Application Security Part 1: Stop the Bleeding

This session is geared for those who are ready to take the first steps towards securing their applications with minimal cost and effort. Most development teams know that they have not given security the attention it deserves, but also don't know where to begin. Should you run a scanning tool, go to security training, or just bury your head in the sand and pretend everything is OK?

A few simple activities are introduced that will pay big dividends for the security of your applications. One size does NOT fit all, and this session will enable you to spend your time and money where it will make the most difference. Peripheral issues are also addressed, such as obtaining management support and working with your IT security department.

About Roman Hustad

Roman is a Principal Software Security Consultant at Foundstone, a small division of McAfee that provides security assessment, training, and software design services to corporate and government organizations around the world. After spending most of his life building software, now he figures out ways to break it through penetration testing, threat modeling, and code review. On the proactive side, he leads software design sessions, teaches Java security courses, and participates in the Hacme Books open-source project. In his ever-dwindling spare time Roman enjoys mountaineering, scuba diving, and other outdoor pursuits.

More About Roman »