Leveraging OWASP in Open Source Projects
Aaron Weaver, Bill Thompson, David Ohsie at AppSec USA 2013
The CAS AppSec Working Group is a diverse volunteer team of builders, breakers, and defenders that is working to improve the security of Jasig CAS, an open source WebSSO project. This presentation will show how the team is leveraging OWASP resources to improve security, provide security artifacts for potential adopters, and implementing policy and processes for vulnerability analysis and notification. The story is significant in that it directly addresses OWASP A9 "Using components with Known Vulnerabilities / Secure Coding", and points towards a model that other open source projects could adopt.
Speakers
David Ohsie
David came to EMC 2005 in its acquisition of SMARTS. At SMARTS, he devised and implemented the lastest version of its automated root cause analysis algorithm. David received his Phd in Computer Sciences from Columbia University in 1997. | | 4 years experience in product security assessment and architecture for EMC applications. David Ohsie works on authentication and security architecture for a number of software applications produced by the Advanced Storage Division of EMC Corporation.
Bill Thompson
IAM Director, Unicon
Bill is the Director of the IAM Practice at Unicon, and leads a team of professionals providing IT consulting services to the Higher Education community with a focus on Identity and Access Management, CAS, Shibboleth, and Grouper. Prior to joining Unicon, Bill served as the Senior Associate Director for the Office of Development at Princeton University, providing leadership and direction for web application development, systems integration, business intelligence, and information technology.
Aaron Weaver
Principal Security Analyst, Pearson Education
Aaron Weaver is Principal Security Analyst at Pearson Education, the leading learning and publishing company. He has played various roles including software developer, system engineer, embedded developer to IT security. He also leads OWASP Philadelphia. Experience includes mobile security, web application security, penetration testing and embedded development.
Speakers
David Ohsie
David came to EMC 2005 in its acquisition of SMARTS. At SMARTS, he devised and implemented the lastest version of its automated root cause analysis algorithm. David received his Phd in Computer Sciences from Columbia University in 1997. | | 4 years experience in product security assessment and architecture for EMC applications. David Ohsie works on authentication and security architecture for a number of software applications produced by the Advanced Storage Division of EMC Corporation.
Bill Thompson
IAM Director, Unicon
Bill is the Director of the IAM Practice at Unicon, and leads a team of professionals providing IT consulting services to the Higher Education community with a focus on Identity and Access Management, CAS, Shibboleth, and Grouper. Prior to joining Unicon, Bill served as the Senior Associate Director for the Office of Development at Princeton University, providing leadership and direction for web application development, systems integration, business intelligence, and information technology.
Aaron Weaver
Principal Security Analyst, Pearson Education
Aaron Weaver is Principal Security Analyst at Pearson Education, the leading learning and publishing company. He has played various roles including software developer, system engineer, embedded developer to IT security. He also leads OWASP Philadelphia. Experience includes mobile security, web application security, penetration testing and embedded development.