Naked Security

Loading...

Flash Player 9 (or above) is needed to view presentations.
We have detected that you do not have it on your computer. To install it, go here.

6 comments

Comments 1 - 6 of 6 previous next Post a comment

  • + magician_is magician_is 2 years ago
    SUCKS I’VE LEARNED NOTHING ON THIS SLIDE :(

    WASTE OF TIME READING IT SUCKS!!!!!
  • + albins Albin Sebastian 2 years ago
    Helpful slides.... thanks
  • + maheshreddy005 maheshreddy005 2 years ago
    gud
  • + dragoslungu dragoslungu 3 years ago
    splendid . you really got out the message of today’s web app security . great work.
  • + ronbannister ronbannister 3 years ago
    I’m sorry but I have yet to grasp the point of this presentation
  • + banzai banzai 3 years ago
    That is awesome. mcurphey hits the nail on the head in an industry spiralling out of control. Well put togther and great flow.
Post a comment
Embed Video
Edit your comment Cancel

Notes on slide 1

This presentation is an “after dinner” type speech with observations about the information security industry. The observations and opinions are my own and not those

24 Favorites

Naked Security - Presentation Transcript

  1. … .….or the unclothed state of the application security industry today Mark Curphey
  2. “ Software is a forklift for the left brain.” —Dan Pink
  3. =
  4. Culture New Topic Noun 1: a particular civilization at a particular stage 2: the tastes in art and manners that are favored by a social group 3: all the knowledge and values shared by a society
  5. Application security people are from Mars, software developers are from Venus or The great skills divide A better title ?
  6. Most application security people are not software people Most application security people have no idea what enterprise software really is or understand the process of how it is created Most application security people think that if they understand HTTP then they understand web application security and can advise people on how to build secure web sites Most application security people can’t write code
  7. “ In the future everyone will have their 15 minutes of fame” – Andy Warhol
  8. NEWS FLASH: The world is not falling down because of cross site scripting Security < Performance < Functionality Start caring about the important stuff (before application security becomes ignored)
  9.  
  10.  
  11.  
  12.  
  13. Consortiums, forums and the open source dream
  14. “ Lingua d’application security” Some readings from some (self-titled) web application security standards………..
  15.  
  16. Don’t get fooled into thinking the discussions on webappsec are representative of the problems business cares about!
  17. Art of the security group
    • Have “world renowned experts”
    • Speak for the “entire industry”
    • Create “standards”
    • Be “thought leaders”
    • Take yourself really, really seriously
  18. Tools New Topic
  19.  
  20. Better title? How to buy a silver bullet ? Dude where's my shiny red button?
  21. Its NOT about network security!
  22. (IMPLEMENTTATION) BUGS (DESIGN) FLAWS
  23.  
  24. How many of the people that are building software security tools have come from a commercial development background?
  25. Introducing the only tool in the world that really works effectively today……
  26.  
  27. A fool with a tool … .is still a fool
  28. A tool with a tool … .is always a tool
  29. News for people who run tools
  30. China!
  31. China!
  32. China!
  33. China!
  34. Media have no clue!
  35. What the industry really needs New Topic
  36. Better title? A dose of reality or How does the industry grow up?
  37. Communication
  38.  
  39.  
  40.  
  41.  
  42.  
  43.  
  44.  
  45. Peace, love and understanding
  46. Credibility
  47. Real standards
  48. People Process Technology (back to basics)
  49. “ If you don’t like change, you’re going to like irrelevance even less.” —General Eric Shinseki, Chief of Staff. U. S. Army
  50. That’s all folks!

+ mcurpheymcurphey, 3 years ago

custom

14526 views, 24 favs, 2 embeds more stats

Mark Curpheys view on the application security indu more

More info about this presentation

CC Attribution License

Go to text version

  • Total Views 14526
    • 14523 on SlideShare
    • 3 from embeds
  • Comments 6
  • Favorites 24
  • Downloads 0
Most viewed embeds
  • 2 views on http://webwereld.nl
  • 1 views on http://websecurity.com.ua

more

All embeds
  • 2 views on http://webwereld.nl
  • 1 views on http://websecurity.com.ua

less

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate. If needed, use the feedback form to let us know more details.

Cancel
File a copyright complaint
Having problems? Go to our helpdesk?

Categories

Tags

more
What's New

© 2009 SlideShare Inc. All rights reserved.