The Open Web Application Security Project (OWASP) is a worldwide not-for-profit charitable organization focused on improving the security of software. Our mission is to make software security visible, so that individuals and organizations are able to make informed decisions. OWASP is in a unique position to provide impartial, practical information about AppSec to individuals, corporations, universities, government agencies, and other organizations worldwide. Operating as a community of like-minded professionals, OWASP issues software tools and knowledge-based documentation on application security.
The OWASP Triangle Chapter is free for everyone. If you attend our meetups, you'll hear about all things application security, including how to build successful programs, latest vulnerabilities, tools to improve software security, and you'll get to network with a group of people that love improving the security of software.
OWASP does not endorse or recommend commercial products or services, allowing our community to remain vendor neutral with the collective wisdom of the best minds in software security worldwide. More information about OWASP can be found at http://www.owasp.org (http://www.owasp.org/).
Abstract: A secure application architecture not only prevents vulnerabilities in the initial release but also reduces the frequency of security issues being introduced into subsequent release candidates. Early OWASP Top 10 lists included buffer overflows as one of the most common vulnerabilities, but with the rise of type-safe languages those vulnerabilities became less common. Other security issues like Cross-Site Request Forgery are less common in microservice architectures and have fallen off the top 10 list as well which raises the question: By choosing certain languages, frameworks, and application runtimes can an app be designed from the beginning to have fewer recurring vulnerabilities? This presentation explores a secure application design to reduce common vulnerabilities in the context of a Docker/Kubernetes based application.
Shaun Lamb works as a Principle Application Security Architect at SAS Institute where he focuses on application, API, and container security. With a background in web application development, he aspires to design solutions that are easy for developers and administrators to apply security controls. Shaun holds a CSSLP and has presented at local conferences such as Triangle InfoSeCon (https://www.triangleinfosecon.com/) All Things Open (https://allthingsopen.org/) and will be presenting at InfoSec World (https://www.infosecworldusa.com/2020/conference-program) in Orlando in March.