ZEISS Digital User Group Berlin #02 – Application Security

Agenda

• 18:30 - Opening
• 19:00 - Cloud Application Development - Secure by design (Martin Nuß)
• 19:45 - Remote Code Infusion – Attack vectors and preventive measures (Gernot Hering, Lucas Braeschke)
• 20:30 - Get-together & networking

Cloud Application Development - Secure by design
To succeed in critical domains like healthcare and industrial solutions, cloud software needs to fulfil very high security and data privacy standards. A systematic approach towards understanding, implementing, and verifying security requirements throughout the product lifecycle is crucial. A clear set of roles, procedures and tools must accompany the development of cloud software which empowers dev teams to integrate security into their agile development framework.
Based on the generic model of the secure software development lifecycle, it will be explained how we at ZDI aim to implement security by design into agile software development. The concept of continuous threat modeling will be presented and it will be outlined which roles are required to enable it in agile teams.

Remote Code Infusion – Attack vectors and preventive measures
OWASP Top 10 2021 lists remote code infusion as one of the most serious security risks for applications. In this attack scenario, an attacker can inject and execute malicious code into an application. The consequences can be devastating, ranging from data loss and system failures to reputational damage and legal consequences.
In this talk, Gernot Hering and Lucas Braeschke will give an example of what such an attack can look like, how to deal with it and how to prevent it in the future.