OWASP A9: A Year Later - Are you still using components with known vulnerabilities?

Presented at AppSec USA 2014, Sept. 19, 2014, 3 p.m. (45 minutes)

It's been more than a year now since the introduction of the new A9 to the OWASP Top Ten list. How are you doing to ensure you are not "using components with known vulnerabilities" in your applications? Join this session to hear real-world case studies of organizations who have taken steps to follow the best practices in this guideline to manage the use of comments across the software lifecycle. Hear what is working well and where there are still challenges. Trend data from thousands of application analyses will also be shared to provide a broader view of how we are doing as an industry to manage this risk.

Presenters:

• Ryan Berg - Chief Security Officer - Sonatype
  Ryan is the Chief Security Officer at Sonatype. Before joining Sonatype, Ryan was a co-founder and chief scientist for Ounce Labs which was acquired by IBM in 2009. Ryan holds multiple patents and is a popular speaker, instructor and author, in the fields of security, risk management, and secure application development. Prior to Ounce Labs, Ryan co-founded Qiave Technologies, a pioneer in kernel-level security, which later sold to WatchGuard Technologies in 2000. In the late 1990's, Ryan also designed and developed the infrastructure for GTE Internetworking/Genuity's appliance-based managed security services.

Links:

• https://owaspappsecusa2014.sched.com/event/NvwHD7/owasp-a9-a-year-later-are-you-still-using-components-with-known-vulnerabilities
• https://www.youtube.com/watch?v=H9kcnBccDZ4

Similar Presentations:

• AppSec USA 2012 / KEYNOTE: The State of OWASP
• AppSec USA 2013 / Go Fast AND Be Secure: Eliminating Application Risk in the Era of Modern, Component-Based Development
• AppSec USA 2013 / An Introduction to the Newest Addition to the OWASP Top 10. Experts Break-Down the New Guideline and Offer Provide Guidance on Good Component Practice