What's Next? Strategies for Web Application Security
What's Next? Strategies for Web Application Security, YM Chen (Director, McAfee Foundstone) (50 min)
With vulnerabilities like SQL injection that were identified over one decade ago, we still found over half a million websites vulnerable to this vulnerability on the Internet today. Automated tools are now available, but they only identify a limited set of vulnerabilities; for example cannot identify vulnerabilities associated with authorization or business logical flaws in today's web applications. The speaker will use OWASP Top 10 to discuss what we're doing wrong about Web Application Security, with many case studies seen on the field. He will attempt to identify what have been done in WebApp Security, what worked, what didn't, and what is needed. He will then move on to propose some possible strategies or directions for different actors in the Web Security Ecosystem in the future.