The Application Security Ponzi Scheme: Stop paying for security failure presented at AppSecUSA 2012

by Matt Tesauro, Jarret Raim,

Summary : Consider the major classes of threats that have been significantly mitigated in the past. For OS vulnerabilities, DEP and ASLR have greatly improved the security of every supporting OS. For applications, ORMs have greatly reduced SQL Injection and auto-encoding has greatly reduced XSS. Common to both of these are fundamental changes in the underlying OS or framework, which produces hardened applications without any extra work for developers. Has the scan, fix, rescan cycle finally lost its allure? Matt and Jarret provide their incites into how to revolutionize the app security industry. Come participate in the discussion or just poke holes in Matt and Jarrets grandiose dream. Maybe youll want to passionately defend your corner of the app sec world. Whichever you choose, it will be fun.