Software security is often boiled down to the “OWASP Top 10,” resulting in an ineffective sense of what maturity-focused, comprehensive application security could be like. How then should an organization consider building a holistic program that seeks to grow in maturity over time? Come hear how one team has taken on this challenge and learn what has, and has not, worked on their own journey.
Learning Objectives:
1: Gain real-world insight on how to realize the Security Development Lifecycle.
2: Learn approaches to make working with engineers a great experience for all.
3: Understand how to track progress and maturity without simply “bug counting.”
Speakers: Kelby Ludwig, Mark Stanislav
Kelby Ludwig is a Senior Application Security Engineer at Duo Security. Ludwig specializes in secure code review, web application testing, cryptography and low-friction methods of shipping secure software. Prior to Duo, Ludwig was an Application Security Engineer at Praetorian, finding vulnerabilities within software produced by Fortune 500 companies and venture-backed startups. Ludwig holds a bachelor's degree in computer science from the University of Texas at Austin.
Mark Stanislav is the Director of Application Security for Duo Security. Stanislav has spoken internationally at over 100 events, including RSA, DEF CON, SOURCE Boston, Codegate, SecTor and THOTCON. His security research and initiatives have been featured by news outlets such as the Wall Street Journal, the Associated Press, CNET, Good Morning America and Forbes. Stanislav is the Author of the book Two-Factor Authentication. Stanislav holds a BS in networking and IT administration and an MS in technology studies focused on information assurance, both from Eastern Michigan University. During his time at EMU, Stanislav built the curriculum for two courses focused on Linux administration and taught as an adjunct lecturer for two years. He holds CISSP, Security+, Linux+, and CCSK certifications.
Detailed Presentation:
Comments