Date: Thursday, 17th March 2016, 19:00
Location: Cray - Broad Quay House, Broad Quay, Bristol BS1 4DJ, Bristol
Event sponsors: Cray Supercomputers
- 7:00pm - Social
- 7:25pm - OWASP updates / Speakers intro
- 7:30pm - Presentation 1: Dinis Cruz - "New Era of Software with modern Application Security"
- 8:15pm - Presentation 2: Scott Alexander-Bown - "Android app security on a shoestring budget"
Presentation 1: New Era of Software with modern Application Security
Abstract: This presentation will start with an overview of the current state of Application Insecurity (with practical examples). This will make the attendees think twice about what is about to happen to their applications. The solution is to leverage a new generation of application security thinking such as: TDD, Docker, Test Automation, Static Analysis, cleaver Fuzzing, JIRA Risk workflows, Kanban, micro web services visualization, and ELK. These practices will not only make applications/software more secure/resilient, but it allow them to be developed in a much more efficient, cheaper and productive way.
Bio: Dinis is focused on creating Application Security teams and providing Application Security assurance across the SDL (from development, to operations, to business processes, to board-level decisions). His focus is in the alignment of the business’s risk appetite with the reality created by Applications developed internally, outsourced or purchased. He is also an active Developer and Application Security Engineer focused on how to develop secure applications. A key drive is on 'Automating Application Security Knowledge and Workflows' which is the main concept behind the OWASP O2 Platform.
Presentation 2: Android app security on a shoestring budget
Abstract: Even with all the time & budget in the world you can't make a completely bulletproof app, so how do you stand a chance with a real world app? Real world apps have limited budget, are short on time and the task priorities are often decided by the security oblivious client/project managers.
So what can we developers do to increase our app’s security and help protect our professional reputation? Where should we focus our app security effort? Isn’t security really difficult? and what gives us the biggest bang for our buck?
We will answer these questions and show that improving your security need not be technically challenging or time consuming. Also I’ll illustrate that it doesn’t necessarily need buy-in from stakeholders.
We’ll be using commercially viable open source libraries to level up your app’s network verification, tamper protection, device integrity checks and more! while keeping in mind a shoestring budget!
Many of the presented security protection techniques can be applied to iOS apps too, however the focus and examples will be Android.
Bio: Scott is a Lead Android Developer and co-author of the Android Security Cookbook. Founder of SWmobile, a mobile developer focused meetup.com group with 650+ members. Creator of several open source Android security libraries. Enjoys spending time with his young family, running, Mexican food, Belgium beer and reading.