Export to

• Google Calendar
• iCalendar file
• hCalendar markup
  <div class="vevent h-event"> <h1 class="summary p-name">OWASP: Software Composition -- the other 95% of your app's attack surface</h1> <div class='date'><time class="dtstart dt-start" title="2017-04-25T18:00:00" datetime="2017-04-25T18:00:00">Tuesday, April 25, 2017 from 6</time>–<time class="dtend dt-end" title="2017-04-25T19:30:00" datetime="2017-04-25T19:30:00">7:30pm</time></div> <div class="location vcard p-location h-card"> <a class="url" href='http://calagator.org/venues/202392091'><span class='fn org p-name'>New Relic</span></a> <div class="adr p-adr h-adr"> <div class="street-address p-street-address">111 SW 5th Avenue, Suite 2700</div> <span class="locality p-locality">Portland</span> , <span class="region p-region">Oregon</span> <span class="postal-code p-postal-code">97204</span> <div class="country-name p-country-name">United States</div> (<a href='https://maps.google.com/maps?q=111%20SW%205th%20Avenue,%20Suite%202700,%20Portland%20Oregon%2097204%20United%20States'>map</a>) </div> </div> <div class="description p-description"> <p><b>Abstract</b></p> <p>Nobody really writes their own code any more, right? We go out to GitHub and download some libraries for our favorite language to do all the hard things for us. Then we download half a dozen front end frameworks to make it all pretty and responsive and we’re off to the races. In my review I’ve found that more than 90% of the code that makes up an app these days is something we borrowed, not wrote ourselves. Now most of us scan our own code for flaws with Static Analysis tools, but what about all the stuff we didn’t write? How do we know what’s actually in there? I’ll tell you how to find out and keep track of what’s in there, and how to avoid getting pwned because you let a nasty in the back door with that whiz-bang library that does the really cool thing you couldn’t live without.</p> <p><b>Speaker</b></p> <p>Jeremy Anderson<br> Cambia Health Solutions<br></p> <p>Jeremy Anderson is a Secure Software Architect and CSSLP, with experience developing software solutions for numerous fortune 500 companies for almost 20 years. In 2014 he had a run in with InfoSec that spurred him into action as an AppSec superhero where he’s worked for HP then Veracode. Since early 2016 he’s been working with Cambia Health Solutions, bootstrapping and scaling an Application Security program from the ground up supporting hundreds of developers for dozens of applications. He’s passionate about not just finding security defects, but training ninjas to destroy them.</p> <hr> <p>The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list: <a href="https://lists.owasp.org/mailman/listinfo/owasp-portland">https://lists.owasp.org/mailman/listinfo/owasp-portland</a></p> <br> <p>Meetings are free and open to the public.</p> </div> <h3>Links</h3> <ul> <li><a class="url u-url" href="https://www.owasp.org/index.php/Portland">Website</a></li> </ul> </div>