Jump to: navigation, search


09 December 2011 14:00 - 16:00


ANZ, 833 Collins St, Docklands, Melbourne VIC 3008

Room Location: Core C

Please ask about OWASP at reception and they will direct you to the room (room: Core C).

The easiest way to get there is to hop on the tram number 48 or 11, on Collins St and go right to the end of Collins. Alternatively, walk down Collins St this is a walking distance . This will be the last stop.


Jacob West


Creating secure code requires more than just good intentions

Programmers need to know how to make their code safe in an almost infinite number of scenarios and configurations. Static source code analysis gives users the ability to review their work with a fine-tooth comb and uncover the kinds of errors that lead directly to vulnerabilities. This talk frames the software security problem and shows how static analysis is part of the solution.

Highlights include:

- The most common security shortcuts and why they lead to security failures
- Why programmers are in the best position to get security right
- Where to look for security problems
- How static analysis helps
- The critical attributes and algorithms that make or break a static analysis tool
- The future of Secure Software

We will look at how static analysis works, how to integrate it into the software development processes, and how to make the most of it during security code review. Along the way we'll look at examples taken from real-world security incidents, showing how coding errors are exploited, how they could have been prevented, and how static analysis can rapidly uncover similar errors.

About the speaker

Jacob West is the Director of Security Research at Fortify Software where his team is responsible for building security knowledge into Fortifys products.

Jacob brings expertise in numerous programming languages, frameworks and styles together with knowledge about how real-world systems can fail. Before joining Fortify, Jacob contributed to the development of MOPS, a static analysis tool used to discover security vulnerabilities in C programs. In 2007, he co-authored a book with colleague Brian Chess titled “Secure Programming with Static Analysis”. When he is away from the keyboard, Jacob spends time speaking at conferences and working with customers to advance their understanding of software security.

Hope to see you all there.

OWASP Melbourne :)