Culture New Topic Noun 1: a particular civilization at a particular stage 2: the tastes in art and manners that are favored by a social group 3: all the knowledge and values shared by a society
Application security people are from Mars, software developers are from Venus or The great skills divide A better title ?
Most application security people are not software people Most application security people have no idea what enterprise software really is or understand the process of how it is created Most application security people think that if they understand HTTP then they understand web application security and can advise people on how to build secure web sites Most application security people can’t write code
“ In the future everyone will have their 15 minutes of fame” – Andy Warhol
NEWS FLASH: The world is not falling down because of cross site scripting Security < Performance < Functionality Start caring about the important stuff (before application security becomes ignored)
“ Lingua d’application security” Some readings from some (self-titled) web application security standards………..
Don’t get fooled into thinking the discussions on webappsec are representative of the problems business cares about!
Art of the security group <ul><li>Have “world renowned experts” </li></ul><ul><li>Speak for the “entire industry” </li></ul><ul><li>Create “standards” </li></ul><ul><li>Be “thought leaders” </li></ul><ul><li>Take yourself really, really seriously </li></ul>