T1 “OWASP Application Security – Building and Breaking Applications” presented at RochesterSecuritySummit 2015

by Ralph Durkee,

Summary : Application Security continues to be the most challenging and demanding area for securing our information. Even large organizations like Google and Microsoft that are well funded and have a strong commitment to security, have difficulty developing secure software. Too often, when a vulnerability is found and a software patch is provided, the initial patch is soon found to be lacking and is still vulnerable. The initial patch for the recent Android StageFright vulnerability is a prime example. So yes, writing secure software is a serious challenge, but it can be done. Knowing how to build secure software and how to break insecure software can be both fun and profitable. There is and will continue to be a growing demand for developers and application penetration testers that “get it”. We’ll discuss specific examples from the OWASP Top 10 and the OWASP secure coding principles about how things can go very wrong, and what we can do to keep the bad guys out.
OWASP Top 10 – https://www.owasp.org/index.php/Top10#OWASP_Top_10_for_2013
OWASP Secure Coding Principles – https://www.owasp.org/index.php/Secure_Coding_Principles