This presentation was by Dinis Cruz, and OWASP board member and he works for Ounce Labs, a producer of a source code analysis tool, but he said he was not speaking on behalf of either. The presentation was entitled “Building a Tool for Security Consultants: A Story of a Customized Source Code Scanner”. Everything was […]
This presentation was by Hans Zaunere, Managing Member, and it is entitled “PHundamental Security – Ecosystem Review, Coding Secure with PHP, and Best Practices”. Take a look at http://www.nyphp.org/phundamentals/ for the ongoing guide and best practices. Guru Stefan Esser recently presented an excellent talk at Zendcon. Security fundamentals are common across the board. Different environments […]
This presentation is by Jacob West in the Security Research Group and Taylor McKinsley in Product Marketing from Fortify software. I’d like to note that Fortify is a developer of a source code analysis tool and so this presentation may have a bias towards source code analysis tools. 56% of organizations fail PCI section 6. […]
This presentation was by Jeff Williams, OWASP Chair, on the Enterprise Security API. Vulnerabilities and Security Controls Missing – 35% Broken – 30% Ignored – 20% Misused – 15% Goal is to enable developers. Need to give them hands-on training, a secure coding guideline, and an Enterprise Security API. The problem with Security Libraries: overpowerful, […]
Since Michael Howard moved from Redmond to Austin, I’ve had the privilege to see him present several times now. This is the guy who literally wrote the book on writing secure code and the secure development lifecycle. He is a fantastic speaker and I’d highly recommend checking him out if you every get the opportunity. […]
