Running a Software Security Program with Open Source Tools

I had the opportunity to speak to the Austin ISC(2) SDLC event today. The talk I gave was a cut-down (45 minutes) version of a two-day class we’ve given called “Running a Software Security Program on Open Source Tools” The slides from the presentation are online here:

We also decided to release the slides from the full, two-day, hands-on course and those can be found here:

We have a course VM we’d be happy make available upon request.

One of the challenges with this course was keeping the materials up to date as new versions of the tools were released. If anyone is interested in helping out please just let us know and we can get you access to a Powerpoint version of the slides. The best way is probably to reach out to me via email:

Thanks for the ISC(2) folks for the opportunity to speak today. I had a great time and the other presenters were fantastic. Contact us for more information on using open source tools to jump start your software security program.

About Dan Cornell

A globally recognized application security expert and the creator of ThreadFix, Dan Cornell holds 20 years of experience architecting, developing and securing web-based software systems. As the Chief Technology Officer and a Principal at Denim Group, Ltd, the parent company of ThreadFix, he leads the technology team to help Fortune 500 companies and government organizations integrate security throughout the development process.