SlideShare a Scribd company logo

What I Wish I Knew Before Starting A Web Application Security Project

Denim Group
Denim Group

Dan Cornell shares corporate stories about those painful lessons learned during web application security projects: what works, doesn't work and why.

Technology
1 of 16
Download to read offline
What I Wish I Knew Before Starting a Web Application Security Project February 4th, 2010
Thoughts • Windsurfing Is Hard (Application Security Is Harder) • Savagely Unavoidable Fact of Life • Anti-Patterns • Contact 1
Windsurfing Is Hard 2
Application Security Is Harder 3
Savagely Unavoidable Fact of Life Features > Performance > Security 4
Why? • Short-term economic thinking • Multi-disciplinary problem • Changing landscape 5
Anti-Patterns 6
Anti-Patterns • Compliance-only • Tools-only • Training-only 7
Compliance 8
Compliance • Checkbox mentality • Optimize on immediate cost • Failure to focus on risk 9
Tools 10
Tools Dan: What is your application security strategy A: We bought Scanner XYZ Dan: Cool! Have you started using it? A: Yes. The analyst who wanted us to buy it ran a bunch of scans when we got the license key. Dan: All right! Did you find anything? A: Oh yeah! We found all sorts of scary stuff. Dan: Well what did you do about it? A: We sent the PDF report to the development team and told them to fix the problems. Dan: Were they successful? A: I don’t know. I guess I should check in on that… 11
Tools • Tools do not find everything • Tools do not run themselves • They are worthless if you do not use them • A fool with a tool is still a fool 12
Training 13
Training • “Our people are our greatest asset…” • True, but… • Knowing what you should do and doing it are two different things 14
Contact Dan Cornell dan@denimgroup.com (210) 572-4400 @danielcornell Web: www.denimgroup.com Blog: blog.denimgroup.com 15

Recommended

Making Apps Work
Making Apps WorkMaking Apps Work
Making Apps WorkWilliam Thomson
 
My personal experiment on QS and IoT for Motivation
My personal experiment on QS and IoT for MotivationMy personal experiment on QS and IoT for Motivation
My personal experiment on QS and IoT for MotivationCharalampos Doukas
 
Pavel Kamyshov "Team Health Check" Kyiv PM Club
Pavel Kamyshov "Team Health Check" Kyiv PM ClubPavel Kamyshov "Team Health Check" Kyiv PM Club
Pavel Kamyshov "Team Health Check" Kyiv PM ClubLviv Startup Club
 
Building Lean and Agile in the Real World
Building Lean and Agile in the Real WorldBuilding Lean and Agile in the Real World
Building Lean and Agile in the Real WorldKevin Goldsmith
 
The 5 People in your Organization that grow Legacy Code
The 5 People in your Organization that grow Legacy CodeThe 5 People in your Organization that grow Legacy Code
The 5 People in your Organization that grow Legacy CodeRoberto Cortez
 
Running a High-Efficiency, High-Visibility Application Security Program with...
Running a High-Efficiency, High-Visibility Application Security Program with...Running a High-Efficiency, High-Visibility Application Security Program with...
Running a High-Efficiency, High-Visibility Application Security Program with...Denim Group
 
Software development management slides by George Berkowski (Hailo)
Software development management slides by George Berkowski (Hailo)Software development management slides by George Berkowski (Hailo)
Software development management slides by George Berkowski (Hailo)MiniBar
 
Intro Design Principles
Intro Design PrinciplesIntro Design Principles
Intro Design PrinciplesMichael Rawlins
 

Recommended

Making Apps Work
Making Apps WorkMaking Apps Work
Making Apps WorkWilliam Thomson
 
My personal experiment on QS and IoT for Motivation
My personal experiment on QS and IoT for MotivationMy personal experiment on QS and IoT for Motivation
My personal experiment on QS and IoT for MotivationCharalampos Doukas
 
Pavel Kamyshov "Team Health Check" Kyiv PM Club
Pavel Kamyshov "Team Health Check" Kyiv PM ClubPavel Kamyshov "Team Health Check" Kyiv PM Club
Pavel Kamyshov "Team Health Check" Kyiv PM ClubLviv Startup Club
 
Building Lean and Agile in the Real World
Building Lean and Agile in the Real WorldBuilding Lean and Agile in the Real World
Building Lean and Agile in the Real WorldKevin Goldsmith
 
The 5 People in your Organization that grow Legacy Code
The 5 People in your Organization that grow Legacy CodeThe 5 People in your Organization that grow Legacy Code
The 5 People in your Organization that grow Legacy CodeRoberto Cortez
 
Running a High-Efficiency, High-Visibility Application Security Program with...
Running a High-Efficiency, High-Visibility Application Security Program with...Running a High-Efficiency, High-Visibility Application Security Program with...
Running a High-Efficiency, High-Visibility Application Security Program with...Denim Group
 
Software development management slides by George Berkowski (Hailo)
Software development management slides by George Berkowski (Hailo)Software development management slides by George Berkowski (Hailo)
Software development management slides by George Berkowski (Hailo)MiniBar
 
Intro Design Principles
Intro Design PrinciplesIntro Design Principles
Intro Design PrinciplesMichael Rawlins
 
Just4Meeting 2012 - How to protect your web applications
Just4Meeting 2012 - How to protect your web applicationsJust4Meeting 2012 - How to protect your web applications
Just4Meeting 2012 - How to protect your web applicationsMagno Logan
 
Threat Modeling: Best Practices
Threat Modeling: Best PracticesThreat Modeling: Best Practices
Threat Modeling: Best PracticesSource Conference
 
GHAMAS Design Principles
GHAMAS Design PrinciplesGHAMAS Design Principles
GHAMAS Design PrinciplesMichael Rawlins
 
Rich Holdsworth @Didlr Presentation
Rich Holdsworth @Didlr PresentationRich Holdsworth @Didlr Presentation
Rich Holdsworth @Didlr PresentationLee Stott
 
10 Observations from 10+ years in the Corporate UX Trenches
10 Observations from 10+ years in the Corporate UX Trenches10 Observations from 10+ years in the Corporate UX Trenches
10 Observations from 10+ years in the Corporate UX TrenchesArio Jafarzadeh
 
Rolling Out An Enterprise Source Code Review Program
Rolling Out An Enterprise Source Code Review ProgramRolling Out An Enterprise Source Code Review Program
Rolling Out An Enterprise Source Code Review ProgramDenim Group
 
Design Thinking for Children
Design Thinking for ChildrenDesign Thinking for Children
Design Thinking for ChildrenEdwin Dando
 
Edwin Dando (Assurity Consulting)
Edwin Dando (Assurity Consulting)Edwin Dando (Assurity Consulting)
Edwin Dando (Assurity Consulting)AgileNZ Conference
 
A tale of two startups
A tale of two startupsA tale of two startups
A tale of two startupsBenjamin Joffe
 
Mobile Learning Guide App: Webinar for Training MagazineLearned
Mobile Learning Guide App: Webinar for Training MagazineLearnedMobile Learning Guide App: Webinar for Training MagazineLearned
Mobile Learning Guide App: Webinar for Training MagazineLearnedadlmobile
 
Bit by Bit: Effective Use of People, Processes and Computer Technology in the...
Bit by Bit: Effective Use of People, Processes and Computer Technology in the...Bit by Bit: Effective Use of People, Processes and Computer Technology in the...
Bit by Bit: Effective Use of People, Processes and Computer Technology in the...Jack Pringle
 
Books! Google isn't the only source of information
Books! Google isn't the only source of informationBooks! Google isn't the only source of information
Books! Google isn't the only source of informationJisc
 
Unicorn or Rhino? Agility in the Data Realm?
Unicorn or Rhino? Agility in the Data Realm?Unicorn or Rhino? Agility in the Data Realm?
Unicorn or Rhino? Agility in the Data Realm?Daniel Davis
 
Smart
SmartSmart
Smartagustinsalv
 
Ellie
Ellie Ellie
Ellie Marq2014
 
Bootstrapping a-devops-matter
Bootstrapping a-devops-matterBootstrapping a-devops-matter
Bootstrapping a-devops-matterSkills Matter
 
Software Craftsmanship and Agile Code Games
Software Craftsmanship and Agile Code GamesSoftware Craftsmanship and Agile Code Games
Software Craftsmanship and Agile Code GamesMike Clement
 
The Journey to DevSecOps
The Journey to DevSecOpsThe Journey to DevSecOps
The Journey to DevSecOpsShannon Lietz
 
The Journey to DevSecOps
The Journey to DevSecOpsThe Journey to DevSecOps
The Journey to DevSecOpsSeniorStoryteller
 
Developing on large scale applications
Developing on large scale applicationsDeveloping on large scale applications
Developing on large scale applicationsAdrian IORGU
 
Long-term Impact of Log4J
Long-term Impact of Log4JLong-term Impact of Log4J
Long-term Impact of Log4JDenim Group
 
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Denim Group
 

More Related Content

Similar to What I Wish I Knew Before Starting A Web Application Security Project

Just4Meeting 2012 - How to protect your web applications
Just4Meeting 2012 - How to protect your web applicationsJust4Meeting 2012 - How to protect your web applications
Just4Meeting 2012 - How to protect your web applicationsMagno Logan
 
Threat Modeling: Best Practices
Threat Modeling: Best PracticesThreat Modeling: Best Practices
Threat Modeling: Best PracticesSource Conference
 
GHAMAS Design Principles
GHAMAS Design PrinciplesGHAMAS Design Principles
GHAMAS Design PrinciplesMichael Rawlins
 
Rich Holdsworth @Didlr Presentation
Rich Holdsworth @Didlr PresentationRich Holdsworth @Didlr Presentation
Rich Holdsworth @Didlr PresentationLee Stott
 
10 Observations from 10+ years in the Corporate UX Trenches
10 Observations from 10+ years in the Corporate UX Trenches10 Observations from 10+ years in the Corporate UX Trenches
10 Observations from 10+ years in the Corporate UX TrenchesArio Jafarzadeh
 
Rolling Out An Enterprise Source Code Review Program
Rolling Out An Enterprise Source Code Review ProgramRolling Out An Enterprise Source Code Review Program
Rolling Out An Enterprise Source Code Review ProgramDenim Group
 
Design Thinking for Children
Design Thinking for ChildrenDesign Thinking for Children
Design Thinking for ChildrenEdwin Dando
 
Edwin Dando (Assurity Consulting)
Edwin Dando (Assurity Consulting)Edwin Dando (Assurity Consulting)
Edwin Dando (Assurity Consulting)AgileNZ Conference
 
A tale of two startups
A tale of two startupsA tale of two startups
A tale of two startupsBenjamin Joffe
 
Mobile Learning Guide App: Webinar for Training MagazineLearned
Mobile Learning Guide App: Webinar for Training MagazineLearnedMobile Learning Guide App: Webinar for Training MagazineLearned
Mobile Learning Guide App: Webinar for Training MagazineLearnedadlmobile
 
Bit by Bit: Effective Use of People, Processes and Computer Technology in the...
Bit by Bit: Effective Use of People, Processes and Computer Technology in the...Bit by Bit: Effective Use of People, Processes and Computer Technology in the...
Bit by Bit: Effective Use of People, Processes and Computer Technology in the...Jack Pringle
 
Books! Google isn't the only source of information
Books! Google isn't the only source of informationBooks! Google isn't the only source of information
Books! Google isn't the only source of informationJisc
 
Unicorn or Rhino? Agility in the Data Realm?
Unicorn or Rhino? Agility in the Data Realm?Unicorn or Rhino? Agility in the Data Realm?
Unicorn or Rhino? Agility in the Data Realm?Daniel Davis
 
Bootstrapping a-devops-matter
Bootstrapping a-devops-matterBootstrapping a-devops-matter
Bootstrapping a-devops-matterSkills Matter
 
Software Craftsmanship and Agile Code Games
Software Craftsmanship and Agile Code GamesSoftware Craftsmanship and Agile Code Games
Software Craftsmanship and Agile Code GamesMike Clement
 
The Journey to DevSecOps
The Journey to DevSecOpsThe Journey to DevSecOps
The Journey to DevSecOpsShannon Lietz
 
Developing on large scale applications
Developing on large scale applicationsDeveloping on large scale applications
Developing on large scale applicationsAdrian IORGU
 

Similar to What I Wish I Knew Before Starting A Web Application Security Project (20)

Just4Meeting 2012 - How to protect your web applications
Just4Meeting 2012 - How to protect your web applicationsJust4Meeting 2012 - How to protect your web applications
Just4Meeting 2012 - How to protect your web applications
 
Threat Modeling: Best Practices
Threat Modeling: Best PracticesThreat Modeling: Best Practices
Threat Modeling: Best Practices
 
GHAMAS Design Principles
GHAMAS Design PrinciplesGHAMAS Design Principles
GHAMAS Design Principles
 
Rich Holdsworth @Didlr Presentation
Rich Holdsworth @Didlr PresentationRich Holdsworth @Didlr Presentation
Rich Holdsworth @Didlr Presentation
 
10 Observations from 10+ years in the Corporate UX Trenches
10 Observations from 10+ years in the Corporate UX Trenches10 Observations from 10+ years in the Corporate UX Trenches
10 Observations from 10+ years in the Corporate UX Trenches
 
Rolling Out An Enterprise Source Code Review Program
Rolling Out An Enterprise Source Code Review ProgramRolling Out An Enterprise Source Code Review Program
Rolling Out An Enterprise Source Code Review Program
 
Design Thinking for Children
Design Thinking for ChildrenDesign Thinking for Children
Design Thinking for Children
 
Edwin Dando (Assurity Consulting)
Edwin Dando (Assurity Consulting)Edwin Dando (Assurity Consulting)
Edwin Dando (Assurity Consulting)
 
A tale of two startups
A tale of two startupsA tale of two startups
A tale of two startups
 
Mobile Learning Guide App: Webinar for Training MagazineLearned
Mobile Learning Guide App: Webinar for Training MagazineLearnedMobile Learning Guide App: Webinar for Training MagazineLearned
Mobile Learning Guide App: Webinar for Training MagazineLearned
 
Bit by Bit: Effective Use of People, Processes and Computer Technology in the...
Bit by Bit: Effective Use of People, Processes and Computer Technology in the...Bit by Bit: Effective Use of People, Processes and Computer Technology in the...
Bit by Bit: Effective Use of People, Processes and Computer Technology in the...
 
Books! Google isn't the only source of information
Books! Google isn't the only source of informationBooks! Google isn't the only source of information
Books! Google isn't the only source of information
 
Unicorn or Rhino? Agility in the Data Realm?
Unicorn or Rhino? Agility in the Data Realm?Unicorn or Rhino? Agility in the Data Realm?
Unicorn or Rhino? Agility in the Data Realm?
 
Smart
SmartSmart
Smart
 
Ellie
Ellie Ellie
Ellie
 
Bootstrapping a-devops-matter
Bootstrapping a-devops-matterBootstrapping a-devops-matter
Bootstrapping a-devops-matter
 
Software Craftsmanship and Agile Code Games
Software Craftsmanship and Agile Code GamesSoftware Craftsmanship and Agile Code Games
Software Craftsmanship and Agile Code Games
 
The Journey to DevSecOps
The Journey to DevSecOpsThe Journey to DevSecOps
The Journey to DevSecOps
 
The Journey to DevSecOps
The Journey to DevSecOpsThe Journey to DevSecOps
The Journey to DevSecOps
 
Developing on large scale applications
Developing on large scale applicationsDeveloping on large scale applications
Developing on large scale applications
 

More from Denim Group

Long-term Impact of Log4J
Long-term Impact of Log4JLong-term Impact of Log4J
Long-term Impact of Log4JDenim Group
 
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Denim Group
 
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Denim Group
 
Optimizing Security Velocity in Your DevSecOps Pipeline at Scale
Optimizing Security Velocity in Your DevSecOps Pipeline at ScaleOptimizing Security Velocity in Your DevSecOps Pipeline at Scale
Optimizing Security Velocity in Your DevSecOps Pipeline at ScaleDenim Group
 
Application Asset Management with ThreadFix
Application Asset Management with ThreadFix Application Asset Management with ThreadFix
Application Asset Management with ThreadFixDenim Group
 
OWASP San Antonio Meeting 10/2/20
OWASP San Antonio Meeting 10/2/20OWASP San Antonio Meeting 10/2/20
OWASP San Antonio Meeting 10/2/20Denim Group
 
AppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA Program
AppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA ProgramAppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA Program
AppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA ProgramDenim Group
 
Using Collaboration to Make Application Vulnerability Management a Team Sport
Using Collaboration to Make Application Vulnerability Management a Team SportUsing Collaboration to Make Application Vulnerability Management a Team Sport
Using Collaboration to Make Application Vulnerability Management a Team SportDenim Group
 
Managing Penetration Testing Programs and Vulnerability Time to Live with Thr...
Managing Penetration Testing Programs and Vulnerability Time to Live with Thr...Managing Penetration Testing Programs and Vulnerability Time to Live with Thr...
Managing Penetration Testing Programs and Vulnerability Time to Live with Thr...Denim Group
 
Security Champions: Pushing Security Expertise to the Edges of Your Organization
Security Champions: Pushing Security Expertise to the Edges of Your OrganizationSecurity Champions: Pushing Security Expertise to the Edges of Your Organization
Security Champions: Pushing Security Expertise to the Edges of Your OrganizationDenim Group
 
The As, Bs, and Four Cs of Testing Cloud-Native Applications
The As, Bs, and Four Cs of Testing Cloud-Native ApplicationsThe As, Bs, and Four Cs of Testing Cloud-Native Applications
The As, Bs, and Four Cs of Testing Cloud-Native ApplicationsDenim Group
 
An Updated Take: Threat Modeling for IoT Systems
An Updated Take: Threat Modeling for IoT SystemsAn Updated Take: Threat Modeling for IoT Systems
An Updated Take: Threat Modeling for IoT SystemsDenim Group
 
Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...
Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...
Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...Denim Group
 
A New View of Your Application Security Program with Snyk and ThreadFix
A New View of Your Application Security Program with Snyk and ThreadFixA New View of Your Application Security Program with Snyk and ThreadFix
A New View of Your Application Security Program with Snyk and ThreadFixDenim Group
 
Enabling Developers in Your Application Security Program With Coverity and Th...
Enabling Developers in Your Application Security Program With Coverity and Th...Enabling Developers in Your Application Security Program With Coverity and Th...
Enabling Developers in Your Application Security Program With Coverity and Th...Denim Group
 
AppSec in a World of Digital Transformation
AppSec in a World of Digital TransformationAppSec in a World of Digital Transformation
AppSec in a World of Digital TransformationDenim Group
 
The As, Bs, and Four Cs of Testing Cloud-Native Applications
The As, Bs, and Four Cs of Testing Cloud-Native ApplicationsThe As, Bs, and Four Cs of Testing Cloud-Native Applications
The As, Bs, and Four Cs of Testing Cloud-Native ApplicationsDenim Group
 
Enabling Developers in Your Application Security Program With Coverity and Th...
Enabling Developers in Your Application Security Program With Coverity and Th...Enabling Developers in Your Application Security Program With Coverity and Th...
Enabling Developers in Your Application Security Program With Coverity and Th...Denim Group
 
AppSec in a World of Digital Transformation
AppSec in a World of Digital Transformation AppSec in a World of Digital Transformation
AppSec in a World of Digital TransformationDenim Group
 
Enumerating Enterprise Attack Surface
Enumerating Enterprise Attack SurfaceEnumerating Enterprise Attack Surface
Enumerating Enterprise Attack SurfaceDenim Group
 

More from Denim Group (20)

Long-term Impact of Log4J
Long-term Impact of Log4JLong-term Impact of Log4J
Long-term Impact of Log4J
 
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
 
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
 
Optimizing Security Velocity in Your DevSecOps Pipeline at Scale
Optimizing Security Velocity in Your DevSecOps Pipeline at ScaleOptimizing Security Velocity in Your DevSecOps Pipeline at Scale
Optimizing Security Velocity in Your DevSecOps Pipeline at Scale
 
Application Asset Management with ThreadFix
Application Asset Management with ThreadFix Application Asset Management with ThreadFix
Application Asset Management with ThreadFix
 
OWASP San Antonio Meeting 10/2/20
OWASP San Antonio Meeting 10/2/20OWASP San Antonio Meeting 10/2/20
OWASP San Antonio Meeting 10/2/20
 
AppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA Program
AppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA ProgramAppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA Program
AppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA Program
 
Using Collaboration to Make Application Vulnerability Management a Team Sport
Using Collaboration to Make Application Vulnerability Management a Team SportUsing Collaboration to Make Application Vulnerability Management a Team Sport
Using Collaboration to Make Application Vulnerability Management a Team Sport
 
Managing Penetration Testing Programs and Vulnerability Time to Live with Thr...
Managing Penetration Testing Programs and Vulnerability Time to Live with Thr...Managing Penetration Testing Programs and Vulnerability Time to Live with Thr...
Managing Penetration Testing Programs and Vulnerability Time to Live with Thr...
 
Security Champions: Pushing Security Expertise to the Edges of Your Organization
Security Champions: Pushing Security Expertise to the Edges of Your OrganizationSecurity Champions: Pushing Security Expertise to the Edges of Your Organization
Security Champions: Pushing Security Expertise to the Edges of Your Organization
 
The As, Bs, and Four Cs of Testing Cloud-Native Applications
The As, Bs, and Four Cs of Testing Cloud-Native ApplicationsThe As, Bs, and Four Cs of Testing Cloud-Native Applications
The As, Bs, and Four Cs of Testing Cloud-Native Applications
 
An Updated Take: Threat Modeling for IoT Systems
An Updated Take: Threat Modeling for IoT SystemsAn Updated Take: Threat Modeling for IoT Systems
An Updated Take: Threat Modeling for IoT Systems
 
Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...
Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...
Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...
 
A New View of Your Application Security Program with Snyk and ThreadFix
A New View of Your Application Security Program with Snyk and ThreadFixA New View of Your Application Security Program with Snyk and ThreadFix
A New View of Your Application Security Program with Snyk and ThreadFix
 
Enabling Developers in Your Application Security Program With Coverity and Th...
Enabling Developers in Your Application Security Program With Coverity and Th...Enabling Developers in Your Application Security Program With Coverity and Th...
Enabling Developers in Your Application Security Program With Coverity and Th...
 
AppSec in a World of Digital Transformation
AppSec in a World of Digital TransformationAppSec in a World of Digital Transformation
AppSec in a World of Digital Transformation
 
The As, Bs, and Four Cs of Testing Cloud-Native Applications
The As, Bs, and Four Cs of Testing Cloud-Native ApplicationsThe As, Bs, and Four Cs of Testing Cloud-Native Applications
The As, Bs, and Four Cs of Testing Cloud-Native Applications
 
Enabling Developers in Your Application Security Program With Coverity and Th...
Enabling Developers in Your Application Security Program With Coverity and Th...Enabling Developers in Your Application Security Program With Coverity and Th...
Enabling Developers in Your Application Security Program With Coverity and Th...
 
AppSec in a World of Digital Transformation
AppSec in a World of Digital Transformation AppSec in a World of Digital Transformation
AppSec in a World of Digital Transformation
 
Enumerating Enterprise Attack Surface
Enumerating Enterprise Attack SurfaceEnumerating Enterprise Attack Surface
Enumerating Enterprise Attack Surface
 

Recently uploaded

New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 

Recently uploaded (20)

New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 

What I Wish I Knew Before Starting A Web Application Security Project