Application Security Beyond the OWASP Top 10
When we discuss application security, we focus around systems like the OWASP Top 10 vulnerabilities. These systems have guided our search for weakness for over a decade. For many development teams however, security can feel abstract, and these lists of vulnerabilities don't always link to modern development approaches or the systems we build. We understand the technical details of how the bugs work but we don't always see why they matter to our applications.
In this session we will look beyond the OWASP top 10 and discuss methods of development teams to find real contextual risks to their applications and organisations, moving beyond the bug type and into the world of threat and attack modelling.
Many people don't care about security. It's OK, don't worry! I'm not judging.
Security is the world of defense, of caution and of risk. Securing systems is hard and we don't have great solutions to the many challenges it poses. Security folk on the whole are the least exciting people to invite to your parties.
The time has come to change this.
So what if we accept that our systems can never be 100% secure and try to go fast? Really fast?
Can we weave security through our software development world in a way that protects us, detects issues quickly and actually helps us move at speed? Let me show you how security can look when it stops being about fear and starts being a tool for building the amazing systems of the future.
You may also be interested in
As a software development manager or a technical leader you are eager to remove impediments so your team can produce...