26. Take Away
• Think securely from the first line of code -Far
better to write securely from the start rather than
fix it later
• Use black box tools to help to grab low hanging
fruit
• Use your knowledge to dig in and find and fix
vulnerabilities – gray and white box approaches
• Learn the trust boundaries
• Validate and encode correctly
28. Stuff to Read
• OWASP - http://www.owasp.org/index.php/Main_Page
• SANS Institute - http://www.sans.org/
• SANS Top 25 of 2009 - - http://www.sans.org/top25errors/
• Secure Programming with Static Analysis – Brian Chess & Jacob
West
• OWASP:Software Assurance Maturity Model -
http://www.owasp.org/index.php/Category:OWASP_Software_Assurance_Maturity_Model_Project
• Software Security: Building Security In – Gary McGraw
• Exploiting Software: How to Break Code – Gary McGraw
• Hackers.org - http://ha.ckers.org/
• Free Stock Photos - http://www.sxc.hu/