1. InfoconDB
  2. DeepSec
  3. DeepSec 2018 „I like to mov &6974,%bx“
  4. Injecting Security Controls into Software Applications

Injecting Security Controls into Software Applications

Presented at DeepSec 2018 „I like to mov &6974,%bx“, Unknown date/time (Unknown duration).

SQL Injection was first mentioned in a 1998 article in Phrack Magazine. Twenty years later, injection is still a common occurrence in software applications (No.1 in latest OWASP Top 10 2017). For the last 20 years, we have been focusing on vulnerabilities from an attacker's point of view and SQL injection is still King. Something else must be done.

What if there is another way to look at software vulnerabilities? Can vulnerabilities be decomposed into security controls familiar to developers? Which security controls are an absolute must-have, and which additional security measures do you need to take into account?

These are hard questions as evidenced by the numerous insecure applications we still have today. Attend this talk to explore security vulnerabilities from a different angle. As part of this briefing, we examine how to decompose vulnerabilities into security controls that developers are familiar with and offer actionable advice when to use them in SDLC and how to verify them.

We will flip security from focusing on vulnerabilities (which are measured at the end) on focusing on techniques familiar to developers, which can be done from the beginning of the software and measured throughout SDLC.


Presenters:

  • Katy Anton - CA Technologies | Veracode
    Katy Anton is a security professional with a background in software development. An international public speaker she enjoys speaking about secure coding and how to secure software applications. In her previous roles she led software development teams and implemented security best practices in software development life cycles. As part of her work she got involved in the OWASP Top Ten Proactive Controls project where she joined as project leader. In her current role as Principal Application Security Consultant at CA Technologies | Veracode, Katy works with security teams and software developers around the world and helps them secure their software.

Links:

Similar Presentations: