[SC-L] July 23: Stanford Emerging Threats and Defenses Symposium

2008-06-30 Thread Neil Daswani 
The Stanford Center for Professional Development
Advanced Security Certification
Program

Presents The

*Emerging Threats and Defenses
Symposium*

Featuring Talks By

Mary Ann Davidson
Chief Security Officer of Oracle
"Perspectives on Security"

and

Jeremiah Grossman
Chief Technology Officer of WhiteHat Security
"Hacks Happen"

5:00pm - 7:30pm
Wednesday, July 23, 2008
Skilling Auditorium ,
494 Lomita Mall, Stanford University

Refreshments & Hors D'oeuvres will be served.

Please register by July 15 at
http://scpd.stanford.edu/scpd/courses/proed/compSecCampus/keynoteReg1.asp
(This event is FREE to the public.  Registration is highly encouraged
to guarantee your spot as we expect that space will be limited.)

 *Biography: Mary Ann Davidson, Chief Security Officer, Oracle Corporation*
Mary Ann Davidson is the Chief Security Officer at Oracle Corporation,
responsible for Oracle product security, as well as security evaluations,
assessments and incident handling. She represents Oracle on the Board of
Directors of the Information Technology Information Security Analysis Center
(IT-ISAC), is a member of the Global Chief Security Officer Council and the
editorial advisory board of SC Magazine. She was recently named one of
Information Security's top five "Women of Vision" and is 2004 Fed100 award
recipient from Federal Computer Week. She has served on the Defense Science
Board and has recently been named to the Center for Strategic and
International Studies Cyber Commission.

Ms. Davidson has a B.S.M.E. from the University of Virginia and a M.B.A.
from the Wharton School of the University of Pennsylvania. She has also
served as a commissioned officer in the U.S. Navy Civil Engineer Corps,
during which she was awarded the Navy Achievement Medal.

*Biography: Jeremiah Grossman, Chief Technology Officer, WhiteHat Security*
Jeremiah Grossman is the founder and CTO of WhiteHat Security, considered a
world-renowned expert in Web security, co-founder of the Web Application
Security Consortium, and named to InfoWorld's Top 25 CTOs for 2007. Mr.
Grossman is a frequent speaker at industry events including the BlackHat
Briefings, RSA, ISACA, CSI, HiTB, OWASP, Vanguard, ISSA, Defcon, and a
number of large universities. He has authored dozens of articles and white
papers; is credited with the discovery of many cutting-edge attack and
defensive techniques; and is a co-author of XSS Attacks. Mr. Grossman is
frequently quoted in major media publications such as InfoWorld, USA Today,
PCWorld, Dark Reading, SC Magazine, SecurityFocus, CNet, SC Magazine, CSO,
and InformationWeek. Prior to WhiteHat he was an information security
officer at Yahoo!
___
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
___

Re: [SC-L] Secure Coding Books

2008-03-07 Thread Neil Daswani 
Hi David,

There is a list of software security / secure coding books at:

http://www.sans-ssi.org/references.php

Gary McGraw has a blog post in which some of these references are
chronologically ordered at:

http://www.cigital.com/justiceleague/2007/04/23/software-security-now-2006-shows-impressive-growth/

If you're interested in secure coding for web applications, there is
also a list at:

http://www.webappsec.org/web_security_books.shtml

In the interest of disclosure, my own contribution
(http://tinyurl.com/33xs6g) which was published last year, is listed
on these pages as well.  I hope that some of the links above can help
you find what you need.

Sincerely,

Neil Daswani, PhD
http://www.neildaswani.com

My book, "Foundations of Security: What Every Programmer Needs To
Know" is available at http://tinyurl.com/33xs6g


On Fri, Mar 7, 2008 at 5:45 AM, Lawson, David L <[EMAIL PROTECTED]> wrote:
> I've read several secure coding books in the past, and was wondering if
>  anyone has recommendations for secure coding books (preferably from the
>  last year or two).
>
>  Thanks,
>
>  David Lawson
>  ___
>  Secure Coding mailing list (SC-L) SC-L@securecoding.org
>  List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
>  List charter available at - http://www.securecoding.org/list/charter.php
>  SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
>  as a free, non-commercial service to the software security community.
>  ___
>



--
___
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
___

Re: [SC-L] Foundations of Security: What Every Programmer Needs to Know

2007-04-10 Thread Neil Daswani 

For those of you that might be potentially interested in the book, following
are some pointers to where you can get more information about it:

* The preface and Vint Cerf's foreword for the book are available under the
"Book Extras" section at:

http://www.apress.com/book/bookDisplay.html?bID=10225

* An excerpt from Chapter 3 of the book (on "Secure Design Principles") is
available at:

http://www.developer.com/java/data/article.php/3667601

* If you are an instructor or an IT professional responsible for training, I
have provided slides and source code that you are free to use for your own
courses and needs at the book's web site (http://www.learnsecurity.com/ntk)
free of charge.  If you might be potentially interested in using the book in
classes or buying copies for your organization, I would be more than happy
to have the publisher provide you with a free evaluation copy of the book--
just send me a quick email with your contact information.

Please feel free to let me know if you have any questions or feedback, and I
look forward to continue helping disseminate knowledge about secure coding
practices.

Sincerely,

Neil Daswani, PhD
http://www.neildaswani.com/
___
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
___