Send the link below via email or IMCopy
Present to your audienceStart remote presentation
- Invited audience members will follow you as you navigate and present
- People invited to a presentation do not need a Prezi account
- This link expires 10 minutes after you close the presentation
- A maximum of 30 users can follow your presentation
- Learn more about this feature in the manual
Do you really want to delete this prezi?
Neither you, nor the coeditors you shared it with will be able to recover it again.
Make your likes visible on Facebook?
Connect your Facebook account to Prezi and let your likes appear on your timeline.
You can change this under Settings & Account at any time.
Your Framework Will Fail You - OWASP Edition
Rory McCuneon 7 June 2013
Transcript of Your Framework Will Fail You - OWASP Edition
Practical ways to improve your security
Defence in depth Network IDS Server Framework Code Policy About Me IT/Information Security/Security Testing for "some" years
OWASP Scotland Chapter Leader Why your Framework Will Fail You Expectations Gap Why Does This Matter? The Internet is a Dangerous Place Random Noise Financial Attackers Espionage Hacktivists Users So what can we do about it? Image Credit "*Psycho Delia*"
http://www.flickr.com/photos/24557420@N05/4278720370/in/photostream/ Image Credit - jasonwoodhead23 - http://www.flickr.com/photos/woodhead/6958410912/ Egress Filtering Network Segmentation NIDS NIPS HIDS
WAF Monitoring Reviews? Incident Response More Incident Response! Passwords 2FA Tools AppIDS A Tale of Two Companies Low Budget/Risk High Budget/Risk So how Do I get Budget for all this? The Good way - Convince budget holders of the importance :) The bad way - Wait for a breach The future way - Regulation Questions? Twitter - @raesene
E-Mail - email@example.com
Blog - http://blog.scotsts.com Image Credit - "Jim Lindwood"
http://www.flickr.com/photos/brighton/2153602543/sizes/o/in/photostream/ Conclusion Changing Threat profiles are increasing risks Defense in Depth is becoming a requirement It's possible to implement useful controls without them being a "silver bullet"