Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

2013.03.19 CAS AppSec Working Group Call

...

Participants 

Agenda

  • Introductions
  • Review/Approve Meeting Minutes
  • Review Action Items
  • Open Discussion
  • Meeting Schedule
  • Share sample security artifacts
  • Next Steps

Meeting Notes

Added Aaron Weaver to the group.  Aaron is an AppSec specialist, works for Pearson, deploys CAS.

Two mailing list have been created...one public, one cas-appsec-public and cas-appsec-private.

Action Items

...

Reviewed initial context data flow diagram created by David.

Discussed investigating the use of bugcrowd.com after initial security assessment is done.

Discussed the need for an EC2 test instance to dynamic scans.

Action Items

  • Sketch out CAS security assessment - Team
  • Establish liaison with Jasig Security Contact Group - Andrew
  • Draft WG charter - Andrew
  • Draft inventory of Follow up with cas-dev regarding 3rd party vs custom code - JérômeDraft
  • Review https://www.owasp.org/index.php/Application_Threat_Modeling - Team
  • Share and revise example security artifacts (data flow diagram, etc) - DavidInvestigate private mailing list/wiki for CAS AppSec WG , Jérôme, Team
  • Invite team to cas-appsec-private - Bill
  • Run Veracode against CAS 3.5.2 - Aaron
  • Inquiry about EC2 test instance - Bill

Post Meeting Notes (catch-all, Alibi's)