Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Thursday, November 21 • 12:00pm - 12:50pm
Insecure Expectations

Sign up or log in to save this to your schedule and see who's attending!

Video of session:
https://www.youtube.com/watch?v=tU-IRg7Cwts&list=PLpr-xdpM8wG8ODR2zWs06JkMmlRiLyBXU&index=20

Many developers rely on tests or specs (with expectations) to verify that our code is working properly. Few of us leverage the tests we are already writing to demonstrate security controls are properly applied. In this technical talk, we will walk through hands on examples of tests that demonstrate how to test for common security issues against an example Rails application (though the concept is not Rails specific).  Although substantial testing is possible with existing tools, this talk will also present a new open source tool which provides developers with a simpler way to write security tests.
The goals are twofold: • To illustrate some common security issues.
• To give developers something concrete they can do about them.

In addition to the technical portion of the talk, the speaker will spend a short time challenging the audience to help OWASP find ways to reach developers.  The speaker has had success in a local community reaching developers through simple community organizing strategies, applied conscientiously over a long period of time.

Speakers
avatar for Matt Konda

Matt Konda

Founder, Jemurai
Matt Konda is a developer and application security expert. He founded Jemurai to focus on working with teams to deliver secure software. Jemurai works with clients on security automation, training, strategy, building AppSec teams and more. Matt is on the global board of OWASP, active in developer and devops focused OWASP open source projects and regularly gives industry talks.


Thursday November 21, 2013 12:00pm - 12:50pm
Salon 2 (5th Floor Ballroom) NY Marriott Marquis

Attendees (61)