OWASP Conference slides up

May 24th, 2007

Comments: 0
Category: General Security

OWASP Conference slides up

Looks like the slides are up for most of the OWASP conference presentations over here
A couple that I thought were particularly interesting were
Alex Lucas on the Microsoft SDL which gave some good insight on all the work that Microsoft are putting into improving the security of Vista. I’ve never been a huge Microsoft fan but they’re definately moving in the right direction on the security issue.
Also Brian Chess on static source code review. This one gives some good insight into what static source code analysis can and can’t do for a security review. It looks to me like Fortify and Ounce will be moving into the same kind of space that SPI, Cenzic and Watchfire are in for web application testers. No-one thinks you can just run those tools and call it a day, but they’re pretty valuable in improving the coverage of the test and catching certain classes of vulnerability, leaving the tester to focus on things like business logic flaws that automated tools can’t find.

Add a comment

Your email address will not be shared or published. Required fields are marked *