Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Friday, October 4 • 9:50am - 11:25am
Exploiting Secure Software

Sign up or log in to save this to your schedule and see who's attending!

After several security conferences and trainings and explaining to the management about the importance of security in the Software Development Life Cycle (SDLC) there are several companies and development teams creating "secure software" implementing OWASP Top 10 controls and other security best practices of the market.



The main objective of this paper is to make a review of those best practices implemented in companies with a mature view of software security and as a second objective to explain how to exploit those applications.



_We believe in Software Security

- How to embed security in the SDLC

- OWASP Top 10 2013

- Best Practices

- Integrated Tools

- I don´t want pentesters saying "LoL" about our software



_Exploiting is sexy!

- What we missed up?

- What after OWASP Top 10?

- Where can I find exploits?

- Where can I find new exploits?

- How to exploit "Secure Software"?



_LAB - Exploiting Secure Software Life Cycle (ESSLC)

- Secure Software Development

- Secure OS Hardening

- Secure Configuration & Architecture

- OWASP Top 10 Compliance Phase

- Code Review (internal and external)

- Secure Testing

- External VA

- External pentesting

- EXPLOTATION



_Conclusion

We´ve a long road to ride in other to protect agains all the OWASP Top 10 risks but attackers knows the OWASP TOP 10 and they know the companies who are working on protection because of the information disclosed in job post, RFPs, etc so we could predict the use of different types of attacks across those kind of companies across the globe. So we need to define OWASP Top 10 as the minimal baseline that we need to implement but always remembering that it is not the only thing that we should be aware of. Let´s protect our software agains well-known and also new vulnerabilities or new technology breaches.

Speakers
avatar for Mateo

Mateo

More than 10 years of experience in IT & Security strategy, Business Continuity Management,ISO 27001, CobIT and ITIL. | Projects based in Dubai, Chicago, Montevideo and Buenos Aires. | Project Manager in many IT Projects and business development in ITO and Software development. | | I´m CISSP, ITIL & MCP certified. | | Specialties:E-governance, CobIT, ITIL, ISO 27001, Software Security, PHP, Information Security... Read More →


Friday October 4, 2013 9:50am - 11:25am
Conference Auditorium Escuela de Postgrado UTP Salaverry 2443, Lima, Peru

Attendees (1)