Don’t Write Your Own Security Code: The OWASP Enterprise Security API

From OWASP
Revision as of 01:17, 25 February 2009 by Sbarnum (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

The Presentation: "Don’t Write Your Own Security Code: The OWASP Enterprise Security API"

Application security is arguably the most difficult IT challenge facing organizations today. Chasing the 700 types of common weaknesses with scanners and static analysis is a losing proposition. Rather than chasing after these vulnerabilities, developers can address almost all of these problems with a set of 10 to 12 strong centralized security controls. To make it easier for developers to establish these controls, the Open Web Application Security Project (OWASP) has created a clean, intuitive, and open-source toolbox of the core security building blocks that every web developer needs. In this talk, Jeff will show you how to create an ESAPI for your organization that will solve the OWASP Top Ten vulnerabilities, increase assurance, and dramatically cut costs all at the same time.

The Speaker: Jeff Williams

Jeff Williams is the founder and CEO of Aspect Security, specializing exclusively in application security risk management services. Jeff also serves as the volunteer Chair of the Open Web Application Security Project (OWASP). Jeff has made extensive contributions to the application security community through OWASP, including writing the Top Ten, WebGoat, Secure Software Contract Annex, Enterprise Security API, OWASP Risk Rating Methodology, and starting the worldwide local chapters program. Jeff has spent 20 years in security, and for the last 10 has focused on securing enterprise Java applications. He also wasted four years and a ton of money on a law degree from Georgetown that he doesn’t use.


back to Presentation Agenda