LASCON 2014 has ended
Friday, October 24 • 12:00pm - 12:45pm
Practical AppSec: Quick Wins for More Secure Software

Sign up or log in to save this to your schedule and see who's attending!

Securing your enterprise applications can be a daunting task. You may not be confident about your current application security posture, so where do you start? There are a variety of approaches to address the problem, including manual pen testing/assessment, source code review, automated scanning (static & dynamic), web app firewalls, threat modeling, and developer training. Remediation effort can't be overlooked as it often involves working with development groups who'd rather not have their baby called ugly. With limited time and resources (and probably no budget), you simply can't do it all. Don't be perfect. Raise the bar for attackers. In this nuts & bolts session, Dave will describe specific steps you can take to ratchet up the security of your applications with minimal effort. A popular software security maturity model will also be introduced as a way to measure progress and demonstrate improvement. 

avatar for Dave Ferguson

Dave Ferguson

Solution Architect, Qualys
I'm a Solution Architect - aka AppSec SME - at Qualys. Previously, I led the global application security program at Sabre Corporation and worked as a Principal Consultant at FishNet Security (now Optiv). Before my security epiphany in 2004, I wrote lots of (probably insecure) Java... Read More →

Friday October 24, 2014 12:00pm - 12:45pm
Pecan Room Norris Conference Center, http://lascon.org/venue/

Attendees (0)