THIS TUTORIAL HAS REQUIREMENTS AND INSTRUCTIONS LISTED BELOW
If your development team is like many others, you are looking for good security people that can uncover and help you fix the security issues within your apps. Since there is a shortage of knowledgeable security people that can perform these duties, why not jump-start your own group from the ground up to handle the security of your apps.
This workshop will show you how to create your own security team, whether it’s a team of one or several. We will start by answering the questions everyone has:
In a nutshell, I want to begin by showing you how to start and develop your team as well as your skills to find and eradicate security vulnerabilities in your code. Next, we’ll dive into the outline of how to perform a security review and organize the results. Finally, we’ll dig deeper into the meat of this topic, which is manual code reviews, using security testing tools (as an assistant, not a panacea) and penetration testing. You should leave this session with a roadmap for not only starting your own security review team, but also becoming your team’s security guru.
This session will benefit both the beginner security practitioner as well as the more advanced.
Basic outline of the workshop:
TUTORIAL REQUIREMENTS AND INSTRUCTIONS FOR ATTENDEES
Mainly a desire to want to develop more secure applications. Having a basic understanding of security tools such as static and dynamic analyzers as well as threats such as XSS and SQLi are very desirable, but not absolutely necessary.
If the attendees want to follow along with the examples a laptop will be necessary. A vulnerable testing application, tools and any other materials will be made available online.
Steve Teilhet is an author and a security researcher. He has been working in the security field for the last 13 years mainly in the area of application security. He uses this knowledge in developing both static and dynamic analysis security tools as well as helping others secure their application’s code. His research has spanned many areas of application security such as client-side, mobile and server-side. While application security keeps him busy during the day, he has also written several books and articles. His latest book “C# 3.0 Cookbook” was published through O’Reilly Media Inc.
Comments on this page are now closed.
For exhibition and sponsorship opportunities, contact Sharon Cordesse at firstname.lastname@example.org
For information on trade opportunities with O'Reilly conferences, email email@example.com
For media-related inquiries, contact Maureen Jennings at firstname.lastname@example.org
View a complete list of Fluent contacts