AppSec DC Press and Themes

Posted November 2nd, 2009 by

So I’m working with the AppSecDC folks doing press relations amongst other things.  I’ve noticed several themes for the conference that might be of interest to the rest of the world.  Of course there’s the usual “The end is nigh, and not even Norton can save you!!!!!” stuff that’s been the staple of security conferences for the past 5 years or so (oh noes, teh Internetz are broken.  Again)

However, AppSecDC has another set of themes that are mostly unique to OWASP and AppSecDC in particular:

  • The OWASP Approach to Security: it’s not process/product, it’s education and outreach.  Thanks to Doug Wilson for this idea.  Basically with host and network security, the option is to buy stuff and throw it at the problem.  With application security, it’s “go out and touch a developer today” and “use ESAPI as a tool to help the developers write better and secure code more quickly”.  This is a new concept to the system integrator that I am, but I like it much better than my usual approach.
  • Government and Application Security: we’re about 5 years behind industry, how do we catch up?  To this effort, we have some notable Government speakers such as a keynote by Joe Jarzombek, Director for Software Assurance in the National Cyber Security Division of the U.S. Department of Homeland Security.
  • OWASP Top 10 2009/2010: This will be announced at AppSecDC with much w00tness and excitement.
  • OWASP National Summit: this will be held the day before the official conference.

Convinced you want to go?  Check out the conference site.

Similar Posts:

Posted in Odds-n-Sods, What Works | 1 Comment »

One Response

  1.  fin Says:

    there is a case where the tools here need to be on demand of every developer’s workstation.

    The first thing security groups do is restrict access on vulnerability tools.

    I think of it terms of spell checker. We used to give hard copy to editors to proofread. now spell checkers do it while we type. Code checking is done (some what in the compile/debug mode) sorta the same way. but for secure code the tools aren’t advanced (or even existing?) in the IDE.

    The writer spell/grammer checks their own copy. The coder secure checks their own code (especially for alert ) and doesn’t have to re-write when the application is in testing or worse production.

Leave a Comment

Please note: Comment moderation is enabled and may delay your comment. There is no need to resubmit your comment.

Visitor Geolocationing Widget: