Application Security Survival Kit
Have you ever wondered, why everyone is talking about security and no one is doing it? Why does every smart device is broken by default? Why do we keep repeating the old mistakes over and over again?
For every engineer security seems like playing the game without knowing the rules. And it’s not only about the domain of security being confusing (what the hell is X-Frame-Options anyway?!), the management and the product owners are not helping either. There seems to be a lot of confusion and disinformation about what security is and what isn’t. In this talk we’ll try to clean up this mess, explain the core concepts, decipher many buzzwords (CIA, ALE, SSDLC, OWASP) and have fun while doing it. We’ll tell you how to play the risk management game the proper way. Treat this talk as a Security Survival Kit you always wanted to have.
On one side I am a full stack developer with over 10 years of experience in a java-centric universe of the big, German automotive players. On the other side I am a security architect and security consultant for Application Security related topics. In my life I did some Cobol and JCL (yuck!) coding, mainframe DB2 and Oracle administration, Spring and JEE development with Swing or Web layer on top of it, as well as testing and test automation. Now I am a proud OWASP member, strongly convinced that coding and Application Security belong together.