Difference between revisions of "AppSecEU08 The OWASP ESAPI project"

From OWASP
Jump to: navigation, search
(New page: Enter topic details here. OWASP wiki (or external) links can be put up here as well. Don't forget the speaker bio!)
 
(talk details for Owasp Europe)
Line 1: Line 1:
Enter topic details here.
+
Here is ab abstract for the keynote...
  
OWASP wiki (or external) links can be put up here as well.
+
Software Security: State of the Practice 2008
  
Don't forget the speaker bio!
+
Using the framework described in my book “Software Security: Building Security In”---built around the three pillars of software security: risk management, the touchpoints, and knowledge---I will discuss and describe the state of the practice.  This talk is peppered with real data from the field, based on my work with several large financial services companies as a Cigital consultant.  Really, the software security field is just getting started, but we are making important forward progress, and the future looks bright.
 +
 
 +
URL http://www.swsec.com
 +
 
 +
Here is the other abstract
 +
 
 +
Exploiting Online Games
 +
 
 +
The talk, based on a book of the same title (co-authored by Greg Hoglund), exposes the inner workings of online game security for all to see, drawing illustrations from MMORPGs such as World of Warcraft to discuss:
 +
 
 +
*      Why online games are a harbinger of software security issues to come
 +
*      How millions of gamers have created billion dollar virtual economies
 +
*      How game companies invade your privacy
 +
*      Why some gamers cheat
 +
*      Techniques for breaking online game security
 +
*      How to build a bot to play a game for you
 +
*      Methods for total conversion and advanced mods
 +
 
 +
But ultimately this talk is about security problems associated with advanced massively distributed software.  With hundreds of thousands of interacting users, today's online games are a bellwether of modern software yet to come.  The kinds of attack and defense techniques I describe are tomorrow's security techniques on display today.
 +
 
 +
And here is BIO
 +
 
 +
BIO
 +
Gary McGraw, Ph.D.
 +
CTO, Cigital
 +
 
 +
company www.cigital.com
 +
podcast www.cigital.com/silverbullet
 +
blog www.cigital.com/justiceleague
 +
book www.swsec.com
 +
personal www.cigital.com/~gem
 +
 
 +
Gary McGraw is the CTO of Cigital, Inc., a software security and quality consulting firm with headquarters in the Washington, D.C. area. He is a globally recognized authority on software security and the author of six best selling books on this topic. The latest, Exploiting Online Games was released in 2007. His other titles include Java Security, Building Secure Software, Exploiting Software, and Software Security; and he is editor of the Addison-Wesley Software Security series.  Dr. McGraw has also written over 90 peer-reviewed scientific publications, authors a monthly security column for darkreading.com, and is frequently quoted in the press. Besides serving as a strategic counselor for top business and IT executives, Gary is on the Advisory Boards of Fortify Software and Raven White. His dual PhD is in Cognitive Science and Computer Science from Indiana University where he serves on the Dean’s Advisory Council for the School of Informatics.  Gary is an IEEE Computer Society Board of Governors member and produces the monthly Silver Bullet Security Podcast for IEEE Security & Privacy magazine.

Revision as of 12:17, 3 April 2008

Here is ab abstract for the keynote...

Software Security: State of the Practice 2008

Using the framework described in my book “Software Security: Building Security In”---built around the three pillars of software security: risk management, the touchpoints, and knowledge---I will discuss and describe the state of the practice. This talk is peppered with real data from the field, based on my work with several large financial services companies as a Cigital consultant. Really, the software security field is just getting started, but we are making important forward progress, and the future looks bright.

URL http://www.swsec.com

Here is the other abstract

Exploiting Online Games

The talk, based on a book of the same title (co-authored by Greg Hoglund), exposes the inner workings of online game security for all to see, drawing illustrations from MMORPGs such as World of Warcraft to discuss:

  • Why online games are a harbinger of software security issues to come
  • How millions of gamers have created billion dollar virtual economies
  • How game companies invade your privacy
  • Why some gamers cheat
  • Techniques for breaking online game security
  • How to build a bot to play a game for you
  • Methods for total conversion and advanced mods

But ultimately this talk is about security problems associated with advanced massively distributed software. With hundreds of thousands of interacting users, today's online games are a bellwether of modern software yet to come. The kinds of attack and defense techniques I describe are tomorrow's security techniques on display today.

And here is BIO

BIO Gary McGraw, Ph.D. CTO, Cigital

company www.cigital.com podcast www.cigital.com/silverbullet blog www.cigital.com/justiceleague book www.swsec.com personal www.cigital.com/~gem   Gary McGraw is the CTO of Cigital, Inc., a software security and quality consulting firm with headquarters in the Washington, D.C. area. He is a globally recognized authority on software security and the author of six best selling books on this topic. The latest, Exploiting Online Games was released in 2007. His other titles include Java Security, Building Secure Software, Exploiting Software, and Software Security; and he is editor of the Addison-Wesley Software Security series. Dr. McGraw has also written over 90 peer-reviewed scientific publications, authors a monthly security column for darkreading.com, and is frequently quoted in the press. Besides serving as a strategic counselor for top business and IT executives, Gary is on the Advisory Boards of Fortify Software and Raven White. His dual PhD is in Cognitive Science and Computer Science from Indiana University where he serves on the Dean’s Advisory Council for the School of Informatics. Gary is an IEEE Computer Society Board of Governors member and produces the monthly Silver Bullet Security Podcast for IEEE Security & Privacy magazine.