OWASP ESAPI AppSecDC
Application security is arguably the most difficult IT challenge facing organizations today. Chasing the 700 types of common weaknesses with scanners and static analysis alone is a losing proposition. Rather than chasing after these vulnerabilities, developers can address almost all of these problems with a set of 10 to 12 strong centralized security controls. To make it easier for developers to establish these controls, the Open Web Application Security Project (OWASP) Enterprise Security API (ESAPI) project has created a clean, intuitive, and open-source set of security controls across the most popular web platforms, including Java, .NET, PHP, Python, Cold Fusion, and ASP.NET. In this talk, Jeff will show you how to create an ESAPI for your organization that will solve the OWASP Top Ten vulnerabilities, increase assurance, and dramatically development and verification cut costs all at the same time.
Jeff Williams (full bio) is the founder and CEO of Aspect Security, specializing exclusively in application security professional services. Jeff also serves as the volunteer Chair of the Open Web Application Security Project (OWASP). He has made extensive contributions to the application security community through OWASP, including writing the Top Ten, WebGoat, Secure Software Contract Annex, Enterprise Security API, OWASP Risk Rating Methodology, and starting the worldwide local chapters program. If nothing else, Jeff is probably the tallest application security expert in the world and likes nothing better than discussing new ideas for changing the way we build software.