Web Security: Everything we know is Wrong

  • We are delighted to have Eoin Keary come to talk on web security.

    Bio:

    Eoin is an international board member of OWASP, The Open Web Application Security Project (owasp.org), and during his time in OWASP he has lead the OWASP Testing and Security Code Review Guides and also contributed to OWASP SAMM, and the OWASP Cheat Sheet Series.

    Eoin is a well-known technical leader in industry in the area of software security and penetration testing, and has led global security engagements for some of the world’s largest financial services and consumer products companies. He is the CTO and founder of BCC Risk Advisory Ltd an Irish company who specialize in secure application development, advisory, penetration testing, Mobile & Cloud security and training.

    Presentation:

    Topic: “Web Security: Everything we know is Wrong”

    The premise behind this talk is to challenge both the technical controls we recommend to developers and also our actual approach to testing. This talk is sure to challenge the status quo of web security today.
    “Insanity is doing the same thing over and over and expecting different results.” – Albert Einstein
    We continue to rely on a “pentest” to secure our applications. Why do we think it is acceptable to perform a time-limited test of an application to help ensure security when a determined attacker may spend 10-100 times longer attempting to find a suitable vulnerability?
    Our testing methodologies are non-consistent and rely on the individual and the tools they use. Some carpenters use glue and some use nails when building a wooden house. Which is best and why do we accept poor inconsistent quality?
    Fire and forget scanners won’t solve security issues. Attackers take time and skill but our industry accepts the output of a software programme to help ensure security?
    How can we expect developers to listen to security consultants when the consultant has never written a line of code? Why don’t we ask ‘How much code development have you done, seen as you are assessing my code for security bugs?”

    So come join us in Building 3 for a great talk, some light refreshment and chat.

    Registration http://www.meetup.com/MTUGD-IE/events/142229372/