More often than not, web applications start off as a bright idea, which is then brought into realization at a fast and furious pace, with little eye for anything but result. Once all envisioned functionality is incorporated in the design and the project is launched, developers will be assigned to the next project.
Notwithstanding a few bug fixes, the final - yet essential - step of software development is more often than not, omitted: the security audit. Despite the fact that these checks are regarded as tedious and superfluous, practice shows that it is time well spent: numerous, often severe vulnerabilities come to light.
In his presentation, Sijmen Ruwhof will detail how to incorporate security checks into the software development process. He will also step through the implementation, and caveats of a security audit. Ruwhof works for Secundity as a security analyst specialized in PHP audits.