logo
ArticlesConferencesPresentations
Dates
Author
Conferences
Tags

Sort by:  

Map out Your Journey: Adventures in Becoming a Security Professional

Conference:  Global AppSec San Francisco 2022
Authors: Clara Andress
2022-11-17
Cyber Security has many diverse fields within it, from helping engineers learn secure coding principles to securing networks and hosts. By the end of this talk, you will understand the differences between some of these paths, how to leverage existing skills, and how to level up and learn new skills to help you on the road to becoming a cyber security professional.
Tags:
cyber security
engineers
Coding
Principles
networks

How Security, Development & Testing can work together to stop the same recurring vulnerabilities appearing in the OWASP Top 10

Conference:  OWASP 20th Anniversary Event
Authors: Stefania Chaplin
2021-09-24

tldr - powered by Generative AI

The presentation discusses the importance of embedding security at every stage of the development process and highlights the prevalence of human error in causing data breaches.
  • Developers spend only a small percentage of their time writing code, with the majority spent on debugging and fixing vulnerabilities.
  • There are over 125 vulnerabilities, with the top 21 accounting for 400 CWEs, including design vulnerabilities, SSRF, CSRF, and authentication.
  • Embedding security at every stage is crucial, including threat modeling, policies as code, peer reviews, and penetration testing.
  • Insufficient logging and monitoring is a significant issue, and incident response teams are essential in containing and mitigating the damage of a breach.
  • Human error is a prevalent cause of data breaches, accounting for 25% of all breaches in 2020.
  • Developers are motivated by features and functions, while security is focused on finding problems.
Tags:
vulnerabilities
OWASP top 10
Coding
testing