BEGIN:VCALENDAR PRODID;X-RICAL-TZSOURCE=TZINFO:-//Calagator//EN CALSCALE:GREGORIAN X-WR-CALNAME:Calagator METHOD:PUBLISH VERSION:2.0 BEGIN:VTIMEZONE TZID;X-RICAL-TZSOURCE=TZINFO:America/Los_Angeles BEGIN:DAYLIGHT DTSTART:20210314T020000 RDATE:20210314T020000 TZOFFSETFROM:-0800 TZOFFSETTO:-0700 TZNAME:PDT END:DAYLIGHT END:VTIMEZONE BEGIN:VEVENT CREATED;VALUE=DATE-TIME:20210410T040518Z DTEND;TZID=America/Los_Angeles;VALUE=DATE-TIME:20210519T130000 DTSTART;TZID=America/Los_Angeles;VALUE=DATE-TIME:20210519T120000 DTSTAMP;VALUE=DATE-TIME:20210410T040518Z LAST-MODIFIED;VALUE=DATE-TIME:20210410T040518Z UID:http://calagator.org/events/1250477666 DESCRIPTION:RSVP: https://www.meetup.com/OWASP-Portland-Chapter/events/27 7480846/ \;\n \;\nExcerpt: \;\n \;\nTraditionally\, breaches that make the news are about stealing data and that data being resold f or financial gains. Think Target\, Ashley Madison\, Marriott and so many more. Recently a spotlight was put on supply chain security via the Sol arWinds breach and how that affected many companies. The adversaries wer e able to inject malicious code into applications that have a lot or rig hts and are widely deployed in many organizations\, small and large alik e. \;\n \;\nWe will discuss the framework\, your SDLC (SDL\, SSDLC \, etc.) – Secure Development Lifecycle – to lay out how you are going t o develop and secure your applications. Customers care about this. Once you have your SDLC\, you need to define your processes\, select your too ls\, integrate them into your SDLC and finally automate those tools. Thi s is not a short process and often multiple iterations are necessary to get to a good place. The goal of this presentation is to make you aware of a variety of tools that are out there\, the various steps along the w ay of your SDLC you need to take and how to complete each of these steps . \;\n \;\nBIO: \;\n \;\nDerek Hill has over 25 years of exp erience in Information Security and Information Technology. He is curren tly the Director of AppSec engineering at ForgeRock\, an Identity and Ac cess management company\, based in Vancouver\, WA. He is responsible for implementing and improving the company’s product security on a continua l basis. He works closely with software engineers and security engineers in multiple countries to ensure the ForgeRock products are developed se curely and tested in all phases of the development lifecycle. In additio n to his full time job\, Derek is also a SANS community instructor teach ing Security Leadership and CISSP prep courses. \;\n \;\nPrior to his current position\, Derek held Information Security\, IT management a nd technical roles at both large and small companies. In each role\, he consistently focused on managing high-performing teams\, delivering effi cient solutions and providing excellent services to a variety of stakeho lders\, maximizing uptime and security. Derek also has significant exper ience in cloud technologies\, responsible for moving\, securing and main taining them in various cloud environments through their lifecycle.\n\nT ags: owasp\, infosec\, AppSec\, cloudsec\n\nImported from: http://calaga tor.org/events/1250477666 SUMMARY:Application Security -- The Framework\, Processes and Tools to Se cure Your Apps LOCATION:Virtual: false SEQUENCE:1 END:VEVENT END:VCALENDAR