2013.03.19 CAS AppSec Working Group Call
Meeting Details
- Tuesday, March 19, 2013. 14:00 - 15:00 US - Eastern (GMT -04:00)
- Call in Number: http://www.calliflower.com/2011/11/15/international-conference-calling/
- Conference Code: 4397017
Participants
Agenda
- Introductions
- Review/Approve Meeting Minutes
- Review Action Items
- Open Discussion
- Meeting Schedule
- Share sample security artifacts
- Next Steps
Meeting Notes
Added Aaron Weaver to the group. Aaron is an AppSec specialist, works for Pearson, deploys CAS.
Two mailing list have been created...one public, one private.
Reviewed initial context data flow diagram created by David.
Discussed investigating the use of bugcrowd.com after initial security assessment is done.
Discussed the need for an EC2 test instance to dynamic scans.
Action Items
- Sketch out CAS security assessment - Team
- Draft WG charter - Andrew
- Follow up with cas-dev regarding 3rd party vs custom code - Jérôme
- Review https://www.owasp.org/index.php/Application_Threat_Modeling - Team
- Revise example security artifacts (data flow diagram, etc) - David, Jérôme
- Invite team to cas-appsec-private - Bill
- Run Veracode against CAS 3.5.2 - Aaron
- Inquiry about EC2 test instance - Bill