Presented at
ToorCon San Diego 16 (2014),
Oct. 26, 2014, 2:30 p.m.
(20 minutes).
Tired of repeating a pen test on a customer’s application and finding that they haven’t fixed any of the critical vulns that were found six months previously? Wondering why developers continue to churn out highly insecure code despite the daily news reports of data breaches? Frustrated with management’s lack of urgency when told about their insecure systems? Security isn’t just a technical problem, it’s also a psychological problem. Developers and management are often working within an illusion of safety which influences how they create their applications. Let’s talk about how to dispel the illusion of security and replace it with a reality that encourages everyone to behave much more cautiously within their work environment.
Presenters:
-
Joe Basirico
Joe is the VP of Services for Security Innovation. Before he started leading the team, he was a developer, trainer, researcher, and security engineer. Joe spent the majority of his professional career analyzing software security behavior and researching how software development organizations mature over time from a security perspective. Through this research, he developed an understanding of application threats, tools, and methodologies that assist in the discovery and removal of security problems both software- and process-related. He manages the company’s engineering blog and has written several publications and tools that focus on source code level vulnerabilities.
Links:
Similar Presentations: