Track Keynote for the Application Security & Compliance Track at the IBM Rational Software Conference 2009
More and more we rely on Web-based software and systems to run business processes, conduct transactions and deliver sophisticated services to customers. Unfortunately, in the race to stay ahead competitors, we often give little or no attention to ensuring that these applications don't compromise our security or compliance by introducing exploitable vulnerabilities that can used to compromise confidential company information or sensitive client data. The most efficient way to stay ahead of application security and compliance is to build software securely from the ground up. Unfortunately, application security is often an after-thought, "bolted on" at the end of the software development process, rather than "built in" across the entire development and delivery cycle, resulting in vulnerabilities that are found late -- if at all -- where they prose the greatest threats and are significantly more costly to repair.
In this track we will focus on the fundamentals of application security - common attack types, how to defend against these attacks, secure coding practices, identifying vulnerabilities through a combination of manual and automated approaches, what to do when vulnerabilities have been identified, and best practices for integrating security testing into application development. We will also delve into emerging threats in Web 2.0 environments, SOA security and the inherent risks of Web-enabling legacy applications.