Applying Security Engineering Principles to Complex Composite Systems

Presented at Global AppSec - DC 2019, Sept. 12, 2019, 9 a.m. (60 minutes).

Modern web applications and systems have grown increasing complex in the 18 years since OWASP was founded. Today's systems are composed from many diverse components, employ a wide variety of frameworks and toolkits, and utilize a vast spectrum of hosting models and external services. Secure design and operation for such composite systems requires thoughtful application security engineering principles, attention to interactions among composite system elements, and awareness of dependencies across the system lifecycle. This talk will cover a selection of high-level principles, and illustrate them with reference to a Smart City transit system example.


Presenters:

  • Neal Ziring - NSA
    Mr. Neal Ziring is the Technical Director for the National Security Agency’s Capabilities Directorate, serving as a technical advisor to the Capabilities Director, Deputy Director, and other senior leadership. Mr. Ziring is responsible for setting the technical direction across many parts of the capabilities mission space, including in cyber-security. Mr. Ziring tracks technical activities, promotes the technical health of the staff, and acts as the liaison to various industry, intelligence, academic, and government partners. Prior to the formation of the Capabilities Directorate, Mr. Ziring served 5 years as Technical Director of the Information Assurance Directorate. His personal expertise areas include security automation, IPv6, cloud computing, cross-domain information exchange, and data access control, and cyber defense. Prior to coming to NSA in 1988, Neal worked at AT&T Bell Labs. He has BS degrees in Computer Science and Electrical Engineering, and an MS degree in Computer Science, all from Washington University in St. Louis.

Links:

Similar Presentations: