Agenda:
6:00-6:30pm - Gather and mingle
(Food & Beverages provided courtesy of sponsor)
6:30-7:15pm - Looking for your keys under the street light – potential pitfalls of a top N vulnerability list
7:15-7:35pm - Turbo Talk: A Tactical Guide to Phở
10'ish minute break
7:45-8:30pm - Performance Management and Security: Friends or Foes?
Talk 1: Looking for Your Keys Under the Street Light – Potential Pitfalls of a Top N Vulnerability List
Abstract:
The OWASP Top Ten represents a broad consensus about the most critical web application security issues found on the web today. Many organizations use these as their "most wanted" list, but how often do they align with an organization's bug priorities? Top N vulnerability lists may initially appear to be interesting data sets, but they often open more questions than they answer and may lead to stagnation if not updated periodically.
Cigital has gathered reports from application security assessments performed over the last year, and compared the data with this industry leading benchmark. In this presentation, we will discuss our observations and share the lessons that we learned. The discussion will also include a close correlation and comparison of the data identified against the top 10 OWASP vulnerabilities found in web applications.
Bios:
Sudeeptha Adgal is a Software Security Professional with over three years of experience in security. As security consultant at Cigital Inc.'s Assessment Center (CAC) for managed services, Sudeeptha performed web and mobile application security testing by utilizing proficiency in automated as well as manual ethical hacking techniques. Sudeeptha was also responsible for providing technical oversight to clients and leading groups of security professionals. A transition from managed to professional services in May 2015 led to the diversification and enhancement of responsibilities as a security consultant and a team player.
Matt Reeder is a Senior Security Consultant with Cigital. Having started in systems administration and development before transitioning into application security, he has a broad background in technology. He specializes in penetration testing and has experience testing everything from web applications to operating systems or embedded devices.
