Top Ten Web Defenses

Presented at AppSec USA 2012, Oct. 25, 2012, 10 a.m. (45 minutes)

We cannot hack or firewall our way secure. Application programmers need to learn to code in a secure fashion if we have any chance of providing organizations with proper defenses in the current threatscape. This talk will discuss the 10 most important security-centric computer programming techniques necessary to build low-risk web-based applications. The best security is contextual to each organization, application and feature. Real-world tradeoffs will be discussed in detail for each "control" and "control category" discussed.

Presenters:

• Jim Manico - Author and Educator, OWASP volunteer - Manicode Security
  Jim Manico is the founder of Manicode Security where he trains software developers on secure coding and security engineering. He is also the founder of Brakeman Security, Inc. and is a investor/advisor for Signal Sciences. Jim is a frequent speaker on secure software practices and is a member of the JavaOne rockstar speaker community. Jim is also a volunteer and former board member for the OWASP foundation. He is the author of "Iron-Clad Java: Building Secure Web Applications" from McGraw-Hill. For more information, see http://www.linkedin.com/in/jmanico.

Links:

• https://appsecusa2012.sched.com/event/150mFl0/top-ten-web-defenses
• https://infocon.org/cons/OWASP/AppSecUSA 2012/Top Ten Web Defenses.mp4

Similar Presentations:

• DEF CON 8 (2000) / Web Application Security
• DEF CON 9 (2001) / Web Application Security
• LocoMocoSec 2019 / Building Secure API's and Web Applications: Secure Coding with Aloha Training