UPDATE: We have had to move the meetup a day backwards to Wednesday the 14th of June. Sorry for the confusion :( Also please update your RSVP if you can no longer make it so others can come along as we have almost reached capacity!
Core application security principle: Defence in Depth suggests that to build resilient software - there should be multiple layers of defence. In case one fails, the other will work, minimising the overall risk to the application and your users.
However, real-world software with budget and timeline pressures is a fine balancing act of compromises and risk taking. So how do you know which controls must be implemented and which can be left out?
How many do you need, to be secure?
What are some examples of bad design decisions that diminishes the underlying secure architecture in the long run?
This month, Liam will walk us through some real world examples and answer these questions and more.
Pizza, beer and soft drinks will be provided. Please RSVP if you can make it.
- Pizza - 6:00pm - 6:30pm
- Presentation - 6:30pm - 7:30pm
- Socialising - 7:30pm till 9pm
We all want our systems to be secure. But what makes a good security control? How do we choose which controls to implement, and how do we fit them together to create secure systems? Using lessons learned from security engineers who plied their trade many centuries ago, a framework for evaluating and implementing security controls will be assembled and then applied to a series of technical case studies.
Liam (https://twitter.com/liamosaur) is the Principal Consultant at Assurance, a boutique penetration testing company based in Melbourne. Liam has previously worked as a security engineer and software engineer before switching from making to breaking.
The Zendesk office is on the corner of Queen Street and Collins Street Melbourne. Doors to the meetup will be open on the Queen’s Street side. If you are locked out or having issues finding the place, email or Slack us and we will guide you :)
- Serge (serg [at] owasp [dot] org)
- Julian (julian [dot] berton [at] owasp [dot]] org)
- Slack - https://owasp.herokuapp.com/ (@jberton or @sergicles)