An Introduction to the Newest Addition to the OWASP Top 10
Jeff Williams, Ryan Berg at AppSec USA 2013
This panel of industry experts will dissect the new OWASP A9 guidelines that look at the widespread use of insecure open source libraries in today's modern application development. Executives from Sonatype, will offer exclusive component usage data from the Central Repository -- the industry's largest source of open-source components receiving 8 billion requests annually. With its deep history as leaders in open source development, Sonatype can also share with attendees its unmatched knowledge of open source development practices. Jeff Williams, CEO of Aspect Security and founding member of OWASP, will offer best practices and advice to organizations looking to revamp their software assurance policies. Lastly Jim Routh, the head of application and mobile security at Citibank will share with attendees the real-world challenges and resolutions faced by the financial institution in mitigating risk in agile, component-based development.
Together, the panel will address the following key points and offer attendees important takeaways to jumpstart A9 compliance, including: • How software assurance is now largely incompatible with modern development and why new approaches to security must provide developers with immediate feedback on security context to act as the new frontline of defense;
• How to inform component choice throughout the development lifecycle, including how to pinpoint flaws early and how to deploy flexible remediation options for flawed components
• How to build-in component security and risk mitigation into the development process that can also be used by non-security experts; and
• How new security and risk mitigation approaches must be continuous to address ongoing threats in real-time and to ensure sustaining trust between development, risk management and the application end-user.
Speakers
Ryan Berg
Chief Security Officer, Sonatype
Ryan is the Chief Security Officer at Sonatype. Before joining Sonatype, Ryan was a co-founder and chief scientist for Ounce Labs which was acquired by IBM in 2009. Ryan holds multiple patents and is a popular speaker, instructor and author, in the fields of security, risk management, and secure application development. Prior to Ounce Labs, Ryan co-founded Qiave Technologies, a pioneer in kernel-level security, which later sold to WatchGuard Technologies in 2000.
Jeff Williams
CEO, Aspect Security
Jeff is a founder and CEO of Aspect Security and recently launched Contrast Security, a new approach to application security analysis. Jeff was an OWASP Founder and served as Global Chairman from 2004 to 2012, contributing many projects including the OWASP Top Ten, WebGoat, ESAPI, ASVS, and more. Jeff is passionate about making it possible for anyone to do their own continuous application security in real time.
Together, the panel will address the following key points and offer attendees important takeaways to jumpstart A9 compliance, including: • How software assurance is now largely incompatible with modern development and why new approaches to security must provide developers with immediate feedback on security context to act as the new frontline of defense;
• How to inform component choice throughout the development lifecycle, including how to pinpoint flaws early and how to deploy flexible remediation options for flawed components
• How to build-in component security and risk mitigation into the development process that can also be used by non-security experts; and
• How new security and risk mitigation approaches must be continuous to address ongoing threats in real-time and to ensure sustaining trust between development, risk management and the application end-user.
Speakers
Ryan Berg
Chief Security Officer, Sonatype
Ryan is the Chief Security Officer at Sonatype. Before joining Sonatype, Ryan was a co-founder and chief scientist for Ounce Labs which was acquired by IBM in 2009. Ryan holds multiple patents and is a popular speaker, instructor and author, in the fields of security, risk management, and secure application development. Prior to Ounce Labs, Ryan co-founded Qiave Technologies, a pioneer in kernel-level security, which later sold to WatchGuard Technologies in 2000.
Jeff Williams
CEO, Aspect Security
Jeff is a founder and CEO of Aspect Security and recently launched Contrast Security, a new approach to application security analysis. Jeff was an OWASP Founder and served as Global Chairman from 2004 to 2012, contributing many projects including the OWASP Top Ten, WebGoat, ESAPI, ASVS, and more. Jeff is passionate about making it possible for anyone to do their own continuous application security in real time.