OWASP 2014 - Top 10 Proactive Web Application Controls
Jason Montgomery

OWASP/App Sec - Session #4 - Jason Montgomery This talk covers the new 2014 OWASP Top Ten Proactive Controls, a document which is a list of security techniques that should be included in every software development project. These controls were written by developers for developers to assist those new to secure development. This talk distills this new OWASP document gives an high-level overview as well as some practical steps, covering multiple languages and technologies.

Bio: Information, Hardware & Application Security Expert whose security experience evolved out of 15 years of real world software development, system and network admin experience. Jason currently is the Principal Researcher at Veracode focusing Application Security and Binary Static Analysis. He recently spent two years in the utility space working to help harden the electric grid. He's built and secured applications for Fortune 500 companies, Internet Start-ups, as well as State and Federal Government organizations. As a contractor for the Department of Defense, he hardened servers, provided security guidance to developers, revealed and helped mitigate vulnerabilities in federal systems and built custom applications. He served on the GIAC Secure Software Programmer (GSSP) Steering Committee which produced the first .NET GSSP Blueprint used to develop certification for measuring developer aptitude of defensible software development techniques and is currently on the ISEC Advisory Board at Franklin University. His knowledge of programming, Information Security, and network protocols combined with his system administration and system hardening experience in Windows as well as the Linux/BSD Unix operating systems produces a holistic perspective on security.Jason also contributed two chapters about security in Professional K2 blackpearl (Wiley Publishing Inc, 2009), an enterprise .NET workflow engine built on Microsoft Windows Workflow Foundation and has instructed and written two courses for .NET developers on writing secure code for SANS Institute.

Back to Central Ohio Infosec Summit 2015 video list