Prezi

Present Remotely

Send the link below via email or IM

Copy

Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in the manual

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.

DeleteCancel

Make your likes visible on Facebook?

Connect your Facebook account to Prezi and let your likes appear on your timeline.
You can change this under Settings & Account at any time.

No, thanks

Your Framework Will Fail You - OWASP Edition

Slight variation on the initial presentation for the OWASP EU Tour event in London June 2013
by Rory McCune on 7 June 2013

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of Your Framework Will Fail You - OWASP Edition

Your Framework is Going to Fail You What this talk is NOT about Details of Security Flaws in Frameworks What This Talk Is About Threats you might face
Practical ways to improve your security
Defence in depth Network IDS Server Framework Code Policy About Me IT/Information Security/Security Testing for "some" years
OWASP Scotland Chapter Leader Why your Framework Will Fail You Expectations Gap Why Does This Matter? The Internet is a Dangerous Place Random Noise Financial Attackers Espionage Hacktivists Users So what can we do about it? Image Credit "*Psycho Delia*"
http://www.flickr.com/photos/24557420@N05/4278720370/in/photostream/ Image Credit - jasonwoodhead23 - http://www.flickr.com/photos/woodhead/6958410912/ Egress Filtering Network Segmentation NIDS NIPS HIDS
Hardening MAC
WAF Monitoring Reviews? Incident Response More Incident Response! Passwords 2FA Tools AppIDS A Tale of Two Companies Low Budget/Risk High Budget/Risk So how Do I get Budget for all this? The Good way - Convince budget holders of the importance :) The bad way - Wait for a breach The future way - Regulation Questions? Twitter - @raesene
E-Mail - rory.mccune@owasp.org
Blog - http://blog.scotsts.com Image Credit - "Jim Lindwood"
http://www.flickr.com/photos/brighton/2153602543/sizes/o/in/photostream/ Conclusion Changing Threat profiles are increasing risks Defense in Depth is becoming a requirement It's possible to implement useful controls without them being a "silver bullet"
See the full transcript