of the OWASP Education and Training Committee.
Feedback form isn't open yet.