OWASP in Action: Tools for the DISA ASD STIG

The presentation
In April 2010, the Defense Information Systems Agency (DISA) released Version 3 of its Application Security and Development (ASD) Security Technical Implementation Guide (STIG). The ASD STIG is a series of application security requirements that apply to "all DoD developed, architected, and administered applications and systems connected to DoD networks." This presentation talks about the various that can be used to help fulfill these requirements. This presentation is given as part of OWASP Software Assurance Day at the | 13th Annual Software Assurance Forum.

[[Media:OWASPSoftwareAssuranceDay2010.ppt | Download the presentation]]

The speaker
Jason Li is a Principal Consultant for Aspect Security where he has performed numerous ASD STIG validation tests of a variety of applications. In addition, he performs application security assessments and architecture reviews, as well as application security training, to a wide variety of financial and government customers. Jason is an active OWASP leader, contributing to several OWASP projects and serving as Co-Chair of the OWASP Global Projects Committee. He holds a Post-Masters certificate in Computer Science and concentration in Information Security from Johns Hopkins University and a Masters degree in Computer Science from Cornell University.