User:Jwalden
James Walden
James Walden is an associate professor of computer science in the College of Informatics at Northern Kentucky University. The College of Informatics has over 2,000 students and offers 14 degree programs at the undergraduate and graduate levels.
Dr. Walden's research interest focus on software security, including security-oriented mining of open source software repositories, mobile and web application security, security metrics, and security education. He teaches courses in secure software engineering, computer security, cloud computing, and a variety of other topics. His students analyze the security of open source projects in the secure software engineering class.
Dr. Walden worked at Intel prior to joining Northern Kentucky University, and he spent the 2011-2012 academic year as a visiting research professor with the DistriNet research group at Katholieke Universiteit Leuven in Belgium.
He is a member of OWASP and has submitted bug fixes to open source projects.
OpenMRS
The project seems to use a variety of communication channels, including not only IRC but also Google Groups and Google Hangouts. They have had security audits in the past, with Aspect Security and Jim Manico from OWASP. They were unhappy with the huge number of false positives with the 768MB static analysis report they received.
Class Activities
I would like to create activities for my secure software engineering and computer security classes.
Code Review: Perform a code review of a component of OpenMRS with the assistance of a static analysis tool to find vulnerabilities. Use the Code Review documentation to guide the process.
Penetration Test: Setup OpenMRS on a VM. Students work in groups using open source web application security tools like w3af to identify potential vulnerabilities in OpenMRS.