- This event has passed.
Building Out an Application Security Program
October 21, 2015 @ 6:30 pm
HP requires that you stay out of the meeting room until the ACM registration desk checks you in.
Seth Law, Director of Research & Development, nVisium
Agenda
6:30 Doors Open, Food & Networking
7:00 Presentation
*** Please arrive by 7 PM due to Security ***
HP requires that you stay out of the meeting room until the ACM registration desk checks you in.
Event Details
Ever since the first security exploit, business and developers have been looking for effective ways to build security into products while maintaining realistic budgets and scope. Right after Robert Morris sent out the first virus into the world, vendors emerged to provide a technical solution to a technical problem. As the industry has grown, so have the number of solutions provided by companies to aid developers in producing secure code. A simple visit to Blackhat or RSA will show interested parties the number of products available to buy to prevent attacks and secure your network/computer/app/phone/watch.
Each of these solutions comes with a price and target a specific security problem that has been touted as the end-of-the-world. Analysis of the solutions shows the pros and cons of trusting a programmatic solution to solve security issues instead of a person. While technological solution makes sense for some large scale issues and repetitive actions, software development is an inherently creative process that humans are best suited towards.
In my career as an application security professional, I have seen security implemented into the Software Development Lifecycle (“SDLC”) in many ways, with failures and successes seen within each phase. This talk analyzes different issues related to building an application security program and uses real world examples as to how different security solutions have succeeded and failed to produce the desired secure code.
The talk covers a number of topics to consider when building out an application security program, but should not be considered a complete guide in creating such a program. It does, however, review different considerations and items I have seen over the course of my career that cause companies to fail or succeed in creation of their programs.
Speaker Bio
Seth Law is the Director of Research & Development of nVisium and wrangles the internal and external research efforts to improve understanding of application security. He spends the majority of his time thinking up new ways to secure web and mobile applications, but has been known to code when the need arises.
For the past 12 years, Seth has been worked within multiple disciplines in the security field, from software development to network protection, both as a manager and individual contributor. During the last few years, Seth has honed his application security skills using offensive and defensive techniques, including tool development.
Seth is currently involved in multiple open source projects and is working with others to advance the state of mobile security testing tools. He has spoken previously at Blackhat, Defcon, and other security conferences.
Seth has worked across multiple sectors in the last 14 years for companies including Iomega, Early Warning Services, FishNet, and Zions Bancorporation.
https://www.linkedin.com/pub/seth-law/18/ba6/b01
Event page provided by ACM
https://www.sfbayacm.org/event/2015-10-21
HP requires that you stay out of the meeting room until the ACM registration desk checks you in.