2013.03.19 CAS AppSec Working Group Call
...
- Tuesday, March 19, 2013. 14:00 - 15:00 US - Eastern (GMT -04:00)
- Call in Number: http://www.calliflower.com/2011/11/15/international-conference-calling/
- Conference Code: 4397017
Participants
Agenda
- Introductions
- Review/Approve Meeting Minutes
- Review Action Items
- Open Discussion
- Meeting Schedule
- Share sample security artifacts
- Next Steps
Meeting Notes
Added Aaron Weaver to the group. Aaron is an AppSec specialist, works for Pearson, deploys CAS.
Two mailing list have been created...one public, one cas-appsec-public and cas-appsec-private.
Reviewed initial context data flow diagram created by David.
...
- Sketch out CAS security assessment - Team
- Draft WG charter - Andrew
- Follow up with cas-dev regarding 3rd party vs custom code - Jérôme
- Review https://www.owasp.org/index.php/Application_Threat_Modeling - Team
- Revise Share and revise example security artifacts (data flow diagram, etc) - David, Jérôme, Jérôme Team
- Invite team to cas-appsec-private - Bill
- Run Veracode against CAS 3.5.2 - Aaron
- Inquiry about EC2 test instance - Bill
...