Mark Curphey, profile picture
Uploaded byMark Curphey
4,154 views

Naked Security

Most application security professionals have little understanding of software development processes and priorities. They often think technical knowledge is enough, but true security requires understanding development tradeoffs between functionality, performance, and security. The industry would benefit from more focus on communication, credible standards, and fundamentals like people, process, and technology rather than tools alone.

Embed presentation

… .….or the unclothed state of the application security industry today Mark Curphey
“ Software is a forklift for the left brain.” —Dan Pink
=
Culture New Topic Noun 1: a particular civilization at a particular stage 2: the tastes in art and manners that are favored by a social group 3: all the knowledge and values shared by a society
Application security people are from Mars, software developers are from Venus or The great skills divide A better title ?
Most application security people are not software people Most application security people have no idea what enterprise software really is or understand the process of how it is created Most application security people think that if they understand HTTP then they understand web application security and can advise people on how to build secure web sites Most application security people can’t write code
“ In the future everyone will have their 15 minutes of fame” – Andy Warhol
NEWS FLASH: The world is not falling down because of cross site scripting Security < Performance < Functionality Start caring about the important stuff (before application security becomes ignored)
 
 
 
 
Consortiums, forums and the open source dream
“ Lingua d’application security” Some readings from some (self-titled) web application security standards………..
 
Don’t get fooled into thinking the discussions on webappsec are representative of the problems business cares about!
Art of the security group Have “world renowned experts” Speak for the “entire industry” Create “standards” Be “thought leaders” Take yourself really, really seriously
Tools New Topic
 
Better title? How to buy a silver bullet ? Dude where's my shiny red button?
Its NOT about network security!
(IMPLEMENTTATION) BUGS (DESIGN) FLAWS
 
How many of the people that are building software security tools have come from a commercial development background?
Introducing the only tool in the world that really works effectively today……
 
A fool with a tool … .is still a fool
A tool with a tool … .is always a tool
News for people who run tools
China!
China!
China!
China!
Media have no clue!
What the industry really needs New Topic
Better title? A dose of reality or How does the industry grow up?
Communication
 
 
 
 
 
 
 
Peace, love and understanding
Credibility
Real standards
People Process Technology (back to basics)
“ If you don’t like change, you’re going to like irrelevance even less.” —General Eric Shinseki, Chief of Staff. U. S. Army
That’s all folks!

More Related Content

PPTX
Social & professional issues in IT
byRohana K Amarakoon
 
PPT
Social Media and Identity
byAlexander Howard
 
PPTX
Digital citizenship power point
byKhanyiso Nemuhuyuni
 
PDF
An Introduction: Technology, Ethics, and the Workplace
byTawny Brown
 
PPT
What Diaspora can learn from Microsoft
byJon Pincus
 
PPT
Managing Corporate Information Security Risk in Financial Institutions
byMark Curphey
 
PPTX
Etl523 pres jj jarick
byjamesjarick
 
PPT
The Future of IT
byrogowskicr
 
Social & professional issues in IT
byRohana K Amarakoon
 
Social Media and Identity
byAlexander Howard
 
Digital citizenship power point
byKhanyiso Nemuhuyuni
 
An Introduction: Technology, Ethics, and the Workplace
byTawny Brown
 
What Diaspora can learn from Microsoft
byJon Pincus
 
Managing Corporate Information Security Risk in Financial Institutions
byMark Curphey
 
Etl523 pres jj jarick
byjamesjarick
 
The Future of IT
byrogowskicr
 

What's hot

PDF
Globalcompose.com sample essay paper on cyber ethics
byAcademic Research Paper Writing Services
 
PDF
Cybersecurity Employee Training
byPaige Rasid
 
PPTX
Digital fluency powerpoint
byTRose5
 
PPTX
Social networking privacy issues & exposure
byLDdsng
 
PPT
One - Social & Ethical Issues
byMISY
 
PPT
Digital Divide
byChris Loiselle
 
PDF
Human Error in Cyber Security
byAntti Ollila
 
PPTX
The Cyber Security Training Gap: Rotarian Reach
byRotary International
 
PPTX
Social and Professional Issues in Computing - Ethics
byDyuti Islam
 
PPTX
Legal & ethical issues when implementing technology
bypeav1n0
 
PPTX
The legal, safe and ethical use of technology in the classroom
byGabriella Maree Wheeler
 
PPTX
Legal, Ethical, and Social Issues in Educational Computing
bysappingtonkr
 
PDF
Opening the IoT - Joe Fortey - IoT Midlands Meet Up - 29/07/14
byWMG, University of Warwick
 
PPT
Web tech evol
byShiv Krishnan
 
DOCX
Social and legal issues in i
byHassan Nasir
 
PPTX
Social networking and security
bysarathsandeep mandalapu
 
PPTX
Dwyer ISSA Presentation
byCathy Dwyer
 
PPTX
Ethics for technology workers
byNiranjan Meegammana
 
PPTX
Beadles, Bilby, Digby, Leahy, Lloyd, and Pawlowski "Identity Management and A...
byNational Information Standards Organization (NISO)
 
PPTX
Digital citizenship and Digiteen intro
byFlat Classroom
 
Globalcompose.com sample essay paper on cyber ethics
byAcademic Research Paper Writing Services
 
Cybersecurity Employee Training
byPaige Rasid
 
Digital fluency powerpoint
byTRose5
 
Social networking privacy issues & exposure
byLDdsng
 
One - Social & Ethical Issues
byMISY
 
Digital Divide
byChris Loiselle
 
Human Error in Cyber Security
byAntti Ollila
 
The Cyber Security Training Gap: Rotarian Reach
byRotary International
 
Social and Professional Issues in Computing - Ethics
byDyuti Islam
 
Legal & ethical issues when implementing technology
bypeav1n0
 
The legal, safe and ethical use of technology in the classroom
byGabriella Maree Wheeler
 
Legal, Ethical, and Social Issues in Educational Computing
bysappingtonkr
 
Opening the IoT - Joe Fortey - IoT Midlands Meet Up - 29/07/14
byWMG, University of Warwick
 
Web tech evol
byShiv Krishnan
 
Social and legal issues in i
byHassan Nasir
 
Social networking and security
bysarathsandeep mandalapu
 
Dwyer ISSA Presentation
byCathy Dwyer
 
Ethics for technology workers
byNiranjan Meegammana
 
Beadles, Bilby, Digby, Leahy, Lloyd, and Pawlowski "Identity Management and A...
byNational Information Standards Organization (NISO)
 
Digital citizenship and Digiteen intro
byFlat Classroom
 

Similar to Naked Security

PDF
Presentation 'a web application security' challenge
byDinis Cruz
 
PPTX
Forget cyber, it's all about AppSec
byAdrien de Beaupre
 
PDF
New Era of Software with modern Application Security (v0.6)
byDinis Cruz
 
PDF
Research Article On Web Application Security
bySaadSaif6
 
PPSX
AppSec Role Based Training OWASP Global AppSec USA 2025-11-06
byRobert Grupe, CSSLP CISSP PE PMP
 
PPTX
Application Security-Understanding The Horizon
byLalit Kale
 
PDF
application security.pdf
byVSAM Technologies India Private Limited
 
PDF
The Thing That Should Not Be
bymorisson
 
PPT
六合彩香港-六合彩
bybaoyin
 
PPTX
Best Practices for a Mature Application Security Program Webinar - February 2016
bySecurity Innovation
 
PDF
Owasp o
bySagar Nangare
 
PDF
Review Paper ( Research Articles )
bySaadSaif6
 
PDF
VER_WP_CrackingCode_FINAL
byJessica Lavery Pozerski
 
PDF
Application Security Testing for Software Engineers: An approach to build sof...
byMichael Hidalgo
 
PDF
ultimate-guide-to-getting-started-with-appsec-veracode
bySean Varga
 
PDF
Ultimate_Guide_to_getting_started_with_AppSec
byJessica Lavery Pozerski
 
PPTX
Automating Your Tools: How to Free Up Your Security Professionals for Actual ...
byKevin Fealey
 
PPTX
application security.pptx
byAbhishekThakur567842
 
PPTX
00. introduction to app sec v3
byEoin Keary
 
PPTX
Application_security_Strategic
byRamesh VG
 
Presentation 'a web application security' challenge
byDinis Cruz
 
Forget cyber, it's all about AppSec
byAdrien de Beaupre
 
New Era of Software with modern Application Security (v0.6)
byDinis Cruz
 
Research Article On Web Application Security
bySaadSaif6
 
AppSec Role Based Training OWASP Global AppSec USA 2025-11-06
byRobert Grupe, CSSLP CISSP PE PMP
 
Application Security-Understanding The Horizon
byLalit Kale
 
application security.pdf
byVSAM Technologies India Private Limited
 
The Thing That Should Not Be
bymorisson
 
六合彩香港-六合彩
bybaoyin
 
Best Practices for a Mature Application Security Program Webinar - February 2016
bySecurity Innovation
 
Owasp o
bySagar Nangare
 
Review Paper ( Research Articles )
bySaadSaif6
 
VER_WP_CrackingCode_FINAL
byJessica Lavery Pozerski
 
Application Security Testing for Software Engineers: An approach to build sof...
byMichael Hidalgo
 
ultimate-guide-to-getting-started-with-appsec-veracode
bySean Varga
 
Ultimate_Guide_to_getting_started_with_AppSec
byJessica Lavery Pozerski
 
Automating Your Tools: How to Free Up Your Security Professionals for Actual ...
byKevin Fealey
 
application security.pptx
byAbhishekThakur567842
 
00. introduction to app sec v3
byEoin Keary
 
Application_security_Strategic
byRamesh VG
 

More from Mark Curphey

PPT
Advertising Theory
byMark Curphey
 
PPT
Product Definition
byMark Curphey
 
PPT
Innovators Dilemma Slides
byMark Curphey
 
PPT
Product and Brand
byMark Curphey
 
PPT
Research
byMark Curphey
 
PPT
Hack in the Box Keynote 2006
byMark Curphey
 
PPT
Product Positioning and Lifecycle
byMark Curphey
 
PPT
Software Security in the Real World
byMark Curphey
 
PPT
New product Offer
byMark Curphey
 
PPT
Marketing Introduction
byMark Curphey
 
PDF
Curphey AppSecUSA - Community The Killer Application
byMark Curphey
 
Advertising Theory
byMark Curphey
 
Product Definition
byMark Curphey
 
Innovators Dilemma Slides
byMark Curphey
 
Product and Brand
byMark Curphey
 
Research
byMark Curphey
 
Hack in the Box Keynote 2006
byMark Curphey
 
Product Positioning and Lifecycle
byMark Curphey
 
Software Security in the Real World
byMark Curphey
 
New product Offer
byMark Curphey
 
Marketing Introduction
byMark Curphey
 
Curphey AppSecUSA - Community The Killer Application
byMark Curphey
 

Recently uploaded

PPTX
Why Most GenAI Projects Fail to Scale and How to Become One of the Success St...
byEarley Information Science
 
PDF
The State of the Gen AI economy - 2025 - The Meliora Company
byClive Dickens
 
PDF
Day 5 - Red Team + Blue Team in the Cloud - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
PPTX
Conversational Agents – Building Intelligent Assistants [Virtual Hands-on Wor...
byUiPathCommunity
 
PPTX
Technology Consulting _ by Slidesgo.pptx
byfh82277
 
PPTX
Coded Agents – with UiPath SDK + LangGraph [Virtual Hands-on Workshop]
byUiPathCommunity
 
PDF
Access Control 2025: From Security Silo to Software-Defined Ecosystem
byMemoori
 
PDF
DevFest El Jadida 2025 - Product Thinking
byElmehdi AMLOU
 
PDF
Cross-Cultural Agile Development -Challenges and Strategies for Overcoming Them-
byTakashi Makino
 
PPTX
Gemini vs ChatGPT : Comparing Top AI Models
byDigicarrom
 
PDF
Our Digital Tribe_ Cultivating Connection and Growth in Our Slack Community 🌿...
bysanjeetmishra30
 
PDF
Data Virtualization in Action: Scaling APIs and Apps with FME
bySafe Software
 
PDF
API-First Architecture in Financial Systems
bycyy111112
 
PPTX
Top _HR Technology Trends _for 2026_.pptx
byAutomationEdge Technologies
 
PPTX
wob-report.pptxwob-report.pptxwob-report.pptx
byssuser0d171c
 
PPTX
UiPath Autonomous Agents | Building and Orchestrating Agents End-to-End
byUiPathCommunity
 
PPTX
From Backup to Resilience: How MSPs Are Preparing for 2026
byMSP360
 
PDF
AI Powered Document Processing and Data Extraction
byRobert McDermott
 
PDF
WHITE PAPER_ Ransomware Payment Policy and Resilience Strategy_ A Framework f...
byssuser0d171c
 
PDF
Day 4 - Access, Deployments, and Monitoring - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
Why Most GenAI Projects Fail to Scale and How to Become One of the Success St...
byEarley Information Science
 
The State of the Gen AI economy - 2025 - The Meliora Company
byClive Dickens
 
Day 5 - Red Team + Blue Team in the Cloud - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
Conversational Agents – Building Intelligent Assistants [Virtual Hands-on Wor...
byUiPathCommunity
 
Technology Consulting _ by Slidesgo.pptx
byfh82277
 
Coded Agents – with UiPath SDK + LangGraph [Virtual Hands-on Workshop]
byUiPathCommunity
 
Access Control 2025: From Security Silo to Software-Defined Ecosystem
byMemoori
 
DevFest El Jadida 2025 - Product Thinking
byElmehdi AMLOU
 
Cross-Cultural Agile Development -Challenges and Strategies for Overcoming Them-
byTakashi Makino
 
Gemini vs ChatGPT : Comparing Top AI Models
byDigicarrom
 
Our Digital Tribe_ Cultivating Connection and Growth in Our Slack Community 🌿...
bysanjeetmishra30
 
Data Virtualization in Action: Scaling APIs and Apps with FME
bySafe Software
 
API-First Architecture in Financial Systems
bycyy111112
 
Top _HR Technology Trends _for 2026_.pptx
byAutomationEdge Technologies
 
wob-report.pptxwob-report.pptxwob-report.pptx
byssuser0d171c
 
UiPath Autonomous Agents | Building and Orchestrating Agents End-to-End
byUiPathCommunity
 
From Backup to Resilience: How MSPs Are Preparing for 2026
byMSP360
 
AI Powered Document Processing and Data Extraction
byRobert McDermott
 
WHITE PAPER_ Ransomware Payment Policy and Resilience Strategy_ A Framework f...
byssuser0d171c
 
Day 4 - Access, Deployments, and Monitoring - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 

Naked Security

Editor's Notes

  • #2 This presentation is an “after dinner” type speech with observations about the information security industry. The observations and opinions are my own and not those