A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


AppSec Enigma and Mirage - When Good Ideas Can Go Awry - (BSides Nashville 2016) (Hacking Illustrated Series InfoSec Tutorial Videos)

AppSec Enigma and Mirage - When Good Ideas Can Go Awry

Frank Catucci
@en0f

BSides Nashville 2016
http://bsidesnash.org

The enigma of AppSec and the mirages of mitigating risk is something I often see in my day job as well as my personal experience and research. An application looks secure; the developers had great intent, ideas and features. Follow through however, now that is a completely different story. I will demonstrate and walk through some valid cases in which the ideas of AppSec in a web app's design were valid and well thought out, however the execution of such security measures, not so much. The easy mistakes that can be made and the lack of testing often are the culprit. But sometimes, yeah, zero shits are given. I will also address BugBounty programs. Some good, some not so much, and why. Finally I will offer advice on how to help progress and improve you AppSec programs. Thank you.

Back to BSides Nashville 2016 list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2016, IronGeek
Louisville / Kentuckiana Information Security Enthusiast