… .….or the unclothed state of the application security industry today Mark Curphey
“ Software is a forklift for the left brain.”   —Dan Pink
=
Culture New Topic Noun 1: a particular civilization at a particular stage  2: the tastes in art and manners that are favor...
Application security people are from Mars, software developers are from Venus or The great skills divide A better title ?
Most application security people are not software people Most application security people have no  idea what enterprise so...
“ In the future everyone will have their 15 minutes of fame”  – Andy Warhol
NEWS FLASH: The world is not falling down because of cross site scripting Security <  Performance < Functionality  Start c...
 
 
 
 
Consortiums, forums and the open source dream
“ Lingua d’application security” Some readings from some (self-titled) web application security standards………..
 
Don’t get fooled into thinking the discussions on webappsec are representative of the problems business cares about!
Art of the security group <ul><li>Have “world renowned experts” </li></ul><ul><li>Speak for the “entire industry” </li></u...
Tools New Topic
 
Better title? How to buy a silver bullet ? Dude where's my shiny red button?
Its NOT about network security!
(IMPLEMENTTATION)  BUGS (DESIGN)  FLAWS
 
How many of the people that are building software security tools have come from a commercial development background?
Introducing the only tool in the world that really works effectively today……
 
A fool with a tool … .is still a fool
A tool with a tool … .is always a tool
News for people who run tools
China!
China!
China!
China!
Media have no clue!
What the industry really needs New Topic
Better title? A dose of reality or How does the industry grow up?
Communication
 
 
 
 
 
 
 
Peace, love and understanding
Credibility
Real standards
People Process Technology (back to basics)
  “ If you don’t like change, you’re going to like irrelevance even less.”  —General Eric Shinseki, Chief of Staff. U. S. ...
That’s all folks!
Upcoming SlideShare
Loading in …5
×

Naked Security

17,344 views

Published on

Mark Curpheys view on the application security industry (2006)

Published in: Technology, News & Politics
6 Comments
25 Likes
Statistics
Notes
No Downloads
Views
Total views
17,344
On SlideShare
0
From Embeds
0
Number of Embeds
87
Actions
Shares
0
Downloads
0
Comments
6
Likes
25
Embeds 0
No embeds

No notes for slide
  • This presentation is an “after dinner” type speech with observations about the information security industry. The observations and opinions are my own and not those
  • Naked Security

    1. 1. … .….or the unclothed state of the application security industry today Mark Curphey
    2. 2. “ Software is a forklift for the left brain.” —Dan Pink
    3. 3. =
    4. 4. Culture New Topic Noun 1: a particular civilization at a particular stage 2: the tastes in art and manners that are favored by a social group 3: all the knowledge and values shared by a society
    5. 5. Application security people are from Mars, software developers are from Venus or The great skills divide A better title ?
    6. 6. Most application security people are not software people Most application security people have no idea what enterprise software really is or understand the process of how it is created Most application security people think that if they understand HTTP then they understand web application security and can advise people on how to build secure web sites Most application security people can’t write code
    7. 7. “ In the future everyone will have their 15 minutes of fame” – Andy Warhol
    8. 8. NEWS FLASH: The world is not falling down because of cross site scripting Security < Performance < Functionality Start caring about the important stuff (before application security becomes ignored)
    9. 13. Consortiums, forums and the open source dream
    10. 14. “ Lingua d’application security” Some readings from some (self-titled) web application security standards………..
    11. 16. Don’t get fooled into thinking the discussions on webappsec are representative of the problems business cares about!
    12. 17. Art of the security group <ul><li>Have “world renowned experts” </li></ul><ul><li>Speak for the “entire industry” </li></ul><ul><li>Create “standards” </li></ul><ul><li>Be “thought leaders” </li></ul><ul><li>Take yourself really, really seriously </li></ul>
    13. 18. Tools New Topic
    14. 20. Better title? How to buy a silver bullet ? Dude where's my shiny red button?
    15. 21. Its NOT about network security!
    16. 22. (IMPLEMENTTATION) BUGS (DESIGN) FLAWS
    17. 24. How many of the people that are building software security tools have come from a commercial development background?
    18. 25. Introducing the only tool in the world that really works effectively today……
    19. 27. A fool with a tool … .is still a fool
    20. 28. A tool with a tool … .is always a tool
    21. 29. News for people who run tools
    22. 30. China!
    23. 31. China!
    24. 32. China!
    25. 33. China!
    26. 34. Media have no clue!
    27. 35. What the industry really needs New Topic
    28. 36. Better title? A dose of reality or How does the industry grow up?
    29. 37. Communication
    30. 45. Peace, love and understanding
    31. 46. Credibility
    32. 47. Real standards
    33. 48. People Process Technology (back to basics)
    34. 49. “ If you don’t like change, you’re going to like irrelevance even less.” —General Eric Shinseki, Chief of Staff. U. S. Army
    35. 50. That’s all folks!

    ×