Difference between revisions of "Podcast 55"

From OWASP
Jump to: navigation, search
m (Created page with ''''OWASP Podcast Series #55''' OWASP DC Roundtable with Boaz Gelbord, Jason Lam, Jim Manico and Jeff Williams<br/> Published November 26, 2009<br/> [http://i…')
 
m
 
Line 1: Line 1:
 
'''[[OWASP_Podcast|OWASP Podcast Series]] #55'''
 
'''[[OWASP_Podcast|OWASP Podcast Series]] #55'''
  
OWASP DC Roundtable with Boaz Gelbord, Jason Lam, Jim Manico and Jeff Williams<br/>
+
OWASP Roundtable with Boaz Gelbord, Jason Lam, Jim Manico and Jeff Williams<br/>
 
Published November 26, 2009<br/>
 
Published November 26, 2009<br/>
  

Latest revision as of 00:06, 27 November 2009

OWASP Podcast Series #55

OWASP Roundtable with Boaz Gelbord, Jason Lam, Jim Manico and Jeff Williams
Published November 26, 2009

itunes.jpg Feed-icon-32x32.png mp3

Topics

This podcast is based on the blog post "Overcoming Objections to an Application Security Program" by Jeremiah Grossman at http://jeremiahgrossman.blogspot.com/2009/08/overcoming-objections-to-application.html

  • "There have been no security problems in the past, nor is there any evidence we’ll be attacked in the future."
  • "Security is an IT problem. They have firewalls, patch & configuration management systems, and SSL currently in place protecting us."
  • "We need new features first and there is no discretionary budget left to allocate towards security."
  • "Hackers can't break in because our Web application can't be accessed externally."
  • "We outsource our software development and the vendor is responsible for making sure the code is secure."
  • "We use penetration-testing services. We fix or accept the risk of any issues found, which keeps us safe."
  • "We passed our most recent compliance audit and not required to do anything more."
  • "We trust our developers and they already know how to develop secure code after completing the training course."
  • "We already have scanning tools. Doing more will slow down the development process, inhibit innovation, and add large unnecessary costs."