appsecusa | Down Home Country Coding With Scott Selikoff and Jeanne Boyarsky

Application Security USA 2013 – live blog index

Jeanne Boyarsky — Sun, 24 Nov 2013 21:58:35 +0000

I attended the Application Security USA conference this year. Similar to The Server Side Symposium two years ago, ago, I blogged about it. This post a link to all of those blog posts. For readers in the New York City … Continue reading →

The post Application Security USA 2013 – live blog index first appeared on Down Home Country Coding With Scott Selikoff and Jeanne Boyarsky.

Application Security USA 2013 – live blog index was first posted on November 24, 2013 at 4:58 pm.
©2019 "Down Home Country Coding With Scott Selikoff and Jeanne Boyarsky". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at scott@selikoff.net

csrf defenses at app sec usa

Jeanne Boyarsky — Thu, 21 Nov 2013 20:08:46 +0000

speaker: Ari Elias-Bachrach Overview Most defenses work 80% of the time. Does your app fall into the 80%? CSRF sometimes pronounced c-surf CSRF attack uses browser to perform action without user consent Vulnerable if all params predictable. Then can put … Continue reading →

The post csrf defenses at app sec usa first appeared on Down Home Country Coding With Scott Selikoff and Jeanne Boyarsky.

csrf defenses at app sec usa was first posted on November 21, 2013 at 3:08 pm.
©2019 "Down Home Country Coding With Scott Selikoff and Jeanne Boyarsky". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at scott@selikoff.net

application risk and components at app sec usa – jeff williams’ part

Jeanne Boyarsky — Thu, 21 Nov 2013 19:32:48 +0000

Thesis: Need to rethink how things work so they happen real time. Aspect does a lot of code review and manual testing. That’s why they don’t have XSS and System.out.println() as the leading items. Static analysis tools are good at … Continue reading →

The post application risk and components at app sec usa – jeff williams’ part first appeared on Down Home Country Coding With Scott Selikoff and Jeanne Boyarsky.

application risk and components at app sec usa – jeff williams’ part was first posted on November 21, 2013 at 2:32 pm.
©2019 "Down Home Country Coding With Scott Selikoff and Jeanne Boyarsky". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at scott@selikoff.net

application risk and components at app sec usa – ryan berg’s part

Jeanne Boyarsky — Thu, 21 Nov 2013 19:07:48 +0000

General If couldn’t use OSS, you’d have no app or tools. It’s in many components. hhe question isn’t whether you are using it but whether you know. Takes a long time to fix because need to wait for each person … Continue reading →

The post application risk and components at app sec usa – ryan berg’s part first appeared on Down Home Country Coding With Scott Selikoff and Jeanne Boyarsky.

application risk and components at app sec usa – ryan berg’s part was first posted on November 21, 2013 at 2:07 pm.
©2019 "Down Home Country Coding With Scott Selikoff and Jeanne Boyarsky". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at scott@selikoff.net

everything we know about web security is wrong at app sec usa

Jeanne Boyarsky — Thu, 21 Nov 2013 17:01:58 +0000

speaker: Eoin Keary As an industry, we are very busy but things don’t seem to be getting better. Big companies are hacked. If we have the brainpower and the budget, why aren’t things improving? Asymmetric arms race like the bear. … Continue reading →

The post everything we know about web security is wrong at app sec usa first appeared on Down Home Country Coding With Scott Selikoff and Jeanne Boyarsky.

everything we know about web security is wrong at app sec usa was first posted on November 21, 2013 at 12:01 pm.
©2019 "Down Home Country Coding With Scott Selikoff and Jeanne Boyarsky". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at scott@selikoff.net

using components with known vulnerabilities at app sec usa

Jeanne Boyarsky — Thu, 21 Nov 2013 16:06:25 +0000

A9 is the new addition to the OWASP Top 10. The panel is Ryan Berg (Sonatype CSO), Jeff Williams (Aspect) with Mark Miller (TSWA) moderating. 80% of an application is assembled from open source components. Jeff: still have about same … Continue reading →

The post using components with known vulnerabilities at app sec usa first appeared on Down Home Country Coding With Scott Selikoff and Jeanne Boyarsky.

using components with known vulnerabilities at app sec usa was first posted on November 21, 2013 at 11:06 am.
©2019 "Down Home Country Coding With Scott Selikoff and Jeanne Boyarsky". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at scott@selikoff.net

protect yourself – data loss on the net at app sec usa

Jeanne Boyarsky — Thu, 21 Nov 2013 15:19:52 +0000

speaker: Kelly Fitzgerald Interesting points and urls Remember that the first three digits of your Social Security Number are based on where you live. Also interesting that you get SSN at birth now and didn’t in the past. Spokeo – … Continue reading →

The post protect yourself – data loss on the net at app sec usa first appeared on Down Home Country Coding With Scott Selikoff and Jeanne Boyarsky.

protect yourself – data loss on the net at app sec usa was first posted on November 21, 2013 at 10:19 am.
©2019 "Down Home Country Coding With Scott Selikoff and Jeanne Boyarsky". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at scott@selikoff.net

jeff williams on dev ops and portfolios at app sec usa

Jeanne Boyarsky — Thu, 21 Nov 2013 14:02:00 +0000

Imagine application security is health care We have a lot of doctors and patients. Think of app security as a public health issue. How do you stamp out SQL Injection as a disease. Can’t scale up patient level tehniques (penetration … Continue reading →

The post jeff williams on dev ops and portfolios at app sec usa first appeared on Down Home Country Coding With Scott Selikoff and Jeanne Boyarsky.

jeff williams on dev ops and portfolios at app sec usa was first posted on November 21, 2013 at 9:02 am.
©2019 "Down Home Country Coding With Scott Selikoff and Jeanne Boyarsky". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at scott@selikoff.net

java and oracle on security at app sec usa

Jeanne Boyarsky — Wed, 20 Nov 2013 20:05:09 +0000

speaker: Milton Smith Open Ecosystem JP (java community process OpenJDK contirbutors including IBM and Apple Security communications RSS feed for security alert (CPU) Critical Patch Update Advisories – for “normal” patches. Dates published a year in advance eBlasts – emails … Continue reading →

The post java and oracle on security at app sec usa first appeared on Down Home Country Coding With Scott Selikoff and Jeanne Boyarsky.

java and oracle on security at app sec usa was first posted on November 20, 2013 at 3:05 pm.
©2019 "Down Home Country Coding With Scott Selikoff and Jeanne Boyarsky". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at scott@selikoff.net

what could go wrong – thinking differently about security at app sec usa

Jeanne Boyarsky — Wed, 20 Nov 2013 19:04:01 +0000

speaker: Mary Ann Davidson The speaker is from Oracle. I’ve never seen a non-Java or database presentation from them. Even so, I was suprised Oracle doesn’t make her put the standard loong disclaimer on there. “Translation” is a key skill … Continue reading →

The post what could go wrong – thinking differently about security at app sec usa first appeared on Down Home Country Coding With Scott Selikoff and Jeanne Boyarsky.

what could go wrong – thinking differently about security at app sec usa was first posted on November 20, 2013 at 2:04 pm.
©2019 "Down Home Country Coding With Scott Selikoff and Jeanne Boyarsky". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at scott@selikoff.net