OWASP Austin

Home Page    Chapter Leadership    Study Groups    Past Events    Sponsorship    Event Archive

Welcome

Welcome to the Austin chapter homepage. The Chapter Leader is Kyle Smith. See below for full list of all chapter leadership board.


Upcoming Events

When: Tuesday, May 25th, 2021 @ 12:00 PM - 1:00 PM CST

Where: Online @ Zoom (RSVP at either link below to receive the URL)!

Scale Your Security by Embracing Secure Defaults & Eliminating Bug Classes

We’re in the middle of a significant shift in how security teams operate and prioritize their limited budget and person-time. Historically, as an industry, we’ve focused on building tools to identify vulnerabilities. While we’ve built impressive tools, these approaches have failed to address the challenges of modern engineering teams. Specifically, these tools often are too slow, require a prohibitive amount of security engineer time and domain expertise to tune, overwhelm users with false positives, and most importantly, do not ultimately raise a company’s security bar. But there’s another way. Rather than investing in finding more bugs, some modern security teams are instead focusing on providing developers with frameworks and services with secure defaults (“guard rails”) so that developers can build features quickly and securely. When done correctly, combining secure defaults and lightweight checks that enforce invariants (properties that must always hold), organizations can solve *classes* of vulnerabilities by construction, preventing bug whack-a-mole. In this talk, we’ll present a practical step-by-step methodology for: Choosing what to focus your AppSec resources on How to combine secure defaults + lightweight invariant enforcement to eradicate entire vulnerability classes How to integrate continuous code scanning into your CI/CD processes in a way that’s fast, high signal, and low friction for developers How to use an open source, lightweight security linting tool to find bugs and anti-patterns specific to your company

Speaker:

Emma Jin is a software engineer at r2c, the company that maintains Semgrep, an open-source syntax-aware code search tool. At r2c, she has added features to Semgrep, such as typed metavariables. Emma recently received her B.S. in Computer Science from Carnegie Mellon University, where she picked up her belief in code guarantees. In her free time, she likes to read, write, and relearn her abandoned childhood skills. She is perpetually working on a novel.

RSVP at either -- Eventbrite Meetup

Zoom Meeting: RSVP above to receive the Zoom URL!

back to top


CANCELLED - Austin Security Professionals Happy Hour, April 8th, 2021

We will evaluate in mid month for decision to have the happy hour next month.

We wish everyone to stay safe and be informed. More information on COVID-19 available at www.cdc.gov.

back to top