Application Security Part 2: Building a Software Security Program
This session provides a comprehensive, flexible plan for baking security into the software development lifecycle. First off, we will talk about why you would want to do such a thing and how to get support for it. Then the discussion will turn to the practical aspects of planning and implementing a secure SDLC, covering all aspects of people, process, and technology.
Last and probably most important, we present ideas to help you avoid having your shiny new program ignored by the development team. If you are serious about producing secure software, this talk is for you.
About Dean H. Saxe
Dean H. Saxe is a Managing Consultant at Foundstone, A Division of McAfee, where he is responsible for conducting web application penetration testing, threat modeling, code reviews, secure software development lifecycle (S-SDLC) design and implementation, and project management. Prior to joining Foundstone, Dean spent more than 8 years developing web application in Java and ColdFusion in a variety of industries. While working in the banking sector, Dean's interest in application security was sparked and has grown steadily over the past five years. Dean also provides client education services as a lead instructor of these Foundstone courses: Building Secure Software, Writing Secure Code: Java/J2EE, and Writing Secure Code: ColdFusion. Dean holds the CISSP and Certified Ethical Hacker designations.
When not working, Dean enjoying hiking, cooking, homebrewing and traveling the world.
More About Dean H. »