logo
Dates

Author


Conferences

Tags

Sort by:  

Authors: Or Sahar, Yariv Tal
2022-11-17

After many years of developing, mentoring developers, and security research we reach the conclusion that there is a profound failure in the way we teach secure code. Developers arrive at organizations after years of studying and then once in a while participate in secure code courses, sometimes only because of the regulation. In that way, developers arrive at the secure code course after they got used to bad habits, security-wise. It's difficult to change the way they code at that point. We want to change the situation and implement security awareness before their first line of code. We want that every StackOverflow author would write secure code in her/his tutorial. Let's talk about secure code from scratch!
Authors: Veronica Schmitt
2021-09-24

tldr - powered by Generative AI

The speaker discusses the importance of implementing five simple philosophies for application logging to improve cybersecurity and DevOps practices.
  • The five philosophies were inspired by Gene Kim's book and include keeping logs simple, tagged, clean, focused, and customer-oriented.
  • Logs should be easy to read and maintain, with just enough detail to debug without compromising sensitive information.
  • Tagging sensitive data and creating metadata can help prevent accidental disclosure and aid in digital forensics and incident response.
  • Continuous improvement and psychological safety are crucial for teams to admit mistakes and learn from them.
  • Customer focus should be prioritized in building custom-oriented, secure applications.
Authors: Kevin Wall
2021-09-24

Abstract:This talk will explore the lessons that I have learned in more than 20 years of  developing, using, and reviewing FOSS-based security libraries. It will cover the well known XYZ library from both an open source development process and technical architectural perspective.
Authors: Sam Stepanyan, Tom Brennan
2021-09-24

tldr - powered by Generative AI

The presentation discusses the importance of OWASP chapters in advancing tactical knowledge and understanding software security. It emphasizes the value of membership and consistent meetings in recruiting attendees and building a community.
  • OWASP chapters are important in advancing tactical knowledge and understanding software security
  • Multiple people in the chapter should share a common bond and understanding
  • Understanding historical changes and policies can help utilize operational processes
  • OWASP has around 300 projects on its list, constantly growing every day
  • Existing projects can be used as content for meetings and collaboration
  • Recruiting attendees is not difficult if the focus is on software security
  • Membership is important in shaping the direction of the organization and building a global community
  • Consistent meetings and virtual components are useful in building a community