Everything We Know and Do to Secure Web Applications is Wrong

Presented by

Eoin Keary, OWASP Global Board. CTO BCC Risk Advisory Ltd

About this talk

Synopsis: The premise behind this talk is to challenge both the technical controls we recommend to developers and also our actual approach to testing. We continue to rely on a “pentest” to secure our applications. Why do we think it is acceptable to perform a time-limited test of an application to help ensure security when a determined attacker may spend 10-100 times longer attempting to find a suitable vulnerability? How can we expect developers to listen to security consultants when the consultant has never written a line of code? Why are we still happy with “Testing security out” rather than the more superior “building security in”? This talk is sure to challenge the status quo of web security today. About the speaker: Eoin is international board member and vice chair of OWASP, The Open Web Application Security Project (owasp.org). During his time in OWASP he has lead the OWASP Testing and Security Code Review Guides and also contributed to OWASP SAMM, y and the OWASP Cheat Sheet Series. Eoin Keary is the CTO and founder of BCC Risk Advisory Ltd. (www.bccriskadvisory.com) an Irish company who specialise in secure application development, advisory, penetration testing, Mobile & Cloud security and training. Eoin has led global security engagements for some of the world’s largest financial services and consumer products companies. He is a well-known technical leader in industry in the area of software security and penetration testing.

Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (1732)
Subscribers (38517)
With over 280,000 members, the Information Security Community is the largest community of cybersecurity professionals in the industry. Let's build a network that connects people, opportunities, and ideas. If you are involved in purchasing, selling, designing, marketing ... or using information security solutions - this group is for you. Covered topics include compliance, encryption, anti-virus, malware, cloud security, data protection, hacking, network security, virtualization, and more.