Artwork

Innehåll tillhandahållet av Black Hat Briefings, USA 2007 [Video] Presentations from the security conference.. Allt poddinnehåll inklusive avsnitt, grafik och podcastbeskrivningar laddas upp och tillhandahålls direkt av Black Hat Briefings, USA 2007 [Video] Presentations from the security conference. eller deras podcastplattformspartner. Om du tror att någon använder ditt upphovsrättsskyddade verk utan din tillåtelse kan du följa processen som beskrivs här https://sv.player.fm/legal.
Player FM - Podcast-app
Gå offline med appen Player FM !

David Coffey & John Viega: Building an Effective Application Security Practice on a Shoestring Budget

1:07:57
 
Dela
 

Manage episode 152211979 series 1053194
Innehåll tillhandahållet av Black Hat Briefings, USA 2007 [Video] Presentations from the security conference.. Allt poddinnehåll inklusive avsnitt, grafik och podcastbeskrivningar laddas upp och tillhandahålls direkt av Black Hat Briefings, USA 2007 [Video] Presentations from the security conference. eller deras podcastplattformspartner. Om du tror att någon använder ditt upphovsrättsskyddade verk utan din tillåtelse kan du följa processen som beskrivs här https://sv.player.fm/legal.
Software companies inevitably produce insecure code. In 2006 alone, CERT has recognized over 8,000 published vulnerabilities in applications. Attackers were previously occupied by the weaker operating systems and have moved on to easier targets: applications. What makes this situation worse, is the weaponization of these exploits and the business drivers behind them. Some organizations struggle to deal with this trend to try to protect their products and customers. Other organizations have nothing in place, and need to create measures as soon as possible.
This talk will raise several issues that global enterprise organizations currently face with application security and how to overcome them in a cost-effective manner. Some of the issues that will be discussed are software development lifecycle integration, global policy and compliance issues, necessary developer awareness and automated tools, and accurate metrics collection and tracking to measure the progress. Attendees will be introduced to best practices which have worked for McAfee and other large scale global enterprises, and be shown which practices to avoid. If you're only going to invest in a single activity to start, this talk will help you figure out what it should be, and how to measure its success.
David Coffey is the manager of product security at McAfee. At McAfee, David is responsible for assessing the current state of security of the products, development process, and architecture. David is also responsible for leading a geographically distributed team to provide guidance and education to McAfee employees on security measures, process, integration as well as industry best practices.
David has been a professional in the technology field for over a decade, providing for strong computer fundamentals and is proficient in both NIX and Windows environments. Prior to joining McAfee, David spent several years working as either an employee or a consultant in financial institutions around the New York area. David later concentrated on architecting, developing and securing multi-tiered, high traffic, dynamic websites, with the largest one doing 92 million hits per day. David served as the sole Application Security Engineer in the 4th largest cable company in the US, performing duties ranging from code audits to architecting IDS deployments to assisting in the securing of network architectures. Most recently, David had the role of Principle Consultant at a security consulting company, managing the security process integration and adoption for a large financial institution which handles a little over 1 quadrillion dollars a year.
John Viega is Vice President and Chief Security Architect at McAfee, Inc. In this role he is responsible for McAfee Avert Labs' engineering efforts, including the anti-virus engine. In addition to Viega is also in charge of product security strategy, leading security audits of code, and helping to shape the technical directions for the product lines at McAfee. Viega is a well known security expert and cryptographer and has co-authored several books, including Building Secure Software, Secure Programming Cookbook, Network Security with OpenSSL and The 19 Deadly Sins of Software Security. Prior to joining McAfee, Viega was founder and chief technology officer at Secure Software.
  continue reading

89 episoder

Artwork
iconDela
 
Manage episode 152211979 series 1053194
Innehåll tillhandahållet av Black Hat Briefings, USA 2007 [Video] Presentations from the security conference.. Allt poddinnehåll inklusive avsnitt, grafik och podcastbeskrivningar laddas upp och tillhandahålls direkt av Black Hat Briefings, USA 2007 [Video] Presentations from the security conference. eller deras podcastplattformspartner. Om du tror att någon använder ditt upphovsrättsskyddade verk utan din tillåtelse kan du följa processen som beskrivs här https://sv.player.fm/legal.
Software companies inevitably produce insecure code. In 2006 alone, CERT has recognized over 8,000 published vulnerabilities in applications. Attackers were previously occupied by the weaker operating systems and have moved on to easier targets: applications. What makes this situation worse, is the weaponization of these exploits and the business drivers behind them. Some organizations struggle to deal with this trend to try to protect their products and customers. Other organizations have nothing in place, and need to create measures as soon as possible.
This talk will raise several issues that global enterprise organizations currently face with application security and how to overcome them in a cost-effective manner. Some of the issues that will be discussed are software development lifecycle integration, global policy and compliance issues, necessary developer awareness and automated tools, and accurate metrics collection and tracking to measure the progress. Attendees will be introduced to best practices which have worked for McAfee and other large scale global enterprises, and be shown which practices to avoid. If you're only going to invest in a single activity to start, this talk will help you figure out what it should be, and how to measure its success.
David Coffey is the manager of product security at McAfee. At McAfee, David is responsible for assessing the current state of security of the products, development process, and architecture. David is also responsible for leading a geographically distributed team to provide guidance and education to McAfee employees on security measures, process, integration as well as industry best practices.
David has been a professional in the technology field for over a decade, providing for strong computer fundamentals and is proficient in both NIX and Windows environments. Prior to joining McAfee, David spent several years working as either an employee or a consultant in financial institutions around the New York area. David later concentrated on architecting, developing and securing multi-tiered, high traffic, dynamic websites, with the largest one doing 92 million hits per day. David served as the sole Application Security Engineer in the 4th largest cable company in the US, performing duties ranging from code audits to architecting IDS deployments to assisting in the securing of network architectures. Most recently, David had the role of Principle Consultant at a security consulting company, managing the security process integration and adoption for a large financial institution which handles a little over 1 quadrillion dollars a year.
John Viega is Vice President and Chief Security Architect at McAfee, Inc. In this role he is responsible for McAfee Avert Labs' engineering efforts, including the anti-virus engine. In addition to Viega is also in charge of product security strategy, leading security audits of code, and helping to shape the technical directions for the product lines at McAfee. Viega is a well known security expert and cryptographer and has co-authored several books, including Building Secure Software, Secure Programming Cookbook, Network Security with OpenSSL and The 19 Deadly Sins of Software Security. Prior to joining McAfee, Viega was founder and chief technology officer at Secure Software.
  continue reading

89 episoder

Todos os episódios

×
 
Loading …

Välkommen till Player FM

Player FM scannar webben för högkvalitativa podcasts för dig att njuta av nu direkt. Den är den bästa podcast-appen och den fungerar med Android, Iphone och webben. Bli medlem för att synka prenumerationer mellan enheter.

 

Snabbguide