Pre-LASCON Training: Running a Software Security Program with Open Source Tools


Everybody’s excited about LASCON 2013, right? After hosting OWASP AppSecUSA 2012 the LASCON folks aren’t resting on their laurels for the 2013 event. The conference proper is in Austin, TX on October 24th and 25th this year and, based on the keynotes that have alrady been announced, this should be a first-rate event. And the LASCON folks are doing something new this year by also sponsoring some training events in the months before the conference starts. I’ll be doing the training class in July.

Title: Running a Software Security Program With Open Source Tools

Trainer: Dan Cornell

Dates: July 22nd and 23rd, 9:00am – 5:00pm

Cost: $195/person

Location: Norris Conference Center, Austin, TX


Using the Software Assurance Maturity Model (OpenSAMM) as a framework, this course walks through the major components of a comprehensive software security program and highlights open source and other freely-available tools that can be used to help implement the activities involved in such a program. The focus of the course is on providing hands-on demonstrations of the tools with an emphasis on integrating tool results into the overall software security program. Attendees should finish the course with a solid understanding of the various components of a comprehensive software security program as well as hands-on exposure to a variety of freely-available tools that they can use to implement portions of these programs.

Register online here. Several spots have already been taken, so please sign up early if you’re interested because this will likely fill up.

Contact us to talk more about getting the most out of the tools you’re using – both open source and commercial – in your software security program.


dan _at_


About Dan Cornell

A globally recognized application security expert and the creator of ThreadFix, Dan Cornell holds 20 years of experience architecting, developing and securing web-based software systems. As the Chief Technology Officer and a Principal at Denim Group, Ltd, the parent company of ThreadFix, he leads the technology team to help Fortune 500 companies and government organizations integrate security throughout the development process.