2013.03.19 CAS AppSec Working Group Call
...
- Tuesday, March 19, 2013. 14:00 - 15:00 US - Eastern (GMT -04:00)
- Call in Number: http://www.calliflower.com/2011/11/15/international-conference-calling/
- Conference Code: 4397017
Participants
Agenda
- Introductions
- Review/Approve Meeting Minutes
- Review Action Items
- Open Discussion
- Meeting Schedule
- Share sample security artifacts
- Next Steps
Meeting Notes
Action Items
...
Added Aaron Weaver to the group. Aaron is an AppSec specialist, works for Pearson, deploys CAS.
Two mailing list have been created...cas-appsec-public and cas-appsec-private.
Reviewed initial context data flow diagram created by David.
Discussed investigating the use of bugcrowd.com after initial security assessment is done.
Discussed the need for an EC2 test instance to dynamic scans.
Action Items
- Sketch out CAS security assessment - Team
- Establish liaison with Jasig Security Contact Group - Andrew
- Draft WG charter - Andrew
- Draft inventory of Follow up with cas-dev regarding 3rd party vs custom code - JérômeDraft
- Review https://www.owasp.org/index.php/Application_Threat_Modeling - Team
- Share and revise example security artifacts (data flow diagram, etc) - David
- Investigate private mailing list/wiki for CAS AppSec WG - Bill
- Poll for conf call tools http://doodle.com/f3pm3iuqgfd9fzvb - Bill
- Poll for conf call time http://doodle.com/knfdm66cenhkxveq , Jérôme, Team
- Invite team to cas-appsec-private - Bill
- Run Veracode against CAS 3.5.2 - Aaron
- Inquiry about EC2 test instance - Bill