security

Conference Presentations

Softwarts: Security Testing for Muggles
Slideshow

Security testing is often shrouded in jargon and mystique. Security conjurers perform arcane rites using supposed “black hat” techniques and would have us believe that we cannot do the same. The fact is that security testing “magic” is little more than specialized application of...

Paco Hope, Cigital
Top Ten Attacks to Break Mobile Apps
Slideshow

To aid development in the mobile and smartphone app world, testers must do more than simply test against requirements; they should include attack-based testing to find common errors. In the tradition of James Whittaker’s How to Break Software books, Jon Hagar applies the testing...

Jon Hagar, Grand Software Testing
Oh, WASP! Security Essentials for Web Apps
Slideshow

The past few years have seen a rapid increase in business efficiency through Web-based applications. Unfortunately, a dramatic increase in the number of web application vulnerabilities has followed. Insecure web applications can be disastrous for mission critical businesses and users'...

Benny Paul, Cognizant Technology Solutions
Hybrid Security Analysis: Bridging the Gap between Inside-Out and Outside-In
Slideshow

With the rising adoption of the cloud and the mobile revolution, software security is more important and complex than ever. The efforts of developers and testers are frequently disconnected, wasting time and reducing effectiveness. Arthur Hicken describes how hybrid security analysis...

Arthur Hicken, Parasoft
Software Security Goes Mobile
Slideshow

Erik Costlow says that, as more and more business is transacted on mobile platforms, securing the applications and data that run on them is a business imperative. Developers and their managers are asked to make key decisions regarding data caching, authorized permissions, authentication...

Erik Costlow, HP Enterprise Security
Better Security Testing: Using the Cloud and Continuous Delivery
Slideshow

Even though many organizations claim that security is a priority, that claim doesn’t always translate into supporting security initiatives in software development or test. Security code reviews often are overlooked or avoided, and when development schedules fall behind, security testing...

Gene Gotimer, Coveros, Inc.
T23 HTML5 Security Testing at Spotify
Slideshow

HTML5 is one of the hottest technologies around right now because HTML5 apps are beautiful, engaging, and can perform important and entertaining functions. With the wide range of devices and platforms to support, the promise of multi-platform support is appealing. 

Alexander Andelkovic, Spotify
Protection Poker: An Agile Security Game
Slideshow

Each time a new feature is added to a product, developers need to consider the security risk implications, find ways to securely implement the function, and develop tests to confirm that the risk is gone or significantly lowered. Laurie Williams shares a Wideband Delphi practice called Protection Poker she's employed as a collaborative, interactive, and informal agile structure for "misuse case" development and threat modeling. Laurie shares the case study results of a software development team at RedHat that used Protection Poker to identify security risks, find ways to mitigate those risks, and increase security knowledge throughout the team. In this session, Laurie leads an interactive Protection Poker exercise in which you and other participants analyze the security risk of sample new features and learn to collaboratively think like an attacker.

Laurie Williams, North Carolina State University
Information Obfuscation: Protecting Corporate Data
Slideshow

With corporate data breaches occurring at an ever-alarming rate, all levels of organizations are struggling with ways to protect corporate data assets. Rather than choosing one or two of the many options available, Michael Jay Freer believes that the best approach is a combination of tools and practices to address the specific threats. To get you started, Michael Jay introduces the myriad of information security tools companies are using today: firewalls, virus controls, access and authentication controls, separation of duties, multi-factor authentication, data masking, banning user-developed MS-Access databases, encrypting data (both in-flight and at-rest), encrypting emails and folders, disabling jump drives, limiting web access, and more. Then, he dives deeper into data masking and describes a powerful data-masking language.

Michael Jay Freer, Quality Business Intelligence
Danger! Danger! Your Mobile Applications Are Not Secure
Slideshow

A new breed of mobile devices with sophisticated processors and ample storage has given rise to sophisticated applications that move more and more data and business logic to devices. The result is significant and potentially dangerous security challenges, especially for location-aware mobile applications and those storing sensitive or valuable data on devices. To counter these risks, Johannes Ullrich introduces and demonstrates design strategies you can use to mitigate these risks and make applications safer and less vulnerable. Johannes illustrates design patterns to: co-validate data on both the client and server; authenticate transactions on the server; and store only authenticated and access-controlled data on the client. Learn to apply these solutions without losing access to powerful HTML5 JavaScript APIs such as those required for location-based mobile applications.

Johannes Ullrich, SANS Technology Institute

Pages

AgileConnection is one of the growing communities of the TechWell network.

Featuring fresh, insightful stories, TechWell.com is the place to go for what is happening in software development and delivery.  Join the conversation now!